Users who access cloud environments can pose a significant threat if not continuously monitored for unusual activities that could signal possible credential or account compromise. Prisma Cloud continuously monitors and learns each user’s activities to identify what’s normal, and then alerts on any behaviors that deviate from that baseline.
Anomalous compute provisioning detection
Learn the normal behavior of each user to detect anomalous compute provisioning activities, indicative of either accidental resource misuse or more sinister attacks like cryptojacking
Insider threat detection
Discover suspicious behaviors such as excessive login failures that could signal compromised accounts, brute force attacks, and other behaviors that traditional security tools miss.
Suspicious user activity detection
Identify specific actions and surface correlated account data, both in real time and with historical context.