Prisma Cloud by Palo Alto Networks Reviews

Our environment consisted of a cloud-native stack, including Kubernetes, OpenStack, and OpenShift, running alongside additional virtualizations. This hybrid setup required securing both the cloud-native components and the virtualized instances. To address this challenge, we implemented a comprehensive CI/CD pipeline with cloud security in mind. Following vendor code pushes to our environment, we use rigorous scanning and verification procedures to ensure the code's safety before onboarding. Once onboarded, Prisma Cloud provides continuous posture management and security monitoring.

Our current Prisma Cloud deployment utilizes the Registry Scan, Runtime Protection, CI/CD Integration, and Vulnerability Management modules. While we have opted for the Complete Edition, it does not include Posture Management, a feature frequently inquired about by our customers. Currently, Posture Management is only available in the SaaS model, and we are utilizing the on-premise edition, also known as the Complete Version.

We are a system integrator for the telecom sector.

Clients utilizing cloud-native environments often face challenges in scanning and securing their containerized solutions and clusters. Prisma Cloud offers a comprehensive solution, providing end-to-end protection for these clients. 

Prisma Cloud is a crucial component of our clients' security, particularly for their billing environments.

It offers comprehensive security across multi-cloud and hybrid cloud environments. This is particularly valuable for hybrid environments because it unifies all security needs under one platform, simplifying management and providing a more consistent approach.

It helps us take a preventative approach to cloud security. It is a comprehensive solution with a lot of features.

We have improved our clients' organizations by offering unified monitoring that directly connects their SIEM, SOAR, EDR, and XDR within their environment. The benefits are usually seen within six to eight months.

The Prisma Cloud SaaS version's comprehensiveness secures the entire cloud-native development life cycle.

Prisma Cloud delivers comprehensive visibility and control over our client's cloud environment, regardless of complexity or distribution. It provides a complete map of the environment, visualizing traffic flow for enhanced understanding.

The touchpoints in the DevOps process are seamless. We can integrate them with our registry and the CD platform, so there are no challenges during automation.

Integrating with a CI/CD pipeline and incorporating a vulnerability assessment process are highly effective features, especially when combined with runtime protection. This synergy provides a comprehensive view of how our application is performing while it's running, which is immensely valuable.

Prisma Cloud's Complete edition is not a complete suit. Only the SaaS version includes posture management and IDE integration.

The visibility on the SIEM needs to be streamlined so we can get the data without any issues. 

I have been using Prisma Cloud by Palo Alto Networks for two years.

Prisma Cloud is stable.

Prisma Cloud scales well. In addition to our main site, we recently added Prisma Cloud to our disaster recovery site.

We acquired the services of their technical support several times which was helpful.

Positive

I have experience with Trend Micro Cloud One as well. The pricing is what differentiates Trend Micro Cloud One from Prisma Cloud. 

Initially, we deployed Prisma Cloud quickly, focusing solely on the containerized environment. The remaining deployment across the entire environment took two months to complete. From the solution's perspective, the deployment is straightforward. Some customers have complex environments but that has nothing to do with the solution itself.

Three people were required for the deployment.

Prisma Cloud licensing works on credits.

I would rate Prisma Cloud by Palo Alto Networks a seven out of ten.

Maintaining Prisma Cloud is generally straightforward.

We have Prisma Cloud deployed in a single department used for the billing system in our hybrid cloud environment. We have eight users.

While Prisma Cloud Complete offers runtime protection, organizations seeking a comprehensive cloud security solution should implement Prisma Cloud SaaS. 

We utilize the entire Prisma Cloud suite for container security, API security, and CASB. Our primary focus is on the financial services industry, including banking and insurance.

We implemented Prisma Cloud mostly for compliance to protect against vulnerabilities and weaknesses.

Prisma Cloud's compliance is extremely important to our customers.

Prisma Cloud offers comprehensive security across multi-cloud environments. This is crucial due to the increasing trend of cloud adoption and digital migration. However, some clients still maintain a hybrid footprint across various platforms like Azure, AWS, and Google Cloud. To address this, Prisma Cloud's technology extends to secure hybrid environments effectively. Its coverage goes beyond traditional one-size-fits-all solutions and encompasses both public and private cloud infrastructures.

It offers approximately 80 percent coverage for securing the entire cloud-native stack. While they boast a robust "shift left" component through their API, other products in this space are equally competitive. However, if seeking a single solution that addresses the majority of our needs, Prisma Cloud presents a strong option, especially considering the diverse technologies within our cloud footprint. Additionally, if we choose to standardize Palo Alto across our entire infrastructure, Prisma Cloud integrates seamlessly with other modules within their ecosystem. While not claiming to be the best-of-breed solution in every aspect, Prisma Cloud consistently ranks highly in Gartner reports for most of its functionalities, providing a solid foundation for technology consolidation.

It is a leading full automation product. Their SOAR technologies offer a vast array of integrations, all well-designed and ready to use out of the box. This suggests their overall automation capabilities are indeed top-notch.

Prisma Cloud excels in its field. I believe their solution covers detection and prevention in a world-leading manner. They largely deliver on their promises, demonstrating reliable performance. Additionally, they offer excellent support resources, including comprehensive online documentation, training programs, and a robust learning management system. Their onboarding and development programs are also commendable, providing users with the resources and support they need to succeed.

Our customers' organizations are enhanced because Prisma Cloud improves their compliance posture, particularly for those with SOC teams. It provides valuable insights and seamless integration, offering peace of mind that all security bases are covered.

Although the benefits of Prisma Cloud can be observed within three to six months after deployment, this timeframe may be extended for mature clients who prioritize rapid deployment. It is during the post-deployment phase, which typically lasts three to six months, that the full range of benefits becomes apparent.

Prisma Cloud does a good enough job of consolidating technology for our customers.

It integrates seamlessly with other Palo Alto products and provides one tool to protect all cloud resources.

Prisma Cloud helps provide clarity across our entire pipeline.

Prisma Cloud helps reduce runtime alerts by 50 percent and reduces investigation time for our customers by 40 to 50 percent. There is much less lifting for the operations team.  

The two most valuable features are container security and the capability to discover workloads. Many organizations struggle to track workloads that spin up and down frequently. This solution enables real-time evaluation and scanning of workloads as they come online and shut down.

The regional cost of Prisma Cloud in South Africa is high and could be improved. Since it is marketed based on a dollar base, it is primarily an enterprise product and may not be affordable for smaller organizations.

As a software development company looking to secure our cloud-hosted APIs before publishing them, we believe that Palo Alto might overstate its capabilities. We have identified competitive products in the market that offer better protection throughout the software development lifecycle. From a developer's perspective, especially for organizations like banks developing their applications, ensuring API security before deploying them to the cloud is crucial. While Palo Alto claims to excel in this area, we believe that other specialized products may offer a more comprehensive solution.

I have been using Prisma Cloud by Palo Alto Networks for three years.

Prisma Cloud has excellent stability. From a product perspective, they strive to stay ahead of the curve regarding vulnerabilities and other issues. I receive regular email updates, approximately four times a week, informing me of any discovered vulnerabilities. Additionally, they provide articles on new releases or micro releases for patching these vulnerabilities.

I would rate the scalability of Prisma Cloud nine out of ten.

The technical support team has a well-developed portal with consistently updated online documentation. The forum articles are also well-maintained and provide a massive footprint of information. Additionally, the testing forum exhibits a high level of activity, further demonstrating the abundance of available resources.

Positive

While the product itself is not complex, its implementation can be challenging due to factors such as the customer's existing environment, security posture, and understanding of their network and ecosystem. This lack of awareness can lead to unforeseen complexities during the scoping and planning stages. However, a more mature client who is well-versed in their environment will typically experience a smoother deployment.

The deployment time varies depending on the organization's size, but it typically takes one to three months from planning to launch. While further optimization is still required after launch, the initial setup is relatively quick.

We have a well-defined philosophy that is not complex. The first phase is the planning and design stage, where we uncover all the requirements and details of the project landscape. From there, we develop a comprehensive scope of work that includes the project architecture, deployment strategy, roles and responsibilities, and a risk assessment. The client then enters the site preparation phase, where they address any necessary repairs to their infrastructure. We then conduct a site readiness assessment to ensure that everything is prepared for deployment. The fourth step is the deployment phase, which we implement in phases depending on the specific project. We typically deploy, conduct a testing cycle, and obtain sign-off. In some cases, depending on the environment, a pilot phase may be necessary. After a successful pilot, the project goes to full deployment, followed by final testing and documentation. We also offer online training to the client during the deployment phase. Additionally, we provide ongoing knowledge transfer throughout the project and beyond. Finally, we close out the project with comprehensive documentation.

Our typical deployment team includes a subject matter expert or architect, a senior engineer, and a project manager. The subject matter expert or architect may be a cloud engineer or a network engineer, depending on the specific project requirements.

We are encountering some resistance in the African market regarding the cost of Prisma Cloud. The lack of a regional pricing model contributes to this concern, and we believe the current cost is slightly too high for the market.

It depends on our reseller or preferred solution provider. The deployment and support costs are also factors to consider. Additionally, they offer professional services for the SKUs we purchase, which includes assistance with planning, design, technology onboarding, and scoping. So, the cost goes beyond just the license fee. Typically, the additional cost for professional services to help with implementation ranges from 15 to 20 percent of the license cost.

Prisma Cloud by Palo Alto Networks earns a solid eight out of ten from me. The licensing models are well-designed and the technology scales effectively. While the pricing makes it an enterprise-level solution, its capabilities are technically suitable for organizations of all sizes. However, the high cost may not be financially justifiable for small businesses. Despite this, the product's technical capabilities allow it to seamlessly scale down to cater to small footprints while remaining robust enough for large enterprises.

We find that some of our customers may stick some technologies together to build their confidence as a compromise.

Our customer environments vary from 500 users and a couple of hundred workloads to 32,000 users and 2,000 workloads across multiple clouds. We typically run Prisma Cloud at an enterprise scale because of the affordability.

There are two types of support: operational and product. Product support is dependent on the supplies provided by our license. However, we also offer solution support, which sometimes involves interpreting reports and explaining what customers see. The amount of maintenance required depends on the customer's maturity, but it generally only takes a couple of hours per week. Two cybersecurity engineers are required for maintenance.

In our region, we have seen some management changes, and we find that the pricing remains extremely high and aggressive. Specifically in South Africa, Check Point has lost significant market share to Palo Alto. However, this rapid growth phase is now decelerating. The market in South Africa is limited in size, encompassing only a finite number of banks, insurance companies, and large enterprises. Many of these players have already switched to Palo Alto, leaving fewer attractive targets for Check Point. This decreased market potential will likely force Palo Alto to re-evaluate its pricing models. From a business perspective, there is often a pressure to continually outperform the previous year. This, combined with the high operating costs associated with their teams, has arguably led to a level of greed within the company, driving the pursuit of ever-increasing profits. However, the limited market size in South Africa poses a challenge to this approach. While Palo Alto enjoyed easy market penetration and rapid growth over the past four to five years, the landscape is now changing. Their previous strategies are becoming less effective, forcing them to adapt and evolve their approach to gain a foothold.

I recommend confidently reviewing Prisma Cloud, understanding your environment, and ensuring it is properly configured. Additionally, budget allocation should be confirmed.

I'm using the main module of Prisma Cloud, which manages security at scale in cloud environments.

Prisma Cloud offers a very interactive UI that lets you work more effectively, faster, and more efficiently. It can also be used as a dashboard for querying the cloud provider since it integrates with most of the APIs of the cloud service providers. It's a very unique tool in the sense that it lets you centralize the security control of all your cloud providers.

The first aspect that is important is the fact that Prisma Cloud is cloud-agnostic. It's actually available for the five top cloud providers: AWS, GCP, Azure, Oracle, and Alibaba Cloud. 

The second aspect is the fact that we can write our own rules to try to detect misconfigurations in those environments.

And Prisma Cloud is a single tool that protects cloud resources and applications without having to manage and reconcile disparate security and compliance reports. That's the main purpose of the CSPM module of Prisma Cloud: You can manage every cloud platform, every cloud account, from a single place, which is the Prisma Cloud dashboard. It gives you a very high overview of every asset, a full site inventory. And you can see the context as well as the severity of the errors that have been raised on each service and asset that has been deployed in the cloud.

In my experience, Prisma Cloud is a valuable asset for enterprises that tend to have a lot of cloud-native applications and that wish to secure, and take control of the security posture of these applications. One of the most important considerations is that Prisma Cloud is a product from Palo Alto Networks, a company that invests heavily in cyber security. There are a lot of features that have come out over time. In the beginning, Prisma Cloud was known for its CSPM capabilities, but today, Prisma Cloud is doing a lot of things that are very beneficial for cloud-native applications.

There are a couple of things that can be enhanced. The first is the coverage that Prisma offers. Today, there are hundreds of built-in policies for AWS and Azure, but GCP and Oracle are not covered as much as AWS. There is a lot of work to do on that part. There is, obviously, a tiny bit of favoritism towards AWS because it has the most market share. It's logical, but the other cloud providers are not as well covered as AWS.

The second issue is the alerting process. Today, it does monitor the resources—and I'm only speaking on the CSPM side of things. Prisma Cloud scans the environment and checks if there are misconfigurations, but it lacks context. There is a real lack when it comes to taking into consideration how the application was designed. For example, you can have an application that is deployed with an open S3 bucket, which is one of the most basic services in AWS. Prisma will tell you that there is a high-severity alert because, with that bucket, there is a possibility of having your data extracted. But sometimes, the data inside those buckets is actually public. So, the process lacks some intelligence.

I've been using Prisma Cloud by Palo Alto Networks for 10 months.

I'm using the SaaS version which is running on Palo Alto's infrastructure, so I've never encountered instability. 

There is some patching behind Prisma Cloud when Palo Alto delivers new features so there are some "patch intervals," but most of the time, Palo Alto does notify you when something like that is coming up. It will say, "Hi. This Friday, the application will be unavailable from 6:00 PM to 7:00 PM." But it is not very disturbing at all.

Because I'm using the SaaS version, there is no issue with scalability. It all depends on the credits and the amount of money that you have put into the tool. Aside from that, you can use it to onboard any cloud account no matter how many resources are in it.

I have contacted their tech support many times, and they are pretty quick. They are very invested and proficient. I get answers within a day or two, at most.

Sometimes, when an issue becomes pretty complicated, it can span a week because it is transferred to different people.

Positive

I did not use another solution before Palo Alto.

We have definitely seen ROI in that using Prisma Cloud is an eye-opener regarding cloud security. In general, Prisma Cloud helped us see a lot of blind spots that we left when designing applications. There were a lot of security misconfigurations that we wouldn't have been able to spot without Prisma. The return on value is in the securing of the applications that we are deploying, as well as through a better understanding of the types of issues in the type of environment.

The cost is run by credits. You can allocate them as you wish, so there are no issues there. I believe the credits, licensing, et cetera, are based on the size of the enterprise that is buying the product.

There are no additional costs beyond the standard fees.

Wiz was one of the tools we looked at. I was not the only one who made the choice, but we went with Prisma because of its capabilities as well as the support. We are investing a lot in Palo Alto Networks, meaning we use a lot of their products, so we know the enterprise itself. We know the quality of their catalog of services.

My advice is to take your time before going the CSPM route. Look at your environments and inventory everything in it. There is, obviously, no shadow IT in the cloud. It's very easy to get an inventory of the resources you are running on. Get an overview and see if having a powerful CSPM at your side is really a need. There are a lot of open-source solutions that can do the job for smaller environments.

From what I understand, Palo Alto is trying to push Prisma Cloud to become more than a simple CSP tool, since it offers the ability to cover the global environment of cloud applications, such as doing scanning and infrastructure-as-code, and managing IAM, rather than doing it directly in the cloud provider. They are trying to centralize things.

It can also be used to manage containerized applications. It can do runtime security in container-based managed services of cloud providers, such as EKS (Elastic Kubernetes Service) which is a service managed by AWS. You can rely on Prisma to put an agent in such environments to monitor and supervise the security. You can also use it to scan the container images that are stored in repositories, whether they are on-premises or in the cloud. I've heard that Palo Alto is doing a lot of things like this, but as of today, I'm only using the CSPM part.

And in terms of security automation capabilities, I've used Checkov, which is the tool they are using for scanning specialized code like Terraform. In its origins, Checkov is an open-source tool and I've been using it with my clients by deploying it in CI/CD chains to scan, automatically, the code that is pushed inside repos and deployed in the cloud. But I have never used the Chekhov that is built into Prisma Cloud.

Similarly, I know Prisma offers the possibility of auto-remediation, but I have not enabled this option. It could be a bit dangerous because there is the context and a lot of things to take into consideration before blocking something, before deployment or after deployment. So, I have not used its preventive actions.

The solution provides visibility into complex or distributed cloud environments, but I can think of a couple of scenarios where clients might not think the same. It supports the top five clouds, but if you are using another cloud provider, you won't be able to use Prisma Cloud for that instance. You would be able to use the Compute module, but it would be very hard to use the CSPM capabilities on such a cloud provider since their APIs are not working with Prisma. But if you are using the most commonly used clouds, Prisma Cloud is a very valuable asset.

Prisma Cloud is a very powerful tool and it can be used in various scenarios, but it doesn't cover everything. You might choose a cloud provider that is not supported or prioritized by Prisma. If you are using Oracle Cloud or Alibaba, you might want to get another solution, maybe one that comes with better policies and a better investment in those technologies.

Aside from that, Prisma Cloud is a good solution if you are using a mainstream cloud provider. Prisma Cloud can help enhance your security posture. Because it's a Palo Alto product, you can be sure that there is a lot of maintenance behind it. The product will be able to keep up with the market. They will keep the features coming and it will continue to be a better product over time.

We're using the solution for container monitoring in one project and workload security in another. We've installed the agents on the servers to monitor for threats.

We haven't had an issue with the product for over a year. 

Its threat-hunting capabilities are very good. Security is a major thing for us.

We're using it in a banking setup and are using it only on a private cloud. 

The security automation is very useful.

Compared to AWS, the cost management is very low. The automation ensures we have limited tasks to do. In other security tools that I am using, there is no automation option at all.

We can integrate it very easily.

It's very easy to remotely connect. We can do that within fractions of a second.

We are getting a lot of visibility and control.

We've been able to reduce runtime alerts with Prisma Cloud.

We'd like to have more tools for threat hunting.

Sometimes, on the Azure side, there are issues. Some errors aren't being found on Prisma Cloud.

I've used Prisma Cloud for my past two projects. I've used it for one and a half years. 

We haven't had issues with downtime.

The solution is scalable. 

We've contacted support during some deployments on Windows servers in order to open ports. We had issues when we opened some ports and had no connection. Sometimes, their responses were slow or late.

Positive

The solution was very easy to deploy and integrate. We had a three-member team working on the setup. We only have ten to 20 servers. 

There is no maintenance needed after deployment.

The pricing can be a bit costly. However, it has low cost management.

We're a customer.

I'd rate the solution nine out of ten.

We use Prisma Cloud's CSPM and container modules to secure our workloads across multiple cloud platforms, including GCP, Azure, and AWS.

Prisma Cloud provides spanning for multi-cloud environments. We are using GCP, AWS, and Azure.

Security automation is beneficial. By hosting applications and containers in the cloud, we can implement policies to automatically detect and shut down unauthorized network access attempts, simultaneously alerting us to the potential threat.

The security automation has saved us around ten percent of our time.

Prisma Cloud has significantly enhanced our cloud security posture. When deploying applications to the cloud, prioritizing robust security is essential, especially within the complex Kubernetes environment. Prisma Cloud's comprehensive toolbox enables us to design and implement robust security systems, including RBAC. This unified platform allows for proactive security measures and rapid response to attacks, eliminating the need for multiple third-party tools. Its consolidated approach to scanning, monitoring, and traffic control proved highly effective during our previous engagement.

I quickly recognized the value of Prisma Cloud after reading about the effectiveness of its CSPM module in securing enterprise environments.

The software development lifecycle was previously handled as a separate task. I was involved in the build process, where developers frequently introduced security vulnerabilities that went unnoticed until Prisma Cloud was integrated into the system. The recognition of Prisma Cloud's value in addressing container security issues on the cloud became apparent. There was no integration between the SDLC scanning, building, deploying, and running and deploying systems. However, a process was being developed to enable full end-to-end monitoring by the development and security teams, including the desktop team, to identify security issues before applications reached the cloud. Prisma Cloud continues to monitor for vulnerabilities and security breaches even after deployment to the cloud.

Prisma Cloud provides visibility and management, allowing us to understand and control our environment. When we identify potential issues, we notify our superiors, who can take further action, such as removing a container. Due to our limited privileges, our role is primarily to report anomalies. Prisma Cloud offers valuable insight into what's happening in our environment, not just in terms of visibility but also in terms of access control. It's a reliable tool that has proven helpful in our work.

Prisma Cloud reduces our costs by consolidating multiple third-party tools into a single platform, eliminating the need for separate contracts with various vendors.

Prisma Cloud significantly reduced runtime alerts.

Prisma Cloud's most valuable asset is its ability to provide detailed visibility into container activity. It offers insights into application networking, container behavior, potential issues, and immediate remediation suggestions.

The training documentation provided for the two-hour boot camps is notoriously poor and disorganized. It might be beneficial to restructure the documentation into a step-by-step format that is more straightforward for beginners to follow.

I have been using Prisma Cloud by Palo Alto Networks for one year.

Prisma Cloud is a stable solution.

Prisma Cloud is designed to be highly scalable due to its cloud-based architecture.

The technical support was good.

Neutral

Some aspects of the deployment were straightforward, while others presented challenges due to the complexity of engineering. The entire process took between one and two months to complete.

Prisma Cloud is a high-end enterprise solution, making it quite expensive. As I am based in Nigeria, I have limited knowledge of its usage here, as it appears to be more widely adopted in North America and Europe.

I would rate Prisma Cloud by Palo Alto Networks eight out of ten. It's a complex, dynamic world with countless security challenges arising daily, and Prisma Cloud is a valuable tool for addressing many of them. While not an omnipotent solution, Prisma Cloud effectively tackles numerous security issues. However, as the threat landscape evolves, we must continually reassess and adapt our security strategies. Despite these challenges, Prisma Cloud remains an excellent tool for now.

Prisma Cloud was deployed in around 15 locations.

I suggest conducting a proof of concept in the desired deployment location for Prisma Cloud. Given that cost is a primary concern, I recommend discussing the matter with a Prisma Cloud solution architect before proceeding to the next stage.

We use the solution to monitor and manage our various cloud environments, providing complete visibility in a single platform. We also use it for configuration, network, and anomaly monitoring. On the compute side, that's for containers and Kubernetes, so we know when changes are made and whether those changes are approved or within our required security controls. 

The platform has yet to become part of our CICD pipeline; we mostly use it as a security tool for monitoring and remediation. 

Regarding modules, we use the CSP and the compute module. 

Prisma Cloud helps us take a preventative approach to cloud security. It raises awareness of particular threats. Although it's a reactive type platform in that alerts happen on events that have already occurred, it allows us to take a step back and consider our cloud infrastructure more thoroughly. In this sense, the solution enables us to maintain our posture and current programs. 

The product reduced our runtime alerts by approximately 25%.  

Configuration monitoring and alerting is the most valuable feature; it happens at the cloud's speed, allowing our development team to respond quickly. If a configuration goes against our security best practices, we're alerted promptly and can act to resolve the issue. As cloud security staff, we're not staring at the cloud all the time, and we want to let the developers do their jobs so that our company is protected and work is proceeding within our security controls.

The product provides efficient and comprehensive protection for the full cloud-native stack. It presents its findings in layman's terms; alerts are pretty straightforward as to what's going on and why, whether a configuration needs to be changed, and recommendations on how to remediate.  

We used the solution's security automation capabilities, so in the event of an alert, it can be resolved with the click of a button; we click remediate, and the configuration is changed to the recommended status, which is very helpful. However, we use automation sparingly, as we usually have to coordinate changes in the cloud with development teams or through change control. Our typical usage is for completely forbidden scenarios, such as publicly accessible storage containers. We fix that by clicking remediate, then follow up with the team to determine if that was intentional. Sometimes, although accurate, the recommendation may break something else if there is a compensating control in place. So, automation is helpful but not overly used. 

For the most part, the tool provides the visibility and control we need, regardless of how complex and distributed our cloud environments become. Sometimes the platform can be a little kludgy, but we can usually click around and figure it out. Regarding confidence in our security and compliance postures, I don't know how anyone could have a cloud presence without some form of CSP, and I'm delighted with Prisma.   

The solution provides risk clarity at runtime and across the entire pipeline, showing issues as they are discovered during the build phases. However, we still need to utilize this feature to 100%.  

The UI could use some improvement; we usually find the information we're looking for, but what fields can be clicked on and what workflow to follow to get the required information is not always evident. Sometimes we're all over the place, clicking around to drill in and uncover the alert and investigation details we're looking for.

We've been using the solution almost continuously for around five years.

Prisma Cloud is pretty stable; it's a great product, and I'm happy with it.

The platform constantly evolves regarding new features and functions, which can sometimes be a little overwhelming, but it's very scalable. It's just a matter of familiarizing myself with those functions and features. It's the type of tool that is constantly improving, and its scalability suits our environment well.

The customer support is excellent and helped a lot during the deployment process. I rate them nine out of ten. 

Positive

I demoed other solutions but never actually used or implemented one before Prisma.

The initial setup is pretty straightforward, though some of the documentation is convoluted. The support is good, though, so getting someone on the phone or an engineer to respond via email or meeting is easy. The setup was straightforward, and the support was excellent. If I had the permissions to set up the cloud-side integrations, it would have taken a day, but I had to rely on the availability of other staff members, so it took about a week.

The platform is relatively new and expensive, so it's hard to put a number on it. However, the amount of man-hours saved by it easily uncovering some of the flaws in our security posture means it definitely saved us money. 

The product is very expensive, but the cost is a necessary evil; I don't know how we could have any kind of cloud presence without this type of monitoring. The pricing is calculated by module and resource usage. Ultimately, it saves us money in the amount of time we would spend uncovering what it uncovers, and we might not make the required discoveries without it anyway. Prisma offers incredible value, though I wish it were cheaper.

People argue that there are native tools within the various cloud environments, but nothing that streamlines from a timing and comprehension perspective for small security teams. If you don't have a dedicated team of 20 staff, Prisma is the tool you need. I don't know any company that does what they do or how they do it.

Native tools may uncover a misconfiguration, but for a multi-cloud environment, you have to be proficient with multiple different tools, none of which tells the whole story. Prisma pulls in all the data and gives you everything you need to know in one platform. It also pulls in extra data, including network traffic, anomaly traffic, configuration data, and vulnerability data, so you can correlate that information and make an educated decision as to what's going on in the environment, and what needs to be changed or addressed.

I evaluated Lacework, Sysdig Secure, and Illumio Zero Trust Segmentation, though I see them more as Veracode than CSP competitors. I didn't find any products that compare to what Prisma Cloud does.

I rate the product nine out of ten. 

My advice to those before implementing the platform is to do the integration yourself if you have the time, are IT savvy, and have the necessary permissions. It only requires a little time, a few days to a week at most, and there is great value in doing the integration yourself rather than paying for their support to do it. Onboarding the solution will provide an understanding of how it communicates with the cloud environment, how roles are associated and created, and how the remediate feature functions. It's important to go through those steps rather than paying someone else to do it; you'll save money and understand how the tool does what it does, which is essential in utilizing it.

Regarding the solution securing the entire cloud-native development lifecycle across build, deploy, and run, we have yet to use it that way, not to say that we won't. This feature is a relatively new part of Palo Alto's CICD deployment, so we haven't used it yet.

Prisma Cloud provides a single tool to protect all our cloud resources and applications, without managing and reconciling disparate security and compliance reports to about 70%. However, we have yet to utilize the tool to its full capacity.

I am in a services company. My company is also a partner of Palo Alto, so all the Palo Alto products have been tested, researched, and deployed at least three to four times by every engineer in my team.

It is being used for posture management. We have many users coming from many locations. All of them are having the same experience and all are secured. We used to use CASB which is a solution for authentication. This solution is in line with CASB. It helps to ensure that data protection is fine and all the data is coming properly. We can see whether there are any leakages or vulnerabilities. We can check all these aspects of security with this solution. All this is configurable. It is a web-based solution.

Our company is a vendor. If customers want, they can purchase solutions via us. We then take care of the physical box as well as the configuration. We manage the physical as well as the logical. In the case of Palo Alto, it is all logical. We can even code for a customer if the customer wants to upgrade their existing cloud setup, migrate to a cloud setup, or bring in a new setup. It is our bread and butter. We are one of the leading sellers of Palo Alto solutions.

Prisma Cloud helps reduce vulnerabilities. The number of vulnerabilities is less. If you have 1,200 vulnerabilities, after implementing Prisma Cloud, the number is drastically reduced to 500. That is one of the key advantages of using Prisma Cloud. You can see its benefits within a month.

Prisma Cloud helps to identify all the vulnerabilities in modern scenarios. For traditional scenarios, we have enough products, but a solution like Prisma Cloud helps to identify vulnerabilities in containerized environments and modern traffic scenarios. It helps with run-time security and east-west traffic.

Prisma Cloud helps secure the entire cloud-native development lifecycle, across build, deploy, and run. I would rate it an eight out of ten for this.

As an enterprise architect, I seek three capabilities from a solution. It should be preventative. It should be corrective, and it should be detective. Prisma Cloud is good in these aspects. I would rate it an eight out of ten for these capabilities.

Palo Alto DSPM's discovery and data classification processes are comprehensive. I would rate it an eight out of ten for comprehensiveness. For data security, we have a DLP solution. We have a separate solution. We never use Palo Alto for that.

Palo Alto DSPM provides us with insights into the content it has discovered. It also provides automated discovery of new data assets as they onboard and a prioritized list of all the data security posture issues in our environment.

The security provided by Prisma Cloud is important for our customers, especially for our banking and finance customers. We are a service company. We never use any of these products. I am a security architect. I am the one responsible for assessing and finding the right product and then deploying the product with the help of my engineering team.

Prisma Cloud definitely reduces complexity. We can see the issues or vulnerabilities that have been there for a while. We get good clarity on why they have been there and how to resolve them. Palo Alto is very good at this, and they make complex work quick and easy.

Prisma Cloud drastically reduces the number of vulnerabilities in the organization. There can be 60% to 70% reduction. It also depends on the industry again. For the web-based industry, where the company is providing solutions through the internet, such as share market or banking companies, it is very helpful. Production companies rarely use online solutions. 

With the reduction in vulnerabilities, the security cost automatically reduces. There is an indirect impact on an organization's cost.

It is user-friendly. It has a good look and feel and reporting structure. It provides a single pane of glass. These are the things that I like.

There should be some kind of automation, AI incorporation, and bot system. All these would add value. For example, AI should be able to detect all related viruses based on one virus. That will be a great invention. 

I have been using this solution for about five years.

It is stable. I would rate it an eight out of ten for stability.

It is scalable. I would rate it an eight out of ten for scalability.

Their support is very good. I would rate them a nine out of ten.

Positive

I have worked with Trend Micro Deep Security, Singularity, and Lacework. There is a new vendor called Orca Security. They are phenomenal. They can even beat Palo Alto.

Prisma Cloud is better in terms of cost, GUI, and look and feel. There is a single pane of glass and very good reporting.

Its deployment is straightforward for me. It is deployed across multiple geographies and departments. We mainly work with enterprises.

We have some stringent processes for getting the system to a perfect stage and ensuring that it is running properly. It takes at least a month. We do all sorts of testing, and then based on our test outcome, we configure everything in the right way. After that, we consider the data shown in the report as official.

Prisma Cloud is one of the top solutions in the market. When customers ask for alternatives, I recommend Trend Micro Deep Security, Singularity, Lacework, and Orca to them. I provide them with a detailed comparison, and then customers make the decision. I help customers with architecture design, decision-making, vulnerability assessment, and penetration testing. I also help them compare vulnerabilities before and after implementing a solution.

There were some cases where we struggled with some customer requests such as related to zero trust. We were struggling to configure that. They thought that this product also supported zero trust. We then had to tell them to buy the Prisma Cloud CNAAP solution. In many cases, we also moved them from DSPM to CNAAP.

As a security professional, I would not suggest automated remediation. That is because we need to see that automatic remediation does not impact anything else. We have a team. We register all the vulnerabilities and threats, and then at the backend, we do the testing to ensure that remediation or automated remediation will not create any other problems. As soon as we get that assurance, only then we do the fix. This is a requirement from the customer side, especially from the banking and finance organizations. Because everything is crucial, we do not configure automatic resolution for any of the issues.

Overall, I would rate Prisma Cloud an eight out of ten.

I work with Palo Alto products, including their firewalls, VM-Series, CM-Series, hardware, and Prisma Cloud by Palo Alto Networks. I recommend Prisma Cloud by Palo Alto Networks primarily for financial services, FSI, and energy companies.

The threat detection feature in Prisma Cloud by Palo Alto Networks integrates with cloud-native controls like AWS GuardDuty and similar services on Azure and GCP. It also brings its own threat intelligence from Unit 42 and supports external intel feeds like VirusTotal. Multi-cloud compliance monitoring leads to a normalized view and can reduce workforce requirements.

The cost of Prisma Cloud by Palo Alto Networks is too high. I would also appreciate the addition of NLP to reduce the learning curve and make configuring queries more user-friendly.

I have been working with Prisma Cloud by Palo Alto Networks since it was called RedLock in 2019.

The initial setup is straightforward. Day zero involves cloud integration following an admin guide. Day one involves policy tuning, customization, and configuring compliance policies like GDPR.

The ROI is challenging to quantify. While there is tangible reduction in workforce needed, exact cost savings cannot be easily measured.

Pricing and licensing are expensive. There are different experiences with ROI, and exact cost benefits are hard to quantify.

If you have a multi-cloud environment, Prisma Cloud by Palo Alto Networks is essential for reducing costs and normalizing outputs. In a single-cloud, limited setup with good automation, you might not need it. I rate the overall solution at seven to seven and a half.