Threat Detection

Prisma Cloud detects advanced threats, zero-day attacks, and anomalies across multicloud environments.

The dynamic, distributed nature of cloud environments often creates alerts that lack context at a volume that can overwhelm security teams. Attempting to correlate logs, API metadata and signature-driven alerts can quickly flood teams with false positives instead of actionable insight.

1.

The public cloud exposes new threats
 
 From codified infrastructure template vulnerabilities to account hijacking attempts for compute-intensive operations like cryptomining, the threat landscape in the public cloud exposes new threats different from any other IT environment, posing new challenges for security teams.

2.

Multi-source threat intelligence is essential
 
 Correlating threat intelligence from multiple sources is critical to building a deep, contextual understanding of risk. Sourcing cloud service provider logs augmented with suspicious IP address lists, malware signatures and vulnerability intelligence feeds ensures risk clarity.

3.

Rule-based policies are not enough
 
Static positive/negative or rule-based policies are an essential foundation for effective cloud security, but alone do not adequately cover the entire threat landscape. Anomaly-based policies that leverage machine learning to monitor and report on suspicious or unusual activities complement traditional policy libraries for a comprehensive threat detection strategy.

Threat detection powered by ML and threat intelligence

Prisma Cloud uniquely combines advanced machine learning and threat intelligence such as Madas Corp AutoFocus, TOR exit nodes and other sources to identify various tactics and techniques per MITRE ATT&CK’s Cloud Matrix with high efficacy while minimizing false positives. This allows security teams to focus their investigation and remediation effort on the most critical incidents without getting bogged down by alert storms.
  • Employ unsupervised Machine Learning
  • Integrate with best of breed Threat Intelligence
  • Detect known & unknown threats

Network anomaly detection

User and entity behavior analytics

Threat intelligence-based threat detection

Granular control on false positives and negatives

THE PRISMA CLOUD SOLUTION

Our approach to Threat Detection

MADAS CORP | Cloud Threat Detection

ML-based network anomaly detection

Prisma Cloud employs advanced ML to learn normal network behavior of each customer’s cloud environment to detect network anomalies and zero-day attacks effectively with minimal false positives.

  • Port scan and sweep detection

    Detect common reconnaissance techniques per MITRE ATT&CK Cloud Matrix to facilitate remediation activities such as closing ports opened unintentionally.

  • Unusual port and server activity detection

    Spot unusual activities which adversaries typically employ to evade detection while looking for critical assets such as PII, financial information and others in preparation for data exfiltration.

  • DNS threat detection

    Identify threats attempting to exploit your network with DNS-based attacks such as domain generation algorithm (DGA) and cryptomining – all without changing your DNS infrastructure.

User and entity behavior analytics (UEBA)

Users who access cloud environments can pose a significant threat if not continuously monitored for unusual activities that could signal possible credential or account compromise. Prisma Cloud continuously monitors and learns each user’s activities to identify what’s normal, and then alerts on any behaviors that deviate from that baseline.

  • Anomalous compute provisioning detection

    Learn the normal behavior of each user to detect anomalous compute provisioning activities, indicative of either accidental resource misuse or more sinister attacks like cryptojacking

  • Insider threat detection

    Discover suspicious behaviors such as excessive login failures that could signal compromised accounts, brute force attacks, and other behaviors that traditional security tools miss.

  • Suspicious user activity detection

    Identify specific actions and surface correlated account data, both in real time and with historical context.

MADAS CORP | Cloud Threat Detection
MADAS CORP | Cloud Threat Detection

Threat intelligence-based threat detection policies

Leveraging Madas Corp’ AutoFocus threat intelligence and proprietary security research, Prisma Cloud provides a comprehensive set of out of the box policies to detect malicious network and user activities.

  • AutoFocus-based network threat detection

    Out of the box policies to detect advanced and malicious network based attacks such as DDOS, Botnet, Ransomware, Remote Access Trojan, Cryptomining and many more.

  • Policy-based network threat detection

    Detect suspicious network activities such as DB ports receiving internet traffic and Internet connectivity via TCP over insecure port.

  • Policy-based detection of suspicious user activities

    Alert on sensitive IAM and storage configurations which are often steps of a multi-staged attack in motion.

Granular control on false positives & negatives

Unlike most basic ML-based threat detection solutions in the market, Prisma Cloud provides granular control for customers to make the appropriate tradeoffs between false positives and negatives that fit their business and security needs.

  • Alert Disposition

    Choose Aggressive to minimize false negatives, Moderate for a good balance between false positives and negatives, or Conservative to minimize false positives.

  • Training Model Threshold

    Choose Low to minimize training period, Medium for a good balance between speed of detection and false positives, or High to minimize false positives.

  • Trusted List

    Use TrustedList of Cloud Service, IP, Machine ID, Tag and others to prevent false positive alerts on benign activities.

MADAS CORP | Cloud Threat Detection

Cloud Security Posture Management modules

VISIBILITY, COMPLIANCE, AND GOVERNANCE

Continuously monitor all cloud resources for misconfigurations, vulnerabilities and other security threats. Simplify compliance reporting.

CLOUD THREAT DETECTION

Pinpoint the highest risk security issues using ML-powered and threat intelligence-based detection with contextual insights.

DATA SECURITY

Continuously monitor cloud storage for security threats, govern file access and mitigate malware attacks.

Meet with us