Prisma Access by Palo Alto Networks Reviews

This is a CASB product that we use to protect data that is in the cloud. We work with our client to protect them from unknown threats, as well as known threats such as the inadvertent sharing of files. An example of this is the uploading of a file by an admin that contains sensitive data that was not intended to be shared with anyone who is external to the organization, such as a Gmail address. This solution offers protection from these kinds of problems.

From my client's perspective, I can say that they had no control over their cloud data that they needed to protect. They had solutions that can handle their on-premise DLP, such as determining whether a particular service is malware-free. When it was on the cloud, such as Google Cloud, Google Drive, ServiceNow, or others, they were not sure how to protect it. With this solution, they are able to protect themselves, and also with data at rest. It has helped to protect against the propagation of malware from the cloud to the premises.

There are two features that I find very good. This solution provides a DLP on the cloud and very few people have a scanning device for data at rest. The second feature that I really like about this solution is the notifications that it provides. It provides me with timely notifications so that I can consider things such as whether actions are trusted or untrusted and I can quarantine the data on the fly.

There are a lot of cloud-based applications that are supported, such as Box, Skype, Google Drive, and SharePoint, but there are many more than have not been totally integrated. They cannot use in-house apps because they are not generic services. I would like to see support for custom applications. 

There are also certain storage services that are not integrated, like AWS S3. If the services are created by the customer then it would be very nice to have those protected too.

Right now, this is a data at rest CASB, but it would be nice if it included features such as forward proxy or reverse proxy. It would be able to provide the OTP to those gateways and anyone who can integrate with Aperture can send the data to have it authenticated, via Aperture to the cloud, rather than just scanned. Essentially, if it can be made to act as an auth server, to automatically handle the forward proxy CASB, it would be good.

Six months.

It seems to be a pretty stable product. It has been six months and we haven't seen many problems yet.

Given that it is in the cloud, I don't think that there is an issue with the scalability. You can just add agents or perform more integration very easily and it will work. Unless the price model changes because it is already a bit pricey from the perspective of the end-user, it is not a problem.

The scalability is based on devices rather than users, but I can say that there are perhaps six cloud accounts with around ten or fifteen apps that they are trying to protect.

The technical support is very friendly. They are aware of the solution and they can definitely help you if you are stuck with a problem.

Our customer was not aware of how to protect their cloud data, and this is the first solution that they chose.

The initial setup is simple. You just need to log into the Aperture cloud with your user ID and password, apply the license and you are done. After this, you just need to know how to integrate, but they already have documentation that can help you out.

The time required for deployment depends on how complex you are making the environment. If it's a very simple one, such as a Box or a Google Drive, then it will take around a day or two, maximum a week.

I would say that a complex environment may take between three and four weeks. It depends on the use case. If you want to do a POC setup on VPC or Google Drive then it may take less time. On the other hand, if you are integrating more services then it will take longer because you have to learn the product from scratch. There are no similar services.

Once this solution is configured, there is very little that you have to do unless the customer requests something new. If you integrate it with WildFire and AutoFocus, it will automatically get the latest volume or latest signatures, and it will notify you whenever that happens. If somebody is properly trained then one person can handle the maintenance.

We deployed this solution for our customer. We also used agents, provided with Aperture, on the local devices so that they could be easily connected to the cloud.

The pricing for this solution is on the higher end. Our customer felt that the solution was a bit overpriced but they had nothing that offered them better protection.

The licensing fees are on a yearly basis, and there are no additional costs.

There are now more vendors doing this, such as Oracle, but when we started there were very few. This is one of the reasons for choosing this solution.

This is a fairly good product if you are looking for something to protect data at rest. There are alternatives, like Oracle and McAfee, that also provide similar solutions, but you should do a POC with them first. In fact, you should always start with a POC because everyone has different needs. 

If you take the training that is available then you will be able to handle the maintenance yourself. There can be challenges when there are compliance issues, like somebody putting a file into quarantine. It will have to be taken out manually, and if the user is untrained then they will require technical help for this.

I would rate this solution eight and a half out of ten.

We use this solution to secure the network. We block unwanted traffic.

We had a government project. When I was there, they asked to open some kind of port. We just had to initiate that traffic. Then we checked what kind of ports were blocked. We gave them the ports and after that they asked to open the port for the traffic application. We did the work accordingly.

Monitoring is the most valuable feature because we can easily monitor all kinds of stuff coming over the network. We can check the dashboard and work accordingly.

Overall it is actually very good. I haven't yet had any issue at all. One thing that would help is if we could get a guide. With Cisco, for example, you can just type the problem regarding your Cisco product and you will easily get your solution. In Palo Alto, however, it's not easy to find the solutions.

Stability is good. 

Currently, our network security team is taking charge of the firewall but behind that, the users have to go through the firewall. Initially, we had three or four firewalls, so two or three engineers were enough for the deployment and maintenance. 

The initial setup was a bit complex. It took two or three months and we are still continually working on it.

The solution is actually very expensive. I don't know the particulars since the purchasing team dealt with it.

We just checked which firewall was top rated. We selected two such firewalls. One was Check Point and the other was Palo Alto. Both of them are comparatively good.

Ultimately, Palo Alto is a very advanced firewall. The firewall uses activation awareness. This firewall can easily identify what applications are running behind the network. This is a good solution to use.

I would rate this solution as eight out of ten.

The features I find most valuable is WildFire, user integration, and the basic technology features.

I would like to see better pricing and an easier logging process. Also, if there was a way to log a global log, everything could go onto the system. It would be better if there was a third log, otherwise one would have to do everything manually. 

From an audit or security perspective, the solution has been very stable so far. But I am not sure if it will stay stable once deployment takes place. 

The initial setup was really straightforward.

I will give this solution an eight out of ten rating because theoretically, I looked at a lot of other products but Palo Alto seems to be covering all aspects and I'm sure the competitors like to tell everybody they have more features, but I've not experienced it yet.

Most of our customers here in Egypt are looking for how to manage their boxes in simple ways. They want good performance as well.

We sometimes need to apply proactive service on specific applications. We can do it with Palo Alto Networks in just a few clicks. On some projects, we work with other vendors like Juniper or Check Point and we are really facing some obstacles applying policies and proactive service in specific applications. But Palo Alto and its next next-generation firewall offers especially proactive services on a specific type of application, and in applications like tracking features.

The next-gen firewall performance is very good. The solution has very good architecture, software, and interface.

They could improve the proactive service on this application and application tracking in their next release.

Their next release should provide solutions for the mobile environment.

It's very stable. Sometimes after installing the boxes, we leave them for one or two years. We would just touch the box in the case of the customer needing new requirements or changes to the setup. It has a very stable performance because they have very good architecture and software.

We don't usually need technical support. My company is certified to provide the Tier 1 support for Palo Alto here in Egypt. Most of the time we are fielding the cases here in the technical support center in our company. Sometimes we need to escalate to their Tier 2 and Tier 3, and the response is very good. We are talking about just two hours to escalate to the next level of support. They have a very good policy about help features and support centers in our region here and in India.

There are many ways to deploy for the firewall in general. Sometimes we propose a firewall as a perimeter firewall, to protect the internet connections. Sometimes, we propose the firewalls to protect the data center and protecting the institutional traffic between servers. So it depends on the deployment model and the customer requirements.

Depending on the client, it may take time to gather the info and requirements from the customers, so it takes anywhere from two business days to two months to finalize the whole deployment for the Palo Alto Networks.

We have a technical team in our company that handles the implementation.

Palo Alto is not a cheap product. It's expensive because they provide very good technology.

Here in Egypt, there are about 93 system integrators and we have a partnership with Fortinet. We consider our connections because we need to avoid conflict with our partners and conflict with other solutions in our portfolio. We choose Palo Alto and Check Point to avoid conflict with our partners. The market is very crowded with FortiGate technical solutions and partners, so we avoid these.

We had a very good experience with their solutions, especially with their endpoint protections and the next-generation firewalls. We are a local distributor in Palo Alto here in Egypt. So we propose this technology to our customers and our partners here in Egypt.

Palo Alto offers very good technology and hardware. Its very good in this category of solution. You have options of providing or proposing to a customer a small box, or sometimes a mid range. It depends on the model and the deployment.

I would rate this solution 8 out of 10.

We primarily use the solution for firewall technologies.

The interface is very good and the feature set is very good. The investigation options, for example, in the data are very useful.

The dependencies of applications sometimes are a bit confusing. All the dependencies you have between applications can be confusing when you fill in things. It's mostly the configuration with the different applications. Extra guidance in using applications and things like that might be helpful.

In terms of features, at the moment, the features we use are all in there. But we don't even use the full feature set at the moment. So I don't really have any need for anything else. For now, there's not really anything missing.

We've had no issue over the whole lifespan with any failures so we didn't have any problem with that. In terms of the scalability, supposedly the model you choose the scale goes up at the beginning. You can buy a firewall device and scalability is dependant on the model.

We used an integrator so we don't need to contact their technical support directly. 

The initial setup is very straightforward. With the standard deployment, I think it took a few days.

We used an integrator for the initial setup. They were very good.

I think that the Palo Alto solution is very good. The licensing in comparison to other competitors is not really an issue. The price is not low but you can't compare with all the premium firewalls in its range. The licensing cost is about 18,000 euros. 

I would recommend the solution. The solution really depends on your budget, of course. If you have a really low budget it's not a low budget solution, so it can really depend on the budget you have. But if you have a budget for enterprise or best of firewalls I think you should take this solution into consideration.

I would rate this solution at 8.5 or 9 out of 10. No product, of course, is totally perfect and a ten is something that I don't think that exists. I think maybe it needs a bit more ease of how applications and dependencies run. Because sometimes you push a firewall rule and you get lots of dependencies so that could be a more manageable thing. Extra guidance in using applications and things like that would be helpful.

The company I work for mainly uses Palo Alto Networks Prisma SaaS to secure our network.

Having them there to support our network and watch in real-time has been a huge benefit.

Its hands-off security and the fact that we don't have to maintain it are the most valuable features. 

They automatically update and they should give us time to fully understand what they're updating so that we can make sure it doesn't impact production. 

It is a very stable solution and I would rate them best in its class.

I believe in Palo Alto Networks' scalability. They will grow as our company grows.

Before we started using this solution, we tried to secure our networks ourselves. That did not work out so we started using another vendor. However, since we switched over to Palo Alto Networks, we've watched them support our network in real-time and it has been a huge benefit.

I wasn't personally involved in the initial setup, but our IT director was. He reported that it was straightforward and easy to configure.

It is difficult to determine a specific ROI as its main function is securing the network. Since installing this solution we haven't had any penetration or malware, so it has definitely kept us protected.

I am not sure about the cost, but my advice to others would be that it is not a mistake going with them. You get what you pay for and I believe they are the best in their class.

We did evaluate other options but only Palo Alto Networks could offer what we were looking for.

They're unique in that they're watching our network. They're just constantly updating and patching, watching for potential threats. As long as they keep on doing that but allow us time to understand what they're updating before they do it, it would help out.

You get what you pay for. They're the best in class. I would rate it a nine out of ten.

My clients used Prisma Access essentially for security in the cloud. We integrated their SD-WAN into Prisma Access.

Palo Alto Firewall is one of the best firewalls in the world. It's very clear about the policies and all the security features they have. Also, the user integration works very well in Palo Alto. The WiFi, anti-threat, web filtering features and IT/OT separation are also good.

Though the monitoring is fine, the solution should improve its application graphs and interface monitoring. Additionally, the pricing could be improved.

I worked as a consultant on Prisma Access for one year for one integration project.

The product is very stable.

The product is scalable. Our clients are medium-sized businesses. There are 1,500 users worldwide.

The support is good. I rate the support an eight or nine out of ten.

Positive

The solution is not easy to implement. The first setup is a bit more difficult, but it gets better. The solution is easy to maintain.

A global partner did the setup.

I'm still comparing, but the solution is quite expensive.

I recommend people try the product out because it's really good. I rate Prisma Access an eight out of ten.

The tool's consolidation is pretty quick.

Prisma Access by Palo Alto Networks should consolidate the portals into a single portal. It is slow and takes more than ten seconds to load a page.

I have been working with the product for two years.

I rate Prisma Access by Palo Alto Networks' stability a seven out of ten.

I rate the tool's scalability an eight out of ten. My company has around 10-15 users.

Prisma Access by Palo Alto Networks' technical team responds fast.

Neutral

The tool's deployment difficulty is in the middle.

Prisma Access by Palo Alto Networks has flexible licensing models with different categories. It comes with different features which can be removed if not needed. However, its pricing is high.

I rate Prisma Access by Palo Alto Networks an eight out of ten.