1. Overview

All network traffic is encrypted with TLS (https) for User to Console communication. Likewise, all Defender to Console communication is encrypted with TLS (WSS).

The Prisma Cloud database is not encrypted at rest, however all credentials and otherwise secure information is encrypted with AES 256 bit encryption.

If you require data at rest to be encrypted, then underlying persistence storage /var/lib/twistlock can be mounted with one of the many options that support this.