Prisma Cloud by Palo Alto Networks Reviews

We use it to manage multiple AWS accounts within our platform. Our primary focus is on ensuring compliance across all accounts, aligning with specific standards such as GDPR. We conduct regular certifications of AWS accounts to assess the compliance of services and promptly address any non-compliance issues. In cases where services are found to be non-compliant, we notify the responsible teams and work collaboratively to remediate the identified alerts. In addition to code security, we also use Prisma Cloud to protect our workloads, including serverless functions and containers. This comprehensive approach ensures a robust security posture for our cloud infrastructure and applications.

It serves as a comprehensive solution for both proactive vulnerability management and reactive runtime threat detection.

We manage this tool through a designated management account, handling all configurations within a limited account. At times, we find it necessary to customize scripts, such as when we encounter challenges with integrating Splunk. In this instance, the events are not being formatted as desired. To address this, we aim to create a script and Lambda functions to ensure the events are in the preferred format. It enhances our ability to respond effectively, allowing us to prioritize and focus on resolving any real or potential issues impacting system performance.

It offers security scanning capabilities for multi and hybrid-cloud environments. Currently, we support two clients, each with multiple sub-clients. Within these clients, we manage two DNS instances—one in the US region and the other in the UK region.

The comprehensiveness of the security features in Prisma Cloud is highly commendable. Occasionally, like any product, we encounter issues, and during such instances, we receive prompt and quality support from AWS. The collaborative nature of addressing and resolving issues enhances the overall convenience and effectiveness of using Prisma Cloud for our cloud production environment.

To proactively address cloud security, this tool has been instrumental. We've designed it as an offering for our sales department, enhancing our ability to cater to customer needs. Currently, our focus is primarily on container security, encompassing AWS, GCP, and Azure. This tool effectively identifies and manages vulnerabilities and compliance issues related to containers.

It offers the visibility and control we require, adapting seamlessly to the complexity and distribution of our cloud environment. With the Access Controller system, we can define multiple roles, granting specific access to workload environments, vulnerabilities, and compliance information. Leveraging these features, we efficiently manage access across our teams. This includes utilizing group connections to organize and simplify access, reducing the complexity associated with console and account access in our cloud environment.

It provided a strong confidence in the overall security and compliance posture of our workload.

It has empowered us to seamlessly integrate security into our CI/CD pipeline and align it with existing DevOps processes. Within our Jenkins pipeline, we leverage Checkmarx integration to conduct scans on our code repositories and jobs running through the pipeline. The introduction of numerous features with Prisma Cloud has significantly enhanced our security measures. While we haven't fully explored these features in the US region, as they are still in progress, we look forward to utilizing them once they go live in our pipeline.

It provides clear insights into runtime risks throughout the entire pipeline, presenting issues as they are uncovered during the build phase. This dual functionality includes both fixing and addressing runtime concerns. Within our categorized runtime alerts, we receive numerous notifications, acknowledging that some may be false positives. However, this abundance of alerts serves as a proactive measure to identify and investigate any suspicious activities occurring at runtime. We analyze each alert to determine its relevance and, if necessary, proceed with incident response actions. It ensures that legitimate issues are addressed promptly, while also minimizing the risk of overlooking potential threats.

To minimize runtime alerts, we have the flexibility to create custom rules, allowing us to bypass specific alerts that we are confident are expected and should not appear in our console. This customization is crucial for maintaining a streamlined team environment and ensuring our business operations are not unnecessarily disrupted.

It has significantly reduced the time spent on alert investigations, thanks to its built-in investigate feature. It allows us to efficiently query only the relevant alerts, enabling us to filter based on our release criteria. This streamlined approach has resulted in a notable reduction of about twenty to thirty percent in investigation times.

I find the code security feature in Prisma Cloud particularly valuable. It provides insights into potential vulnerabilities in our code, helping us identify and rectify issues before they can be exploited. Additionally, the emphasis on container security is notable, making it a key focal point within Prisma Cloud.

The security automation capabilities of the solution are quite effective. With numerous automated features, such as investigation acquisition, we can utilize queries to analyze our environment and review past activities. The overall automated functionality is impressive—we no longer need to create templates from scratch, as they are already available. It streamlines our processes, making it a notable and beneficial aspect of the product, particularly when a substantial portion of tasks are automated.

The solution's comprehensiveness in securing cloud-native development throughout the entire lifecycle—from build and deploy to run—is noteworthy. Specifically, we leverage the core security features, integrating them with Checkbox, a tool mandated by Prisma Cloud. The integration facilitates Software Composition Analysis scans and checks for license violations.

The standout feature of this tool is its ability to consolidate all the features we typically access from various sources, including AWS. While AWS and other services may require the use of multiple tools, Prisma Cloud excels by offering a comprehensive solution within a single dashboard. This unified approach addresses all our requirements, making it the most advantageous aspect of this tool.

While the code security feature has undergone recent enhancements, there is room for improvement in terms of its cost module. Presently, the pricing structure poses a challenge in convincing our customers to adopt this tool, especially since code security is a critical area of interest for many.

At times, we find certain features missing. In these instances, we engage with our support team, requesting them to submit feature requests on our behalf. Our clients have expressed a need for scanning application vulnerabilities on Windows servers, a feature currently available only for Linux.

We have been working with it for two years.

It provides excellent stability capabilities. I would rate it nine out of ten.

Scalability is a strong aspect; we have never experienced issues with it. It consistently remains highly available. Our clients are large enterprises.

Support is not just good; it's excellent. I find their assistance highly commendable, and I would rate it nine out of ten.

Positive

We previously relied on RapidFile and another tool for vulnerability detection, including analyzing subscription behavior. However, since adopting Prisma Cloud, with its advanced intelligence and machine learning capabilities, we've experienced a significant improvement. It not only efficiently detects vulnerabilities but also provides deep insights into our environment. This proactive understanding of our environment, including its nature, vulnerabilities, and potential threats, has proven to be a valuable aspect of using Prisma Cloud.

We previously used Qualys, a tool known for its diverse features. While Qualys encompassed various functionalities, including container security, I noticed a discrepancy in the vulnerabilities detected by Prisma compared to Qualys. Although Prisma exhibited robust features, there were instances where certain vulnerabilities highlighted by Qualys were not identified by Prisma.

The initial setup was a straightforward process. The team was efficient, accommodating our requests and providing a trial without any cost. The entire process, from requesting the trial to obtaining our tenant, was completed smoothly within a month.

We have a team of around six people in charge of the deployment process. Maintenance is essential. Occasionally, we observe issues with the UI, usually scheduled during weekends. Notifications are provided about the main areas affected, and the tool is temporarily unavailable during this period. Following the maintenance, the tool resumes normal operation.

I find the pricing to be expensive. I would rate it eight out of ten.

I highly recommend this solution, and I suggest anyone interested in it to explore a trial first. Once they see the benefits, they can proceed with full implementation. It enables you to consolidate everything under one control, making it a definite recommendation from my side. Overall, I would rate it nine out of ten.

We used a couple of modules, mostly WAFs. We use it for detection. 

We use it for our modern infrastructure, mostly run on the cloud. We use it to measure the security of cloud-native infrastructure and to calculate the risk of the applications we use and APIs we interact with. We also use it to meet compliance requirements. We have plenty of use cases for this product.

We really wanted to capture all of the information. To make something in-house would be too much engineering work for us. We don't have to bui;d something from scratch; this allows us to use something that is highly accurate.

We're a fintech company and we deal with a bank. Doing certain tasks manually, like logging every node, server, and container, can take six to nine months. However, if you can automate the process, you achieve the same results in a short time span to help ensure product security.

We were using common CBE for general identities.

I personally used the web application API security, WAF for in-line controls. It helps with implementing an additional layer of security to block the attacks and get alerts on vulnerabilities. I am just focusing on that side.

The support is excellent. They'll call us personally and keep us updated. It's some of the best support I've dealt with.

It's great for protecting the full cloud-native stack. Being a security engineer, I have the visibility of the solution on the infrastructure. The tool is doing a good job of automating this process and making it less time-consuming for me. I don't need to handle as many manual tasks.

There are various cloud configurations that can help you gain insights. If a threat is on the portal, it will give you insight into the cloud infrastructure to help you improve the configuration to make it more secure. In terms of threat detection, you can see different kinds of payloads coming to the API. It helps you consider fixes, like adding more validation.

It is very easy for us to generate reports and download the findings while working with the team to resolve issues.

It's good for build, deploy, and run, however, we still need to figure out how to better integrate it. We're still in the early stages of exploring this for CI/CD. 

The solution does provide the visibility and control we need regardless of how complex or distributed your cloud environment becomes. When we were using our core infrastructure previously, we didn't have the visibility, for example, on which APIs we had or were using. Now, there's a better understanding. It's helped us become more confident in our security and compliance posture. If someone comes tomorrow to audit, we can do a fast report and we can pass that over to show to compliance. It would show the risk factors and what we are monitoring. It's the first thing we would go to during an audit, to provide transparency. 

The solution provides a single tool to protect all of our cloud resources and applications without having to manage and reconcile disparate security and compliance details. It's mandatory to have a tool like this to run a fintech in India as we need to have an audit trail in order to be able to submit reports. Operationally, it's helping us stay compliant. 

We are able to enable alerts. We are using it more manually. We can see alerts on Slack. We can configure alerts as we like.

The UI is good, however, they could improve the experience. The animations on the dashboard could be better. They may already be working on an update to improve this.

We'd like to understand better how to automate between the pipeline and CI/CD. There's a bridge needed between DevOps and security. We need to understand the alerts. There seems to be a gap in DevOps that we need to reconcile. 

I've been using the solution for more than six months. 

While running the solution, we have no issues at all. 

We have Prisma installed on Google Cloud, across multiple accounts and environments. We also have data recovery in another region. I'm not sure if that is covered by Prisma. 

It's scalable. It's not difficult. In fact, it's easy. You just need to add agents to the nodes you want. 

Technical support is great. There are two teams. One is always available. Another is creating tickets and looking into issues. Both are quite good. They are eager to support the customer. 

Positive

We were using another product previously. It was called Lacework. The virtual business aspect was a reason we switched. We also wanted to have more functionality and more insight and control into APIs. The visibility was also better with Prisma. 

The deployment was handled by the DevOps team, not the security team, which is the team I am a part of. There was a requirement to install it on every node of the infrastructure. However, my understanding is it did not take too much time. My understanding is that it was easy to install and it was done within 30 minutes to an hour. It was deployed in a very short amount of time. One person was able to deploy it; we didn't need a team. 

There may be some maintenance required. 

I'm not sure of the licensing terms or the exact pricing. 

We did evaluate multiple tools. We knew what we needed the tools to do and we were comparing them all together. We realized that Prisma did a better job and decided to go with them. 

I am a customer and end-user. 

I'm not sure if the product is useful in a multi-cloud environment. I hope it is. We just have the one cloud environment we use it in. That said, we are using it in multiple staging environments. 

We have not enabled the Code Security module. We still need to integrate in that sense with Prisma. We did do the integration with cloud infrastructure. 

For any product you choose, it's good to consider security. I'd recommend Prisma as it offers good security. 

I'd rate the solution eight out of ten. There isn't really anything missing in the product. However, there's always scope for improvement. 

From a business perspective, our clients use Prisma Cloud by Palo Alto Networks to meet compliance and get more visibility into the cloud.

When people start their cloud journey, they do it per their business needs, but eventually, they reach a point where many infrastructures are created. Still, there aren't enough governance factors, so they buy Prisma Cloud by Palo Alto Networks for compliance from a government perspective. They also want to know how much infrastructure has been created and their exact locations, including their vulnerabilities against threats, and get more visibility into those threats and vulnerabilities.

We work with all models of Prisma Cloud by Palo Alto Networks, including data, container, and IM security.

Our clients are medium and enterprise clients, as the solution would take too much effort for small-sized businesses or clients.

What I found most valuable in Prisma Cloud by Palo Alto Networks is the VAS, such as the web application and API security, primarily because the solution goes in tandem with Kubernetes or the containers. This is why I feel that VAS adds a lot of value, mainly because it gives visibility through the application layer and threat detection features.

Another valuable feature of Prisma Cloud by Palo Alto Networks is the CSPM, simply because it's essential to understand what threats you'll face when starting your cloud journey or in the middle of your cloud journey.

The VAS and the CSPM are the most valuable features because they work in tandem to provide users with the required visibility.

A third valuable functionality you can get from the solution is the ability to investigate and build the correlation between the network, IAM, and other configurations. I saw a new level of maturity in this aspect from Prisma Cloud by Palo Alto Networks, which I didn't see from other solutions or vendors.

The solution also provides security for multi and hybrid-cloud environments. You can do AWS, Azure, etc., and even on-premises; wherever Kubernetes is supported, Prisma Cloud by Palo Alto Networks could support it.

Prisma Cloud by Palo Alto Networks also has a preventative approach to cloud security because it acts as a defense through prevention and banning.

I also saw that the solution is comprehensive in securing the entire development cycle, such as in building, deployment, and running, because it provides a dedicated CCS (Cloud Core Security) functionality, which is leverage.

Prisma Cloud by Palo Alto Networks has done great at the identity or ID, filter, VAS, and CCS levels.

Many more aspects can be covered in the cloud, but not all of them are addressed by Prisma Cloud, which can be one area for improvement.

For example, Prisma Cloud covers computing, network layer, identity and access management, and configuration management. Still, if you're looking for other aspects, such as ones beyond the cloud, the solution may not cover those. It can cover host containers, serverless and embedded apps, and PaaS, or aspects under computing, network connectivity, and identity and configuration management. Data may also be covered, but there is no data governance here in India. Storage may also be included, such as self-service GCS, but I did see that the solution is not very comprehensive, though you may not need all other aspects. Currently, Prisma Cloud only focuses on compute networking, data governance, and IAM, which could be improved.

As for the security automation capabilities of the solution, it is good, but there's still room for improvement because, at times, the access itself is not very consistent. My company has faced certain issues where it would have been better if the whole process, hub, or tool were more straightforward.

I also mentioned that the data governance functionality is not supported here in India, but Palo Alto Networks did not give an explanation about it.

My company also utilized GCP, and it was simpler. However, it did not have the intelligence of Prisma Cloud by Palo Alto Networks. Though Prisma Cloud by Palo Alto Networks provides excellent security, is a pioneer in this space, and knows what it's doing, from a user perspective, it would have been better if it was a little easier to use. Right now, my rating for the solution based on ease of use would be a four out of five or a nine out of ten.

In terms of Prisma Cloud by Palo Alto Networks providing visibility and control regardless of how complex or distributed cloud environments become, it does for complex and distributed environments in the networking aspect. However, this is not true in the identity aspect. The solution only manages Okta, Azure, and AD, but it does not support the most popular Google Workspace, so that is another downside of Prisma Cloud by Palo Alto Networks.

Prisma Cloud could also be improved by adding Google Workspace as an identity.

I also mentioned previously that the user experience in the solution could be better. It could be easier. For example, Elasticsearch and Chronicle both have SIEMs, and they made it easier for people, both cognitively and intuitively. Prisma Cloud by Palo Alto Networks talks about CWP, CSPM, SIEM, and DNS, for example. Still, if you look at its console, you won't find any of those terms mentioned, so a person who comes from the presentation to the theory to the practical world may not be able to find a correlation. If Prisma Cloud by Palo Alto Networks has some diagram that explains and allows users to understand all these, it becomes easier. Otherwise, it'll be a little steep for somebody to start the journey with this solution. This also means you need some security knowledge before you can even begin using Prisma Cloud by Palo Alto Networks.

The setup process for Defender in the solution also needs improvement as it takes a day or two, but that is not even mentioned in the portal, so many customers think that there is something wrong during the setup, only to eventually realize that it is normal and that it'll be okay in two to three days. Another example is setting up Auto-Defend in Prisma Cloud by Palo Alto Networks, where you'd think your AWS system was malfunctioning when the delay is caused by the logs not being updated faster. There should be documentation that explains the setup process and how many days it usually takes to complete the setup.

It's the same for onboarding, as it could take several days, so if the process could be made easier, that would help the customers. My company has received feedback that customers have generally found it challenging to start using Prisma Cloud by Palo Alto Networks, though it could still depend on the person.

We've worked with and used Prisma Cloud by Palo Alto Networks for over two years.

Prisma Cloud by Palo Alto Networks has mostly been stable. However, there were some instances when it was not as stable, particularly the Defender setup, where it did not work for three days, so my team had to escalate, and then it suddenly worked. The issues usually happen during implementation, but you will not have as many challenges after it is implemented.

Stability-wise, the solution is a six out of ten for me.

Prisma Cloud by Palo Alto Networks is scalable, mainly because it is cloud-based.

My rating for the technical support provided by Prisma Cloud is four out of ten because it takes two to three days before support replies to you, and sometimes, you do not even get a valid or contextual answer. Sometimes, the team does not respond, and you do not even know if you will get a response. The technical support team has not been very friendly.

These are why I cannot give Prisma Cloud support a high rating.

Neutral

The initial deployment process for Prisma Cloud by Palo Alto Networks could be straightforward. Still, it becomes complex because of missing documentation that explains what happens during implementation and onboarding. Not everyone understands what needs to be done, so the process might look complex when it's not very complex.

The process requires you to onboard your account, set up your defenders and applications, and update specs and costs, but the available data could be more intuitive.

Deploying Prisma Cloud could take more than a day because the logs already take one day, plus it also depends on the number of hosts and containers.

My company is a reseller for Palo Alto Networks, so it does the implementation, POC, and setup for customers.

In terms of Prisma Cloud reducing runtime alerts overall for clients, that would be up to the clients or customers. The solution is configured, so if you get a lot of alerts, you have to work towards burning down and making it contextual to your existing setup and what your business requires. From an implementation perspective, my company will set up the defaults, wait, and then work with the customer on how often they want to burn it down and contextualize it to their needs or requirements. Reducing runtime alerts is essentially up to the customers because if the customer gets a lot of alerts and does not spend time to make them contextual, then that customer will continue to get alerts. It is essential to make it contextual to your system if you want to reduce the alerts you receive.

Here is how I would rate Prisma Cloud by Palo Alto Networks: as a pioneer solution, and as it is cloud-based, and considering the security perspective, the solution is an eight out of ten, so the rating is high. However, in terms of setting it up and implementing it from a customer's point of view, Prisma Cloud by Palo Alto Networks becomes a seven out of ten. Not all things often work, and you still have many features you need to explore as a customer. Support for partners or the portal could also be better, where it should give more information, so the rating becomes a five out of ten. Overall, my rating for Prisma Cloud by Palo Alto Networks is a seven out of ten based on experience, but at this point, it could still be the market leader.

My company is a reseller, partner, and implementer of Prisma Cloud by Palo Alto Networks.

We use Prisma Cloud for container security, serverless function security, and our Cloud Security Posture Management.

We realized the benefits of Prisma Cloud almost immediately. It can comprehensively secure the entire cloud-native development lifecycle, from build to deploy and run. It has that capability. We are using it in the build and run space, but we aren't using it for secure code review.

We are more dependent on another product for visibility. Prisma Cloud does not have a natural feel, so we use another tool. About 75 to 80 percent of our workloads are connected to one solution, but Prisma Cloud has limitations. It doesn't have agents for them, so we use other tools or other native security tools to protect them. 

When we started, many false positives and mismatched rules were not properly created. We created a more mature ruleset and now have a manageable set of alerts. It's not that much and has reduced over time.

We use different tools to achieve the same result, and consolidating that helps us save money. It has saved us, but it is a costly product. We are also saving some money on projects where there is competition. It's much cheaper, and they have the same or similar features.

We have standardized vendor process management, so we want to reduce multiple vendors. Prisma Cloud is part of Palo Alto. We use Palo Alto firewalls and other solutions. Prisma has many features that intelligently cover cloud security. One solution can cover runtime for EC2 systems, containers, and Fargate. We also have EKS/Kubernetes integration. So, whatever the cloud-native solution in Pfizer, we can use one solution to secure that.

The Fargate security microservice that's running doesn't support blocking features, which would be helpful. Another issue is the lifecycle. It isn't easy to upgrade if we have a console in Fargate. 

We have used Prisma Cloud for nearly two years.

We have had some issues, but they were mainly due to the environment. It did not crash as much after we set up the environment, but we had to build the system twice because of environmental issues. It took us a long time, but we have a learning curve on these deployments.

Prisma scales well if we're deploying on Kubernetes, but it doesn't scale that great on Fargate.

I had an opportunity to work with technical support and presales. The technical support was good. They are deep into the technology, but the presales staff wasn't up to the mark.

Positive

We have Aqua Security and many open-source tools. Prisma Cloud suits our needs, so it's good. 

The deployment had a steep learning curve, and the support wasn't trained enough to work on the product. They were trying it out in their own lab. It's a new technology, so it takes time.

We deployed via a CICD integration, which took us around two months. We have two deployments: production and our lower environment. It took time because there were dependencies in the infrastructure. It took two to three months to get a stable working solution. I deployed it alone. 

We deployed in Fargate, so high availability and other things were not an issue. The issue was the upgrade process, which requires us to streamline the upgrade process in the target deployment. That requires maintenance. If there is a major upgrade, it requires a lot of planning and everything. 

Prisma Cloud's pricing is a little higher than its competitors. It should come down. 

I rate Prisma Cloud seven out of 10. 

We specialize in all Palo Alto modules, including visibility, compliance, governance, threat detection, data security, and hub security. Our comprehensive suite of services covers all aspects of these modules. We leverage the SaaS security product for advanced threat detection, and for all-encompassing monitoring, we utilize Cortex XDR from Palo Alto.

Many customers store sensitive data in on-premises data centers and require robust security measures. Prisma Access licenses can protect internal networks, but some customers prefer avoiding internet exposure. To address this, we offer gateways that create a secure environment for internet access. With the rise of remote work, we provide VPN connections, such as GlobalProtect, for secure access to both internal and external resources. Customers can deploy multiple gateways in different regions to meet their needs. Traffic flow typically involves a VPN connection to a gateway, followed by routing through internal service connections and potentially a data center firewall before reaching the desired resource. For external access, traffic is routed directly to the internet through the VPN.

Prisma Cloud offers comprehensive security across multi and hybrid cloud environments. For instance, our ADEM tool, considered industry-leading, requires installation on user machines to enable continuous monitoring of all ADEM-equipped users. This includes detecting anomalous activity outside the corporate network and tracking user online time, providing valuable insights into network usage.

Security automation and EA Ops significantly reduce manual configuration and management tasks compared to previous methods, saving valuable time. Now, we only need to configure a few minor details rather than handling everything. For instance, with service connections and gateways, we don't have to manage multiple VPN gateways; Palo Alto is managed on the backend. Our primary responsibility will be monitoring after initial tunnel creation. We've preconfigured connections to on-premises firewalls, whether third-party or Palo Alto, eliminating manual configuration. Automation is in place, and we'll only need to purchase licenses. The autonomous system further enhances automation for all processes.

Intune security automation has significantly reduced our costs, making us more financially efficient making us more financially efficient. Automation is now highly valued as it eliminates the need for engineers to configure and manage systems manually. With AI-driven automation, we can effectively monitor configurations through a dashboard, providing a complete overview. This automation simplifies tasks like creating BGP connections, which previously required complex CLI commands. Prisma Access Palo Alto's GUI interface automates tenant creation with minimal input. Integrating Prisma MDM and Palo Alto device deployment further streamlines the process, reducing manual intervention. Overall, this automation saves money and frees up engineer resources by eliminating time-consuming configuration tasks.

Palo Alto Networks is a global leader in cybersecurity, providing top-tier protection to its customer base of over 90,000. Traditionally, customers relied on on-premise hardware firewalls, but the shift towards cloud-based solutions has driven a demand for more flexible and cost-effective security options. In response, Palo Alto Networks offers cloud security solutions that leverage its existing global device infrastructure. Customers only need to purchase licenses to activate cloud security features, tailoring protection to their specific needs for internal, external, or network environments. For customers seeking complete independence, Palo Alto Networks also provides interconnect licenses that eliminate the need for a service connection.

Customers do not directly purchase Palo Alto products or deploy them into production. Our professional engineers provide a lab environment for customers to test any desired Palo Alto services, from essential Prisma Access to advanced cybersecurity solutions like SaaS security and Cortex XDR. Once customers are satisfied with the lab environment, they can deploy the chosen products into production. If they encounter any issues during deployment or operation, the support team promptly addresses them.

I have resolved numerous customer issues, closing over 400 or 500 cases globally. While many cases can be resolved within a week, some complex issues may take up to a month. Palo Alto Networks aims to provide timely support for all customer issues, regardless of severity. When a customer encounters a VPN connection problem, they can create a case with varying priority levels. Critical cases are assigned to engineers immediately, with hourly updates provided to the customer. If the issue persists, the case is escalated to senior resources. Prisma, a relatively new platform, is constantly being monitored for bugs. Any issues identified are addressed promptly and communicated to customers. Our goal is to deliver exceptional support services.

Prisma Cloud offers complete visibility across our entire environment, from end users to the data center. We'll have full control and oversight within a single unified portal, eliminating the need to juggle multiple platforms as often required by other solutions. Prisma Cloud provides dedicated applications for various functions, such as SaaS security, threat and vulnerability management, cloud identity engine, and log analysis. These applications work seamlessly together, automatically connecting through APIs once deployed and licensed. For configuration management, the Strata Cloud Manager handles Prisma Access and Prisma SD-WAN. This centralized approach allows us to efficiently manage multiple aspects of our security infrastructure within a single platform.

Prisma Cloud offers SaaS security and data loss prevention as separate features requiring additional licensing. Both can be managed through a single portal. For threat prevention, they provide Cortex XDR, a recent cybersecurity offering from Palo Alto. When combined, we have a single tool to protect all of our cloud resources and applications.

Prisma Cloud helps reduce the number of runtime alerts. Users will only receive live alerts generated when Prisma detects an issue within the environment. For instance, if Prisma Access observes an attack, it will generate a live alert visible in the startup cloud manager's dashboard.

Prisma Cloud effectively reduces the overall number of alerts by prioritizing them into categories: critical, high, medium, low, and informational. Less critical warnings are consolidated into the informational category, minimizing alert fatigue. Critical alerts persist until resolved, and recurring issues can be configured to trigger email notifications for proactive monitoring, ensuring timely attention even when engineers are unavailable.

Prisma Cloud offers significant cost savings for customers. Previously, customers managed multiple firewalls, including internal and external devices. With Prisma Access, this complex management is eliminated, as Palo Alto handles firewall management. Customers configure and purchase a license to access gateways for end-user connections. This eliminates the need to purchase expensive individual firewalls, which can cost billions. While customers retain visibility through a provided portal to monitor traffic, the primary benefit is the streamlined management and cost reduction achieved through Prisma Cloud.

Visibility and control are valuable features. Customers desire complete oversight to monitor resource access, both internal and external, and verify user activity. ADEM, a purchasable license, enhances network visibility by tracking traffic patterns and identifying potential threats through a dashboard. Our Strata Cloud Manager platform unifies Prisma access and cloud management, while also accommodating next-generation firewall administration. The dashboard provides in-depth visibility into threats and vulnerabilities.

Prisma Cloud's most valuable feature is its user identification capabilities. By integrating with Active Directory or LDAP servers, it efficiently manages user access to cloud resources. Previously, determining user access required multiple hops through internal resources, consuming significant bandwidth. Prisma Cloud's Cloud Identity Engine directly connects to identity providers, streamlining user authentication and authorization. This improves performance and security by eliminating the need to constantly query Active Directory. Additionally, Prisma Cloud offers full visibility into network threats and vulnerabilities through a unified dashboard, reducing the need for multiple tools and licenses. This centralized approach enhances threat detection, response, and overall security posture.

The speed at which Palo Alto resolves bugs should be improved to prevent customers from experiencing issues while waiting for resolutions.

Palo Alto Prisma Cloud is relatively new, with only three years of history. While the documentation continually improves, it still has limitations compared to the extensive resources available for older products like hardware firewalls, which have been around for approximately 20 years. Despite these shortcomings, Prisma Cloud's documentation is growing, and knowledge base articles can be helpful for troubleshooting issues.

I have been using Prisma Cloud for two years.

The quality of technical support varies depending on the issue a customer faces. High-priority cases demand immediate attention and daily follow-up to prevent customer frustration. I have resolved hundreds of Palo Alto cases, including critical ones. These cases require engineers to provide half-hourly updates and expedite troubleshooting. A recent critical case involved a customer migrating Panorama configuration and experiencing Prisma Access account verification issues. The initial engineer engaged with Prisma Access but encountered licensing problems. I escalated the case, collaborating with licensing and engineering teams to resolve the API-related issue and restore service. While such cases are time-consuming due to limited resources, a global team of engineers can address troubleshooting needs.

Positive

The initial deployment was smooth due to excellent support from Palo Alto's professional services engineer. They provided a clear overview of our deployment needs, considering the customer's two branches and primarily remote workforce. We determined six VPN gateway connections were required, two in the US, India, and Europe, and two branch office connections. Palo Alto created a lab environment, presented the network topology, and demonstrated traffic flow. Additionally, they introduced the split tunneling feature, allowing specific traffic like Google search to bypass Prisma Access and access the internet directly. Overall, the top-tier engineers at Palo Alto delivered exceptional customer service and ensured a seamless implementation.

I would rate Prisma Cloud nine out of ten. I am deducting a point because of the limited documentation.

We initially wanted something to protect our infrastructure. We acquired Prisma Cloud, so at least our containers are secure because we already installed agents in the containers. Our infrastructure is being monitored by Prisma Cloud. Then, we started with the WAF (web application firewall) service to enable API discovery and to understand what our APs are doing.

We can protect our APIs in case of a DDoS attack. We are currently working on CI/CD integration so that we can enable Slack CLI in our pipelines. Whenever there is a vulnerability, it will automatically be produced into the Prisma cloud.

The most valuable feature of Prisma Cloud is WAF. AWS also provides web application security, but it is outside the VPC. Since the agent is already installed in the container, we can protect it directly from the application side. We have a UI-based view of the request.

If I want to know how many SQL injection attacks happened in a day, I can just make a filter. Instead of typing, I can select the filter and get the details. It's much faster, and it is very easy to find out attacks and discovery from the user's perspective.

A couple of exporting functionalities should be more user-friendly because if I want to export something, I can get a lot of data visible to that particular CSV. There is no filter for what kind of data I want to export. That is something that I have missed as someone from the management side. When we see any CVE issues, proper information, including the path, should be mentioned.

For example, in the case of vulnerable packages or images, whether a base image is vulnerable or the package under the base image is vulnerable should be mentioned. That visibility is sometimes missing there, although not every time. It took me some time to figure out what kind of issue it was trying to resolve.

For example, one issue was that an image should be run with a non-route user. Only the discussion was there, but how to validate and fix that was not there.

I used Prisma Cloud by Palo Alto Networks for around one month in my previous company. I've been using it for the past four months in my current company.

Prisma Cloud is a stable solution.

It is a scalable solution. We have more than 20 people using Prisma Cloud in our organization.

I rate the solution's one-on-one technical support session a six out of ten. The support team usually provides only a half an hour session, which sometimes is very little for us when the issues are big. However, their support through email is good. The solution's one-on-one support session should be extended by at least half an hour. Since their one-on-one sessions are based on their availability, I don't get instant assistance when I need it.

Neutral

I have previously worked on different tools like PingSafe. PingSafe is only into cloud security posture management, but Prisma Cloud has everything enabled in it. As a cloud security posture management tool, both the tools have their own advantages and disadvantages.

I can compare only one functionality, which is the CSPM module. For the CSPM module, Prisma Cloud's finding is good because it has access inside a containerized agent. PingSafe was more into the basic CIS benchmark things where we were able to identify the issues. PingSafe was also good, but Prisma Cloud has more advantages and configurations enabled.

The solution's initial setup was pretty straightforward. It's a bit complex for a new person, and some guidance will be required. However, the documentation is quite enough to reduce those things. The initial setup is neither too hard nor too easy.

The DevOps team does the solution's deployment. I was not a part of the deployment process. When I discussed it with them, they told me they had some script or documentation. They started that, and the deployment was completed in a day or two.

We are using cloud protection, virtual protection, and the CI/CD modules of Prisma Cloud by Palo Alto Networks.

The comprehensiveness of the solution for protecting the full cloud-native stack is pretty good. We need to monitor those things. We initially did all the configuration from the container or API side. Now, our work is only to monitor periodically. It has a report functionality on a mail and download basis.

Periodically, we'll receive a mail asking us if we want to work on the weekly summary of our findings. There is a rescan functionality that I can use to rescan and confirm if someone has fixed a vulnerability so that it will not be shown in the results the next time. Prisma Cloud provides comprehensiveness that covers most of the areas.

When we didn't have this tool initially, we had to run around for different open-source tools because there was no one-stop solution. We had to go for different open-source tools for different functions. Prisma Cloud is a one-stop solution that covers multiple things like API security, container security, infrastructure security, AWS cloud security, and CI/CD security. So, it's a complete package for us to look around and figure out the issues in every area.

We did not immediately realize the solution's benefits from the time of deployment. It took an initial one month to understand the functionalities and their uses. After one and a half months, we were able to identify the benefits of using these services.

The solution provides the visibility and control we need. Initially, we did some access analysis to know what kind of permissions these particular agents are running. Then, we got to know and understand the agent's particular privileges.

The solution has reduced runtime alerts by around 15 to 20%. As soon as we use any image, we decide to run the scan and get the finding immediately. We have a time window to figure out the issue.

In case of an incident, Prisma Cloud requires some maintenance. If something happens because of the tool, we have to stop those agents, rerun them, and then check the logs. Sometimes, the services are disrupted when we enable something amid permission issues. So, that part definitely requires some maintenance.

I would recommend Prisma Cloud by Palo Alto Networks to other users. Prisma Cloud is a one-stop solution where you get multiple tools within one tool. That is a great thing because you don't have to run around for different kinds of tools.

Overall, I rate Prisma Cloud by Palo Alto Networks an eight out of ten.

We have deployed Prisma Cloud for one of our client premises. And we are managing it internally. Although we do have support and other stuff for this solution, it has two kinds of modes. One is the detect and protect mode, and one is only for the monitoring purpose. There's different licensing. If you need protection from Prisma Cloud, then you will purchase a firewall kind of module with that. Otherwise, by default, it comes in monitoring mode.

It's deployed on all VMs and workloads. With the Prisma Cloud, you can have it on a cloud server or you can deploy it as a stand-alone. That said, the container should be persistent. Otherwise, if you restart the container, you will lose your configuration and everything.

We were doing a deployment for a telecom client, and they have two different application pipelines. One was based in India with the Oracle team. They were developing their own application, so we have also incurred it to the Prisma Cloud in their CI/CD pipeline.

The second use case was to monitor the OpenShift environment. The solution was basically bare metal. Then on top of that, there was OpenStack. It's an on-prem cloud service. We have deployed the Prisma Cloud solution, so it was on top of an open stack.

If there is a large infrastructure involved, you need to run continuous vulnerability assessments. You also need comprehensive reports and complete inventory details. Doing everything manually would cost a lot of human resources. And it can take a long time. This helps automate and control vulnerability scanning that's continuous. It also helps with compliance. If I have to scan something monthly or quarterly, I can do it, and it will run. What Prisma Cloud actually does is that it keeps on doing this activity for you without any required request from the operator side. Its agents are deployed on the infrastructure, on all the components, on all the applications, on all the operating system images, VMs, or the old private cloud environment or your work on nodes. If you spread your agents all over your infrastructure, it'll keep scanning and reporting, and you can see everything from your dashboard. 

We have integrated OpenStack, OpenShift, RH, et cetera. You don't need to integrate every individual part; you only need to integrate the worker node. And once you deploy it on the worker node, all the parts running on that worker node.

Prisma gives you full-fledged posture management. You get detailed insights into all your modules, how they are communicating, and on which ports they are communicating. If there is any unknown port or unknown address, et cetera,  Prisma Cloud can show you the configuration, and the ports. That way, as an architect or product manager, you know through your documentation which application should be communicating on which ports. If there is any deviation from that documentation, Prisma Cloud can see that, and you can get the details for that. 

With respect to virtual protection, it tells you which image, VM, physical server, worker node, or port has what kind of vulnerability. It gives you everything in real time. 

Monitoring mode is great if a company wants to know every single vulnerability and loophole in its infrastructure. It gives you a complete inventory list of VMs and devices within your infrastructure from the dashboard. You can add new policies or elements easily. You just integrate it within Prisma Cloud. That way your inventory automatically gets updated. 

Real-time continuous vulnerability assessment and reporting are key features. It's critical to most large-scale enterprises.

Prisma Cloud provides security scanning for multi and hybrid cloud environments. Sometimes, if we, for example, have some infrastructure on a public cloud, like AWS, then you need to monitor them continuously and you will require the inspector module of AWS. The inspector module is initially free of charge. And after two weeks, they'll start charging you. However, you can just put the credentials or access keys for AWS within the Prisma Cloud and assign the agent to that. It will start monitoring your cloud infrastructure as well with less overhead.

Prisma Cloud provides the needed visibility and control regardless of how complex and distributed the cloud environments become. What you do is you need to open the communication matrix. That communication matrix is the baseline or the product for the Prisma agent or CLIs, to communicate with the Prisma Cloud and share its findings directly. Whatever the agent finds on its local host, it will respond and share it with the Prisma Cloud. 

Prisma Cloud has two types of interfaces. One is towards the Internet to the main Palo Alto cloud environment. The second interface is towards the infrastructure or architecture. Most of the time, the operators focus on the corporate side since their responsibilities are related to that scope. The other side should be automatically updated, similar to how Microsoft. They simply tell you updates have been downloaded and installed, and you need to restart your system. The update processes are transparent. There is nothing manual to worry about.
There are a lot of compliance rules that you can configure. If the product manager knows that there's a new compliance rule, they ensure that the new compliance rule is compatible with their product. Compliance is not an issue, however, rules should be configured. It's just like any other compliance activity. 

Prisma Cloud enabled our customers to integrate security into their CI/CD pipeline. Our client was developing a large-scale application for billing purposes. And Oracle India was involved in that, and there was a DevOps pipeline. We have integrated the Prisma routes to the CLI within their pipeline; it was being handled through Prisma Cloud automatically within different DevOps gateways. It's seamless. Once you integrate it, then it's part of the pipeline, and it's being done automatically just like any other pipeline gate.

Having a single tool to monitor cloud sources has had a positive impact on our customers. Tasks that were headaches have become easier. It's easier to assess vulnerabilities and compliance thanks to automation. 

Prisma Cloud provides risk clarity at runtime and across the entire pipeline showing issues as they are discovered in the build phases. The vulnerability will stay on the dashboard until you fix it as well. It will keep showing you the issue until it is resolved. Vulnerabilities that are identified are documented and stored in the vulnerability management system.

Prisma Cloud has reduced alert investigation times thanks to the comprehensive dashboard. You can directly search for any host you are targeting or go through the entire list and check everything. 

It's helped customers save money in that it's helped them catch vulnerabilities thanks to 24/7 scanning. That helps you fix the issue earlier. If a vulnerability gets through and the company is breached, they can lose their reputation. The same is true if their service goes down - especially in a banking scenario. It can lead to a big financial loss. Having proper security controls and monitors in place mitigates this. 

They have very rich documentation, and everything is very clear with respect to integration and configuration.

It provides a lot of compliance rules. It provides us with around 160 different rules. That way, you can define everything during scanning and the system will keep checking for compliance, which is automated.

One single drawback is that updates are not directly based on push notifications. There is a lot of software that gets updated automatically. Since this is a security product, this product should be automatically updated. Right now, it must be manually updated. I should be able to focus on vulnerabilities and security, not updating.

Delays can be very costly. Even with a minute delay in updating, if an attack is successful, when you have this corrupted million-dollar product, it's useless to you then. That's why updates should be automatically done. 

It doesn't patch your products; it only provides insights into vulnerabilities. It's merely a value-added service for your overall security posture. 

They are missing some compatibility details in their documentation. If I am choosing a product, the first thing I look at before recommending it to my organization, is the documentation, including how it is organized, if their documentation is informative, what information they are providing, et cetera. Prisma Cloud has one issue within its documentation, and that is that it does not provide exact details of every single plugin. I was very concerned about which version of Prisma Cloud was compatible with which version of the solutions we had in our CI/CD pipeline. They need to be more clear. 

The solution is stable and is capable of covering large enterprises. I've never faced issues once I've deployed it. However, if you will be holding the data for the long run, you need to think about storage. That's it.

It's scalable. You can scale horizontally or vertically. 

Their support is not very good.

Negative

I've deployed it from scratch in a containerized environment. I am running a persistent container for Prisma Cloud.

The setup is very straightforward, thanks to their documentation. It's rich and comprehensive. They just don't provide version compatibility.

We deployed the solution in a day.

There is no other complexity in the implementation. It can be anywhere in the VM or any other component of your infrastructure. The agent should be able to ping its Prisma Cloud server. Once that is done, there is no other complexity. You just deploy the agent. The agent will keep updating automatically via the Prisma Cloud, and it will start finding new vulnerabilities. That's it. There are no such complex issues with the Prisma cloud deployment.

The implementation strategy was that we knew for which kind of infrastructure we were going to deploy it. 

There isn't much maintenance needed. The only thing is that sometimes you integrate Prisma Cloud with something that is not supported by Prisma Cloud or documentation does not explain it. In that case, you need to engage their support team. Their support is not very good. 

The solution is very expensive. They must have decided internally not to go after SMEs or startups. They are targeting multi-million or trillion-dollar organizations. Those are the companies that can afford their products. 

We're an MSP; we provide this product to customers. We provide security as a service.

We wouldn't recommend the solution for SMEs or startups. This is for larger corporate enterprises like large banks, fintechs, or telcos. It's good for larger infrastructures that might have legacy controls or devices.

Prisma is not the only solution in the market; there are others as well. It offers good core functionality, and it covers your whole cloud environment. It's a fully-fledged package that can help provide insights into security threats in any kind of development environment, from production to staging.  

I'd rate the solution seven out of ten.

If you are interested in Prisma Cloud, look at your business cases first. If you have a massive, large-scale infrastructure, they should not go into new products blindly.

I work with various modules, including CSCM, CWP, Code Security, and NS.

We use the solution for day-to-day activities, from onboarding accounts to deploying Defender to creating rules to monitoring incidents. It's used for alerts and monitoring of what happens on the workloads. 

Our customers use the solution to try to meet their compliance standards, and for audit purposes. It helps create policies. SmartCloud itself has around 2,000 policies. It can cover compliance standards around banking, for example, around workloads and data. It helps align with governing bodies' compliance standards. We can create custom policies and anyone can create workloads.

There are many modules that have various capabilities. We can look at the misconfiguration of cloud resources, for example. They can help with compliance as well. We get notified and get data alerts and this is automated. However, we can manage items manually as well. 

It's good for monitoring your environment for AWS.

For visibility, we can create one service account.

Regarding the assets, regarding the alerts, we get all the data. It's great for our cloud security posture and management.

It's cloud-native and is used in major cloud environments. With it, we can monitor clouds like AWS, DPP, Azure, Alibaba, and Oracle. This is important. Many customers work with various key cloud providers. They often have their resources across different cloud providers and all resources must be protected and monitored. With this product, we can monitor all the things even if they are on different clouds - and it can be done on one platform. 

The most valuable aspect of the solution is the computing part.

Prisma Cloud makes it easy to host virtual machines and cluster environments like container Kubernetes. It does this while providing a single dashboard, from which we can monitor all of the workloads and perform vulnerability scanning.

It's very good at helping us take a preventative approach to security. Many bans are using it as a cloud security tool based on the level of prevention they offer. 

It supports the multi-cloud environment beautifully. If there is any kind of anomaly, it helps alert you to it. If there are malware or brute force attack attempts, it will report that. We can both monitor and audit the system. They have their own out-of-the-box configurations or we can customize them to create our own monitoring and auditing policies. 

The solution provides us with data sessions to help gain visibility of workloads in various regions. For example, if there is a workload created just in the US region, we can see that. It will give an overview also. It supports all kinds of workloads, from host protection to Kubernetes and container environments. It even provides support for the Oracle Kubernetes environment.

It ensures that nothing impacts operations. It will block vulnerabilities or implement fixes. 

The solution provides the visibility and control you need regardless of how complex or distributed your cloud environments become. It's very easy to see the entire security posture from every angle - region, data, compliance, et cetera.

We can integrate it into our CI/CD pipelines into existing DevOps processes. We can integrate via APIs or code. When a developer is in the code and integrating, if there's a vulnerability present, or a misconfiguration, it will scan and provide data. With Terraform templates, we can create a lot of instances. With one Terraform code, we can create hundreds of instances. 

The solution helps developers go to very specific locations, to exact areas, at which point they can perform fixes. 

Overall, it provides us with a single tool to protect all of our cloud resources and applications. It's got the best features for web applications and ETL security.  By enabling data, we can monitor whatever is deployed on the cluster or on the IT environment. It provides risk clarity across the entire pipeline. For example, the vulnerability explorer gives you a view of the top critical vulnerabilities. That way, developers can see what the priorities are for what needs fixing. 

It reduces runtime alerts. They provide us with a runtime alert console. It's also reduced alert investigation time. By clicking right on the investigation, we get all the data, including the source IP and any kind of suspicious detail in the workload. We can quickly go ahead and block IP as necessary.

We're able to directly integrate alerting to tools like QRadar.

The solution has helped our customers save money. They don't have to go ahead and hire individual experts for different areas like AWS and Azure. Having everything separate can be hectic and expensive. This is centralized. YOu don't need different teams. With its user-friendly interface, you only need one or two resources to monitor the whole cloud environment.  

Prisma Cloud introduced some new permissions so we have to go and manually add that permission. It is a little bit hectic. If someone onboards single accounts they have to go through each account in that IIM role, and they have to manually add that permission. It's a manual job that takes time. It would be ideal if there was some sort of automation involved.

In scanning, it does not provide runtime protection. 

The licensing could be better. You need to deploy an agent and it would be more convenient if it was agentless, which should be possible. With agents, you are consuming the same amount of credit, yet it does not provide the same amount of features. The automation needs to be improved and included in terms of AWS onboarding. For Azure, it's good, however, with AWS it requires manual intervention. 

Sometimes we do get false alerts. That should be improved. 

I've used the solution for around one year.

The solution is stable. There is occasionally some downtime.

The solution has been scalable. 

Technical support is strong. They have different levels of support, critical, high, medium, and low. For issues rated as a high priority, they provide assistance within one to two hours. Lower priorities may take 24 hours. 

Positive

I did work with a different product previously. Often, other solutions do not have as much visibility. AWS native services, for example, are not able to monitor the workload or data of Azure. You'd need another product for that. Similarly, Defender will only monitor an Azure environment. I have not worked with something that moved across clouds like this solution does. 

I've helped deploy the solution for five to six clients. 

In the early stages, it's a bit complex to set up due to the fact that it's new and we need to train. We need to give users a session and a POC or demo. So the complexity comes from the training and onboarding, not necessarily from the product itself.

Typically, we can deploy it in one week, and deploying it to any cloud environment would take one to two hours. After onboarding the new cloud environment, we need to create rules and integrate the ticketing tool. That might take two weeks also. There's a dependency with the cloud team in that sense, since, if you are going to integrate anything you need to schedule a call. If Defender is included, we need to deploy it manually. We'd also decide what is being automated. 

The solution does require some maintenance. On the portal, it would show whenever some maintenance is needed or if they are updating their versions. There may be maintenance downtime. The maintenance is provided by Palo Alto itself. We'd notify the customer if they need to be prepared for some downtime. 

Customers have witnessed a good ROI based on the ability to create and customize multiple policies. It helps them meet compliance and auditing requirements. 

I don't know the exact cost; that's handled by another team. However, my understanding is that the cost is based on consumption. 

It takes a little bit of time to create time to value for the solution. A new customer might not have any idea of a cloud's capability. Some people need training and this might be on a quarterly or monthly basis to get the customer up to speed. Once they are more knowledgeable about the solution, they can utilize its capabilities more fully.

I'd recommend the solution. It's comprehensive for securing the entire cloud-native development life cycle across the build, deploy, and run. It not only provides security protection in the runtime environment - it also covers CI/CD. We can integrate Azure DevOps or any kind of solution like Jenkins. 

For new customers, I'd recommend they take on a demo or POC. They can get a one-month license and try it out. Customers can coordinate with partners and see how it would work in their environment. If a customer has a multi-cloud environment, this is a good choice. 

I'd rate the solution nine out of ten.