Prisma Access by Palo Alto Networks Reviews

Our primary use case of Prisma Access is to provide secure Internet access for users regardless of their location. 

It is also used for secure access to internal applications and secure SaaS applications, ensuring the same level of security whether users are working from home, the office, or any other location.

Prisma Access has allowed us to reduce the number of agents from multiple to just one single agent. It integrates several components, such as IPS, DLP, remote VPN, and SWG, into a single console, which has helped reduce costs and improve the return on investment.

The most valuable feature of Prisma Access is its ability to provide enterprise-class security for both Internet and internal application access. Unlike other OEMs that can only secure Internet access, Prisma Access can secure both internal and Internet-based application access.

The Prisma Access could improve in terms of adding more machine learning and AI capabilities to automate tasks such as incident response. This would enhance the overall security posture by enabling better and faster management of security threats.

I have been working with Prisma Access for the last five-plus years.

In terms of scalability, Prisma Access has adapted well to our organization's growth needs. Most customers are either planning to move to SASE solutions or have already moved, making Prisma Access an excellent choice for scalability.

I would rate their technical support a nine out of ten.

Positive

Before using Prisma Access, we used multiple products for remote VPN, SWG from vendors like McAfee and Forcepoint Proxy, and other VPN clients from vendors like Pulse Secure VPN, Fortinet, and Palo Alto. We switched to Prisma Access for its integrated approach.

Prisma Access has significantly improved our ROI by combining multiple technologies into one single solution. It reduces the need for multiple agents and products, which brings down the overall cost for our customers.

The licensing cost of Prisma Access is calculated per unique user, with each user being able to connect up to eight devices. If a user is no longer active after thirty days, that license becomes free. There is flexibility in terms of exceeding the license count, as it operates on a trust-based license model.

Prisma Access is best suited for enterprise and mid-level customers. It may not be the best fit for the SMB market due to higher pricing. I'd rate the solution nine out of ten.

I use the solution in my company to work with the remote access VPN. With the tool, users connect their office network and data center networks with the infrastructure from outside places, like home and other sites, so our company can use the remote access of the tool.

The most valuable features of the solution are in the areas of the secure remote access it provides while also being user-friendly.

From any improvement perspective, the product's compatibility issues with Linux need to be resolved.

The response from the support team needs to be made faster.

I have been using Prisma Access by Palo Alto Networks for three years. In my previous organization, I used the solution for two years.

The stability of the product is good. Stability-wise, I rate the solution a nine out of ten.

The scalability features of the product are available in a package. GlobalProtect will serve even if you purchase a device with a capacity of two hundred users. You can't increase the capacity above two hundred users. Basically, with the device capabilities, you can include 200 users in GlobalProtect, so it all depends on your hardware model.

In my previous company, there were around 150 users of the tool with Linux. I feel that there were almost 200 users of the product.

The technical support for the solution is good, but it is not like Cisco's support services. Sometimes, there is a delay in response from the support team's end, but during emergency cases, it is okay.

The product's initial setup phase is neither straightforward nor complex, making it a process that lies in the middle. I will say that it is very easy to deploy.

The tool's configuration can be done in one day. In my previous organization, my colleague and I were the two people who deployed the product, tested it, and found the results, and then we delivered it to our clients.

As per my previous experience, after I gave the solution to the company's customer, I took care of one custom configuration for a particular purpose. I read the tool's documentation to see how to configure it and how to set up GlobalProtect on the client machines, after which I made a documentation explaining the way to deploy it and install GlobalProtect.

For deployment and maintenance purposes, one or two people are enough.

In terms of the ROI, the tool is secure for official data. If someone wants security, GlobalProtect SSL VPN is something that I would recommend. With the tool, it is not possible to count how much revenue it helped generate since it basically protects your data from home to your office network and communicates with lots of data. The tool is secure. From a security perspective, GlobalProtect is good.

In comparison with GlobalProtect, there could be FortiClient. If some users cannot afford Palo Alto Networks, then they can choose FortiClient.

My company didn't receive any support from Palo Alto to connect securely to our organization's branch offices. The tool is very easy to deploy. Another co-engineer and I in my company completed the deployment task for the solution. The deployment is not very difficult, especially if you have Palo Alto's Next-Generation Firewalls since with it, you can really get the VPN connection for Windows and other operating systems, but my company had faced some challenges with Linux, so we had to purchase another license only for it. For Windows and Mac devices, the tool is free. If I purchase Palo Alto's Next-Generation Firewalls, it is free for Windows and Mac, but a license is required to use Prisma Access on Linux.

I haven't used the cloud-based nature of Palo Alto Networks to simplify our company's network security management. I have only used the on-premises version in our company's infrastructure for GlobalProtect. I don't have any idea about the cloud Security in the product.

The performance and reliability of the product are good.

For the integration process, you first have to configure the firewall with the default management port IP, or alternatively, users can configure it through the console, which includes the CLI mode and GUI mode. Okay. After logging into the firewall from the CLI or GUI, you can configure GlobalProtect by taking into consideration the outside and inside zones, which we want to give access to via the tool. I am experienced with the tool's GUI mode. I configured it through the GUI mode. The first thing you have to learn about Palo Alto GUI mode is how to configure GlobalProtect.

In general, I rate the tool an eight and a half to nine out of ten.

I use Prisma Access by Palo Alto Networks in our company for remote access, especially to help new users connect to corporate resources from over a distance, in other countries, or while they are not in the office.

I have seen some benefits from using the solution in our company since it offers mobility. My company has users around the world who connect to the resources remotely without any issues because of Prisma Access by Palo Alto Networks.

The most valuable features of the solution stem from the fact that it offers stability and scalability while being a very secure product.

Certain complications are related to the VPN part of the product, which can lead to a very deep and technical discussion. From an improvement perspective, I want the product to be integrated with SASE products.

Palo Alto Networks GlobalProtect or VPN in general with a cloud-based service would be a great improvement.

The product should be made more capable of offering more integration with the recent technologies introduced in the market. The product's integration capabilities with the already existing products in the market are good.

The product's current price is an area of shortcoming where improvements are required.

I have been using Prisma Access by Palo Alto Networks for four years. As it is a security product, our company keeps it updated to the latest version.

It is a 100 percent stable solution. Stability-wise, I rate the solution a ten out of ten.

It is a very scalable solution.

Around 800 people in my organization use Prisma Access by Palo Alto Networks. The solution can be scaled up to fit around 3,000 users at a time.

Prisma Access by Palo Alto Networks is used extensively twenty-four hours a day and seven days a week in my organization since we operate in different time zones.

The support offered by Palo Alto Networks is amazing. Whenever my company opens a ticket with the support team of Palo Alto Networks, we get amazing support. The support team of Palo Alto Networks is fast, customer-friendly, and knowledgeable.

I have experience with Cisco and Fortinet. I have experience with Cisco AnyConnect Secure Mobility Client. The last time we used Cisco AnyConnect Secure Mobility Client in our company was three years ago, after which it was phased out from the set of standard solutions we use. Based on my experience with Fortinet and FortiClient, I can say that the support is not at the same level as the one offered by Palo Alto Networks. Fortinet's technical support team is not as strong as the technical team of Palo Alto Networks. Only the prices of Fortinet and FortiClient were good compared to Palo Alto Networks.

The product's initial setup phase was very straightforward.

The deployment process involves identifying the user profiling and figuring out what exactly its users need, meaning there are some prerequisites involved in the deployment's preparation phase, and it is the most important process critical for the product's success.

The solution is deployed on an on-premises model.

The solution can be deployed in two days.

The deployment can be carried out with the help of our company's in-house team.

Prisma Access by Palo Alto Networks is an expensive solution, especially when compared to other solutions like Cisco. There are no additional charges apart from the standard licensing costs attached to the solution.

Those who plan to use the solution should ensure very good user profiling is carried out, after which they should link the product with the corporate security policy. Prisma Access by Palo Alto Networks is a very flexible solution, and you need to know exactly what you want out of the solution, which should align with the policies in your company as it is an area that differs from one corporate entity to another.

Considering the cost of the solution, I rate the overall tool a nine out of ten.

In my first company, we encountered some problems with endpoints because we had colleagues working out of country and we didn't know what happened to their clients. We used Prisma Access for information regarding the client status and the client programs because it can check and control client operations.

In that company, before Prisma Access, we used public access and we encountered many attacks from outside. Our DevOps and software engineers always connected from outside. When I came to that company I changed things, but without Prisma Access but it was very difficult. I had to do IAM per user. But when we integrated Prisma Access we could grant access by integrating the identity storage. I could grant access very quickly and see the behavior of my developers and software engineers. Sometimes they would come with new requests and Prisma Access provided quick policy deployment.

The solution helped us immediately solve the problem with our colleagues' endpoints when we encountered it.

When we integrated with Palo Alto's Cortex application in the cloud, it provided threat analysis and we didn't worry about malware or malicious traffic from Prisma Access. It was analyzing and blocking things after the Prisma Access analysis. When we used traditional VPN applications, there was no threat analysis and we counted on that from the firewall. But with Prisma Access working as a firewall and VPN, the security engineer could see everything in one portal. That meant we could analyze and block things immediately.

For my company, the features and remote accessibility were an improvement over the more traditional VPN applications. With Prisma Access we could grant more security than our public access allowed. We had more tracking of the client side. We could see and calculate their work shift time. We didn't have these features in traditional VPN tools.

We had new vulnerabilities or threats coming up daily. Using a traditional firewall or VPN, updates depended on a schedule, but Prisma Access updated itself by checking the threat database and protected us that way.

The biggest thing I learned from using Prisma Access was that, compared to conventional VPN applications, where we didn't know how users were behaving or when they were connecting, we could see how they were behaving and when they were connected. We could see what they encountered, the problems, before they complained.

The cloud VPN features mean we can connect everywhere and track where all our users are connecting. It's a helpful feature for us. We used to use traditional VPN tools, not cloud-based VPN, but Prisma Access came out with new, innovative features, including client-tracking, which was more valuable for our company. It was very impressive for us. The solution's VPN connection provided a lot of protection and was proactive. It was a better option for us. 

Also, we can split our web application and client internet traffic with Prisma Access so that it is protecting both web applications and our specific, non-web applications. The protection for web-based applications was helpful for my colleagues who didn't want a particular application on their devices. And the non-web access protection was more for our developers because they were writing and building code on their computers. Prisma Access was able to protect them.

Sometimes, we encountered a portal crash. When we told Palo Alto they said it might be the browser or cache, but I think they need to improve it on their side.

I have been using Prisma Access by Palo Alto for four years. I integrated it for my first company and I implemented it for a proof of concept for another company and they love it.

In my current company, we are not using it because this company is working on-prem, but we have a digital transformation plan for next year.

It's reliable.

It provides scalability in terms of the features and they are giving a bonus depending on the number of users. In my previous company we had 2,000 users.

I am always tracking the new technologies and features. I see there are many AI and digital technologies and I believe Prisma Access will use these more effectively. It may integrate with AI technologies and some of the analysis, as well as policies and access, will be done automatically by Prisma Access.

They have a separate technical team for Prisma Access. Normally, Palo Alto has TAC engineers working on their different products, but they have a specific Prisma Access support team in my country. When we called or created tickets they supported us immensely. I expected to hear from them within one hour.

Positive

We used a traditional VPN solution, but nothing like Prisma Access.

The initial setup is very easy. I have deployed it three times and it was integrated within two hours.

One network engineer, one network security engineer, and a system engineer are enough for the deployment and maintenance.

The implementation strategy was designed by Palo Alto engineers. They have good tech support guys who assisted us and explained all steps. They gave us some options and helped us choose the most effective way.

When they configured it from our requirements it worked the first time. Normally things didn't work like that before, but with Prisma Access it was integrated on the first try.

Where I'm working now we have FortiGate but at my old company, we didn't prefer that. When Palo Alto did the presentation at my old company, we understood they were professionals and that their features were more valuable than FortiGate.

You don't need to worry because it will be integrated very quickly when you work with the Prisma Access support team. Be sure to ask many questions to understand the Prisma Access features and you will be able to use it very effectively.

We use Prisma Access, not only for our remote users, in a distributed workforce, but for our offices as well. Right now, because of COVID, there is a very limited footprint on the office side of it. But we would like to cover our offices so that when people are working in them and trying to access resources, whether those resources are hosted on public cloud, private cloud, in data centers, or on-prem, Prisma Access is involved.

Prisma Access is completely hosted on Google Cloud Platform. Palo Alto Panorama, which is the centralized management tool, is also hosted on a public cloud environment. So the entire solution lies in the cloud.

The fact that Prisma Access provides millions of security updates per day is really important because it takes care of the equivalent of preparing patches and pushing them to your environment, without the headaches of managing and maintaining those processes for your infrastructure. If you get security intelligence from different verticals and different alliances, or through some sort of open API integration where vulnerabilities arise at different times, it's going to be difficult to keep up. Subscribing to this service and having it take care of that is really phenomenal.

And the best part is that you know that you are part of a bigger ecosystem where this learning about security issues is happening, and things are made available to you on a scheduled basis every day. It automatically strengthens your security posture. We are quite happy with this feature and feel very confident that the Palo Alto security stack takes care of all of these things automatically. That is one of the salient features and was one of our evaluation parameters for choosing a solution.

Another benefit is that before, if we had to set up a restricted environment for a given project, the lead time was about a day to get everything functioning correctly and to get the go-ahead from the security team. Now, setting up these environments can literally happen in less than five minutes. It is already segmented. All you need to do is ensure the people who are part of the project are included in a single access-control list, which these days is based on GCP Identity-Aware. Based on that, it provides the right privileges required to access certain things. That is the building block of any SasS solution with zero cross-network access. And it is very easy now.

The Prisma Access remote side is pretty good with respect to the footprint that it covers. Because it is built on the Google platform, using the Google Premium Tier network, it is almost everywhere geographically. From wherever we initiate a connection, it connects with the nearest point of presence, which minimizes the latency. And we can access applications wherever they are hosted.

It protects all app traffic so that users can gain access to all apps. Unlike other solutions that only work from ports 80 and 443, which are predominantly for web traffic, Prisma Access covers all protocols and works on all traffic patterns. It is not only confined to web traffic. This is important because security is something that should always be baked in, rather than being an afterthought. The most sophisticated attacks can arise from sources that are not behind 80/443. They could come through bit-torrent traffic, which uses a non-standard port, altogether. We want to cover off those possibilities. We were very sure, from the start of our deployment when conducting PoCs, that the solution we picked should have coverage for all ports and protocols.

The fact that it secures not just web-based apps, but non-web apps as well, is important because the threat landscape is quite big. It not only includes public-facing applications that are accessible via web protocols, but it also includes many attacks that are being generated through non-standard protocols, like DNS tunneling and newly-registered domain control names. There are also a lot of critical applications being accessed on a point-to-point basis, and they might be vulnerable if those ports and protocols are not being inspected. You need to have the right security controls so that your data remains protected all the time.

In terms of the solution's ease-of-use, once you understand the way the various components stitch together, and once the effort of the initial configuration, setup, and rollout are done and you have set up the policies correctly, you're just monitoring certain things and you do not have to touch a lot of components. That makes it easy to manage a distributed workforce like ours in which there are 10,000-plus users. With all those users, we only have a handful of people, five to seven individuals, who are able to gracefully manage it, because the platform is easy to use. It does take considerable effort to get up to speed in configuring things during the initial deployment, but thereafter it is just a case of monitoring and it's very easy to manage.

In addition, whether traffic is destined for a public cloud environment, or for a private data center, or you are accessing east-west traffic, you can apply the same security policies and posture, and maintain the same sort of segmentation. Prisma Cloud offers threat prevention, URL filtering, and DNS protection, and east-west traffic segmentation. These features are the foundation of any security stack. There are two primary purposes for this kind of solution, in the big picture. One of them is handling the performance piece, providing ease of access for end-users, and the second is that it should handle security. All of these components are foundational to the security piece, not only to protect against insider threats but to protect things from the outside as well.

Prisma Access offers security on all ports and protocols. It covers the stack pretty well, leaving no stones unturned. The same unified protection is applied, irrespective of where you access things from or what you access. That also makes it a very compelling solution.

There are definitely a number of things that could be improved. 

One of them is geographic coverage. China is still an issue because the solution does not operate there properly due to government regulations. I believe Palo Alto is trying pretty hard to get into partnerships with Alibaba and other cloud providers, but they do not have the same compelling offering in China that they have in the rest of the world. Businesses that are operating within China have to be very sure to evaluate the solution before making a buying decision. It is not an issue with Palo Alto, rather it is predominantly the result of government rules, but it's something that Palo Alto needs to work on.

There is also room for improvement when it comes to latency in a couple of regions, including India and South America. They might have to increase their presence in those locations and come up with more modern cloud architectures.

The third area is that, while Palo Alto has understood the essence of building capabilities around cloud technology and have come up with a CASB offering, that is a very new product. There are other companies that have better offerings for understanding cloud applications and have more graceful controls. That's something that Palo Alto needs to work on.

I've been using Prisma Access by Palo Alto for two to three years. We started deploying Palo Alto gear back in 2015 and, along the way we have looked into multiple tools from them and invested them.

On a scale of one to 10, I would give the stability a seven. There are a couple of reasons for that score. One is that when we make certain changes to configs, it takes about 14 to 15 minutes to populate. And there have been scenarios where it has taken about 45 minutes for the config changes to happen. When you sell a product by saying that it's cloud-native and that users can make all configuration changes on-the-fly, when those changes are made they should happen within a minute. They should not take that much time.

It might be that Palo Alto is still using a certain type of infrastructure in the backend that is causing these delays. If they pile on the cloud technologies, and work towards a more microservices-based architecture, I'm hopeful that they can bring this delay down to less than a minute.

Going from one user to 10,000 or 15,000 users, we haven't faced a lot of problems. However, for companies that are considering investing in this solution, if they have more than 50,000 end-users, a config change could take 10 to 15 minutes. In an environment where 50,000 people are expecting certain things to work, those things might not work for them. Such companies have to look at the solution very thoroughly in terms of the cloud piece, the integration piece. But from one to 15,000 or 20,000 end-users, it is flawless. We don't tend to see a lot of issues. But beyond, say, 25,000, I would suggest doing a deeper analysis before purchasing the product, because there are some glitches.

Initially, Palo Alto technical support was okay around sales discussions and getting up to speed on doing a PoC. But one once we deployed and then raised queries, those lead times increased quite a bit. Unless you take their premium support, where there is an SLA associated with every issue that you raise, it becomes very difficult to get hold of engineers to work on a Prisma Access case. If you just take some sort of partner support, you cannot expect the same level of support on your day-to-day issues that you would get with premium support.

Fundamentally, when a company sells a product, whether you are taking the premium support or some other level of support, the support metrics should be more or less the same, because you are trying to address problems that people are facing. Their response should be more prompt. And if they can't join a call, they should at least be prompt in replying via email or chat or some other medium, so that the customer feels more comfortable about the product and the support. If it takes time to resolve certain problems, post business hours, it can be very difficult for people to justify why they have deployed this product.

Neutral

COVID was a surprise for us, just like for everyone else in the world. We had a solution from Palo Alto, but it was not a scalable one. We configured things in a more manual way because our requirements were not that high in terms of remote use cases. Post-COVID, the situation has completely changed for us and we have to think about a hybrid situation where we can still gracefully allow access to end-users in a more secure fashion. That led us to evaluate this solution from Palo Alto.

The initial setup is not so straightforward. There is a learning curve involved because you need to understand which component fits where, with all of these modern, edge infrastructure secure-access services. You need to do capacity planning well, as well as a budgetary plan. You need to know the right elements for your business. Once you set that up, it is very simple to manage.

It took us about two to three months to deploy because we have a lot of geographical constraints. Different regions have different requirements. Accounting for all of those needs is why it took us that amount of time to set everything up.

We have to do an apples-to-apples comparison. If you had a very small set of people who had to create a dedicated setup like Prisma Access, and manage the infrastructure piece and the upgrading piece and the security piece, it would be a nightmare. Prisma Access offers that ease and flexibility so that even a handful of people, with the right knowledge, are still able to manage the configuration piece of it, because the infrastructure and other things are handled by Prisma Access. If you had to build that whole thing versus buying it, obviously Prisma offers a good ROI.

It all depends on your requirements. If your requirements enable you to do those things on a much smaller scale, then you need to be very cautious about which components of Prisma you actually pick for your use case. If you get all the components, you might not be getting the right ROI.

For our use case, we feel we are getting a return on investment, but it could be better.

The most pricey solution is Zscaler, followed by Prisma Access, and then Netskope.

The initial prices of Prisma Access were okay. But as soon as you start deploying Palo Alto gear, the support prices and the recurring prices, which are the major operational costs, tend to increase over time. For example, if you go ahead with a one-year subscription, just for testing purposes to see how the whole solution works, and you plan to renew for the next two or three years, you tend to see that the solution gets really costly.

We understand that when you purchase a hardware component, the cost goes up because you have a physical asset that depreciates over time. But when you are getting a subscription-based service, the cost should tend to be reduced over time. With Prisma Access, the cost is increasing and that is something beyond any kind of logic. This is something that Palo Alto needs to work on if they want to be competitive in the market.

We evaluated other options like Zscaler and Netskope. Prisma Access has more coverage for ports and protocols. It doesn't only inspect web protocols but all ports and protocols, and that's an advantage. Other solutions are still relying on web protocols.

The positive side of these other solutions, because they came along a little later, is that they have understood the demerits of a solution like Prisma Access. They are using more cloud-native components and microservices architectures. That makes these solutions faster. As I said, some config changes in Prisma Access take 14 to 15 minutes, but these other solutions literally take a minute to make the same config changes happen.

It's a constant race.

Put your business requirements up against the solution to see how it pans out. Look at the stability of the product, and at how much time it takes to make configurations and apply them in practice. And if you have a distributed workforce, like us, try to run this solution in southern countries where there is a latency issue or known issues with ISPs. You may not get the same set results that you tend to get in northern countries around the world.

We don't have a subscription to Prisma Access' Autonomous Digital Experience Management features, but we have done some testing of it. It's pretty good because it can help ease the work of an office helpdesk person who constantly gets tickets but has no visibility for monitoring things. With everybody conducting their work from home, it gets very difficult to know the setup of the internal environment and how people are accessing things and where the bottlenecks are. The ADEM tools are going to help immensely in that regard, because without having knowledge of the underlying infrastructure at every individual's home location, you can still identify whether a problem is specific to their home office or to the application the user is accessing or to the network that is causing the problem. That information is absolutely at your fingertips. Analyzing those types of things becomes really easy. 

ADEM will also help with the efficacy of troubleshooting and providing support to end-users. If there are certain applications that are critical to an organization, you could easily define a metric to see, out of all the people who are accessing those applications every day, how many of them are facing a problem. And if they're facing a problem, what the parameters of the problem are. Avoiding the problem could turn out to be something that people need to be educated about, or maybe there is something we can proactively tell users so that they can take precautionary measures to get a better experience. It is certainly going to help in enhancing the end-user experience.

Palo Alto's building blocks clearly illustrate an app-based model. It analyzes things based on an application so that we know what the controls are within an application. For example, if you want to block Facebook's chat but continue to allow basic Facebook to be browsed, that kind of understanding of the application would allow you to do so. That is way more graceful than completely blocking the end-user. It's not something that is specific to Palo Alto Prisma Access but it is a core component of Palo Alto.

We could write a book about our use cases. It provides best-of-breed optimization in CASB and SASE together. Our primary use case is enabling users from all walks of life, and all over the planet, to have remote access in the most optimized way.

Prisma Access is a SASE-oriented solution, making it a hybrid and SaaS. Of course, it's built on Google's high-capacity backbone, but it is provider-neutral.

With the centralized remote access solution we had before, F5, we used to see a lot of latency and a lot of intermittent disconnects. But our people have reported that they like Prisma Access so much better in terms of speed and how it operates. The user experience is so much better in terms of throughput. They don't see as much lag. Of course, there are users who don't have the most stable internet connection, but even for those users, by optimizing data reduction, it works better. We can't really help users who have some sort of wireless connection, because if their underpinning link is not good, this overlay won't do much. But for users who are using a satisfactory type of connectivity, even for people who are on 10 Mbps, it works well.

In addition, from an application accessibility standpoint, the integrated features that come with the QoS mean you can choose what types of applications get higher priority than others. It optimizes applications for QoS prioritization.

At the end of the day, the most valuable feature of Prisma Access is user accessibility and performance. For us, it all comes down to how well this product performs.

In addition to that, we feel that the security is absolutely spot-on, really top-notch. It's the result of all the components that come together, such as the HIP [Host Information Profile] and components like Forcepoint, providing end-user content inspection, and antivirus. It incorporates DLP features and that's fantastic because Prisma Access makes sure that all of the essential prerequisites are in place before a user can log in or can be tunneled into. Until these requirements are met at a satisfactory level, it doesn't let you in. Once users are onboarded, they are going through Palo Alto's firewall inspection. Users' traffic is encapsulated and inspected well. It gives us the flexibility to apply various policies and inspections. All of these come into play and give us peace of mind that this platform is best-in-class in terms of security features and tool integration.

The architecture is essentially a fabric-type SASE-based architecture. From a technical leadership standpoint, we are very pleased and satisfied with how efficient the product is, especially, again, when it comes to security.

One of the features that we really like in Prisma Access is its integration capabilities with Palo Alto's other platforms such as Cortex Data Lake. The best thing about it is that it gives us visibility and clarity. We can say, "This is what our threat metrics framework looks like. Yesterday we had this many potential threats, and out of that, this many have been fended off or mitigated." It gives us a really good single pane of glass that tells us what our attack surface looks like and how things have been mitigated." It gives us data that we can utilize for the benefit of our users and our senior executives.

From a user standpoint, it's very easy and very usable. Our users have used F5's products and it's not much different. There can be intricacies in that you have to have your laptops' antivirus protection updated, but that's not a big deal. Those are the types of things that users have to comply with anyway.

Traffic analysis, threat prevention, URL filtering, and segmentation are some of the features that come with Palo Alto itself. On the cloud controller platforms you have the ability to enforce controls, including things like the application layer inspection, granular policy constructs, as well as app-ID-based and application layer inspection. The inspection engines, such as the antivirus, malware, spyware, and vulnerability protection, are integrated into Palo Alto's cloud services platform. These features are quintessential to our entire cloud services security fabric. Users are users. You never know what's going to happen to a user. If somebody goes to Madagascar or to Bali and gets compromised, it is our job to protect that user and the organization. All of these interrelated features come into play for those purposes.

The challenges we have faced are not connected with Prisma's core fabric, but more with the end-user. To use the GlobalProtect client and meet all the requirements, your laptop or your end-user system has to be at a point where things are up to date. It's not really Prisma's fault, but when you try to create exceptions you don't really have those abilities. You cannot say, on the management platform, "Hey, for these users I want to create these exceptions." That is one thing that I have gotten some complaints about, and we have faced some challenges there.

It's always a challenge when people at the executive level start complaining because they're using the latest version of the MacBook Pro and it's not playing very well with Prisma.

I used the predecessor to Prisma Access, which was GlobalProtect Cloud Services and I have been using Prisma Access for a good two years.

I wouldn't call their technical support a pain point, but they need to improve it. That is one of the biggest drawbacks.

It was pretty straightforward at the PoC level. But the rollout of something like this across an enterprise is never like a one-shot thing. We went through some bumps and bruises and roadblocks along the way, but, overall, it was a pretty straightforward path.

The entire onboarding took around four months for our approximately 20,000 users.

On a day-to-day basis, we have security engineers and SMEs managing the platform. But there are not as many intricacies and challenges as there are in some of the other products that we deal with. From administrative, operational, and management standpoints, the way Prisma has let us do it, things are pretty efficient.

We used Palo Alto's professional services.

It's pricey, it's not cheap. But you get what you pay for.

My most crucial advice to colleagues who are looking to purchase this product would be to look at it from a 50,000-foot point of view, and then narrow it down to 40,000, 30,000, 20,000, and 10,000. The reason I say that is because, at the 50,000-foot view, the executives care about the pricing and the costing model; it's all about budget and how they can save the organization money.

If you are in a high-end organization, this is the product you had better get, hands-down. If you are an executive at a highly visible bank, please get your head out of the sand and see what is best for your organization. If you are a manufacturing company that doesn't need this level of integrative security, go get something else, something cheaper, because you don't need this extensive level of security controls and throughput. But if you want to get the best-of-breed, then Palo Alto's product is what you should definitely get.

Our journey with Prisma Access started out with a battlecard comparison of what Prisma Access had to offer versus what ZPA [Zscaler Private Access], Symantec, and F5 had to offer. In doing all of these comparisons, we realized that Palo Alto had built a cloud services fabric that is user-first and security-first.

If I compare Zscaler and Prisma Access, not all of the security controls that are in place with Zscaler are inherent to their own fabric. Zscaler has done a fantastic job with ZPA in terms of putting the components together. But when it comes to security enforcement, they are lagging behind on some things. One of them is the native security control component enforcement on their fabric. We feel like that is not done as efficiently as Prisma access does.

In a simple scenario when doing a side-by-side comparison, if we were onboarding and providing access to an end-user using ZPA, they would be able to get on and do their job fine. But when it comes to interoperability, cross-platform integration, and security enforcement, we feel that ZPA lacks some of the next-gen, advanced features that Prisma Access has to offer. Prisma Access provides us with cross-platform integration with things like Palo Alto AutoFocus and Cortex Data Lake, which is great. ZPA does not provide all of these extensive security features that we need. In a side-by-side comparison, this is where Prisma Access outshines its competitors.

With all of that in mind, the big question in our minds was, "Well, can you prove it?" PoCs are just PoCs. Where the rubber meets the road is when you can prove your claims. Palo Alto said, "Okay, sure. Let us show you how you can integrate with your existing antivirus platform, your existing content filtering platform, and your existing DLP platforms." We gave it a try. And then, we did various types of pen testing ourselves to see if it was really working the way they said it would. For example, could you take an encrypted file and try to bypass the DLP features? The answer was no. Prisma Access made sure that all of the compensating controls were not only in place but also being enforced. "In place" means you have a security guard, but you have told him to just keep a watch on things. If you have a robbery going on, just watch and don't do anything. Let the robbers do whatever they want. Don't even call the police. Prisma Access doesn't just watch, it calls the police.

There are some encrypted traffic flows that you're not supposed to decrypt and intercept, but even for those we have constructs that give us at least some level of inspection. Once tunnels are established, we have policies to inspect them to a certain extent. We try to make sure that pretty much everything that needs to be inspected is inspected. All of this comes down to accountability and to protecting our users.

Organizations with a worldwide footprint and distributed-services architecture require best-in-class security. Health organizations and pharmaceutical companies also do, because they are dealing with highly sensitive patient data or customer data. Organizations like these that have public, internet-facing web applications, need top-of-the-line security. Prisma Access, from an interoperability standpoint, addresses the big question of how well their web-facing applications are protected from potential malicious attacks. And the answer is that it is all integrative, all a part of a fabric with interrelated components. It protects the users who are accessing the corporate network and the corporate network from any potential risk from those users. Prisma Access gives us the ability to design architectural artifacts, like zones and segments, that really make for effective protection for web-facing components and internal applications.

In terms of Prisma Access providing all its capabilities in a single, cloud-delivered platform, not everything gets on the cloud. You cannot take a mainframe and put it on the cloud. You have to understand the difference between Prisma Access and Prisma Cloud. Prisma Access is all about user accessibility to enterprise networks in the most secure way possible. Prisma Cloud is the platform to integrate various cloud environments into a unified fabric.

As for Prisma Access providing millions of security updates per day, I don't know if there are millions, but it is important. We take advantage of some of the automated features that Palo Alto has provided us. We try not to get into the granular level too much because it increases the administrative overhead. We don't have the time or the manpower to drill into millions of updates.

I use the solution in my company for our remote workers and branch access.

The product's price is an area of concern where improvements are required. The solution's price should be lowered.

Our company faces some issues during the product's configuration phase. The product's configuration part is slow and not very effective. In my company, we have to change the configuration multiple times to make it effective. The configuration part of the product can be improved.

The product's support team needs to improve the quality of services offered.

I have been using Prisma Access by Palo Alto Networks for a year.

Stability-wise, I rate the solution a seven out of ten.

Scalability-wise, I rate the solution a ten out of ten.

The product is suitable for medium to large-sized companies.

I have experience with the solution's technical support. I rate the technical support an eight out of ten.

Positive

I have experience with Fortinet FortiEDR.

The product's initial setup phase is simple.

The solution is deployed on the cloud.

The solution can be deployed in a couple of hours.

Zscaler is a good product. In terms of features, Prisma Access by Palo Alto Networks and Zscaler are at the same level. Prisma Access by Palo Alto Networks may have an advantage over Zscaler in terms of security. Palo Alto Networks comes from security vendors, and Zscaler is available from cloud vendors. When it comes to simplicity and connectivity, Zscaler is better than Prisma Access by Palo Alto Networks.

The product is secure for remote workers since it has many cloud-based facilities that can offer protection.

The product can provide improved access to those clients who do not directly go to SaaS applications but prefer to use such applications via Prisma Access since it provides security policies to help secure the network traffic.

For security needs, the product's security profile is good.

I have experience with the product's GlobalProtect VPN feature, and I feel that it works fine. The feature also allows the customer or client to go through a tunnel to Prisma Access.

The integration of Prisma Access with Palo Alto Networks can provide a better security posture. The integration of Prisma Access with Palo Alto Cortex XDR is the best, especially when our company sends the logs from Prisma Access to Cortex Data Lake. My company gets a full view of the attack part, consolidation, and timeline of the attacks in Palo Alto Cortex XDR.

I recommend the product to those who plan to use it.

I rate the tool an eight out of ten.

Prisma Access is useful for organizations with hardware and firewalls that don't support their total number of users for remote working. If they need to increase this quantity, instead of increasing the hardware, they can use a solution as a firewall service.

A maximum of 200 people use this solution. We don't utilize all of the solution's capabilities.

I had a customer who needed to move all of their operations to work from home during the pandemic. They moved all of their configurations to Prisma Access, and we helped them enable permissions for their users to work from home.

Prisma Access provides better app performance. It allows all the traffic that's really needed for applications and internal resources without any impact on the hardware. It can be continuously scaled in case more resources are needed.

The most valuable feature is the ability to change the gateway. For example, if there's a problem with a specific region or vendor, we can make modifications. The solution is scalable, and there are different gateways that can be created depending on the demand.

Prisma Access supports all of the traffic that the user generates. We have the ability to send all of the traffic through the Prisma Access firewalls.

Prisma Access provides traffic analysis, threat prevention, URL filtering, and segmentation capabilities. It also provides DLP. If you have Panorama to manage firewalls and you have a device group that has some configurations with specific profiles for the spyware or antivirus, it's good to have the ability to replicate that in your Prisma Access environment without any compatibility issues.

It's important that Prisma Access provides millions of security updates per day because we have to be aware of attacks in the cybersecurity industry. It's very helpful to have these updates from Palo Alto because they can prevent the organization or customers from having issues.

Prisma Access gives us the ability to configure clientless VPN, which helps us address specific applications that are consumed through Prisma.

The Autonomous Digital Experience Management feature is helpful because it shows the source of a problem. One user could say that they have a problem with slowness or that some applications don't work that well. It could be a problem with Prisma or a problem with the user's internet provider.

The security provided by Prisma Access is very good because we have the same configurations and models that we have on our normal firewalls. If you have worked with Palo Alto before with firewalls or Panorama, it's very easy to create configurations to implement your security posture. It's on the same technology as Palo Alto, so it's compatible with firewalls. It's also very secure, and it has the same scalability options.

My organization has created different gateways, so they have two different cloud vendors. This redundancy on cloud is helpful. There is redundancy at different branches to provide a backup in case there is a problem with a vendor in a specific area.

I would like the solution to support a different type of authentication. We can't configure a secondary method for our portal.

I've worked with Prisma Access for about six months.

The stability is very good. I haven't had issues with the connection or dropping traffic.

I haven't had any issues with scalability. The solution allows us to define all of the resources that we need. For example, we can define the IP addresses that we need for the number of users that will be connected. If there's a large quantity of users, they can increase the resources. 

The technical support could be faster after we open up a case.

Setup is very straightforward. Prisma Access has very extensive documentation. If you use that, it's easy to deploy the solution. You need to read a lot more for routing considerations, but I think it's easy for people with startup experience.

The amount of time it takes to deploy the solution depends on the complexity of the consumer's considerations. Normally, the basic implementation and policy authentication can be completed in two or three hours.

We require a few people for maintenance. One person provides support and two people do the implementation.

I received some help from engineers who had more experience in the company. They taught me how to configure it, and I was able to complete the deployment after that.

I would rate this solution as nine out of ten.