Vulnerability Management

Find and fix vulnerabilities from code to cloud.

Every time a new security vulnerability surfaces, attackers race to find the vulnerable application to exploit its weakness. Organizations need a faster and easier way to uncover blind spots and prioritize vulnerabilities across applications in the cloud.

Read the vulnerability management checklist.

Inadequate visibility into cloud vulnerabilities.

Security and development teams don’t have visibility into vulnerabilities across their entire cloud estate and have difficulty understanding which resources the vulnerability affects.

Lack of risk context.

Not all vulnerabilities are created equal—some pose a significantly higher risk due to multiple risk factors, making it difficult to prioritize risk.

Inefficient remediation.

Security and development teams often have complex workflows to find the root cause of vulnerability, the appropriate fix and the application owner, making remediation more complex than it should be.

Manage and Prioritize Vulnerabilities from Code to Cloud

Prisma Cloud helps to uncover blind spots, prioritize vulnerabilities with context and manage remediation across your applications (VMs, Containers, Kubernetes®, serverless and open-source software).

Code to Cloud vulnerability management
Support for public and private cloud deployments
Agentless scanning and agent-based protection

Code to cloud visibility
Vulnerability management
Software composition analysis (SCA)
CI/CD integration

THE PRISMA CLOUD SOLUTION

Our approach to vulnerability management

Code to Cloud Visibility

Securing cloud-native applications requires a comprehensive view into vulnerabilities across the application lifecycle. Prisma Cloud delivers a centralized view into vulnerabilities across public cloud, private cloud and on-premises environments for every host, container and serverless function.

Code to cloud visibility
Gain visibility into all vulnerabilities across your environment — source packages, git repos, registries, deployed images, hosts and running applications.
Flexible deployment options.
Gain visibility into vulnerability across virtual machines, containers, kubernetes and serverless functions with agents and agentless scanning.100% continuous coverage for any application in any cloud environment.
Manage risk from a single UI.
Visualize risk across host OS, container images and serverless functions with intelligent risk scoring.

Learn more

Contextual Risk-Based Prioritization

Reduce alert fatigue and surface the vulnerabilities that should be prioritized. Correlate vulnerabilities with multiple risk factors, including external exposure, excessive permissions, misconfigurations, sensitive data and malware.

Attack path prioritization.
Minimize alert fatigue by correlating vulnerabilities with various risk factors, such as external exposure, cloud entitlements, secrets, misconfigurations, malware, and more, to highlight the vulnerabilities that should be prioritized.
Contextualize risk.
Eliminate up to 99% of noise by filtering vulnerabilities tied to active packages in use.
Find the root cause.
Trace the vulnerability back to the source code files and packages that led to the vulnerable workloads.

Remediate Vulnerabilities

Address and remediate vulnerabilities before they can be exploited by malicious actors through a systematic and proactive approach.

See vulnerability status with remediation guidance.
View every CVE with details and up-to-date vendor fix information, supporting all cloud-native technologies.
Remediate critical vulnerabilities.
Get context and remediation steps to developers to reduce friction and the meantime to remediate (MTTR).
Alert on or prevent vulnerabilities across environments.
Set precise policies to alert on or prevent vulnerable components from running on your environments.
Integrate data with your existing systems.
Integrate vulnerability alerts into common endpoints, including JIRA®, Slack®, PagerDuty®, Splunk®, Cortex® XSOAR™and ServiceNow®.

Learn more

CI/CD Integration

To secure cloud-native applications, security must be addressed before deployment and integrated across the application lifecycle. You can scale these efforts with a consolidated platform that integrates vulnerability scanning and hardens checks into the CI/CD workflow.

Support all your application components.
Scan Git repositories, container images, AMIs and serverless functions.
Integrate security into your CI/CD pipeline.
Continuously monitor container registries and explicitly define trustworthy images, registries and repositories.
Integrate with DevOps workflows.
Integrate with any continuous integration (CI) solution, such as Jenkins®, CircleCI®, AWS CodeBuild, Azure® DevOps, Google Cloud Build and more.
Prioritize risk from central dashboards.
View vulnerability information and compliance results, and vendor-fix information across build, deploy and run.
Surface scan results in developer tooling and central dashboards.
View scan results and details, both at their source and with an aggregated view.
Enforce security policies to prevent builds from moving forward in pipelines.
Control exactly what progresses through the development pipeline with centralized policies across the entire application lifecycle.

Learn more

Software composition analysis

Built on top of the most reputable vulnerability databases and connected to the industry’s most robust infrastructure policy database, Prisma Cloud Software Composition Analysis (SCA) surfaces vulnerabilities with the context developers need to understand risk and implement fixes fast. Prisma Cloud provides the breadth and depth of open source coverage you need to stop the next big vulnerability in its tracks:

Scan across languages and package managers with unmatched accuracy.
Identify vulnerabilities in open-source packages with support for popular languages and more than 30 upstream data sources to minimize false positives.
Leverage industry-leading sources for complete open-source security confidence.
Scan open-source dependencies wherever they are and compare them against public databases like NVD and the Prisma Cloud Intelligence Stream to identify vulnerabilities and surface important fix information.
Connect infrastructure and application risks.
Zero in on vulnerabilities exposed in your codebase to combat false positives and prioritize remediations faster.
Identify vulnerabilities at any dependency depth.
Ingest package manager data to extrapolate dependency trees to the furthest layer to identify open-source risk hidden from view.
Visualize and catalog your software supply chain.
Visualize your pipelines, code and all connections. Generate a software bill of materials to keep track of application risk and understand your attack surface.

Get the checklist

Prisma Cloud

Prisma® Cloud is the most complete cloud-native application protection platform (CNAPP) in the industry, providing the broadest security and compliance coverage for infrastructure, workloads and applications. This extensive protection spans the entire cloud-native technology stack, as well as the development lifecycle and multicloud and hybrid environments.