Prisma Cloud by Palo Alto Networks Reviews

We use Prisma Cloud for the banking sector to check the policies as required.

Prisma Cloud provides security scanning in multi and hybrid cloud environments. This is important because customers often ask if they need certain services, such as detection, auto-remediation, and policies. AWS has all of these features, but why would a customer use anything else? The answer is that Prisma Cloud is multi-cloud, so it can monitor multiple clouds as well as on-premise networks. This is often a key requirement for customers.

Prisma Cloud can help us take a preventative approach to cloud security. It is built for developers and provides a range of features, including RQL, multi-cloud support, and endpoint detection.

Prisma Cloud provides the visibility and control we need. It properly manages all cloud assets and provides information about assets in our cloud.

Prisma Cloud provides us with a single tool to protect all our cloud resources and applications, eliminating the need to manage and reconcile disparate security and compliance reports.

Prisma Cloud provides risk clarity at runtime and throughout the entire pipeline. It also shows issues as they are discovered during the build phases.

The developers are able to correct issues using the tools they used to code.

The alert investigation time has been reduced by half an hour.

Prisma Cloud's most important feature is its auto-remediation. This feature automatically fixes security vulnerabilities in our cloud or on-premises environment. This can help us to improve our security posture and reduce our risk of a security breach.

Prisma Cloud lags behind in terms of security automation capabilities. Specifically, the investigation feature is not fully automated and requires users to know the RQL language. This can be a barrier for new users.

Prisma Cloud is not updating the real-time information on the UI for our cloud assets. It takes approximately two to three hours for the information to be updated.

I would like Palo Alto to provide a three-month free trial for Prisma Cloud.

The stability has room for improvement.

I have been using Prisma Cloud by Palo Alto Networks for two months.

Prisma Cloud is not stable except for our AWS clients.

Prisma Cloud is scalable.

The initial setup is straightforward. The deployment can take anywhere from two days to 15 days. We deploy based on the customer's requirements. 

We implement the solution for our clients.

Prisma Cloud is more expensive than Check Point CloudGuard.

I give Prisma Cloud by Palo Alto Networks an eight out of ten.

Based on an organization's basic requirements for auditing and detection, I would recommend Prisma Cloud.

The best thing I have learned about Prisma Cloud is that it is a single platform, like SIEM. This is beneficial for network engineers because it reduces the complexity of finding the cause of an issue. With Prisma Cloud, everything can be found in one place.

I generally use Prisma Cloud to dive deeper into any security findings generated by Prisma. It's also a good way to get a complete inventory of all our cloud assets spread across different cloud platforms.

The customers that we work with have really benefited from Prisma Cloud by including it in their workflows and security audits. Prisma Cloud has really helped them improve their security posture.

Prisma Cloud's inventory reporting is pretty good. If you have multiple clouds or platforms, you can have a list of all your cloud resources within Prisma. The security posture management is also great.

We continuously work with our security teams to find any issues with their infrastructure. Prisma continuously monitors the infrastructure, which helps us locate those resources and patch those findings.

The information presented in the UI sometimes doesn't look intuitive enough. For instance, if I want to look at all the resources that are affected by a certain finding, sometimes it's not easy to locate how to look at all those resources in one place. But that's just a UI quirk. However, API-wise, Prisma Cloud is pretty good for locating what you're looking to find.

I have been using Prisma Cloud by Palo Alto Networks for the past six months.

It is a stable product. I haven't seen any outages with Prisma Cloud.

It is a scalable product.

Prisma Cloud's customer service is pretty great.

Positive

We used a different solution before switching to Prisma Cloud. The decision to switch to Prisma Cloud was a strategic decision made by the enterprise.

The initial deployment was pretty straightforward. We primarily use it with our AWS cloud, and it's pretty easy to set up cross-account roles to get access to Prisma. Prisma Cloud uses cross-account IAM roles in AWS. You just set those roles up using a stack SAT across your entire set of AWS accounts, and Prisma can access all those accounts immediately.

We implemented in-house.

Prisma Cloud has really improved our productivity and freed up resource time from manually hunting for findings to automating it.

Before choosing Prisma Cloud, we did a few POCs for products like DivvyCloud, Dome9, and Cisive. All these products pretty much do the same thing with a few differentiating factors, but not enough to really stand out.

I rate Prisma Cloud an eight on a scale of one to ten for ease of use. It is pretty intuitive, except for not being able to locate resources affected by a certain finding individually.

Prisma Cloud has helped free up staff to work on other projects. Previously, we used to do ad hoc scripting to find different resources affected by a certain finding. However, we no longer have to do that because everything is automated.

At least ten hours each week were freed up because of the Prisma Cloud.

Meeting with all the industry professionals at the RSA conference is a great feeling. We get to learn about the latest trends in cybersecurity, all the new products that are coming up to tackle all the challenges, and especially the role of AI and machine learning in cybersecurity.

We've been looking at improving our hybrid connectivity solutions and making them more secure. We explored a few solutions at the RSA conference, which will come into play when we decide.

Overall, I rate Prisma Cloud an eight out of ten.

We provide our customers with a secure cloud platform. The client uses this solution for their architecture and we check the reports once a month and provide them with guidance on how to improve their cloud operation.

Prisma Cloud by Palo Alto Networks provides a security span in multiple cloud and hybrid cloud environments. This is an important step to be able to have visibility of all the cloud environments.

The solution has helped me to take a preventative approach to cloud security. This technology is what is going to be used predominantly in the future. The newest standards are being used in this solution technology providing us with a preventive approach.

This solution benefits organizations because it uses the newest technology to provide a safe cloud environment.

We do not have a very complex environment but for our usage, the solution provides us visibility and control.

The solution provides us with a single tool that protects all our cloud resources without having to manage and reconcile security compliance reports.

The most valuable feature of Prisma Cloud by Palo Alto Networks is the CSPM, which we use the most. Additionally, the investigation and alerts are useful, and the creation of queries.

The solution is improved frequently, approximately twice a month.

Support is an area that needs improvement.

I have been using Prisma Cloud by Palo Alto Networks for approximately two years.

Prisma Cloud by Palo Alto Networks has been a stable solution.

We have approximately six engineers using this solution in my organization.

The scalability of Prisma Cloud by Palo Alto Networks is good. If we want to scale, we only need to purchase another license.

The technical support is not good at responding to questions compared to other companies. They can be slow to respond and not professional enough. There are times when we have a question and they give us a general answer that is not helpful.

The initial setup of Prisma Cloud by Palo Alto Networks is easy.

The solution has saved us money.

The pricing structure is easy to understand. Depending on the use case the pricing of the solution can be different. There are not any additional costs to the standard living fees.

I rate Prisma Cloud by Palo Alto Networks an eight out of ten.

We had Azure, AWS, and a little bit of GCP, so we gave Prisma read access to all those accounts, subscriptions, etc., and monitored the alerts to mitigate risks based on what popped up in the dashboard.

While it's not our only tool, Prisma is managing about 80 percent. We still occasionally go into cloud-native tools to ensure certain compliance standards are being met. Sometimes, urgent issues need to be fixed that haven't been reported in Prisma because the native tools will catch them first. As a third-party solution, Prisma might take a little longer to build a report directory.

We had around 30 to 40 users who were a mix of cloud and DevOps engineers. There were also members of the security team who made decisions about what kind of security policies we had to follow. We used it extensively within the public cloud across all our Azure, AWS, and GCP subscriptions and projects. There was interest in using it on-premises with our vSphere environment as well. I don't know if that ever happened.

Prisma enabled us to get up-to-speed on enforcing TLS 1.2. It helped us look at different types of resources, like storage accounts and app services. I'm thinking particularly of Azure because that was my focus. I found all the resources from the Prisma list and remedied those issues so that they were displayed as resolved in Prisma.

It gave us visibility into and control over complex cloud environments, which helped us feel better about our security and secure the environment with the clinical data. Our security team was pleased when we showed them clean Prisma reports. It boosted their confidence and their comfort level that we were being compliant.

Prisma made it much easier to ensure that all of the security pieces are handled. It simplified our security issue resolution. It cut down our investigation time by giving us one place to look. It cleaned up our operations considerably because finding what resources needed to be resolved, mitigated, or updated was easier. It probably saved us several hours every week. It also saved us some money, but I couldn't quantify the savings because other environments also used it.

It helped us develop a preventative approach to security. Nine out of ten times, we could find issues that needed to be fixed ahead of time. We had a monthly meeting where we would review the high-severity alerts on the dashboard and assign people to remedy them. Once we got through the high severity alerts, we looked at mediums and low severity alerts. Prisma enabled us to identify resources we needed to fix, which was quite handy.

We were pleased with Prisma's custom and built-in reports. We could go into the dashboard and see all these notifications telling us which subscriptions didn't have TLS 1.2 enabled. The security controls were the most valuable features. 

Prisma's multi-cloud capabilities were essential. We wouldn't have used it without them. We would have just used the native cloud vendors' security solutions. Its protection of our full cloud-native stack is pretty comprehensive. I would rate it at least an eight out of ten. It stacks up well compared to the security alerts and notifications we got from solutions like Defender.

It sometimes took Prisma a little while to build queries, so new services or features wouldn't appear. It wouldn't get flagged in Prisma for a bit. It would be helpful if they sped up how quickly they got their default notifications, queries, and alerts.

The access controls for our bank roles were not granular enough. We needed specific people to do particular actions, and we often had to give some people way too much access for them to be able to do what they needed in Prisma. They couldn't do their jobs if they didn't have that level of access, so other people had to do that part for them. It would help to have more granular role-based access controls.

We used the solution for about three years at my previous company. 

Prisma seemed highly stable, but I wasn't managing the solution. I was more of a user.

Prisma seemed to scale pretty well. It covered several large environments and didn't seem to struggle when loading information for us. I think it did well.

I rate Palo Alto support a six out of ten. The support was adequate, but I can't say it was great. If we had an issue with a feature or a query, it could take them a little while to get back, especially if it was a feature improvement or a new alert. They were very slow to add new warnings and features.

Neutral

The company never had a public cloud solution before Prisma, but they had something for on-prem. I don't know what it was. They also used cloud-native solutions like Defender for Cloud and the native tool for AWS.

We switched to Prisma because we wanted a single pane of glass that would allow the security team to see security issues across all of the public cloud vendors that we used, so they wouldn't have to jump to each individual cloud vendor's tool.

I was involved in the POC several years ago. It was like a lab test. After we tested that for several months, we rolled out the official one. At that point, I was just helping them test as they tried out the product. I didn't actually install the software.

The setup seemed pretty straightforward. There were clear instructions on how we just needed to create service principles with specific permissions and then grant Prisma the credentials for the service. I think they only had about five people maintaining the Prisma environment, and each was responsible for bits and pieces of it.

I believe the company saw a return using Prisma.

I know that the guys who handled the pricing said Prisma was costly, but I don't know how that compares to other products.

I know the team evaluated other options, but I wasn't involved.

I rate Prisma Cloud an eight out of ten. Having one place to go for all of your security alerts and notifications makes it easier to solve issues than going to each vendor's security tool.

We are a system integrator. My organization has a cloud practice, and we focus on cloud security. Predominantly, Prisma Cloud is used to identify misconfigurations in the cloud.

We have been using Prisma Cloud for two specific customers on Azure Cloud. It is quite a new organization, and we currently have two customers, but in my previous organization, we had about eight customers.

We predominantly focus only on the cloud. We don't work with hybrid models. MultiCloud is there, but we haven't worked on MultiCloud as of now. This specific region is more into Azure Cloud. Azure has a data center over here. Therefore, the adoption of AWS or Google is not high in this region. For data compliance, customers want to stick to a cloud vendor that has a data center in this region.

My 18 years of experience is purely in serving the US and Europe markets. I am quite new to the UAE and the gulf region, and I found that this region is not very mature when it comes to cloud security. The majority of the CISOs are not aware of cloud security controls that need to be implemented, and they only speak about traditional security such as EDR, endpoint security, DLP, etc. So, there is a big potential for cloud security, specifically at the containers and serverless layer.

When we evaluated solutions, we carried out PoC not only for two customers but also for the other six accounts, and they were pretty shocked to know that there were a lot of misconfigurations in the cloud. This region lacks cloud security skills, and there are not many cloud security experts or solution architects to design proper architecture. When we carried out the PoC, they became aware of the misconfigurations and security gaps. It helped them to identify the potential risks they have in the cloud. Generally, with security, it is not easy to measure the outcome or gain from a solution because it purely depends on the breach and the data loss, but so far, we have helped two organizations in fully implementing the solution, and the other four are still in the PoC process.

We purely focus on the container and serverless security, and we predominantly work with Cloud Posture Management (CPM). We opted for Prisma Cloud because we found Prisma Cloud to be better in terms of the overall posture and integration. There are other products in the market, but they don't have a complete and broad portfolio range when it comes to containers or serverless functions. Prisma Cloud has good integrations. You can integrate vulnerability management for the overall risk score. When it comes to commercials, costing-wise also, it is far more reasonable for the customers.

It is good for helping us to take a preventative approach to cloud security. It identifies all the controls and gives an overall picture. For example, it tells us the portion that has misconfiguration. So, we can fix that portion. It is a very good preventative tool. Certain customers predominantly use it for one-time assessments, which I don't recommend. It should be an ongoing assessment to have a good incident response as soon as an alert comes in. Normally, people just ask for a weekly report or monthly report to identify their security posture. Instead of that, they should have a real-time incident response solution to act as a preventative tool. As soon as an alert is generated, there must be someone to immediately work on it, and having such a tool really helps.

It provides the visibility and control we need. In my previous organization, we had quite a complex environment with about 30 Kubernetes clusters. As compared to other tools, it provided better insights, but I haven't evaluated it for much more complex architectures. When it comes to serverless architectures, our work has been minimal. Therefore, I cannot confirm or guarantee whether Prisma Cloud will satisfy a highly complex environment.

It gives the overall picture of compliance when it comes to the cloud security portion. We also have a couple of custom dashboards wherein we integrate the security risk score from other tools. Before implementing this solution for the customers, there was no proper mechanism for the cloud. They only had the vulnerability management reports, the SIEM score, or the application VAPT reports, but they did not have any visibility to anything on the cloud in terms of overall compliance and container security. It definitely gave visibility to the CISOs. A lot of people are still concerned about whether the cloud is secure, whether they need to migrate to it, and whether they have proper security controls for containers and serverless security. It gives better exposure to them. We do have proper tools with CISO-enabled dashboards using which they'll be able to see the score. 

It has reduced runtime alerts by 60% to 70%. 

It has reduced the alert investigation time. False positives are reduced. So, we are able to focus on what has been highlighted. At certain times, we need to accept certain changes, and it also gives us the flexibility to mark something as safe. Based on the change control, we can disable the alert so that the alert is not repeated until the change is completed. We have the functionality to do it.

The container and serverless security is most valuable. It is quite a new technology for this region. Even though containers have been there for a long time, the adoption of containers is very minimal in this region. When it comes to using Kubernetes containers in a complex architecture, there is a lack of security in the market. People aren't aware of the security controls or the process for governance. Container security provided by Prisma Cloud is quite good at filling that gap.

We identified two things that we felt would be great to have, but they are under NDA. So, I can't disclose them. Other than those two things, we identified a generic bug in the secret key management service on AWS that needs to be fixed. We reported it to them, and we want them to fix it.

It is very good with predominant cloud vendors, such as AWS, Azure, and GCP, but I am not sure about its efficiency when it comes to other cloud vendors. They should expand its coverage to other cloud vendors such as Alibaba Cloud and Oracle Cloud, which are quite common in this region. I am not sure if they have a full-fledged Oracle Cloud controls evaluation. If they can improve it in terms of the MultiCloud aspect for the organization, it will be helpful, especially in this region.

I have been working with this solution for almost three years. In my previous organization, I worked with it for two years, and it has been about eight months since I joined my current organization. Here also, we have opted for Prisma Cloud.

Its stability is good. We didn’t have any issues with it.

In my earlier organization, we used it for a bigger client with about 3,000 VMs in AWS and about 30 to 40 clusters. We did not have any challenge with its scalability. As we started putting things, it was working well. 

In this organization, we only have two small customers. There is not much workload. We haven't had any issues. It works fine.

In my earlier organization, I worked directly with Prisma Cloud support. Their support was good. My engagement was minimal, but the initial support from them was quite good. When I had some RFCs and RFIs coming in, their turnaround times were quite less. We had a very good rapport with them. We had a specific account manager who handled any RFCs and PoCs. Their support was good, and we didn't have any challenges. 

In this organization, we have been working with a channel partner, and there have been a few challenges because they are also occupied with other proposals and tasks. The same partner also works with other competitor organizations. Overall, I would rate their support an eight out of ten.

Positive

In my previous organization, we were using the Skyhigh networks. Earlier, it was Sky network, and later on, McAfee acquired it and made it a CASB and cloud posture management product. We had a couple of challenges with it. So, we evaluated a lot of products and shortlisted Palo Alto Prisma Cloud. 

It is straightforward. They provide two options. You can configure it manually or just grant access. It can then easily sync up. They also provide the cloud formation templates to spin up in minutes. So, it is straightforward and very simple.

It is hard to measure cost savings at this time because it is quite a new investment for the organization. Cost savings will be there in terms of security and reducing the development time and error fixing time, but it will take some time to measure that.

Its price is reasonable as compared to other products. The main challenge is explaining the licensing model to customers. It isn't a problem related to Palo Alto. Commonly, people don't understand cloud licensing or security licensing. When they have fixed virtual machines, they know what they are going to be charged, but when it comes to cloud automation, it is hard for them to get clarity in case of high workloads or when they have enabled auto-scaling, etc. It would be helpful if Palo Alto can educate people on their licensing programs.

We evaluated multiple products after I came into this organization. We evaluated various CSPM and container security products, such as Aqua Security and Rapid7.

Nowadays, every vendor has come up with a cloud posture management tool. So, we carried out a couple of PoCs in specific customer accounts that had an almost similar type of infrastructure, and based on the outcome, we found Prisma Cloud to be better in terms of identification of miscontrols and security. The cost also played a major role. As compared to other products, it was reasonable. So, the feature set for fulfilling customer requirements and the cost were the two factors that played a major part.

The third factor was the flexibility to work with the vendor. In terms of partnership and support, we felt that being a Palo Alto product, Prisma Cloud would be better. Palo Alto has better service over here, and their channel partners are quite flexible to work with on initial customer demonstration and other things. We felt much more comfortable with Prisma Cloud in all these three aspects.

When it comes to its security automation capabilities, currently, not every customer prefers to automate. We have been trying to implement automation, and when the right access was given, we did a certain amount of automation to immediately block the firewall rules or revoke access when any privileged access has been given. We have been doing a little bit of automation, and it has been good. We are able to achieve our goals. Out of two customers in this company and eight customers in my previous company, only three customers preferred to do automation to a certain extent. The rest of them wanted the alerts to be sent to the incident response team of their SOC. They wanted their team to act upon them. They only allowed us to automate high severity ones or highly critical ones. For example, they only allowed us to automate things like immediately blocking access to specific ports or IPs, but we haven't tried the automation to a full extent.

It enables you to integrate security into your CI/CD pipeline and add touchpoints into existing DevOps processes. We implemented it for just one use case. Before that, we were using Qualys Container Security in the CI/CD pipeline. After switching to Prisma Cloud, I did not have an opportunity to evaluate it completely because I moved to another organization. In my previous organization, we had expertise in DevOps. We had a dedicated DevOps team with almost six years of experience in automating the entire deployment of servers infrastructure, as well as applications. It was pretty easy for them to implement or integrate any security tool into the CI/CD pipeline. In my current organization, we don't have an expert team, and we struggle a bit in implementing things because there are multiple CI/CD deployments from Jenkins to Amazon's native one and Git. So, we take support from Palo Alto to get things deployed during the PoCs. In my previous organization, it was also easier for us to implement because the training provided from the Palo Alto side was quite good, and we had a lot of training materials in the partner portal. We utilized them. We got in touch with the technical team, and we implemented things quite faster, but here, there is a bit of lag because we don't have expertise in DevOps for implementations or integrations.

It can provide risk clarity at runtime and across the entire pipeline, showing issues as they are discovered during the build phases. Shifting your security to the left cuts down the entire life cycle of application deployment, and it does help to fix the security issues at the beginning of the development life cycle itself. We have not seen a large amount of time being cut down. That's because, typically, teams deploy the code, and then initiate a security scan. By integrating these things into the early development cycle, the time can be cut down to three weeks from about one and half months.

I would rate this solution a seven out of ten.

The main reason why we are using Prisma Cloud is to identify any compliance issues. We have certain compliance requirements across our different resources, such as something should be completely inaccessible, logging should be enabled, and certain features should be enabled. So, we are using it to identify any such gaps in our cloud deployment. Basically, we are using it as a Cloud Security for Posture Management (CSPM) tool.

It is a SaaS solution. 

One of the things that we have been able to do with Prisma Cloud is that we have been able to generate real-time alerts and share them with our technology team. For certain resources, such as databases, we have certain P1 requirements that need to be fulfilled before our resource goes live. With Prisma, if we identify any such resource, then we just raise an alert directly with the support team, and the support team gets working on it. So, the turnaround time between us identifying a security gap and then closing it has gone down drastically, especially with respect to a few of the resources for which we have been able to put this plan into motion. We have reduced the timeline by 30%. That's because the phase of us identifying the gaps manually and then highlighting them to the team is gone, but the team still needs to remediate them. Of course, there is a provision in Prisma Cloud where I can reduce it further by allowing auto-remediate, but that is not something that we have gone for as an organization.

We are using it to find any gaps, create custom policies, or search in our cloud because even on the cloud portal, you don't get all the details readily available. With Prisma, you have the capability of searching for whatever you're looking for from a cloud perspective. It gives you easy access to all the resources for you to find any attribute or specific values that you're looking for in an attribute. Based on my experience with Azure and Prisma, search becomes much easier via Prisma than via your cloud.

As a pure-play CSPM, it is pretty good. From the data exposure perspective, Prisma Cloud does a fairly good job. Purely from the perspective of reading the conflicts, it is able to highlight any data exposures that I might be having.

There are two main things that Palo Alto should look into. The first is the reporting piece, and the second one is the support. 

Currently, custom reports are available, but I feel that those reports are targeting just the L1 or L2 engineers because they are very verbose. So, for every alert, there is a proper description, but as a security posture management portal, Prisma Cloud should give me a dashboard that I can present to my stakeholders, such as CSO, CRO, or CTO. It should be at a little bit higher level. They should definitely put effort into reporting because the reporting does not reflect the requirements of a dashboard for your stakeholders. There are a couple of things that are present on the portal, but we don't have the option to customize dashboards or widgets. There are a limited set of widgets, and those widgets don't add value from the perspective of a security team or any professional who is above L1 or L2 level. Because of this, the reach of Prisma Cloud in an organization or the access to Prisma Cloud will be limited only to L1 and L2 engineers. This is something that their development team should look into.

Their support needs to be improved. It is by far one of the worst support that I have seen.

We are using Azure Cloud. With AWS, Prisma is a lot more in-depth, but with Azure, it's still developing. There are certain APIs that Prisma is currently not able to read. Similarly, there were certain APIs that it was not able to read six months ago, but now, it is able to review those APIs, top-up resources, and give us proper security around that. Function apps were one of those things that were not there six months ago, but they are there now. So, it is still improving in terms of Azure. It is much more advance when it comes to AWS, but unfortunately, we are not using AWS. A problem for us is that in terms of protecting data, one of the key concepts is the identification of sensitive data, but this feature is currently not enabled for Azure. This feature is there for AWS, and it is able to read your S3 buckets in the case of AWS, but for Azure, it is currently not able to do any identification of your storage accounts or read data on the storage to give security around that. So, that is one of the weak points right now. So, from a data exfiltration perspective, it needs some improvement.

It is currently lacking in terms of network profiles. It is able to identify new resources, and we do get continuous alerts from Prisma when there is an issue, but there have been a few issues or glitches. I had raised a case with Palo Alto support, but the ticket was not going anywhere, so I just closed the ticket. From a network security group's point of view, we had found certain issues where it was not able to perform its function properly when it comes to the network profile. Apart from that, it has been working seamlessly. 

I've been using Prisma Cloud for around six months.

It is a stable platform. Especially with it being a SaaS platform, it just has to make API calls to the customers' cloud portals. I haven't found any issues with regard to stability, and I don't foresee any issues with stability based on the architecture that Prisma has.

It is pretty scalable. The only limitation is the licensing. Otherwise, everything is on the cloud, and I don't see any challenges with respect to scalability. I would consider it as a scalable solution.

Currently, there are around eight to 10 people who are working with Prisma, but we are still bringing it up to maturity. So, majorly, I and a couple of my colleagues are working with Prisma. The others have the account, but they are not active with respect to Prisma. Almost all of us are from InfoSec.

The support from Palo Alto needs to be improved a lot. It is by far one of the worst support services that I have seen. It takes a lot of time for them to come back, and nothing conclusive happens on the ticket as well. 

There was a ticket for which I called them for three months, and nothing was happening on that ticket. They were just gathering evidence that I had already shared. They asked for it again and again, and I got frustrated and just closed the ticket because I was just wasting my time. I was not getting any response. There was no progress that I was seeing in getting my issue getting resolved even after three months. This is not just for one ticket. There have been a couple of other tickets where I've faced similar issues with Palo Alto. So, support is definitely something that they should look into. 

Today, I won't recommend Palo Alto Prisma to someone because I'm not confident about their support. Their support is tricky. I would rate them a three or four out of 10. They are polite and have good communication skills, but my requirement from the support team is not getting fulfilled.

We haven't used any other product. 

I've been involved with the entire implementation of Prisma Cloud. I've manually done the implementation of Prisma in my current organization in terms of fine-tuning the policies, reviewing the policies, and basically bringing it up to maturity. We have not yet achieved maturity with the product. We have also encountered some problems with the product because of which the implementation has been a bit delayed.

The integration piece is pretty straightforward. In terms of the availability of the documentation, there is no issue. If you reach the right document, your issue gets resolved automatically, and you don't have to go to the support team. That was pretty smooth for me.

The initial integration barely took half a day. You just have to make some changes on your cloud platform, get the keys, and just put the keys manually. We had a lot of subscriptions, and when we were doing the integration, tenant-level integration was not available. So, I had to manually integrate or rather onboard each subscription. That's the reason why it took me half a day. It might have even been just a couple of hours.

As of now, we have not seen an ROI because we are not yet mature. We have not yet reached the maturity level that we want to reach.

My colleague had reviewed other solutions like Aqua and Cloudvisory. One of the reasons for selecting Prisma was that we have planned a multi-cloud approach, and based on our analysis, we felt that Prisma will be better suited for our feature requirements. The other reason was that we already have quite a few Palo Alto products in our environment, so we just thought that it will be easier for us to do integrations with Prisma. So, these were the two key reasons for that decision.

Currently, there are not many options to choose from across different products. So, from that perspective, Prisma is pretty decent. It works how CSPMs are supposed to work. They have to read up the config, and then throw you an alert if they find any misconfiguration. So, from that perspective, I didn't find it to be that different from other CSPMs. The integration pieces and other things are pretty simple in Prisma Cloud, which is something that we can take into account when comparing it with others.

I would recommend others to consider a CSPM product, whether they go with Prisma or another flavor of CSPM. It also depends on the deployment that the organization has, the use case, and the budget. For an organization similar to mine, I would definitely recommend going for CSPM and Palo Alto Firewall.

I would advise others to not go with the higher level of Prisma support. They should go for third-party professional services because, in my experience, they have a better understanding of the product than the Prisma support team. Currently, we have one of higher levels of support, and we are not getting the return on that support. If we go for a lower tier of support, we save that money and give it to a third-party professional service. That would be a better return on investment.

Prisma Cloud hasn't helped us to identify cloud applications that we were unaware that our employees were using. That has not been the case so far because when we had initially done the deployment, we had done it at the subscription level rather than at the tenant level. So, in our case, it is quite the opposite where there would be subscriptions that the client is not aware of. I think Prisma has come up with a release wherein we can integrate our cloud on a tenant level rather than the subscription level. That is something that we will be doing going forward.

I would rate this solution a seven out of 10.

We were implementing and expanding a system that we had internally. We were creating a system called Midas, which was about keeping data safe. It was cloud-based. We wanted to keep data safe and provide an analytics environment on the cloud.

We now have a service offering that secures data and allows large volumes of data to be secured and exposed within a tight and well-founded community.

It helped to reduce downtime in our organization.

Its ease of integration is valuable because we need to get the solution out of the door quickly, so speed and ease matter.

The area for improvement is less about the product and more about the upsell. If we've already agreed that we'd like your product x, y, or z, don't try to add fries to my burger. I don't need it.

The firm has been using it for about two years. My direct interaction with it was about a year ago.

I didn't notice any kind of instability, but there are foibles and little nuances.

We are happy with it overall. I'd rate them an eight out of ten.

Positive

We had a number of different solutions and still do.

It was in-between in terms of complexity. We leveraged our Palo Alto friends to help us get over the humps, and they did a great job.

We didn't take help from any third party. Palo Alto implemented it.

We have not seen an ROI in this case, but we didn't buy it for a return on investment.

We evaluated multiple solutions. They have a well-known product line in the industry, and we stopped and talked with them and picked them because of their capabilities and competencies.

In terms of providing a unified platform that natively integrates all security capabilities, I'm not expert enough to say that it supplies everything, but it's well-known. There are a number of different features and capabilities in their suite.

To a colleague at another company who says, “We are just looking for the cheapest and fastest firewall," I would say that it's never the cheapest and the fastest. You always need to lay down what your needs are and then go after who has the right level of capabilities, competencies, and price point.

Palo Alto embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. Every vendor needs to be considering how they're going to appropriately integrate both generative AI and machine learning. As we move forward, it's going to be table stakes.

In terms of the value I receive from attending an RSA Conference, I have two hats. I'm working for an organization. It's federally funded research and development. Attending an RSA Conference helps me keep a finger on the pulse of that, but I also am a security blogger, so I make sure that I'm keeping up to date. Talking to people is another important part of this conference. The one thing that's missing from the conference is that there's so much focus on reaction instead of protection up front and thinking about things up front, but it's a very valuable conference overall. 

Overall, I'd rate them an eight out of ten. They are well known in this field, and they do have good products that are niche to what they're doing.

There are three pieces to our use case. For the container piece, which used to be Twistlock, we use static scan to scan our artifact repositories and we use that data to remediate issues and provide it back to developers. We also do runtime monitoring on our orchestrators, which are primarily Kubernetes, but some DC/OS as well. Right now, it's all on-premises, although we'll be moving that to the cloud in the future. 

And we use what used to be RedLock, before it was incorporated into the solution.

Prisma Cloud has definitely enabled us to integrate security into our CI/CD pipeline and add touchpoints into existing DevOps processes for container. In the container those touchpoints are pretty seamless. We've been able to implement security control gates and automate notifications back to teams of vulnerabilities in the container orchestrator. It all works pretty smoothly, but it required a fair amount of work on our part to make that happen. But we did not run into limitations of the tool. It enabled us pretty well. The one part where we have a little bit of a gap that most of those are at deployment time. We haven't shifted all those controls back to the team level at build time yet. And we haven't really tackled the cloud space in the same way yet. 

I'm not sure we have SecOps in the container space exactly in the same way we do in other DevOps. We shifted a lot of the security responsibility into the development teams and into the Ops teams themselves. There's less of a separation. But overall, the solution has increased collaboration because of data visibility.

It also does pretty well at providing risk clarity at runtime, and across the entire pipeline, showing issues as they are discovered during the build phases. It does a good job in terms of the speed of detection, and you can look at it in terms of CVSS score or an arbitrary term for severity level. Our developers are able to correct the issues.

We are clearly better off in that we have visibility, where there was a gap before. We know where our container vulnerabilities and misconfigurations are, and even on the cloud side, where cloud misconfigurations are happening. That visibility is a huge benefit. 

The other part is actually using that data to reduce risk and that's happened really well on the container side. On the cloud side, there's still room to grow, but that's not an issue with Prisma Cloud itself. These tools are only a part of the equation. It takes a lot of organizational work and culture and prioritization to address the output of these tools, and that takes time.

The ability to monitor the artifact repository is one of the most valuable features because we have a disparate set of development processes, but everything tends to land in a common set of artifact repositories. The solution gives us a single point where we can apply security control for monitoring. That's really helpful.

Another valuable feature is the ability to do continuous monitoring at runtime. We can feed that data back to developers so they can get intelligence on what's actually deployed, and at what level, versus just what's in the artifact repository, because those are different.

In the security space, most security solutions typically do either development-side security, or they do runtime operational security, but not both. One of the relatively unique characteristics of this solution in the marketplace—and it may be that more and more of the container security solutions do both sides—is that this particular solution actually spans both. We try to leverage that.

And for the development side, we utilize both the vulnerability results from the static vulnerability scanning as well as the certain amount of configuration compliance information that you can gather from the static pre-deployment scans. We use both of those and we pay attention to both sides of that. Because this solution can be implemented both on the development side and on the runtime operational side, we look at the same types of insights on the operational runtime side to keep up with new threats and vulnerabilities. We feed that information back to developers as well, so they can proactively keep up.

We have multiple public clouds and multiple internal clouds. Some of it is OpenStack-based and some of it is more traditional VM-based. Prisma Cloud provides security spanning across these environments, in terms of the static analysis. When we're looking at the artifact repository, the solutions we're using Prisma Cloud to scan and secure will deploy to both public cloud and internal cloud. Moving into 2021, we'll start to do more runtime monitoring in public cloud, particularly in AWS. We're starting to see more EKS deployment and that's going to be a future focus area for us. It's extremely important to us that Prisma Cloud provides security across these environments. If Prisma didn't do that, that would be a deal-breaker, if there were a competitor that did. 

Public cloud is strategically very important to our company, as it probably is for many companies now, so we have to have security solutions in that space. That's why we say the security there is extremely important. We have regulatory compliance requirements. We have some contractual obligations where we have to provide certain security practices. We would do that anyway because they are security best practices, but there are multiple drivers.

Applying some of their controls outside of the traditional container space, for example, as we're doing hybrid cloud or container development, is helpful. Those things get their tentacles out to other areas of the infrastructure. An example would be that we look at vulnerabilities and dependencies as we develop software, and we use Prisma Cloud to do that for containers. We use other tools outside of the container space. They're starting to move into that other space so we can point Prisma Cloud at something like a GitHub and do that same scanning outside of the container context. That gives us the ability to treat security control with one solution.

When it comes to protecting the full cloud-native stack, it has the right breadth. They're covering all the topics I would care about, like container, cloud configuration, and serverless. There's one gap. There could be a better set of features around identity management—native AWS—IAM roles, and service account management. The depth in each of those areas varies a little bit. While they may have the breadth, I think there's still work to do in  flushing out each of those feature sets.

My understanding of Palo Alto's offerings is that they have a solution that is IAM-focused. It's called Prisma Access. We have not looked at it, but I believe it's a separately-licensed offering that handles those IAM cases. I don't know whether they intend to include any IAM-type of functionality in the Prisma Cloud feature set or whether they will just say, "Go purchase this separate solution and then use them next to each other."

Also, I don't think their SaaS offering is adoptable by large enterprises like ours, in every case. There are some limitations on having multiple consoles and on our ability to configure that SaaS offering. We would like to go SaaS, but it's not something we can do today.

We have some capability to do network functions inside of Prisma Cloud. Being able to integrate that into the non-cloud pieces of the Palo Alto stack would be beneficial.

The solution's security automation capabilities are mixed. We've done some API development and it's good that they have APIs, that's beneficial. But there is still a little disconnect between some of the legacy Twistlock APIs versus some of the RedLock APIs. In some cases the API functionality is not fully flushed out. 

An example of that is that we were looking at integrating Prisma Cloud scans into our GitHub. The goal was to scan GitHub repositories for CloudFormation and Terraform templates and send those to Prisma Cloud to assess for vulnerabilities and configuration. The APIs are a little bit on the beta-quality side. It sounds like newer versions that some of that is handled, but I think there's some room to grow. 

Also, our team did run into some discrepancies between what's available, API-wise, that you have to use SaaS to get to, versus the on-premise version. There isn't necessarily feature parity there, and that can be confusing.

We've been using Prisma Cloud by Palo Alto for about two-and-a-half years.

The stability has been excellent. The solution simply runs. It very seldom breaks and, typically, when it does, it's easy to troubleshoot and get back on track.

The scalability has been good for our use cases.

When we first adopted it, a single console could cover 1,000 hosts that were running container workloads. That was more than enough for us, and to date it has been more than enough for us, because we have multiple network environments that need to stay separated, from a connectivity standpoint. We've needed to put up multiple consoles, one to serve each of those network environments. Within each of those network environments, we have not needed to scale up to 1,000 yet.

There's wide adoption across our organizations, but at the same time there is tremendous room to grow with those organizations. Many organizations are using it somewhat, but we are probably at 20 to 25 percent of where we need to be.

It's safe to say we have several hundred people working with the solution, but it's not 1,000 yet. They are primarily developers. There are some operational folks who use it as well. To me, that speaks to the ease of deployment and administration of this solution. You really don't need a large operational group to deploy. When it comes to security, incident response, and the continuous monitoring aspects that a continual security team does, I don't have insight because I don't work in that area of the company, but I see that as expanding down the road. It's another area of growth for us.

Their technical support has been very good. Everyone that I've been involved with has been very responsive and helpful. They have remained engaged to drive resolution of issues that we have found.

We did not have a previous solution.

Standing up an instance is quite simple, for an enterprise solution. It has been excellent in that regard.

It's hard to gauge how long our deployment took. We have multiple consoles and multiple network contexts, and a couple of those have different sets of rules and different operational groups to work with. It took us several months across all those network environments that we needed to cover, but that's not counting the actual amount of time it took to execute steps to install a console and deploy it. The actual steps to deploy a console and the Defenders is a very small amount of time. That's the easiest part.

Our implementation strategy for Prisma Cloud was that we wanted to provide visibility across the SDLC: static scan, post-build, as things go to the artifact repository. Our goal was to provide runtime monitoring at our development, test, and production platforms.

We did it ourselves.

I don't know a better way to do it, but their licensing is a little confusing. That's due to the breadth of different types of technologies they are trying to cover. The way you license depends on where you're securing. When they were Twistlock it was a simple licensing scheme and you could tell what you were doing. Now that they've changed that scheme with Palo Alto, it is quite confusing. It's very difficult to predict what your costs are going to be as you try to expand coverage.

At the time we looked at our incumbent vendors and others that were container-specific. We were trying to avoid a new vendor relationship, if possible. We looked at Rapid7 and Tenable. Both were starting to get into the container space at the time. They weren't there yet. We did our evaluation and they were more along the lines of a future thought process than an implementable solution.

We looked at Twistlock, which was a start-up at the time, and Aqua because they were in the space, and we looked at a couple of cloud solutions, but they were in cloud and working their way to container. We did the same exercise with Evident.io and RedLock, before they were purchased by Palo Alto. They were the only vendors that covered our requirements. In the case of Twistlock, their contributions in the NIST 800-190 standards, around container security, helped influence our decision a little bit, as did the completeness of their vision and implementation, versus their competitors.

My advice would be not to look at it like you're implementing a tool. Look at it like you're changing your processes. You need to plan for the impact of the data for the various teams across Dev and Security and Ops. Think very holistically, because a lot of this cloud container stuff spans many teams. If you only look at it as "I'm going to plug a tool in and I'm going to get some benefit," I think you'll fail.

Prisma Cloud covers both cloud and container, or could cover either/or, depending on your needs. But in both of those cases, there's often confusion about who owns what, especially as you're creating new teams with the transition to DevOps and DevSecOps. Successful implementation has a lot to do with working out lines of ownership in these various areas and changing processes and even the mindset of people. You have to make strides there to really maximize the effectiveness of the solution.

The solution provides Cloud Security Posture Management in a single pane of glass if you're using the SaaS solution, but we do not. Our use case does not make it feasible for us to use the SaaS solution. But with the Prisma Cloud features and compute features in the self-hosted deployment, you have to go to multiple panes to see all the information.

When it comes to the solution helping us take a preventative approach to cloud security, it's a seven or eight out of 10. The detective side is a little higher. We are using the detective controls extensively. We're getting the visibility and seeing those things. There is a lot of hesitance to use preventative controls here, both on the development side—the continuous integration stuff—and particularly in the runtime, continuous monitoring protection, because you are just generally afraid. This mirrors years and years ago when intrusion prevention first came out at the network level. A lot of people wanted to do detection, but it took quite a few years for enterprises to get the courage to start actively blocking. We're in that same growth period with container security.

When it comes to securing the entire cloud-native development lifecycle, across build, deploy, and run, it covers things pretty well. When I think about it in terms of build, there are integrations with IDEs and development tools and GitHub, etc. Deploy is a little shakier to me. I know we have Jenkins integration. And run is good. In terms of continuous monitoring, it feels build and run are a little stronger than deploy. If we could see better integration with other tools, that might help. If I'm doing that deploy via Terraform or Spinnaker, I don't know how all that plays with the Jenkins integrations and some of the other integrations that Palo Alto has produced.

Overall, it feels like a pretty good breadth of integrations, as far as what they claim. They certainly support some things that we don't use here at build and deploy and runtime. But a lot of what they rely on, in terms of deploy, is API-driven, so it's not an easy-to-configure, built-in integration. It's more like, "We have an API, and if you want to write custom software to use that API, you can." They claim support in that way, but it's not at the same level as just configuring a couple of items and then you can scan a registry.

In the container space, we have absolutely seen benefit from the solution for securing the cloud-native development lifecycle. At the same time, it has required some development on our part to get the integration. Some of that is because we predated some of the integrations they offer. But in the container space, there has definitely been a huge impact. The impact has been less so in cloud configuration, because there are so many competing offerings that can do that with Terraform and Azure Security Center and Amazon native tools. I don't feel like we've made quite the same inroads there.

In terms of it providing a single tool to protect all of our cloud resources and applications, I don't think it does. Maybe that's because of our implementation, but it just doesn't operate at every level. I don't think we'd ever go down that path. We have on-premise tools that have been here a long time. We've built processes around reporting. Vulnerability scanning is an example. We run Nessus on-premise, and we wouldn't displace Nessus with, say, a Twistlock Defender to do host-level scanning in the cloud, because we'd have a disparate tool set for cloud versus on-premise for no reason. I don't ever see Prisma Cloud being the single solution for all these security features, even if they can support them.

It's important that it integrate with other tools. We talked earlier about a single dashboard. A lot of those dashboards are aggregating data from other tools. One thing that has been important to us is feeding data to Splunk. We have a SIEM solution. So I would always envision Prisma Cloud as being a participant in an ecosystem.

In summary, I actually hate most security products because they're very siloed and you have mixed-vendor experiences. I don't think they take a big-picture view. I've been really pleasantly surprised with how Prisma Cloud is, over time, covering more and more of the topics I care about, and listening to customer feedback and growing the product in the right directions. For the most part, it does what they say it will do. The vendor support has also been good. I would definitely give the vendor an eight out of 10 because they've been great in understanding and providing solutions in the space, and because of the reliability and the responsiveness. They've been very open to our input as customers. They take it very seriously and we've taken advantage of that and developed a good relationship with them.

When it comes to the solution itself, I would give the compute solution an eight. But I don't think I would give the Prisma Cloud piece an eight. So overall, I would rate the solution as a seven because the compute is stronger than the other piece, what used to be RedLock.

I would also emphasize that what I think is a strong roadmap for the product and that Palo Alto is really interested in customer feedback. They do seem to incorporate it. That may be our unique experience because our use cases just happen to align with what Palo wants to do, but I think they're heading in the right direction.

Early on in a solution's life cycle or problem space, it's more important to have that responsiveness than it is even to have the fullest of solutions. The fact that we came across this vendor, one that not only mostly covered what we needed when we were first looking for it three years ago, but that has also been as responsive as they have to grow the solution, has been really positive.