Prisma Access by Palo Alto Networks Reviews

Prisma Access protects all app traffic so that users can gain access to all apps. This is very important when you have multiple applications in your environment. You do not want any network traffic to get compromised. It inspects all the incoming traffic so that the user can access that traffic in a secure way.

It secures both non-web and web-based apps, which is very important. You have applications in your environment. So, you want them to be accessed in a secure manner. It also provides security on the internet when you are trying to access something, such as PaaS apps. It provides security to that as well with the security management policy. It has an inbuilt security management policy. You just need to enable that, and that's it. This security of the non-web and web-based apps reduces the data breach. It is good for our operations that our non-web apps as well as web-based apps are secured.

We have two ways to manage Prisma Access. One is Panorama, and the other one is the Cloud Managed application. The graphical UI is very easy to use. It has a user-friendly graphical user interface, and we have a graphical statistics page as well, which gives you an insight into what's happening. It is very user-friendly.

It makes it very easy that in a single interface, you get all the features, such as routing, security, decryption, and other application functionalities. So, in a single graphical interface, you get everything, and it's easy to manage.

It provides traffic analysis, threat prevention, URL filtering, and segmentation. These elements are very important because you do not want to allow all the URL categories in your environment. You can simply block the categories that you don't want your users to access in your network. That's where these features come in handy. We can simply block these URL categories, and we have that functionality in Prisma Access.

It provides millions of security updates per day. Technology is changing every day, and Palo Alto is providing regular updates so that we can keep ourselves up to the market level. Constant enhancements are provided with the help of the Prisma Access plugin version. New plugins and features are coming every month.

Autonomous Digital Experience Management (ADEM) features are very good. It's a very helpful application. It helps us to troubleshoot network-related issues. It makes the job easy. We get to know whether an issue is at the endpoint level, ISP level, or system Access level. It helps us to determine the issue so that we can isolate and focus on a specific area. It makes our job easy.

ADEM is very impressive, and the users are enjoying this application. If they're not that tech savvy, it helps to isolate the issue at a particular level, making the job easy.

It enables us to deliver better applications. It is helpful because I can connect all my branch offices. If I have one office in the US, one in Asia, and one in Europe, I can connect all my offices to Prisma Access. I can also connect my data center and my mobile users spread across the globe. In Prisma Access, we have more than 100 locations provided by Palo Alto. So, it is very easy.

We have different security profiles inside Prisma Access. We have file blocking. We have anti-spyware. We have antivirus, and we have vulnerability protection. We also have DoS protection. All of these features are provided by Palo Alto Prisma Access, and we can utilize these options to make our security even better.

GlobalProtect is one of the best features of Prisma Access. It provides a remote access VPN solution.

We have an application called ADEM that helps us troubleshoot network-related issues. It helps us to isolate an issue whether it is on the ISP level, endpoint level, or system access level.

The Cloud Managed Prisma Access needs some more enhancement. Its GUI needs to be updated with respect to the inside application of Prisma Access.

The BGP filtering options on Prisma Access should be improved.

It has been three years.

It is very stable. If one node goes down on Prisma Access, we always have a backup node so that the traffic is not impacted. A backup node is always available, and the traffic is not compromised.

It is a scalable solution. Many clients are using the Prisma Access solution. I have personally worked with clients from across the globe, such as Germany, Australia, and Asia. They all are enterprise customers. 

People who work with or manage it are cybersecurity architects and cybersecurity leads. 

Sometimes, there's a long wait, and it is hard to get technical support, but it's improving day by day. I would rate them a 7 out of 10.

Neutral

I didn't use any other solution. 

It's straightforward and very easy. The deployment duration depends on the client's infrastructure. It depends on how many branch offices they are going to have. They could have only 3 offices, or they could have 100 offices. On average, if they have only 4 offices, it will take a max of four sessions. If they have 10 offices, it would take about 20 hours with two hours for each session.

We need an infrastructure subnet so that we can create an infrastructure over Prisma Access. We need to decide on the routing part, whether we are going with BGP or traffic routing. We need to have the IP address information for the IPsec tunnel. Apart from that, we need to take care of the DNS and resolve internal domains, if they have any. 

From my end, only one consultant is assigned for delivering the solution to the customer.

I would advise choosing your options according to your company's needs. Just go for what you want and do not pay for anything extra in terms of licensing. You need to determine how much bandwidth is required in your company network, and according to that, you should pay for the license. The mobile user license is based on the number of users who are going to use the VPN solution. You need to determine how many mobile users you are going to have in your network, and you should pay according to that.

There are no other costs in addition to licensing, but if you go for the consultant services of Palo Alto networks to deliver the solution for you, then you need to pay something extra. That is not a part of licensing.

If you have a company with branch offices, you do not need to have your own data center. You can simply connect your branch offices as well as your remote VPN users to the Prisma Palo Alto data center. You do not need to maintain your own data center. It will save your LAN cost, electricity cost, and labor cost.

Make sure that you are familiar with your company's network design and your design is compatible with Prisma Access. Make sure that the design is properly done and every use case or scenario is properly discussed. After that only go for the Prisma Access solution.

I would rate Prisma Access an 8 out of 10.

We are using Prisma SaaS for products. We use many content-based platforms and we were using this product to perform policy detection. If someone is sharing something publicly, externally, from our domain, which is risky. This product allows you to write policies, and those policies will detect content, which captures them in the policy category or in the criteria. You then can add remediation action for protection.

We deploy the solution using their infrastructure and we connected that solution with our applications.

Prisma SaaS has helped the way our organization has functioned. Before the used the solution, we needed to write API calls for every platform to receive data out of it. It's a tedious task because we have 20 products and you need to write 20 application API calls. Once you receive the API calls, you need to massage and manipulate the data, search, and filter it. We need to write the full-fledged application. However, this product does it all, it gives you everything.

Instead of writing applications, we only need to go into one place, one URL, and we are able to do whatever we need to. In terms of hours, it saved us a lot of time and hours to do similar tasks previously, which we used to do using API calls to the product.

This is a one-stop solution. They have multiple features for every product, you don't need to purchase different products for each platform. When you purchase one Prisma SaaS you can connect to 10 different things. You can write different policies, attach different policies, search, and export the data out. There are many capabilities of this solution.

The solution has all its capabilities in a single cloud delivery platform which is great and it provides overall good protection.

If you compare Prisma SaaS against other products, such as Cloud Log, it's a little bit tricky to understand, but it offers different functionality that other products don't have. From a user usability point of view, you need some training for this product, as an admin, you need a couple of demos.

The reports and setting the policies could improve, they are important. Their UI is a little bit confusing when you create the policy section. There are times when it looks like you are in one section, but you're technically in another section and you're saving something else. The need to make it more clear in the UI for policy creation and setup.

I have been using Prisma SaaS for approximately one year.

The stability of the solution is a little bit slow when you do searching. However, I have never seen an error on the application for over one year. It is stable.

The scalability of Prisma SaaS is very good.

We plan to increase the usage of this solution. We are working with the compliance team and we are trying to find more policies and more products where we can use Prisma SaaS. We have recently renewed the solution for three more years.

If we open a private ticket, they're pretty fast. They get back to us in a timely manner and we work with them actively.

I would rate the technical support a seven out of ten.

We have two solutions that we use. We also use CloudLock for a specific product. These products are usually application-based, and if you compare BetterCloud and CloudLock, CloudLock is good for Google. Similarly, BetterCloud is good for Dropbox because their EPA's are more integrated. Prisma SaaS is good for receiving data from OneDrive, Office365, and a lot of other products. We have multiple products depending on the use case.

The initial setup is straightforward. It's a SaaS product, we only need to log in and integrate our apps using our administrative rights.

The full deployment takes a couple of weeks. The deployment is easy, but the scanning takes time. If you connect a product and that product is having a terabyte of data, the scanning will take time. However, deployment connecting to the products, it's fairly easy.

We implement the solution in a sandbox environment and a production environment. The sandbox environment is connected to our sandbox applications, and production is connected to production applications. Whenever we are trying to launch a new policy, we used to try a new sandbox first. If it goes well, we send it to a production environment. We upload a sample of corrupted files to see if the policies are acting as they are supposed to.

We used an integrator and we worked with them directly.

We use approximately 40 hours a week for the maintenance of the solution to get everything done.

The pricing can be difficult because it came to us with another agreement, but it can be negotiated. I highly recommend people to compare this product's performance and pricing against BetterCloud, because I feel BetterCloud is better than Prisma SaaS if they're starting from scratch.

The auditing does not protect all application traffic. It's more content-based. For example, if I uploaded a file and that file has sensitive information, Prisma will detect it. It will tell me where that file has been uploaded, how it's shared, whose current external parties were accessed. Anything which is bound to my user base, I will receive the report, but not the audit log. It won't tell me when users log into the platform, or if they log out. However,  it will tell me if they upload anything and take any action on that content.

We can connect the solution to AWS F3, which you can be considered not web-based because it has both products. From the F3 bucket, you can access it through different mechanisms. We are using it for some products which are not purely web-based.

We use SaaS products. That means infrastructure is not in our control and if you upload something into those platforms, such as Dropbox, any content that is put into the data system, we need to make sure that our data is protected and not shared outside. This product and its processes allow us to monitor it. We can create a policy, and limit the action. A person does not need to wait and then take action. For example, if someone uploaded something critical, a Saas policy gets triggered, and it automatically brings that operation down. If someone shares a file publicly, the policy triggers and detects the file and removes the public sharing. This is how we are protecting our data within our platform using this product.

I have learned from using this solution we should have more policies created as per compliance and security to utilize the features of this product better. If you have this product and if you're not writing a policy, then this product is useless. Right now we have basic policies, four and five, which I feel we have the potential to increase to 15 or 20.

I rate Prisma SaaS by Palo Alto Networks a seven out of ten.

We need global connectivity because we are a software company, and we have a lot of contractors around the globe. We are using Prisma Access for them to be able to connect from anywhere and have access to our data center, which is on-premises. It is not in the cloud.

We are using its latest version. It is always up to date. 

It provides zero trust security and access to our resources. It brings security and provides access. The security provided by Prisma Access is very good. I would rate it a nine out of ten in terms of security.

Prisma Access provides all its capabilities in a single, cloud-delivered platform, which is very good. Before choosing Prisma Access, we did extensive research. A single console was very important for us. If we had gone for Cisco, we would have had to combine three different products of Cisco, and we would have had three different consoles to manage, which is not what we wanted.

Prisma Access provides traffic analysis, which is very important for us because we want to know what is happening with the traffic, who is connected, how they are connected, and what is happening with the endpoint during this connection. We are working with the current information, and it is very important. For threat prevention, we are going to implement Palo Alto WildFire.

Prisma Access provides millions of security updates per day. It is very important because if we have zero-day or any other type of breach, it would not be good. There should be regular updates.

Prisma Access' ADEM was another feature that made us go for Prisma Access as compared to the other vendors. It provides real and synthetic traffic analysis, but it also depends on how you tune up ADEM. You need to make rules in order to maintain certain services. If you are doing it right, it will be able to show you where the weak point to the connection is. ADEM does not affect the digital experience for end-users. They do not even know that it is there.

Prisma Access does not enable us to deliver better applications, but it has had an impact. It is stopping some applications that our people are using.

It is easy. There are service connections that they are using for connecting from the cloud to your data center. It is simple. 

There is a system for monitoring the traffic. You can monitor the traffic of the connected people and point out any issues on the connection part. 

The user interface could be better. They need to work a little bit on the console. It is similar to their firewalls but not exactly. They need to clean it up a bit.

Prisma Access' ADEM is good when it comes to segment-wise insights across the entire service delivery path. The only minus is that it is not supporting Linux. It is only for Windows and macOS.

We are not able to manage firewalls from the cloud. They have promised to make this feature available in the future where we will be able to manage firewalls from the cloud. Currently, we can only use Panorama to manage firewalls.

I have been using this solution for two months.

It is very stable. I would rate it a ten out of ten in terms of stability.

It is very scalable. We have 200 users. I would rate it a ten out of ten in terms of scalability. 

We use it very often. It has been okay so far.

We take the help of the integrator who is helping us. We still have questions regarding the product. They have provided a service engineer, and we work with him. We are able to call him directly for any help.

Positive

We did not use any other solution previously. 

It is straightforward because all the work is done by Palo Alto. They provide help for the initial setup to go without any issues or with minimum problems. They power up the machines, and they give us console access from there.

After Prisma Access was set up, it took us about a week to tune everything and connect our data centers to Prisma Access, etc.

We had two engineers for its setup. It does require maintenance. I am the only person handling the maintenance. It is not difficult to maintain.

We use an integrator. 

It is too early for that. We need a little bit more time to see the ROI.

It is not cheap. It is expensive. The good thing is that you are able to pay for what you need, but overall, it is not cheap. The pricing is not based on packages. You pay based on the features. If you want DLP, you only pay for DLP. They are very flexible. It is not cheap, but the licensing is flexible. There are no additional costs in addition to the standard licensing fees.

I would advise starting with the lowest package or minimum services, and then you can upgrade based on your needs. The full package is not cheap, and you might not need all the features.

Their cloud access router could be a little bit cheaper.

We evaluated Cato Networks, Cisco Umbrella, and Zscaler. We also had presentations from Perimeter 81 and CloudFlare.

We went for Prisma Access because it is able to integrate with their firewalls. They have very good connectivity. Palo Alto is a leader in the next-generation firewall, which means their security is good. 

Prisma Access has a lot of features, but we have been using it for only two months. We have not fully used it yet. We have not used the whole functionality.

The good thing is that they are providing a proof of concept. You can do a proof of concept and see if it is suitable for you. If you are already using Palo Alto firewalls, it will be better for you. It will be much easier for you to use Prisma Access.

If you are familiar with Palo Alto in general, it is easy to use because it is very similar to their operating system of firewalls. If you have previous experience with Palo Alto, it is much easier. Otherwise, it will take a little bit of time, but it is easy. The only thing that can be a bit complicated is the service connection. In Prisma Access, you have two types of connections: service connection and network connection. They do almost the same thing. They can create confusion if you are not familiar with them.

Prisma Access can secure not just web-based apps but non-web apps as well, but we are not using this feature currently. 

Overall, I would rate Prisma Access an eight out of ten. That is because we cannot manage firewalls from the cloud.

Our use case started with the pandemic. Before the pandemic, our users worked in our office, but when the pandemic started our users were at home. They wanted to have the same kind of access that they had on-premises. We deployed a network and mobile services for them so that they could have the same experience sitting at home and access all the infra in the office. We use mobile access to connect to Prisma Access, and from Prisma Access we built a site-to-site VPN to connect to the office network so that they would have the same kind of access.

It is very helpful because it is protecting the applications that are behind it. It has so many components that we can use to secure our applications.

Prisma Access has all the features from Palo Alto. But the visibility perspective is pretty cool. If I want to know how much data is being used for a specific project, I can look at how much data has been used, from which region, and which users have been connected. That visibility is very good so that I can see how many licenses we have and how many are used. It gives a great view of what is happening, of everyone who is connected. That is one of the things I like.

It provides traffic analysis, threat prevention, and URL filtering, although I'm not sure if it provides segmentation. These features are very important. We wanted to filter traffic according to our standards. The URL filtering helps to filter the traffic so that we only send the traffic we want to on-premises or the internet. Without this, it would be very tough.

Also, it protects all your app traffic. It's like a next-generation firewall. It does everything.

For a non-technical guy, the reporting of Prisma Access is very easy. You need to know the navigation tabs, but it only has so many of them and you can do many things in the tabs. It is pretty easy because there aren't that many pages or options.

And the updates, like URL updates, IPS, IDS, and any WildFire subscription updates are very helpful for protecting our infra.

There should be a dedicated portal or SASE-based solution. They're trying to add a plugin but it needs a dedicated portal because it is now an enterprise solution for multiple organizations. People should be able to directly log in to a dedicated page for Prisma Access, rather than going into a Panorama plugin, and always having to update the plugin. An administrator should be able to look at it from a configuration perspective and not the management and maintenance perspectives.

We started using Prisma Access by Palo Alto Networks with the pandemic in 2019, so I have been using it for over three years.

Initially, they were coming up with a new plugin every one or two months, and you would have to download it. But now, I don't see that. Their team continues to work on it, but as a customer, I see it as stable. 

They're using the resources of GCP so if GCP in a specific region has some issues, it will impact Prisma Access. They have to look at some kind of backup.

I don't see it as a scalable solution because it is running on top of VMs. They say it is scalable, but we didn't see it working that way for one or two incidents that we had. But later, they had more firewalls in the cloud and kept them on standby. Since then, I haven't seen that issue.

I have implemented the solution for 100,000-plus users, and most of them are connecting from home. It reduces the load on our on-premises firewall, handling posturing and VPN. It is a dedicated project, meaning everyone, all of our employees, uses the same solution to connect to the infra.

When I started working with their support, the product was new for them as well so they were not all that familiar with it. They need to improve the technical support staff.

Positive

We were using Cisco AnyConnect but we replaced it, in part, with Zscaler and mostly with Prisma Access.

Prisma Access works on Panorama which we have on a virtual machine on GCP. As with anything, if you don't know it, it is complicated, but once you understand it, it is very easy. If I look at it as a combination of before and after, the setup is of average difficulty. You can learn things very fast. It's not that difficult or complicated, but you should know the purpose of each part. Then it is easy.

When I did my initial deployment of Prisma Access in 2019, it took around five days. But by the time I had done two or three deployments, it was taking me 20 minutes to deploy.

The implementation strategy is totally dependent on the requirements. Some customers say they want the same feeling at home that they have in the office. Some customers say they want Prisma Access to reduce the burden on the existing on-premises firewall. The posture checks have to be done on Prisma Access and, once done, the traffic is forwarded.

Once you understand the product, two to three guys should be able to handle it for configuration, and then they can move on. But for operations, you need a team.

We evaluated Zscaler Private Access and multiple other cloud solutions.

Compared to Zscaler and other services, the advantage of Prisma Access is that it supports both data and voice. The other vendors don't support voice. With Prisma Access, we don't need to look for any other services or solutions. It supports your data and voice services as well and that is one of our most important requirements.

At the end of the day, Prisma Access is nothing but a firewall that is hosted in the cloud. It depends on your capacity, the users that are connecting, and the VM you are running in the backend. It has all the capabilities and subscriptions that we were using on-premises. I don't see any challenges in terms of security. It is secure. They haven't compromised on anything with Prisma Access. It tries to protect us as much as possible.

It's crucial for us and is helping us a lot if you look at it from a business perspective.

We can do a lot with it and use it for eight to nine use cases. It supports your data and voice and, as I noted, I haven't seen any other product support both. Prisma Access is the best product. It depends on what you're looking for. But if you have a lot of requirements, you should go with Prisma Access.

We use Prisma Access to build an allowlist that we put into Socks App, so we can gate access to what we want based on whether someone is allowed onto the VPN. Prisma is a SaaS product. We have the cloud-managed version that we use to access a mixture of on-prem, public cloud, and SaaS tools. 

We aren't using it extensively. There are only around six rules. I've had five hundred or a thousand rules in previous companies that used Palo Alto Networks. We have six, so we're not using the solution extensively. We're looking at various products for DNS filtering and security, so we will potentially get rid of Prisma Access in the future. It's a heavy-handed way of doing what we're trying to do.

Prisma helped us build a moat around our production systems. It's now impossible to log into our production from a non-MDM laptop. Prisma Access provides decent security overall.

Prisma Access protects all app traffic so users can access all our apps, which is crucial because we want this to be as transparent as possible. The ability to secure web-based and other apps is also critical. We use this as a gateway into production or specific systems. That might be over 443, HTTPS, DB, or any other protocol.

Prisma Access offers features in one cloud-delivered platform, which is pretty important. Anything we can do to reduce the complexity of this is good. It will get messed up at some point if there are too many moving parts.

The traffic analysis, threat prevention, and URL filtering features are pretty critical. Prisma Access is our frontline defense for our production environments. On top of that, it protects the engineering staff's endpoints, so it needs to provide essential URL scanning and WildFire AV detection.

I've had a ton of issues with Prisma Access. The UI is horrible and not intuitive. For example, error handling when applying configuration changes is atrocious. The UI itself is buggy and lags. The sales staff tried to be helpful, but they sold us the wrong license SKU, which broke our environment, and it took two months for them to fix it. Two months is an eternity for something as critical as this.

It applies commits to the firewalls slowly. There isn't an API you can use for anything. We've previously had trouble with the egress IP addresses though we expressed to engineering that those mustn't change. They changed several times without warning, causing a lot of headaches.

I have used Prisma Access for a year and a half. 

Prisma hasn't broken yet. There have been a lot of outages, but luckily only a handful have affected us.

Prisma is somewhat scalable. We want to use this as an allowlist for our external applications. However, other external tools don't allow you to add an arbitrary number of IPs. If we were going to put in the complete list of active and reserved IPs that we get from our seven points of presence, then that's roughly 41 IPs. That goes over the max of 40 that GKE and GCT use. We can't use it to gate Kubernetes pods because there are too many IPs.

We can't seem to remove them once they're added. I've opened several support cases, and we still have half. Half of this list is all reserved and unusable points of presence because they aren't assigned to anything. It is a bit cumbersome and not as agile or straightforward as I was led to believe.

I rate Palo Alto's support a four out of ten. When I put in a ticket for a problem, they will send me a link to documentation that is either for the wrong product or something that doesn't apply to me. I usually get on a Zoom call with an engineer, show them the problem, and wait a week or two before I get a solution.

Neutral

Setting up Prisma Access was relatively straightforward for our use case. We deployed some firewalls in our system and used the IP addresses we got from those to inform and allow this. So it was very straightforward to get it to work, but tweaking it over time has been cumbersome.

I was the only person from our company working on the deployment. I designed and implemented the architecture, then deployed the tool to the endpoints internally. I'm responsible for educating the users and troubleshooting problems they find. I do things like telling a guy, "No, there isn't a problem with the VPN. You shouldn't use the web version of Spotify because only crazy people do that."

We used CDW and Palo Alto professional services. It was fine. It wasn't the best engagement, but it wasn't the worst.

It's hard to say if we've seen an ROI. I imagine we have. We haven't been breached, so that's something.

There's no reason not to buy the enterprise version that gives you unlimited PoPs, but you must understand the limitations you impose on yourself if you do that. If you go crazy, that allowlist will be too big for Kubernetes clusters.

The API that pulls the egress IPs allocated to you should be updated by the minute or as often as possible. There's no forewarning of impending changes. That should be built into your CI/CD system so no one needs to update anything manually. It should just flow through. However, you need notifications because it's a slippery slope. If you're adding and changing IPs all the time, who knows what's what anymore.

I did demos of around 16 different products that do something similar, including Zscaler, Netskope, Fortinet, Twingate, and Tailscale. Palo Alto was the only solution that could give us dedicated egress IPs. 

I rate Prisma Access a four out of ten. There are many tools out there that can do the same actions. This is not the best tool to use if you're only looking for an allowlist for production. 

The use case for our clients is that they have branch office locations all over the world. Users can connect over the internet and inspection of their traffic will happen on the Prisma infrastructure. Remote users can also connect to the VPN through Prisma infrastructure, and they can connect their data center with the Prisma infrastructure as well.

It's a cloud solution from Palo Alto Networks. Customers just need to establish an IPSec tunnel from their on-prem device with Palo Alto's closest location, which they have all over the world—100-plus locations.

The benefit of using Prisma Access is that the customer doesn't need to have their own data center. They just need to purchase a Prisma Access license. The customer will save on the labor cost associated with the data center, on the electricity cost, and they will save on the land cost as well. The data center infrastructure is provided by Palo Alto Networks.

Prisma Access is a big change for our customers. Not having to have data centers, and not having to deploy a firewall at each location, makes things simpler.

The solution also enables customers to deliver better applications. It helps them save on costs. It is easy to manage with fewer resources.

It's easy to manage. Our customers do not need to worry about what is happening in the data center. With legacy networks, they have to worry about things like the firewall being down and having to go to the data center to replace it. With Prisma Access, they do not need to worry about that. Palo Alto takes care of it. If something goes down in the infrastructure, the Palo Alto team will take care of it.

Prisma Access protects all app traffic, so that users can gain access to all apps. It is important for our clients that all traffic coming through the firewall is inspected. Prisma inspects all the traffic, and if a customer wants to make an exception for certain traffic, that is also possible.

It also inspects both web-based apps and non web-based apps.

In addition, it's really easy to manage. If customers have Panorama they can use it to manage Prisma Access. There is also a cloud application which provides a single console to manage it. Changes can be made on that console and pushed to the customer's environment, which is another way they make it easy to manage. The customer can opt for Panorama or the cloud management application. The latter is free.

Prisma Access provides traffic analysis, threat prevention, URL filtering, and segmentation, as well as vulnerability protection, DLP, anti-spyware, antivirus, URL filtering, and file blocking. It provides everything. This combination is very important. When a customer wants to block certain URL categories, they can block them. If they want to exclude any entertainment websites from their environment, they can block them. What we implement depends totally on the customer's environment and what they need. We can play with it and modify things.

Another benefit is that if any vulnerability is detected, such as a Zero-day attack, Palo Alto provides an update dynamically. The patch is installed so that the network is not exploited.

The Autonomous Digital Experience Management (ADEM) offered by Palo Alto is a good reporting tool. It gives insights into how things are going within the network. It takes all the data from the users' endpoints and does an analysis, and it suggests changes as well. The ADEM analysis of various tests will give the user feedback such as, "Okay, I'm seeing latency here." We or the customer can then improve on that. If something is blocked that shouldn't be, we can make a change in the policy. It's a good tool to have. It makes the user experience better.

The Cloud Management application has room for improvement. There are a lot of things on the roadmap for that application; things are going to happen soon.

I have been using Palo Alto Networks Prisma Access for around one year, as a consultant. I have deployed the solution for clients all over the world.

The availability of Prisma Access is good. I haven't seen any major issues yet.

It is scalable. We scale the solution based on the customer's requirements, after getting their technical design and discussing how they want to deploy it.

I would rate their customer support at nine out of 10. The one point I have deducted is because it is very hard to get support sometimes. There are times when the customer has to wait a long time in the queue. But once they get an engineer, they get the proper support. The Palo Alto engineers are good. It's just that it's very hard to get the engineer on time, sometimes. I believe this is because the solution has expanded a lot. Users are purchasing it but the support is not keeping pace. They are working on that and the support is going to be increased in the future.

Positive

The deployment is simple.

The time it takes for deployment of Prisma Access depends on how big the environment is. One company may have 120 or 130 branch sites, while another company may have just six or seven. It varies on that number of sites or on the number of data centers they have. If there are only five or six branch office locations, then the deployment can be completed in five or six days.

I'm not involved on the financial side, but I believe the solution is costly.

In the same way a customer manages their on-prem firewalls that are not on Prisma Access, they can manage Prisma Access infrastructure through Panorama. That makes it easy for them. The customer is already familiar with how to manage things with Panorama, so there isn't much that is new. There are little changes but that's it. If a customer is already using Palo Alto, we recommend going with Panorama.

Overall, the security provided by Prisma Access is top-notch. It is the same firewall that Palo Alto provides for a local setup. It's the best firewall, per the industry review ratings.

We use Prisma Compute for container monitoring and Prisma Cloud for cloud monitoring. Compute looks at workload security, and we use it for container security, build security, and assessments. Cloud looks at our AWS account and gives us input on any security issues with our AWS workload.

We now know if there's any vulnerabilities during runtime, which is not something we had before. We didn't used to have visibility into our cloud infrastructure or our container space once the containers were running but we do have that visibility now. We also have visibility into how the different pieces of our solution talk to each other, so we know which services talk to each other, and then we are able to pick up anomalies. For example, when service A is talking to service B and there's no reason why they should be talking to each other. That's been a real help.

The solution is pretty comprehensive across all three tenets of build, run, and software. This has improved our operations because, for example, at build time if there is an inability within dependencies or within the Docker images we're going to use, we are able to stop, build, and remediate at that point. Within our registries where we keep our containers, we are still able to look back and see how vulnerabilities were corrected over time. Sometimes you build images in a repository, so a vulnerability might get discovered on the internet and it's good to know whether you're still safe before you run your images. Also, once you are running, it's helpful to know that you are still running secure environments.

A feature I've found very helpful is run time security because most of the products on the market will look at security during the build time, and they don't really look at what happens once you're going into production. 

It's a perfect solution for protecting the full stack native cloud. There's been a lot of development over time, so it's gotten better during the time we've been using it. 

The solution provides visibility and it's pretty simple to use. The dashboard is very intuitive. The solution makes it easy because we can look at one screen and see vulnerabilities across the infrastructure.

There is room for improvement in the multi-environment visibility, especially around containers. The product easily gets confused if you have, for example, similar Docker images that are running in different environments. It does not have a way of isolating that even though it's the same image, it's running in a different environment. It just consolidates that reporting and makes it difficult to figure out how far your plus range is.

I don't think the solution has a preventative approach. I think most of it is really more fighting. I guess you could use what it finds to predict what might happen in the future, but I haven't seen any features that are preventative.

I've been using this solution for three years now. 

The solution is very stable. I think in the last year we've done around four upgrades and it's never missed a beat, even through those.

The solution scales quite easily. We've thrown a lot at it and it's still standing. Everything that we run goes through Prisma. 

I think the support has a lot to improve on. Sometimes it's very difficult to get context around tickets, especially if they get keep on getting switched around, and then there are many issues. Not issues per se, but there are times when you need help and the person who is running the ticket is not able to service your ticket and then they have to push it on to engineering and that takes forever. I would rate the customer service as a five out of ten. 

Neutral

The initial setup was pretty straightforward. The product has very good documentation that is very easy to follow. Deployment took about a day. Rolling it out took longer, but that was because of internal challenges, not the product itself. 

We handled it all in-house. I actually did the deployment myself, and it went good. We used Terraform for deploying, and ran it in ECS, in our container environment. Our services are all running in AWS ECS, so we used their ECS module to plug our content environments into Prisma, and then we used their standalone agent for the rest of our systems that are not running container services.

We have seen an ROI because now it takes less time to identify vulnerabilities and fix them. When vulnerabilities are detected, the responsible teams are notified immediately, as opposed to having security go around once a week.

The pricing is very friendly and that's the reason why we renewed this solution. It was really just based on pricing, and the licensing is also pretty understandable. It's not confusing to figure out your workload and how much you'd be paying for the solution. 

We chose a mixed infrastructure where we have a bit on-prem and then also a direct cloud version. If you're running it on-prem, you have to meet infrastructure costs for the solution to run on your server in addition to standard licensing costs.

Before we did our last renewal we looked at a couple of other products. We chose to renew because of the pricing and licensing of this solution. 

The crux of why we're using the product is because of the automations. We are very confident that the product will keep us secure at all times. 

We are able to inject Prisma into our build jobs without it really affecting our build times or the developers.

The solution has reduced alerts investigation times by 60-70%.

I would rate this product as a nine out of ten. 

In my first company, we encountered some problems with endpoints because we had colleagues working out of country and we didn't know what happened to their clients. We used Prisma Access for information regarding the client status and the client programs because it can check and control client operations.

In that company, before Prisma Access, we used public access and we encountered many attacks from outside. Our DevOps and software engineers always connected from outside. When I came to that company I changed things, but without Prisma Access but it was very difficult. I had to do IAM per user. But when we integrated Prisma Access we could grant access by integrating the identity storage. I could grant access very quickly and see the behavior of my developers and software engineers. Sometimes they would come with new requests and Prisma Access provided quick policy deployment.

The solution helped us immediately solve the problem with our colleagues' endpoints when we encountered it.

When we integrated with Palo Alto's Cortex application in the cloud, it provided threat analysis and we didn't worry about malware or malicious traffic from Prisma Access. It was analyzing and blocking things after the Prisma Access analysis. When we used traditional VPN applications, there was no threat analysis and we counted on that from the firewall. But with Prisma Access working as a firewall and VPN, the security engineer could see everything in one portal. That meant we could analyze and block things immediately.

For my company, the features and remote accessibility were an improvement over the more traditional VPN applications. With Prisma Access we could grant more security than our public access allowed. We had more tracking of the client side. We could see and calculate their work shift time. We didn't have these features in traditional VPN tools.

We had new vulnerabilities or threats coming up daily. Using a traditional firewall or VPN, updates depended on a schedule, but Prisma Access updated itself by checking the threat database and protected us that way.

The biggest thing I learned from using Prisma Access was that, compared to conventional VPN applications, where we didn't know how users were behaving or when they were connecting, we could see how they were behaving and when they were connected. We could see what they encountered, the problems, before they complained.

The cloud VPN features mean we can connect everywhere and track where all our users are connecting. It's a helpful feature for us. We used to use traditional VPN tools, not cloud-based VPN, but Prisma Access came out with new, innovative features, including client-tracking, which was more valuable for our company. It was very impressive for us. The solution's VPN connection provided a lot of protection and was proactive. It was a better option for us. 

Also, we can split our web application and client internet traffic with Prisma Access so that it is protecting both web applications and our specific, non-web applications. The protection for web-based applications was helpful for my colleagues who didn't want a particular application on their devices. And the non-web access protection was more for our developers because they were writing and building code on their computers. Prisma Access was able to protect them.

Sometimes, we encountered a portal crash. When we told Palo Alto they said it might be the browser or cache, but I think they need to improve it on their side.

I have been using Prisma Access by Palo Alto for four years. I integrated it for my first company and I implemented it for a proof of concept for another company and they love it.

In my current company, we are not using it because this company is working on-prem, but we have a digital transformation plan for next year.

It's reliable.

It provides scalability in terms of the features and they are giving a bonus depending on the number of users. In my previous company we had 2,000 users.

I am always tracking the new technologies and features. I see there are many AI and digital technologies and I believe Prisma Access will use these more effectively. It may integrate with AI technologies and some of the analysis, as well as policies and access, will be done automatically by Prisma Access.

They have a separate technical team for Prisma Access. Normally, Palo Alto has TAC engineers working on their different products, but they have a specific Prisma Access support team in my country. When we called or created tickets they supported us immensely. I expected to hear from them within one hour.

Positive

We used a traditional VPN solution, but nothing like Prisma Access.

The initial setup is very easy. I have deployed it three times and it was integrated within two hours.

One network engineer, one network security engineer, and a system engineer are enough for the deployment and maintenance.

The implementation strategy was designed by Palo Alto engineers. They have good tech support guys who assisted us and explained all steps. They gave us some options and helped us choose the most effective way.

When they configured it from our requirements it worked the first time. Normally things didn't work like that before, but with Prisma Access it was integrated on the first try.

Where I'm working now we have FortiGate but at my old company, we didn't prefer that. When Palo Alto did the presentation at my old company, we understood they were professionals and that their features were more valuable than FortiGate.

You don't need to worry because it will be integrated very quickly when you work with the Prisma Access support team. Be sure to ask many questions to understand the Prisma Access features and you will be able to use it very effectively.