Eliminate cloud risks with autonomous AI agents.
Grade: B — Score: 80/100
Cortex Cloud leverages autonomous AI agents to dynamically resolve security risks across the entire cloud environment, from code to SOC. This technology enables organizations to stop attacks at machine speed, ensuring that defense mechanisms are proactive rather than reactive.
The platform unifies workflows across application security (AppSec), cloud security (CloudSec), and security operations (SecOps) on a single converged platform. This integration provides complete context and visibility, allowing security teams to operate efficiently without the silos that typically hinder response times.
By applying real-world context to security findings, Cortex Cloud enhances risk prioritization and response capabilities. Its innovative features, such as SmartGrouping and SmartScore, consolidate alerts and focus on actual risks, transforming cloud security from a reactive stance to a proactive defense strategy.
Cloud Posture Security: Contact sales for quote
Cloud Runtime Security: Contact sales for quote
Consider switching to CrowdStrike: Similar focus on cloud security with a strong emphasis on endpoint protection.
Cortex Cloud is the next generation of Prisma Cloud, announced in February 2025. Palo Alto Networks merged Prisma Cloud with Cortex CDR to create a single platform combining CNAPP and real-time threat detection on the Cortex platform. Existing Prisma Cloud customers receive an upgrade with all previous capabilities preserved, plus AI-powered risk prioritization, automated remediation, and native integration with Cortex XSIAM and Cortex XDR.
Cloud Posture Security and Cloud Runtime Security are both priced per workload on an annual subscription. One workload equals 1 VM, 10 managed containers, 25 serverless functions, 10 cloud buckets, 2 PaaS databases, or 10 SaaS users. The Application Security add-on is priced per developer, defined as each unique Git author email committing to protected repositories in the last 90 days. Usage is tracked on a 90-day average to smooth ephemeral spikes.
Cloud Posture Security is agentless, covering CSPM, CIEM, ASPM, DSPM, AI-SPM, Cloud ASM, KSPM, CI/CD Posture Management, and Agentless Workload Scanning. Cloud Runtime Security includes all Posture capabilities plus agent-based CDR, Cloud Workload Protection (CWP), and Web Application & API Security (WAAS). Runtime supports audit, flow, and DNS log ingestion, while Posture only includes audit logs. Both include 30 days of default data retention.
Cortex Cloud holds FedRAMP Moderate, SOC 2 Type II, ISO 27001/27017/27018/27701, PCI DSS, HIPAA, GDPR, CCPA, CSA Cloud Controls Matrix, and CMMC. Regional certifications include TISAX, Germany C5, IRAP (Australia), ISMAP (Japan), Cyber Essentials Plus (UK), and PBMM (Canada). The full list spans 20+ certifications on the Palo Alto Networks Trust Center.
Wiz is an agentless CNAPP focused on rapid deployment and graph-based risk visualization. Cortex Cloud provides both agentless posture management and agent-based runtime protection with real-time CDR, which Wiz does not offer natively. Cortex Cloud's main differentiator is native integration with the Cortex SOC platform (XSIAM, XDR, XSOAR), letting teams correlate cloud risks with endpoint detections in one investigation. If budget is the primary concern and CDR is not required, Wiz may cover core CNAPP at lower cost.
Cortex Cloud supports AWS, Microsoft Azure, Google Cloud, Alibaba Cloud, and Oracle Cloud Infrastructure. Cloud Attack Surface Management (ASM) automatically discovers unmanaged assets across these environments, with each 4 unmanaged services counting as one workload toward the license.
Cortex Cloud does not degrade or disable security when consumption temporarily exceeds purchased capacity. Usage is tracked on a 90-day average. If both Posture and Runtime licenses are active, excess Posture workloads spill over into available Runtime capacity without double-counting. If periodic reviews show sustained over-usage, Palo Alto Networks notifies the customer to purchase additional workloads.
Cortex Cloud natively integrates with Cortex XSIAM and Cortex XDR on the unified Cortex platform. Cloud findings, runtime telemetry, and posture data flow directly into SOC workflows. Logs can be forwarded to XSIAM for automated triage or to XSOAR for playbook-driven remediation, letting an analyst investigate a cloud misconfiguration, trace it to a compromised workload, and initiate containment from one console.