Prisma Cloud by Palo Alto Networks Reviews

We use cloud solutions generally for client demos of products.  

It has not been implemented, but Prisma or Dome9 will provide us with better cloud security and less administration time for our cloud instances. 

RedLock is quite good for providing multi-clouds or cross-cloud security.  

In our testing, we have found the Check Point product CloudGuard Dome9 to be more user-friendly at this point. Palo Alto Prisma's interface was not as user-friendly. Palo Alto should work on this part of its solution to be more competitive with ease-of-use. I do not feel Palo Alto is short of any features, but if we compare the two side-by-side, I think the user interface for Palo Alto needs to be improved to make it at least as good as Dome9.  

We just started evaluating it, so we have just been using it for a little more than a month doing some evaluations and proof of concept.  

The product is stable.  

We have not tested scalability extensively to this point because our cloud accounts are not being used so much that it warrants scaling it up. We only dedicated a small amount of resources for the product at this point while exploring it.  

There are up to 10 users on RedLock in our company and there are never more than 10 at this point.  

We worked with both the Palo Alto and Check Point technical support teams during our evaluations. So we were connected to the technical team at Palo Alto. Their technical support was excellent. The presales team was very proactive and helped us in every aspect we needed to resolve our queries during implementation and they provided knowledge to our team internally. The technical support from both vendors was very good. This was not a problem.  

We have been using the native security solutions from each of the clouds or cloud service partners we deal with, but they have limited functionality. That is why we began to look into other options. 

The initial setup was not too easy and yet not too complex. It was pretty good. The deployment took a couple of days. For deployment, it required only one person. For maintenance, it requires a team of engineers. We have a team with different roles and responsibilities. We have someone from the network team, we have someone from the infosec [information security] team, we have someone from the cloud team, and we have someone from our Unix team. So there is one person from each team who has been assigned roles and responsibilities with explorations of Prisma. The team monitors the system on a day-to-day basis and checks for threats and then, according to what they find, then they decide on any necessary course of action.  

Our company did the deployment ourselves with an internal team. We did not use an integrator or consultant.  

We did not use any specific or dedicated cloud security product before evaluating the options we chose to review. Currently, we do not have any specific product that we purchased specifically for cloud security. Recently we came across Palo Alto Prisma Cloud Security and Check Point Cloud Guard Dome9 products and we chose to evaluate both and engage in POCs.  

We wanted to find some solution where we could see all our cloud accounts and manage them in one single pane of glass. When we used the native solutions that were in place through our cloud providers, we had to manage several different clouds by going to each individually. These dedicated products have everything for cloud security management in one place and we can monitor all our cloud activity from there. There is also the benefit that the functionality of dedicated products is more robust.  

Currently, we have stopped using RedLock. We are focusing on exploring Dome9 by Check Point. We have found it very easy to use and the interface is quite user-friendly.  

The advice I would give to someone seriously considering these cloud solution products is to be careful with procedures you use while testing them. During the setup phase, there were not many challenges. But while integrating the cloud accounts, I would recommend the users initially provide only read-only access not read-write access, just as a precaution. The users should also be cautious not to expose cloud data to vendors like Dome9 or Palo Alto or whomever the vendor will be.  

On a scale from one to ten where one is the worst and ten is the best, I would rate the Palo Alto product overall as a seven-out-of-ten. Dome9 I would currently rate eight-out-of-ten. Palo Alto's rating could improve with enhancements to ease-of-use.  

We use the Bridgecrew, IaC, and CSPM domains.

Prisma Cloud has given us a good approach to view our security loopholes. Container security has also helped us.

CSPM is very useful because it gives us good policies and violation alerts. The solution is very good for IaC too.

The reporting should be much more refined.

They need to improve the API gateway.

I have been using Prisma Cloud for three years.

The stability is improving.

The scalability is good. We can extend it to many cloud vendors.

Palo Alto's support is good.

Positive

The solution is good. It is easy to use, but Prisma keeps on releasing new features. So the console becomes a little bit typical. Auto-remediation is time-efficient.

The RSA conference is valuable to my organization. The conference has an impact on our organization's cybersecurity purchases sometimes. Overall, I would rate Prisma Cloud an eight out of ten.

We primarily use the solution to create a cluster or scenario, for runtime management on containers.

We have three containers in our organization. Two were legacy containers and we added a third. The solution helped with our DevOps pipeline and allowed us to inspect and analyze the product.

The runtime mechanism on the solution is very useful. It's got very good network mapping between containers. If you have more than one container, you can create a content data link between them.

I'm not sure about areas for improvement on the solution, however, I do think the compliance and dashboarding could be better.

The innovation side of the solution could be more efficient and more detailed.

I've been using the solution for two months.

The initial setup was reasonably complex. The container security makes it a complex implementation. If I were to rate the complexity out of ten I'd give it a seven.

We use the cloud deployment model.

I'd rate the solution nine out of ten.

The primary use case for this solution was to run the rule set for the CIS 20 framework and HIPAA compliance.

This solution will ensure that we've got a more secure environment, mitigating any sort of bad actors coming in and either destroying or disrupting the environment.

The most valuable feature is that the rule set is managed and that it can be run on a regularly scheduled basis.

The pricing for the solution needs improvement.

The stability of this solution is very good. Very favorable.

We have four people involved with this solution. They are administrators and DevOps resources.

The solution is currently used across our entire environment. I bought licenses for one hundred hosts and I only have twenty-eight. So, there will be no incremental cost for me until I exceed one hundred hosts, which is a long way away.

Technical support is very good. They have been very responsive to various requests in the past.

We did not use another solution prior to this one.

The initial setup was very straightforward. RedLock was very helpful in setting up the environment. The deployment took approximately two hours.

Two people are required for deployment and maintenance.

We worked with a reseller. They are Rocus Networks out of Charlotte, North Carolina. We had a very good experience with them.

Our licensing fees are $18,000 USD per year. There are no costs in addition to the standard licensing fees.

We evaluated the Dome9 solution in addition to this one. RedLock was selected based on Rocus' recommendation.

This is a product for which I had a very specific need, and my security partner recommended it. This product is one of the leaders. I would, however, suggest that you do a POC before implementing this solution.

It has very good support in all of the cloud environments. I think that they offer a lot of functionality in supporting that space. I don't think that this product is perfect, but it fits my needs perfectly.

I would rate this solution a nine out of ten.

Our primary use case for this solution is for container security and monitoring.

It has helped us understand the dynamic topology of our containers and manage security through the application of policies that our pipelines apply straight from Git.

The most valuable feature is the automated forensics.

I would like to see the inclusion of automated counter-attack, although this is probably illegal.

Our client needed a solution which would be a true implementation of the concept "Trust, but verify," and Aporeto fulfills that notion as it decouples security from network and infrastructure. It services microservices in a nifty and seamless way.

Aporeto has accelerated our client's expansion to the cloud. With Aporeto, they have secured their Linux workloads on any infrastructure with end-to-end encryption and have a path for modernizing with a security layer that is future-proofed.

The dynamic workload identity creation, attestation, and assignment is the best feature. In addition, the application dependency map across heterogeneous environments for compliance is a striking feature.

It integrates quite well with the AWS products as it uniquely fingerprints each workload. Aporeto is designed to combine metadata from the orchestration layer, the container, the operating system, and the AWS instance identity document. By combining these information sources, along with dynamic attributes such as image scanner inputs, Aporeto is designed to create a strong cryptographic identity for each workload. It authenticates and authorizes all network communications within a virtual private cloud (VPC), across VPCs independent of their region or availability zone, and across cloud environments.

More documentation with real-world use cases would be helpful. Another useful feature would be greater transparency and visibility into the security checks being implemented.

In AWS, it scales with the cloud and we have found no issues at all with the stability.

Aporeto is now available in AWS where it efficiently deploys, manages, and secures applications at scale on various platforms including Kubernetes, Docker, Linux, and Mesos, among others.

The purchasing process was easy and quick. It is a very economical solution.

We chose to procure this solution via AWS Marketplace because that's where we get all other solutions and to make sure it's supported by AWS.

I would rate it as a nine out of ten, due to its cloud-facing features which fit in nicely with the whole cloud ecosystem.