Prisma Access by Palo Alto Networks Reviews

We propose solutions to customers. They face challenges in their existing setups like long troubleshooting durations, fault tolerances, security concerns, and management concerns. They had traditional setups, like Cisco routers, in their locations.

It took a long time to troubleshoot and resolve issues. The cost was a factor because they were using MPLS connections. MPLS is costly compared to the internet leased lines. Considering all these factors, we decided to go with Prisma's cloud solution.

It's a hybrid solution. We have a few sites on cloud and a few branch locations where the solution is deployed on-premises. The cloud provider is Azure.

We have more than 2,000 branches around the world. The solution is deployed across Europe and Asia. Between 7,000 and 9,000 ION boxes have been deployed. 

Before using this solution, the prime complaints were about voice applications, like RingCentral and GoTo. We reported these issues to the Palo Alto TAC teams, and they came up with more stable versions. Whatever we discuss with the Palo Alto engineering team, they come up with the solution very quickly. We had updates on a regular basis, and the client is very happy now because we have solved 95% of those problems. Everything is stable from a security point of view. 

Prisma SaaS helps us identify cloud applications that we were unaware of employees using. The solution helps us identify a lot of cloud apps, but we identified four to five applications that were the most useful.

The solution protects what our clients want it to protect. They haven't reported any threats or data attackers in their systems. We haven't received any complaints from clients about data security.

The time to value is quicker with Prisma SaaS.

This GUI is a good feature. The stacked policies, event policies, and routing policies are easy to understand for someone with general knowledge.

Securing new SaaS applications is really easy. There weren't any security risks. Prisma also has great reporting and alarming functions.

The data security is good. We don't have any complaints from clients. They're very satisfied with the solution.

It's very easy to write down the policies based on Cloud App-ID. The app detection and analytics are great features.

The Cloud App-ID technology has helped us identify and control shadow IT apps. It's a very important and exclusive feature that's available with Palo Alto.

The solution helps us keep pace with SaaS growth in the organization. It's very important to us. Prisma SaaS is integrated and easy to deploy.

The frequency of updates could be reduced. The updates are necessary, but they occur too frequently. The updates require devices to be rebooted, so there's downtime in the production environment. It's difficult to ask for downtime in a critical production environment every time there is an update.

The software versions should be stable for longer durations. For example, six months or a year.

I used this solution in a technical support role for about seven months.

It's stable. About three months ago, we had some issues with stability, but it's been stable since then. The throughput is very high. At the data center location, it's performing really well.

The scalability is one of the best features. It's an elastic solution. We can stretch whatever we need to for our requirements.

I would rate this solution as eight out of ten.

We previously used a different solution. The main reason why we switched to Prisma SaaS was because of its scalability.

Setup was very easy. It's just plug and play. Deployment took between two and three hours. There wasn't a lot of physical technical intervention.

To deploy Prisma SaaS, we had to turn it on in our Palo Alto Prisma Axis.

Deploying Prisma takes a tenth of the time that it takes to deploy traditional CASB solutions in the market.

The complexity of the solution depends on how it's designed. Anyone who has a basic knowledge of networking can understand Prisma and administer it. It was quite difficult to manage, and it has a lot of components involved. Their onboarding process took a long time.

It has drastically reduced the total cost of ownership. Our costs have been reduced by 40%.

I would rate this solution as eight out of ten. 

My advice for those who are looking for a SaaS solution is to use Prisma. It's one of the best solutions in the industry at the moment. It's simpler and really easy to deploy. Palo Alto has its own support team. It's a very trustworthy solution.

To a colleague or another company who says, "We don't want to use Palo Alto Next Generation Firewall or Prisma Access as an enforcement solution, we just want a CASB product to secure our cloud adoption," I would say you're losing the best features of this product.

Prisma Access is a solution for remote and mobile users. Following the pandemic, many employees now work from home, meaning many companies have extended remote locations. We use the product to secure the networks of our remote and mobile users, so they can safely access our company's intranet and network.

Panorama provides centralized management capabilities for all our firewalls and locations so that we can manage different data centers through a single device, a very valuable feature. We don't have to log into various devices to oversee them individually.

The solution's ease of use is excellent; the GUI is fantastic, well-designed, and easy to use, even for non-technical staff. The different tabs are clearly visible and straightforward to understand.  

The platform protects all app traffic; when we enable GlobalProtect on the cloud and user device, it provides a secure, private connection for users to access applications. That's very useful.  

Prisma Access secures not just web-based apps but non-web apps, which is very important to us. We can also secure URLs, API-based solutions, and API browser interfaces. 

The fact that the solution secures web and non-web-based apps reduces the risk of a data breach to an extent. When we make apps accessible only through a private network, the risk is reduced. 

The product provides traffic analysis, threat prevention, URL filtering, and segmentation; these features are essential for troubleshooting. The logs showing the traffic passing through Prisma Access show us what's getting blocked and allowed, while the threat prevention alerts us to any suspicious or malicious items. This gives us insight if there's a data breach and if traffic we want to be blocked is still hitting our devices.   

Overall, the security provided by Prisma Access is excellent; the chances of a data breach are minimal. It's a great product.   

We would like to see improvements in the licensing; currently, Palo Alto provides 500 to 1000 licenses for users, and we want to see 1500 to 2000 licenses for one version.

We have been using the solution for one year. 

Prisma Access is a stable product. 

We can scale the tool well, add devices as soon as our user count grows, and scale in line with our company growth.

Regarding users, we have 30 staff managing Prisma Access, and GlobalProtect is installed on every machine in the company. 

We contacted the Palo Alto support team on many occasions. The one issue is it can take a long time to connect, and they can be challenging to reach when we need immediate help. They're accommodating if we send them a planning notice within 24 hours. Once the ticket gets assigned and we get through to a support staff member, the service is excellent. The only issue is with immediate assistance; it can be difficult to get through to someone.

Positive

We previously used Zscaler and switched for two reasons: firstly, the cost, and secondly, Prisma Access offers additional features in one device. It also has simplified architecture and reduced MPLS lines.

The initial setup was complex, and only our network admin could install it. Once the solution is set up, it's straightforward, but the setup is arduous. We completed the deployment in a day. Our implementation strategy was to determine the number of users and ensure they all had the necessary information regarding the solution and GlobalProtect. Then, we deployed accordingly.

We have a team of 30 responsible for managing and maintaining the solution. 

The solution is definitely worth the money we pay for it. 

Prisma Access is one of the best compared to other products on the market. The cost is favorable, and Palo Alto provides a simple architecture, so I recommend the solution to anyone using a different product. There are no hidden costs besides the license; what you see is what you get. 

I rate the solution nine out of ten. 

It's important to us that Prisma Access provides all its capabilities in a single, cloud-delivered platform. We previously used different firewalls with a Zscaler proxy for particular purposes, but now we don't have to purchase dedicated hardware. Prisma offers most of the features we need in one solution, so it's like getting three or four products in one; we don't have to go for extra tools to secure our apps or get a VPN because it's already provided.  

That Prisma Access provides millions of security updates daily is significant for us; there are new challenges and threats every day. Palo Alto Networks must keep its security up to date to protect against new and developing threats, as this security is essential to our operation. 

We don't use the solution's Autonomous Digital Experience Management (ADEM) features, and it doesn't allow us to deliver better applications; instead, it makes our applications more secure.

The biggest lesson I've learned from using Prisma Access is how easy management becomes; we don't have to log into multiple devices, and everything is accessible from one GUI.

The product comes with a helpful guide, and I recommend reading that before using Prisma Access. It's pretty simple.

Our primary use case of Prisma Access is to provide secure Internet access for users regardless of their location. 

It is also used for secure access to internal applications and secure SaaS applications, ensuring the same level of security whether users are working from home, the office, or any other location.

Prisma Access has allowed us to reduce the number of agents from multiple to just one single agent. It integrates several components, such as IPS, DLP, remote VPN, and SWG, into a single console, which has helped reduce costs and improve the return on investment.

The most valuable feature of Prisma Access is its ability to provide enterprise-class security for both Internet and internal application access. Unlike other OEMs that can only secure Internet access, Prisma Access can secure both internal and Internet-based application access.

The Prisma Access could improve in terms of adding more machine learning and AI capabilities to automate tasks such as incident response. This would enhance the overall security posture by enabling better and faster management of security threats.

I have been working with Prisma Access for the last five-plus years.

In terms of scalability, Prisma Access has adapted well to our organization's growth needs. Most customers are either planning to move to SASE solutions or have already moved, making Prisma Access an excellent choice for scalability.

I would rate their technical support a nine out of ten.

Positive

Before using Prisma Access, we used multiple products for remote VPN, SWG from vendors like McAfee and Forcepoint Proxy, and other VPN clients from vendors like Pulse Secure VPN, Fortinet, and Palo Alto. We switched to Prisma Access for its integrated approach.

Prisma Access has significantly improved our ROI by combining multiple technologies into one single solution. It reduces the need for multiple agents and products, which brings down the overall cost for our customers.

The licensing cost of Prisma Access is calculated per unique user, with each user being able to connect up to eight devices. If a user is no longer active after thirty days, that license becomes free. There is flexibility in terms of exceeding the license count, as it operates on a trust-based license model.

Prisma Access is best suited for enterprise and mid-level customers. It may not be the best fit for the SMB market due to higher pricing. I'd rate the solution nine out of ten.

I use Prisma Access by Palo Alto Networks in our company for remote access, especially to help new users connect to corporate resources from over a distance, in other countries, or while they are not in the office.

I have seen some benefits from using the solution in our company since it offers mobility. My company has users around the world who connect to the resources remotely without any issues because of Prisma Access by Palo Alto Networks.

The most valuable features of the solution stem from the fact that it offers stability and scalability while being a very secure product.

Certain complications are related to the VPN part of the product, which can lead to a very deep and technical discussion. From an improvement perspective, I want the product to be integrated with SASE products.

Palo Alto Networks GlobalProtect or VPN in general with a cloud-based service would be a great improvement.

The product should be made more capable of offering more integration with the recent technologies introduced in the market. The product's integration capabilities with the already existing products in the market are good.

The product's current price is an area of shortcoming where improvements are required.

I have been using Prisma Access by Palo Alto Networks for four years. As it is a security product, our company keeps it updated to the latest version.

It is a 100 percent stable solution. Stability-wise, I rate the solution a ten out of ten.

It is a very scalable solution.

Around 800 people in my organization use Prisma Access by Palo Alto Networks. The solution can be scaled up to fit around 3,000 users at a time.

Prisma Access by Palo Alto Networks is used extensively twenty-four hours a day and seven days a week in my organization since we operate in different time zones.

The support offered by Palo Alto Networks is amazing. Whenever my company opens a ticket with the support team of Palo Alto Networks, we get amazing support. The support team of Palo Alto Networks is fast, customer-friendly, and knowledgeable.

I have experience with Cisco and Fortinet. I have experience with Cisco AnyConnect Secure Mobility Client. The last time we used Cisco AnyConnect Secure Mobility Client in our company was three years ago, after which it was phased out from the set of standard solutions we use. Based on my experience with Fortinet and FortiClient, I can say that the support is not at the same level as the one offered by Palo Alto Networks. Fortinet's technical support team is not as strong as the technical team of Palo Alto Networks. Only the prices of Fortinet and FortiClient were good compared to Palo Alto Networks.

The product's initial setup phase was very straightforward.

The deployment process involves identifying the user profiling and figuring out what exactly its users need, meaning there are some prerequisites involved in the deployment's preparation phase, and it is the most important process critical for the product's success.

The solution is deployed on an on-premises model.

The solution can be deployed in two days.

The deployment can be carried out with the help of our company's in-house team.

Prisma Access by Palo Alto Networks is an expensive solution, especially when compared to other solutions like Cisco. There are no additional charges apart from the standard licensing costs attached to the solution.

Those who plan to use the solution should ensure very good user profiling is carried out, after which they should link the product with the corporate security policy. Prisma Access by Palo Alto Networks is a very flexible solution, and you need to know exactly what you want out of the solution, which should align with the policies in your company as it is an area that differs from one corporate entity to another.

Considering the cost of the solution, I rate the overall tool a nine out of ten.

I'm a cloud security architect, but I joined this project because one of my teammates left. My manager asked me to join because I have prior experience with Cisco Systems and Dell security. 

Our client has 40 sites, and they used other products called Peruit and PescUmbrella. My colleague was helping them remove the products from their laptops and replace them with Cortex XDR and Prisma Access. 

Prisma Access is a better product than our client's previous solution, and it helps organizations work differently. It saves time, but I'm not sure about money. I had never considered that aspect because I'm not involved in the financial side. The solution helps us to operate efficiently. Everything we want to do is in there, including DNS, web, and URL security.

Endpoint Protection is something I use on my corporate laptop, and it's doing a wonderful job. I don't experience latency. Prisma has a massive number of secure gateways compared to any other product. All these gateways reduce latency and provide better bandwidth because they use cloud platforms. The scalability and efficiency are excellent so far. 

Prisma integrates well with Cortex XDR and Cortex Data Lake. My company has been also using Prisma Access in-house for nearly a year, and it integrates seamlessly. 

Another aspect I like about Prisma is its usability and control. You can do many functions from a single dashboard. It has more features than Zscaler. The look and feel are better. Prisma is a one-stop shop that does many tasks, like logging and monitoring. 

Having a cloud-based platform is essential because we're pushing all our customers to the cloud. Most of our customers will be using Prisma in the future. Prisma Access provides traffic analysis, threat prevention, URL filtering, and web filtering, which are critical features that our customers request. You don't need a separate administrator for each task. One admin with a little training can handle all of them on Prisma Access. The rest depends on how much you can play with the product.

The documentation is generally good, but they could provide a more detailed description of all the configuration steps. I have to search for information or call support. Palo Alto could add more knowledge base articles about configuration with screenshots and walkthroughs. That would be helpful. When configuring a product, you want to see examples of how it is done. 

I am using Prisma Access for two projects. I haven't been using it for more than six months. 

I haven't worked with Prisma for long, but my impression of the stability so far is good. 

Prisma Access is most suitable for large enterprises because it also includes posture management. It's comparable to Microsoft ESPM. Microsoft makes many of the tools I use as a cloud architect, so I see everything from that perspective.

I don't think smaller companies will have any issues with Prisma. My company has five offices in India and users in 55 countries. Prisma is excellent in terms of scalability, usability, readiness, and user experience. It also runs on older operating systems and new ones too. The laptop I initially got from the company was pretty old. It's a gen-three. I got a newer laptop, and it works on either. 

I rate Prisma Access support a nine out of ten. Their support is helpful. They have a large team of product managers, so they're always available to talk. The response times are excellent. 

I'm impressed. Their technical teams are knowledgeable about the product, and they have global support. You can get support around the clock no matter which time zone you are in. One of my clients is in the US, and the other is in India. Both can access support without a problem.

Positive

I worked with Cisco Fire and AnyConnect, which combines security and VPN. AnyConnect is a popular Cisco product clients use remotely to connect their machines to their offices. That was the first product. Cisco acquired Sourcefire and rebranded it to Fire, which is again a client-based solution.

The deployment is straightforward, and it's done via Prisma's console. I didn't find it to be tricky or have any difficulty finding what I needed. Everything is clearly labeled and intuitive. The more you play with that, the more comfortable you get.

It only takes a minute or two if you have everything configured and you simply need to push the config file. That also depends on how much configuration you push at once. A small configuration takes less than 30 seconds. A larger configuration like we've done in the past few days might take a minute or more. 

I rate Prisma Acess a nine out of ten. It's better than any other product in the market.

We use Prisma Access, not only for our remote users, in a distributed workforce, but for our offices as well. Right now, because of COVID, there is a very limited footprint on the office side of it. But we would like to cover our offices so that when people are working in them and trying to access resources, whether those resources are hosted on public cloud, private cloud, in data centers, or on-prem, Prisma Access is involved.

Prisma Access is completely hosted on Google Cloud Platform. Palo Alto Panorama, which is the centralized management tool, is also hosted on a public cloud environment. So the entire solution lies in the cloud.

The fact that Prisma Access provides millions of security updates per day is really important because it takes care of the equivalent of preparing patches and pushing them to your environment, without the headaches of managing and maintaining those processes for your infrastructure. If you get security intelligence from different verticals and different alliances, or through some sort of open API integration where vulnerabilities arise at different times, it's going to be difficult to keep up. Subscribing to this service and having it take care of that is really phenomenal.

And the best part is that you know that you are part of a bigger ecosystem where this learning about security issues is happening, and things are made available to you on a scheduled basis every day. It automatically strengthens your security posture. We are quite happy with this feature and feel very confident that the Palo Alto security stack takes care of all of these things automatically. That is one of the salient features and was one of our evaluation parameters for choosing a solution.

Another benefit is that before, if we had to set up a restricted environment for a given project, the lead time was about a day to get everything functioning correctly and to get the go-ahead from the security team. Now, setting up these environments can literally happen in less than five minutes. It is already segmented. All you need to do is ensure the people who are part of the project are included in a single access-control list, which these days is based on GCP Identity-Aware. Based on that, it provides the right privileges required to access certain things. That is the building block of any SasS solution with zero cross-network access. And it is very easy now.

The Prisma Access remote side is pretty good with respect to the footprint that it covers. Because it is built on the Google platform, using the Google Premium Tier network, it is almost everywhere geographically. From wherever we initiate a connection, it connects with the nearest point of presence, which minimizes the latency. And we can access applications wherever they are hosted.

It protects all app traffic so that users can gain access to all apps. Unlike other solutions that only work from ports 80 and 443, which are predominantly for web traffic, Prisma Access covers all protocols and works on all traffic patterns. It is not only confined to web traffic. This is important because security is something that should always be baked in, rather than being an afterthought. The most sophisticated attacks can arise from sources that are not behind 80/443. They could come through bit-torrent traffic, which uses a non-standard port, altogether. We want to cover off those possibilities. We were very sure, from the start of our deployment when conducting PoCs, that the solution we picked should have coverage for all ports and protocols.

The fact that it secures not just web-based apps, but non-web apps as well, is important because the threat landscape is quite big. It not only includes public-facing applications that are accessible via web protocols, but it also includes many attacks that are being generated through non-standard protocols, like DNS tunneling and newly-registered domain control names. There are also a lot of critical applications being accessed on a point-to-point basis, and they might be vulnerable if those ports and protocols are not being inspected. You need to have the right security controls so that your data remains protected all the time.

In terms of the solution's ease-of-use, once you understand the way the various components stitch together, and once the effort of the initial configuration, setup, and rollout are done and you have set up the policies correctly, you're just monitoring certain things and you do not have to touch a lot of components. That makes it easy to manage a distributed workforce like ours in which there are 10,000-plus users. With all those users, we only have a handful of people, five to seven individuals, who are able to gracefully manage it, because the platform is easy to use. It does take considerable effort to get up to speed in configuring things during the initial deployment, but thereafter it is just a case of monitoring and it's very easy to manage.

In addition, whether traffic is destined for a public cloud environment, or for a private data center, or you are accessing east-west traffic, you can apply the same security policies and posture, and maintain the same sort of segmentation. Prisma Cloud offers threat prevention, URL filtering, and DNS protection, and east-west traffic segmentation. These features are the foundation of any security stack. There are two primary purposes for this kind of solution, in the big picture. One of them is handling the performance piece, providing ease of access for end-users, and the second is that it should handle security. All of these components are foundational to the security piece, not only to protect against insider threats but to protect things from the outside as well.

Prisma Access offers security on all ports and protocols. It covers the stack pretty well, leaving no stones unturned. The same unified protection is applied, irrespective of where you access things from or what you access. That also makes it a very compelling solution.

There are definitely a number of things that could be improved. 

One of them is geographic coverage. China is still an issue because the solution does not operate there properly due to government regulations. I believe Palo Alto is trying pretty hard to get into partnerships with Alibaba and other cloud providers, but they do not have the same compelling offering in China that they have in the rest of the world. Businesses that are operating within China have to be very sure to evaluate the solution before making a buying decision. It is not an issue with Palo Alto, rather it is predominantly the result of government rules, but it's something that Palo Alto needs to work on.

There is also room for improvement when it comes to latency in a couple of regions, including India and South America. They might have to increase their presence in those locations and come up with more modern cloud architectures.

The third area is that, while Palo Alto has understood the essence of building capabilities around cloud technology and have come up with a CASB offering, that is a very new product. There are other companies that have better offerings for understanding cloud applications and have more graceful controls. That's something that Palo Alto needs to work on.

I've been using Prisma Access by Palo Alto for two to three years. We started deploying Palo Alto gear back in 2015 and, along the way we have looked into multiple tools from them and invested them.

On a scale of one to 10, I would give the stability a seven. There are a couple of reasons for that score. One is that when we make certain changes to configs, it takes about 14 to 15 minutes to populate. And there have been scenarios where it has taken about 45 minutes for the config changes to happen. When you sell a product by saying that it's cloud-native and that users can make all configuration changes on-the-fly, when those changes are made they should happen within a minute. They should not take that much time.

It might be that Palo Alto is still using a certain type of infrastructure in the backend that is causing these delays. If they pile on the cloud technologies, and work towards a more microservices-based architecture, I'm hopeful that they can bring this delay down to less than a minute.

Going from one user to 10,000 or 15,000 users, we haven't faced a lot of problems. However, for companies that are considering investing in this solution, if they have more than 50,000 end-users, a config change could take 10 to 15 minutes. In an environment where 50,000 people are expecting certain things to work, those things might not work for them. Such companies have to look at the solution very thoroughly in terms of the cloud piece, the integration piece. But from one to 15,000 or 20,000 end-users, it is flawless. We don't tend to see a lot of issues. But beyond, say, 25,000, I would suggest doing a deeper analysis before purchasing the product, because there are some glitches.

Initially, Palo Alto technical support was okay around sales discussions and getting up to speed on doing a PoC. But one once we deployed and then raised queries, those lead times increased quite a bit. Unless you take their premium support, where there is an SLA associated with every issue that you raise, it becomes very difficult to get hold of engineers to work on a Prisma Access case. If you just take some sort of partner support, you cannot expect the same level of support on your day-to-day issues that you would get with premium support.

Fundamentally, when a company sells a product, whether you are taking the premium support or some other level of support, the support metrics should be more or less the same, because you are trying to address problems that people are facing. Their response should be more prompt. And if they can't join a call, they should at least be prompt in replying via email or chat or some other medium, so that the customer feels more comfortable about the product and the support. If it takes time to resolve certain problems, post business hours, it can be very difficult for people to justify why they have deployed this product.

Neutral

COVID was a surprise for us, just like for everyone else in the world. We had a solution from Palo Alto, but it was not a scalable one. We configured things in a more manual way because our requirements were not that high in terms of remote use cases. Post-COVID, the situation has completely changed for us and we have to think about a hybrid situation where we can still gracefully allow access to end-users in a more secure fashion. That led us to evaluate this solution from Palo Alto.

The initial setup is not so straightforward. There is a learning curve involved because you need to understand which component fits where, with all of these modern, edge infrastructure secure-access services. You need to do capacity planning well, as well as a budgetary plan. You need to know the right elements for your business. Once you set that up, it is very simple to manage.

It took us about two to three months to deploy because we have a lot of geographical constraints. Different regions have different requirements. Accounting for all of those needs is why it took us that amount of time to set everything up.

We have to do an apples-to-apples comparison. If you had a very small set of people who had to create a dedicated setup like Prisma Access, and manage the infrastructure piece and the upgrading piece and the security piece, it would be a nightmare. Prisma Access offers that ease and flexibility so that even a handful of people, with the right knowledge, are still able to manage the configuration piece of it, because the infrastructure and other things are handled by Prisma Access. If you had to build that whole thing versus buying it, obviously Prisma offers a good ROI.

It all depends on your requirements. If your requirements enable you to do those things on a much smaller scale, then you need to be very cautious about which components of Prisma you actually pick for your use case. If you get all the components, you might not be getting the right ROI.

For our use case, we feel we are getting a return on investment, but it could be better.

The most pricey solution is Zscaler, followed by Prisma Access, and then Netskope.

The initial prices of Prisma Access were okay. But as soon as you start deploying Palo Alto gear, the support prices and the recurring prices, which are the major operational costs, tend to increase over time. For example, if you go ahead with a one-year subscription, just for testing purposes to see how the whole solution works, and you plan to renew for the next two or three years, you tend to see that the solution gets really costly.

We understand that when you purchase a hardware component, the cost goes up because you have a physical asset that depreciates over time. But when you are getting a subscription-based service, the cost should tend to be reduced over time. With Prisma Access, the cost is increasing and that is something beyond any kind of logic. This is something that Palo Alto needs to work on if they want to be competitive in the market.

We evaluated other options like Zscaler and Netskope. Prisma Access has more coverage for ports and protocols. It doesn't only inspect web protocols but all ports and protocols, and that's an advantage. Other solutions are still relying on web protocols.

The positive side of these other solutions, because they came along a little later, is that they have understood the demerits of a solution like Prisma Access. They are using more cloud-native components and microservices architectures. That makes these solutions faster. As I said, some config changes in Prisma Access take 14 to 15 minutes, but these other solutions literally take a minute to make the same config changes happen.

It's a constant race.

Put your business requirements up against the solution to see how it pans out. Look at the stability of the product, and at how much time it takes to make configurations and apply them in practice. And if you have a distributed workforce, like us, try to run this solution in southern countries where there is a latency issue or known issues with ISPs. You may not get the same set results that you tend to get in northern countries around the world.

We don't have a subscription to Prisma Access' Autonomous Digital Experience Management features, but we have done some testing of it. It's pretty good because it can help ease the work of an office helpdesk person who constantly gets tickets but has no visibility for monitoring things. With everybody conducting their work from home, it gets very difficult to know the setup of the internal environment and how people are accessing things and where the bottlenecks are. The ADEM tools are going to help immensely in that regard, because without having knowledge of the underlying infrastructure at every individual's home location, you can still identify whether a problem is specific to their home office or to the application the user is accessing or to the network that is causing the problem. That information is absolutely at your fingertips. Analyzing those types of things becomes really easy. 

ADEM will also help with the efficacy of troubleshooting and providing support to end-users. If there are certain applications that are critical to an organization, you could easily define a metric to see, out of all the people who are accessing those applications every day, how many of them are facing a problem. And if they're facing a problem, what the parameters of the problem are. Avoiding the problem could turn out to be something that people need to be educated about, or maybe there is something we can proactively tell users so that they can take precautionary measures to get a better experience. It is certainly going to help in enhancing the end-user experience.

Palo Alto's building blocks clearly illustrate an app-based model. It analyzes things based on an application so that we know what the controls are within an application. For example, if you want to block Facebook's chat but continue to allow basic Facebook to be browsed, that kind of understanding of the application would allow you to do so. That is way more graceful than completely blocking the end-user. It's not something that is specific to Palo Alto Prisma Access but it is a core component of Palo Alto.

We need global connectivity because we are a software company, and we have a lot of contractors around the globe. We are using Prisma Access for them to be able to connect from anywhere and have access to our data center, which is on-premises. It is not in the cloud.

We are using its latest version. It is always up to date. 

It provides zero trust security and access to our resources. It brings security and provides access. The security provided by Prisma Access is very good. I would rate it a nine out of ten in terms of security.

Prisma Access provides all its capabilities in a single, cloud-delivered platform, which is very good. Before choosing Prisma Access, we did extensive research. A single console was very important for us. If we had gone for Cisco, we would have had to combine three different products of Cisco, and we would have had three different consoles to manage, which is not what we wanted.

Prisma Access provides traffic analysis, which is very important for us because we want to know what is happening with the traffic, who is connected, how they are connected, and what is happening with the endpoint during this connection. We are working with the current information, and it is very important. For threat prevention, we are going to implement Palo Alto WildFire.

Prisma Access provides millions of security updates per day. It is very important because if we have zero-day or any other type of breach, it would not be good. There should be regular updates.

Prisma Access' ADEM was another feature that made us go for Prisma Access as compared to the other vendors. It provides real and synthetic traffic analysis, but it also depends on how you tune up ADEM. You need to make rules in order to maintain certain services. If you are doing it right, it will be able to show you where the weak point to the connection is. ADEM does not affect the digital experience for end-users. They do not even know that it is there.

Prisma Access does not enable us to deliver better applications, but it has had an impact. It is stopping some applications that our people are using.

It is easy. There are service connections that they are using for connecting from the cloud to your data center. It is simple. 

There is a system for monitoring the traffic. You can monitor the traffic of the connected people and point out any issues on the connection part. 

The user interface could be better. They need to work a little bit on the console. It is similar to their firewalls but not exactly. They need to clean it up a bit.

Prisma Access' ADEM is good when it comes to segment-wise insights across the entire service delivery path. The only minus is that it is not supporting Linux. It is only for Windows and macOS.

We are not able to manage firewalls from the cloud. They have promised to make this feature available in the future where we will be able to manage firewalls from the cloud. Currently, we can only use Panorama to manage firewalls.

I have been using this solution for two months.

It is very stable. I would rate it a ten out of ten in terms of stability.

It is very scalable. We have 200 users. I would rate it a ten out of ten in terms of scalability. 

We use it very often. It has been okay so far.

We take the help of the integrator who is helping us. We still have questions regarding the product. They have provided a service engineer, and we work with him. We are able to call him directly for any help.

Positive

We did not use any other solution previously. 

It is straightforward because all the work is done by Palo Alto. They provide help for the initial setup to go without any issues or with minimum problems. They power up the machines, and they give us console access from there.

After Prisma Access was set up, it took us about a week to tune everything and connect our data centers to Prisma Access, etc.

We had two engineers for its setup. It does require maintenance. I am the only person handling the maintenance. It is not difficult to maintain.

We use an integrator. 

It is too early for that. We need a little bit more time to see the ROI.

It is not cheap. It is expensive. The good thing is that you are able to pay for what you need, but overall, it is not cheap. The pricing is not based on packages. You pay based on the features. If you want DLP, you only pay for DLP. They are very flexible. It is not cheap, but the licensing is flexible. There are no additional costs in addition to the standard licensing fees.

I would advise starting with the lowest package or minimum services, and then you can upgrade based on your needs. The full package is not cheap, and you might not need all the features.

Their cloud access router could be a little bit cheaper.

We evaluated Cato Networks, Cisco Umbrella, and Zscaler. We also had presentations from Perimeter 81 and CloudFlare.

We went for Prisma Access because it is able to integrate with their firewalls. They have very good connectivity. Palo Alto is a leader in the next-generation firewall, which means their security is good. 

Prisma Access has a lot of features, but we have been using it for only two months. We have not fully used it yet. We have not used the whole functionality.

The good thing is that they are providing a proof of concept. You can do a proof of concept and see if it is suitable for you. If you are already using Palo Alto firewalls, it will be better for you. It will be much easier for you to use Prisma Access.

If you are familiar with Palo Alto in general, it is easy to use because it is very similar to their operating system of firewalls. If you have previous experience with Palo Alto, it is much easier. Otherwise, it will take a little bit of time, but it is easy. The only thing that can be a bit complicated is the service connection. In Prisma Access, you have two types of connections: service connection and network connection. They do almost the same thing. They can create confusion if you are not familiar with them.

Prisma Access can secure not just web-based apps but non-web apps as well, but we are not using this feature currently. 

Overall, I would rate Prisma Access an eight out of ten. That is because we cannot manage firewalls from the cloud.

We use Prisma Access to build an allowlist that we put into Socks App, so we can gate access to what we want based on whether someone is allowed onto the VPN. Prisma is a SaaS product. We have the cloud-managed version that we use to access a mixture of on-prem, public cloud, and SaaS tools. 

We aren't using it extensively. There are only around six rules. I've had five hundred or a thousand rules in previous companies that used Palo Alto Networks. We have six, so we're not using the solution extensively. We're looking at various products for DNS filtering and security, so we will potentially get rid of Prisma Access in the future. It's a heavy-handed way of doing what we're trying to do.

Prisma helped us build a moat around our production systems. It's now impossible to log into our production from a non-MDM laptop. Prisma Access provides decent security overall.

Prisma Access protects all app traffic so users can access all our apps, which is crucial because we want this to be as transparent as possible. The ability to secure web-based and other apps is also critical. We use this as a gateway into production or specific systems. That might be over 443, HTTPS, DB, or any other protocol.

Prisma Access offers features in one cloud-delivered platform, which is pretty important. Anything we can do to reduce the complexity of this is good. It will get messed up at some point if there are too many moving parts.

The traffic analysis, threat prevention, and URL filtering features are pretty critical. Prisma Access is our frontline defense for our production environments. On top of that, it protects the engineering staff's endpoints, so it needs to provide essential URL scanning and WildFire AV detection.

I've had a ton of issues with Prisma Access. The UI is horrible and not intuitive. For example, error handling when applying configuration changes is atrocious. The UI itself is buggy and lags. The sales staff tried to be helpful, but they sold us the wrong license SKU, which broke our environment, and it took two months for them to fix it. Two months is an eternity for something as critical as this.

It applies commits to the firewalls slowly. There isn't an API you can use for anything. We've previously had trouble with the egress IP addresses though we expressed to engineering that those mustn't change. They changed several times without warning, causing a lot of headaches.

I have used Prisma Access for a year and a half. 

Prisma hasn't broken yet. There have been a lot of outages, but luckily only a handful have affected us.

Prisma is somewhat scalable. We want to use this as an allowlist for our external applications. However, other external tools don't allow you to add an arbitrary number of IPs. If we were going to put in the complete list of active and reserved IPs that we get from our seven points of presence, then that's roughly 41 IPs. That goes over the max of 40 that GKE and GCT use. We can't use it to gate Kubernetes pods because there are too many IPs.

We can't seem to remove them once they're added. I've opened several support cases, and we still have half. Half of this list is all reserved and unusable points of presence because they aren't assigned to anything. It is a bit cumbersome and not as agile or straightforward as I was led to believe.

I rate Palo Alto's support a four out of ten. When I put in a ticket for a problem, they will send me a link to documentation that is either for the wrong product or something that doesn't apply to me. I usually get on a Zoom call with an engineer, show them the problem, and wait a week or two before I get a solution.

Neutral

Setting up Prisma Access was relatively straightforward for our use case. We deployed some firewalls in our system and used the IP addresses we got from those to inform and allow this. So it was very straightforward to get it to work, but tweaking it over time has been cumbersome.

I was the only person from our company working on the deployment. I designed and implemented the architecture, then deployed the tool to the endpoints internally. I'm responsible for educating the users and troubleshooting problems they find. I do things like telling a guy, "No, there isn't a problem with the VPN. You shouldn't use the web version of Spotify because only crazy people do that."

We used CDW and Palo Alto professional services. It was fine. It wasn't the best engagement, but it wasn't the worst.

It's hard to say if we've seen an ROI. I imagine we have. We haven't been breached, so that's something.

There's no reason not to buy the enterprise version that gives you unlimited PoPs, but you must understand the limitations you impose on yourself if you do that. If you go crazy, that allowlist will be too big for Kubernetes clusters.

The API that pulls the egress IPs allocated to you should be updated by the minute or as often as possible. There's no forewarning of impending changes. That should be built into your CI/CD system so no one needs to update anything manually. It should just flow through. However, you need notifications because it's a slippery slope. If you're adding and changing IPs all the time, who knows what's what anymore.

I did demos of around 16 different products that do something similar, including Zscaler, Netskope, Fortinet, Twingate, and Tailscale. Palo Alto was the only solution that could give us dedicated egress IPs. 

I rate Prisma Access a four out of ten. There are many tools out there that can do the same actions. This is not the best tool to use if you're only looking for an allowlist for production.