Prisma Cloud by Palo Alto Networks Reviews

When we started using this tool, the name was Twistlock, it was not Prisma Cloud. We had a container team responsible for modernizing our environment and they created an on-prem solution using Red Hat OpenShift. They started using Twistlock as a way to manage the security of this on-prem environment.

My team, which was the security team, inherited the ownership of the tool to manage all the security problems that it was raising.

When we started using containers on the cloud, our cloud provider was Azure. We also started migrating our security solutions for the cloud, but that was at the end of my time with the company, so I didn't participate much in this cloud process.

We were also sending the logs and alerts to Splunk Cloud. We were managing all the alerts generated by policies and vulnerabilities and the threats from the web. That way, we had a pipeline system sending these alerts to a central location where our investigation team would look at them. So we used the system to manage both cloud and on-prem and connect them.

We had one team that didn't have any security whatsoever. We helped them to add Prisma Cloud to scan their environment. It was a big issue in the company at the time, because they had a huge environment which was not following the security rules of the company. They didn't have any security. Prisma Cloud helped us to start raising alerts and vulnerabilities. That was a successful case because in the timeframe of one to two weeks, we installed the tool and were teaching the team how to manage it, find their vulnerabilities, and how to fix them. We were able to help a team that was totally vulnerable to have a security solution.

Overall, it covered all the stages that we hoped it would cover.

The solution also reduced our runtime alerts. I don't have the exact numbers but I would say it lowered the number of issues by 70 percent. Our strategy was that we started using the tool for some small applications, and then we started using it for other teams. For the small applications, I can't guarantee the reduction was 70 percent because those solutions were managed by the security team which had smart people who were security conscious.

We used the policy features to manage users so that they would not have secrets in their containers. We also used the vulnerabilities, the CVEs, that were being raised by the tool.

The CVEs are valuable because we used to have a tool to scan CVEs, at the language level, for the dependencies that our developers had. What is good about Prisma Cloud is that the CVEs are not only from the software layer, but from all layers: the language, the base image, and you also have CVEs from the host. It covers the full base of security.

The compliance is good because it has a deep view of the container. It can find stuff that only administrators would have access to in our container. It can go deep down into the container and find those policy issues.

We also started looking for the WaaS (Web-Application and API Security) solution, but we didn't implement it during the time I was at the company. We tested it. What's good about the WaaS is that it's almost a miracle feature. You can find SQL injection or cross-site scripting and defend against that by setting up Prisma Cloud and turning on the feature.

Prisma Cloud also provided risk clarity at runtime and across the entire pipeline, showing issues as they were discovered during the build phases. It provided a good rating for how to prioritize a threat, but we also had a way to measure risk in our company that was a little bit different. This was the same with other scanning tools that we had: the risk rating was something that we didn't focus too much on because we had our own way to rate risk. Prisma Cloud's rating was helpful sometimes, but we used our risk measurement more than the tool's.

One problem was identifying Azure Kubernetes Services. We had many teams creating Kubernetes systems without any security whatsoever. It was hard for us to identify Kubernetes because the Prisma Cloud could not identify them. From what I heard from Palo Alto at the time, they were building a new feature to identify those. It was an issue they were already trying to fix.

In addition, when it comes to access for developers, I would like to have more granular settings. For example, in our company we didn't want to display hosts' vulnerabilities to developers, because the infrastructure or containers team was responsible for host vulnerabilities or the containers. The developers were only responsible for the top application layer. We didn't want to provide that data to the developers because A) we thought it was sensitive data and B) because it was data that didn't belong to developers. We didn't want to share it, but I remember having this problem when it came to the granularity of granting permissions. 

They need to make the settings more flexible to fit our internal policies about data. We didn't want developers to see some data, but we wanted them to have access to the console because it was going to help them. One possibility was to develop our own solution for this, using the API. But that would add complexity. The console was clean and beautiful. It has the radar where you can see all the containers. But we just didn't want to show some data. It was a pain to have to set up the access to some languages and some data.

Another thing that was a pain was that in our on-prem environment there was a tool that sometimes generated a temporary container, to be used just for a build, and Prisma would raise some compliance issues for this container that would die shortly. It was hard to suppress these kinds of alerts because it was hard to find a standard or a rule that would fit this scenario. The tool was able manage the whole CI/CD pipeline, including the build as well—even these containers that were temporary for a build—but sometimes it would raise too much unnecessary data.

Also, one of the things that it's hard to understand sometimes is how to fix an issue. We managed to do so by testing things ourselves because we are developers. But a little bit of explanation about how to fix something would help. It was more showing what the problem was than it did about how to fix it.

I used Prisma Cloud by Palo Alto Networks for about a year and a half.

It's pretty much stable, as much as containers are stable. It is more about the container solution itself, or how Kubernetes is managed and the state of health of the containers. As Prisma is a container solution itself, it was as good as the Kubernetes environment could make it. 

I don't know about the Prisma Cloud SaaS solution because we didn't use it, but the on-prem solution was as reliable as our Kubernetes system was. It was really reliable.

It's pretty scalable because of the API. I liked how simple the console was and how simple the API was. There was no complexity; it was straightforward. The API documentation was also very good so it was pretty easy to scale. You could automate pretty much everything. You could automate the certificate information, you could automate the access for developers, and a lot of other stuff. It was a pretty modern solution. Using APIs and containers, it was pretty scalable.

We used their technical support many times and it was very good. The engineers there helped us a lot. They were engaged and interested in helping, and they were polite and they were fast. When we raised an issue to high priority, they answered faster. I would rate their support at five out of five.

Prisma Cloud was the only solution we had for container security. We had other tools such as SAST and DAST tools, as well as open source management tools. Those intersected somewhat with what Prisma does, but Prisma had access to the whole environment, so it's a little bit different.

We used the API from Prisma Cloud. We had a Jenkins pipeline with a lot of scripts to automate the installation of Prisma Cloud and the patching updates as well.

In our company, the security team had about 10 people, but only two were responsible for Prisma Cloud. As I mentioned, we inherited ownership of it from the containers team. In the containers team, we had a guy who was our main contact and who helped us. For example, when we needed to access a certain environment, he had to manage access so that it could have privileged access to do what it needed to do in the container environment. So overall, there were three people involved with it.

We used Prisma Cloud extensively. We used it across the whole on-prem environment and partially on cloud. We were at around 10 or 20 percent of the cloud. I think that nowadays they have probably reached much more than that, because we were just beginning on the cloud at the time.

Smaller companies should probably use the SaaS. I know that Azure and the cloud providers already have different ways to use tools in an easy manner so that you don't need to manage the infrastructure. So smaller companies should look into that. The infrastructure solution would be more for big companies, but I would recommend the solution for big companies. I would also recommend it for small companies. In terms of budget, sometimes it's hard to prioritize what's more important, but Prisma fits into different budget levels, so even if you have a small environment you can use Prisma's SaaS solution.

I was pretty satisfied with it. My impression of Prisma Cloud was pretty good. It's an amazing tool. It gives the whole view of your container environment and connection with multiple platforms, such as Splunk. It is a good solution. If I had my own company and a container environment, I would use it. It can fit a huge container environment with a lot of hosts, but it can also fit a small container environment. Azure also provides built-in solutions to install Prisma in your application. So there are different solutions for various container environments. The company I was in had huge container environments to monitor, on-prem and in the cloud, and the tool fit really well. But the tool also fits small environments.

We primarily use Prisma Cloud as a cloud security posture management (CSPM) module. Prisma Cloud is designed to catch vulnerabilities at the config level and capture everything on a cloud workload, so we mainly use it to identify any posture management issues that we are having in our cloud workloads. We also use it as an enterprise antivirus solution, so it's a kind of endpoint security solution.

Our setup is hybrid. We use SaaS also. We mostly work in AWS but we have customers who work with GCP and Azure as well. About 60 percent of our customers use AWS, 30 percent use Azure, and the remaining 10 percent are on GCP. Prisma Cloud covers the full scope. And for XDR, we have an info technology solution that we use for the Gulf cloud. So we have the EDF solution rolled out to approximately around 500 instances right now.  

Prisma Cloud is used heavily in our all production teams. Some might not be directly using the product since our team is the service owner and we manage Prisma. Our team has around 10 members teams, and they are the primary users. From an engineering aspect, there are another 10 team members who use it basically. Those are the actual people who work hands-on with Prisma Cloud. Aside from that, there are some product teams that use Prisma indirectly. If we detect something wrong with their products, we take care of it, but I don't think they have an active account on Prisma Cloud.

Prisma Cloud has been helpful from a security operations perspective. When a new product is getting onboarded or we are creating a new product — specifically when we need to create a new peripheral— it's inevitable that there will be a kind of vulnerability due to posture management. Everything we produce goes through via CICD, and it's kind of automated. Still, there are some scenarios where we see some gaps. So we can discover where those gaps exist, like if someone left an open port or an instance got compromised. 

These kinds of situations are really crucial for us,  and Prisma Cloud handles them really well. We know ahead of time if a particular posture is bad and we have several accounts in the same posture. Prisma gives us a deep dive with statistics and metrics, so we know which accounts are doing bad in terms of posture, how many accounts are out of alignment with the policy strategy, how many are not compliant. Also, it helps us identify who might be doing something shady. 

So we get some good functionality overall in that dashboard. Their dashboard is not customizable, however, so that's a feature we'd like to say. At the same time, what they do provide on their dashboard is pretty helpful. It enables us to make the posture management more mature. We're able to protect against or eliminate some potential incidents that could have happened if we didn't have Prisma. 

Prisma Cloud is quite simple to use. The web GUI is powerful. Prisma Cloud scans the overall architecture of the AWS network to identify open ports and other vulnerabilities, then highlights them. It's really good at managing compliance. We get out-of-the-box policies for SOC 2, Fedramp, and other compliance solutions, so we do not need to tune most of the rules because they are quite compliant, useful, and don't get too many false positives. 

And in terms of Prisma Cloud's XDR solution, we do not have anything at scope at present that can give us the same in-depth visibility on the endpoint level. So if something goes bad on the endpoint, Prisma's XDR solutions can really go deep down to identify which process is doing malicious activity, what was the network connection, how many times it has been opened, and who is using that kind of solution or that kind of process. So it's a long chain and its graphical representation is also very good. We feel like we have power in our hands. We have full visibility about what is happening on an endpoint level. 

When it comes to securing new SaaS applications, Prism Cloud is good. If I had to rate it, I would say seven out of 10. It gives us really good visibility. In the cloud, if you do not know what you are working with or you do not have full visibility, you cannot protect it. It's a good solution at least to cover CSPM. We have other tools also like Qualys that take care of the vulnerability management on the A-level staff — in the operating system working staff — but when it comes to the configuration level, Prisma is the best fit for us. 

Prisma Cloud's dashboards should be customizable. That's very important. Other similar solutions are more elastic so you have the power to create customized dashboards. In Prisma Cloud, you cannot do that. Prisma also should allow users to fully automate the workflow of an identified set. Right now, it can give us a hint about what has happened and there is an option to remediate that, but for some reason, that doesn't work. 

Another pain point is integration with ticketing solutions. We need bidirectional integration of Prisma Cloud and our ticketing tool. Currently, we only have one-way integration. When an alert appears in Prisma Cloud, it shows up in our ticketing tool as well. But if someone closes that ticket in our ticketing tool, that alert doesn't resolve in Prisma Cloud. We have to do it manually each time, which is a waste of time. 

 I am not sure how much Prisma Cloud protects against zero-day threats. Those kinds of threats really work in different kinds of patterns, like identify some kind of CBE, that kind of stuff. But considering the way it works for us, I don't think it'll be able to capture a zero-day threat if it is a vulnerability because Prisma Cloud actually doesn't capture vulnerability. It captures errors in posture management. That's a different thing. I don't know if there is any zero-day that Prisma can identify in AWS instantly. Probably, we can ask them to create a custom policy, but that generally takes time. We haven't seen that kind of scenario where we actually have to handle a zero-day threat with Prisma Cloud, because that gets covered mostly by Qualys.

I've been using Prisma Cloud for almost two years now.

Prisma Cloud is quite stable. At times, it goes down, but that's very rare. We have some tickets with them, but when we see some issues, they sort it out in no time. We do not have a lot of unplanned downtime. It happens rarely. So I think in the last year, we haven't seen anything like that.

Prisma Cloud is quite scalable. In our current licensing model, we're able to heavily extend our cloud workload and onboard a lot of customers. It really helps, and it is on par with other solutions.

I think Prisma Cloud's support is quite good. I would rate them seven out of 10 overall. They have changed their teams. The last team was comparatively not as good as the one we have right now. I would rate them five out of 10, but they have improved a lot. The new team is quite helpful. When we have an issue, they take care of it personally if we do not get an answer within the terms of the SLA. We tend to escalate to them and get a prompt answer. The relationship between our management and their team is quite good as well. .

We have a biweekly or weekly call with their tech support team. We are in constant communication about issues and operating problems with them. It's kind of a collab call with their tech support team, and we have, I think, a monthly call with them as well. So whenever we have issues, we have direct access to their support portal. We create tickets and discuss issues on the call weekly.

Transitioning to the new support team was relatively easy. They switched because of the internal structure and the way they work. Most of the engineering folks work out of Dublin and we are in India. The previous team was from the western time zone. That complicated things in terms of scheduling. So I think the current team is right now in Ireland and it's in the UK time zone. That works best for us. 

We have an engineering team that does the implementation for us, and our team specifically handles the operations once that product is set up for us. And then that product is handed over to us for the daily BA stuff accessing the security, the CSPM kind of module. We are not involved directly. When the product gets onboarded, it's handed over to us. We handle the management side, like if you need to create a new rule or you need to find teams for the rule. But the initial implementation is handled by our engineers.

I would rate Prisma Cloud six out 10. I would recommend it if you are using AWS or anything like that. It's quite a tool and I'm impressed with how they have been improving and onboarding new features in the past one and a half years. If you have the proper logging system and can implement it properly within your architecture, it can work really well.

If you are weighing Prisma Cloud versus some CASB solution, I would say that it depends on your use case. CASBs are a different kind of approach. When someone is already using a CASB solution, that's quite a mature setup while CSPM is another side of handling security. So if someone has CASB in place and feels they don't need CSPM, then that might be true for a particular use case at a particular point in time. But also we need to think of the current use case and the level of maturity at a given point in time and consider whether the security is enough.

We use Prisma Cloud in several ways and there are a lot of use cases. The first way that we use it is for inventory. It keeps a near real-time inventory of virtual compute storage and services. Second, we use it for monitoring and alerting of misconfigurations or other items of security significance. Next is compliance. We use it to monitor compliance with the centers for internet security (CIS) benchmarks.

Prism provides security that spans multi/hybrid-cloud environments. We have it configured to watch for compliance in AWS, the Google Cloud Platform, and very soon, Azure as well. This is important to us because our risk management organization mandated the fact that we would maintain this overwatch capability in any of our clouds that have virtual compute storage or workloads.

Prism's comprehensiveness for protecting the full cloud-native stack is excellent.

The comprehensiveness of the cloud-native development lifecycles is excellent. For us, the deploy functionality is not applicable but the build and run capabilities are. It positively affects our operations and gives us optics that we wouldn't otherwise have, at the speed of the cloud.

Prisma provides the visibility and control that we need, regardless of how complex our environments are. This very much boosts our confidence in our security and compliance postures. It's also been deemed acceptable as a sufficient presence and efficacy of control by our internal auditors and external regulators alike.

This solution has enabled us to integrate security into our CI/CD pipelines and add touchpoints as a control stop in the release chain. The touchpoints are seamless and very natural to our automation.

Prism Cloud is a single tool that we can use to protect all of our cloud resources without having to manage and reconcile several security and compliance reports. It unifies and simplifies the overall operations.

Using this tool provides us with risk clarity across the entire pipeline because we use it as a pre-deployment control, ensuring that the run state is known and the risk posture is known at runtime. Our developers use this information to correct issues using our tools for YAML, JSON, CloudFormation templates, and Terraform.

Prisma does so much pre-screening that it limits the number of runtime alerts we get. This is because those pre-deployment code controls are known before the run state.

The investigations capabilities enhance our process and lower incident response and threat detection time. However, it is an enabler and it is run in parallel with our SIEM, which is Splunk. Most of what we're going to do, investigation-wise, is going to be in Splunk, simply because there's better domain knowledge about the use of that tool in Splunk's query language.

The most valuable feature is the continuous cloud compliance monitoring and alerting. The way Prisma works is that it has a tentacle from Palo Alto's AWS presence into ours. That tentacle is an application program interface, an API, a listener. That listener goes in and is entitled to look at all of the Amazon Web Services' logging facilities. It can then do event correlation, and it can tattletale on misconfigurations such as an S3 storage bucket made publicly available. We wouldn't otherwise be aware of that if Prisma didn't watch for it and alert on it.

Prism provides cloud workload protection and cloud network security in a single pane of glass, and these items are very important to us. It also provides cloud infrastructure entitlement management but identity and access management is not something that we use Prisma for. We implemented a PoC but we opted to use another tool for that use case.

The security automation capabilities provided by this product are excellent and industry-leading. Palo Alto bought a company called Twistlock, which makes a pre-deployment code scanner. They added its functionality to the feature set of Prisma in the form of this compute module. Now, we're able to use the Twistlock capability in our automation, which includes our toolchains and pipelines.

This tool provides excellent features for preventative cloud security. We use all of the auto-remediation capabilities that Prisma offers out of the box. That "see something, do something" auto-remediation capability within Prisma keeps our human responders from having to do anything. It's automated, meaning that if it sees something, it will right the wrong because it has the entitlement to do that with its Prisma auto-remediation role. It's great labor savings and also closes off things much quicker than a human could.

Palo just keeps bolting on valuable features. They just show up in the console, and they have their little question mark, down in the lower right-hand corner, that shows what's new, and what's changed for August or September. They just keep pouring value into the tool and not charging us for it. We like that.

We would like to have the detections be more contemporaneous. For example, we've seen detections of an overprivileged user or whatever it might be in any of the hundreds of Prisma policies, where there are 50 minutes of latency between the event and the alert. We'd always want that to be as quick as possible, and this is going to be true for every customer.

The billing function, with the credits and the by-workload-licensing and billing, is something that is a little wonky and can be improved.

We began using Prisma Cloud in October or November 2018, when it was still known as RedLock.

Stability-wise, it has been perfect.

The scalability is excellent. Palo keeps adding cloud support, such as for Alibaba, Oracle, and others.

We have approximately 5,500 employees. Our deployment is all-encompassing overwatch to all of our AWS accounts, of which there are 66. We also have two or three different folders within GCP.

We do have plans to increase our usage. This includes using it for more of its capabilities. For example, there is a workload protection link that we haven't fully embraced. There are also some network security features and some dashboarding and geo-mapping capabilities that we could make better use of.

The technical support is excellent. We have premium support with Palo Alto and I never have any critique for the quality or speed of support.

We have used this solution from the outset of our cloud journey. It began with Evident.io, then it became RedLock, and then it became Prisma Cloud.

The initial setup is very straightforward. We did it several times.

The first one was deployed to AWS, which probably took about an hour. Years later, as we adopted the Google Cloud, it was configured in probably half an hour.

Palo provides the necessary setup instructions and you can't go wrong, as long as you have the role entitlement set up for Prisma. The handshake only takes about an hour.

Our deployment was done entirely in-house.

We have three people, full-time, who are responsible for the maintenance. Their roles are policy management, meaning these are the rule sets. It's called RQL, the RedLock query language, the out-of-the-box policies that are ever dynamic. When there's a new policy, we have to go in and rationalize that with our cyber organization.

We have to scrutinize the risk rating that's put on it by Palo. We have to realize when we're going to turn it on and turn it off. Also, we have to consider the resulting incident response procedures associated with the alert happening.

One metric that would be meaningful in this regard is that our company has had no cloud-based compromise. 

You can expect a premium price because it is a premium quality product by a leading supplier.

We are a strategic partner with Palo Alto, meaning that we use all of their solutions. For example, we use their NG firewalls, WildFire, Panorama, Prisma, and all of their stuff. Because Prisma was an add-on for us, we get good pricing on it.

There are costs in addition to the standard licensing fees. The credits consumption billing model is new and we're going to be using more of the features. As we embrace further and we start to use these workload security protections, those come at an incremental cost. So, I would say that our utilization, and thus the cost, would trend up as it has in the past.

We evaluated several other products such as DivvyCloud, Dome9, and a product by Sophos.

We did a full comparison matrix and rationalization of each of the capabilities. Our sister company was using DivvyCloud at the time and as we do from time to time, we conferred with them about what their likes and dislikes were. They were moderately pleased with it but ultimately, we ended up going with Palo Alto.

My advice for anybody who is considering this product is to give it a good look. Give it a good cost-balance rationalization versus the cost of a compromise or breach, because it's your defense mechanism against exposure.

I would rate this solution a ten out of ten.

We use it for compliance management and policy detection, especially for hybrid clouds.

If you have just one or two clouds the detection policy provided by the cloud provider is sufficient. But if you have more than two clouds, a tool like Prisma Cloud is required because you want to go to one place and do things once. The value of a solution like this is that when you have multiple cloud providers, it plays a vital role in security posture management, security detection management, and alert management.

The solution also enables us to make security alerts and security risks visible to our tenants, as we have a common dashboard. In addition, it helps us to improve knowledge of the environment by allowing people, and not just the central team, to always access the data and to see what the security posture looks like. It gives us a central location to see what the security posture is like for multiple cloud providers.

Prisma Cloud also provides the visibility and control you need, regardless of how complex or distributed your cloud environments become. It helps to simplify that complexity. Now we know what the best practices are, and if something is missing we know.

It also helps us to confidently certify compliance for a customer. The reports it provides become a basis for compliance certification. It gives us a single tool to protect all of our cloud resources and applications without having to manage and reconcile disparate security and compliance reports.

In addition, by using the Prisma Cloud 2.0 Cloud Security Posture Management features, our security teams get alerts with the context to know which situations are the most critical. That helps because we have visibility without having to log in to multiple cloud providers. It gives us one simple way to look at all the three cloud provider policies. Those alerts provide us with a good place to start. Our teams get all the data they need to pinpoint the root cause.

Prisma Cloud provides security spanning multi- and hybrid-cloud environments. That is very important when you have a multi-cloud environment because it gives you a single pane of glass for all of them.

In that single pane of glass it gives you Cloud Security Posture Management, Cloud Workload Protection, and Cloud Infrastructure Entitlement Management, and the vast majority of Cloud Network Security. Without this kind of tool, you would have to go through the three cloud providers and do the mappings for each one. It would be a huge amount of mapping and cross-referencing work, but that work is already done with this solution. Not just the referencing work is done, but it also does the monitoring and scheduling. And a given workload that needs to be compliant with the requirements of a certain country or with your business will be compliant, based on the regionality. Visibility and monitoring are things that are required and Prisma Cloud provides them.

It provides mapping for all compliances so that you do not have to do it. Mapping policies to different compliances can be tricky but it's also a good thing. And you can reuse it as-is. You do not have to do anything. It also provides mapping to the compliance history.

And when it comes to detection, it allows you to write policies that are not just based on compliance but also on your cloud security controls. It allows you to write customizations. It is also the sort of tool in which customization of alerts, notifications, and cloud posture management is possible.

In addition, Prisma Cloud gives you visibility over all of your policies. I know that it can do auto-collection, but I have not seen that implemented by anyone because auto-collection requires organizational maturity, but that lack of implementation is not due to tool immaturity.

And it is a perfect tool, in terms of security policy detection, when it comes to the comprehensiveness of the solution for protecting the full, cloud-native stack. It's very effective.

Another great feature of Prisma Cloud is its integration with Jira and ServiceNow. With those integrations, you do not have to manually intervene. If you do an integration, alerts can be assigned to the respective group, using Jira and ServiceNow. That definitely helps in reducing a good amount of work.

It also provides integration with Agile tools, and that is a great thing. It integrates security into the CI/CD pipeline for container workloads. (We have not used it for non-container workloads, but that's not an issue with the tool). The touchpoints in our DevOps processes are just API calls, making the integration very easy and very smooth.

Developers are able to correct issues using the tools they use to code. The way we have it set up, it's a process of reverse engineering. When an alert comes up it is used to see what was detected and how that can be converted into a preventive policy. That feedback loop is manual, but that input helps to turn the policy into a preventive one. Prisma Cloud has helped to reduce runtime alerts by about 30 percent because we are converting everything into preventive policies. And because it gives you an idea of what needs to be done, it has reduced alert investigation times by 30 to 40 percent.

There is some work to be done on preventive security policies. I would give the existing preventive approach a seven out of 10. I'm sure they will be doing something in this area.

In terms of securing cloud-native development at build time, a lot of improvement is needed. Currently, it's more a runtime solution than a build-time solution. For runtime, I would rate it at seven out of 10, but for build-time there is a lot of work to be done.

Another area for improvement is support for OPA (Open Policy Agent) rather than the proprietary language. Nowadays, people mix things, but you don't want to write a policy in different languages.

I have been using Prisma Cloud by Palo Alto for almost two years.

We haven't seen any issues with the stability of the solution in the last two years. It's good, with no problems at all.

As for the scalability, we haven't seen any issues. We are not cloud-busting, but so far, so good.

We want to extend the solution more in the container world and have more service automation. Those are scenarios we have not gotten to yet.

I am happy with Palo Alto's technical support. It has been good.

Positive

Before Palo Alto, we used the cloud providers' native tools. We switched because, while the native tools were great, managing three different cloud provider portals was not ideal. We needed some centralization and customization.

The initial deployment was a simple and automated process. It was good. It took four or five hours per cloud provider. We use it with AWS, Azure, GCP, and Oracle. There was some strategy involved in the implementation because there are differences among the cloud providers. For example, in AWS you have a Control Tower. A good strategy reduces manual intervention, but it's a SaaS solution so we did not have to do much.

We don't need any staff members to maintain the solution but we do need people to write the custom policies and to make sure that someone is there to take action when there are alerts. We have three staff members involved because writing the policies is not easy. One of the guys is responsible for policy writing, one of the guys is responsible for communication and checking the portal to make sure we communicate with people, and the other guy is helping them both with whatever tasks they need help with.

We tried a few other options but once we looked at Prisma Cloud we decided it was a better option.

The advantage of Prisma Cloud was its support for all the cloud providers and its automation. The ease of automation was one of our selection criteria. Cost was another consideration. While Prisma Cloud is not cheap, it's in the medium range. But if an organization is already using Palo Alto, they can negotiate a good price.

It makes sense for a smaller company to use the native cloud tools, but for a large organization it makes sense to have a tool like Prisma Cloud with centralized information, especially for security.

We are using the solution to manage vulnerabilities in containers. We use it to detect vulnerabilities and remediate vulnerabilities found in containers running in the public cloud, like AWS.

We are using the latest version.

It helps us in detecting our vulnerabilities and protecting our security posture. It also provides automated remedies. We don't see this as a preventative measure, but it helps us in timely detection and remediation of our problems. This means we will not be exploited and made vulnerable to bad actors.

Prisma Cloud provides the visibility and control that we need, regardless of how complex or distributed our cloud environments become, which is very nice. We have an extremely distributed system. Prisma Cloud provides good visibility across the distribution of our system. This definitely adds to our confidence. At any single point of time, we can see our entire cloud posture across our environment, which definitely helps and gives us more confidence to use this product.

It has definitely worked. It has improved the overall collaboration between SecOps and DevOps. Now, instead of asking people to do something, it is a default offering in the CI/CD. There is less manual intervention and more seamless integration. It is why we don't have many dependencies across many teams, which is definitely a better state. 

We have only used two of its features: vulnerability scanning and compliance. We found that the vulnerability scanning has been the most useful feature so far. It has good detection capabilities that we have been able to integrate with our CI/CD pipeline.

The solution provides the following in a single pane of glass: Cloud Workload Protection and Cloud Network Security. These are very important features because they represent some of the basic security requirements that we have to harden our infrastructure. These are non-negotiable requirements. They form some of the basic building blocks for our entire security infrastructure, which is why they are required.

Areas like the deployment of their defenders and their central control need manual intervention. They should focus more on automation. They have a very generic case for small companies. However, for bigger companies to work, we have to do a lot of changes to our system to accommodate it. Therefore, they should change their system or deployment models so it can be easy to integrate into existing architectures.

Prisma Cloud has enabled us to integrate security into our CI/CD pipeline and add touchpoints into existing DevOps processes. It is not 100 percent seamless since we still need to do some manual interventions. Because the way that we have designed our CI/CD for Prisma Cloud, the integration was neither smooth nor was it 100 percent seamless.

I have been using it for a year.

We had some initial hiccups. Wherein, if the number of defenders increased beyond a point, we started seeing some scalable alerts and concerns. Over time they fixed it, and it is better now.

It is scalable only to a particular number. Up to 10,000 defenders connecting to the console for small- to medium-sized companies is the perfect fit.

Prisma Cloud provides security spanning multi- and hybrid-cloud environments. This is very important because we want our solutions to scale with us. We should be able to operate in all public clouds.

We have plans to increase usage. We will be using it extensively.

The service was okay. It was an average experience. I would rate them as seven out of 10.

They respond to our needs on time. Technically, they are sound. 

Neutral

We didn't use another solution previously.

We wanted a non-SaaS, in-house solution.

The initial setup was a bit challenging, but that is typical with any big company. It took some discussions and collaborations to get them at par to onboard us.

The deployment took three to four months.

We followed our standard CI/CD process. Defenders were deployed into the cloud through our public cloud deployment channels using CI/CD. In order to accommodate their containers, we had to make some changes

Our management is happy, so I think that they are happy with what they are paying for it.

Prisma Cloud provides risk clarity across the entire pipeline, showing issues as they are resolved. It has expedited our operations, which are definitely better. We have been able to detect things faster and remedy them faster. 

Investigation time has definitely shortened because we now know things immediately. It has generally increased the detection and alerting time.

We also evaluated Aqua Security.

Focus on operationalizing the service. Don't just keep focusing on features, but also how you will deploy the solution and how it will be part of your entire CI/CD pipeline, then how will you manage all the features and the long-term running of this service. This is where you should start your focus. You can only use the features if you are doing a seamless integration, so focus your requirements on running, maintaining, and continuous use of it.

The comprehensiveness of the solution is good for securing the entire cloud-native development lifecycle, across build, deploy, and run. There is room for improvement, but it is better than other solutions. It is somewhere between seven to eight out of 10, in terms of its comprehensiveness. It doesn't affect our operations that much because we have some long-term goals and we are hoping that this solution will also deliver in that time. For the long term future, we made some changes to our design to accommodate these things.

I would rate the solution as eight out of 10.

When we did a POC, we realized that this product was able to give us insights into how consumers or services are activated. We could tell if, in certain cases, there was any kind of manual issues such as a misconfiguration. The solution is used to help us to reconfigure items and figure out what reconfiguration needs to be done, et cetera. Our target was to enhance the security portion of our AWS cloud.

The security features are quite good. 

The monitoring part is excellent. It is able to completely monitor our users in order to see what the users are doing at what time and if the users are currently logged in from India, and after five minutes of seeing a user if they are then trying to log in from Singapore, for example. Of course, this would not be possible, and so we would know something was wrong. It can pick up questionable behavior that may have been missed.

The reporting is great.

It's very user-friendly. You can easily make customized dashboards as well. 

We can easily restrict the users if we need to. We can even restrict them from accessing certain applications or services.

If anything tries to come in from a malicious IP, it will block it.

The initial setup is easy. 

We've found the solution to be stable and reliable. 

The solution does offer pretty good integration options.

Technical support is quite helpful.

The remediation part could be better. It should be able to automatically remediate on the basis of its artificial intelligence. If there are alerts, it should directly act and surround the malicious threat with a container or something. Instead of waiting on approval, it should immediately act. There should be no need for manual input when there is a threat on hand.

The ability to scale is limited as it is a SAS product. 

The licensing is a bit confusing.

We've used the solution for a while. Previously, it was RedLock Solutions and we were using it since it was known as RedLock. That's around let's say two years now. Then, Palo Alto bought it, and we now use it under the new name.

The stability and reliability are excellent. There are no bugs or glitches. It does not crash or freeze. it's great.

The scalability isn't infinite. It's limited.

That said, we haven't really tested it as we haven't added any users or anything into the solution yet.

We have found the technical support to be helpful and responsive. Originally, when we needed assistance with integrating it into our AWS cloud, we contact them and they helped us immediately. It was a very positive experience. We were very satisfied. 

The initial setup is very easy. It's not overly complex. A company should be able to handle it without any issues. 

We pay a licensing fee on a yearly basis.

It is not costly. However, the way it is priced is based on the number of incentives. The problem is, what is the number of incentives? We don't know. They seem to do it by the number of workloads, however, we're unclear as to what defines a workload. They need to improve on the licensing front. They need to be more clear about the whole thing.

I've never evaluated any other services.

We are Palo Alto partners.

I'd advise that companies that get big and have a lot of servers or critical applications in their cloud invest in this solution.

I would rate the solution at a nine out of ten.

Our primary use case is to certify blueprints. We are helping both on the CSPM and the CWPP parts of it. We monitor the compute infrastructure and certify the project.

CACS for CSPM, we certify against the NIST 800-53 compliance standard.

For the compliance part, we have found the pie graph, where we can see all of the compliance standards in one go, to be a valuable feature.

Prisma Cloud's monitoring features such as the compute compliance dashboard and the vulnerability dashboard, where we can get a clear visualization of their docker, have also been valuable. We can get layer-by-layer information that helps us see exactly where it's noncompliant. They update the dashboards quite frequently.

Their data security feature is quite good as well.

Their training modules are good, and my team is okay with them.

Microsegmentation still needs improvement.

For data security, they have only specific regions like the US, and they need to move to Asia as well.

The most important thing has to do with the computing, licensing, and costing. They charge seven workloads for monitoring one compute, and that is quite expensive. This makes it difficult to move fully with the compute part because of the workload.

Their training modules need to have more live examples. We need to refer to the YouTube channel or follow Palo Alto to get the reference. If they can refer to the YouTube channel in their training and indicate that it can be referred to for further information, it would be good.

On their portal, they do not have which services are available in each region. While searching, it's very hard to find in which location a service is enabled. So, it would be great to have a list of services for each region.

I've been using Prisma Cloud for eight months. It is a SaaS solution.

It's stable as of now; it has not been down in the last eight months.

It is scalable as of now. We have 20 VMs.

Technical support is good. From what I've observed though, different regions seem to have different SMEs, subject matter experts, and different people have different knowledge. So, there is definitely a gap between the different SMEs.

We were using AWS products.

We switched because of twist lock for compute security. The Prisma Cloud dashboard is powerful, and it gives you at-a-glance compliance security against many standards. We can also write our own custom policies if we want to build our own standard. So, there are lots of benefits with Prisma Cloud.

It's a SaaS, so the initial setup is pretty straight forward. We are still onboarding, and most of the customers are in the dev environment as of now and not production. So, it was quite smooth. They have their contributions filed on the portal, the cloud formation templates.

The licensing cost is a bit high on the compute side. We get a corporate discount, which helps reduce overall cost. In some cases, you may need to have two licenses to onboard a project, which would make it expensive.

If your specialization involves blueprint certification against a compliance standard, then you can go with Prisma Cloud. It is very powerful for data loss prevention, and I would rate it at seven on a scale from one to ten.