IT Central Station is now PeerSpot: Here's why
Buyer's Guide
Web Application Firewall (WAF)
June 2022
Get our free report covering Microsoft, Aqua Security, Check Point, and other competitors of Prisma Cloud by Palo Alto Networks. Updated: June 2022.
610,336 professionals have used our research since 2012.

Read reviews of Prisma Cloud by Palo Alto Networks alternatives and competitors

Shahar Geiger Maor - PeerSpot reviewer
CISO at a recruiting/HR firm with 11-50 employees
Real User
Top 20
Prioritizes vulnerabilities and findings, helping us to focus on the most important issues, unlike other solutions
Pros and Cons
  • "Orca gives you great visibility into your assets. It shows you the issues and the things that you need to attend to first, by prioritizing things. You can see a lot of information that is not always visible, even to DevOps, to help you know about the machines and their status. It's very easy to see everything in a single dashboard. That makes it a very useful tool."
  • "The main drawback in an agentless approach is that if the solution detects a virus or malware in the environment, we need to manually remove it. But from my experience with other production environments, it's not straightforward to install agents in the hope they will automatically remediate viruses, even from production environments... Ultimately, the ability to auto-remediate is something that I would like to see."

What is our primary use case?

I use it for our cloud security posture. Initially, the idea was to increase visibility because we had zero visibility into our cloud environment.

How has it helped my organization?

Orca provides agentless data collection directly from your cloud configuration and from the workload runtime block storage. They call it SideScanning. What it does is it copies the image of the assets and then the solution does all its analysis on the side. It just records the image and then looks at it. It sees everything that is installed on the image, like type of data, packages, applications, and the audit log. It can even see into ODD and other activity logs that are not collected by default by DevOps. It provides you with great visibility into each asset, including containers, storage devices such as RDS, CCS, and EC2, and S3—all the basic and major components in cloud environments. And that's true not only for AWS, but for all three cloud providers.

This agentless approach means there is zero performance impact. That's the whole idea. The only thing it does is copy the image and then it does the scan which is a read-only operation. It doesn't use the computing resources. That makes it very lightweight.

The agentless collection of data enables Orca to see assets within their environmental and business contexts and prioritize truly critical security issues. It sees things very clearly and you get a notification, alerts to Slack or whatever system you are using. We have also exported the alerts to our Splunk environment, to cross-reference them with other systems as well. It provides great focus on the right and the most important topics that we should attend to first.

In terms of consolidating vendors, Orca solved a few issues for us. Because we came across it very early in the process of picking tools for our cloud environment, we saved a lot of money by not having to pick multiple different tools to cover different aspects of cloud security. We had good timing when we picked Orca, rather than various tools to do the same job. If you have multiple scanners and you install Orca, you can remove the other ones. That's great and will save you money and a lot of working hours. A lot of the work we did previously was done manually. Now, we get good visibility and it saves manpower as well.

We didn't have anything, and Orca solved three or four different problems in a single tool. If I had had to buy three different tools, obviously it would cost more, but I can't estimate how much the difference would have been. What I can say is that Orca has saved us at least half of a SecOps FTE, at least in the beginning when I didn't have a team and did most of the work and the monitoring myself. It has saved me a lot of time, because I needed a lot of DevOps resources to help me before we had Orca. When I installed Orca, I became very independent. That was really a great feeling.

What is most valuable?

Orca gives you great visibility into your assets. It shows you the issues and the things that you need to attend to first, by prioritizing things. You can see a lot of information that is not always visible, even to DevOps, to help you know about the machines and their status. It's very easy to see everything in a single dashboard. That makes it a very useful tool.

The fact that it prioritizes vulnerabilities and findings, and doesn't present you with hundreds of unuseful findings, is important. They focus the information and make you concentrate on the high-priority items. This is something that differentiates it from the others.

They also now have the ability to filter findings based on best practices, like CIS, PCI, and even GDPR. That means you can filter your environment based on a specific filter, and that helped us when doing our PCI audit. We were able to show the auditors what our environment looks like from a PCI perspective. That's another great feature that it offers.

It's also very easy to use, very intuitive, and very detailed.

Another new feature shows you outliers and abnormalities for IAMs and access. It focuses on users with too many permissions and provides you with recommendations on what to do as a result.

There is a feature that searches for secrets on your infra and what can be done with those secrets.

You can also do very complex search queries to find assets that you think may be relevant. For example, searching for Log4g references in the infrastructure was very easy.

I also like the fact that the solution includes the most potentially painful parts, out-of-the-box, like malware and secrets scans, IAM, attack vectors, and benchmarks against CIS and other best practices. That full suite is something that every security professional needs. It solves the issue of having to run multiple tools, such as a vulnerability scanner, a secrets scanner, and a role management/permission/authorization tool that searches for abnormalities. I think it's a no-brainer, given that it runs everything, and you don't need to pick and choose anything. Everything comes out-of-the-box and is very easy to use, plug-and-play, and you get an instant view of things on the dashboard.

What needs improvement?

The main drawback in an agentless approach is that if the solution detects a virus or malware in the environment, we need to manually remove it. But from my experience with other production environments, it's not straightforward to install agents in the hope they will automatically remediate viruses, even from production environments. If you make mistakes, you can cause huge damage to your environment and, when it comes to production, there is zero tolerance for errors. And realistically, you can't use the most important feature of an agent, which is the remediation, because remediating on production is not something that is easy to do.

Orca's agentless approach makes more sense. Even if you have an agent, it takes resources. In addition, you need to deploy, maintain, and update an agent, which amounts to a lot of unnecessary work. And lastly, while it's true that an agent sees more when compared with an agentless solution, the gap is very small.

In the end, to make sure that we progress and that our security level is increasing, we need to take action. Orca is only a detection tool. It shows you the problems, but you need to make sure that the problems are fixed. It's a fair trade-off because production is a different environment. It's not like endpoint security where the cost of ruining an endpoint is worth the risk. You would rather kill an endpoint than risk being infected with malware. But this is not the same approach for data center or cloud security.

Ultimately, the ability to auto-remediate is something that I would like to see.

For how long have I used the solution?

I've been using Orca Security for two years or so.

What do I think about the stability of the solution?

It's very available. We have never faced issues with the platform not functioning or not responding. It's a very stable tool that works and runs as expected.

What do I think about the scalability of the solution?

We haven't noticed any scalability issues because we haven't had any performance issues with the tool. It's always up and running and we consume it as a service.

We have more than 10 Amazon accounts with tens of thousands of assets, including containers, which are a huge piece of the resource pool.

How are customer service and support?

The team is fully supportive and we get everything we need. They're very responsive to our needs and feature requests. We benefit very much from the team and from the tool. They're doing a great job.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

At first, we used an open-source solution and we did periodic scans on the cloud environment, but we were quite blind. Later, when I met the Orca team, they were in a very early stage and I decided to onboard them. The fact that we were blind was the main motivation for installing Orca. Now, the scanning happens constantly.

We now see everything, the whole cloud environment, including a small GCP implementation that we have. We have better coverage than our DevOps because DevOps doesn't have access to some of our subsidiaries, for example. We deployed Orca very quickly after buying some new companies and it gave us an edge over the DevOps team, because we saw way more compared to what they see.

How was the initial setup?

It was super easy to connect the solution to all accounts, which is something that is not always so easy when you're taking it from a DevOps perspective. You do this from the dashboard. The fact that it is very easy to deploy is something that makes it stand out. Getting the coverage is very easy and it's super lightweight.

Deploying Orca for a single account takes a matter of minutes, if you have the right permissions or are an admin on the AWS environment. You just go to the console, copy-paste the ARN from AWS and put it in the Orca environment, and run a scan. The solution then does everything else in the background and starts the scanning process. It then takes a few more minutes, depending on the size of the environment. If it's a very large environment, it can take up to half an hour or so to show all the different assets. But from then on, that's it. Most of the work is done in the background.

What's my experience with pricing, setup cost, and licensing?

The licensing is per-VM, but it really depends on the type of the environment. They offer large discounts if they see a customer as a potential strategic partner. Orca is very competitive when compared to the alternatives and is not the most expensive in the market, that's for sure.

Which other solutions did I evaluate?

At the time we looked at Orca, there weren't any competitors. I did meet with Palo Alto Prisma and Dome9, which were the main two alternatives to Orca then.

Now, there are other players. The main competitor is Wiz, which offers a very good suite. Lightspin offers the same type of solution, as does Aqua. You might include Ermatic if you count permissions/roles/IAM monitoring. Datadog also offers an agent-based system.

The main difference among these solutions is that there are two types of CSPMs. The first is agentless, such as Orca, Wiz, and Lightspin. The other vendors are agent-based, including Prisma Cloud, Dome9, Datadog, and, possibly Aqua. There are, of course, vulnerability scanners, like Qualys or Tenable, that are not based on agents, but they're limited to vulnerability scanning and are not full competitors.

The main advantage of Orca is that it is agentless, but still has great visibility into the assets and the cloud environment.

The second differentiator is the ability of Orca to prioritize and show you what you need to act upon. It doesn't bombard you with a lot of alerts that are meaningless and just create a lot of noise.

Another advantage is that Orca is very easy to deploy and very lightweight, compared to competitors, especially Wiz.

Orca was the first. I remember, as a design partner, at first there was something of a learning curve, especially for scanning S3 buckets. That can require a lot of resources and may result in an increase in billing. That is something that takes time to do properly. Orca has the advantage of being the first, and they bring a lot of field expertise and experience to avoid pitfalls and problems for newcomers to this market.

It's also a huge advantage that Orca is a SaaS offering. I don't like on-prem solutions. They require a lot of overhead and resources and you need to manage them. We work mostly with SaaS vendors.

What other advice do I have?

Do a trial of Orca and check it against the current solution you have in place. You can assess how lightweight it is and the depth of insights that you get into the environment. Look at the new angles of visibility it will give you. It's very easy and you will see the differences instantly.

It's a great solution. It has solved so many problems for us. Before starting with Orca, I was blind. Think about someone who was blind and now they can see. It's a new world.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
BasilDange - PeerSpot reviewer
Sr Manager IT Security at a financial services firm with 10,001+ employees
Real User
Top 20
The IAM role gives us complete control over the cloud environment
Pros and Cons
  • "It helps us to analyze vulnerabilities way before they get installed in production and the web. It gives us more security in the production environment."
  • "Automatic remediation requires read/write access. When providing read/write access to third-party applications, this can add risk. It should have some options of triggering API calls to the cloud platform, which in turn, can make the required changes."

What is our primary use case?

  1. Visibility for cloud workloads, including server, serverless and Kubernetes.
  2. Security configuration review along with automatic remediation.
  3. Posture management and compliance for a complete cloud environment.
  4. Centralize visibility for a complete cloud environment of the workload hosted on multiple cloud platforms (AWS and Azure).
  5. Baseline for security policy as per the workload based on services, such as S3, EC2, etc.
  6. Visibility of an API call within the environment.
  7. IAM management providing access to the cloud network in a controlled manner.
  8. Alerts and notifications for any security breach/changes in the cloud environment.
  9. Flow visibility of traffic to and from the cloud environment.
  10. Real-time alerting for any security incidents.

They provide support for Azure, Amazon, GCP, and Alibaba. However, we just have AWS and Azure.

How has it helped my organization?

  1. Provides complete visibility of the workload hosted on different cloud platforms (AWS and Azure) along with multiple tenants. 
  2. Helps in enhancing security for cloud environments by providing reports, both in terms of security and compliance. 
  3. Provides complete visibility of traffic flowing to/from the cloud platform.
  4. Provides best practice policy that helps to strengthen the security of the workload.
  5. Assets inventory and API calls can happen from the cloud.
  6. Provides control in terms of accessing the cloud workload. As a policy is created, this will block direct access to the cloud environment in case the same is not define or approved in Dome9.

Security visibility with Dome9 is excellent. Normally, without this type of solution, especially if you have some workloads hosted on Azure, they give you minimal tools to be able to analyze the loss. There are different consoles that need to be checked for analyzing any incident. In the case of Dome9, it gives you the loss provided in a report on a centralized console. It gives you complete visibility, including the IP to IP Flow, which is happening from the workloads to the Internet or the Internet to the workloads. Even in case of getting a threat intelligence from Check Point, which we have the integration, if some workflows are communicating any suspicious IPs, then the reports are available on the flow logs. On top of that, it also provides a report where you will be able to find out from which location or country you are getting the traffic to your workloads. Therefore, if you want to block certain geo-locations from communicating with your network, then you can also do that using Dome9.

The workload, which was taking a day's time, now can be turned out within hours. We are able to analyze the logs in real-time. Previously, if we enabled some services, then the email needed to be sent to the security team who would do the scanning, might submit the reports, and post some action to be taken by the developers. Using this solution, we are getting the reports in real-time. The remediation can also be applied automatically. The developer can take the necessary action immediately. It provides us what action needs to be taken.

Unless we did some scanning, we used to not know that there were security flaws within particular services. However, by using Dome9, as it has complete visibility, we are getting those details much faster.

The firewall normally has been managed by security team. Admins can bypass through firewall to create any policy. They can go outside and downloading/uploading anything from their workloads. This solution provides that control as well.

What is most valuable?

  1. The IAM role gives us complete control over the cloud environment. In case someone tries to bypass and create a user or policy locally, which is not allowed or defined in Dome9, changes will be rolled back and a notification will be sent to the concerned team.
  2. It's always ON and available on a mobile device using the app.
  3. There is complete visibility of the traffic flow with threat intelligence provided from Check Point. It even provides communication detail on any suspicious IPs.
  4. Provides detailed information if some workload tries to directly access and bypass any firewall policy.
  5. Provides a granular level of reports along with issues based on compliance standards, which are defined depending upon organizational requirements.
  6. Task delegation as a particular incident can be assigned to a particular individual. The same can also be done manually or automatically.
  7. Customizes queries for detecting any incident.

The solution is pretty straightforward to use, as it is only a SaaS model. You just need to enable the accounts for which Dome9 needs to do validation, and that's it.

Compliance checking capabilities: When you enroll your account, we have multiple accounts. Once you enter that on Dome9, it does a complete scan of your account based on these flow logs. It checks: "What are the security flaws?" So, the compliance depends on the company and what they are using as a benchmark. Normally, for India, we use the CIS as a benchmark, then whatever flow logs are available, those are provided in the reports. Then, we check those compliance reports against the CIS benchmark, and accordingly, take actions. We can then know what are the deviation on the cloud platform and on the account, with respect to the CIS.

There are some use cases where you will not have reports readily available or not get the dashboard for particular outputs. You can create a query on the console for those, e.g., if a particular EXE file started on a workload, we can find out if that is running anywhere in the cloud. While it does not provide details on the process level, it will provide us with which sensor is communicating to which IP addresses as well as if there are any deviations from that pattern.

It has remediation capabilities, and there are two options available:

  1. You can do automatic remediation, where you need to define the policy for which unit that you are doing remediation. 
  2. It can be assigned to a particular team or group of people for its particular vulnerabilities of security flaws. That ticket can then be raised to service quotas be remediated manually.

What needs improvement?

  1. Policy validation should be available before it is deployed in a production environment using a cloud template.
  2. Automatic remediation requires read/write access. When providing read/write access to third-party applications, this can add risk. It should have some options of triggering API calls to the cloud platform, which in turn, can make the required changes.
  3. A number of security rules need to be added in order to identify more issues. 
  4. The reporting should have more options. The reports should be more granular.
  5. It should support all container platforms for visibility of a complete infrastructure single console, such as, PCF.

For how long have I used the solution?

Three months.

What do I think about the stability of the solution?

Until now, we have not faced any issues in term of downtime or outages. It seems to be quite stable.

What do I think about the scalability of the solution?

Scalability is not an issue. There are a number of workload licenses that need to be procured, then it is straightforward.

There are between eight to 10 security admins and auditors who have access to Dome9.

Our complete cloud workload is managed through Dome9.

How are customer service and technical support?

The support is excellent. They regularly review our cloud infrastructure and provide suggestions to help us have a better security posture.

Which solution did I use previously and why did I switch?

Initially, we were using tools provided by the service provider, such as, ScoutSuite, AWS Config Rules, AWS Trusted Advisor, or Amazon GuardDuty for monitoring, and similar tools for Azure as well. Then, we needed to go through a different console to identify any incidents.

Initially, we used submit a report, but there was no remediation nor information provided how to remediate workload issues. In our current scenarios, we are able to get the complete visibility. The complete visibility of the solution has been a key to the increase in our productivity.

How was the initial setup?

The initial setup was straightforward. The only thing that was required from our side was a cloud template, which was provided by Dome9. We need to executed that template in our cloud environment for AWS and Azure. It automatically creates a read-only ID on the AWS platform for Dome9 to connect with. There is some configuration which needs to be done on Dome9 as well as AWS, but the deployment takes around 15 to 30 minutes.

What about the implementation team?

Check Point's team was available, but we implemented it in-house with our support team.

We don't require staff for deployment and maintenance of this solution.

What was our ROI?

As it is a security product, the ROI will not have that much importance because it is enhancing your security and/or providing more security to your infrastructure. If there are any security incidents, then Dome9 is able to protect us.

Initially, once the solution was deployed into production, then the scanning used to happen and we used to see the environment's visibility. In the current situation, as everyone is moving to the DevOps environment and using the CI/CD pipelines, it helps us to analyze vulnerabilities way before they get installed in production and the web. It gives us more security in the production environment.

What's my experience with pricing, setup cost, and licensing?

The licensing and costs are straightforward, as they have a baseline of 100 workloads (number of instances) within one license with no additional nor hidden charges. If you want to have 200 workloads under Dome9, then you need to take out two licenses for that. Also, it does not have any impact on cloud billing, as data is shared using the API call. This is well within the limit of free API calls provided by the cloud provider.

Which other solutions did I evaluate?

We evaluated Prisma Cloud by Palo Alto Networks and Trend Micro Cloud One Conformity.

Normally, the policies are accessible only on the browsers, e.g., if you compile them from Prisma Cloud, they're available as a part of a browser. However, for management users, especially for CIOs and CTOs, it becomes difficult for them to type URLs, then login. In the case of Dome9, they provide an app. With that app, you can directly login with single sign-on. It is much easier to access using the app compared to the browser option.

Most things are the same for all three providers. The major difference between Dome9 and Prisma is the IAM roles. The maturity of IAM roles available in Dome9 are much better than the other two solutions. Currently, our focus is mostly on what is happening and who is making the changes in the environment. Another thing is the visibility that Dome9 provides through its intel is better than the other two solutions.

The other two solutions have system capabilities better than Check Point.

I would recommend Prisma as well as Dome9 because they both have the visibility. In our case, the IAM was a critical piece of our requirements.

What other advice do I have?

The cloud and on-prem environments are completely two different networks.

They should offer the cloud in India. Soon, there will be GDPR and India will have its own data protection laws. This might create some issues in the case of the data residing outside India. Because we are collecting metadata from the internal networks for the cloud environment, this is the reason that I suggest that they should have some plans to have the cloud in India. However, neither Prisma nor Trend Micro have cloud in India.

I would rate this solution as an eight out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Victor Addison - PeerSpot reviewer
Senior DevSecOps Engineer at a consumer goods company with 11-50 employees
Real User
Top 20
Provides centralized management and helps with regulatory compliance, but getting the best information requires a lot of work
Pros and Cons
  • "With respect to improving our security posture, it helps us to understand where we are in terms of compliance. We can easily know when we are below the standard because of the scores it calculates."
  • "The overview provides you with good information, but if you want more details, there is a lot more customization to do, which requires knowledge of the other supporting solutions."

What is our primary use case?

I use this solution in two different scenarios. The first is for the security and monitoring of Azure accounts. Another is for SIEM integration and the Azure Gateway WAF. Essentially, it's a one-stop solution where you can integrate all of the other Azure security products. This means that instead of maybe going to Firewall Manager, Azure Defender, or WAF, you can have all of them send statistics or logs to Azure Security Center, and you can do your analysis from there.

How has it helped my organization?

This product helps us with regulatory compliance.

With respect to improving our security posture, it helps us to understand where we are in terms of compliance. We can easily know when we are below the standard because of the scores it calculates.

It helps us with alerts. You're able to automatically channel these alerts to emails and get the team readily looking into the issue.

We don't need a distributed team looking at the various security solutions. Instead, they just look into Azure Security Center and then get everything from one place.

It also supports multiple cloud integration, where you can add other clouds like AWS and GCP. However, we don't use that feature. 

What is most valuable?

The most valuable feature is the help with regulatory compliance, as it gives us security scores and the CVE details.

Centralized management is another feature that is key for me.

What needs improvement?

This product has a lot of features but to get the best out of it, it requires a lot of insight into Azure itself. An example of this is customizing Azure Logic Apps to be able to send the right logs to Security Center.

The overview provides you with good information, but if you want more details, there is a lot more customization to do, which requires knowledge of the other supporting solutions. You can get the best out of it, but then you will also need to do a lot of work.

Improvements are needed with respect to how it integrates the subscriptions in various Azure accounts. You can have a lot of accounts, but you don't get detailed information. Specifically, it gives you overall score statistics, although it's not very intuitive, especially when you want to see information from individual subscriptions.

For example, if there are five subscriptions sending traffic to Azure Security Center, it gives you the summary of everything. If you want to narrow it down to one particular subscription and then get deep into the events, you really have to do some work. This is where they could improve.

In terms of narrowing things down, per account, it is not granular enough. In general, it gives you good summaries of what is happening everywhere, with consolidated views. You're able to get this information on your dashboard. But, if you wanted to narrow down per subscription, you don't want to have to jump into the subscriptions and then look at them one by one. Simply, we should be able to get more insights from within Azure Security Center. It's possible, but this is where it requires a lot more customization.

For how long have I used the solution?

I have been using Azure Security Center for approximately two years.

What do I think about the stability of the solution?

In terms of stability and availability, Security Center is very good. It doesn't change. Because it's cloud-based, you don't actually have to manage infrastructure to get it up. If you are using the SIEM portion of it, it's what you are sending to it that will determine what you get out of it.

If you are using a hybrid solution from your own site then you have to make sure that your internet connection to the cloud is reliable. Your VPNs that are pushing data have to be stable, as well. Also, if you are using a third-party solution, you have to manage your keys well. But in terms of it being stable, I would say it's highly available and highly stable.

What do I think about the scalability of the solution?

This solution is very scalable. You can integrate as many subscriptions as possible. They could be Azure subscriptions, AWS accounts, GCP, and other resources. Because it's cloud-based, I have not actually encountered any limits.

I know that with cloud providers when there are limits, you can request an increase, but in terms of how many, I have not seen any limitations so far. As such, I would say it's highly scalable.

We are using it a lot. For Azure, there are 20-plus subscriptions. We don't really use it for AWS accounts. Instead, we prefer to use AWS Security Hub on AWS, so we don't push AWS account data there. But for Azure, we used it for at least 20 subscriptions.

We have a distributed team. I have used it for the past two years in the company, and it's a huge organization. In the whole of the organization, Microsoft Azure is used as the main cloud. AWS was also used, but that was mostly for specific projects. In terms of the number of people using it, I estimate it is between 50 and 100.

How are customer service and technical support?

Microsoft support is very good, although it may depend on the kind of support you have. We have enterprise-level support, so any time we needed assistance, there was a solution architect to work with us.

With the highest support level, we had sessions with Microsoft engineers and they were always ready to help. I don't know the other levels of support, but ours was quite good.

Which solution did I use previously and why did I switch?

We began with the Security Center because it was for projects on Azure.

How was the initial setup?

The initial setup is somewhat straightforward and of medium complexity. Especially when it comes to integrating subscriptions, I would not say that it's complex. At the same time, it is not as simple as just pressing the Next button several times. There are knowledge prerequisites before you can set it up fully and properly.

Setting this solution up was an ongoing project where we kept integrating subscription after subscription. If you know what you're doing, in a couple of days, or even a few minutes, you can get going.

If you need to build the knowledge as you go, it's something you could do in one day. You would integrate one subscription, and then start getting feedback. It's plug and play, in that sense.

What was our ROI?

The company has seen great returns on investment with this solution. In terms of security, you want to match the spending with how effective it is. Top management generally wants more reports. They want statistics and an analysis of what is happening. For example, reports need to say "We had this number of attempts on our systems."

As additional functionality, it's also able to support the business in terms of knowing and reporting the relevant statistics.

What's my experience with pricing, setup cost, and licensing?

This solution is more cost-effective than some competing products. My understanding is that it is based on the number of integrations that you have, so if you have fewer subscriptions then you pay less for the service.

Which other solutions did I evaluate?

We did not evaluate anything else before choosing this product.

For example, we are now considering different products for SEIM integration. One of them is Palo Alto Prisma Cloud. However, the price is too expensive when compared to Azure. It is also a multi-cloud product, although, in the beginning, it didn't support AWS and GCP. It now has support for those cloud providers, as well as additional features that Azure doesn't have.

What other advice do I have?

My advice for anybody who is implementing this product is to start building knowledge about it. Go to the Microsoft documentation and learn about it. As much as they show all of its great functionalities, you really need knowledge of other supporting resources that work with Azure Security Center, because it is just like a hub. It's what you push into it and how you customize it that determines what you get.

This means that if you don't have knowledge of Firewall Manager and you just want to use Security Center, it becomes a problem for you. This is something that you need to know. So, I advise people to get a holistic knowledge of all of the supporting resources that work with Azure Security Center to be able to maximize its value.

If you are looking to build on Azure then I would recommend the Security Center, mainly because of the cost and you will immediately get all of the functionality that you need.

The biggest lesson that I learned from using this product is that you don't get the best value right out of the box. You need further customization and configuration. The capabilities are there but if you don't have a dedicated security team with good technical know-how, such as scripting skills, or being able to work with the Logic App, or maybe the basic functionalities of security, then when you want more in-depth details into your subscriptions, it will become a problem.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Security Solutions Architect at a tech services company with 51-200 employees
Reseller
Developer-friendly and easy to setup

What is our primary use case?

I am a reseller. We provide solutions for our customers.

What is most valuable?

It's a good product. I haven't seen any weakness.

Snyk is a developer-friendly product.

What needs improvement?

Compatibility with other products would be great.

How are customer service and technical support?

I have not contacted technical support.

Which solution did I use previously and why did I switch?

Previously, I was working with Micro Focus Fortify.

How was the initial setup?

The initial setup is easy.

Which other solutions did I evaluate?

We have also evaluated Prisma Cloud by Palo Alto.

What other advice do I have?

We tried to partner up with Snyk, but we were not successful in gaining a partnership. We are not authorized Snyk resellers.

I would rate Snyk an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer:
Buyer's Guide
Web Application Firewall (WAF)
June 2022
Get our free report covering Microsoft, Aqua Security, Check Point, and other competitors of Prisma Cloud by Palo Alto Networks. Updated: June 2022.
610,336 professionals have used our research since 2012.