Prisma Cloud

Enterprise Credit Guide

Prisma® Cloud Enterprise is a SaaS-delivered cloud-native application
protection platform (CNAPP). With this platform, security and DevOps teams
can effectively collaborate to accelerate secure cloud-native application
delivery from code to cloud.

The Prisma Cloud platform provides continuous visibility and threat prevention
throughout the application lifecycle across multicloud environments. Code
to Cloud™ coverage encompasses code, CI/CD pipeline, infrastructure,
workloads, data, AI pipelines, networks, web applications, identity, and APIs.
This coverage enables Prisma Cloud to address your organization’s security
needs at every step of your cloud journey. Plus, with over 4 billion cloud assets
secured and over 1 trillion cloud events processed daily, you can trust Prisma
Cloud to protect your cloud at any scale.

Prisma by Palo Alto Networks | Prisma Cloud Enterprise Credit Guide 1

Prisma Cloud Enterprise comprises product modules that provide distinct security capabilities. These product
modules offer organizations flexibility in where and how they secure their code and cloud environments.
Prisma Cloud product modules are consumed via credits, a universal capacity unit that all the modules
use. The Prisma Cloud Credits program offers the flexibility to use other modules as your organization’s
needs evolve, access new modules when they are introduced, and secure your code and cloud
footprints as they expand. Each product module requires a specific number of credits. Overall Prisma
Cloud usage is measured based on the aggregate number of credits used across modules.

Cloud Security Plans

Prisma Cloud Enterprise offers two plans that represent the recommended approaches for securing
cloud environments.
Cloud Security Foundations is ideal for customers looking for agentless visibility and compliance of
their multicloud code, build, deploy, and runtime environments.
Cloud Security Foundations offers:
• Agentless workload scanning
• Compliance management
• Infrastructure as Code (IaC) misconfiguration detection
• Least-privileged access enforcement
• Real-time threat and misconfiguration detection for IaaS and PaaS
This all comes via an agentless architecture.
Cloud Security Advanced includes the use case coverage of Cloud Security Foundations, plus the
flexibility of real-time and prevention-first security:
• Host, container, and serverless runtime security
• Web Application and API Security (WAAS)
Table 1 summarizes the security plans and their included modules.

Table 1: Prisma Cloud Security Plans and Included Modules

Prisma Cloud Capability Cloud Security Foundations Cloud Security Advanced
Visibility, Compliance and Governance Included Included
Agentless Workload Scanning (hosts, containers, serverless functions) Included Included
IAM Security Included Included
Infrastructure as Code Security Included Included
Host Security Available as add-on* Included
Container Security Available as add-on Included
Serverless Security Available as add-on Included
Web Application and API Security Available as add-on Included
Data Security Posture Management (DSPM) Available as add-on Available as add-on
AI Security Posture Management (AI-SPM) Available as add-on Available as add-on
Cloud Discovery and Exposure ­Management (CDEM) Available as add-on Available as add-on
Software Composition Analysis (SCA) Available as add-on Available as add-on
Secrets Security Available as add-on Available as add-on
CI/CD Security Available as add-on Available as add-on
Prisma Cloud Credit Requirements (for included modules) 2 credits†
5 credits‡
*
Table 2 lists the credit requirements of modules available as add-ons.
†
Per virtual machine (VM) running in public cloud accounts (e.g., Amazon EC2, Azure Virtual Machines, Azure Virtual Machine Scale Sets
[VMSS] VMs, Google Cloud Google Compute Engine [GCE], Alibaba Cloud ECS, Oracle Cloud Compute) protected by Prisma Cloud.
‡
Per VM running in public cloud accounts and private clouds protected by Prisma Cloud.

Prisma by Palo Alto Networks | Prisma Cloud Enterprise Credit Guide 2

Prisma Cloud Product Modules
Organizations can customize their Code to Cloud security coverage by using individual Prisma Cloud
product modules. Table 2 lists the credit requirements for individual modules.

Table 2: Prisma Cloud Product Modules and Credits

Prisma Cloud Product Module Credits
Visibility, Compliance, and Governance 1 per VM *

0.25 x Visibility, Compliance, and Governance

IAM Security credit usage
IaaS and PaaS data assets: 1 per asset†

Data Security Posture Management (DSPM) Database as a Service: 1 per TB of data volume†

SaaS: 0.1 per user†

AI Security Posture Management (AI-SPM) Included with DSPM
100 minimum or 0.25 x Visibility, Compliance, and
Cloud Discovery and Exposure Management Governance credit usage, whichever is greater‡
Host Security 0.5 per Host Defender deployed
5 per Container Defender deployed
Container Security
1 per App-Embedded Defender deployed
Serverless Security 1 per 6 serverless functions
2 per Defender deployed inline§
Web Application and API Security
2 per Defender in out-of-band mode
Infrastructure as Code Security 3 per developer||
Software Composition Analysis (SCA) 4 per developer||
Secrets Security 1 per developer||
CI/CD Security 3 per developer||
*
 irtual machines (VMs) refer to those running in public cloud accounts (e.g., Amazon EC2, Azure VMs, Azure Virtual Machine Scale Sets, Google
V
Cloud Google Compute Engine [GCE], Alibaba Cloud ECS, Oracle Cloud Compute) protected by Prisma Cloud.
†
Refer to Prisma Cloud technical documentation for the full list of supported IaaS, PaaS, SaaS, and Database as a Service data assets.
‡
CDEM requires a minimum of 100 credits.
§
In WAAS, each protection has an action defined as a user-selected operating mode. Inline WAAS requires a host, container, or App-Embedded
­Defender to be deployed. For inline WAAS, we have disable, alert, prevent, and ban modes. For out-of-band, we have the disable and alert modes.
||
A developer is an active Git committer (identified through their unique Git author email address) and has contributed to a code repository protected
by Prisma Cloud within the last 90 days.

Purchase and Use of Prisma Cloud Credits

You can purchase Prisma Cloud Credits from us, our channel partners, and various marketplaces, such
as AWS Marketplace. The credits are applied toward cloud security plans and standalone modules.
After the credits are loaded into your account, you can use them to enable ­Prisma Cloud plans and/or
individual product modules from within the Prisma Cloud console.

Prisma Cloud Credit Usage Measurement

Credit usage is measured every hour, except Data Security. It then rolls up to daily, weekly, monthly, and
quarterly averages for reporting. This prevents overages based on short-term bursts. On an aggregate
basis across all Prisma Cloud modules, if you use more credits than you purchased, our team will help
you procure more. For more details about credit usage measurement, see the Prisma Cloud License
Types page in our technical documentation.

3000 Tannery Way © 2025 Palo Alto Networks, Inc. A list of our trademarks in the United States and other
Santa Clara, CA 95054 jurisdictions can be found at https://www.paloaltonetworks.com/company/trademarks.html.
All other marks mentioned herein may be trademarks of their respective companies.
Main: +1.408.753.4000
prisma_prisma-cloud-enterprise-credit-guide_041125
Sales: +1.866.320.4788
Support: +1.866.898.9087

www.paloaltonetworks.com