Prisma Cloud

Professional Services
Maturity Assessment
The Prisma Cloud Maturity Assessment is a no-cost service
consisting of a single technical information gathering session of
up to four (4) hours. There are predefined questions that look
at various elements of the customer’s environment for both
Prisma® Cloud and cybersecurity best practices.

Prisma by Palo Alto Networks | Prisma Cloud Professional Services Maturity Assessment | Datasheet 1
The goal of this assessment is to provide a best practice approach to properly deploy and/or adopt the
Prisma Cloud product into the customer’s environment. In addition, our technical team will provide
recommendations on how to embed the Prisma Cloud product into the customer’s cybersecurity eco-
system and processes. After completion of the assessment, the customer will be provided a customized
deliverable inclusive of product recommendations to operationalize Prisma Cloud, as well as Profes-
sional Services options to assist with accomplishing the recommendations listed in the deliverable.

Assessment Eligibility
Net new customers: Customers who have not purchased Prisma Cloud and are looking to purchase
4,000 licensing credits or more.
Existing customers: Customers who have already purchased Prisma Cloud, have a minimum of 4,000
licensing credits, and are consuming less than 20% of their credits.

Assessment Agenda
• Business/Process
• General cloud
• Cloud Security Posture Management (CSPM)
• Cloud Workload Protection (CWP)
• Cloud Application Security (CAS)
• Automation

Recommended Customer Audience

• Prisma Cloud tool owners
• Cloud asset owners
• Cloud security architects
• DevOps/DevSecOps teams
• Information security specialists
• CISOs/Security directors
• Compliance teams
• Ticket management teams
• Incident response teams

Prisma by Palo Alto Networks | Prisma Cloud Professional Services Maturity Assessment | Datasheet 2
Example Deliverable
The following are examples of the information contained in the assessment deliverable:

Question Observation/Notes

6. What requirements exist for scanning images/registries ECR, currently not scanning ECR
for vulnerabilities? Not currently using Trusted Images
7. What registries exist?

Recommendation:
[Customer] should ensure all their ECR container registries that are being used among the various development teams are
on boarded into Prisma Cloud and are being scanned for vulnerabilities and compliance related issues.
This feature of Prisma Cloud is very helpful as it can catch vulnerable images earlier on in the development cycle. In order to
further control image deployment, the [Customer] team should explore the benefits of using the “Trusted Images” feature of
Compute. In order to customize scan results of images, it is recommended to make use of custom vulnerability policies that
can adjust vulnerability threshold for alerting and blocking on vulnerable images. Prisma Cloud also lets you filter out base
image vulnerabilities from your scan reports. For more information, see the documentation for Base Image Vulnerabilities.

Figure 1: Sample assessment recommendation

Workstreams Phase 1 Phase 2 Phase 3

1 Account onboarding

2 Define vulnerability/
compliance policies usage

3 Malware detection, user and

entity behavior analytics (UEBA)

4 Enhance alerting and

response process

5
Data security services/
data loss prevention

6 IAM module within CIEM

7 Third-party tool integration

AWS/Azure/ Utilization of RQL to Tuning the UEBA and Addressing IAM security
GCP/OCI Cloud migrate Azure native malware settings to detect concerns in AWS/Azure/
High-level accounts policies into Prisma Cloud unusual activity and GCP and detect/respond
Provide detailed
outcomes environments by configuring custom perform UEBA analysis to misconfigurations in
alerts to resource
onboarded, data policies and remediation owners by
CIEM best practices integrating with
ingestion initiated
tools like JIRA
Policy violation alerts are automatically routed to Protect data stored in and configuring
appropriate team for fast and effective remediation AWS/Azure from accidental rules to act on
by utilizing Alert Rules and Notification Templates exposure, misuse, or sharing actionable alerts

Figure 2: CSPM/CIEM/DLP deployment roundup: high-level timeline

To schedule a Prisma Cloud Maturity Assessment, contact your account manager.

3000 Tannery Way © 2023 Palo Alto Networks, Inc. Palo Alto Networks and the Palo Alto Networks logo
Santa Clara, CA 95054 are registered trademarks of Palo Alto Networks, Inc. A list of our trademarks can be
found at https://www.paloaltonetworks.com/company/trademarks.html. All other
Main: +1.408.753.4000 marks mentioned herein may be trademarks of their respective companies.
Sales: +1.866.320.4788 prisma_ds_prisma-cloud-professional-services-maturity-assessment_091423
Support: +1.866.898.9087

www.paloaltonetworks.com