Prisma Cloud and AWS GuardDuty are key players in the cloud security sector. Prisma Cloud stands out due to its comprehensive multi-cloud security capabilities alongside AWS GuardDuty's strong threat detection features within AWS environments.
Features: Prisma Cloud offers robust multi-cloud security and compliance features, seamless integration for cross-environment functionality, dynamic runtime visibility, and automated forensics. AWS GuardDuty focuses on threat detection within AWS, analyzing VPC flow and DNS logs to identify malicious activity and providing smooth integration within the AWS ecosystem for unified threat management.
Room for Improvement: Prisma Cloud can improve user experience, simplify pricing, enhance API security, customize dashboards, and integrate threat intelligence better. AWS GuardDuty could enhance third-party tool integration, enrich threat intelligence data, and expand comprehensive threat detection across diverse AWS services.
Ease of Deployment and Customer Service: Prisma Cloud offers both multi-cloud and hybrid deployment options, though its technical support's responsiveness varies. AWS GuardDuty is easy to deploy within AWS environments, benefiting from generally responsive AWS support services, though support effectiveness can vary with incident urgency.
Pricing and ROI: Prisma Cloud's pricing is perceived as high, reflecting its extensive multi-cloud feature set, with organizations often justifying this cost due to the associated security and risk management benefits. AWS GuardDuty uses a pay-as-you-go model that is suited to AWS-centered setups, offering cost-effectiveness and transparent pricing structures beneficial for small businesses. Both solutions report a favorable ROI, yet Prisma's higher entry costs are justified by its extensive cloud security capabilities.
The detailed information PingSafe gives about how to fix vulnerabilities reduces the time spent on remediation by about 70 to 80 percent.
After implementing SentinelOne, it takes about five to seven minutes.
Cloud Native Security does offer ROI.
It eliminates the need for additional hardware, making it a financially and technically sound investment.
Reputation and data security are the two most important things to a financial institution.
We may have prevented a security breach with remediation of the findings.
When we send an email, they respond quickly and proactively provide solutions.
They took direct responsibility for the system and could solve queries quickly.
Having a reliable team ready and willing to assist with any issues is essential.
I rate technical support for AWS GuardDuty as ten out of ten; AWS has very good security support overall.
I appreciate the support for AWS; it is relatively fast, and their SLAs meet my needs.
They can respond with technical documentation or pass on the case to the next level because it requires the development of a new feature or changing a feature due to a bug.
Their technical support comes up with good solutions for every difficulty we face.
Their technical support comes up with great solutions.
I would rate it a 10 out of 10 for scalability.
Scalability is no longer a concern because Cloud Native Security is a fully cloud-based resource.
I would rate the scalability of PingSafe 10 out of 10.
It is designed to scale based on usage, which makes it very adaptable for varying demands.
It's very scalable and very easy to use.
The scalability is also a 10 out of 10.
We are growing extremely quickly, and Prisma Cloud provides all the required services without any need for us to do anything to scale.
It's a reliable solution that the organization is increasingly adopting for its robust features and security.
We contacted Cloud Native Security, and they addressed it in a day.
The only downtime we had was when switching from V1 to V2 but it was smooth.
The stability of GuardDuty is extremely reliable.
It is backed by machine learning, and AWS has strong machine learning models and the capacity to support this with advanced computing power.
I would rate it a ten out of ten for stability.
Prisma Cloud is a stable platform.
The solution is stable and is capable of covering large enterprises.
If they can merge Kubernetes Security with other modules related to Kubernetes, that would help us to get more modules in the current subscription.
As organizations move to the cloud, a cloud posture management tool that offers complete cloud visibility becomes crucial for maintaining compliance.
I would also like to see Cloud Native Security offer APIs that allow us to directly build dashboards within the platform.
A unified dashboard that aggregates findings across all regions without requiring manual aggregation could enhance convenience for users.
Further integration with services like API Gateway would be beneficial.
Comparing AWS GuardDuty to similar products from Microsoft, Microsoft has a product called Sentinel, which is a completely integrated solution that basically does everything from vulnerability management to managing log analytics.
From a developer's perspective, especially for organizations like banks developing their applications, ensuring API security before deploying them to the cloud is crucial.
Prisma Cloud is an excellent tool.
Even though documentation was available, it took a while for a new person to understand what integration meant, what will be achieved after the integration, or how the integration needed to be done on the Azure or AWS side.
I believe the enterprise version costs around $55 per user per year.
There are some tools that are double the cost of Cloud Native Security.
I recall Cloud Native Security charging a slightly higher premium previously.
GuardDuty is very cheap and operates on a pay-as-you-go basis.
The pricing of this tool is cheaper compared to other tools from other vendors, which are more expensive.
AWS GuardDuty is an expensive feature
The cost was not on the higher side.
That's why a lot of our clients are shifting from cloud-native to Prisma Cloud: because of its effectiveness and because it is budget-friendly as well.
The solution is very expensive.
This helps visualize potential attack paths and even suggests attack paths a malicious actor might take.
The infrastructure-as-code feature is helpful for discovering open ports in some of the modules.
This tool has been helpful for us. It allows us to search for vulnerabilities and provides evidence directly on the screen.
It notifies you immediately when something goes wrong, allowing quick response to threats.
Enabling GuardDuty with a single click allows it to start analyzing data for threats without requiring additional software deployment or updates.
The great benefits of using AWS GuardDuty are that it is connected to all ecosystems from the AWS environment, and I can detect threats faster and locate all the information in a single tool.
What I like most about Prisma Cloud is its zero-day signatures, maximum security, minimal downtime, cloud visibility, control, and ease of deployment.
All five modules are taking a preventative approach to the security of the cloud environment, from the network to the cloud, posture management and workload protection.
We use it with multi-cloud environments, and there are five cloud providers supported, including Amazon Web Services, Oracle, GCP, Azure, and Alibaba.
| Product | Market Share (%) |
|---|---|
| AWS GuardDuty | 13.2% |
| Wiz | 15.9% |
| Microsoft Defender for Cloud | 14.8% |
| Other | 56.099999999999994% |
| Product | Market Share (%) |
|---|---|
| Prisma Cloud by Palo Alto Networks | 14.5% |
| Wiz | 23.4% |
| Microsoft Defender for Cloud | 10.9% |
| Other | 51.2% |
| Company Size | Count |
|---|---|
| Small Business | 46 |
| Midsize Enterprise | 20 |
| Large Enterprise | 53 |
| Company Size | Count |
|---|---|
| Small Business | 8 |
| Midsize Enterprise | 3 |
| Large Enterprise | 15 |
| Company Size | Count |
|---|---|
| Small Business | 37 |
| Midsize Enterprise | 20 |
| Large Enterprise | 55 |
SentinelOne Singularity Cloud Security offers a streamlined approach to cloud security with intuitive operation and strong integration capabilities for heightened threat detection and remediation efficiency.
Singularity Cloud Security stands out for its real-time detection and response, effectively minimizing detection and remediation timelines. Its automated remediation integrates smoothly with third-party tools enhancing operational efficiency. The comprehensive console ensures visibility and support for forensic investigations. Seamless platform integration and robust support for innovation are notable advantages. Areas for development include improved search functionality, affordability, better firewall capabilities for remote users, stable agents, comprehensive reporting, and efficient third-party integrations. Clarity in the interface, responsive support, and real-time alerting need enhancement, with a call for more automation and customization. Better scalability and cost-effective integration without compromising capabilities are desired.
What are SentinelOne Singularity Cloud Security's standout features?SentinelOne Singularity Cloud Security is deployed in industries needing robust cloud security posture management, endpoint protection, and threat hunting. Utilized frequently across AWS and Azure, it assists in monitoring, threat detection, and maintaining compliance in diverse environments while providing real-time alerts and recommendations for proactive threat management.
Amazon Guard Duty is a continuous cloud security monitoring service that consistently monitors and administers several data sources. These include AWS CloudTrail data events for EKS (Elastic Kubernetes Service) audit logs, VPC (Virtual Private Cloud) flow logs, DNS (Domain Name System) logs, S3 (Simple Cloud Storage), and AWS CloudTrail event logs.
Amazon GuardDuty intuitively uses threat intelligence data - such as lists of malicious domains and IP addresses - and ML (machine learning) to quickly discover suspicious and problematic activity in a user's AWS ecosystem. Activities may include concerns such as interactions with malicious IP addresses or domains, exposed credentials usage, or changes and/or escalation of privileges.
GuardDuty is able to easily determine problematic AWS EC2 (Elastic Compute Cloud) instances delivering malware or mining bitcoin. It is also able to trace AWS account access history for evidence of destabilization. such as suspicious API calls resulting in changing password policies to minimize password strength or anomalous infrastructure deployments in new or different never-used regions.
GuardDuty will continually alert users regarding their AWS environment status and will send the security discoveries to the GuardDuty dashboard or Amazon CloudWatch events for users to view.
Users can access GuardDuty via:
Amazon Elastic Kubernetes Service (Amazon EKS)
Kubernetes protection is an optional add-on in Amazon GuardDuty. This tool is able to discover malicious behavior and possible destabilization of an organization's Kubernetes clusters inside of Amazon Elastic Kubernetes Service (Amazon EKS).
When Amazon EKS is activated, GuardDuty will actively use various data sources to discover potential risks against Kubernetes API. When Kubernetes protection is enabled, GuardDuty uses optional data sources to detect threats against Kubernetes API.
Kubernetes audit logs are a Kubernetes feature that captures historical API activity from applications, the control plane, users, and endpoints. GuardDuty collates these logs from Amazon EKS to create Kubernetes discoveries for the organization's Amazon EKS assets; there is no need to store or turn on the logs.
As long as Kubernetes protection remains activated, GuardDuty will continuously dissect Kubernetes data sources from the Amazon EKS clusters to ensure no suspicious or anomalous behavior is taking place.
Amazon Simple Cloud Storage (S3) Protection
Amazon S3 allows Amazon GuardDuty to actively audit object-level API processes to discover possible security threats to data inside an organization's S3 buckets. GuardDuty continually audits risk to the organization’s S3 assets by carefully dissecting AWS CloudTrail management events and AWS CloudTrail S3 data events. These tools are continually auditing various CloudTrail management events for potential suspicious activities that affect S3 buckets, such as PutBucketReplication, DeleteBucket, ListBucket, and data events for S3 object-level API processes, such as PutObject, GetObject, ListObject, and DeleteObject.
Reviews from Real Users
“The most valuable features are the single system for data collection and the alert mechanisms. Prior to using GuardDuty, we had multiple systems to collect data and put it in a centralized location so we could look into it. Now we don't need to do that anymore as GuardDuty does it for us.” - Arunkumar A., Information Security Manager at Tata Consultancy Services
Prisma Cloud by Palo Alto Networks provides comprehensive cloud-native security solutions. It covers dynamic workload identity, automated forensics, and multi-cloud protection, ensuring robust security across diverse cloud platforms.
Prisma Cloud delivers advanced capabilities for managing cloud security across AWS, Azure, and GCP platforms. It offers dynamic workload identity creation, real-time monitoring, and seamless integration into CI/CD pipelines. With automation, centralized dashboards, and enhanced visibility, users effectively manage security misconfigurations and vulnerabilities. While optimizing cloud environments through runtime protection and compliance, Prisma Cloud faces challenges with its navigation, pricing, and limited automation capabilities. Users seek improvements in API security, role-based access controls, and documentation quality, emphasizing the need for enhanced customization and reporting features.
What are the important features of Prisma Cloud?
What benefits or ROI should users consider in reviews?
Industries like finance and telecom rely on Prisma Cloud for managing cloud security posture and container security. Teams utilize its capabilities across hybrid and multi-cloud settings to ensure compliance and robust threat protection. Features like misconfiguration detection and runtime monitoring are critical in promoting security objectives in these sectors.
We monitor all Cloud Workload Protection Platforms (CWPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
