Safeguard
Cloud Security

Discover, protect and respond with AWS and Prisma Cloud

Prisma Cloud discovers, protects, and responds across AWS — but the framework starts after code is already built. Here's the AWS supply chain gap it leaves open, and how to close it.

Karan Patel
Cloud Security Engineer
8 min read

Prisma Cloud has spent the last two years building "Discover, Protect, and Respond" into its core pitch for AWS environments: agentless discovery across accounts, posture and workload protection, and response workflows tied into Cortex XSOAR. It is a coherent story, and for AWS-centric shops already inside the Palo Alto ecosystem, it works well enough. But "discover, protect, respond" describes cloud posture and runtime — it says almost nothing about what shipped into those AWS workloads in the first place. A Lambda function can be cleanly discovered, correctly protected, and instantly responded to, while still running a compromised npm package pulled in three dependency layers deep. That gap is where AWS-specific supply chain risk actually lives, and it is the gap most CNAPP deployments never close.

This post breaks down what Prisma Cloud's AWS integration actually covers, where the framework falls short for supply chain risk, and how Safeguard closes the loop for teams running AWS at scale in 2026.

What does Prisma Cloud actually discover in AWS?

Prisma Cloud's discovery layer is agentless snapshot scanning across EC2, ECS, EKS, Lambda, and RDS, refreshed on a scan cycle that typically runs every 4-6 hours for full-account sweeps and near-real-time for CloudTrail-driven config changes. Onboarding a new AWS account via the CloudFormation StackSet template takes 20-30 minutes, and a mid-sized account (2,000-5,000 resources) is typically fully indexed within 2-3 hours. That covers configuration drift, IAM policy sprawl, exposed S3 buckets, and network path analysis reasonably well — Prisma Cloud's rule library ships with over 900 out-of-the-box AWS-specific checks as of the 2026 releases.

What discovery does not cover is dependency-level provenance. Prisma Cloud's vulnerability scanning for container images and Lambda layers relies on package manifest matching against its own vulnerability feed, which is standard CVE matching, not SBOM-grade transitive dependency mapping with build provenance. A Lambda layer pulling in a typosquatted package, or an ECR image built from a base layer with an unsigned artifact, discovers as "clean" because the scan is checking known-CVE presence, not supply chain integrity. Discovery answers "what resources exist and are they misconfigured," not "what code actually built this and can I trust where it came from."

Where does Prisma Cloud's "protect" layer stop short for AWS workloads?

Prisma Cloud's protect layer stops at runtime enforcement and posture guardrails — it does not gate what enters your AWS environment before deployment. The Defender agent enforces runtime policies on EC2 and container workloads (process allowlisting, file integrity monitoring, network segmentation), and CSPM rules can block known-bad configurations like public S3 ACLs or overly permissive IAM roles with 0-24 hour remediation SLAs depending on severity tier. That is real protection, and for infrastructure misconfiguration it is genuinely effective.

For software supply chain risk specifically, protection is thinner. Prisma Cloud can flag a container image with a critical CVE at admission control via its Kubernetes admission webhook, but the equivalent control for Lambda deployment packages and CodeBuild/CodePipeline artifacts is limited — there's no native zero-CVE gate enforced in the CI stage before an artifact reaches ECR or the Lambda deployment package bucket. By the time Prisma Cloud sees the workload, the build has already happened, the dependency has already been pulled, and the artifact has already been signed off by whatever CI system produced it. Protection here is a checkpoint at the door, not a filter on what gets manufactured.

How fast is Prisma Cloud's "respond" workflow for AWS incidents?

Prisma Cloud's response workflow routes through Cortex XSOAR, and for customers already running that stack, mean time to triage on a critical CSPM finding is commonly cited in the 15-30 minute range for automated playbooks (IAM key rotation, security group lockdown, instance isolation). That is a strong number for infrastructure-layer incidents. Palo Alto reported in its 2025 platform updates that XSOAR playbook automation reduced manual triage steps by roughly 60% for customers running the full Cortex+Prisma stack.

The response gap shows up when the incident originates upstream, in the software supply chain rather than the runtime. If a compromised package (the pattern seen repeatedly through 2024-2025, including incidents like the XZ Utils backdoor and multiple npm account takeovers such as the September 2025 chalk/debug packages compromise) ends up baked into an AWS-deployed artifact, Prisma Cloud's response tooling can isolate the running workload once it's flagged, but it has no native mechanism to trace which other builds, repos, or deployed artifacts across your AWS estate pulled the same compromised dependency. That cross-artifact blast-radius question — "what else did we ship with this package" — sits outside the CNAPP's data model entirely, because the CNAPP was never tracking build-time provenance to begin with.

Why does AWS-specific supply chain risk need something beyond a CNAPP?

AWS-specific supply chain risk needs SBOM-level tracking because the attack surface for AWS workloads runs through CodeBuild, CodePipeline, Lambda layers, and ECR — none of which are fully modeled by posture-and-runtime tools. A 2025 Sonatype analysis put the volume of malicious open-source packages published in a single year at over 700,000, a number that has grown roughly 156% year over year since 2023. Every one of those packages is a candidate for silently entering an AWS build pipeline through a transitive dependency, and CNAPP tooling has no visibility into that pipeline stage.

Concretely: AWS CodeBuild projects pull dependencies at build time, often with network egress unrestricted by default unless explicitly configured with VPC isolation. A poisoned package published to npm or PyPI can be pulled into a build within minutes of publication, packaged into a Lambda deployment zip or container image, pushed to ECR, and deployed — and Prisma Cloud's first visibility into that artifact happens after it's already running, when the CNAPP snapshot-scans the deployed resource. The 20–30 minute onboarding window and 2-3 hour discovery cycle we described earlier is fast for posture, but it's entirely downstream of the moment the risk was actually introduced.

What does "AWS cloud security integration" actually require in 2026?

A real AWS cloud security integration in 2026 requires connecting three layers that CNAPPs typically leave separate: build-time SBOM generation, cloud-native posture data, and runtime signal, correlated into one prioritized view. Prisma Cloud covers the middle layer well and the third layer adequately. It does not natively generate or ingest SBOMs from CodeBuild/CodePipeline runs, and it has no reachability model that connects a vulnerable package to whether that code path is actually exercised in the deployed Lambda function or container.

That correlation gap has a measurable cost. Teams running CNAPP-only AWS security programs commonly report vulnerability backlogs in the tens of thousands of "critical" and "high" findings per account at scale, the large majority of which are never reachable or exploitable in the deployed configuration. Without reachability and build provenance layered onto the CNAPP's posture data, security teams triage by CVSS score alone, which is exactly the noise problem that has pushed CNAPP fatigue into a top complaint among AWS-heavy security teams surveyed through 2025 and into 2026.

How Safeguard Helps

Safeguard closes the gap Prisma Cloud's discover-protect-respond model leaves open for AWS environments by tracking software supply chain risk from the build stage forward, not just from the deployed-resource stage forward. We generate SBOMs directly from CodeBuild and CodePipeline runs, so every dependency that enters an ECR image or Lambda deployment package is recorded with provenance before it ever reaches a Prisma Cloud snapshot scan. Griffin AI correlates that SBOM data with reachability analysis, KEV signal, and exploitability context to cut critical-and-high backlogs down to the findings that are actually exercised in the running workload — turning tens of thousands of CVSS-ranked findings into a list measured in dozens.

Policy gates enforce zero-CVE and zero-malicious-package standards directly in CodePipeline, before an artifact is pushed to ECR or a Lambda layer is published, closing the exact window where a compromised package can silently enter an AWS build. When an incident does occur — a compromised package, a leaked credential, a newly disclosed CVE in a widely used dependency — Safeguard's cross-artifact tracing answers the blast-radius question natively: which repos, which builds, and which deployed AWS artifacts across your entire estate pulled the same dependency, in minutes rather than a manual audit across accounts. Used alongside Prisma Cloud, Safeguard covers the build-time half of AWS cloud security that discovery-and-runtime tooling was never designed to see, giving AWS-heavy security teams a single, provenance-backed answer to what's running, where it came from, and what to fix first.

Never miss an update

Weekly insights on software supply chain security, delivered to your inbox.