Cloud Security

Cortex Cloud 2.0
Unified CNAPP + CDR

The industry's first unified cloud security platform — combining cloud-native application protection with cloud detection and response, all powered by autonomous AI.

Overview

From Prisma Cloud to Cortex Cloud

Prisma Cloud has evolved into Cortex Cloud — unifying CNAPP and CDR on the Cortex platform for complete code-to-cloud-to-SOC protection.

Why the Transition?

Cloud security used to live in a silo — Prisma Cloud for posture and workload protection, Cortex for detection and response. Cortex Cloud 2.0 breaks that wall down. Now CNAPP capabilities (CSPM, CWPP, CIEM, ASPM) live natively alongside CDR, sharing the same data lake, same AI engine, and same analyst workflow. The result: one platform that sees everything from code commits to runtime threats and responds autonomously.

Before

Prisma Cloud + Cortex XDR (separate)

Now

Cortex Cloud 2.0 (unified platform)

What's New in 2.0

Cortex Cloud 2.0 Features

AI-powered capabilities that redefine cloud security operations.

Autonomous AI Agents

Powered by AgentiX — AI agents that autonomously investigate, triage, and remediate cloud security issues without human intervention.

Performance-Optimized Agent

50% less resource consumption compared to previous generations. Lighter footprint, same deep visibility across workloads.

App Security Command Center

Unified dashboard for application security posture — visualize risk across code repositories, CI/CD pipelines, and running applications.

Cloud Security Command Center

Real-time operational hub for cloud infrastructure security — monitor posture drift, active threats, and compliance status at a glance.

SmartGrouping

Automatically consolidates related alerts and signals into unified cases — reducing noise and accelerating root-cause analysis.

SmartScore

Prioritizes findings by real-world exposure and exploitability — not just theoretical severity. Focus on what actually matters.

ASPM Module

Application Security Posture Management — continuous discovery and risk assessment of all application assets and their dependencies.

One-Click Remediation

Pre-built remediation playbooks that fix misconfigurations and vulnerabilities with a single click — no scripting required.

Natural-Language Automation

Describe what you want in plain English — AI generates and executes the automation scripts. No expertise in cloud APIs needed.

Deep Dives

Capability Deep Dives

Explore each Cortex Cloud capability in detail — click to expand.

SmartScore + SmartGrouping: SmartGrouping consolidates disjointed signals (misconfigurations, vulnerabilities, overly permissive IAM, sensitive data exposures) into holistic cases with a shared corrective path — reducing manual workflows by up to 25x. SmartScore then prioritizes each case based on real-world exposure, blast radius, runtime exploitability, and data sensitivity — not just theoretical severity.

Key stats: FedRAMP High + Moderate (only CNAPP with both designations) • 50% agent resource reduction • CNAPP included free with CDR subscription

Continuous multicloud misconfiguration detection and compliance monitoring across AWS, Azure, GCP, and OCI environments. CSPM is the foundation layer of Cortex Cloud — every cloud resource is continuously assessed against security best practices and regulatory frameworks.

  • Automated compliance monitoring: CIS Benchmarks, SOC 2, PCI DSS, HIPAA, NIST 800-53, ISO 27001
  • Real-time drift detection with SmartGrouping-powered case correlation
  • Attack path analysis: maps how misconfigurations chain together to create exploitable paths

Runtime protection for VMs, containers, Kubernetes clusters, and serverless functions. Single unified Cortex XDR agent enriched with cloud-specific signals replaces the need for multiple point agents.

50% Resource Reduction

Performance-optimized agent (Cortex Cloud 2.0) with full/optimized modes — shift without reinstallation

Kernel + eBPF

Dual detection modes for both kernel-level and eBPF-based threat identification

MITRE ATT&CK #1

Industry-leading results in the most recent MITRE ATT&CK evaluation

Coverage: VMs, bare metal, Docker/containerd containers, Kubernetes (host + container), AWS Lambda, Azure Functions, GCP Cloud Functions. Millisecond telemetry processing turns raw signals into immediate actionable insights.

Identifies and remediates overly permissive IAM roles across cloud environments. With 75% of organizations running excessive cloud permissions, CIEM enforces least privilege across AWS IAM, Azure AD, and GCP IAM.

  • Automatic discovery of excessive permissions and lateral movement paths
  • Right-sizing recommendations based on actual usage patterns
  • Enhanced by CyberArk integration (post-acquisition) for combined PAM + CIEM enforcement

Discovers and classifies sensitive data exposure across cloud storage services (S3, Blob, GCS, databases). Maps data flows and identifies shadow data stores. Provides SmartScore-weighted risk prioritization based on data sensitivity, access permissions, and public exposure — so teams fix the highest-impact data risks first.

Full shift-left application security that traces runtime incidents back to the exact developer pull request and CI/CD commit that introduced them. The ASPM Command Center (Cortex Cloud 2.0) unites code, cloud, and runtime signals.

Secrets Scanning

CI/CD pipeline credential leak detection

SCA

Open source vulnerability identification

IaC Scanning

Terraform, CloudFormation misconfigurations

3rd-Party Aggregation

Semgrep, Snyk, Veracode, Checkmarx, SonarQube

SOC-grade threat detection for cloud workloads, natively integrated with Cortex XSIAM on the same data lake. Cloud threats are mapped to MITRE ATT&CK, with automated investigation and response in seconds — not hours.

  • Real-time cloud-specific attack pattern identification across VMs, containers, serverless
  • CNAPP included at no additional cost for every CDR customer
  • Attack path → source code commit tracing (runtime incident ← CI/CD commit ← developer identity)

Monitors the security posture of AI models and AI-powered applications across cloud environments. Part of Prisma AIRS (AI Runtime Security), AI-SPM discovers AI model deployments, assesses their security posture, monitors GenAI usage, and identifies risks like prompt injection, training data exposure, and model misuse. Integrated with KSPM for Kubernetes-hosted AI workloads.

Trained on over 1 billion real-world responses, AgentiX agents execute end-to-end autonomous remediation: link signals → calculate blast radius → recommend least-disruptive fix → execute. Every step is visible, auditable, and aligned with existing roles/permissions.

Exposed Storage Bucket

Links signals → blast radius → remediation → execution

Vulnerable Container

Auto-detect exposed key → recommend least privilege fix

Overpermissive Roles

Escalation risk identification → automated remediation

AgentiX Platform (Feb 2026, Cortex Symphony): 1,300+ playbooks • 1,100+ integrations • Built-in MCP support • XDL 2.0 processing >15 PB telemetry daily • Natural-language prompts generate custom automations

Capabilities

What Cortex Cloud Covers

Full-spectrum cloud security from code to runtime.

Cortex Cloud provides continuous posture management across three phases:

Code Security

IaC scanning, secrets detection, SCA, and license compliance — catch issues before they ship.

Cloud Security

CSPM, CIEM, and compliance monitoring across AWS, Azure, GCP, and OCI environments.

Runtime Security

Real-time workload protection, drift detection, and container/serverless security at runtime.

Cloud Detection and Response (CDR) brings SOC-grade threat detection to cloud workloads:

  • Real-time threat detection across VMs, containers, and serverless functions
  • Cloud-native XDR correlation with endpoint and network telemetry
  • Automated investigation and response via AgentiX AI agents
  • Integrated with XSIAM data lake for unified SOC operations

Cortex Cloud supports both native scanning engines and third-party integrations:

Native

  • • Vulnerability scanning
  • • IaC misconfiguration detection
  • • Container image scanning
  • • Secrets detection

Third-Party

  • • Qualys, Tenable integrations
  • • Rapid7 integration
  • • Custom scanner support
  • • Open-source tool ingestion

Cortex Cloud maps the entire software supply chain — from source code repositories through build systems to deployed artifacts. Detect tampering, vulnerable dependencies, and unauthorized changes across the full pipeline. Integrated SCA (Software Composition Analysis) identifies known CVEs in open-source components, while CI/CD pipeline monitoring ensures build integrity from commit to production.

Scoping

Sizing the Opportunity

Key dimensions to scope a Cortex Cloud engagement.

Cloud Accounts

How many cloud accounts across AWS, Azure, GCP, and OCI? Are they using a landing zone or account factory model?

Workloads

Total VM instances, container hosts, and serverless functions. What's the mix between IaaS, PaaS, and container-based workloads?

Kubernetes Clusters

Number of K8s clusters (EKS, AKS, GKE, self-managed). How many namespaces and pods are running in production?

Current CSPM/CWPP Tools

What are they using today? Wiz, Aqua, Lacework, native CSP tools? Identify overlaps and gaps for consolidation.

Compliance Frameworks

Which frameworks do they need to comply with? CIS Benchmarks, SOC 2, PCI DSS, HIPAA, FedRAMP, NIST 800-53, ISO 27001? Cortex Cloud supports automated compliance monitoring and reporting across these frameworks.

Discovery

Cloud Security Discovery Questions

Use these questions to uncover pain points and scope the opportunity.

Why ask: Surfaces whether they rely on native CSP tools (which are siloed per cloud) or have a unified CSPM solution. Cortex Cloud provides multi-cloud posture in a single pane.

Listen for: "We use AWS Security Hub / Azure Defender" — opportunity to consolidate. "We have Wiz" — position agent + agentless and CDR integration advantage.

Why ask: Most orgs have a blind spot between cloud posture (CSPM) and cloud threat detection (CDR). Cortex Cloud bridges this gap natively.

Listen for: "We'd have to check CloudTrail logs manually" — major gap that CDR fills. "Our SIEM handles it" — opportunity to show XSIAM integration.

Why ask: Tool sprawl is the #1 cloud security challenge. Most teams juggle 5-10 tools. Cortex Cloud consolidates CSPM + CWPP + CIEM + ASPM + CDR into one.

Listen for: Any number above 3 is an opportunity. Calculate potential TCO savings from consolidation — typically 20-40%.

Why ask: Uncovers the remediation workflow. One-click remediation and natural-language automation in Cortex Cloud dramatically reduce mean time to fix.

Listen for: "They file tickets and it takes weeks" — position automated remediation. "Security team fixes it themselves" — show how Cortex Cloud empowers dev teams directly.

Why ask: K8s security is a fast-growing need. Many orgs still lack runtime protection for containers. Cortex Cloud provides deep K8s visibility and admission control.

Listen for: "We only scan images at build time" — opportunity for runtime protection. "We use Aqua/Sysdig" — position unified platform advantage.

Why ask: Code-to-cloud is the holy grail — when a runtime issue is found, can you trace it back to the code that caused it? Cortex Cloud provides full lineage tracking.

Listen for: "No, we can't connect findings to source code" — this is Cortex Cloud's core differentiator vs. point products. Show the end-to-end visibility story.