Prisma: Secure DevOps

Make security integral to your DevOps process

Overview
DevOps-driven software development approaches are pervasive among organizations embracing the cloud. Unlike traditional
software development approaches, DevOps helps organizations shorten the time it takes to build and ship cloud applications.
Introducing security early in the software development lifecycle, along with continuous monitoring in production environments,
improves the overall security posture of cloud applications and reduces business risk.

The Challenge
Although there is increased awareness among cloud adopters to embed security early in the software development lifecycle, many
organizations are challenged to incorporate security with an automated approach. For these organizations, risk management is an
afterthought that begins once the software is in production, and thus innovation is often stifled and time to market slowed.

What You Need

Embedding security early in the software development lifecycle helps avoid risk and expedite software delivery through early detection
and remediation of vulnerabilities. This requires:
• Open APIs to make it easy to consume security services and integrate security checks early in your software development
lifecycle.
• Automated security checks of infrastructure as code (IaC) in your continuous integration/continuous deployment (CI/CD)
pipeline.
• Continuous monitoring of security and compliance from development to production to help mitigate risk.

The Right Approach

Prisma™ is the industry’s most complete cloud security suite for today and tomorrow. It accelerates your journey to the cloud by
providing unprecedented risk visibility as well as consistently governing access, protecting data, and securing applications.
Prisma helps organizations embed security early in the software development lifecycle and provides continuous monitoring, compliance
checks, and threat protection for your public cloud environments, spanning Google Cloud Platform (GCP™), Amazon Web Services
(AWS®), and Microsoft Azure®.

Prisma by Palo Alto Networks | Prisma: Secure DevOps | Brief 1

Further, Prisma helps reduce the attack surface as well as mean time to detect and resolve security issues—without impacting the
agility gained through DevOps approaches. It does so through a combination of services:
• Prisma Cloud Vulnerability Scan API scans container images and responds with all known common vulnerabilities and ­exposures
(CVEs) associated with the image. This service should be used in your development environment and CI/CD pipeline.

Prisma Cloud
Vulnerability scan API

2 2 3
SecOps

CI/CD

Developer Source code repository

Container image files

1. Download container images from container registries
1 1 DevOps 2. Scan container images for vulnerabilities

3. Continuous monitoring, compliance, and threat detection

with Prisma Cloud service

Container registry

Figure 1: Vulnerability Scan API

• Prisma Cloud IaC Scan API performs security checks for IaC templates, including Terraform®, CFT, and YAML files, against built-
in best practices and benchmarks. The service should be used to detect and fix unsecured configurations in your IaC templates
during the pre-deployment phase.

Prisma Cloud

2 3
SecOps

CI/CD

Developer Source code repository

1. IaC templates added to the CI/CD pipeline

IaC templates
2. IaC template scanning for unsecure configuration checks
3. Continuous monitoring, compliance, and threat detection
with Prisma Cloud service

DevOps
Figure 2: IaC Scan API

Prisma by Palo Alto Networks | Prisma: Secure DevOps | Brief 2

Prisma Cloud provides continuous monitoring, compliance validation, and cloud storage security capabilities across your multi-cloud
environments. It simplifies security operations through effective threat protection enhanced with comprehensive cloud context.

Prisma Cloud

Visibility Threat Automated

detection remediation

Figure 3: Continuous security with Prisma Cloud

Built for the Future

No matter where you are on your journey to the cloud, Prisma can help:
• Cloud-enabled mobile workforce
• Cloud-connected branch
• Zero Trust cloud security
• Cloud governance and compliance
• Cloud data protection
• Cloud threat protection
• Secure DevOps

To learn more about how Prisma can enable your key cloud initiatives, visit www.paloaltonetworks.com/prisma.

3000 Tannery Way © 2019 Palo Alto Networks, Inc. Palo Alto Networks is a registered
Santa Clara, CA 95054 trademark of Palo Alto Networks. A list of our trademarks can be found at
Main: +1.408.753.4000 https://www.paloaltonetworks.com/company/trademarks.html. All other
Sales: +1.866.320.4788 marks mentioned herein may be trademarks of their respective companies.
Support: +1.866.898.9087 prisma-secure-devops-sb-080619

www.paloaltonetworks.com