Prisma Cloud by Palo Alto Networks OverviewUNIXBusinessApplication

Prisma Cloud by Palo Alto Networks is the #1 ranked solution in top Web Application Firewalls, Container Security Solutions, Cloud Workload Protection Platforms, top Microsegmentation Software tools, top Cloud Security Posture Management (CSPM) tools, and top Cloud-Native Application Protection Platforms (CNAPP) tools. PeerSpot users give Prisma Cloud by Palo Alto Networks an average rating of 7.8 out of 10. Prisma Cloud by Palo Alto Networks is most commonly compared to Microsoft Defender for Cloud: Prisma Cloud by Palo Alto Networks vs Microsoft Defender for Cloud. Prisma Cloud by Palo Alto Networks is popular among the large enterprise segment, accounting for 72% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 20% of all views.
Prisma Cloud by Palo Alto Networks Buyer's Guide

Download the Prisma Cloud by Palo Alto Networks Buyer's Guide including reviews and more. Updated: November 2022

What is Prisma Cloud by Palo Alto Networks?

Prisma Cloud is a comprehensive cloud-native security platform (CNSP) that provides security and compliance coverage for infrastructure, applications, data, and all cloud-native technology stacks throughout the development lifecycle. Prisma Cloud safeguards cloud operations across hybrid and multi-cloud environments, all from a single, unified solution, using a combination of cloud service provider APIs and a unified agent framework.

The move to the cloud has changed all aspects of the application development lifecycle, with security being foremost among them. Security and DevOps teams face a growing number of entities to secure as organizations adopt cloud-native approaches. Constantly changing environments challenge developers to build and deploy at a rapid pace without compromising on security. Prisma Cloud by Palo Alto Networks delivers complete security and compliance coverage across the development lifecycle on any cloud environment, enabling you to develop cloud-native applications with confidence.

Prisma Cloud Features

Prisma Cloud offers comprehensive security coverage in all areas of the cloud development lifecycle:

  • Code security: Protect configurations, scan code before it enters production, and integrate with other tools.

  • Security posture management: Monitor posture, identify and remove threats, and provide compliance across public clouds.

  • Workload protection: Secure hosts and containers across the application lifecycle.

  • Network security: Gain network visibility and enforce micro segmentation.

  • Identity security: Enforce permissions and secure identities across clouds.

Benefits of Prisma Cloud

  • Unified management: All users use the same dashboards built via shared onboarding, allowing cloud security to be addressed from a single agent framework.

  • High-speed onboarding: Multiple cloud accounts and users are onboarded within seconds, rapidly activating integrated security capabilities.

  • Multiple integration options: Prisma Cloud can integrate with widely used IDE, SCM, and CI/CD workflows early in development, enabling users to identify and fix vulnerabilities and compliance issues before they enter production. Prisma Cloud supports all major workflows, automation frameworks, and third-party tools.

Reviews from Real Users

Prisma Cloud stands out among its competitors for a number of reasons. Two major ones are its integration capabilities, as well as its visibility, which makes it very easy for users to get a full picture of the cloud environment.

Alex J., an information security manager at Cobalt.io, writes, “Prisma Cloud has enabled us to take a very strong preventive approach to cloud security. One of the hardest things with cloud is getting visibility into workloads. With Prisma Cloud, you can go in and get that visibility, then set up policies to alert on risky behavior, e.g., if there are security groups or firewall ports open up. So, it is very helpful in preventing configuration errors in the cloud by having visibility. If there are issues, then you can find them and fix them.”

Luke L., a cloud security specialist for a financial services firm, writes, “You can also integrate with Amazon Managed Services. You can also get a snapshot in time, whether that's over a 24-hour period, seven days, or a month, to determine what the estate might look like at a certain point in time and generate reports from that for vulnerability management forums.”

Prisma Cloud by Palo Alto Networks was previously known as Palo Alto Networks Prisma Cloud, Prisma Public Cloud, RedLock Cloud 360, RedLock, Twistlock, Aporeto.

Prisma Cloud by Palo Alto Networks Customers

Amgen, Genpact, Western Asset, Zipongo, Proofpoint, NerdWallet, Axfood, 21st Century Fox, Veeva Systems, Reinsurance Group of America

Prisma Cloud by Palo Alto Networks Video

Prisma Cloud by Palo Alto Networks Pricing Advice

What users are saying about Prisma Cloud by Palo Alto Networks pricing:
  • "I don't know a better way to do it, but their licensing is a little confusing. That's due to the breadth of different types of technologies they are trying to cover. The way you license depends on where you're securing. When they were Twistlock it was a simple licensing scheme and you could tell what you were doing. Now that they've changed that scheme with Palo Alto, it is quite confusing. It's very difficult to predict what your costs are going to be as you try to expand coverage."
  • "If you pay for three years of Palo Alto, it's better. If you're planning on doing this, it's obviously not going to be for one year, so it's better if you go with a three-year license... The only challenge we have is with the public cloud vendor pricing. The biggest lesson I have learned is around the issues related to pricing for public cloud. So when you are doing your segmentation and design, it is extremely important that you work with someone who knows and understands what kinds of needs you will have in the future and how what you are doing will affect you in terms of costs."
  • "The pricing is good. They gave us some good discounts right at the end of the year based on the value that it brings, visibility, and the ability to build in cloud, compliance, and security within one dashboard."
  • "Its price is reasonable as compared to other products. The main challenge is explaining the licensing model to customers. It isn't a problem related to Palo Alto. Commonly, people don't understand cloud licensing or security licensing. When they have fixed virtual machines, they know what they are going to be charged, but when it comes to cloud automation, it is hard for them to get clarity in case of high workloads or when they have enabled auto-scaling, etc. It would be helpful if Palo Alto can educate people on their licensing programs."
  • "If a competitor came along and said, "We'll give you half the price," that doesn't necessarily mean that's the right answer, at all. We wouldn't necessarily entertain it that way. Does it do what we need it to do? Does it work with the things that we want it to work with? That is the important part for us. Pricing wasn't the big consideration it might be in some organizations. We spend millions on public cloud. In that context, it would not make sense to worry about the small price differences that you get between the products."
  • "Prisma Cloud Enterprise is a costly solution. You need a license for all the components. At the same time, you have everything under one roof, so I think it's still justified."
  • "The pricing and licensing are expensive compared to the other offerings that we considered."
  • Prisma Cloud by Palo Alto Networks Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Director, Cloud Engineering at a pharma/biotech company with 10,001+ employees
    Real User
    Top 20
    Gives us security control gates and automated notifications in container orchestrator, but deploy is API-driven, not a built-in integration
    Pros and Cons
    • "The ability to monitor the artifact repository is one of the most valuable features because we have a disparate set of development processes, but everything tends to land in a common set of artifact repositories. The solution gives us a single point where we can apply security control for monitoring. That's really helpful."
    • "I've been really pleasantly surprised with how Prisma Cloud is, over time, covering more and more of the topics I care about, and listening to customer feedback and growing the product in the right directions."
    • "When it comes to protecting the full cloud-native stack, it has the right breadth. They're covering all the topics I would care about, like container, cloud configuration, and serverless. There's one gap. There could be a better set of features around identity management—native AWS—IAM roles, and service account management. The depth in each of those areas varies a little bit. While they may have the breadth, I think there's still work to do in flushing out each of those feature sets."

    What is our primary use case?

    There are three pieces to our use case. For the container piece, which used to be Twistlock, we use static scan to scan our artifact repositories and we use that data to remediate issues and provide it back to developers. We also do runtime monitoring on our orchestrators, which are primarily Kubernetes, but some DC/OS as well. Right now, it's all on-premises, although we'll be moving that to the cloud in the future. 

    And we use what used to be RedLock, before it was incorporated into the solution.

    How has it helped my organization?

    Prisma Cloud has definitely enabled us to integrate security into our CI/CD pipeline and add touchpoints into existing DevOps processes for container. In the container those touchpoints are pretty seamless. We've been able to implement security control gates and automate notifications back to teams of vulnerabilities in the container orchestrator. It all works pretty smoothly, but it required a fair amount of work on our part to make that happen. But we did not run into limitations of the tool. It enabled us pretty well. The one part where we have a little bit of a gap that most of those are at deployment time. We haven't shifted all those controls back to the team level at build time yet. And we haven't really tackled the cloud space in the same way yet. 

    I'm not sure we have SecOps in the container space exactly in the same way we do in other DevOps. We shifted a lot of the security responsibility into the development teams and into the Ops teams themselves. There's less of a separation. But overall, the solution has increased collaboration because of data visibility.

    It also does pretty well at providing risk clarity at runtime, and across the entire pipeline, showing issues as they are discovered during the build phases. It does a good job in terms of the speed of detection, and you can look at it in terms of CVSS score or an arbitrary term for severity level. Our developers are able to correct the issues.

    We are clearly better off in that we have visibility, where there was a gap before. We know where our container vulnerabilities and misconfigurations are, and even on the cloud side, where cloud misconfigurations are happening. That visibility is a huge benefit. 

    The other part is actually using that data to reduce risk and that's happened really well on the container side. On the cloud side, there's still room to grow, but that's not an issue with Prisma Cloud itself. These tools are only a part of the equation. It takes a lot of organizational work and culture and prioritization to address the output of these tools, and that takes time.

    What is most valuable?

    The ability to monitor the artifact repository is one of the most valuable features because we have a disparate set of development processes, but everything tends to land in a common set of artifact repositories. The solution gives us a single point where we can apply security control for monitoring. That's really helpful.

    Another valuable feature is the ability to do continuous monitoring at runtime. We can feed that data back to developers so they can get intelligence on what's actually deployed, and at what level, versus just what's in the artifact repository, because those are different.

    In the security space, most security solutions typically do either development-side security, or they do runtime operational security, but not both. One of the relatively unique characteristics of this solution in the marketplace—and it may be that more and more of the container security solutions do both sides—is that this particular solution actually spans both. We try to leverage that.

    And for the development side, we utilize both the vulnerability results from the static vulnerability scanning as well as the certain amount of configuration compliance information that you can gather from the static pre-deployment scans. We use both of those and we pay attention to both sides of that. Because this solution can be implemented both on the development side and on the runtime operational side, we look at the same types of insights on the operational runtime side to keep up with new threats and vulnerabilities. We feed that information back to developers as well, so they can proactively keep up.

    We have multiple public clouds and multiple internal clouds. Some of it is OpenStack-based and some of it is more traditional VM-based. Prisma Cloud provides security spanning across these environments, in terms of the static analysis. When we're looking at the artifact repository, the solutions we're using Prisma Cloud to scan and secure will deploy to both public cloud and internal cloud. Moving into 2021, we'll start to do more runtime monitoring in public cloud, particularly in AWS. We're starting to see more EKS deployment and that's going to be a future focus area for us. It's extremely important to us that Prisma Cloud provides security across these environments. If Prisma didn't do that, that would be a deal-breaker, if there were a competitor that did. 

    Public cloud is strategically very important to our company, as it probably is for many companies now, so we have to have security solutions in that space. That's why we say the security there is extremely important. We have regulatory compliance requirements. We have some contractual obligations where we have to provide certain security practices. We would do that anyway because they are security best practices, but there are multiple drivers.

    Applying some of their controls outside of the traditional container space, for example, as we're doing hybrid cloud or container development, is helpful. Those things get their tentacles out to other areas of the infrastructure. An example would be that we look at vulnerabilities and dependencies as we develop software, and we use Prisma Cloud to do that for containers. We use other tools outside of the container space. They're starting to move into that other space so we can point Prisma Cloud at something like a GitHub and do that same scanning outside of the container context. That gives us the ability to treat security control with one solution.

    What needs improvement?

    When it comes to protecting the full cloud-native stack, it has the right breadth. They're covering all the topics I would care about, like container, cloud configuration, and serverless. There's one gap. There could be a better set of features around identity management—native AWS—IAM roles, and service account management. The depth in each of those areas varies a little bit. While they may have the breadth, I think there's still work to do in  flushing out each of those feature sets.

    My understanding of Palo Alto's offerings is that they have a solution that is IAM-focused. It's called Prisma Access. We have not looked at it, but I believe it's a separately-licensed offering that handles those IAM cases. I don't know whether they intend to include any IAM-type of functionality in the Prisma Cloud feature set or whether they will just say, "Go purchase this separate solution and then use them next to each other."

    Also, I don't think their SaaS offering is adoptable by large enterprises like ours, in every case. There are some limitations on having multiple consoles and on our ability to configure that SaaS offering. We would like to go SaaS, but it's not something we can do today.

    We have some capability to do network functions inside of Prisma Cloud. Being able to integrate that into the non-cloud pieces of the Palo Alto stack would be beneficial.

    The solution's security automation capabilities are mixed. We've done some API development and it's good that they have APIs, that's beneficial. But there is still a little disconnect between some of the legacy Twistlock APIs versus some of the RedLock APIs. In some cases the API functionality is not fully flushed out. 

    An example of that is that we were looking at integrating Prisma Cloud scans into our GitHub. The goal was to scan GitHub repositories for CloudFormation and Terraform templates and send those to Prisma Cloud to assess for vulnerabilities and configuration. The APIs are a little bit on the beta-quality side. It sounds like newer versions that some of that is handled, but I think there's some room to grow. 

    Also, our team did run into some discrepancies between what's available, API-wise, that you have to use SaaS to get to, versus the on-premise version. There isn't necessarily feature parity there, and that can be confusing.

    Buyer's Guide
    Prisma Cloud by Palo Alto Networks
    November 2022
    Learn what your peers think about Prisma Cloud by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
    653,757 professionals have used our research since 2012.

    For how long have I used the solution?

    We've been using Prisma Cloud by Palo Alto for about two-and-a-half years.

    What do I think about the stability of the solution?

    The stability has been excellent. The solution simply runs. It very seldom breaks and, typically, when it does, it's easy to troubleshoot and get back on track.

    What do I think about the scalability of the solution?

    The scalability has been good for our use cases.

    When we first adopted it, a single console could cover 1,000 hosts that were running container workloads. That was more than enough for us, and to date it has been more than enough for us, because we have multiple network environments that need to stay separated, from a connectivity standpoint. We've needed to put up multiple consoles, one to serve each of those network environments. Within each of those network environments, we have not needed to scale up to 1,000 yet.

    There's wide adoption across our organizations, but at the same time there is tremendous room to grow with those organizations. Many organizations are using it somewhat, but we are probably at 20 to 25 percent of where we need to be.

    It's safe to say we have several hundred people working with the solution, but it's not 1,000 yet. They are primarily developers. There are some operational folks who use it as well. To me, that speaks to the ease of deployment and administration of this solution. You really don't need a large operational group to deploy. When it comes to security, incident response, and the continuous monitoring aspects that a continual security team does, I don't have insight because I don't work in that area of the company, but I see that as expanding down the road. It's another area of growth for us.

    How are customer service and support?

    Their technical support has been very good. Everyone that I've been involved with has been very responsive and helpful. They have remained engaged to drive resolution of issues that we have found.

    Which solution did I use previously and why did I switch?

    We did not have a previous solution.

    How was the initial setup?

    Standing up an instance is quite simple, for an enterprise solution. It has been excellent in that regard.

    It's hard to gauge how long our deployment took. We have multiple consoles and multiple network contexts, and a couple of those have different sets of rules and different operational groups to work with. It took us several months across all those network environments that we needed to cover, but that's not counting the actual amount of time it took to execute steps to install a console and deploy it. The actual steps to deploy a console and the Defenders is a very small amount of time. That's the easiest part.

    Our implementation strategy for Prisma Cloud was that we wanted to provide visibility across the SDLC: static scan, post-build, as things go to the artifact repository. Our goal was to provide runtime monitoring at our development, test, and production platforms.

    What about the implementation team?

    We did it ourselves.

    What's my experience with pricing, setup cost, and licensing?

    I don't know a better way to do it, but their licensing is a little confusing. That's due to the breadth of different types of technologies they are trying to cover. The way you license depends on where you're securing. When they were Twistlock it was a simple licensing scheme and you could tell what you were doing. Now that they've changed that scheme with Palo Alto, it is quite confusing. It's very difficult to predict what your costs are going to be as you try to expand coverage.

    Which other solutions did I evaluate?

    At the time we looked at our incumbent vendors and others that were container-specific. We were trying to avoid a new vendor relationship, if possible. We looked at Rapid7 and Tenable. Both were starting to get into the container space at the time. They weren't there yet. We did our evaluation and they were more along the lines of a future thought process than an implementable solution.

    We looked at Twistlock, which was a start-up at the time, and Aqua because they were in the space, and we looked at a couple of cloud solutions, but they were in cloud and working their way to container. We did the same exercise with Evident.io and RedLock, before they were purchased by Palo Alto. They were the only vendors that covered our requirements. In the case of Twistlock, their contributions in the NIST 800-190 standards, around container security, helped influence our decision a little bit, as did the completeness of their vision and implementation, versus their competitors.

    What other advice do I have?

    My advice would be not to look at it like you're implementing a tool. Look at it like you're changing your processes. You need to plan for the impact of the data for the various teams across Dev and Security and Ops. Think very holistically, because a lot of this cloud container stuff spans many teams. If you only look at it as "I'm going to plug a tool in and I'm going to get some benefit," I think you'll fail.

    Prisma Cloud covers both cloud and container, or could cover either/or, depending on your needs. But in both of those cases, there's often confusion about who owns what, especially as you're creating new teams with the transition to DevOps and DevSecOps. Successful implementation has a lot to do with working out lines of ownership in these various areas and changing processes and even the mindset of people. You have to make strides there to really maximize the effectiveness of the solution.

    The solution provides Cloud Security Posture Management in a single pane of glass if you're using the SaaS solution, but we do not. Our use case does not make it feasible for us to use the SaaS solution. But with the Prisma Cloud features and compute features in the self-hosted deployment, you have to go to multiple panes to see all the information.

    When it comes to the solution helping us take a preventative approach to cloud security, it's a seven or eight out of 10. The detective side is a little higher. We are using the detective controls extensively. We're getting the visibility and seeing those things. There is a lot of hesitance to use preventative controls here, both on the development side—the continuous integration stuff—and particularly in the runtime, continuous monitoring protection, because you are just generally afraid. This mirrors years and years ago when intrusion prevention first came out at the network level. A lot of people wanted to do detection, but it took quite a few years for enterprises to get the courage to start actively blocking. We're in that same growth period with container security.

    When it comes to securing the entire cloud-native development lifecycle, across build, deploy, and run, it covers things pretty well. When I think about it in terms of build, there are integrations with IDEs and development tools and GitHub, etc. Deploy is a little shakier to me. I know we have Jenkins integration. And run is good. In terms of continuous monitoring, it feels build and run are a little stronger than deploy. If we could see better integration with other tools, that might help. If I'm doing that deploy via Terraform or Spinnaker, I don't know how all that plays with the Jenkins integrations and some of the other integrations that Palo Alto has produced.

    Overall, it feels like a pretty good breadth of integrations, as far as what they claim. They certainly support some things that we don't use here at build and deploy and runtime. But a lot of what they rely on, in terms of deploy, is API-driven, so it's not an easy-to-configure, built-in integration. It's more like, "We have an API, and if you want to write custom software to use that API, you can." They claim support in that way, but it's not at the same level as just configuring a couple of items and then you can scan a registry.

    In the container space, we have absolutely seen benefit from the solution for securing the cloud-native development lifecycle. At the same time, it has required some development on our part to get the integration. Some of that is because we predated some of the integrations they offer. But in the container space, there has definitely been a huge impact. The impact has been less so in cloud configuration, because there are so many competing offerings that can do that with Terraform and Azure Security Center and Amazon native tools. I don't feel like we've made quite the same inroads there.

    In terms of it providing a single tool to protect all of our cloud resources and applications, I don't think it does. Maybe that's because of our implementation, but it just doesn't operate at every level. I don't think we'd ever go down that path. We have on-premise tools that have been here a long time. We've built processes around reporting. Vulnerability scanning is an example. We run Nessus on-premise, and we wouldn't displace Nessus with, say, a Twistlock Defender to do host-level scanning in the cloud, because we'd have a disparate tool set for cloud versus on-premise for no reason. I don't ever see Prisma Cloud being the single solution for all these security features, even if they can support them.

    It's important that it integrate with other tools. We talked earlier about a single dashboard. A lot of those dashboards are aggregating data from other tools. One thing that has been important to us is feeding data to Splunk. We have a SIEM solution. So I would always envision Prisma Cloud as being a participant in an ecosystem.

    In summary, I actually hate most security products because they're very siloed and you have mixed-vendor experiences. I don't think they take a big-picture view. I've been really pleasantly surprised with how Prisma Cloud is, over time, covering more and more of the topics I care about, and listening to customer feedback and growing the product in the right directions. For the most part, it does what they say it will do. The vendor support has also been good. I would definitely give the vendor an eight out of 10 because they've been great in understanding and providing solutions in the space, and because of the reliability and the responsiveness. They've been very open to our input as customers. They take it very seriously and we've taken advantage of that and developed a good relationship with them.

    When it comes to the solution itself, I would give the compute solution an eight. But I don't think I would give the Prisma Cloud piece an eight. So overall, I would rate the solution as a seven because the compute is stronger than the other piece, what used to be RedLock.

    I would also emphasize that what I think is a strong roadmap for the product and that Palo Alto is really interested in customer feedback. They do seem to incorporate it. That may be our unique experience because our use cases just happen to align with what Palo wants to do, but I think they're heading in the right direction.

    Early on in a solution's life cycle or problem space, it's more important to have that responsiveness than it is even to have the fullest of solutions. The fact that we came across this vendor, one that not only mostly covered what we needed when we were first looking for it three years ago, but that has also been as responsive as they have to grow the solution, has been really positive.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Ali Mohiuddin - PeerSpot reviewer
    Security Architect at a educational organization with 201-500 employees
    Real User
    Top 5
    The magic happens with traffic passing through multiple zones and our data center, as we can quickly troubleshoot problems
    Pros and Cons
    • "The application visibility is amazing. For example, sometimes we don't know what a particular custom port is for and what is running on it. The visibility enables us to identify applications, what the protocol is, and what service is behind it. Within Azure, it is doing a great job of providing visibility. We know exactly what is passing through our network. If there is an issue of any sort we are able to quickly detect it and fix the problem."
    • "Getting new guys trained on using the solution requires some thought. If someone is already trained on Palo Alto then he's able to adapt quickly. But, if someone is coming from another platform such as Fortinet, or maybe he's from the system side, that is where we need some help. We need to find out if there is an online track or training that they can go to."

    What is our primary use case?

    We had an internal debate regarding our firewall solution for the cloud. Initially we had a vendor that suggested we could build a whole environment using the Azure firewall, but we had requirements for Zero Trust architecture. We are essentially like a bank. We were planning to host some PCI services in the cloud and we were planning to create all the zones. When we looked at the feature set of Azure, we were not able to find Layer 7 visibility, which we had on our firewalls, and that is where the debate started. We thought it was better to go with a solution that gives us that level of visibility. Our team was comfortable with Palo Alto as a data center firewall, so we went for Prisma Cloud.

    How has it helped my organization?

    The comprehensiveness of the solution for protecting the full cloud-native stack is pretty good. It is doing a good job in three areas: identification, detection, and the response part is also very clear. We are able to see what is wrong, what is happening, and what we allowed, even for troubleshooting. If something goes bad, we need to check where it went bad and where it started. For example, if there is an issue that seems to be performance-related, we are able to look at the logs and the traffic flow and identify if the issue really is performance-related or if it is a security issue. Because we are new to the cloud, we are using a combination of different features to understand what is going on, if the application owner does not know what is wrong. We use the traffic analysis to find out what it was like yesterday or the day before and what is missing. Perhaps it is an authentication issue. We use it a lot for troubleshooting.

    We have implemented Palo Alto's SOAR solution, Demisto, and have automated some of the things that our SOC team identified, related to spam and phishing. Those workflows are working very well. Things that would take an analyst between three and six hours to do can now be achieved in five to eight minutes because of the automation capabilities.

    Overall, the Palo Alto solution is extremely good for helping us take a preventative approach to cloud security. One of the problems that we had was that, in the cloud, networking is different from standard networking. Although only a portion of our teams is trained on the cloud part, because we had engineers who were using the platform, they were able to quickly adapt. We were able to use our own engineers who were trained in the data center to very quickly be able to work on Prisma Cloud. But when we initially tried to do that with Azure itself, we had a lot of difficulty because they did not have the background in how Azure cloud works.

    Also, when you have a hybrid cloud deployment, you will have something on-prem. Maybe your authentication or certain applications are still running on-prem and you are using your gateway to communicate with the cloud. A lot of troubleshooting happens in both the data centers. When we initially deployed, we had separate people for the cloud and for the local data centers. This is where the complication occurred. Both teams would argue about a lot of things. Having a single solution, we're able to troubleshoot very quickly. The same people who work on our Palo Alto data center firewalls are able to use Prisma Cloud to search and find out what went wrong, even though it's a part of the Azure infrastructure. That has been very good for us. They were easily able to adapt and, without much training, they were able to understand how to use Prisma Cloud to see what is happening, where things are getting blocked, and where we need to troubleshoot.

    The solution provides the visibility and control we need, regardless of how complex or distributed the cloud environments become. If you have traffic passing through multiple zones and you have your own data center as well, that is where it does the magic. Using Prisma Cloud, we're able to quickly troubleshoot and identify where the problem is. Suppose that a particular feature in Office 365 is not working. The packet capture capability really helps us. In certain cases, we have seen where Microsoft has had bugs and that is one area where this solution has really helped us. We have been able to use the packet capture capability to find out why it was not working. That would not have been possible in a normal solution. We are using it extensively for troubleshooting. We are capturing the data and then going back to the service provider with the required logs and showing them the expected response and what we are getting. We can show them that the issue is on their side.

    When it comes to Zero Trust architecture, it's extremely good for compliance. In our data center, we did a massive project on NSX wherein we had seven PCI requirements. We needed to ensure that all the PCI apps pass through the firewall and that they only communicate with the required resources and that there was no unexpected communication. We used Prisma Cloud to implement Zero Trust architecture in the cloud. Even in between the subnets, there is no communication allowed. Only what we allowed is passing through the firewall. The rest is getting blocked, which is very good for compliance.

    If I have to generate a report for the PCI auditor, it is very simple. I can show him that we have the firewall with the vulnerability and IPS capabilities turned on, and very quickly provide evidence to him for the certification part. This is exactly what we wanted and is one of the ways in which the solution is helping us.

    Another of the great things about Prisma Cloud is that the management console is hosted. That means we are not managing the backend. We just use Prisma Cloud to find out where an issue is. We can go back in time and it is much faster. If you have an appliance, the administration and support of it are also part of your job. But when you have Prisma Cloud, you don't care about those things. You just focus on the issues and manage the cloud appliances. This is something that is new for us and extremely good. Even though we have a lot of traffic, the search and capabilities are very fast, making them extremely good for troubleshooting.

    Because the response is much faster, we're able to quickly find problems, and even things that are not related to networking but that are related to an application. We are able to help the developers by telling them that this is where the reset packet is coming from and what is expected.

    We are using the new Prisma Cloud 2.0 Cloud Security Posture Management features. For example, there are some pre-built checklists that we utilize. It really helps us identify things, compared to Panorama, which is the on-prem solution. There are a lot of elements that are way better than Panorama. For instance, it helps us know which things we really need to work on, identifying issues that are of high importance. The dashboards and the console are quite good compared to Panorama.

    If one of our teams is talking about slowness, we are able to find out where this slowness is coming from, what is not responding. If there is a lock on the database, and issues are constantly being reported, we are able to know exactly what is causing the issue in the backend application.

    What is most valuable?

    The main feature is the management console which gives us a single place to manage all our requirements. We have multiple zones and, using UDR [user-defined routing] we are sending the traffic back to Palo Alto. From there we are defining the rules for each application. What we like about it is the ease of use and the visibility.

    The application visibility is amazing. For example, sometimes we don't know what a particular custom port is for and what is running on it. The visibility enables us to identify applications, what the protocol is, and what service is behind it. Within Azure, it is doing a great job of providing visibility. We know exactly what is passing through our network. If there is an issue of any sort we are able to quickly detect it and fix the problem.

    The solution provides Cloud Security Posture Management, Cloud Workload Protection, Cloud Network Security, and Cloud Infrastructure Entitlement Management in a single pane of glass. When it comes to anomaly detection, because we have Layer 7 visibility, if there is something suspicious, even though it is allowed, we are able to identify it using the anomaly detection feature. We also wanted something where we could go back in time, in terms of visibility. Suppose something happened two hours back. Because of the console, we are able to search things like that, two hours back, easily, and see what happened, what change might have happened, and where the traffic was coming from. These features are very good for us in terms of investigation.

    In addition, there are some forensic features we are utilizing within the solution, plus data security features. For example, if we have something related to financial information, we can scan it using Prisma Cloud. We are using a mixture of everything it offers, including network traffic analysis, user activity, and vulnerability detection. All these things are in one place, which is something we really like.

    Also, if we are not aware of what the port requirements are for an application, which is a huge issue for us, we can put it into learning mode and use the solution to detect what the exact port requirements are. We can then meet to discuss which ones we'll allow and which ones are probably not required.

    What needs improvement?

    The only part that is actually tough for us is that we have a professional services resource from Palo Alto working with us on customization. One of the things that we are thinking about is that if we have similar requirements in the future, how can we get his capability in-house? The professional services person is a developer and he takes our requirements and writes the code for the APIs or whatever he needs to access. We will likely be looking for a resource for the Demisto platform.

    The automation also took us time, more than we thought it would take. We had some challenges because Demisto was a third-party product. Initially, the engineer who is with us thought that everything was possible, but later on, when he tried to do everything, he was not able to do some things. We had to change the strategy multiple times. But we have now reached a point where we are in a comfort zone and we have been able to achieve what we wanted to do.

    Also, getting new guys trained on using the solution requires some thought. If someone is already trained on Palo Alto then he's able to adapt quickly. But, if someone is coming from another platform such as Fortinet, or maybe he's from the system side, that is where we need some help. We need to find out if there is an online track or training that they can go to.

    Related to training is the fact that changes made in the solution are reflected directly in the production environment. As of now, we are not aware of any method for creating a demo environment where we can train new people. These are the challenges we have.

    For how long have I used the solution?

    We have been using Prisma Cloud by Palo Alto Networks for about eight months.

    What do I think about the stability of the solution?

    We have not had many issues with the solution's stability, and whatever challenges we have had have been in the public cloud. But with the solution itself there has only been one issue we got stuck on and that was NAT-ing. It was resolved later. We ran into some issues with our design because public internet access was an issue, and that took us some time. But it was only the NAT-ing part where we got stuck. The rest has all been smooth.

    What do I think about the scalability of the solution?

    As of now, we have not put a load on the system, so we will only know about how it handles that when we start migrating our services. For now, we've just built the landing zones and only very few services are there. It will take like a year or so before we know how it will handle our load.

    This is our main firewall solution. We are not relying on the cloud-based firewall as of now. All our traffic is going through Prisma Cloud. Once we add our workloads, we will be using the full capacity of the solution.

    How are customer service and support?

    We have not had any issues up to now.

    Which solution did I use previously and why did I switch?

    We initially tried to use the Azure firewall and the VPC that is available in Azure, but we had very limited capabilities that way. It was just a packet filtering solution with a lot of limitations and we ended up going back to Palo Alto.

    How was the initial setup?

    The initial setup was straightforward. There was an engineer who really helped us and we worked with them directly. We did not have any challenges.

    The initial deployment took us about 15 days and whatever challenges we had were actually from the design side. We wanted to do certain things in a different way and we made a few changes later on, but from the deployment and onboarding perspectives, it was straightforward.

    We have a team of about 12 individuals who are using Prisma Cloud, all from the network side, who are involved in the design. On the security side, three people use it. We want to increase that number, but as I mentioned earlier, there is the issue of how we can train people. For maintenance, we have a 24/7 setup and we have at least six to eight engineers, three per shift. Most of them are from the network security side, senior network security engineers, who mainly handle proxy and firewall.

    What about the implementation team?

    Our implementation strategy included using a third-party vendor, Crayon, who actually set up the basic design for us. Once the design was ready, we consulted with the Palo Alto team telling them that this was what we wanted to implement: We will have this many zones and these are the subnets. It didn't take much time because we knew exactly what our subnets were but also because the team that was helping us had already had experience with deployment.

    Our experience with Crayon went well. Our timeline was extremely short and in the time that was available they did an excellent job. We reached a point where the landing zones were ready and whatever issues we had were resolved.

    What's my experience with pricing, setup cost, and licensing?

    I can't say much about the pricing because we still have not started using the solution to its full capabilities. As of now, we don't have any issues. Whatever we have asked for has been delivered.

    If you pay for three years of Palo Alto, it's better. If you're planning on doing this, it's obviously not going to be for one year, so it's better if you go with a three-year license.

    The only challenge we have is with the public cloud vendor pricing. The biggest lesson I have learned is around the issues related to pricing for public cloud. So when you are doing your segmentation and design, it is extremely important that you work with someone who knows and understands what kinds of needs you will have in the future and how what you are doing will affect you in terms of costs. If you have multiple firewalls, the public cloud vendor will also charge you. There are a lot of hidden costs.

    Every decision you make will have certain cost implications. It is better that you try to foresee and forecast how these decisions are going to affect you. The more data that passes through, the more the public cloud will charge you. If, right now, you're doing five applications, try to think about what 100 or 250 applications will cost you later.

    Which other solutions did I evaluate?

    If we had gone with the regular Azure solution, some of the concerns were the logging, monitoring, and search capabilities. If something was getting blocked how would we detect that? The troubleshooting was very complicated. That is why we went with Prisma Cloud, for the troubleshooting.

    Microsoft is not up to where Palo Alto is, right now. Maybe in six months or a year, they will have some comparable capabilities, but as of now, there is no competitor.

    Before choosing the Palo Alto product we checked Cisco and Fortinet. In my experience, it seemed that Cisco and Forinet were still building their products. They were not ready. We were lucky that when we went to Palo Alto they already had done some deployments. They already had a solution ready on the marketplace. They were quickly able to provide us the demo license and walk us through the capabilities and our requirements. The other vendors, when we started a year ago, were not ready.

    What other advice do I have?

    If you have compliance requirements such as PCI or ISO, going with Palo Alto would be a good option. It will make your life much easier. If you do not have Layer 7 visibility requirements and you do not have auditing and related requirements, then you could probably survive by going with a traditional firewall. But if you are a midsize or enterprise company, you will need something that has the capabilities of Prisma Cloud. Otherwise, you will have issues. It is very difficult to work with the typical solution where there is no log and you don't know exactly what happened and there is too much trial and error.

    Instead of allowing everything and then trying to limit things from there, if you go with a proper solution, you will know exactly what is blocked, where it is blocked, and what to allow and what not to allow. In terms of visibility, Prisma Cloud is very good.

    One thing to be aware of is that we have a debate in our environment wherein some engineers from the cloud division say that if we had an Azure-based product, the same engineer who is handling the cloud, who is the global administrator, would have visibility into where a problem is and could handle that part. But because we are using Palo Alto, which has its own administrators, we still have this discussion going on.

    Prisma Cloud also provides security spanning multi- and hybrid-cloud environments, which is very good for us. We do not have hybrid cloud as of now, but we are planning, in the future , to be hosting infrastructure on different cloud providers. As of now we only have Azure.

    Because Zero Trust is something new for us, we have actually seen a significant increase in alerts. Previously, we only had intra-zone traffic. Now we have inter-zone traffic. Zero Trust deployments are very different from traditional deployments. It's something we have to work on. However, because of the increased security, we know that a given computer tried to scan something during office hours, or who was trying to make certain changes. So alerts have increased because of the features that we have turned on.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Microsoft Azure
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Prisma Cloud by Palo Alto Networks
    November 2022
    Learn what your peers think about Prisma Cloud by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
    653,757 professionals have used our research since 2012.
    Alex Jones - PeerSpot reviewer
    Information Security Manager at Cobalt.io
    Real User
    Top 10
    Provides central visibility across multiple cloud environments in a single pane of glass
    Pros and Cons
    • "Prisma Cloud has enabled us to take a very strong preventive approach to cloud security. One of the hardest things with cloud is getting visibility into workloads. With Prisma Cloud, you can go in and get that visibility, then set up policies to alert on risky behavior, e.g., if there are security groups or firewall ports open up. So, it is very helpful in preventing configuration errors in the cloud by having visibility. If there are issues, then you can find them and fix them."
    • "Some of the usability within the Compute functionality needs improvement. I think when Palo Alto added on the Twistlock functionality, they added a Compute tab on the left side of the navigation. Some of the navigation is just a little dense. There is a lot of navigation where there is a tab and dropdowns. So, just improving some of the navigation where there is just a very dense amount of buttons and drop-down menus, that is probably the only thing, which comes from having a lot of features. Because there are a lot of buttons, just navigating around the platform can be a little challenging for new users."

    What is our primary use case?

    Previously, we were primarily using Amazon Web Services in a product division. We initially deployed RedLock (Prisma Cloud) as a PoC for that product division. Because it is a large organization, we knew that there were Azure and GCP for other cloud workloads. So, we needed a multi-cloud solution. In my current role, we are primarily running GCP, but we do have some presence in Amazon Web Services as well. So, in both those use cases, the multi-cloud functionality was a big requirement.

    We are on the latest version of Prisma Cloud.

    How has it helped my organization?

    It is very important that Prisma Cloud provides security spanning multi-cloud environments, where you have Amazon, Azure, and GCP multiple cloud environments. Being able to centralize all those assets, have visibility, and set some policies and rules within one dashboard when you have multiple cloud accounts is a big advantage.

    The comprehensiveness of Prisma Cloud for securing the entire cloud-native development lifecycle was shown when Palo Alto bought Twistlock and integrated in some of the container security pieces, particularly for containers, Docker, and Kubernetes, and building in the Prismic Cloud Compute tab. Having that functionality from Twistlock more focused on Docker and containers filled in some of the space where the original Prisma RedLock piece was a little more focused on just the API, e.g., passive scanning. The integration of Twistlock into Prisma Cloud Compute definitely expanded this functionality into the container and Docker space, which is a big growth area in the cloud as well.

    Prisma Cloud has enabled us to take a very strong preventive approach to cloud security. One of the hardest things with cloud is getting visibility into workloads. With Prisma Cloud, you can go in and get that visibility, then set up policies to alert on risky behavior, e.g., if there are security groups or firewall ports open up. So, it is very helpful in preventing configuration errors in the cloud by having visibility. If there are issues, then you can find them and fix them. 

    Educates and trains cloud operators on how to better design their different cloud and infrastructure deployments. Prisma Cloud has very good remediation steps built in. So, if you do find an issue, they will give you steps on, "Here is how you go into the Console and make this change to close out this issue, preventing this in the future." So, it is a strong tool for the prevention and protection of the cloud, in general.

    We have gone in and done some tuning to remove alerts that were false positives. That reduced some of the alerts. Then, as our team has gone in and fixed issues, we have seen from the metrics and tracking of Prisma Cloud that alerts have been reduced.

    What is most valuable?

    The compliance tabs were helpful just to have visibility into the assets as well as the asset management tabs. In the cloud, everything is very dynamic and ephemeral. So, being able to see dynamic asset inventory for what we have in cloud environments was a huge plus. Just to have that visibility in a dashboard instead of having to dump things into a spreadsheet, e.g., you are trying to do asset inventory and spreadsheets, then five minutes later it changes cause the cloud is dynamic. So, the asset inventory and compliance tabs are strong. 

    When the cloud team makes a change that may introduce some risk, then we get alerts.

    We pretty heavily used the Resource Query Language (RQL) and the investigate tab to find what instances and cloud resources are externally facing and might be higher risk, looking for particular patterns in the resources. 

    Prisma Cloud provides the following in a single pane of glass within a dashboard: Cloud Security Posture Management, Cloud Workload Protection, Cloud Network Security, and Cloud Infrastructure Entitlement Management. It is particularly challenging, especially in a multi-cloud environment, where you would have to log into your Google Cloud, then look for your infrastructure and alerting within Google. In addition, you have to switch over to Amazon and log into an AWS Console to do some work with Amazon. Having that central visibility across multiple cloud environments is definitely important when you have different sources and different dashboards for the cloud, which will still be separate, but you still have some centralization within that dashboard.

    The solution’s security automation capabilities are definitely good. We use some of the automation within the alerting, where if Prisma Cloud detected a change and there was a certain threshold, e.g., if it was above a medium or a high risk issue, then we would send off an alert that would go to our infrastructure team/Slack channel, creating a Jira ticket. The automation with Slack and Jira have been very good feature points. 

    The Prisma Cloud tool identifies for the security team the resource in the cloud that is the offender, such as, the context, the resource in the cloud, what is the cloud account, and the cloud environment that the resource is in. Then, there is always very good context on remediation, e.g., how do we go in and fix that issue? Do we either go through automation or log into the Cloud Console to do some remediation? The alerts include the context that is needed as well as the risk ranking and severity, whether it is a high, medium, or low issue.

    The Prisma Cloud Console always has good remediation steps, whether it is going into the Console, updating a Cloud Formation, or Terraform scripts. The remediation guidance is always very helpful from Prisma Cloud.

    What needs improvement?

    Some of the usability within the Compute functionality needs improvement. I think when Palo Alto added on the Twistlock functionality, they added a Compute tab on the left side of the navigation. Some of the navigation is just a little dense. There is a lot of navigation where there is a tab and dropdowns. So, just improving some of the navigation where there is just a very dense amount of buttons and drop-down menus, that is probably the only thing, which comes from having a lot of features. Because there are a lot of buttons, just navigating around the platform can be a little challenging for new users.

    They could improve a little bit of the navigation, where I have to kind of look through a lot of the different menus and dropdowns. Part of this just comes from it having so many awesome features. However, the navigation can sometimes be a little bit like, "I can't remember where the tab was," so I have to click and search around. This is not a big negative point, but it is definitely an area for improvement.

    For how long have I used the solution?

    I started using this solution when it was still called RedLock. Before Palo Alto bought RedLock, I used RedLock for about a year and then for another year or two once Palo Alto bought them, rebranding them as Prisma Cloud. So, I have been using it for about three or four years.

    What do I think about the stability of the solution?

    It is very stable and solid. We haven't really had any issues with the dashboard. The availability is there. The ability to log in and get near real-time data on our cloud environment is very good. Overall, the stability and accessibility has been good.

    What do I think about the scalability of the solution?

    We use it pretty much daily, several days a week. We are licensed for 200 workloads in Prisma Cloud.

    We are definitely still working on maturing some of our operations. We have a pretty small infrastructure team; just two engineers who are focused on infrastructure. We are trying to automate as much as we can, and Prisma Cloud supports most of that. There are still some cases where you have to log into the Console and do some clicking around. However, for the most part, we are trying to automate as much as we can to scale those operations with a very small infrastructure and security team.

    How are customer service and technical support?

    Their customer and technical support is very good. They helped us on scoping, getting an estimate for how many workloads and resources that we had. Their support team helped us through some issues on the configuration in the API on the Defender side. We had a couple questions that came up and the customer success and support engineers were very responsive and helpful. 

    The sales team was really good. We leveraged some of our relationships, working extensively with some of the leadership at Palo Alto in Unit 42 on their threat team. The sales team gave us a pretty good deal right before the end of the year, last year. So, we were able to get a good discount, so we were able to get the purchase done. Overall, it was a good experience.

    Which solution did I use previously and why did I switch?

    This was a new implementation for our company.

    How was the initial setup?

    Deploying the baseline for Prisma Cloud, its API configuration, was straightforward. To set up the API roles and hook in the API connectivity, we were able to do that within a couple of hours. The Prisma Cloud piece at the API level was very quick. The Defender agents were a bit more complicated because we had to deploy the Compute Defender agents into our containers, Docker, and Kubernetes. That was a little more complex, because we were deploying, not just connecting an API. We were deploying agents within our environment. So, the API side was very simple and fast. The Defender side was a bit more complicated.

    We are still working on expanding and deploying some more Defender agents. The API piece was deployed within about a week, which was very fast. On the Defender side, with the infrastructure team's input, it took us several weeks to get the Defender agents deployed.

    When we deployed Prisma Cloud, we established some baselines for security and our infrastructure team for what was running in the cloud. They were using some automation and scripting. They thought everything was okay with the script: We just run a script and it deploys this server and infrastructure in the cloud. What we found was that there were some misconfigurations. They had a default script that was opening up some ports that were not needed. So, we worked with the infrastructure team, went back, and said, "Okay, these ports were uncovered with our Prisma Cloud scanning. Is there a business use? Is there any valid reason for these ports to be open?" The team said, "No we don't really need these ports." It was just a default that we need to deploy in Google or AWS. It was just a default that was added in. So, we worked with them to go back and change some of their defaults, then change some of their scripts. Now, in future cases, when they deploy the Terraform script, it would make sure that those ports are automatically closed.

    What about the implementation team?

    We purchased directly from Palo Alto. We didn't use a system integrator. We purchased directly from them and went through their support team. I have a good relationship with the sales and customer success team at Palo Alto just from past relationships. So, we did a direct purchase.

    What was our ROI?

    We will eventually see return on investment just out of the automation and the ability to scale the platform up.

    We have reduced alert investigation times by approximately a couple hours a week.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is good. They gave us some good discounts right at the end of the year based on the value that it brings, visibility, and the ability to build in cloud, compliance, and security within one dashboard. 

    Which other solutions did I evaluate?

    We did look at a couple other vendors who do similar cloud workload protections. Based on the relationships that we have with Palo Alto, we knew that Palo Alto was kind of the leader in this space. We had hands-on experience with the tool and Palo Alto was also a customer of ours. So, we had some strong relationships and Palo Alto was the leader. 

    We did some demos with different tools that were not as comprehensive. We had some tools that we looked at which just focused more on the container side and some that focused more on the cloud API layer. Since Prisma Cloud has unified some of these different pieces into one platform, we ultimately decided that Prisma Cloud was going to be the best solution for us.

    What other advice do I have?

    It is a good tool. Work with your stakeholders and cloud teams to implement Prisma Cloud within as many environments as you can to get that rich amount of data, then come up with a strong strategy for integrations and alerting. Prisma Cloud has a lot of integrations out-of-the-box, like ServiceNow, Jira, and Slack. Understand what your business teams need as well as what your engineering and developers need. Try to work on the integrations that allow for the maximum amount of integration and automation within a cloud environment. So, work with your business teams to come up with a plan for how to implement it in your cloud, then how to best integrate the tooling and alerting.

    While Prisma Cloud does have the ability to do auto-remediation, which is a part of their automation, we didn't turn any of that on now because those features have a tendency to sometimes break things. For example, it will automatically shut down a security group or server that can sometimes have an impact into availability. So, we don't use any of the auto-remediation features, but we do have automation setup with Jira and Slack to create tickets and events for our ticketing and infrastructure teams/Slack channels.

    We definitely want to continue to explore and build-in some of the Shift Left principles, getting the tool into our dev cycles earlier. We do have some plans to expand more on the dev side. I am hiring an AppSec engineer who will be focused more on the development and AppSec side. That is something that is in our roadmap. It has just been something that we have been trying to work on and get into our backlog of a lot of projects.

    I would rate this solution as a nine out of 10.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    HariharanManikumar - PeerSpot reviewer
    Cloud Presales & Solution Architect at a tech services company with 51-200 employees
    MSP
    Top 10
    Reasonable price and helpful for containers and serverless security, but needs more coverage in terms of cloud vendors and a few enhancements
    Pros and Cons
    • "The container and serverless security is most valuable. It is quite a new technology for this region. Even though containers have been there for a long time, the adoption of containers is very minimal in this region. When it comes to using Kubernetes containers in a complex architecture, there is a lack of security in the market. People aren't aware of the security controls or the process for governance. Container security provided by Prisma Cloud is quite good at filling that gap."
    • "We identified two things that we felt would be great to have, but they are under NDA. So, I can't disclose them. Other than those two things, we identified a generic bug in the secret key management service on AWS that needs to be fixed. We reported it to them, and we want them to fix it."

    What is our primary use case?

    We are a system integrator. My organization has a cloud practice, and we focus on cloud security. Predominantly, Prisma Cloud is used to identify misconfigurations in the cloud.

    We have been using Prisma Cloud for two specific customers on Azure Cloud. It is quite a new organization, and we currently have two customers, but in my previous organization, we had about eight customers.

    We predominantly focus only on the cloud. We don't work with hybrid models. MultiCloud is there, but we haven't worked on MultiCloud as of now. This specific region is more into Azure Cloud. Azure has a data center over here. Therefore, the adoption of AWS or Google is not high in this region. For data compliance, customers want to stick to a cloud vendor that has a data center in this region.

    How has it helped my organization?

    My 18 years of experience is purely in serving the US and Europe markets. I am quite new to the UAE and the gulf region, and I found that this region is not very mature when it comes to cloud security. The majority of the CISOs are not aware of cloud security controls that need to be implemented, and they only speak about traditional security such as EDR, endpoint security, DLP, etc. So, there is a big potential for cloud security, specifically at the containers and serverless layer.

    When we evaluated solutions, we carried out PoC not only for two customers but also for the other six accounts, and they were pretty shocked to know that there were a lot of misconfigurations in the cloud. This region lacks cloud security skills, and there are not many cloud security experts or solution architects to design proper architecture. When we carried out the PoC, they became aware of the misconfigurations and security gaps. It helped them to identify the potential risks they have in the cloud. Generally, with security, it is not easy to measure the outcome or gain from a solution because it purely depends on the breach and the data loss, but so far, we have helped two organizations in fully implementing the solution, and the other four are still in the PoC process.

    We purely focus on the container and serverless security, and we predominantly work with Cloud Posture Management (CPM). We opted for Prisma Cloud because we found Prisma Cloud to be better in terms of the overall posture and integration. There are other products in the market, but they don't have a complete and broad portfolio range when it comes to containers or serverless functions. Prisma Cloud has good integrations. You can integrate vulnerability management for the overall risk score. When it comes to commercials, costing-wise also, it is far more reasonable for the customers.

    It is good for helping us to take a preventative approach to cloud security. It identifies all the controls and gives an overall picture. For example, it tells us the portion that has misconfiguration. So, we can fix that portion. It is a very good preventative tool. Certain customers predominantly use it for one-time assessments, which I don't recommend. It should be an ongoing assessment to have a good incident response as soon as an alert comes in. Normally, people just ask for a weekly report or monthly report to identify their security posture. Instead of that, they should have a real-time incident response solution to act as a preventative tool. As soon as an alert is generated, there must be someone to immediately work on it, and having such a tool really helps.

    It provides the visibility and control we need. In my previous organization, we had quite a complex environment with about 30 Kubernetes clusters. As compared to other tools, it provided better insights, but I haven't evaluated it for much more complex architectures. When it comes to serverless architectures, our work has been minimal. Therefore, I cannot confirm or guarantee whether Prisma Cloud will satisfy a highly complex environment.

    It gives the overall picture of compliance when it comes to the cloud security portion. We also have a couple of custom dashboards wherein we integrate the security risk score from other tools. Before implementing this solution for the customers, there was no proper mechanism for the cloud. They only had the vulnerability management reports, the SIEM score, or the application VAPT reports, but they did not have any visibility to anything on the cloud in terms of overall compliance and container security. It definitely gave visibility to the CISOs. A lot of people are still concerned about whether the cloud is secure, whether they need to migrate to it, and whether they have proper security controls for containers and serverless security. It gives better exposure to them. We do have proper tools with CISO-enabled dashboards using which they'll be able to see the score. 

    It has reduced runtime alerts by 60% to 70%. 

    It has reduced the alert investigation time. False positives are reduced. So, we are able to focus on what has been highlighted. At certain times, we need to accept certain changes, and it also gives us the flexibility to mark something as safe. Based on the change control, we can disable the alert so that the alert is not repeated until the change is completed. We have the functionality to do it.

    What is most valuable?

    The container and serverless security is most valuable. It is quite a new technology for this region. Even though containers have been there for a long time, the adoption of containers is very minimal in this region. When it comes to using Kubernetes containers in a complex architecture, there is a lack of security in the market. People aren't aware of the security controls or the process for governance. Container security provided by Prisma Cloud is quite good at filling that gap.

    What needs improvement?

    We identified two things that we felt would be great to have, but they are under NDA. So, I can't disclose them. Other than those two things, we identified a generic bug in the secret key management service on AWS that needs to be fixed. We reported it to them, and we want them to fix it.

    It is very good with predominant cloud vendors, such as AWS, Azure, and GCP, but I am not sure about its efficiency when it comes to other cloud vendors. They should expand its coverage to other cloud vendors such as Alibaba Cloud and Oracle Cloud, which are quite common in this region. I am not sure if they have a full-fledged Oracle Cloud controls evaluation. If they can improve it in terms of the MultiCloud aspect for the organization, it will be helpful, especially in this region.

    For how long have I used the solution?

    I have been working with this solution for almost three years. In my previous organization, I worked with it for two years, and it has been about eight months since I joined my current organization. Here also, we have opted for Prisma Cloud.

    What do I think about the stability of the solution?

    Its stability is good. We didn’t have any issues with it.

    What do I think about the scalability of the solution?

    In my earlier organization, we used it for a bigger client with about 3,000 VMs in AWS and about 30 to 40 clusters. We did not have any challenge with its scalability. As we started putting things, it was working well. 

    In this organization, we only have two small customers. There is not much workload. We haven't had any issues. It works fine.

    How are customer service and support?

    In my earlier organization, I worked directly with Prisma Cloud support. Their support was good. My engagement was minimal, but the initial support from them was quite good. When I had some RFCs and RFIs coming in, their turnaround times were quite less. We had a very good rapport with them. We had a specific account manager who handled any RFCs and PoCs. Their support was good, and we didn't have any challenges. 

    In this organization, we have been working with a channel partner, and there have been a few challenges because they are also occupied with other proposals and tasks. The same partner also works with other competitor organizations. Overall, I would rate their support an eight out of ten.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    In my previous organization, we were using the Skyhigh networks. Earlier, it was Sky network, and later on, McAfee acquired it and made it a CASB and cloud posture management product. We had a couple of challenges with it. So, we evaluated a lot of products and shortlisted Palo Alto Prisma Cloud. 

    How was the initial setup?

    It is straightforward. They provide two options. You can configure it manually or just grant access. It can then easily sync up. They also provide the cloud formation templates to spin up in minutes. So, it is straightforward and very simple.

    What was our ROI?

    It is hard to measure cost savings at this time because it is quite a new investment for the organization. Cost savings will be there in terms of security and reducing the development time and error fixing time, but it will take some time to measure that.

    What's my experience with pricing, setup cost, and licensing?

    Its price is reasonable as compared to other products. The main challenge is explaining the licensing model to customers. It isn't a problem related to Palo Alto. Commonly, people don't understand cloud licensing or security licensing. When they have fixed virtual machines, they know what they are going to be charged, but when it comes to cloud automation, it is hard for them to get clarity in case of high workloads or when they have enabled auto-scaling, etc. It would be helpful if Palo Alto can educate people on their licensing programs.

    Which other solutions did I evaluate?

    We evaluated multiple products after I came into this organization. We evaluated various CSPM and container security products, such as Aqua Security and Rapid7.

    Nowadays, every vendor has come up with a cloud posture management tool. So, we carried out a couple of PoCs in specific customer accounts that had an almost similar type of infrastructure, and based on the outcome, we found Prisma Cloud to be better in terms of identification of miscontrols and security. The cost also played a major role. As compared to other products, it was reasonable. So, the feature set for fulfilling customer requirements and the cost were the two factors that played a major part.

    The third factor was the flexibility to work with the vendor. In terms of partnership and support, we felt that being a Palo Alto product, Prisma Cloud would be better. Palo Alto has better service over here, and their channel partners are quite flexible to work with on initial customer demonstration and other things. We felt much more comfortable with Prisma Cloud in all these three aspects.

    What other advice do I have?

    When it comes to its security automation capabilities, currently, not every customer prefers to automate. We have been trying to implement automation, and when the right access was given, we did a certain amount of automation to immediately block the firewall rules or revoke access when any privileged access has been given. We have been doing a little bit of automation, and it has been good. We are able to achieve our goals. Out of two customers in this company and eight customers in my previous company, only three customers preferred to do automation to a certain extent. The rest of them wanted the alerts to be sent to the incident response team of their SOC. They wanted their team to act upon them. They only allowed us to automate high severity ones or highly critical ones. For example, they only allowed us to automate things like immediately blocking access to specific ports or IPs, but we haven't tried the automation to a full extent.

    It enables you to integrate security into your CI/CD pipeline and add touchpoints into existing DevOps processes. We implemented it for just one use case. Before that, we were using Qualys Container Security in the CI/CD pipeline. After switching to Prisma Cloud, I did not have an opportunity to evaluate it completely because I moved to another organization. In my previous organization, we had expertise in DevOps. We had a dedicated DevOps team with almost six years of experience in automating the entire deployment of servers infrastructure, as well as applications. It was pretty easy for them to implement or integrate any security tool into the CI/CD pipeline. In my current organization, we don't have an expert team, and we struggle a bit in implementing things because there are multiple CI/CD deployments from Jenkins to Amazon's native one and Git. So, we take support from Palo Alto to get things deployed during the PoCs. In my previous organization, it was also easier for us to implement because the training provided from the Palo Alto side was quite good, and we had a lot of training materials in the partner portal. We utilized them. We got in touch with the technical team, and we implemented things quite faster, but here, there is a bit of lag because we don't have expertise in DevOps for implementations or integrations.

    It can provide risk clarity at runtime and across the entire pipeline, showing issues as they are discovered during the build phases. Shifting your security to the left cuts down the entire life cycle of application deployment, and it does help to fix the security issues at the beginning of the development life cycle itself. We have not seen a large amount of time being cut down. That's because, typically, teams deploy the code, and then initiate a security scan. By integrating these things into the early development cycle, the time can be cut down to three weeks from about one and half months.

    I would rate this solution a seven out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Security Architect at a computer software company with 11-50 employees
    Real User
    Looks across our various cloud estates and provides information about what's going on, where it is going on, and when it happened
    Pros and Cons
    • "One of the main reasons we like Prisma Cloud so much is that they also provide an API. You can't expect to give someone an account on Prisma Cloud, or on any tool for that matter, and say, "Go find your things and fix them." It doesn't work like that... We pull down the information from the API that Prisma Cloud provides, which is multi-cloud, multi-account—hundreds and hundreds of different types of alerts graded by severity—and then we can clearly identify that these alerts belong to these people, and they're the people who must remediate them."
    • "Based on my experience, the customization—especially the interface and some of the product identification components—is not as customizable as it could be. But it makes up for that with the fact that we can access the API and then build our own systems to read the data and then process and parse it and hand it to our teams."

    What is our primary use case?

    We have a very large public cloud estate. We have nearly 300 public cloud accounts, with almost a million things deployed. It's pretty much impossible to track all of the security and the compliance issues using anything that would remotely be considered homegrown—scripts, or something that isn't fully automated and supported. We don't have the time, or necessarily even the desire, to build these things ourselves. So we use it to track compliance across all of the various accounts and to manage remediation. 

    We also have 393 applications in the cloud, all of which are part of various suites, which means there are at least 393 teams or groups of people who need to be held accountable for what they have deployed and what they wish to do. 

    It's such a large undertaking that automating it is the only option. To bring it all together, we use it to ensure that we can measure and track and identify the remediation of all of our public cloud issues.

    How has it helped my organization?

    The solution provides risk clarity at runtime and across the entire pipeline, showing issues as they are discovered during the build phases. Our developers are able to correct them using the tools they use to code. It gives our developers a point to work towards. If the information provided by this didn't exist, then we wouldn't be able to give our developers the direction that they need to go and fix the issues. It comes back to ownership. If we can give full ownership of the issues to a team, they will go fix them. Honestly, I don't care how they fix them. I don't really mind what tools they use.

    It is reducing run-time alerts. It's still in the process of working on those, but we have already seen a significant decrease, absolutely.

    What is most valuable?

    The entire concept is the right thing for us. It's what we need. The application is the feature, so to speak it. What it does is what we want it for: looking across the various cloud estates and providing us with information about what's going on in our cloud, where it is, when it happened. The product is the most valuable feature. It's not a do-all and end-all product. That doesn't exist. But it's a product with a very specific purpose. And we bought it for that very specific purpose.

    When it comes to protecting the full cloud native stack—the pure cloud component of the stack—it is very good.

    One of the main reasons we like Prisma Cloud so much is that they also provide an API. You can't expect to give someone an account on Prisma Cloud, or on any tool for that matter, and say, "Go find your things and fix them." It doesn't work like that. We've got to be able to clearly identify who owns what in our organization so that we can say, "Here's a report for your things and this is what you must go and fix." We pull down the information from the API that Prisma Cloud provides, which is multi-cloud, multi-account—hundreds and hundreds of different types of alerts graded by severity—and then we can clearly identify that these alerts belong to these people, and they're the people who must remediate them. That's our most important use case, because if you can't identify users, you can't remediate. No user is going to sit there going through over a million deployed things in the public cloud and say, "That one's mine, that one's not, that's mine, that's not." It's both the technology that Prisma Cloud provides and the ability to identify things distinctly, that comprise our use case.

    It also provides the visibility and control we need, regardless of how complex or distributed our cloud environments become. It doesn't care about the complexity of our environment. It gives us the visibility we need to have confidence in our compliance. Without it, we would have no confidence at all.

    It is also part of our DevOps processes and we have integrated security into our CI/CD pipeline. To be honest, those touchpoints are not as seamless as they could be because our processes do rely on multiple tools and multiple teams. But it is one of the key requirements in our DevOps life cycle for the compliance component to be monitored by this. It's a 100 percent requirement. The teams must use it all the time and be compliant before they move on to the next stage in each release. It is a bit manual for us, but that's because of our environment. It's given our SecOps teams the visibility they need to do their jobs. There's absolutely no chance that those teams would have any visibility, on a normal, day-to-day basis, simply because the SecOps teams are very small, and having to deal with hundreds of other development teams would be impossible for them on a normal basis.

    What needs improvement?

    Based on my experience, the customization—especially the interface and some of the product identification components—is not as customizable as it could be. But it makes up for that with the fact that we can access the API and then build our own systems to read the data and then process and parse it and hand it to our teams. At that point, we realized, "Okay, we're not never going to have it fully customizable," because no team can expect a product, off-the-shelf, to fit itself to the needs of any organization. That's just impossible.

    So customization from our perspective comes through the API, and that's the best we can do because there is no other sensible way of doing it. The customization is exactly evident inside the API, because that's what you end up using.

    In terms of the product having room for improvement, I don't see any product being perfect, so I'm not worried about that aspect. The RedLock team is very responsive to our requirements when we do point out issues, and when we do point out stuff that we would like to see fixed, but the product direction itself is not a big concern for us.

    For how long have I used the solution?

    We've been using it since before it was called Prisma Cloud. We're getting on towards two years since we first purchased it.

    What do I think about the stability of the solution?

    The stability of Prisma Cloud is very good. I have no complaints along those lines. It seems to fit the requirements and it doesn't go down. Being a SaaS product, I would expect that. I haven't experienced any instability, and that's a good thing.

    What do I think about the scalability of the solution?

    Again, as a SaaS product, I would expect it to just scale.

    How are customer service and technical support?

    We regularly use Palo Alto technical support for the solution. I give it a top rating. They're very good. They have a very good customer success team. We've never had any issues. All our questions have been answered. It has been very positive.

    Which solution did I use previously and why did I switch?

    We did not have a previous solution.

    How was the initial setup?

    The initial setup was very straightforward. It's a SaaS product. All you have to do is configure your end, which isn't very hard. You just have to create a role for the product and, from there on, it just works, as long as the role is created correctly. Everything else you do after that is managed for you.

    We have continuously been deploying it on new accounts as we spin them up. Our deployment has been going on since year one, but we've expanded. Two years ago we probably had about 40 or 50 cloud accounts. Now, we have 270 cloud accounts.

    We have a team that is dedicated to managing our security tools. Something this big will always require some maintenance from our side: new accounts, and talking to internal teams. But this is as much about management of the actual alerts and issues than it is anything else. It's no longer about whether the tool is being maintained. We don't maintain it. But what we do is maintain our interaction with the tool. We have two people, security engineers, who work with the tool on a regular basis.

    What was our ROI?

    It's a non-functional ROI. This isn't a direct-ROI kind of tool. The return is in understanding our security postures. That's incredibly important and that's why we bought it and that's what we need from it. It doesn't create funds; it is a control. But it certainly does stop issues, and how do you quantify that?

    What's my experience with pricing, setup cost, and licensing?

    Pricing wasn't a big consideration for us. Compared to the work that we do, and the other costs, this was one of the regular costs. We were more interested in the features than we were in the price.

    If a competitor came along and said, "We'll give you half the price," that doesn't necessarily mean that's the right answer, at all. We wouldn't necessarily entertain it that way. Does it do what we need it to do? Does it work with the things that we want it to work with? That is the important part for us. Pricing wasn't the big consideration it might be in some organizations. We spend millions on public cloud. In that context, it would not make sense to worry about the small price differences that you get between the products. They all seem to pitch it at roughly the same price.

    Which other solutions did I evaluate?

    Before the implementation of Prisma Cloud, there were only two solutions in the market. The other one was Dome9. We did an evaluation and we chose this one, and they were both very new. This is a very new concept. It pretty much didn't exist until Prisma Cloud came along.

    The Prisma Cloud solution was chosen because of the way it helped integrate with our operations people, and our operations people were very happy with it. That was one of the main concerns.

    Both solutions are very good at what they do. They approach the same problem from different directions. It was this direction that worked for us. Having said that, certain elements of Prisma Cloud were definitely more attractive to us because they matched up with some of our requirements. I'm very loath to say one product is better than the other, because it does depend on your requirements. It does depend on how you intend to use it and what it is, exactly, that you're looking for.

    What other advice do I have?

    You need to identify how you'll be using it and what your use cases are. If you don't have a mature enough organizational posture, you're not going to use it to actually fix the issues because you won't have the teams ready to consume its information. You need to build that and that needs to be built into the thinking around that product. There's no point having information if you're not going to act on it. So understand who is going to act on it, and how, and then you've got a much better path to understanding your use for this. There's no point in buying a product for the sake of the product. You need the processes and the workflows that go with it and you need to build those. It's not good enough to just hope that they will happen.

    The solution doesn't secure the entire spectrum of compute options because there are other Palo Alto products that secure containers, for example. This is very specifically focused on the configuration of the public cloud instances. It doesn't look inside those instances. You would need something else for that. You don't want to be using other products to do this. You don't want to mistake this for something that does everything. It doesn't. It is a very specific product and it is amazingly good at what it does.

    We do integrate it with our workflow as part of the process of getting an application onto the internet. It does integrate with our workflow, giving us a posture as part of the workflow. But it is not a workflow tool.

    It definitely does multi-cloud. It does the three major ones plus Alibaba Cloud. It doesn't reach into hybrid cloud, in the sense that it doesn't understand anything non-cloud. We don't use it to provide security, although it is very good for that. We already have an advanced security provision posture, because we are a very large organization. We just use it to inform us of security issues that are outside our other controls.

    Prisma Cloud doesn't provide us with a single tool to protect all of our cloud resources and applications in terms of security and compliance reports because we have non-cloud-related tools being folded into the reports as well. Even though it works on the cloud, and is excellent at what it does, we integrate it with our Qualys reports, for example, which is the scanning on our hosts. Those hosts are in the cloud, but this doesn't touch them. There's no such thing as a single security tool, frankly. It's basically part of our portfolio and it's part of what every organization needs, in my opinion, to be able to manage their cloud security postures. Otherwise, it would just never work.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    TejasJain - PeerSpot reviewer
    Sr. Cloud Security Architect at a computer software company with 10,001+ employees
    Real User
    Top 5
    Provides a single pane of glass for all our cloud resources to control all these different functionalities from various menus
    Pros and Cons
    • "Prisma Cloud helped us with compliance. Most of my deployments have been greenfield, so I don't have a benchmark to compare how the security posture has improved. I've always used this from day zero of the configuration. However, I can say that the compliance checks for PCI, DSS, HIPAA, etc., made my life simpler. I don't need to look at each of these standards and compare the rules I have in place."
    • "A better correlation between the multiple products Prisma Cloud contains would be crucial. It would reduce the time spent looking at reports and enable you to get all the actionable insights across products. I think that Palo Alto is working on it, but they need to work faster because it doesn't make sense to have all these products in a single pane of glass without any correlation between them."

    What is our primary use case?

    We use Prisma Cloud primarily for clients with a multi-cloud environment who require all these posture checks to be done uniformly from a single pane of glass to ensure they are in compliance. They have regulatory policies that require integration with the SIEM to generate alerts and reports. That's the primary use case for a CSPM solution. For cloud workload protection, we need vulnerability management, runtime defense, as well as image, container,  and registry scanning.

    In terms of modules, we started with Redlock, the cloud security posture management component, and followed with Twistlock for cloud workload protection. Lately, I've been using Aporeto for identity-based micro-segmentation and BridgeCrew for cloud security.

    Identity-based micro-segmentation allows you to create microparameters across workloads on the cloud and on-premises. You can enforce a pure wireless model through whitelisting flows in various workloads. Cloud security is primarily for core security, including SaaS and PaaS tools for scanning container images and core infrastructure. We have Terraforms, which we need to scan if we forget to remove any passwords or if there is some consideration drift between what you've configured in the IaC and what has materialized into the cloud infrastructure. 

    I don't think we have had more than four or five admins for any project. We provide read-only access to the monitoring guys and custom authentication authorization privileges to a couple of users. The number of authorized users varies from plan to plan. Lots of people don't need to have access to the solution. 

    How has it helped my organization?

    Prisma Cloud helped us with compliance. Most of my deployments have been greenfield, so I don't have a benchmark to compare how the security posture has improved. I've always used this from day zero of the configuration. However, I can say that the compliance checks for PCI, DSS, HIPAA, etc., made my life simpler. I don't need to look at each of these standards and compare the rules I have in place.

    It also enabled us to adopt a preventative approach to security. It gives us an option to monitor and remediate, so I don't think there is any challenge. If we see something going wrong, the solution offers a way to implement preventative controls. 

    You can incorporate Prisma into DevSecOps and put it into any of the pipelines, like Jenkins and Azure DevOps. I don't think there are any challenges. You have all the ready-made plugins on these CI/CD tools, so you don't need to do or write a custom script plugin or anything. It's already available. It takes care of your end-to-end security from build to deployment and runs.

    The cloud workload protection module Twistlock has ready-made plugins. Still, I don't think there was a plunging for identity-based micro-segmentation sites in the past, so we had to build a pipeline manually, I think they released a plugin for IBMS, but I never worked on it.

    Prisma provides a single pane of glass for all our cloud resources to control all these different functionalities from various menus. It also helps us assess risk at runtime and throughout the whole pipeline. I have never compared Prisma with other tools, like Qualys or Tenable, so I cannot say which gives better results regarding runtime. However, I get a lot of actionable insights and suggestions from the tool about the next steps to follow.

    The solution provides excellent security coverage of multi-cloud and hybrid environments. Without it, I would need to create a manual playbook for each cloud. There is a lot to maintain for each cloud, and you can't monitor from a single pane of glass. That's an administrative nightmare because you can't pull compatible reports. If I identify some compliance issues on AWS, I don't have a similar set of parameters to compare those for Google Cloud or Microsoft Azure. I definitely need this for a multi-cloud environment. 

    I can get a relatively good amount of end-to-end security within the cloud. All these pieces fit together to address all my cloud needs. Of course, I don't think any vendors target security within the microservices, analytics, or data warehouse. I'm unsure because I haven't done it, but I don't think anything is missing.

    It gives developers the tools they need to correct issues so they do not have to write their own scripts. Sometimes, I need an administrator to work with these developers, so it's not fully automated. Maybe I didn't find the best way to do it. Perhaps I need to find a linter or something, but there were many instances where I needed to involve someone to work with the developer. I don't think we are doing everything from the developer's end. 

    Prisma also substantially reduced alert investigation times because we previously did everything by hand. We used to scan it manually, so it depended on the periodicity of scans. Earlier, we used to run scans for a couple of customers about every 15 days, and then we did the remediation. Now, all these scans run every minute or 15 minutes, so it's faster.  

    What is most valuable?

    Prisma's identity-based micro-segmentation is better than all its competitors. I've already evaluated Guardicore and Illumio, but Prisma stands out for the ease of configuring rules and how seamlessly it works with your cloud workloads and container environments. I used it for Kubernetes as well as K3s. I prefer Prisma's identity-based micro-segmentation. I can't think of any competitors doing this as well as Prisma Cloud.

    We integrated this solution as a part of DevSecOps, so we have a dedicated pipeline for cloud workload protection. That works brilliantly. You don't need to log in to the control unless you want to do some management or full reports. I can bake in all these functionalities within the pipeline, and I can do the same for IBMS. 

    As part of application security or whatever my developers are working on, I can have them bake all the configurations they need to do, like listening and patching remediation. I think it's relatively automatic, but I would consider it to be more of a DevSecOps functionality.

    What needs improvement?

    Prisma is the result of multiple Palo Alto acquisitions, like CWPP, Twistlock, and Aporeto. Though they are part of a single pane of glass, there is no correlation between the solutions. I don't see vulnerability scans done for tools that have been micro-segmented. 

    A better correlation between the multiple products Prisma Cloud contains would be crucial. It would reduce the time spent looking at reports and enable you to get all the actionable insights across products. I think that Palo Alto is working on it, but they need to work faster because it doesn't make sense to have all these products in a single pane of glass without any correlation between them. 

    At some point, things get a bit unwieldy when working with complex environments, but I don't think that challenge is unique to Prisma Cloud. It's an issue for any solution deployed in massive and complex environments. Let's say you have an enterprise with 30,000 workloads in the cloud, so it's unwieldy to have it configured for a single instance of Prisma Cloud. In that case, it would be better to segregate it across multiple tenants.

    In the future, I'd like to see Palo Alto create a single consolidated agent software for workload production and identity-based micro-segmentation. Currently, I need to install two agents for the same platform to get two different functionalities. The second is maybe ease of licensing. That would also be helpful.

    For how long have I used the solution?

    I have been using Prisma Cloud for nearly three and a half years.

    What do I think about the stability of the solution?

    I never faced any challenges because of internal hardware issues or the agent. Because I've always worked on the cloud-managed version, we have never faced any problems with the functionality. We did have a couple of hangups with the user and administrator onboarding and privileges, but I don't think that affects the functionality of the overall product.

    What do I think about the scalability of the solution?

    The product itself is scalable, but it can become unwieldy from the administrative side of things. I can push Prisma Cloud out for 10,000 workloads, but the reporting and management would be a bit difficult. I prefer to have it segmented across multiple tenants, but it's somewhat complicated. 

    How are customer service and support?

    I rate Palo Alto support a nine out of ten. My company is a CPSP partner with premium support, so I can't speak to the typical support experience. Even if we don't raise a ticket, we have an internal account manager to take care of all this. 

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    Redlock was the original company doing CSPM, so I got into Prisma Cloud because they acquired Redlock. I previously used  Qualys and Tenable for vulnerability management. I thought putting the CSPM and cloud workload protection pieces of Prisma Cloud under one roof would simplify my life.

    Also, all these are cloud-managed and take care of the end-to-end requirements for cloud workloads. Qualys and Tenable have all these vulnerability management capabilities, but they might lack some native remediation capabilities. It's not that the other products are falling short, but I need that consolidated single pane of glass for cloud security. 

    How was the initial setup?

    Setting up Prisma Cloud is straightforward. You get an activation email and deploy a couple of scripts. I work for a consulting firm that is a CPSP partner. All I needed to do is email Palo Alto with a bill of material describing our environment and the components, and then we get the activation email. After that, I followed the self-service enrollment steps, and it's running. Depending on your environment, you need to install all these applications. It's a seamless onboarding experience.

    The total deployment time varies depending on the client because some of them have restrictions. One mid-sized company with around 700 workloads took less than three weeks. However, we needed to do a step-by-step approach for some, moving from the on-premises environment to the cloud and from dev to production. Those deployments took a couple of months.

    Usually, the deployment requires no more than two or three people, but it depends on the approach. One should be enough if it's a batch approach. I've been doing this alone for a lot of my clients. In some situations, if you may need some help troubleshooting an app that isn't working, or the client may need someone with specialized expertise. It also depends on the client's size. At most, you'll need a half-dozen.

    What was our ROI?

    It's a costly solution, so we spend a lot on the licenses. At the same time, we can perform compliance checks, external audits, etc., faster because we have all the right pieces in place. That definitely helped, but I've never calculated the total cost of ownership or return on investment.

    What's my experience with pricing, setup cost, and licensing?

    Prisma Cloud Enterprise is a costly solution. You need a license for all the components. At the same time, you have everything under one roof, so I think it's still justified. 

    What other advice do I have?

    I rate Prisma Cloud an eight out of ten. I deduct a couple of points because I would still like to see all the products in the platform correlated. They should also do away with the need to install multiple agents for various functionalities or burn it all down into a single agent that takes care of it.

    My advice is to start early if you are moving from on-premises to a hybrid or cloud environment. Implement Prisma Cloud as soon as possible, especially for greenfield deployments. This isn't a problem with Prisma Access, but it's usually a challenge. You need time to customize your rules and tailor them to your setup. 

    The second recommendation I have is for Prisma Cloud Compute, the cloud workload protection piece. It's available in self-managed and cloud versions. You should opt for the cloud-managed version because you can get two single-cloud platforms. 

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Cloud Security Manager at a manufacturing company with 10,001+ employees
    Real User
    Top 20
    We have identified and secured many misconfigurations and remediated a lot of vulnerabilities
    Pros and Cons
    • "The Twistlock vulnerability scanning tool is its most valuable feature. It provides us insight into security vulnerabilities, running inside both on-premise and public cloud-based container platforms. It is filling a gap that we have with traditional vulnerability scanning tools, where we don't have the ability to scan inside containers."
    • "The alignment of Twistlock Defender agents with image repositories needs improvement. These deployed agents have no way of differentiating between on-premise and cloud-based image repositories. If I deploy a Defender agent to secure an on-premise Kubernetes cluster, that agent also tries to scan my ECR image repositories on AWS. So, we have limited options for aligning those Defenders with the repositories that we want them to scan. It is scanning everything rather than giving us the ability to be real granular in choosing which agents can scan which repositories."

    What is our primary use case?

    Primarily, we are attempting to secure our public cloud security posture through compliance and vulnerability scanning.

    How has it helped my organization?

    Overall, the solution is effective for helping us take a preventative approach to cloud security. We have managed to remediate thousands of high impact misconfigurations or vulnerabilities that have been detected by the tool.

    It is how we are securing access to these public facing resources, i.e., how we are locking down S3 buckets, RDP to EC2 instances, or other administrative access that might otherwise allow easy compromise. The value to the business is simply just securing these cloud assets in alignment with security policies and best practices that we have defined.

    The comprehensiveness of the solution is good for securing the entire cloud-native development lifecycle, across build, deploy, and run. We are exclusively an Azure DevOps shop. Thus, we are well-aligned with the capabilities that Prisma offers. Its ability to participate in and integrate with the DevOps lifecycle has been very good for us.

    Prisma Cloud has enabled us to integrate security into our CI/CD pipeline and add touchpoints into existing DevOps processes. We are integrated in a handful of CI/CD pipelines at the moment. These touchpoints are fairly seamless in our DevOps processes. We are performing the scan and failing builds automatically without developer involvement, but we use the Visual Studio plugin. Therefore, developers can self-service scan their work prior to the build process. It is both seamless and on-demand for the people who choose to use it.

    The integration of security into our CI/CD pipeline has affected collaboration and trust between our DevOps and SecOps teams has improved, though there is some diplomacy that has to occur there. The way that it's improved: We approached vulnerability management and cloud security posture with these teams historically by presenting them a list of findings, like a laundry list of things they need to go fix. These teams aren't staffed for moving backwards and fixing old problems, so we established a process for working with them that starts with securing net new development. We can do that without much of an ask, in terms of their time, by having these integrations into their CI/CD pipeline along with self-service scanning tools. So, we have the capability of securing new development while they are completing the lengthy task of reviewing and remediating existing deployments.

    The solution provides risk clarity at runtime and across the entire pipeline, showing issues as they are discovered during the build phases. We are applying the same secure configuration baseline scans in the pipeline that we're doing for the deployed assets. Most of the time, our developers can correct these issues.

    What is most valuable?

    The Twistlock vulnerability scanning tool is its most valuable feature. It provides us insight into security vulnerabilities, running inside both on-premise and public cloud-based container platforms. It is filling a gap that we have with traditional vulnerability scanning tools, where we don't have the ability to scan inside containers.

    Prisma Cloud provides security spanning multi- and hybrid-cloud environments. This is of critical importance to us because we have workloads in multiple cloud providers as well as having them on-premise.

    The solution provides the following in a single pane of glass:

    • Cloud Security Posture Management
    • Cloud Workload Protection
    • Cloud Network Security
    • Cloud Infrastructure Entitlement Management.

    These are all critical and challenges that we have faced. We have been unable to find solutions using native tools from cloud providers. We use AWS and Azure in production along with GCP in testing.

    Prisma Cloud provides us with a single tool to protect all our cloud resources and applications, without having to manage and reconcile disparate security and compliance reports. The Redlock portion of the tool and reporting are better. There are still some gaps in terms of our ability to trend over time periods. However, in terms of point-in-time snapshot reporting, the tool is very good. What we have done is automated the process of compiling these trendline reports on a weekly basis to capture those metrics, then take them offline so we can build our own dashboarding to fill in the tool's gaps.

    We are using the solution’s new Prisma Cloud 2.0 Cloud Security Posture Management features. These features give our security teams alerts, with context, to know exactly what are the most critical situations. This is critical because we have insight into new assets that are deployed out of spec, but have otherwise not been enabled for auto remediation. The challenge there has been that we deploy these policies, and if someone's not sitting there watching the console, then they might miss these misconfigurations where time is of the essence. The learning and context are important in order to prioritize how quickly we need to triage these findings.

    The new Prisma Cloud 2.0 features provide our security teams with all the data that they need to pinpoint the root cause and prevent the issue from recurring. It is less data requirement gathering that has to happen in the middle of an incident or remediation. If the alerts themselves have all the context you need to address those, then it's just less legwork required to find the problem and fix the misconfiguration.

    What needs improvement?

    The alignment of Twistlock Defender agents with image repositories needs improvement. These deployed agents have no way of differentiating between on-premise and cloud-based image repositories. If I deploy a Defender agent to secure an on-premise Kubernetes cluster, that agent also tries to scan my ECR image repositories on AWS. So, we have limited options for aligning those Defenders with the repositories that we want them to scan. It is scanning everything rather than giving us the ability to be real granular in choosing which agents can scan which repositories. This is our biggest pain point.

    There are little UI complexities that we work around through the API or exporting.

    For how long have I used the solution?

    I have been using it for about nine months.

    What do I think about the stability of the solution?

    In general, the stability is very good. As a SaaS tool, we have high expectations for how it performs, and we did have some growing pains in that regard around the console upgrade in October. 

    The work that we have ongoing maintenance-wise is from a policy perspective. We have custom policies that we deploy above and beyond the CIS Benchmark policies deployed with the tool. As we deploy new services, start to use new tools, and as the cloud vendors roll out new services, there is policy work which goes along with that. However, the bulk of the work is still in meeting with business units who are responsible for deploying these applications and keeping them on track with their remediation activities.

    What do I think about the scalability of the solution?

    The scalability is very good. The notable exception is on the Lambda function side. We have had some challenges with its ability to scale up and scan all versions of deployed functions in a timely fashion. Otherwise, in the container space and public cloud space on the RedLock side, it has been very good in terms of scaling up to meet our demands.

    25 people use this solution. Seven of those would be people on the cloud SecOps team, and the balance of them would be a mix of developers, DevOps engineers, and incident response.

    There are dozens more pipelines for us to integrate with. The bulk of the growth will be organic to new app teams, who are in different business units in the enterprise.

    How are customer service and technical support?

    The technical support is pretty good. In most instances, they are responsive. They meet their SLAs. They are eager to engage with R&D or their engineering teams when necessary to escalate issues. 

    Which solution did I use previously and why did I switch?

    Prisma Cloud provides the visibility and control that we need, regardless of how complex or distributed our cloud environments become. Our security and compliance postures are significantly improved through the implementation of this tooling, mostly because we had poorly supported open source tooling acting in this capacity previously. We were using the Scout2, because it was free, which was not nearly as fully featured or capable.

    How was the initial setup?

    I have led this team since the beginning. The initial setup was harder when we did it than it is now. We had to go through individual AWS accounts, configuring IAM permissions and things like that, on an account by account basis. Whereas now, that happens automatically through AWS Organizations integration. While the setup was good then, it is better now.

    It took us three months to have all the resources onboarded.

    Our implementation strategy varied because there are so many elements of the tooling. We started with RedLock and the public cloud compliance pieces, starting with the sandbox accounts and validating the results and things of that nature. We then moved out to the larger Cloud COE as a whole and started onboarding production accounts. After that, we started meeting with the COE and app teams to socialize the findings and explain the remediation steps and go through all of that.

    We broke the Twistlock stuff into a separate project phase. The deployment approach there was similar to the implementation strategy. We started with the sandbox teams and public facing apps, socializing the findings, then going through the vulnerability structure and compliance structure with them. Once we had established a rapport with them and they understood the goals of the program, then we started pushing for integration into the CI/CD pipelines, etc.

    What was our ROI?

    We have seen ROI. I feel like it is a good value. I am not going to say for sure that we couldn't have leveraged the same results from one of the competing platforms, but you don't need to prevent many security incidents to realize the value of an investment like this. We have identified and secured many misconfigurations and remediated a lot of vulnerabilities that I feel like we have gotten our value out of the tool.

    Prisma Cloud has reduced our runtime alerts by 25 percent through the nature of developers being able to fix their own code by shifting the responsibility of identifying misconfigurations and vulnerabilities. Fewer runtime alerts are making it to runtime because they are fixing security or compliance issues earlier in the process.

    Our alert investigation time is much better and has been reduced by 75 percent.

    What's my experience with pricing, setup cost, and licensing?

    The pricing and licensing are expensive compared to the other offerings that we considered.

    Which other solutions did I evaluate?

    We also looked at Aqua Security and Rapid7 DivvyCloud. Capabilities-wise, these commercial solutions have similar offerings. The two primary differentiators with Palo Alto were:

    1. It was by far the most mature solution. They had acquired that maturity through getting the most baked startups, then rebranding and rolling them under the Prisma banner. So, they were the most mature platform at the time. 
    2. There was an element of wanting to have that single pane of glass management. They had a SaaS solution that we felt would scale to our large cloud environment. 

    What other advice do I have?

    Have a clear plan for how you will structure your policies, then decide right from the get-go if you will augment the delivered policies with your custom ones to minimize the amount of rework that you need to do. Likewise, make sure that the ticketing application that you are planning to integrate with, if you're going to track remediation activities, is one that is supported. If not, have a plan for getting that integration going quickly.

    Biggest lesson learnt: Do better planning for that third-party and downstream integration that you will be doing with your ticketing platform. Right out of the gate, our options were rather limited for integration and ticketing. It seemed to be geared around incident handling or incident response more than compliance management or vulnerability response.

    The solution is comprehensive for protecting the full cloud native stack. It covers nearly all of our use cases. The gaps present are more a function of API visibility that we get from Azure, for example. As they roll out or make generally available new services, there is a lag time in the tool's ability to ingest those services. However, I think that is more a function of the cloud platforms than Prisma Cloud.

    This solution is a strong eight out of 10.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Talent Acquisition Leader at a manufacturing company with 10,001+ employees
    Real User
    Allows us to generate real-time alerts and does a fairly good job from the data exposure perspective, but could use better reporting
    Pros and Cons
    • "As a pure-play CSPM, it is pretty good. From the data exposure perspective, Prisma Cloud does a fairly good job. Purely from the perspective of reading the conflicts, it is able to highlight any data exposures that I might be having."
    • "Currently, custom reports are available, but I feel that those reports are targeting just the L1 or L2 engineers because they are very verbose. So, for every alert, there is a proper description, but as a security posture management portal, Prisma Cloud should give me a dashboard that I can present to my stakeholders, such as CSO, CRO, or CTO. It should be at a little bit higher level. They should definitely put effort into reporting because the reporting does not reflect the requirements of a dashboard for your stakeholders. There are a couple of things that are present on the portal, but we don't have the option to customize dashboards or widgets. There are a limited set of widgets, and those widgets don't add value from the perspective of a security team or any professional who is above L1 or L2 level. Because of this, the reach of Prisma Cloud in an organization or the access to Prisma Cloud will be limited only to L1 and L2 engineers. This is something that their development team should look into."

    What is our primary use case?

    The main reason why we are using Prisma Cloud is to identify any compliance issues. We have certain compliance requirements across our different resources, such as something should be completely inaccessible, logging should be enabled, and certain features should be enabled. So, we are using it to identify any such gaps in our cloud deployment. Basically, we are using it as a Cloud Security for Posture Management (CSPM) tool.

    It is a SaaS solution. 

    How has it helped my organization?

    One of the things that we have been able to do with Prisma Cloud is that we have been able to generate real-time alerts and share them with our technology team. For certain resources, such as databases, we have certain P1 requirements that need to be fulfilled before our resource goes live. With Prisma, if we identify any such resource, then we just raise an alert directly with the support team, and the support team gets working on it. So, the turnaround time between us identifying a security gap and then closing it has gone down drastically, especially with respect to a few of the resources for which we have been able to put this plan into motion. We have reduced the timeline by 30%. That's because the phase of us identifying the gaps manually and then highlighting them to the team is gone, but the team still needs to remediate them. Of course, there is a provision in Prisma Cloud where I can reduce it further by allowing auto-remediate, but that is not something that we have gone for as an organization.

    We are using it to find any gaps, create custom policies, or search in our cloud because even on the cloud portal, you don't get all the details readily available. With Prisma, you have the capability of searching for whatever you're looking for from a cloud perspective. It gives you easy access to all the resources for you to find any attribute or specific values that you're looking for in an attribute. Based on my experience with Azure and Prisma, search becomes much easier via Prisma than via your cloud.

    What is most valuable?

    As a pure-play CSPM, it is pretty good. From the data exposure perspective, Prisma Cloud does a fairly good job. Purely from the perspective of reading the conflicts, it is able to highlight any data exposures that I might be having.

    What needs improvement?

    There are two main things that Palo Alto should look into. The first is the reporting piece, and the second one is the support. 

    Currently, custom reports are available, but I feel that those reports are targeting just the L1 or L2 engineers because they are very verbose. So, for every alert, there is a proper description, but as a security posture management portal, Prisma Cloud should give me a dashboard that I can present to my stakeholders, such as CSO, CRO, or CTO. It should be at a little bit higher level. They should definitely put effort into reporting because the reporting does not reflect the requirements of a dashboard for your stakeholders. There are a couple of things that are present on the portal, but we don't have the option to customize dashboards or widgets. There are a limited set of widgets, and those widgets don't add value from the perspective of a security team or any professional who is above L1 or L2 level. Because of this, the reach of Prisma Cloud in an organization or the access to Prisma Cloud will be limited only to L1 and L2 engineers. This is something that their development team should look into.

    Their support needs to be improved. It is by far one of the worst support that I have seen.

    We are using Azure Cloud. With AWS, Prisma is a lot more in-depth, but with Azure, it's still developing. There are certain APIs that Prisma is currently not able to read. Similarly, there were certain APIs that it was not able to read six months ago, but now, it is able to review those APIs, top-up resources, and give us proper security around that. Function apps were one of those things that were not there six months ago, but they are there now. So, it is still improving in terms of Azure. It is much more advance when it comes to AWS, but unfortunately, we are not using AWS. A problem for us is that in terms of protecting data, one of the key concepts is the identification of sensitive data, but this feature is currently not enabled for Azure. This feature is there for AWS, and it is able to read your S3 buckets in the case of AWS, but for Azure, it is currently not able to do any identification of your storage accounts or read data on the storage to give security around that. So, that is one of the weak points right now. So, from a data exfiltration perspective, it needs some improvement.

    It is currently lacking in terms of network profiles. It is able to identify new resources, and we do get continuous alerts from Prisma when there is an issue, but there have been a few issues or glitches. I had raised a case with Palo Alto support, but the ticket was not going anywhere, so I just closed the ticket. From a network security group's point of view, we had found certain issues where it was not able to perform its function properly when it comes to the network profile. Apart from that, it has been working seamlessly. 

    For how long have I used the solution?

    I've been using Prisma Cloud for around six months.

    What do I think about the stability of the solution?

    It is a stable platform. Especially with it being a SaaS platform, it just has to make API calls to the customers' cloud portals. I haven't found any issues with regard to stability, and I don't foresee any issues with stability based on the architecture that Prisma has.

    What do I think about the scalability of the solution?

    It is pretty scalable. The only limitation is the licensing. Otherwise, everything is on the cloud, and I don't see any challenges with respect to scalability. I would consider it as a scalable solution.

    Currently, there are around eight to 10 people who are working with Prisma, but we are still bringing it up to maturity. So, majorly, I and a couple of my colleagues are working with Prisma. The others have the account, but they are not active with respect to Prisma. Almost all of us are from InfoSec.

    How are customer service and support?

    The support from Palo Alto needs to be improved a lot. It is by far one of the worst support services that I have seen. It takes a lot of time for them to come back, and nothing conclusive happens on the ticket as well. 

    There was a ticket for which I called them for three months, and nothing was happening on that ticket. They were just gathering evidence that I had already shared. They asked for it again and again, and I got frustrated and just closed the ticket because I was just wasting my time. I was not getting any response. There was no progress that I was seeing in getting my issue getting resolved even after three months. This is not just for one ticket. There have been a couple of other tickets where I've faced similar issues with Palo Alto. So, support is definitely something that they should look into. 

    Today, I won't recommend Palo Alto Prisma to someone because I'm not confident about their support. Their support is tricky. I would rate them a three or four out of 10. They are polite and have good communication skills, but my requirement from the support team is not getting fulfilled.

    Which solution did I use previously and why did I switch?

    We haven't used any other product. 

    How was the initial setup?

    I've been involved with the entire implementation of Prisma Cloud. I've manually done the implementation of Prisma in my current organization in terms of fine-tuning the policies, reviewing the policies, and basically bringing it up to maturity. We have not yet achieved maturity with the product. We have also encountered some problems with the product because of which the implementation has been a bit delayed.

    The integration piece is pretty straightforward. In terms of the availability of the documentation, there is no issue. If you reach the right document, your issue gets resolved automatically, and you don't have to go to the support team. That was pretty smooth for me.

    The initial integration barely took half a day. You just have to make some changes on your cloud platform, get the keys, and just put the keys manually. We had a lot of subscriptions, and when we were doing the integration, tenant-level integration was not available. So, I had to manually integrate or rather onboard each subscription. That's the reason why it took me half a day. It might have even been just a couple of hours.

    What was our ROI?

    As of now, we have not seen an ROI because we are not yet mature. We have not yet reached the maturity level that we want to reach.

    Which other solutions did I evaluate?

    My colleague had reviewed other solutions like Aqua and Cloudvisory. One of the reasons for selecting Prisma was that we have planned a multi-cloud approach, and based on our analysis, we felt that Prisma will be better suited for our feature requirements. The other reason was that we already have quite a few Palo Alto products in our environment, so we just thought that it will be easier for us to do integrations with Prisma. So, these were the two key reasons for that decision.

    Currently, there are not many options to choose from across different products. So, from that perspective, Prisma is pretty decent. It works how CSPMs are supposed to work. They have to read up the config, and then throw you an alert if they find any misconfiguration. So, from that perspective, I didn't find it to be that different from other CSPMs. The integration pieces and other things are pretty simple in Prisma Cloud, which is something that we can take into account when comparing it with others.

    What other advice do I have?

    I would recommend others to consider a CSPM product, whether they go with Prisma or another flavor of CSPM. It also depends on the deployment that the organization has, the use case, and the budget. For an organization similar to mine, I would definitely recommend going for CSPM and Palo Alto Firewall.

    I would advise others to not go with the higher level of Prisma support. They should go for third-party professional services because, in my experience, they have a better understanding of the product than the Prisma support team. Currently, we have one of higher levels of support, and we are not getting the return on that support. If we go for a lower tier of support, we save that money and give it to a third-party professional service. That would be a better return on investment.

    Prisma Cloud hasn't helped us to identify cloud applications that we were unaware that our employees were using. That has not been the case so far because when we had initially done the deployment, we had done it at the subscription level rather than at the tenant level. So, in our case, it is quite the opposite where there would be subscriptions that the client is not aware of. I think Prisma has come up with a release wherein we can integrate our cloud on a tenant level rather than the subscription level. That is something that we will be doing going forward.

    I would rate this solution a seven out of 10.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free Prisma Cloud by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.
    Updated: November 2022
    Buyer's Guide
    Download our free Prisma Cloud by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.