Gain Visibility Into Your Shadow Cloud Assets

Cloud Discovery and Exposure Management (CDEM) leverages sophisticated machine learning technologies to continuously monitor the internet to provide you with an outside-in view of unmanaged (or shadow IT) assets that are publicly exposed on the internet and attributed to your organization.

CDEM enables your cloud security teams to actively discover unknown risks in all connected systems and exposed services, giving you a comprehensive view of your attack surface. With this improved visibility into your digital footprint, you can take action to reduce attack vectors and empower your security teams to win against adversaries.

1. Enable the subscription

Subscribe to CDEM and unlock the trial period. At the end of the trial period, you start using Prisma Cloud credits for your usage.
Prisma Cloud begins to scan the internet to find your web footprint. The discovery process can take a few hours (1-4) before you can view your exposure risks. Exposure is the sum of the different internet-facing points for cloud assets such as fully qualified domain names and/or IP addresses where an unauthorized user (the "attacker") can try to penetrate a network or compromise a system to conduct some type of cyberattack.

2. View your unmanaged Asset Inventory and Discovery and Exposure Management Dashboard

If you have ever worried about these issues:

• Do I have attributed inventory of my cloud infrastructure?
• Where do I have blind spots or unknown exposure to the internet in my cloud infrastructure?
• How do I manage security posture inspection during mergers and acquisitions?

CDEM helps you get answers. The Discovery and Exposure Management Dashboard displays exposed and unmanaged cloud assets, and highlights the top risks that require immediate attention.

Check the Unmanaged Assets Inventory to review the exposed asset details, including associated services, certificates, and domains. The information in the unmanaged asset inventory provides you with an attacker’s view of the infrastructure so that you can plan, prevent and contain potential exposure risks.

3. Review unmanaged assets

On Inventory > Unmanaged Assets, review the unmanaged asset distribution across different Cloud Service Providers.

If you have unmanaged resources on AWS, Azure, GCP, you can easily convert these assets (shadow IT assets) to managed and use Prisma Cloud for visibility and governance on these resources. The conversion enables you to secure your infrastructure and effectively govern and manage your internet-facing unmanaged assets using a consistent set of policy controls and compliance checks.

All you need to do is update the onboarding templates and enable the permissions for Prisma Cloud to access and monitor your cloud resources, for it to be managed. As soon as a cloud account is managed, all the enabled policies scan the account to detect vulnerabilities, misconfigurations, and compliance issues. You can use the Asset Inventory to review the security risks for the newly onboarded assets.

4. Monitor the dashboard

Review the Discovery and Exposure Management dashboard on a regular cadence to stay on top of what needs your attention. Prisma Cloud ingests the internet every 4 hours to detect any new unmanaged assets that can be attributed to your organization. Repeat this process to review and convert unmanaged assets to reduce risk from exposure and prevent a breach.