Try our new research platform with insights from 80,000+ expert users

Check Point CloudGuard CNAPP vs Prisma Access by Palo Alto Networks comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Apr 6, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Zafran Security
Sponsored
Average Rating
9.6
Reviews Sentiment
8.1
Number of Reviews
3
Ranking in other categories
Vulnerability Management (27th), Continuous Threat Exposure Management (CTEM) (3rd)
Check Point CloudGuard CNAPP
Average Rating
8.6
Reviews Sentiment
7.4
Number of Reviews
71
Ranking in other categories
Vulnerability Management (9th), Cloud and Data Center Security (9th), Container Security (7th), Cloud Workload Protection Platforms (CWPP) (5th), Cloud Security Posture Management (CSPM) (5th), Cloud-Native Application Protection Platforms (CNAPP) (5th), Data Security Posture Management (DSPM) (4th), Compliance Management (6th)
Prisma Access by Palo Alto ...
Average Rating
8.4
Reviews Sentiment
7.1
Number of Reviews
63
Ranking in other categories
Secure Web Gateways (SWG) (3rd), Cloud Access Security Brokers (CASB) (1st), Enterprise Infrastructure VPN (5th), ZTNA as a Service (2nd), Secure Access Service Edge (SASE) (1st)
 

Mindshare comparison

Vulnerability Management
Secure Access Service Edge (SASE)
 

Featured Reviews

Israel Cavazos Landini - PeerSpot reviewer
Weekly insights and risk analysis facilitate informed security decisions
I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool.
Bart Coddens - PeerSpot reviewer
Evolved cloud security with active monitoring but needs interface consistency
The user interface needs work. Sometimes, it is a transition from the old tool to the new CNAPP Two that I currently have, and remnants of the old environment can still be detected. I require consistency in the user interface to ensure everything is streamlined into the same look and feel. More work is needed in fine-tuning the threat data towards your CSPM and activity logs, aligning them with business intelligence, which requires a cohesive console interface. My assessment of CloudGuard CDRs in intrusion detection and threat hunting capabilities is that it still needs some work. All the threat data that comes in, you need to fine tune it a bit.
Partha Dash - PeerSpot reviewer
Makes us part of a bigger security ecosystem with updates taken care of for us, but pricing and support need work
There are definitely a number of things that could be improved. One of them is geographic coverage. China is still an issue because the solution does not operate there properly due to government regulations. I believe Palo Alto is trying pretty hard to get into partnerships with Alibaba and other cloud providers, but they do not have the same compelling offering in China that they have in the rest of the world. Businesses that are operating within China have to be very sure to evaluate the solution before making a buying decision. It is not an issue with Palo Alto, rather it is predominantly the result of government rules, but it's something that Palo Alto needs to work on. There is also room for improvement when it comes to latency in a couple of regions, including India and South America. They might have to increase their presence in those locations and come up with more modern cloud architectures. The third area is that, while Palo Alto has understood the essence of building capabilities around cloud technology and have come up with a CASB offering, that is a very new product. There are other companies that have better offerings for understanding cloud applications and have more graceful controls. That's something that Palo Alto needs to work on.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"We are able to see the real risk of a vulnerability on our environment with our security tools."
"Zafran is an excellent tool."
"Zafran has become an indispensable tool in our cybersecurity arsenal."
"Gives us centralized firewall management for both Windows and Linux distros. Also provides a clear view of the security configurations and connections across environments (DMZ, external and internal networks)."
"It saves time because I can look across the organization. Instead of checking 50 different accounts atomically and spending 15 minutes investigating each, I can spend 15 minutes exploring all 50 accounts. It allows me to quickly look across the org for similar problems when one comes up. That's a huge time saver."
"The reporting is quite good. It is the most powerful aspect of this solution."
"The audit feature is the most valuable for compliance reasons. It gives you a full view of the whole environment, no matter how many accounts you have in AWS or Azure. You have it all under one umbrella."
"We like the GSL Builder feature. When you're running a security operations center, you spend a lot of time monitoring endpoint activity to ensure there is no malicious traffic or anonymous access in the environment. The GSL Builder is helpful for deep investigations of a particular reason for an incident. You can use it to get more information."
"The visibility in our cloud environment is the most valuable feature."
"The system has deployed security tools to enhance effective investigations in the entire company networking system."
"The new scanning function is a valuable feature that wasn't available until recently."
"Security is absolutely spot-on, really top-notch. It's the result of all the components that come together, such as the HIP [Host Information Profile] and components like Forcepoint, providing end-user content inspection, and antivirus. It incorporates DLP features and that's fantastic because Prisma Access makes sure that all of the essential prerequisites are in place before a user can log in or can be tunneled into."
"The solution improved the consistency of our security controls and the BCP. There has been a 20 percent reduction in TCO. Prisma Access also enabled us to deliver better applications by centralizing security management."
"The visibility perspective is pretty cool. If I want to know how much data is being used for a specific project, I can look at how much data has been used, from which region, and which users have been connected. That visibility is very good so that I can see how many licenses we have and how many are used."
"The solution is not very complex and is easy to manage for people who may or may not have knowledge about Palo Alto Networks."
"The most valuable features of the solution are in the areas of the secure remote access it provides while also being user-friendly."
"The protection for web-based applications was helpful for my colleagues who didn't want a particular application on their devices. And the non-web access protection was more for our developers because they were writing and building code on their computers. Prisma Access was able to protect them."
"Panorama provides centralized management capabilities for all our firewalls and locations so that we can manage different data centers through a single device, a very valuable feature. We don't have to log into various devices to oversee them individually."
"Prisma Access protects all app traffic, so that users can gain access to all apps and that's very important because we need to be able to access everything. It also allows us to access non-web apps; anything internal that we need access to, we can access."
 

Cons

"Initially, we were somewhat concerned about the scalability of Zafran due to our large asset count and the substantial amount of information we needed to process."
"Sometimes, the solution provides us with false alerts of vulnerabilities that are not present in our cloud environment."
"I would like an interface more adapted to cell phones or tablets."
"There are opportunities for improvement that can be addressed through a roadmap."
"The shift left part is not yet at a maturity level I desire. I need more integration from the code-to-cloud principle."
"Dome9 should also support deployments that are on-premises and in a hybrid cloud."
"Currently, this solution is somewhat expensive."
"The Check Point solution is somewhat expensive."
"Addressing the large amount of compliance information and benchmarks we need to observe, the tools are becoming our goto dashboards."
"Its security is good. Everything is good, but the way the dashboard responds can be improved. It takes time to implement a policy. If you change only two or three lines and push the policy to make the change work, it takes 20 to 30 minutes even for a small change. That is something very irritating from the implementation perspective."
"GlobalProtect can face challenges with latency, especially when remote workers connect to centralized locations."
"Their next release should provide solutions for the mobile environment."
"The user interface could be better. They need to work a little bit on the console. It is similar to their firewalls but not exactly. They need to clean it up a bit."
"There should be a dedicated portal or SASE-based solution. They're trying to add a plugin but it needs a dedicated portal because it is now an enterprise solution for multiple organizations. People should be able to directly log in to a dedicated page for Prisma Access, rather than going into a Panorama plugin, and always having to update the plugin."
"Sometimes, we encountered a portal crash. When we told Palo Alto they said it might be the browser or cache, but I think they need to improve it on their side."
"It's not really Prisma's fault, but when you try to create exceptions you don't really have those abilities. You cannot say, on the management platform, "Hey, for these users I want to create these exceptions." That is one thing that I have gotten some complaints about, and we have faced some challenges there."
"When it comes to integration mechanisms, Prisma SaaS does not support reverse proxy type of integrations."
 

Pricing and Cost Advice

Information not available
"The tool's pricing is moderate. Its licensing costs are yearly."
"The solution’s pricing is a little bit high."
"It is difficult to contextualize the pricing because we are used to Indian pricing and licensing."
"It is a very straightforward licensing model that is based on the number of assets you are discovering and managing with the solution."
"The price is on the higher end."
"The licensing part still needs some work. The issue that I have is that we do not use all the services in the cloud, but sometimes, CloudGuard identifies them as an asset."
"Check Point CloudGuard Posture Management is expensive."
"I would advise taking into account the existing number of devices and add a forecast of the number of devices to be added in the coming year or two, to obtain better pricing."
"The solution requires a license and the technical support has extra costs. The licensing model could improve."
"I would advise choosing your options according to your company's needs. Just go for what you want and do not pay for anything extra in terms of licensing. You need to determine how much bandwidth is required in your company network, and according to that, you should pay for the license. The mobile user license is based on the number of users who are going to use the VPN solution. You need to determine how many mobile users you are going to have in your network, and you should pay according to that. There are no other costs in addition to licensing, but if you go for the consultant services of Palo Alto networks to deliver the solution for you, then you need to pay something extra. That is not a part of licensing."
"It's pricey, it's not cheap. But you get what you pay for."
"This is not an expensive product and everything is included with one license."
"The licensing fees are paid on a yearly basis and for what we get, the price is good."
"Prisma SaaS is more expensive than similar solutions but I think it's worth it."
"They price their products using credit modules."
"Based on what I have heard from others, it is a pricey solution as compared to its peers, but I am not sure. However, considering the features that it offers, it is a break-even point. You get whatever they are promising."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
851,371 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
13%
Financial Services Firm
12%
Manufacturing Company
7%
Government
6%
Computer Software Company
14%
Financial Services Firm
14%
Manufacturing Company
8%
Educational Organization
5%
Computer Software Company
14%
Manufacturing Company
13%
Financial Services Firm
12%
Government
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Zafran Security?
I find that the pricing for Zafran aligns well with the comprehensive features it offers. The asset and user-based li...
What needs improvement with Zafran Security?
Zafran is a new startup. Features are continuously being added or improved. 1) Continued integrations with existing (...
What is your primary use case for Zafran Security?
We connect this to our vulnerability scanner as input, our security tools to better determine risk, and our change ma...
What is the better solution - Prisma Access or Zscaler Private Access?
We looked into Prisma Access before choosing Zscaler Private Access (ZPA). Palo Alto’s Prisma Access is a secure ac...
What do you like most about Prisma Access by Palo Alto Networks?
The most valuable features of the solution are in the areas of the secure remote access it provides while also being ...
What is your experience regarding pricing and costs for Prisma Access by Palo Alto Networks?
From my experience, Palo Alto is more expensive compared to solutions like Netskope and Triscale.
 

Also Known As

No data available
Check Point CloudGuard Posture Management, Dome9, Check Point CloudGuard Workload Protection, Check Point CloudGuard Intelligence
Palo Alto Networks Prisma Access, Prisma Access, GlobalProtect, Palo Alto GlobalProtect Mobile Security Manager, Prisma SaaS by Palo Alto Networks, Prisma Access
 

Overview

 

Sample Customers

Information Not Available
Symantec, Citrix, Car and Driver, Virgin, Cloud Technology Partners
Concord Hospital, State of Colorado, Essilor International, RheinLand Versicherungsgruppe, University of Westminster, Universidade Nove de Julho, SPAR Austria, CAME Group, ZipRealty, Greenhill & Co., IKT Agder, Aviva Stadium, Animal Logic, Management & Training Corporation, Brigham Young University Hawaii, School District of Chilliwack
Find out what your peers are saying about Wiz, Qualys, Tenable and others in Vulnerability Management. Updated: May 2025.
851,371 professionals have used our research since 2012.