Try our new research platform with insights from 80,000+ expert users

FortiDevSec vs Prisma Cloud by Palo Alto Networks comparison

The compared Fortinet and Palo Alto Networks solutions aren't in the same category. Fortinet is ranked #23 in SAST , with an average rating of 9.0, and holds a 0.3% mindshare in the category. Palo Alto Networks is ranked #1 in CNAP , with an average rating of 8.6, and holds a 16.2% mindshare. Additionally, 100% of Fortinet users are willing to recommend the solution, compared to 98% of Palo Alto Networks users who would recommend it.
FortiDevSec
Read 1 FortiDevSec review
  • 306 Views
  • 40 Comparison Views
100% willing to recommend
Prisma Cloud by Palo Alto N...
Read 110 Prisma Cloud by Palo Alto Networks reviews
  • 15,280 Views
  • 5,650 Comparison Views
98% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Mar 25, 2025

Prisma Cloud by Palo Alto Networks and FortiDevSec are both cloud security solutions. Prisma Cloud appears to have a stronger appeal primarily due to its pricing and exceptional customer support effectiveness.

Features: Prisma Cloud offers comprehensive cloud security measures such as advanced threat intelligence, automated compliance checks, and broad cloud infrastructure protection. FortiDevSec focuses on application security with features including robust source code vulnerability scanning, real-time threat detection, and specialized application security.

Ease of Deployment and Customer Service: FortiDevSec provides streamlined deployment and proactive customer support, ensuring personalized guidance throughout the implementation process. Prisma Cloud offers flexible deployment options backed by extensive documentation. Its customer support receives praise for responsiveness and expertise, contributing to high customer satisfaction.

Pricing and ROI: Prisma Cloud is noted for its competitive pricing structure, offering scalable solutions that ensure long-term cost efficiency. FortiDevSec, while priced higher, justifies its cost with advanced features and offers a promising ROI due to its specialized capabilities. Prisma Cloud's combination of competitive pricing and comprehensive features results in a favorable ROI perception.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Static Application Security Testing (SAST) Report (Updated: May 2025).
Buyer's Guide
Static Application Security Testing (SAST)
May 2025
Download the complete report
Helped 854,618 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

FortiDevSec
Average Rating
9.0
Reviews Sentiment
7.5
Number of Reviews
1
Ranking in other categories
Static Application Security Testing (SAST) (23rd), Vulnerability Management (36th)
Prisma Cloud by Palo Alto N...
Average Rating
8.4
Reviews Sentiment
7.3
Number of Reviews
110
Ranking in other categories
Web Application Firewall (WAF) (5th), Container Security (1st), Cloud Security Posture Management (CSPM) (2nd), Cloud-Native Application Protection Platforms (CNAPP) (1st), Data Security Posture Management (DSPM) (2nd)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. FortiDevSec is designed for Static Application Security Testing (SAST) and holds a mindshare of 0.3%, up 0.1% compared to last year.
Prisma Cloud by Palo Alto Networks, on the other hand, focuses on Cloud-Native Application Protection Platforms (CNAPP), holds 16.2% mindshare, down 21.1% since last year.
Static Application Security Testing (SAST)
Cloud-Native Application Protection Platforms (CNAPP)
 

Featured Reviews

Mohammed Jaffir - PeerSpot reviewer
Scans codes in CI/CD pipelines and identifies vulnerabilities
In a customer environment, developers integrate their code with CI/CD pipelines. Most developers use cloud platforms like AWS or Azure and project management tools. FortiDevSec integrates with these CI/CD pipelines using agents such as YAML files. Once integrated, FortiDevSec scans the source code using our product or within the IDE. The most valuable feature is the ability to identify known vulnerabilities in applications by generating reports easily. This development gamification is very useful for developers. Compared to TechSmart and Fortify, FortiDevSec has similar features, but it is much easier to use because of its simple setup. SysTrack, for example, is not very simple. For the CI/CD pipeline, we only need to integrate a YAML file into the security process. Compared to other products, the tool requires fewer steps. We must integrate one file with the CI/CD pipeline, automatically pulling the code report to the repository. Using our API and username, it is easy to scan the environment. The tool's integration is also easy.
Read full review
Mohammad Qaw - PeerSpot reviewer
It gives you one console to see all of your assets, review their configurations, and build your processes
Most customers use Prisma Cloud for visibility and compliance. Prisma has so many features, but many organizations do not use them. They primarily use the visibility part to connect all their cloud accounts and hosts for visibility to see if they are missing any security controls or if they have any misconfigurations. You can connect it to cloud environments such as Azure, AWS, Oracle Cloud, Alibaba, etc., or to an on-prem data center. Prisma Cloud gives you so many options to automate processes related to your daily operations. When it comes to cybersecurity, you can automate things with their existing APIs. They also have out-of-the-box integrations with many solutions. I have not seen any limitations. Everything is customizable. You can do whatever you want, defining the reporting and custom use cases. They recently updated the UI, so it's much better than before.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"In a customer environment, developers integrate their code with CI/CD pipelines. Most developers use cloud platforms like AWS or Azure and project management tools. FortiDevSec integrates with these CI/CD pipelines using agents such as YAML files. Once integrated, FortiDevSec scans the source code using our product or within the IDE."
"It has improved the overall collaboration between SecOps and DevOps. Now, instead of asking people to do something, it is a default offering in the CI/CD. There is less manual intervention and more seamless integration. It is why we don't have many dependencies across many teams, which is definitely a better state."
"What I like most about Prisma Cloud is its zero-day signatures, maximum security, minimal downtime, cloud visibility, control, and ease of deployment."
"It is user-friendly. It has a good look and feel and reporting structure. It provides a single pane of glass. These are the things that I like."
"What I found most valuable in Prisma Cloud by Palo Alto Networks is the VAS, such as the web application and API security. I feel that VAS adds a lot of value, mainly because it gives visibility through the application layer and threat detection features."
"The most valuable feature of Prisma Cloud by Palo Alto Networks is the CSPM, which we use the most. Additionally, the investigation and alerts are useful, and the creation of queries."
"We found it to be easy and flexible. We could easily configure it for our needs, and we could spread the Prisma Cloud platform to 16 countries without encountering any kind of problem."
"Prisma Cloud's most valuable asset is its ability to provide detailed visibility into container activity."
"The ability to monitor the artifact repository is one of the most valuable features because we have a disparate set of development processes, but everything tends to land in a common set of artifact repositories. The solution gives us a single point where we can apply security control for monitoring. That's really helpful."
More Prisma Cloud by Palo Alto Networks pros
 

Cons

"The only drawback I see with FortiDevSec is the lack of extensions."
"Sometimes we do get false alerts. That should be improved."
"Support is an area that needs improvement."
"To see the full picture, at least when I last used it in April or May, you needed to switch between the modules. To see the cloud infrastructure and pipeline configuration, you need to switch to that module. To see the code security part, you need to switch to the Code Security module. It is the same story with CSPM. Two competitors of Prisma Cloud do it in a better way. They show the full view of a risk. Prisma Cloud unfortunately lacks in that area, but they are catching up."
"The area for improvement is less about the product and more about the upsell. If we've already agreed that we'd like your product x, y, or z, don't try to add fries to my burger. I don't need it."
"It's not really on par with, or catering to, what other products are looking at in terms of SAST and DAST capabilities. For those, you'd probably go to the market and look at something like Veracode or WhiteHat."
"I think Prisma Cloud could improve its preventive governance policy and CWP run time modules."
"Currently, custom reports are available, but I feel that those reports are targeting just the L1 or L2 engineers because they are very verbose. So, for every alert, there is a proper description, but as a security posture management portal, Prisma Cloud should give me a dashboard that I can present to my stakeholders, such as CSO, CRO, or CTO. It should be at a little bit higher level. They should definitely put effort into reporting because the reporting does not reflect the requirements of a dashboard for your stakeholders. There are a couple of things that are present on the portal, but we don't have the option to customize dashboards or widgets. There are a limited set of widgets, and those widgets don't add value from the perspective of a security team or any professional who is above L1 or L2 level. Because of this, the reach of Prisma Cloud in an organization or the access to Prisma Cloud will be limited only to L1 and L2 engineers. This is something that their development team should look into."
"The Fargate security microservice that's running doesn't support blocking features, which would be helpful. Another issue is the lifecycle. It isn't easy to upgrade if we have a console in Fargate."
More Prisma Cloud by Palo Alto Networks cons
 

Pricing and Cost Advice

Information not available
"The pricing structure is easy to understand. Depending on the use case the pricing of the solution can be different. There are not any additional costs to the standard living fees."
"The product is very expensive, but the cost is a necessary evil; I don't know how we could have any kind of cloud presence without this type of monitoring. The pricing is calculated by module and resource usage. Ultimately, it saves us money in the amount of time we would spend uncovering what it uncovers, and we might not make the required discoveries without it anyway. Prisma offers incredible value, though I wish it were cheaper."
"Prisma Cloud is a high-end enterprise solution, making it quite expensive."
"The price is high. In the future, when there are more competitors at the same level with different clouds, maybe the position will be different."
"Its price is reasonable as compared to other products. The main challenge is explaining the licensing model to customers. It isn't a problem related to Palo Alto. Commonly, people don't understand cloud licensing or security licensing. When they have fixed virtual machines, they know what they are going to be charged, but when it comes to cloud automation, it is hard for them to get clarity in case of high workloads or when they have enabled auto-scaling, etc. It would be helpful if Palo Alto can educate people on their licensing programs."
"The pricing is competitive. From what I have seen in the past, it is on par with the others."
"If a competitor came along and said, "We'll give you half the price," that doesn't necessarily mean that's the right answer, at all. We wouldn't necessarily entertain it that way. Does it do what we need it to do? Does it work with the things that we want it to work with? That is the important part for us. Pricing wasn't the big consideration it might be in some organizations. We spend millions on public cloud. In that context, it would not make sense to worry about the small price differences that you get between the products."
"The pricing is good. They gave us some good discounts right at the end of the year based on the value that it brings, visibility, and the ability to build in cloud, compliance, and security within one dashboard."
More Prisma Cloud by Palo Alto Networks pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Static Application Security Testing (SAST) solutions are best for your needs.
See recommendations
854,618 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Insurance Company
11%
Financial Services Firm
11%
Construction Company
9%
Financial Services Firm
13%
Computer Software Company
13%
Educational Organization
12%
Manufacturing Company
10%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What needs improvement with FortiDevSec?
The only drawback I see with FortiDevSec is the lack of extensions.
See all answers
What advice do you have for others considering FortiDevSec?
We have implemented FortiDevSec for one customer for a year. It has been implemented successfully, and we haven't received any complaints from them. Since it's been used by only one customer, if we...
See all answers
What is your primary use case for Prisma Cloud by Palo Alto Networks ?
Prisma Cloud helps support DevSecOps methodologies, making those responsibilities easier to manage.
See all answers
What Cloud-Native Application Protection Platform do you recommend?
We like Prisma Cloud by Palo Alto Networks, since it offers us incredible visibility into our entire cloud system. We are able to easily see where our container vulnerabilities lie and and where cl...
See all answers
What do you think of Aqua Security vs Prisma Cloud?
Aqua Security is easy to use and very manageable. Its main focus is on Kubernetes and Docker. Security is a very valuable feature and their speed of integration is very good. The initial setup was ...
See all answers
 

Comparisons

SonarQube Server (formerly SonarQube) vs FortiDevSec Logo
SonarQube Server (formerly SonarQube) vs FortiDevSec
Compared 60% of the time
Fortify on Demand vs FortiDevSec Logo
Fortify on Demand vs FortiDevSec
Compared 22% of the time
SonarQube Cloud (formerly SonarCloud) vs FortiDevSec Logo
SonarQube Cloud (formerly SonarCloud) vs FortiDevSec
Compared 18% of the time
More FortiDevSec Competitors
Wiz vs Prisma Cloud by Palo Alto Networks Logo
Wiz vs Prisma Cloud by Palo Alto Networks
Compared 22% of the time
Microsoft Defender for Cloud vs Prisma Cloud by Palo Alto Networks Logo
Microsoft Defender for Cloud vs Prisma Cloud by Palo Alto Networks
Compared 11% of the time
CrowdStrike Falcon Cloud Security vs Prisma Cloud by Palo Alto Networks Logo
CrowdStrike Falcon Cloud Security vs Prisma Cloud by Palo Alto Networks
Compared 5% of the time
Aqua Cloud Security Platform vs Prisma Cloud by Palo Alto Networks Logo
Aqua Cloud Security Platform vs Prisma Cloud by Palo Alto Networks
Compared 4% of the time
SentinelOne Singularity Cloud Security vs Prisma Cloud by Palo Alto Networks Logo
SentinelOne Singularity Cloud Security vs Prisma Cloud by Palo Alto Networks
Compared 4% of the time
More Prisma Cloud by Palo Alto Networks Competitors
 

Product Reports

Buyer's Guide
Static Application Security Testing (SAST)
May 2025
FortiDevSec reportDownload FortiDevSec product report
Buyer's Guide
Prisma Cloud by Palo Alto Networks
May 2025
Prisma Cloud by Palo Alto Networks reportDownload Prisma Cloud by Palo Alto Networks product report
 

Also Known As

No data available
Prisma Public Cloud, RedLock Cloud 360, RedLock, Twistlock, Aporeto
 

Overview

FortiDevSec enhances application security by integrating seamlessly into development pipelines, facilitating early threat detection and mitigation. It supports continuous delivery models and ensures robust application defenses while maintaining efficient development workflows.

By embedding security into DevOps processes, FortiDevSec allows teams to address vulnerabilities during development. It automates security assessments, offering insights that help in reducing risk and improving compliance. Its integration capabilities streamline application security without disrupting developer productivity.

What are the key features of FortiDevSec?
  • Continuous Integration: Automates security checks within development workflows.
  • Comprehensive Analysis: Provides multi-vector scanning for thorough threat detection.
  • Risk-Based Prioritization: Identifies and prioritizes critical vulnerabilities.
  • Integration Compatibility: Easy integration with existing CI/CD tools.
What benefits can users expect from FortiDevSec?
  • Enhanced Security: Improves application protection by identifying security threats early.
  • Increased Efficiency: Reduces manual security assessment time with automation.
  • Compliance Support: Aids in aligning with industry security standards.
  • Cost Effectiveness: Minimizes costs associated with post-production vulnerability fixes.

Industries implementing FortiDevSec like finance and healthcare benefit from its ability to meet strict regulatory standards while ensuring secure and rapid application deployment. It supports integration into existing workflows, making it a valuable tool for maintaining compliance and protecting sensitive data.

Fortinet

Prisma Cloud by Palo Alto Networks delivers comprehensive security for cloud environments, focusing on workload protection, identity creation, and seamless AWS integration. Its cloud visibility and control, combined with thorough vulnerability scanning, help maintain robust security across multi-cloud platforms.

Prisma Cloud provides essential capabilities for cloud security posture management, container security, and compliance monitoring. Enterprises utilize it to secure cloud configurations, detect vulnerabilities, and ensure regulatory compliance, spanning AWS, Azure, and Google Cloud. Its runtime management, identity-based micro-segmentation, and threat detection enhance cybersecurity. Despite needing improvements in documentation, integration complexities, UI, and the need for role-based access control refinement, it remains pivotal for securing assets across cloud infrastructures, particularly with its capabilities for vulnerability scanning and CI/CD pipeline integration.

What are the key features?

  • Workload Identity Creation: Establishes identities for cloud workloads, enhancing security through precise access management.
  • Dynamic Workload Protection: Protects applications dynamically, securing resources during runtime.
  • Integration with AWS Products: Seamlessly integrates with AWS services, maximizing the efficiency of cloud operations.
  • Automated Forensics: Provides detailed insights through automated investigations and runtime mapping between containers.
  • Application Dependency Map: Enables compliance and asset management through comprehensive inventory functionality.

What benefits or ROI should users expect?

  • Proactive Threat Prevention: Enhances security measures with advanced threat detection and prevention.
  • Cloud Visibility and Control: Offers control across multi-cloud environments, ensuring users maintain a strong security posture.
  • Prevention Capabilities: Users value its ability to prevent vulnerabilities and threats effectively.
  • Integration Capabilities: Supports seamless integration into existing cloud infrastructures and CI/CD pipelines.

In industries like finance, healthcare, and retail, Prisma Cloud is implemented to strengthen cybersecurity measures, facilitate regulatory compliance, and enhance governance. Organizations leverage its features to secure sensitive data, monitor configurations, and integrate security processes within CI/CD workflows, ensuring robust protection across complex cloud infrastructures.

Palo Alto Networks
 

Sample Customers

Information Not Available
Amgen, Genpact, Western Asset, Zipongo, Proofpoint, NerdWallet, Axfood, 21st Century Fox, Veeva Systems, Reinsurance Group of America
Buyer's Guide
Static Application Security Testing (SAST)
May 2025
Download Free Report
Find out what your peers are saying about Sonar, Veracode, Checkmarx and others in Static Application Security Testing (SAST). Updated: May 2025.
DOWNLOAD NOW
854,618 professionals have used our research since 2012.

We monitor all Static Application Security Testing (SAST) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.