Do you have any of these problems?

1: I'm looking for a security-focused, guideline-compliant product

• Since it is difficult to visualize vulnerabilities in containers on your own, you want to quickly detect and deal with them using tools that comply with the guidelines.

CWPP automatically visualizes communication between containers as well as vulnerabilities and compliance status within containers.

• Suspicious behavior can be detected by the automatic analysis function by "modeling", so countermeasures can be taken at an early stage. (By adding Defender, Host and Serverless are also visualized)
• Security measures in line with industry best practices such as NIST SP 800-190 and CIS benchmarks are possible.

Provides the same security visibility and responsiveness for container environments as for normal server environments

Security department, development department

2: Frequent security checks to reduce development rework

• If a vulnerability is discovered after deployment, it will require a lot of rework, so we want to deal with it as close to the development stage as possible.
• I want to perform a security check before delivery to ensure the quality of the delivery of the development outsourced.

CWPP can be linked with CI/CD tools through plug-in and command line tools

• Scan container images in conjunction with CI/CD tools to identify security issues before deployment and minimize development rework
• Security quality at the time of delivery can be guaranteed by scanning container images at the development stage.

In addition to increasing security, the workload of the development department can be reduced.

Development Department, Operation Department

3: Difficult to deal with increasing number of containers

• Since it is difficult to deal with a container environment that rapidly increases and decreases manually, we want to maintain security by automating it as much as possible.

CWPP can automatically generate policies for blocks by “modeling” in addition to detection

• "Modeling" enables automatic control, enabling protection without the need for administrator intervention even in environments that continue to expand
• It is possible to automatically grasp and limit what kind of communication usually occurs and what kind of process is running by "modeling"

Enable automated defenses to safely scale even complex container environments

Development Department, Operation Department

What can Prisma Cloud (CWPP) do?

Prisma Cloud easily integrates security into your CI/CD workflows, registries, and running stacks.
We provide protection for the entire application cycle in public clouds, private clouds, and on-premises environments.

Prisma Cloud × LeanSeeks

Dealing with the large number of vulnerabilities detected by Prisma Cloud starting with the "really high-risk ones" is the key to efficiency.
LeanSeeks (vulnerability triage) SSVC-based triage solution that can immediately prioritize security vulnerabilities that are detected in large numbers and narrow down the vulnerabilities that really need to be dealt with. vulnerability countermeasures.

*SSVC is a vulnerability triage framework based on the presence and maturity of exploits by North American CISA.
https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc