Douglas Costa Rossi - PeerSpot reviewer
Software Security Analyst at a energy/utilities company with 10,001+ employees
Real User
Top 10
Enabled us to help an internal team, one that was totally vulnerable, to have a security solution within a couple of weeks
Pros and Cons
  • "The CVEs are valuable because we used to have a tool to scan CVEs, at the language level, for the dependencies that our developers had. What is good about Prisma Cloud is that the CVEs are not only from the software layer, but from all layers: the language, the base image, and you also have CVEs from the host. It covers the full base of security."
  • "They need to make the settings more flexible to fit our internal policies about data. We didn't want developers to see some data, but we wanted them to have access to the console because it was going to help them... It was a pain to have to set up the access to some languages and some data."

What is our primary use case?

When we started using this tool, the name was Twistlock, it was not Prisma Cloud. We had a container team responsible for modernizing our environment and they created an on-prem solution using Red Hat OpenShift. They started using Twistlock as a way to manage the security of this on-prem environment.

My team, which was the security team, inherited the ownership of the tool to manage all the security problems that it was raising.

When we started using containers on the cloud, our cloud provider was Azure. We also started migrating our security solutions for the cloud, but that was at the end of my time with the company, so I didn't participate much in this cloud process.

We were also sending the logs and alerts to Splunk Cloud. We were managing all the alerts generated by policies and vulnerabilities and the threats from the web. That way, we had a pipeline system sending these alerts to a central location where our investigation team would look at them. So we used the system to manage both cloud and on-prem and connect them.

How has it helped my organization?

We had one team that didn't have any security whatsoever. We helped them to add Prisma Cloud to scan their environment. It was a big issue in the company at the time, because they had a huge environment which was not following the security rules of the company. They didn't have any security. Prisma Cloud helped us to start raising alerts and vulnerabilities. That was a successful case because in the timeframe of one to two weeks, we installed the tool and were teaching the team how to manage it, find their vulnerabilities, and how to fix them. We were able to help a team that was totally vulnerable to have a security solution.

Overall, it covered all the stages that we hoped it would cover.

The solution also reduced our runtime alerts. I don't have the exact numbers but I would say it lowered the number of issues by 70 percent. Our strategy was that we started using the tool for some small applications, and then we started using it for other teams. For the small applications, I can't guarantee the reduction was 70 percent because those solutions were managed by the security team which had smart people who were security conscious.

What is most valuable?

We used the policy features to manage users so that they would not have secrets in their containers. We also used the vulnerabilities, the CVEs, that were being raised by the tool.

The CVEs are valuable because we used to have a tool to scan CVEs, at the language level, for the dependencies that our developers had. What is good about Prisma Cloud is that the CVEs are not only from the software layer, but from all layers: the language, the base image, and you also have CVEs from the host. It covers the full base of security.

The compliance is good because it has a deep view of the container. It can find stuff that only administrators would have access to in our container. It can go deep down into the container and find those policy issues.

We also started looking for the WaaS (Web-Application and API Security) solution, but we didn't implement it during the time I was at the company. We tested it. What's good about the WaaS is that it's almost a miracle feature. You can find SQL injection or cross-site scripting and defend against that by setting up Prisma Cloud and turning on the feature.

Prisma Cloud also provided risk clarity at runtime and across the entire pipeline, showing issues as they were discovered during the build phases. It provided a good rating for how to prioritize a threat, but we also had a way to measure risk in our company that was a little bit different. This was the same with other scanning tools that we had: the risk rating was something that we didn't focus too much on because we had our own way to rate risk. Prisma Cloud's rating was helpful sometimes, but we used our risk measurement more than the tool's.

What needs improvement?

One problem was identifying Azure Kubernetes Services. We had many teams creating Kubernetes systems without any security whatsoever. It was hard for us to identify Kubernetes because the Prisma Cloud could not identify them. From what I heard from Palo Alto at the time, they were building a new feature to identify those. It was an issue they were already trying to fix.

In addition, when it comes to access for developers, I would like to have more granular settings. For example, in our company we didn't want to display hosts' vulnerabilities to developers, because the infrastructure or containers team was responsible for host vulnerabilities or the containers. The developers were only responsible for the top application layer. We didn't want to provide that data to the developers because A) we thought it was sensitive data and B) because it was data that didn't belong to developers. We didn't want to share it, but I remember having this problem when it came to the granularity of granting permissions. 

They need to make the settings more flexible to fit our internal policies about data. We didn't want developers to see some data, but we wanted them to have access to the console because it was going to help them. One possibility was to develop our own solution for this, using the API. But that would add complexity. The console was clean and beautiful. It has the radar where you can see all the containers. But we just didn't want to show some data. It was a pain to have to set up the access to some languages and some data.

Another thing that was a pain was that in our on-prem environment there was a tool that sometimes generated a temporary container, to be used just for a build, and Prisma would raise some compliance issues for this container that would die shortly. It was hard to suppress these kinds of alerts because it was hard to find a standard or a rule that would fit this scenario. The tool was able manage the whole CI/CD pipeline, including the build as well—even these containers that were temporary for a build—but sometimes it would raise too much unnecessary data.

Also, one of the things that it's hard to understand sometimes is how to fix an issue. We managed to do so by testing things ourselves because we are developers. But a little bit of explanation about how to fix something would help. It was more showing what the problem was than it did about how to fix it.

Buyer's Guide
Prisma Cloud by Palo Alto Networks
November 2022
Learn what your peers think about Prisma Cloud by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
656,862 professionals have used our research since 2012.

For how long have I used the solution?

I used Prisma Cloud by Palo Alto Networks for about a year and a half.

What do I think about the stability of the solution?

It's pretty much stable, as much as containers are stable. It is more about the container solution itself, or how Kubernetes is managed and the state of health of the containers. As Prisma is a container solution itself, it was as good as the Kubernetes environment could make it. 

I don't know about the Prisma Cloud SaaS solution because we didn't use it, but the on-prem solution was as reliable as our Kubernetes system was. It was really reliable.

What do I think about the scalability of the solution?

It's pretty scalable because of the API. I liked how simple the console was and how simple the API was. There was no complexity; it was straightforward. The API documentation was also very good so it was pretty easy to scale. You could automate pretty much everything. You could automate the certificate information, you could automate the access for developers, and a lot of other stuff. It was a pretty modern solution. Using APIs and containers, it was pretty scalable.

How are customer service and support?

We used their technical support many times and it was very good. The engineers there helped us a lot. They were engaged and interested in helping, and they were polite and they were fast. When we raised an issue to high priority, they answered faster. I would rate their support at five out of five.

Which solution did I use previously and why did I switch?

Prisma Cloud was the only solution we had for container security. We had other tools such as SAST and DAST tools, as well as open source management tools. Those intersected somewhat with what Prisma does, but Prisma had access to the whole environment, so it's a little bit different.

What other advice do I have?

We used the API from Prisma Cloud. We had a Jenkins pipeline with a lot of scripts to automate the installation of Prisma Cloud and the patching updates as well.

In our company, the security team had about 10 people, but only two were responsible for Prisma Cloud. As I mentioned, we inherited ownership of it from the containers team. In the containers team, we had a guy who was our main contact and who helped us. For example, when we needed to access a certain environment, he had to manage access so that it could have privileged access to do what it needed to do in the container environment. So overall, there were three people involved with it.

We used Prisma Cloud extensively. We used it across the whole on-prem environment and partially on cloud. We were at around 10 or 20 percent of the cloud. I think that nowadays they have probably reached much more than that, because we were just beginning on the cloud at the time.

Smaller companies should probably use the SaaS. I know that Azure and the cloud providers already have different ways to use tools in an easy manner so that you don't need to manage the infrastructure. So smaller companies should look into that. The infrastructure solution would be more for big companies, but I would recommend the solution for big companies. I would also recommend it for small companies. In terms of budget, sometimes it's hard to prioritize what's more important, but Prisma fits into different budget levels, so even if you have a small environment you can use Prisma's SaaS solution.

I was pretty satisfied with it. My impression of Prisma Cloud was pretty good. It's an amazing tool. It gives the whole view of your container environment and connection with multiple platforms, such as Splunk. It is a good solution. If I had my own company and a container environment, I would use it. It can fit a huge container environment with a lot of hosts, but it can also fit a small container environment. Azure also provides built-in solutions to install Prisma in your application. So there are different solutions for various container environments. The company I was in had huge container environments to monitor, on-prem and in the cloud, and the tool fit really well. But the tool also fits small environments.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Gabriel Montiel - PeerSpot reviewer
Senior Customer Technical Engineer at a computer software company with 51-200 employees
Vendor
Top 20
The alerts and auto-remediation features allow us a lot of flexibility to customize
Pros and Cons
  • "The most valuable features are the alerts and auto-remediation because it allows us a lot of flexibility to customize and do things the Palo Alto team never intended. We faced some challenges with certificates because we also have next-gen firewalls. We would like to equip all the traffic because there have been many cases in which the developers have done things by mistake. Deploying certificates on virtual machines can be complex in a development environment, but we managed to do that with Prisma Cloud."
  • "While Prisma provides a lot of visibility, it also creates a ton of work. Most customers that implement Prisma Cloud have thousands of alerts that are urgent."

What is our primary use case?

I work for a monetary provider and handle around five customers. We mostly use Prisma Cloud for CSPN, but we have a banking customer using CWPP. 

Apart from those two use cases, the other customers are not interested in Prisma Cloud's other functionalities because they're green and already have other solutions with partners that they say are more mature. We have not implemented them in the customers' production environment, but we have toyed around with proofs of concept.

How has it helped my organization?

My organization is not primarily a customer. We don't use it a lot because we're a security company that mainly provides customers with solutions using this. That said, visibility is the most significant benefit for our clients because some are so large that they're unaware of what they have. 

They don't have adequate governance over expenses, security, and the parts of the network that are communicating. Prisma Cloud gives them reports that will provide instant insight into what's there. A new feature creates a visual map of networks and communications in the discovery part. It's excellent because you can instantly visualize everything. That's one feature that all the customers appreciate.

It performs well in complicated cloud environments. You only need to add your cloud account credentials. Most of the time, Palo Alto recommends using a full admin account for a service account accessing the tool. The tool works just as well, regardless of the company size. That's one of Prisma's biggest strengths. No matter how big you are, the tool can see everything.

Prisma Cloud can scan any cloud provider. We currently use Prisma on GCP, Amazon, Azure, and Alibaba. We also have Oracle, but I haven't used it for Oracle yet. This is crucial because some customers aren't proficient in managing multiple cloud environments. They only need to go to Prisma Cloud and see what they have because the team managing security is not the same one developing the solutions. 

Prisma offers a single pane of glass that lets you do most of what you want in one place. It's not only configurations but also knowing what you have, and your assets are doing. That's the main selling point of Prisma Cloud. It provides you with visualized reports, whether it's in the cloud, live serverless, containers, etc. 

I haven't toyed with CAB personally, but I think you can do that because you can scan images and deployments. I wouldn't say it gives you a lot of value in that regard because most of the CI/CD issues are application-level problems that Prisma Cloud or any other tool wouldn't help you with. Regarding security, you can deploy agents during the integration deployment and gain complete visibility with total memorability that you might introduce in the pipeline. Still, I think it will be a tiny part of the pipeline.

You will not see the problem if you're running an OGs application. While the developers can pinpoint the issue with the information provided, it will never relate to a piece of code and solve it. No tool can tell you exactly which part of the application is the problem, but a tool can identify which process has a vulnerability. Apart from that, many developers have issues finding the root cause of the vulnerability. When it's a library-related vulnerability, the TVD tells you to use another library or play the library. When your own code has the vulnerability, it's hard to pinpoint that.

Prisma provides a lot of information. You can see real-time alerts and forward them to JIRA or whatever tool you use with API or TVD. It also offers anomaly detection. If an administrator is logging in at weird times and doing strange functions, this tool can notify you about them. The anomaly detection is a correlation engine. You seldom get false positives. When it is a false positive, it's something you would expect. The only times I got a false positive were when the administrator forgot the password and tried logging in 50 times. At that point, they just need to contact support and change the password. 

Prisma has massively reduced our alert investigation times. It's 50 times quicker. Without this tool, we must dig up AWS logs, and the format isn't too accessible. The difference between using this tool to investigate an issue compared to a cloud-native solution is two hours versus two minutes. Digging up two logs using Ctrl-left is not the best approach, and it's the only approach cloud providers give you. 

The solution saved us because it helps us turn off idle machines. Most are machines we have turned on, and we didn't know what they do, but we didn't want to turn them off. Prisma Cloud lets you see the communication flows and the asset's actions on the communication map. If you see a device not communicating, it's easier to investigate what it's doing. Sometimes, it's a device generating reports at a particular time. You can schedule it to turn off when it's not active to save money. You also save money by spending less time solving your issues.

Doing cloud compliance without this tool would be impossible because cloud solutions are huge and highly complex. SOS compliance requires that you provide reports in under 24 hours. That's not possible without an automated tool like Prisma Cloud and the CSPN module. You would need to purchase Prisma or a competitor. It helps a lot because some customers have weird compliance requirements, and you can do it all on Prisma Cloud.

You can create custom compliance configurations according to your customer's needs and set Prisma up to provide the reports every 24 hours. In fact, you can do reports in 10-minute intervals or in real time. The client can access the dashboard and see if they're compliant. C-level executives in any company love that. 

What is most valuable?

The most valuable features are the alerts and auto-remediation because it allows us a lot of flexibility to customize and do functions the Palo Alto team never intended. We faced some challenges with certificates because we also have next-gen firewalls. We would like to equip all the traffic because there have been many cases in which the developers have made mistakes. Deploying certificates on virtual machines can be complex in a development environment, but we managed to do that with Prisma Cloud.

Prisma performs well in a fully cloud-native stack if you run several layers and Kubernetes. It's not so smooth if you migrate VMs into the cloud. Some customers try to do that with Prisma Cloud, but it's not compatible with Windows Server. However, you can deploy serverless containers without issue. You must deploy personal cloud agents into the virtual machines. The agents are called defenders. That module is excellent because you can see communications and vulnerabilities across your environment. It can also scan for malware. It tries to do many tasks at once, say the value it provides is the ability to see communications between devices.

The agent can block the traffic trying to exploit the vulnerability, but it can't fix the problem. That's on the application level. Most of the time, you give the application development team the vulnerability report, and they fix the issue, but Prisma protects you in the meantime. You can sleep well knowing that the agent is blocking the malicious traffic.

They recently added a module called Code Security that enables you to scan repositories or infrastructure as code. You can see concept errors like CSPN problems before the deployment. In tab use cases, it's excellent because you can see if there are misconfigurations in Terraform without having to deploy the instance or whatever you are deploying. That can save you money because sometimes people are deploying machines with problems that are easily fixable. It also improves security because you can fix a vulnerability before you have it with Cloud Security, but that's a rather new solution.

What needs improvement?

The IMD feature could be improved, but Palo Alto is working on that. It's a relatively new module that attempts to identify unnecessary permissions. Prisma Cloud is a platform that adds new modules whenever Palo Alto acquires a company or develops a new solution. The development team is trying to add new features. It also has Click Code Security for infrastructure security, but it doesn't add much value unless your DevOps team is really junior.

While Prisma provides a lot of visibility, it also creates a ton of work. Most customers that implement Prisma Cloud have thousands of alerts that are urgent. It creates a high workload initially. Apart from that, it solves the problems you have. Palo Alto says that 99 percent of breaches come from misconfiguration. I have seen that first hand. I think the fewest alerts a customer had was around 100 still, but they used another tool for that, so that saves a lot.

For how long have I used the solution?

I have been working with Prisma Cloud for about 15 months.

What do I think about the stability of the solution?

Prisma's stability is close to 100 percent because it's just a dashboard that connects to your public cloud. It's essentially a website that never goes down, and you could also host it locally if your security requires it. Most of the customers use the Prisma Cloud platform. If it goes down for any reason, the security agents work independently of Prisma Cloud. You send logs to Prisma Cloud and update the configurations via the cloud. However, if the platform goes offline, you still have top-notch security.

What do I think about the scalability of the solution?

As long as you purchase credits, Prisma Cloud is easy to scale.

How are customer service and support?

I have never contacted Palo Alto support because our team is highly proficient in the solution and the platform is easy to use. You deploy the agents, and it just works. 

How was the initial setup?

It's straightforward to deploy the solution because it's cloud-based, so you just set up an account, username, and password. If you think about it, the Prisma Cloud tool does not do much, but what it does is valuable. It does something simple on a scale that human beings could not do. 

What other advice do I have?

Based on my own experience, I would I rate Prisma Cloud a ten out of ten. However, I haven't compared it with other solutions, so maybe other solutions have more features that Prisma is lacking. My advice is to implement Prisma if it has the features you want but also shop around because I'm sure other solutions are just as good as this one.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PeerSpot user
Buyer's Guide
Prisma Cloud by Palo Alto Networks
November 2022
Learn what your peers think about Prisma Cloud by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
656,862 professionals have used our research since 2012.
Lead- Information Security Analyst at archan.fiem.it@gmail.com
Real User
Easy to use, provides good visibility but interface isn't customizable
Pros and Cons
  • "Prisma Cloud is quite simple to use. The web GUI is powerful. Prisma Cloud scans the overall architecture of the AWS network to identify open ports and other vulnerabilities, then highlights them."
  • "Prisma Cloud's dashboards should be customizable. That's very important. Other similar solutions are more elastic so you have the power to create customized dashboards. In Prisma Cloud, you cannot do that."

What is our primary use case?

We primarily use Prisma Cloud as a cloud security posture management (CSPM) module. Prisma Cloud is designed to catch vulnerabilities at the config level and capture everything on a cloud workload, so we mainly use it to identify any posture management issues that we are having in our cloud workloads. We also use it as an enterprise antivirus solution, so it's a kind of endpoint security solution.

Our setup is hybrid. We use SaaS also. We mostly work in AWS but we have customers who work with GCP and Azure as well. About 60 percent of our customers use AWS, 30 percent use Azure, and the remaining 10 percent are on GCP. Prisma Cloud covers the full scope. And for XDR, we have an info technology solution that we use for the Gulf cloud. So we have the EDF solution rolled out to approximately around 500 instances right now.  

Prisma Cloud is used heavily in our all production teams. Some might not be directly using the product since our team is the service owner and we manage Prisma. Our team has around 10 members teams, and they are the primary users. From an engineering aspect, there are another 10 team members who use it basically. Those are the actual people who work hands-on with Prisma Cloud. Aside from that, there are some product teams that use Prisma indirectly. If we detect something wrong with their products, we take care of it, but I don't think they have an active account on Prisma Cloud.

How has it helped my organization?

Prisma Cloud has been helpful from a security operations perspective. When a new product is getting onboarded or we are creating a new product — specifically when we need to create a new peripheral— it's inevitable that there will be a kind of vulnerability due to posture management. Everything we produce goes through via CICD, and it's kind of automated. Still, there are some scenarios where we see some gaps. So we can discover where those gaps exist, like if someone left an open port or an instance got compromised. 

These kinds of situations are really crucial for us,  and Prisma Cloud handles them really well. We know ahead of time if a particular posture is bad and we have several accounts in the same posture. Prisma gives us a deep dive with statistics and metrics, so we know which accounts are doing bad in terms of posture, how many accounts are out of alignment with the policy strategy, how many are not compliant. Also, it helps us identify who might be doing something shady. 

So we get some good functionality overall in that dashboard. Their dashboard is not customizable, however, so that's a feature we'd like to say. At the same time, what they do provide on their dashboard is pretty helpful. It enables us to make the posture management more mature. We're able to protect against or eliminate some potential incidents that could have happened if we didn't have Prisma. 

What is most valuable?

Prisma Cloud is quite simple to use. The web GUI is powerful. Prisma Cloud scans the overall architecture of the AWS network to identify open ports and other vulnerabilities, then highlights them. It's really good at managing compliance. We get out-of-the-box policies for SOC 2, Fedramp, and other compliance solutions, so we do not need to tune most of the rules because they are quite compliant, useful, and don't get too many false positives. 

And in terms of Prisma Cloud's XDR solution, we do not have anything at scope at present that can give us the same in-depth visibility on the endpoint level. So if something goes bad on the endpoint, Prisma's XDR solutions can really go deep down to identify which process is doing malicious activity, what was the network connection, how many times it has been opened, and who is using that kind of solution or that kind of process. So it's a long chain and its graphical representation is also very good. We feel like we have power in our hands. We have full visibility about what is happening on an endpoint level. 

When it comes to securing new SaaS applications, Prism Cloud is good. If I had to rate it, I would say seven out of 10. It gives us really good visibility. In the cloud, if you do not know what you are working with or you do not have full visibility, you cannot protect it. It's a good solution at least to cover CSPM. We have other tools also like Qualys that take care of the vulnerability management on the A-level staff — in the operating system working staff — but when it comes to the configuration level, Prisma is the best fit for us. 

What needs improvement?

Prisma Cloud's dashboards should be customizable. That's very important. Other similar solutions are more elastic so you have the power to create customized dashboards. In Prisma Cloud, you cannot do that. Prisma also should allow users to fully automate the workflow of an identified set. Right now, it can give us a hint about what has happened and there is an option to remediate that, but for some reason, that doesn't work. 

Another pain point is integration with ticketing solutions. We need bidirectional integration of Prisma Cloud and our ticketing tool. Currently, we only have one-way integration. When an alert appears in Prisma Cloud, it shows up in our ticketing tool as well. But if someone closes that ticket in our ticketing tool, that alert doesn't resolve in Prisma Cloud. We have to do it manually each time, which is a waste of time. 

 I am not sure how much Prisma Cloud protects against zero-day threats. Those kinds of threats really work in different kinds of patterns, like identify some kind of CBE, that kind of stuff. But considering the way it works for us, I don't think it'll be able to capture a zero-day threat if it is a vulnerability because Prisma Cloud actually doesn't capture vulnerability. It captures errors in posture management. That's a different thing. I don't know if there is any zero-day that Prisma can identify in AWS instantly. Probably, we can ask them to create a custom policy, but that generally takes time. We haven't seen that kind of scenario where we actually have to handle a zero-day threat with Prisma Cloud, because that gets covered mostly by Qualys.

For how long have I used the solution?

I've been using Prisma Cloud for almost two years now.

What do I think about the stability of the solution?

Prisma Cloud is quite stable. At times, it goes down, but that's very rare. We have some tickets with them, but when we see some issues, they sort it out in no time. We do not have a lot of unplanned downtime. It happens rarely. So I think in the last year, we haven't seen anything like that.

What do I think about the scalability of the solution?

Prisma Cloud is quite scalable. In our current licensing model, we're able to heavily extend our cloud workload and onboard a lot of customers. It really helps, and it is on par with other solutions.

How are customer service and support?

I think Prisma Cloud's support is quite good. I would rate them seven out of 10 overall. They have changed their teams. The last team was comparatively not as good as the one we have right now. I would rate them five out of 10, but they have improved a lot. The new team is quite helpful. When we have an issue, they take care of it personally if we do not get an answer within the terms of the SLA. We tend to escalate to them and get a prompt answer. The relationship between our management and their team is quite good as well. .

We have a biweekly or weekly call with their tech support team. We are in constant communication about issues and operating problems with them. It's kind of a collab call with their tech support team, and we have, I think, a monthly call with them as well. So whenever we have issues, we have direct access to their support portal. We create tickets and discuss issues on the call weekly.

Transitioning to the new support team was relatively easy. They switched because of the internal structure and the way they work. Most of the engineering folks work out of Dublin and we are in India. The previous team was from the western time zone. That complicated things in terms of scheduling. So I think the current team is right now in Ireland and it's in the UK time zone. That works best for us. 

How was the initial setup?

We have an engineering team that does the implementation for us, and our team specifically handles the operations once that product is set up for us. And then that product is handed over to us for the daily BA stuff accessing the security, the CSPM kind of module. We are not involved directly. When the product gets onboarded, it's handed over to us. We handle the management side, like if you need to create a new rule or you need to find teams for the rule. But the initial implementation is handled by our engineers.

What other advice do I have?

I would rate Prisma Cloud six out 10. I would recommend it if you are using AWS or anything like that. It's quite a tool and I'm impressed with how they have been improving and onboarding new features in the past one and a half years. If you have the proper logging system and can implement it properly within your architecture, it can work really well.

If you are weighing Prisma Cloud versus some CASB solution, I would say that it depends on your use case. CASBs are a different kind of approach. When someone is already using a CASB solution, that's quite a mature setup while CSPM is another side of handling security. So if someone has CASB in place and feels they don't need CSPM, then that might be true for a particular use case at a particular point in time. But also we need to think of the current use case and the level of maturity at a given point in time and consider whether the security is enough.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Director of Information Security Architecture at a financial services firm with 5,001-10,000 employees
Real User
Top 20
Provides continuous compliance monitoring, good visibility from a single pane of glass, good support
Pros and Cons
  • "The most valuable feature is the continuous cloud compliance monitoring and alerting."
  • "We would like to have the detections be more contemporaneous. For example, we've seen detections of an overprivileged user or whatever it might be in any of the hundreds of Prisma policies, where there are 50 minutes of latency between the event and the alert."

What is our primary use case?

We use Prisma Cloud in several ways and there are a lot of use cases. The first way that we use it is for inventory. It keeps a near real-time inventory of virtual compute storage and services. Second, we use it for monitoring and alerting of misconfigurations or other items of security significance. Next is compliance. We use it to monitor compliance with the centers for internet security (CIS) benchmarks.

How has it helped my organization?

Prism provides security that spans multi/hybrid-cloud environments. We have it configured to watch for compliance in AWS, the Google Cloud Platform, and very soon, Azure as well. This is important to us because our risk management organization mandated the fact that we would maintain this overwatch capability in any of our clouds that have virtual compute storage or workloads.

Prism's comprehensiveness for protecting the full cloud-native stack is excellent.

The comprehensiveness of the cloud-native development lifecycles is excellent. For us, the deploy functionality is not applicable but the build and run capabilities are. It positively affects our operations and gives us optics that we wouldn't otherwise have, at the speed of the cloud.

Prisma provides the visibility and control that we need, regardless of how complex our environments are. This very much boosts our confidence in our security and compliance postures. It's also been deemed acceptable as a sufficient presence and efficacy of control by our internal auditors and external regulators alike.

This solution has enabled us to integrate security into our CI/CD pipelines and add touchpoints as a control stop in the release chain. The touchpoints are seamless and very natural to our automation.

Prism Cloud is a single tool that we can use to protect all of our cloud resources without having to manage and reconcile several security and compliance reports. It unifies and simplifies the overall operations.

Using this tool provides us with risk clarity across the entire pipeline because we use it as a pre-deployment control, ensuring that the run state is known and the risk posture is known at runtime. Our developers use this information to correct issues using our tools for YAML, JSON, CloudFormation templates, and Terraform.

Prisma does so much pre-screening that it limits the number of runtime alerts we get. This is because those pre-deployment code controls are known before the run state.

The investigations capabilities enhance our process and lower incident response and threat detection time. However, it is an enabler and it is run in parallel with our SIEM, which is Splunk. Most of what we're going to do, investigation-wise, is going to be in Splunk, simply because there's better domain knowledge about the use of that tool in Splunk's query language.

What is most valuable?

The most valuable feature is the continuous cloud compliance monitoring and alerting. The way Prisma works is that it has a tentacle from Palo Alto's AWS presence into ours. That tentacle is an application program interface, an API, a listener. That listener goes in and is entitled to look at all of the Amazon Web Services' logging facilities. It can then do event correlation, and it can tattletale on misconfigurations such as an S3 storage bucket made publicly available. We wouldn't otherwise be aware of that if Prisma didn't watch for it and alert on it.

Prism provides cloud workload protection and cloud network security in a single pane of glass, and these items are very important to us. It also provides cloud infrastructure entitlement management but identity and access management is not something that we use Prisma for. We implemented a PoC but we opted to use another tool for that use case.

The security automation capabilities provided by this product are excellent and industry-leading. Palo Alto bought a company called Twistlock, which makes a pre-deployment code scanner. They added its functionality to the feature set of Prisma in the form of this compute module. Now, we're able to use the Twistlock capability in our automation, which includes our toolchains and pipelines.

This tool provides excellent features for preventative cloud security. We use all of the auto-remediation capabilities that Prisma offers out of the box. That "see something, do something" auto-remediation capability within Prisma keeps our human responders from having to do anything. It's automated, meaning that if it sees something, it will right the wrong because it has the entitlement to do that with its Prisma auto-remediation role. It's great labor savings and also closes off things much quicker than a human could.

Palo just keeps bolting on valuable features. They just show up in the console, and they have their little question mark, down in the lower right-hand corner, that shows what's new, and what's changed for August or September. They just keep pouring value into the tool and not charging us for it. We like that.

What needs improvement?

We would like to have the detections be more contemporaneous. For example, we've seen detections of an overprivileged user or whatever it might be in any of the hundreds of Prisma policies, where there are 50 minutes of latency between the event and the alert. We'd always want that to be as quick as possible, and this is going to be true for every customer.

The billing function, with the credits and the by-workload-licensing and billing, is something that is a little wonky and can be improved.

For how long have I used the solution?

We began using Prisma Cloud in October or November 2018, when it was still known as RedLock.

What do I think about the stability of the solution?

Stability-wise, it has been perfect.

What do I think about the scalability of the solution?

The scalability is excellent. Palo keeps adding cloud support, such as for Alibaba, Oracle, and others.

We have approximately 5,500 employees. Our deployment is all-encompassing overwatch to all of our AWS accounts, of which there are 66. We also have two or three different folders within GCP.

We do have plans to increase our usage. This includes using it for more of its capabilities. For example, there is a workload protection link that we haven't fully embraced. There are also some network security features and some dashboarding and geo-mapping capabilities that we could make better use of.

How are customer service and support?

The technical support is excellent. We have premium support with Palo Alto and I never have any critique for the quality or speed of support.

Which solution did I use previously and why did I switch?

We have used this solution from the outset of our cloud journey. It began with Evident.io, then it became RedLock, and then it became Prisma Cloud.

How was the initial setup?

The initial setup is very straightforward. We did it several times.

The first one was deployed to AWS, which probably took about an hour. Years later, as we adopted the Google Cloud, it was configured in probably half an hour.

Palo provides the necessary setup instructions and you can't go wrong, as long as you have the role entitlement set up for Prisma. The handshake only takes about an hour.

What about the implementation team?

Our deployment was done entirely in-house.

We have three people, full-time, who are responsible for the maintenance. Their roles are policy management, meaning these are the rule sets. It's called RQL, the RedLock query language, the out-of-the-box policies that are ever dynamic. When there's a new policy, we have to go in and rationalize that with our cyber organization.

We have to scrutinize the risk rating that's put on it by Palo. We have to realize when we're going to turn it on and turn it off. Also, we have to consider the resulting incident response procedures associated with the alert happening.

What was our ROI?

One metric that would be meaningful in this regard is that our company has had no cloud-based compromise. 

What's my experience with pricing, setup cost, and licensing?

You can expect a premium price because it is a premium quality product by a leading supplier.

We are a strategic partner with Palo Alto, meaning that we use all of their solutions. For example, we use their NG firewalls, WildFire, Panorama, Prisma, and all of their stuff. Because Prisma was an add-on for us, we get good pricing on it.

There are costs in addition to the standard licensing fees. The credits consumption billing model is new and we're going to be using more of the features. As we embrace further and we start to use these workload security protections, those come at an incremental cost. So, I would say that our utilization, and thus the cost, would trend up as it has in the past.

Which other solutions did I evaluate?

We evaluated several other products such as DivvyCloud, Dome9, and a product by Sophos.

We did a full comparison matrix and rationalization of each of the capabilities. Our sister company was using DivvyCloud at the time and as we do from time to time, we conferred with them about what their likes and dislikes were. They were moderately pleased with it but ultimately, we ended up going with Palo Alto.

What other advice do I have?

My advice for anybody who is considering this product is to give it a good look. Give it a good cost-balance rationalization versus the cost of a compromise or breach, because it's your defense mechanism against exposure.

I would rate this solution a ten out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Arun Balaji G - PeerSpot reviewer
Senior Associate Consultant at Infosys
MSP
Enables us to automate and increase security without agents, but integrations with third-party vendors need work
Pros and Cons
  • "It also provides us with a single tool to manage our entire cloud architecture. In fact, we are using a multi-account strategy with our AWS organization. We use Prisma as a single source of truth to identify high- or medium-severity threats inside our organization."
  • "One of the main backlogs in their development is in the area of integration. For example, we have ServiceNow in place for ticket management and Prisma Cloud is supposed to send closure emails for incidents. But from time to time, it fails to do so. We have several other mismatches between Prisma Cloud and ServiceNow."

What is our primary use case?

It is pretty easy to onboard accounts with Prisma Cloud. We use Prisma Cloud Compute and Prisma Cloud policy management. The latter is our primary solution and we use Compute to manage our container security, including threats and vulnerabilities. But we primarily focus on managing the policies for our entire cloud configs, internal threats, and network patterns.

How has it helped my organization?

For our market requirements, we do need several other services to be maintained for the perfect security posture. For example, one of the primary resources that we are using in our cloud is EC2 instances. That does need some primary security features, like security groups with proper closures, and proper networking with our firewalls. To make sure all of these premade configs are working, Prisma Cloud helps us to identify whenever any deployments meet up with our cloud. It is helpful with our singular architecture.

Prisma Cloud is very helpful with a full native stack. We don't want to leverage any of the resources directly. Instead, Prisma provides us with the services to automate and increase security posture without any internal agents to run it. Other products have internal agents to run with our cloud to help with the security posture of that cloud, but Prisma does not do that. It has a very simple mechanism to onboard the accounts with their console, where we can use the IAM to scan all of the accounts and identify threats and config mismatches.

The solution has also been helpful when it comes to our investigation times because we have fully automated it with our ticketing system. We use ServiceNow and whenever there are any alerts from Prisma Cloud, we have it configured so that they go directly to ServiceNow. That means the user can identify their incident and can resolve it based on the priority of service level agreements. When they do remediate an issue, Prisma Cloud will resolve the alert within Prisma Cloud and ServiceNow will close it on behalf of the user.

Prisma Cloud saves a lot of manual effort that we had to do within our cloud organization.

What is most valuable?

Prisma Cloud policy management is more valuable than Prisma Cloud Compute. While we use Compute often, we are not leveraging container security as much. We have limited resources for the containers in our cloud environment. Sooner or later, we will launch multiple container features in our cloud, but right now, we don't have much scope so we haven't had a chance to explore the Compute side much.

The solution supports multi- and hybrid-cloud environments. It has multiple cloud strategies like GCP and Azure. It has policy fixes for those cloud environments. We leverage it for AWS and it's important that we can use it for that singular platform.

Prisma Cloud also has log retention periods for the alerts and policies that are triggered, for each account. For example, my account has a specific policy that is high severity. If I need to further investigate, I can do that investigation in the upcoming 30 days. After 30 days, the logs of the triggered alert are not retained by Prisma Cloud on the Palo Alto network.

It also provides us with a single tool to manage our entire cloud architecture. In fact, we are using a multi-account strategy with our AWS organization. We use Prisma as a single source of truth to identify high- or medium-severity threats inside our organization.

Another feature is the automation. It has certain types of policies that can identify network-based threats, such as unusual port or protocol activities. It has tremendous machine-learning capabilities to identify patterns.

What needs improvement?

When it comes to automation and machine learning, it still needs some more work because sometimes they can give false positives.

In addition, since cloud services are coming up with new features and solutions, Prisma should also keep up with the same level of security. For example, at the previous AWS Summit, numerous services were introduced. Our businesses wanted to develop some of the services with the features in our cloud, but Prisma hasn't come up with any new APIs. Prisma needs to keep up with quick changes as soon as any cloud platform comes up with a new invention.

And one of the main backlogs in their development is in the area of integration. For example, we have ServiceNow in place for ticket management, and Prisma Cloud is supposed to send closure emails for incidents. But from time to time, it fails to do so. We have several other mismatches between Prisma Cloud and ServiceNow. So we have had to focus on incident management.

Integrations with third-party vendors, such as ServiceNow, Slack, and other ticketing tools that Prisma supports have full automation, but there are still some bugs to fix. We see failures from time to time. When our team fixes vulnerabilities or threats, they still see the incidents in place, which makes them liable to pay for SLA failures. Those kinds of things can be avoided if we have fully fledged event management integration with those tools.

They also need to increase their log retention periods to allow further investigation. Sometimes it takes time to check with asset owners and do deep investigations. Because we have numerous accounts, it can take time for asset owners to investigate each and every alert. The log retention period is one of the cons. 

For how long have I used the solution?

I have been using Prisma Cloud by Palo Alto Networks for more than a year. I started in my role as a cloud security engineer about two and a half years ago, and Prisma Cloud is one of the CSPM solutions that we use.

I use Prisma Cloud every day. It is one of the primary tools I need to monitor and manage the security of our cloud environment. I use it very extensively and my team members use it for identifying threats and managing them with the asset owners.

What do I think about the stability of the solution?

In terms of performance, they have cloud releases of security features during the first week of every month. Whenever they release new policies, all of a sudden it starts to throw multiple alerts within our console. It is a bit annoying for the DevOps team, but from a security perspective, it is a useful process. But a pre-announcement or pre-testing of the alerts would be a better way for them to do this, instead of creating 50 or 100-plus alerts for our DevOps. We are suggesting better pre-testing of new policies.

What do I think about the scalability of the solution?

It is pretty scalable. When we deploy new AWS accounts within our organization, it applies the same security posture policies to those accounts as well. We can see the security postures it recommends whenever we onboard any new accounts with our organization. The scalability is very good with the management it provides for any accounts we onboard.

Palo Alto Networks is one of the fastest-growing security products in our organization.

How are customer service and support?

From time to time we experience delays in support for critical scenarios. They do have engineering teams at the backend that work with the policies. I understand that. But I'm expecting a more responsive service on their side because sometimes it can even take a week to get a response back from the engineering team.

When we go through the toll-free number to submit a case, they suggest that they are working on it, but sometimes they don't give solutions for such cases for some time.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used AWS native security, which is Security Hub. They have their own benchmarks which we leveraged. But we wanted to see more variables with the policies to have a stricter and more secure cloud environment so we moved to Prisma Cloud.

We have been customers of Palo Alto Networks for a very long time because they have several security products, including firewalls that we use in our organization.

How was the initial setup?

The deployment was very straightforward. We were able to onboard IAM policies from our AWS master account to our console with a few clicks. We were able to see that Prisma had started to onboard and ingest for alerts and asset variations within our inventory.

What about the implementation team?

We have a security architect and Palo Alto has a security architect. We deployed it together with the support of a Palo Alto engineer.

What other advice do I have?

When we started using Prima Cloud a year ago, we had 7,000-plus alerts. We went through many of the policies that resulted in numerous false positives and we went through the RQL (Resource Query Language) queries that were not applicable to our environment and that created false positives from their side. We reported them with the details via their case submission. They checked on them and they modified some of the alerts as a result of our request. They are progressing with their changes. We have reduced to 500-plus alerts in the past eight months and we are in good shape in terms of security posture.

Overall, I would rate Prisma Cloud at seven out of 10. It has the scalability and easy onboarding where we can onboard an organization with a few clicks and the integration part will take care of the rest. I appreciate that. But the log retention and integration with third-party solutions need improvement.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Senior Principal Consultant Cloud/DevOps/ML/Kubernetes at Opticca
Real User
Top 5
Reporting enables us to confidently certify compliance for a customer, but work is needed around build-time security
Pros and Cons
  • "Prisma Cloud also provides the visibility and control you need, regardless of how complex or distributed your cloud environments become. It helps to simplify that complexity. Now we know what the best practices are, and if something is missing we know."
  • "In terms of securing cloud-native development at build time, a lot of improvement is needed. Currently, it's more a runtime solution than a build-time solution. For runtime, I would rate it at seven out of 10, but for build-time there is a lot of work to be done."

What is our primary use case?

We use it for compliance management and policy detection, especially for hybrid clouds.

How has it helped my organization?

If you have just one or two clouds the detection policy provided by the cloud provider is sufficient. But if you have more than two clouds, a tool like Prisma Cloud is required because you want to go to one place and do things once. The value of a solution like this is that when you have multiple cloud providers, it plays a vital role in security posture management, security detection management, and alert management.

The solution also enables us to make security alerts and security risks visible to our tenants, as we have a common dashboard. In addition, it helps us to improve knowledge of the environment by allowing people, and not just the central team, to always access the data and to see what the security posture looks like. It gives us a central location to see what the security posture is like for multiple cloud providers.

Prisma Cloud also provides the visibility and control you need, regardless of how complex or distributed your cloud environments become. It helps to simplify that complexity. Now we know what the best practices are, and if something is missing we know.

It also helps us to confidently certify compliance for a customer. The reports it provides become a basis for compliance certification. It gives us a single tool to protect all of our cloud resources and applications without having to manage and reconcile disparate security and compliance reports.

In addition, by using the Prisma Cloud 2.0 Cloud Security Posture Management features, our security teams get alerts with the context to know which situations are the most critical. That helps because we have visibility without having to log in to multiple cloud providers. It gives us one simple way to look at all the three cloud provider policies. Those alerts provide us with a good place to start. Our teams get all the data they need to pinpoint the root cause.

What is most valuable?

Prisma Cloud provides security spanning multi- and hybrid-cloud environments. That is very important when you have a multi-cloud environment because it gives you a single pane of glass for all of them.

In that single pane of glass it gives you Cloud Security Posture Management, Cloud Workload Protection, and Cloud Infrastructure Entitlement Management, and the vast majority of Cloud Network Security. Without this kind of tool, you would have to go through the three cloud providers and do the mappings for each one. It would be a huge amount of mapping and cross-referencing work, but that work is already done with this solution. Not just the referencing work is done, but it also does the monitoring and scheduling. And a given workload that needs to be compliant with the requirements of a certain country or with your business will be compliant, based on the regionality. Visibility and monitoring are things that are required and Prisma Cloud provides them.

It provides mapping for all compliances so that you do not have to do it. Mapping policies to different compliances can be tricky but it's also a good thing. And you can reuse it as-is. You do not have to do anything. It also provides mapping to the compliance history.

And when it comes to detection, it allows you to write policies that are not just based on compliance but also on your cloud security controls. It allows you to write customizations. It is also the sort of tool in which customization of alerts, notifications, and cloud posture management is possible.

In addition, Prisma Cloud gives you visibility over all of your policies. I know that it can do auto-collection, but I have not seen that implemented by anyone because auto-collection requires organizational maturity, but that lack of implementation is not due to tool immaturity.

And it is a perfect tool, in terms of security policy detection, when it comes to the comprehensiveness of the solution for protecting the full, cloud-native stack. It's very effective.

Another great feature of Prisma Cloud is its integration with Jira and ServiceNow. With those integrations, you do not have to manually intervene. If you do an integration, alerts can be assigned to the respective group, using Jira and ServiceNow. That definitely helps in reducing a good amount of work.

It also provides integration with Agile tools, and that is a great thing. It integrates security into the CI/CD pipeline for container workloads. (We have not used it for non-container workloads, but that's not an issue with the tool). The touchpoints in our DevOps processes are just API calls, making the integration very easy and very smooth.

Developers are able to correct issues using the tools they use to code. The way we have it set up, it's a process of reverse engineering. When an alert comes up it is used to see what was detected and how that can be converted into a preventive policy. That feedback loop is manual, but that input helps to turn the policy into a preventive one. Prisma Cloud has helped to reduce runtime alerts by about 30 percent because we are converting everything into preventive policies. And because it gives you an idea of what needs to be done, it has reduced alert investigation times by 30 to 40 percent.

What needs improvement?

There is some work to be done on preventive security policies. I would give the existing preventive approach a seven out of 10. I'm sure they will be doing something in this area.

In terms of securing cloud-native development at build time, a lot of improvement is needed. Currently, it's more a runtime solution than a build-time solution. For runtime, I would rate it at seven out of 10, but for build-time there is a lot of work to be done.

Another area for improvement is support for OPA (Open Policy Agent) rather than the proprietary language. Nowadays, people mix things, but you don't want to write a policy in different languages.

For how long have I used the solution?

I have been using Prisma Cloud by Palo Alto for almost two years.

What do I think about the stability of the solution?

We haven't seen any issues with the stability of the solution in the last two years. It's good, with no problems at all.

What do I think about the scalability of the solution?

As for the scalability, we haven't seen any issues. We are not cloud-busting, but so far, so good.

We want to extend the solution more in the container world and have more service automation. Those are scenarios we have not gotten to yet.

How are customer service and support?

I am happy with Palo Alto's technical support. It has been good.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

Before Palo Alto, we used the cloud providers' native tools. We switched because, while the native tools were great, managing three different cloud provider portals was not ideal. We needed some centralization and customization.

How was the initial setup?

The initial deployment was a simple and automated process. It was good. It took four or five hours per cloud provider. We use it with AWS, Azure, GCP, and Oracle. There was some strategy involved in the implementation because there are differences among the cloud providers. For example, in AWS you have a Control Tower. A good strategy reduces manual intervention, but it's a SaaS solution so we did not have to do much.

We don't need any staff members to maintain the solution but we do need people to write the custom policies and to make sure that someone is there to take action when there are alerts. We have three staff members involved because writing the policies is not easy. One of the guys is responsible for policy writing, one of the guys is responsible for communication and checking the portal to make sure we communicate with people, and the other guy is helping them both with whatever tasks they need help with.

Which other solutions did I evaluate?

We tried a few other options but once we looked at Prisma Cloud we decided it was a better option.

The advantage of Prisma Cloud was its support for all the cloud providers and its automation. The ease of automation was one of our selection criteria. Cost was another consideration. While Prisma Cloud is not cheap, it's in the medium range. But if an organization is already using Palo Alto, they can negotiate a good price.

What other advice do I have?

It makes sense for a smaller company to use the native cloud tools, but for a large organization it makes sense to have a tool like Prisma Cloud with centralized information, especially for security.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Kevin Sorenson - PeerSpot reviewer
Cloud DevOps Engineer at a tech services company with 51-200 employees
Real User
Top 10
We could go into the dashboard and see all these notifications telling us which subscriptions didn't have TLS 1.2 enabled
Pros and Cons
  • "We were pleased with Prisma's custom and built-in reports. We could go into the dashboard and see all these notifications telling us which subscriptions didn't have TLS 1.2 enabled. The security controls were the most valuable features."
  • "The access controls for our bank roles were not granular enough. We needed specific people to do particular actions, and we often had to give some people way too much access for them to be able to do what they needed in Prisma. They couldn't do their jobs if they didn't have that level of access, so other people had to do that part for them. It would help to have more granular role-based access controls."

What is our primary use case?

We had Azure, AWS, and a little bit of GCP, so we gave Prisma read access to all those accounts, subscriptions, etc., and monitored the alerts to mitigate risks based on what popped up in the dashboard.

While it's not our only tool, Prisma is managing about 80 percent. We still occasionally go into cloud-native tools to ensure certain compliance standards are being met. Sometimes, urgent issues need to be fixed that haven't been reported in Prisma because the native tools will catch them first. As a third-party solution, Prisma might take a little longer to build a report directory.

We had around 30 to 40 users who were a mix of cloud and DevOps engineers. There were also members of the security team who made decisions about what kind of security policies we had to follow. We used it extensively within the public cloud across all our Azure, AWS, and GCP subscriptions and projects. There was interest in using it on-premises with our vSphere environment as well. I don't know if that ever happened.

How has it helped my organization?

Prisma enabled us to get up-to-speed on enforcing TLS 1.2. It helped us look at different types of resources, like storage accounts and app services. I'm thinking particularly of Azure because that was my focus. I found all the resources from the Prisma list and remedied those issues so that they were displayed as resolved in Prisma.

It gave us visibility into and control over complex cloud environments, which helped us feel better about our security and secure the environment with the clinical data. Our security team was pleased when we showed them clean Prisma reports. It boosted their confidence and their comfort level that we were being compliant.

Prisma made it much easier to ensure that all of the security pieces are handled. It simplified our security issue resolution. It cut down our investigation time by giving us one place to look. It cleaned up our operations considerably because finding what resources needed to be resolved, mitigated, or updated was easier. It probably saved us several hours every week. It also saved us some money, but I couldn't quantify the savings because other environments also used it.

It helped us develop a preventative approach to security. Nine out of ten times, we could find issues that needed to be fixed ahead of time. We had a monthly meeting where we would review the high-severity alerts on the dashboard and assign people to remedy them. Once we got through the high severity alerts, we looked at mediums and low severity alerts. Prisma enabled us to identify resources we needed to fix, which was quite handy.

What is most valuable?

We were pleased with Prisma's custom and built-in reports. We could go into the dashboard and see all these notifications telling us which subscriptions didn't have TLS 1.2 enabled. The security controls were the most valuable features. 

Prisma's multi-cloud capabilities were essential. We wouldn't have used it without them. We would have just used the native cloud vendors' security solutions. Its protection of our full cloud-native stack is pretty comprehensive. I would rate it at least an eight out of ten. It stacks up well compared to the security alerts and notifications we got from solutions like Defender.

What needs improvement?

It sometimes took Prisma a little while to build queries, so new services or features wouldn't appear. It wouldn't get flagged in Prisma for a bit. It would be helpful if they sped up how quickly they got their default notifications, queries, and alerts.

The access controls for our bank roles were not granular enough. We needed specific people to do particular actions, and we often had to give some people way too much access for them to be able to do what they needed in Prisma. They couldn't do their jobs if they didn't have that level of access, so other people had to do that part for them. It would help to have more granular role-based access controls.

For how long have I used the solution?

We used the solution for about three years at my previous company. 

What do I think about the stability of the solution?

Prisma seemed highly stable, but I wasn't managing the solution. I was more of a user.

What do I think about the scalability of the solution?

Prisma seemed to scale pretty well. It covered several large environments and didn't seem to struggle when loading information for us. I think it did well.

How are customer service and support?

I rate Palo Alto support a six out of ten. The support was adequate, but I can't say it was great. If we had an issue with a feature or a query, it could take them a little while to get back, especially if it was a feature improvement or a new alert. They were very slow to add new warnings and features.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

The company never had a public cloud solution before Prisma, but they had something for on-prem. I don't know what it was. They also used cloud-native solutions like Defender for Cloud and the native tool for AWS.

We switched to Prisma because we wanted a single pane of glass that would allow the security team to see security issues across all of the public cloud vendors that we used, so they wouldn't have to jump to each individual cloud vendor's tool.

How was the initial setup?

I was involved in the POC several years ago. It was like a lab test. After we tested that for several months, we rolled out the official one. At that point, I was just helping them test as they tried out the product. I didn't actually install the software.

The setup seemed pretty straightforward. There were clear instructions on how we just needed to create service principles with specific permissions and then grant Prisma the credentials for the service. I think they only had about five people maintaining the Prisma environment, and each was responsible for bits and pieces of it.

What was our ROI?

I believe the company saw a return using Prisma.

What's my experience with pricing, setup cost, and licensing?

I know that the guys who handled the pricing said Prisma was costly, but I don't know how that compares to other products.

Which other solutions did I evaluate?

I know the team evaluated other options, but I wasn't involved.

What other advice do I have?

I rate Prisma Cloud an eight out of ten. Having one place to go for all of your security alerts and notifications makes it easier to solve issues than going to each vendor's security tool.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Senior Security Analyst at a tech services company with 1,001-5,000 employees
Real User
Top 20
Helps us detect misconfigurations in the cloud and assists with improving our security posture
Pros and Cons
  • "The CSPM and CWPP functionalities are pretty good."
  • "This solution is more AWS and Azure-centric. It needs to be more specific on the GCP side, which they are working on."

What is our primary use case?

We use this solution to detect misconfigurations in the cloud. It's a multi-cloud solution, so if you're running a multi-cloud environment like Azure, AWS, and GCP, you only need to deploy a single solution. It assists with improving the security posture of an organization.

I use CSPM and CWPP. The previous organization I worked for used both, but the company I work for now only uses CSPM. I've also worked with code security.

We recently acquired this solution, so it has slowly started gaining momentum in my organization.

How has it helped my organization?

This solution provides us with a single tool to protect all of our cloud resources and applications without having to manage and reconcile different security and compliance reports. It's a single solution for everything in a multi-cloud environment.

It enhances operations, but it's a pretty measurable tool. It provides comprehensive visibility.

It provides risk clarity at runtime across the entire pipeline and shows issues as they are discovered during the build phases. 

The modules in CSPM and CWPP are visibility, compliance governance, threat detection, data security, host security, container security, serverless security, web application, and API security. This is an additional cost, so I don't think any organization uses all of the modules.

I previously worked for a health organization that was using this solution. They were able to get certified in HITRUST using this product.

Our developers are able to correct issues using the tools they use to code.

What is most valuable?

The CSPM and CWPP functionalities are pretty good. It depends on what kind of data you have in your cloud, your workload, and some other factors. If you're doing a lot of containers, you need CWPP models. If you just do regular cloud contributions, then you can use CSPM.

It provides security spanning multi and hybrid-cloud environments. My current organization's goal is to migrate to the cloud eventually. If that's your organization's goal, you need to have some kind of security mechanism or protection in place to make sure that the resources you're building in the cloud are built for the best security practices and are free of misconfiguration vulnerabilities. 

When we deploy containers in any cloud, the runtime protection is really good. If a container is running any kind of application, it can detect a cryptomining attack. The solution also provides File Integrity Monitoring testing.

It has various models and provides comprehensive visibility. It shows us how our assets are performing in any of our clouds. It gives us a holistic view of our native cloud environment, and we can also fine-tune the policies for our architecture.

The modules help us take a preventative approach to cloud security. Flow Logs provide a real-time assessment of our network.

It recently integrated with another company called Checkov. It checks all the misconfigurations that a developer could make during the build phase. This means that whenever we're building any kind of application or deploying any application, it will detect it right away. We can integrate it into our CI/CD pipeline or with any other Jenkins plugins. I tested those use cases as well. The solution has improved since they integrated the product with Checkov.

It provides good visibility. In terms of controls, it depends on how you want to do it. Sometimes, you need to be specific in terms of controls. With runtime detection, it's going to be more powerful. We're confident that our assets are secure.

The solution is capable of integrating security into our CI/CD pipeline and adding touch points into existing DevOps processes. We don't have the option to leverage it, but I have tested it in my previous organization.

What needs improvement?

This solution is more AWS and Azure-centric. It needs to be more specific on the GCP side, which they are working on.

For how long have I used the solution?

I have been using this solution for about two and a half years.

What do I think about the stability of the solution?

The solution is reliable.

What do I think about the scalability of the solution?

The solution is scalable.

How are customer service and support?

Technical support is very helpful. I would rate them a nine out of ten. We have a weekly cadence.

How would you rate customer service and support?

Positive

How was the initial setup?

The setup was very easy and straightforward. We haven't set up the automation perspective. We're still testing it, so we haven't leveraged it yet.

The setup didn't take very long, but it will be different for every organization. If your cloud architect team is willing to deploy with you, it shouldn't take more than a week. It also depends on how large the organization is and how many subscriptions are in the cloud environment.

We don't need to maintain anything on the console side.

What about the implementation team?

We used an integrator from Palo Alto. They were very good and offered great support.

What's my experience with pricing, setup cost, and licensing?

The solution is pretty expensive. It all depends on the organization's goals and needs.

The cost depends on the pricing model. Compared to other solutions, the cost isn't that bad.

Which other solutions did I evaluate?

I compared the solution to other security products like Fortinet, Lacework, and Security Command Center.

What other advice do I have?

I would rate this solution as eight out of ten. 

Those who want to use this solution, need to understand the concept behind this product and get to know their own environment first. The solution will give you holistic visibility of your assets, which will show you what needs to be fixed. Security comes with an expense, so it depends on what you want to leverage and where.

I'm still testing the automation capabilities because my organization is specific to one cloud. They were more aggressive on Azure and AWS Prisma Cloud, but now they are considering GCP customers as well.

We're still in POC mode for continuous security that comes under runtime protection. I can't 100% guarantee that it reduces runtime alerts.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free Prisma Cloud by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2022
Buyer's Guide
Download our free Prisma Cloud by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.