Prisma Cloud by Palo Alto Networks Reviews

There are three pieces to our use case. For the container piece, which used to be Twistlock, we use static scan to scan our artifact repositories and we use that data to remediate issues and provide it back to developers. We also do runtime monitoring on our orchestrators, which are primarily Kubernetes, but some DC/OS as well. Right now, it's all on-premises, although we'll be moving that to the cloud in the future. 

And we use what used to be RedLock, before it was incorporated into the solution.

Prisma Cloud has definitely enabled us to integrate security into our CI/CD pipeline and add touchpoints into existing DevOps processes for container. In the container those touchpoints are pretty seamless. We've been able to implement security control gates and automate notifications back to teams of vulnerabilities in the container orchestrator. It all works pretty smoothly, but it required a fair amount of work on our part to make that happen. But we did not run into limitations of the tool. It enabled us pretty well. The one part where we have a little bit of a gap that most of those are at deployment time. We haven't shifted all those controls back to the team level at build time yet. And we haven't really tackled the cloud space in the same way yet. 

I'm not sure we have SecOps in the container space exactly in the same way we do in other DevOps. We shifted a lot of the security responsibility into the development teams and into the Ops teams themselves. There's less of a separation. But overall, the solution has increased collaboration because of data visibility.

It also does pretty well at providing risk clarity at runtime, and across the entire pipeline, showing issues as they are discovered during the build phases. It does a good job in terms of the speed of detection, and you can look at it in terms of CVSS score or an arbitrary term for severity level. Our developers are able to correct the issues.

We are clearly better off in that we have visibility, where there was a gap before. We know where our container vulnerabilities and misconfigurations are, and even on the cloud side, where cloud misconfigurations are happening. That visibility is a huge benefit. 

The other part is actually using that data to reduce risk and that's happened really well on the container side. On the cloud side, there's still room to grow, but that's not an issue with Prisma Cloud itself. These tools are only a part of the equation. It takes a lot of organizational work and culture and prioritization to address the output of these tools, and that takes time.

The ability to monitor the artifact repository is one of the most valuable features because we have a disparate set of development processes, but everything tends to land in a common set of artifact repositories. The solution gives us a single point where we can apply security control for monitoring. That's really helpful.

Another valuable feature is the ability to do continuous monitoring at runtime. We can feed that data back to developers so they can get intelligence on what's actually deployed, and at what level, versus just what's in the artifact repository, because those are different.

In the security space, most security solutions typically do either development-side security, or they do runtime operational security, but not both. One of the relatively unique characteristics of this solution in the marketplace—and it may be that more and more of the container security solutions do both sides—is that this particular solution actually spans both. We try to leverage that.

And for the development side, we utilize both the vulnerability results from the static vulnerability scanning as well as the certain amount of configuration compliance information that you can gather from the static pre-deployment scans. We use both of those and we pay attention to both sides of that. Because this solution can be implemented both on the development side and on the runtime operational side, we look at the same types of insights on the operational runtime side to keep up with new threats and vulnerabilities. We feed that information back to developers as well, so they can proactively keep up.

We have multiple public clouds and multiple internal clouds. Some of it is OpenStack-based and some of it is more traditional VM-based. Prisma Cloud provides security spanning across these environments, in terms of the static analysis. When we're looking at the artifact repository, the solutions we're using Prisma Cloud to scan and secure will deploy to both public cloud and internal cloud. Moving into 2021, we'll start to do more runtime monitoring in public cloud, particularly in AWS. We're starting to see more EKS deployment and that's going to be a future focus area for us. It's extremely important to us that Prisma Cloud provides security across these environments. If Prisma didn't do that, that would be a deal-breaker, if there were a competitor that did. 

Public cloud is strategically very important to our company, as it probably is for many companies now, so we have to have security solutions in that space. That's why we say the security there is extremely important. We have regulatory compliance requirements. We have some contractual obligations where we have to provide certain security practices. We would do that anyway because they are security best practices, but there are multiple drivers.

Applying some of their controls outside of the traditional container space, for example, as we're doing hybrid cloud or container development, is helpful. Those things get their tentacles out to other areas of the infrastructure. An example would be that we look at vulnerabilities and dependencies as we develop software, and we use Prisma Cloud to do that for containers. We use other tools outside of the container space. They're starting to move into that other space so we can point Prisma Cloud at something like a GitHub and do that same scanning outside of the container context. That gives us the ability to treat security control with one solution.

When it comes to protecting the full cloud-native stack, it has the right breadth. They're covering all the topics I would care about, like container, cloud configuration, and serverless. There's one gap. There could be a better set of features around identity management—native AWS—IAM roles, and service account management. The depth in each of those areas varies a little bit. While they may have the breadth, I think there's still work to do in  flushing out each of those feature sets.

My understanding of Palo Alto's offerings is that they have a solution that is IAM-focused. It's called Prisma Access. We have not looked at it, but I believe it's a separately-licensed offering that handles those IAM cases. I don't know whether they intend to include any IAM-type of functionality in the Prisma Cloud feature set or whether they will just say, "Go purchase this separate solution and then use them next to each other."

Also, I don't think their SaaS offering is adoptable by large enterprises like ours, in every case. There are some limitations on having multiple consoles and on our ability to configure that SaaS offering. We would like to go SaaS, but it's not something we can do today.

We have some capability to do network functions inside of Prisma Cloud. Being able to integrate that into the non-cloud pieces of the Palo Alto stack would be beneficial.

The solution's security automation capabilities are mixed. We've done some API development and it's good that they have APIs, that's beneficial. But there is still a little disconnect between some of the legacy Twistlock APIs versus some of the RedLock APIs. In some cases the API functionality is not fully flushed out. 

An example of that is that we were looking at integrating Prisma Cloud scans into our GitHub. The goal was to scan GitHub repositories for CloudFormation and Terraform templates and send those to Prisma Cloud to assess for vulnerabilities and configuration. The APIs are a little bit on the beta-quality side. It sounds like newer versions that some of that is handled, but I think there's some room to grow. 

Also, our team did run into some discrepancies between what's available, API-wise, that you have to use SaaS to get to, versus the on-premise version. There isn't necessarily feature parity there, and that can be confusing.

We've been using Prisma Cloud by Palo Alto for about two-and-a-half years.

The stability has been excellent. The solution simply runs. It very seldom breaks and, typically, when it does, it's easy to troubleshoot and get back on track.

The scalability has been good for our use cases.

When we first adopted it, a single console could cover 1,000 hosts that were running container workloads. That was more than enough for us, and to date it has been more than enough for us, because we have multiple network environments that need to stay separated, from a connectivity standpoint. We've needed to put up multiple consoles, one to serve each of those network environments. Within each of those network environments, we have not needed to scale up to 1,000 yet.

There's wide adoption across our organizations, but at the same time there is tremendous room to grow with those organizations. Many organizations are using it somewhat, but we are probably at 20 to 25 percent of where we need to be.

It's safe to say we have several hundred people working with the solution, but it's not 1,000 yet. They are primarily developers. There are some operational folks who use it as well. To me, that speaks to the ease of deployment and administration of this solution. You really don't need a large operational group to deploy. When it comes to security, incident response, and the continuous monitoring aspects that a continual security team does, I don't have insight because I don't work in that area of the company, but I see that as expanding down the road. It's another area of growth for us.

Their technical support has been very good. Everyone that I've been involved with has been very responsive and helpful. They have remained engaged to drive resolution of issues that we have found.

We did not have a previous solution.

Standing up an instance is quite simple, for an enterprise solution. It has been excellent in that regard.

It's hard to gauge how long our deployment took. We have multiple consoles and multiple network contexts, and a couple of those have different sets of rules and different operational groups to work with. It took us several months across all those network environments that we needed to cover, but that's not counting the actual amount of time it took to execute steps to install a console and deploy it. The actual steps to deploy a console and the Defenders is a very small amount of time. That's the easiest part.

Our implementation strategy for Prisma Cloud was that we wanted to provide visibility across the SDLC: static scan, post-build, as things go to the artifact repository. Our goal was to provide runtime monitoring at our development, test, and production platforms.

We did it ourselves.

I don't know a better way to do it, but their licensing is a little confusing. That's due to the breadth of different types of technologies they are trying to cover. The way you license depends on where you're securing. When they were Twistlock it was a simple licensing scheme and you could tell what you were doing. Now that they've changed that scheme with Palo Alto, it is quite confusing. It's very difficult to predict what your costs are going to be as you try to expand coverage.

At the time we looked at our incumbent vendors and others that were container-specific. We were trying to avoid a new vendor relationship, if possible. We looked at Rapid7 and Tenable. Both were starting to get into the container space at the time. They weren't there yet. We did our evaluation and they were more along the lines of a future thought process than an implementable solution.

We looked at Twistlock, which was a start-up at the time, and Aqua because they were in the space, and we looked at a couple of cloud solutions, but they were in cloud and working their way to container. We did the same exercise with Evident.io and RedLock, before they were purchased by Palo Alto. They were the only vendors that covered our requirements. In the case of Twistlock, their contributions in the NIST 800-190 standards, around container security, helped influence our decision a little bit, as did the completeness of their vision and implementation, versus their competitors.

My advice would be not to look at it like you're implementing a tool. Look at it like you're changing your processes. You need to plan for the impact of the data for the various teams across Dev and Security and Ops. Think very holistically, because a lot of this cloud container stuff spans many teams. If you only look at it as "I'm going to plug a tool in and I'm going to get some benefit," I think you'll fail.

Prisma Cloud covers both cloud and container, or could cover either/or, depending on your needs. But in both of those cases, there's often confusion about who owns what, especially as you're creating new teams with the transition to DevOps and DevSecOps. Successful implementation has a lot to do with working out lines of ownership in these various areas and changing processes and even the mindset of people. You have to make strides there to really maximize the effectiveness of the solution.

The solution provides Cloud Security Posture Management in a single pane of glass if you're using the SaaS solution, but we do not. Our use case does not make it feasible for us to use the SaaS solution. But with the Prisma Cloud features and compute features in the self-hosted deployment, you have to go to multiple panes to see all the information.

When it comes to the solution helping us take a preventative approach to cloud security, it's a seven or eight out of 10. The detective side is a little higher. We are using the detective controls extensively. We're getting the visibility and seeing those things. There is a lot of hesitance to use preventative controls here, both on the development side—the continuous integration stuff—and particularly in the runtime, continuous monitoring protection, because you are just generally afraid. This mirrors years and years ago when intrusion prevention first came out at the network level. A lot of people wanted to do detection, but it took quite a few years for enterprises to get the courage to start actively blocking. We're in that same growth period with container security.

When it comes to securing the entire cloud-native development lifecycle, across build, deploy, and run, it covers things pretty well. When I think about it in terms of build, there are integrations with IDEs and development tools and GitHub, etc. Deploy is a little shakier to me. I know we have Jenkins integration. And run is good. In terms of continuous monitoring, it feels build and run are a little stronger than deploy. If we could see better integration with other tools, that might help. If I'm doing that deploy via Terraform or Spinnaker, I don't know how all that plays with the Jenkins integrations and some of the other integrations that Palo Alto has produced.

Overall, it feels like a pretty good breadth of integrations, as far as what they claim. They certainly support some things that we don't use here at build and deploy and runtime. But a lot of what they rely on, in terms of deploy, is API-driven, so it's not an easy-to-configure, built-in integration. It's more like, "We have an API, and if you want to write custom software to use that API, you can." They claim support in that way, but it's not at the same level as just configuring a couple of items and then you can scan a registry.

In the container space, we have absolutely seen benefit from the solution for securing the cloud-native development lifecycle. At the same time, it has required some development on our part to get the integration. Some of that is because we predated some of the integrations they offer. But in the container space, there has definitely been a huge impact. The impact has been less so in cloud configuration, because there are so many competing offerings that can do that with Terraform and Azure Security Center and Amazon native tools. I don't feel like we've made quite the same inroads there.

In terms of it providing a single tool to protect all of our cloud resources and applications, I don't think it does. Maybe that's because of our implementation, but it just doesn't operate at every level. I don't think we'd ever go down that path. We have on-premise tools that have been here a long time. We've built processes around reporting. Vulnerability scanning is an example. We run Nessus on-premise, and we wouldn't displace Nessus with, say, a Twistlock Defender to do host-level scanning in the cloud, because we'd have a disparate tool set for cloud versus on-premise for no reason. I don't ever see Prisma Cloud being the single solution for all these security features, even if they can support them.

It's important that it integrate with other tools. We talked earlier about a single dashboard. A lot of those dashboards are aggregating data from other tools. One thing that has been important to us is feeding data to Splunk. We have a SIEM solution. So I would always envision Prisma Cloud as being a participant in an ecosystem.

In summary, I actually hate most security products because they're very siloed and you have mixed-vendor experiences. I don't think they take a big-picture view. I've been really pleasantly surprised with how Prisma Cloud is, over time, covering more and more of the topics I care about, and listening to customer feedback and growing the product in the right directions. For the most part, it does what they say it will do. The vendor support has also been good. I would definitely give the vendor an eight out of 10 because they've been great in understanding and providing solutions in the space, and because of the reliability and the responsiveness. They've been very open to our input as customers. They take it very seriously and we've taken advantage of that and developed a good relationship with them.

When it comes to the solution itself, I would give the compute solution an eight. But I don't think I would give the Prisma Cloud piece an eight. So overall, I would rate the solution as a seven because the compute is stronger than the other piece, what used to be RedLock.

I would also emphasize that what I think is a strong roadmap for the product and that Palo Alto is really interested in customer feedback. They do seem to incorporate it. That may be our unique experience because our use cases just happen to align with what Palo wants to do, but I think they're heading in the right direction.

Early on in a solution's life cycle or problem space, it's more important to have that responsiveness than it is even to have the fullest of solutions. The fact that we came across this vendor, one that not only mostly covered what we needed when we were first looking for it three years ago, but that has also been as responsive as they have to grow the solution, has been really positive.

We were using it for remediation. I was working on a client's project on behalf of our company, and they had multiple subscriptions. They were using not only Azure but also AWS. Rather than managing remediation and governance separately through different clouds, it was proposed to use Prisma Cloud as a single place for remediation of everything.

Prisma Cloud provided a single window for all security issues, irrespective of the subscription, account, or service provider I was trying to see. The information was totally transparent with Prisma Cloud. Otherwise, it was a daunting task for us to manage everything within AWS itself because each region's or subaccount's data needed to be moved over to another account to see a full picture, and a similar approach was required in Azure as well. The data from a different subscription needed to be copied, which required a batch process to do this job on a daily basis. By integrating AWS and Azure subscriptions with Prisma Cloud, the same task became easier. It was as simple as adding a new account and a credential. That was it. Prisma Cloud took care of the rest of the functions

Prisma Cloud provided security spanning multi-cloud and hybrid-cloud environments. We integrated it with AWS and Azure with multiple subscriptions for each.

With both AWS and Azure, the presentation of the native cloud data was not good. We were more comfortable looking at the same data in Prisma Cloud.

Automation is possible with Prisma Cloud, and that is why we liked it. Automation is still not that good in the native clouds, and Prisma Cloud definitely has an edge compared to the facility that AWS or Azure provides. Although it is an additional cost for IT, overall, there are cost savings. I am not aware of the features provided by GCP. I did not integrate it with Prisma Cloud, but at least with AWS and Azure, Prisma Cloud works much better.

Prisma Cloud provides an agent that can scan container images or Docker images. Otherwise, for Docker images and accounts, AWS provides its own tool and its own format for the report. Similarly, Azure provides its own format to scan those images. We used the agent provided by Prisma Cloud. It unified the approach. Irrespective of the provider, the format of the output and reports was similar. It was easy to compare apples to apples rather than comparing apples to oranges, which definitely is a challenge when we use different cloud providers. Prisma Cloud solved that problem for us.

The level of abstraction is sufficient enough. The complexity is hidden. Only the information that is relevant is displayed, which is better from a developer's perspective because developers do not need to handle that complexity. If architects, like me, need to understand those complexities, they can go into a respective subscription and get the details. The level of abstraction was good enough with Prisma Cloud.

Prisma Cloud provides a single tool to protect all of our cloud resources and applications, without having to manage and reconcile disparate security and compliance reports.

Prisma Cloud reduced the alert investigation time because now, we have a single window. It is quite easy for anyone. A single resource can work on the alerts and memorize similar issues in the past and work on the current issues faster. It has improved productivity.

Prisma Cloud reduced costs. With the different service providers and different subscription models that we had previously, we divided the subscriptions between the analysts. They were responsible for the issues related to the subscription. We had a team of six people previously. After the implementation of Prisma Cloud, all the issues got consolidated, and our team size got reduced to two. The productivity increased because the same analyst could see past issues, revisit those issues, learn quickly, and fix similar issues. They got an idea of how to fix a similar issue, so the overall productivity increased, which reduced the cost.

When we work on, for example, AWS, we need to consolidate the data from different regions, which is an exercise in itself. The same exercise or similar exercise can easily be done in Prisma Cloud. It is as easy as registering a new subscription to AWS, and you start seeing all that data. For example, it is very easy to do analysis of the Defender data, which can include warnings, errors, etc. Although it is natively AWS data, the presentation is not easy for a developer. Prisma Cloud makes it a bit easier. 

The first time I looked at Prisma Cloud, it took me a while to understand how to implement the integration and how to enable features by using the interface for integration. That portion can probably be improved. I have not looked at the latest version. I used the version that was available three months back. It is portal-based, and they might have changed it in the last three months, but at that time, integration was a bit tricky. Even though documentation was available, it took a while for a new person to understand what integration meant, what will be achieved after the integration, or how the integration needed to be done on the Azure or AWS side. That was a bit challenging initially.

I used it for eight or nine months. I last used it about three months ago.

It is stable.

The client's team interacted with the customer support team. We used to highlight the issue to them, and they used to contact Palo Alto's support. We required their support two or three times, but I or my team was not directly involved with their customer support for help.

I have not used a similar solution before.

I was involved in the implementation. It was all cloud-based. There is a bit of a learning curve when trying to understand how to integrate it. Although some good documentation is available for Prisma Cloud, it was still a bit difficult to understand the product initially. However, the UI that analysts use to work on issues and remediation is quite good. It is not complex. After you have done one or two integrations with your AWS or Azure account or subscription, it becomes a routine activity. It is easy to integrate more subscriptions, but the initial one or two subscriptions of the AWS or Azure account will take some time because some features need to be enabled on the respective cloud as well. It is not only the configuration on the Prisma Cloud side. Some configuration is required on the AWS or Azure side as well.

It is a website, so deployment is not a challenge. It is as simple as registering an account and making the payment, which the IT team already did before they created an account for us, so, as such, there is no deployment. If we want to use an agent, then certainly some deployments are required on the machines, but that is the agent deployment. The product itself does not require any deployment.

From a maintenance perspective, not much maintenance is required. It is a one-time integration. It will then be set for a few years unless you want to remove some of the subscriptions or something changes in Azure or AWS. There is a limitation on the Azure or AWS side but not on the Prisma side, so maintenance is there, but it is low.

There was a cost reduction. That was the benefit that we had visualized while evaluating Prisma Cloud as one of the possible solutions. The complexity of IT operations had also reduced, and the team size had also reduced after implementing Prisma Cloud.

We used the enterprise edition. A standard edition is also there. I am aware of these two editions. I know that there is some cost, but I do not have the exact figures with me. The cost was not on the higher side. Overall, the cost gets recovered with its implementation.

I have not compared it with other tools, but overall, I found it to be pretty good when resolving the challenges that we were facing early on. I did not get a chance to look at the Gartner report in terms of where it stands, but based on my experience with this solution, I was quite satisfied.

It is a good solution. Each team should utilize it. Every good organization is now moving towards or trying to be provider agnostic, so if you are using multiple providers, you should at least give Prisma Cloud a try.

Prisma Cloud enables you to integrate security into your CI/CD pipeline and add touchpoints into existing DevOps processes. I know it is possible, but we were already using some other tools, so we did not try this feature. We already had a good process utilizing other scanning tools, so we did not try that feature, but I know that they have this feature.

Prisma Cloud provides risk clarity at runtime and across the entire pipeline, showing issues as they are discovered during the build phases, but this is linked to the CI/CD pipeline, which we did not implement. We looked at the risk level of the infrastructure deployed. We also looked at which cloud platform is having issues. The risk-level clarity was certainly there. It was possible to see the risk level and prioritize the activities or other items with a higher risk, but we never tried CI/CD pipelines.

Overall, I would rate Prisma Cloud a nine out of ten.

We utilize all the modules of Prisma Cloud by Palo Alto Networks, and it is fully integrated into the host control manager on GitHub. We employ this solution to achieve complete visibility from the moment we write our ISE to the actual management of the cloud environment. This approach offers a clear view of our security posture, and the container security component provides valuable insights to assist us in our architectural process.

Our security team is the primary user of the solution, followed by SREs and developers.

Prisma Cloud by Palo Alto Networks offers security that covers various environments. This is crucial as it provides visibility into running processes, allowing for a better assessment of the current security status and giving our knowledge center peace of mind. Moreover, it enables us to leverage all the available modules.

Prisma Cloud by Palo Alto Networks is highly comprehensive, and I would recommend this solution to anyone due to its complete visibility into the cloud and its efficient deployment process, which makes the solution worth the cost.

The solution's security automation capabilities, if configured correctly using various playbooks, can introduce different security gates. This automated playbook has the potential to save us 70 percent of the work.

I would rate Prisma Cloud by Palo Alto Networks a nine out of ten for its proactive approach to cloud security.

Prisma Cloud by Palo Alto Networks has significantly enhanced the functioning of our organization. Through CIM, we can examine IIM posture to determine the permissions granted to users and the status of all shared entities. Additionally, CSPM provides an accurate inventory of all running elements, which we utilize to bolster our security posture. This allows us to effectively identify various threat levels and obtain a precise overview of the environment.

Prisma Cloud by Palo Alto Networks is one of the most comprehensive solutions for securing the entire cloud-native development lifecycle, including the build, deploy, and run phases. By integrating with various components within my development cycle, I can access data from different data centers and formulate a security strategy to ensure ongoing protection.

The solution offers the visibility and control we require, regardless of the complexity or distribution of our cloud environments. This visibility enables us to enhance our security and compliance posture by adhering to the recommendations.

Prisma Cloud by Palo Alto Networks enables us to integrate security into our CI/CD pipeline and add touchpoints to existing DevOps processes by integrating with the infrastructure code. This allows us to enhance security at various stages of the deployment process. The touchpoints in our DevOps processes are seamless. 

The solution provides us with a single tool to protect all our cloud resources and applications without the need to manage and reconcile multiple security and compliance reports. It allows us to have a better understanding of our environment, from the infrastructure code to the cloud, providing a more comprehensive picture.

Prisma Cloud by Palo Alto Networks provides risk clarity at the run and across the entire pipeline showing issues as they are discovered during the build phases. This makes it much easier for our developers to actually take into consideration some of the recommendations that are given.

The solution has helped us reduce run time alerts and shave down a few issues by 40 percent.

The solution has reduced alert investigation times because we can gather all the necessary information for investigation in one place.

Prisma Cloud by Palo Alto Networks has saved us approximately 20 million shillings.

Due to the maturity of most companies, security posture management is the most valuable feature.

The data container component can be improved since it lacks intuitiveness. Therefore, we need to thoroughly comprehend the tool in order to utilize it effectively.

The number of cloud providers in terms of data security needs improvement. The solution does not currently support servers for GCP.

I have been using Prisma Cloud by Palo Alto Networks for around three years.

Prisma Cloud by Palo Alto Networks is stable. Any issues we have are usually resolved within a few hours.

Prisma Cloud by Palo Alto Networks is scalable.

We transitioned from using EDR solutions, and after testing several options that necessitated extensive configuration, we ultimately switched to Prisma Cloud by Palo Alto Networks, which provided a balanced solution.

The initial setup is straightforward. The first time I deployed the solution, it took around three hours, but now I can do it in under an hour. The deployment is usually done through APIs, and we can also employ the production code to deploy containers.

The implementations are completed in-house.

The licensing structure is highly comprehensive. Although the cost can be high, the value is worth the price tag.

We evaluated Wiz.

I give Prisma Cloud by Palo Alto Networks a nine out of ten for its ease of use, value, and support.

One Prisma engineer or security person with training is able to maintain the solution. For our mature organization, we utilize all of Prisma Cloud by Palo Alto Networks tools.

I recommend Prisma Cloud by Palo Alto Networks. The solution is easy to use and intuitive for the most part. The licensing is comprehensive and straightforward, and the modules can be easily integrated to improve our development.

In Africa, many people do not typically associate the cloud with security due to the prevalence of on-premises security solutions. However, upon utilizing Prisma Cloud by Palo Alto Networks, we have come to realize that it is an excellent and secure tool.

We are a system integrator. My organization has a cloud practice, and we focus on cloud security. Predominantly, Prisma Cloud is used to identify misconfigurations in the cloud.

We have been using Prisma Cloud for two specific customers on Azure Cloud. It is quite a new organization, and we currently have two customers, but in my previous organization, we had about eight customers.

We predominantly focus only on the cloud. We don't work with hybrid models. MultiCloud is there, but we haven't worked on MultiCloud as of now. This specific region is more into Azure Cloud. Azure has a data center over here. Therefore, the adoption of AWS or Google is not high in this region. For data compliance, customers want to stick to a cloud vendor that has a data center in this region.

My 18 years of experience is purely in serving the US and Europe markets. I am quite new to the UAE and the gulf region, and I found that this region is not very mature when it comes to cloud security. The majority of the CISOs are not aware of cloud security controls that need to be implemented, and they only speak about traditional security such as EDR, endpoint security, DLP, etc. So, there is a big potential for cloud security, specifically at the containers and serverless layer.

When we evaluated solutions, we carried out PoC not only for two customers but also for the other six accounts, and they were pretty shocked to know that there were a lot of misconfigurations in the cloud. This region lacks cloud security skills, and there are not many cloud security experts or solution architects to design proper architecture. When we carried out the PoC, they became aware of the misconfigurations and security gaps. It helped them to identify the potential risks they have in the cloud. Generally, with security, it is not easy to measure the outcome or gain from a solution because it purely depends on the breach and the data loss, but so far, we have helped two organizations in fully implementing the solution, and the other four are still in the PoC process.

We purely focus on the container and serverless security, and we predominantly work with Cloud Posture Management (CPM). We opted for Prisma Cloud because we found Prisma Cloud to be better in terms of the overall posture and integration. There are other products in the market, but they don't have a complete and broad portfolio range when it comes to containers or serverless functions. Prisma Cloud has good integrations. You can integrate vulnerability management for the overall risk score. When it comes to commercials, costing-wise also, it is far more reasonable for the customers.

It is good for helping us to take a preventative approach to cloud security. It identifies all the controls and gives an overall picture. For example, it tells us the portion that has misconfiguration. So, we can fix that portion. It is a very good preventative tool. Certain customers predominantly use it for one-time assessments, which I don't recommend. It should be an ongoing assessment to have a good incident response as soon as an alert comes in. Normally, people just ask for a weekly report or monthly report to identify their security posture. Instead of that, they should have a real-time incident response solution to act as a preventative tool. As soon as an alert is generated, there must be someone to immediately work on it, and having such a tool really helps.

It provides the visibility and control we need. In my previous organization, we had quite a complex environment with about 30 Kubernetes clusters. As compared to other tools, it provided better insights, but I haven't evaluated it for much more complex architectures. When it comes to serverless architectures, our work has been minimal. Therefore, I cannot confirm or guarantee whether Prisma Cloud will satisfy a highly complex environment.

It gives the overall picture of compliance when it comes to the cloud security portion. We also have a couple of custom dashboards wherein we integrate the security risk score from other tools. Before implementing this solution for the customers, there was no proper mechanism for the cloud. They only had the vulnerability management reports, the SIEM score, or the application VAPT reports, but they did not have any visibility to anything on the cloud in terms of overall compliance and container security. It definitely gave visibility to the CISOs. A lot of people are still concerned about whether the cloud is secure, whether they need to migrate to it, and whether they have proper security controls for containers and serverless security. It gives better exposure to them. We do have proper tools with CISO-enabled dashboards using which they'll be able to see the score. 

It has reduced runtime alerts by 60% to 70%. 

It has reduced the alert investigation time. False positives are reduced. So, we are able to focus on what has been highlighted. At certain times, we need to accept certain changes, and it also gives us the flexibility to mark something as safe. Based on the change control, we can disable the alert so that the alert is not repeated until the change is completed. We have the functionality to do it.

The container and serverless security is most valuable. It is quite a new technology for this region. Even though containers have been there for a long time, the adoption of containers is very minimal in this region. When it comes to using Kubernetes containers in a complex architecture, there is a lack of security in the market. People aren't aware of the security controls or the process for governance. Container security provided by Prisma Cloud is quite good at filling that gap.

We identified two things that we felt would be great to have, but they are under NDA. So, I can't disclose them. Other than those two things, we identified a generic bug in the secret key management service on AWS that needs to be fixed. We reported it to them, and we want them to fix it.

It is very good with predominant cloud vendors, such as AWS, Azure, and GCP, but I am not sure about its efficiency when it comes to other cloud vendors. They should expand its coverage to other cloud vendors such as Alibaba Cloud and Oracle Cloud, which are quite common in this region. I am not sure if they have a full-fledged Oracle Cloud controls evaluation. If they can improve it in terms of the MultiCloud aspect for the organization, it will be helpful, especially in this region.

I have been working with this solution for almost three years. In my previous organization, I worked with it for two years, and it has been about eight months since I joined my current organization. Here also, we have opted for Prisma Cloud.

Its stability is good. We didn’t have any issues with it.

In my earlier organization, we used it for a bigger client with about 3,000 VMs in AWS and about 30 to 40 clusters. We did not have any challenge with its scalability. As we started putting things, it was working well. 

In this organization, we only have two small customers. There is not much workload. We haven't had any issues. It works fine.

In my earlier organization, I worked directly with Prisma Cloud support. Their support was good. My engagement was minimal, but the initial support from them was quite good. When I had some RFCs and RFIs coming in, their turnaround times were quite less. We had a very good rapport with them. We had a specific account manager who handled any RFCs and PoCs. Their support was good, and we didn't have any challenges. 

In this organization, we have been working with a channel partner, and there have been a few challenges because they are also occupied with other proposals and tasks. The same partner also works with other competitor organizations. Overall, I would rate their support an eight out of ten.

Positive

In my previous organization, we were using the Skyhigh networks. Earlier, it was Sky network, and later on, McAfee acquired it and made it a CASB and cloud posture management product. We had a couple of challenges with it. So, we evaluated a lot of products and shortlisted Palo Alto Prisma Cloud. 

It is straightforward. They provide two options. You can configure it manually or just grant access. It can then easily sync up. They also provide the cloud formation templates to spin up in minutes. So, it is straightforward and very simple.

It is hard to measure cost savings at this time because it is quite a new investment for the organization. Cost savings will be there in terms of security and reducing the development time and error fixing time, but it will take some time to measure that.

Its price is reasonable as compared to other products. The main challenge is explaining the licensing model to customers. It isn't a problem related to Palo Alto. Commonly, people don't understand cloud licensing or security licensing. When they have fixed virtual machines, they know what they are going to be charged, but when it comes to cloud automation, it is hard for them to get clarity in case of high workloads or when they have enabled auto-scaling, etc. It would be helpful if Palo Alto can educate people on their licensing programs.

We evaluated multiple products after I came into this organization. We evaluated various CSPM and container security products, such as Aqua Security and Rapid7.

Nowadays, every vendor has come up with a cloud posture management tool. So, we carried out a couple of PoCs in specific customer accounts that had an almost similar type of infrastructure, and based on the outcome, we found Prisma Cloud to be better in terms of identification of miscontrols and security. The cost also played a major role. As compared to other products, it was reasonable. So, the feature set for fulfilling customer requirements and the cost were the two factors that played a major part.

The third factor was the flexibility to work with the vendor. In terms of partnership and support, we felt that being a Palo Alto product, Prisma Cloud would be better. Palo Alto has better service over here, and their channel partners are quite flexible to work with on initial customer demonstration and other things. We felt much more comfortable with Prisma Cloud in all these three aspects.

When it comes to its security automation capabilities, currently, not every customer prefers to automate. We have been trying to implement automation, and when the right access was given, we did a certain amount of automation to immediately block the firewall rules or revoke access when any privileged access has been given. We have been doing a little bit of automation, and it has been good. We are able to achieve our goals. Out of two customers in this company and eight customers in my previous company, only three customers preferred to do automation to a certain extent. The rest of them wanted the alerts to be sent to the incident response team of their SOC. They wanted their team to act upon them. They only allowed us to automate high severity ones or highly critical ones. For example, they only allowed us to automate things like immediately blocking access to specific ports or IPs, but we haven't tried the automation to a full extent.

It enables you to integrate security into your CI/CD pipeline and add touchpoints into existing DevOps processes. We implemented it for just one use case. Before that, we were using Qualys Container Security in the CI/CD pipeline. After switching to Prisma Cloud, I did not have an opportunity to evaluate it completely because I moved to another organization. In my previous organization, we had expertise in DevOps. We had a dedicated DevOps team with almost six years of experience in automating the entire deployment of servers infrastructure, as well as applications. It was pretty easy for them to implement or integrate any security tool into the CI/CD pipeline. In my current organization, we don't have an expert team, and we struggle a bit in implementing things because there are multiple CI/CD deployments from Jenkins to Amazon's native one and Git. So, we take support from Palo Alto to get things deployed during the PoCs. In my previous organization, it was also easier for us to implement because the training provided from the Palo Alto side was quite good, and we had a lot of training materials in the partner portal. We utilized them. We got in touch with the technical team, and we implemented things quite faster, but here, there is a bit of lag because we don't have expertise in DevOps for implementations or integrations.

It can provide risk clarity at runtime and across the entire pipeline, showing issues as they are discovered during the build phases. Shifting your security to the left cuts down the entire life cycle of application deployment, and it does help to fix the security issues at the beginning of the development life cycle itself. We have not seen a large amount of time being cut down. That's because, typically, teams deploy the code, and then initiate a security scan. By integrating these things into the early development cycle, the time can be cut down to three weeks from about one and half months.

I would rate this solution a seven out of ten.

Our primary use case is to certify blueprints. We are helping both on the CSPM and the CWPP parts of it. We monitor the compute infrastructure and certify the project.

CACS for CSPM, we certify against the NIST 800-53 compliance standard.

For the compliance part, we have found the pie graph, where we can see all of the compliance standards in one go, to be a valuable feature.

Prisma Cloud's monitoring features such as the compute compliance dashboard and the vulnerability dashboard, where we can get a clear visualization of their docker, have also been valuable. We can get layer-by-layer information that helps us see exactly where it's noncompliant. They update the dashboards quite frequently.

Their data security feature is quite good as well.

Their training modules are good, and my team is okay with them.

Microsegmentation still needs improvement.

For data security, they have only specific regions like the US, and they need to move to Asia as well.

The most important thing has to do with the computing, licensing, and costing. They charge seven workloads for monitoring one compute, and that is quite expensive. This makes it difficult to move fully with the compute part because of the workload.

Their training modules need to have more live examples. We need to refer to the YouTube channel or follow Palo Alto to get the reference. If they can refer to the YouTube channel in their training and indicate that it can be referred to for further information, it would be good.

On their portal, they do not have which services are available in each region. While searching, it's very hard to find in which location a service is enabled. So, it would be great to have a list of services for each region.

I've been using Prisma Cloud for eight months. It is a SaaS solution.

It's stable as of now; it has not been down in the last eight months.

It is scalable as of now. We have 20 VMs.

Technical support is good. From what I've observed though, different regions seem to have different SMEs, subject matter experts, and different people have different knowledge. So, there is definitely a gap between the different SMEs.

We were using AWS products.

We switched because of twist lock for compute security. The Prisma Cloud dashboard is powerful, and it gives you at-a-glance compliance security against many standards. We can also write our own custom policies if we want to build our own standard. So, there are lots of benefits with Prisma Cloud.

It's a SaaS, so the initial setup is pretty straight forward. We are still onboarding, and most of the customers are in the dev environment as of now and not production. So, it was quite smooth. They have their contributions filed on the portal, the cloud formation templates.

The licensing cost is a bit high on the compute side. We get a corporate discount, which helps reduce overall cost. In some cases, you may need to have two licenses to onboard a project, which would make it expensive.

If your specialization involves blueprint certification against a compliance standard, then you can go with Prisma Cloud. It is very powerful for data loss prevention, and I would rate it at seven on a scale from one to ten.

We are using the solution to manage vulnerabilities in containers. We use it to detect vulnerabilities and remediate vulnerabilities found in containers running in the public cloud, like AWS.

We are using the latest version.

It helps us in detecting our vulnerabilities and protecting our security posture. It also provides automated remedies. We don't see this as a preventative measure, but it helps us in timely detection and remediation of our problems. This means we will not be exploited and made vulnerable to bad actors.

Prisma Cloud provides the visibility and control that we need, regardless of how complex or distributed our cloud environments become, which is very nice. We have an extremely distributed system. Prisma Cloud provides good visibility across the distribution of our system. This definitely adds to our confidence. At any single point of time, we can see our entire cloud posture across our environment, which definitely helps and gives us more confidence to use this product.

It has definitely worked. It has improved the overall collaboration between SecOps and DevOps. Now, instead of asking people to do something, it is a default offering in the CI/CD. There is less manual intervention and more seamless integration. It is why we don't have many dependencies across many teams, which is definitely a better state. 

We have only used two of its features: vulnerability scanning and compliance. We found that the vulnerability scanning has been the most useful feature so far. It has good detection capabilities that we have been able to integrate with our CI/CD pipeline.

The solution provides the following in a single pane of glass: Cloud Workload Protection and Cloud Network Security. These are very important features because they represent some of the basic security requirements that we have to harden our infrastructure. These are non-negotiable requirements. They form some of the basic building blocks for our entire security infrastructure, which is why they are required.

Areas like the deployment of their defenders and their central control need manual intervention. They should focus more on automation. They have a very generic case for small companies. However, for bigger companies to work, we have to do a lot of changes to our system to accommodate it. Therefore, they should change their system or deployment models so it can be easy to integrate into existing architectures.

Prisma Cloud has enabled us to integrate security into our CI/CD pipeline and add touchpoints into existing DevOps processes. It is not 100 percent seamless since we still need to do some manual interventions. Because the way that we have designed our CI/CD for Prisma Cloud, the integration was neither smooth nor was it 100 percent seamless.

I have been using it for a year.

We had some initial hiccups. Wherein, if the number of defenders increased beyond a point, we started seeing some scalable alerts and concerns. Over time they fixed it, and it is better now.

It is scalable only to a particular number. Up to 10,000 defenders connecting to the console for small- to medium-sized companies is the perfect fit.

Prisma Cloud provides security spanning multi- and hybrid-cloud environments. This is very important because we want our solutions to scale with us. We should be able to operate in all public clouds.

We have plans to increase usage. We will be using it extensively.

The service was okay. It was an average experience. I would rate them as seven out of 10.

They respond to our needs on time. Technically, they are sound. 

Neutral

We didn't use another solution previously.

We wanted a non-SaaS, in-house solution.

The initial setup was a bit challenging, but that is typical with any big company. It took some discussions and collaborations to get them at par to onboard us.

The deployment took three to four months.

We followed our standard CI/CD process. Defenders were deployed into the cloud through our public cloud deployment channels using CI/CD. In order to accommodate their containers, we had to make some changes

Our management is happy, so I think that they are happy with what they are paying for it.

Prisma Cloud provides risk clarity across the entire pipeline, showing issues as they are resolved. It has expedited our operations, which are definitely better. We have been able to detect things faster and remedy them faster. 

Investigation time has definitely shortened because we now know things immediately. It has generally increased the detection and alerting time.

We also evaluated Aqua Security.

Focus on operationalizing the service. Don't just keep focusing on features, but also how you will deploy the solution and how it will be part of your entire CI/CD pipeline, then how will you manage all the features and the long-term running of this service. This is where you should start your focus. You can only use the features if you are doing a seamless integration, so focus your requirements on running, maintaining, and continuous use of it.

The comprehensiveness of the solution is good for securing the entire cloud-native development lifecycle, across build, deploy, and run. There is room for improvement, but it is better than other solutions. It is somewhere between seven to eight out of 10, in terms of its comprehensiveness. It doesn't affect our operations that much because we have some long-term goals and we are hoping that this solution will also deliver in that time. For the long term future, we made some changes to our design to accommodate these things.

I would rate the solution as eight out of 10.

Primarily the intent was to have a better understanding of our cloud security posture. My remit is to understand how well our existing estate in cloud marries up to the industry benchmarks, such as CIS or NIST, or even AWS's version of security controls and benchmarks.

When a stack is provisioned in a cloud environment, whether in AWS or Azure or Google Cloud, I can get an appreciation of how well the configuration is in alignment with those standards. And if it's out of alignment, I can effectively task those who are accountable for resources in clouds to actually remediate any identifiable vulnerabilities.

The solution is really comprehensive. Especially over the past three to four years, I was heavily dependent on AWS-native toolsets and config management. I had to be concerned about whether there were any permissive security groups or scenarios where logging might not have been enabled on S3 buckets, or if we didn't have encryption on EBS volumes. I was quite dependent on some of the native stacks within AWS.

Prisma not only looks at the workloads for an existing cloud service provider, but it looks at multiple cloud service providers outside of the native stack. Although the native tools on offer within AWS and Azure are really good, I don't want to be heavily dependent on them. And with Google, where they don't have a security hub where you can get that visibility, then you're quite dependent on tools like Prisma Cloud to be able to give you that. In the past, that used to be Dome9 or Evident.io. Palo Alto acquired Evident.io, and that became rebranded as this cloud posture management solution. It's proven really useful for me.

It integrates capabilities across both cloud security posture management and cloud workload protection. The cloud security posture management is what it was initially intended for, looking at configuration of cloud service workloads for AWS, Azure, Google, and Alibaba. And you can look at how the configuration of certain workloads align to standards of CIS, NIST, PII, etc.

And that brings our DevOps and SecOps teams closer together. The engineering aspect is accountable for provisioning dedicated accounts for cloud consumers within the organization. There might be just an entity within the business that has a specific use case. You then want to go to ensure that they take accountability for building their services in the cloud, so that it's not just a central function or that engineering is solely responsible. You want something of a handoff so that consumers of cloud within the organization can also have that accountability, so that it's a shared responsibility. Then, if you're in operations, you have visibility into what certain workloads are doing and whether they're matching the standards that have been set by the organization from a risk perspective.

You've also got the software engineering side of the business and they might just be focused on consuming base images. They may be building container environments or even non-container environments or hosting VMs. They also have a level of accountability to ensure that the apps or packages that they build on top of the base image meet a certain level of compliance, depending on what your business risk-appetite is. So it's really useful in that you've got that shared accountability and responsibility. And overall, you can then hand that off to security, vulnerability management, or compliance teams, to have a bird's-eye view of what each of those entities is doing and how well they're marrying up to the expected standards.

Prior to Prisma cloud, you'd have to have point solutions for container runtime scanning and image scanning. They could be coupled together, but even so, if you were running multiple cloud service providers in parallel, you could never really get the whole picture from a governance perspective. You would struggle to actually determine, "Okay, how are we doing against the CIS benchmark for Azure, GCP, and AWS, and where are the gaps that we need to address from a governance and a compliance perspective so as to reduce our risk and the threat landscape?" Now that you've got Prisma Cloud, you can get that holistic view in a single pane of glass, especially if you're running multiple cloud workloads or a number of cloud workloads with one cloud service provider. It gives you the ability to look at private, public, or hybrid offerings. It saves me having to go to market and also run a number of proofs of concepts for point solutions. It's an indication of how the market has matured and how Palo Alto, with Prisma Cloud in particular, understands what their consumers and clients want.

It can certainly help reduce alert investigation times, because you've got the detail that comes with the alert, to help remediate. The level of detail offered up by Prisma Cloud, for a given engineer who might not be that familiar with a specific type of configuration or a specific type of alert, saves the engineer having to delve into runbooks or online resources to learn how to remediate a particular alert. You have to compare it to a SIEM solution where you get an event or an alert is triggered. It's usually based on a log entry and the engineer would have to then start to investigate what that alert might mean. But with Prisma Cloud and Prisma Cloud Compute, you get that level of detail off the back of every event, which is really useful.

It's hard to quantify how much time it might save, but think about the number of events and what it would be like if they didn't have that level of detail on how to remediate, each time an event occurred. Suppose you had a threshold or a setting that was quite conservative, based on a particular cloud workload, and that there were a number of accounts provisioned throughout the day and, for each of those accounts, there were a number of config settings that weren't in alignment with a given standard. For each of those events, unless there was that level of detail, the engineer would have to look at the cloud service provider's configuration runbooks or their own runbooks to understand, "Okay, how do I change something from this to this? What's the polar opposite for me to get this right?" The great thing about Prisma Cloud is that it provides that right out-of-the-box, so you can quickly deduce what needs to be done. For each event, you might be saving five or 10 minutes, because you've got all the information there, served up on a plate.

For me, what was valuable from the outset was the fact that, regardless of what cloud service provider you're with, I could segregate visibility of specific accounts to account owners. For example, at AWS, you might have an estate that's solely managed by yourself, or there might be a number of teams within the organization that do so.

You can also integrate with Amazon Managed Services. You can also get a snapshot in time, whether that's over a 24-hour period, seven days, or a month, to determine what the estate might look like at a certain point in time and generate reports from that for vulnerability management forums. In addition to that, I can get a snapshot of what I deemed were the priority vulnerabilities, whether it was identity access management, key rotation, or secrets management. Whatever you deem to be a priority for mitigating threats for your environment, you can get that as a snapshot.

You can also automate how frequently you want reports to be generated. You can then understand whether there has been any improvement or reduction in vulnerabilities over a certain time period.

The solution also enables you to ingest logs to your preferred SIEM provider so that you've got a better understanding of how things stack up with event correlation and SIEM systems.

If you've got an Azure presence, you might be using Office 365 and you might also have a presence in Google Cloud for the data, specifically. You might also want to look at scenarios where, if you're using tools and capabilities for DevOps, like Slack, you can plug those into Prisma Cloud as well to understand how well they marry up to vulnerabilities. You can also use it for driving out instant vulnerabilities into Slack. That way, you're looking at what your third-party SaaS providers are doing in relation to certain benchmarks. That's really useful as well.

In addition, an engineer may provision something like a shared service, a DNS capability, a sandbox environment, or a proof of concept. The ability to filter alerts by severity helps when reporting on the services that have been provisioned. They'll come back as a high, medium, or low severity and then I ensure that we align with our risk-appetite and prioritize higher and medium vulnerabilities so that they are closed out within a given timeframe.

When it comes to root cause, Prisma Cloud is quite intuitive. If you have an S3 bucket that has been set to public but, realistically, it shouldn't have been, you can look at how to remediate that quite intuitively, based on what the solution offers up as a default setting. It will offer up a way to actually resolve and apply the correct settings, in line with a given standard. There's almost no thinking involved. It's on-point and it's as if it offers up the specific criteria and runbooks to resolve particular vulnerabilities.

That assists security, giving them an immediate way to resolve a given conflict or misalignment. The time-savings are really incomparable. If you were to identify a vulnerability or a risk, you might have to draw up what the remediation activity should look like. However, what Prisma Cloud does is that it actually presents you with a report on how to remediate. Alternatively, you can have dynamic events that are generated and applied to Slack, for example. Those events can then be sent off to a JIRA backlog or the like. The engineers will then look at what that specific event was, at what the criteria are, and it will tell them how to remediate it without their having to set time aside to explain it. The whole path is really intuitive and almost fully automated, once it's set up.

One scenario, in early days, was in trying to get a view on how you could segregate account access for role-based access controls. As a DevSecOps squad, you might have had five or six guys and girls who had access to the overall solution. If you wanted to hand that off to another team, like a software engineering team, or maybe just another cloud engineering team, there were concerns about sharing the whole dashboard, even if it was just read-only. But over the course of time, they've integrated that role-based access control so that users should only be able to view their own accounts and their own workloads, rather than all of the accounts.

Another concern I had was the fact that you couldn't ingest the accounts into Prisma Cloud in an automated sense. You had to manually integrate them or onboard them. They have since driven out new features and capabilities, over the last 12 months, to cater for that. At an organizational level you can now plug that straight into Prisma Cloud, as and when new accounts are provisioned or created. Then, by default, the AWS account or the Azure account will actually be included, so you've got visibility straight away.

The lack of those two features was a limitation as to how far I could actually push it out within the organization for it to be consumed. They've addressed those now, which is really useful. I can't think of anything else that's really causing any shortcomings. It's everything and more at the moment.

I've been using Prisma Cloud for about 12 months now

It's pretty straightforward to run an automated setup, if you want to go down that route. The capabilities are there. But in terms of how we approached it, it was like a plug-and-play into our existing stack. Within AWS, you just have to point Prisma Cloud at your organizational level so that you can inherit all the accounts and then you have the scanning capability and the enforcement capability, all native within Prisma Cloud. There's nothing that we're doing that's over and above, nothing that we would have to automate other than what is actually provided natively within Prisma Cloud. I'm sure if you wanted to do additional automation, for example if you wanted to customize how it reports into Slack or how it reports into Atlassian tools, you could certainly do that, but there's nothing that is that complex, requiring you to do additional automation over and above what it already provides.

I haven't gone about calculating what the ROI might be.

But just looking at it from an operational engineering perspective and the benefits that come with it, and when it comes to the governance and compliance aspects of running AWS cloud workloads, I now put aside half an hour or an hour on a given day of the week, or alternative days of the week. I use that time to look at what the client security posture is, generate a number of reports, and hand them off to a number of engineering teams, all a lot quicker than I used to be able to do so two or three years ago.

In the past, at times I would have had to run Trusted Advisor from AWS, to look at a particular account, or run a number of reports from Trusted Advisor to look at multiple accounts. And with Trusted Advisor, I could never get a collective view on what the overall posture was of workloads within AWS. With Prisma Cloud, I can just select 30 AWS accounts, generate one report, and I've got everything I need to know, out-of-the-box. It gives me all the different services that might be compliant/non-compliant, have passed/failed, and that have high, medium, or low vulnerabilities. It has saved me hours being able to get those snapshots.

I can also step aside by putting an automated report in place and receive that on a weekly basis. I've also got visibility into when new accounts are provisioned, without my having to keep tabs on whether somebody has just provisioned a new account or not. The hours that are saved with it are really quite high.

As it stands now, I think things have moved forward somewhat. Prisma and the suite of tools by Palo Alto, along with the fact that they have integrated Prisma Cloud Compute as a one-stop shop, have really got it nailed. They understand that not all clients are running container workloads. They bring together point solutions, like what used to be Twistlock, into that whole ecosystem, alongside a cloud security posture management system, and they'll license it so that it's favorable for you as a consumer. You can think about how you can have that presence and not then be dependent on multiple third-parties.

Prisma cloud was originally destined for cloud security posture management, to determine how the configuration of cloud services aligns with given standards. Through the evolution of the product, they then integrated a capability they call Prisma Cloud Compute. That is derived from point solutions for container and image scanning. It has the capabilities on offer within a single pane of glass.

Prior to the given scenario with Prisma Cloud, you'd have to either go to Twistlock or Aqua Security for container workloads. If you were going open source, obviously that would be free, but you'd still have to be looking at independent point solutions. And if you were looking at governance and compliance, you'd have to look at the likes of Dome9, Evident.io, and OpenSCAP, in a combination with Trusted Advisor. But the fact that you can just lean into Prisma Cloud and have those capabilities readily available, and have an account manager that is priced based on workloads, makes it a favorable licensing model.

It also makes the whole RFP process a lot more streamlined and simplified. If you've got a purchasing specialist in-house, and then heads-of-functions who might have a vested interest in what the budget allocation is, from either a security perspective or from a DevOps cloud perspective, it's really quite transparent. They work the pricing model in your favor based on how you want to actually integrate with their products. From my exposure so far, they have been really flexible on whatever your current state is, with a view to what the future state might be. There's no hard sell. They "get" the journey that you're on, and they're trying to help you embrace cloud security, governance, and compliance as you go. That works favorably for them as well, because the more clients that they can acquire and onboard, the more they can share the experience, helping both the business and the consumer, overall.

Prior to Prisma cloud, I was looking at Dome9 and Evident.io. Around late 2018 to early 2019, Palo Alto acquired Evident.io and made it part of their Prisma suite of security tools.

At the time, the two that were favorable were Evident.io and Dome9, side-by-side, especially when running multiple AWS accounts in parallel. At the time, it was Dome9 that came out as more cost-effective. But I actually preferred Evident.io. It just happened to be that we were evaluating the Prisma suite and then discovered that Palo Alto had acquired Evident.io. For me that was really useful. As an organization, if we were already exploring the capabilities of Palo Alto and had a commercial presence with them, to then be able to use Prisma Cloud as part of that offering was really good for me as a security specialist in cloud. Prior to that, if as an organization you didn't have a third-party cloud security posture management system for AWS, you were heavily dependent on Trusted Advisor.

My advice is that if you have the opportunity to integrate and utilize Prisma Cloud you should, because it's almost a given that you can't get any other cloud security posture management system like Prisma Cloud. There are competitors that are striving to achieve the same types of things. However, when it comes to the governance element for a head of architecture or a head of compliance or even at the CSO level, without that holistic view, if you use one of them you are potentially flying blind. 

Once you've got a capability running in the cloud and the associated demand that comes through from the business to provision accounts for engineers or technical service owners or business users, the given is that not every team or every user that wants to consume the cloud workload has the required skill set to do so. There's a certain element of expertise that you need to securely run cloud workloads, just as is needed for running applications or infrastructure on-premise. However, unless you have an understanding of what you're opening up to—the risk element to running cloud workloads, such as a potential attacks or compromise of service—from an organizational perspective, it's only a matter of time before something is leaked or something gets compromised and that can be quite expensive to have to manage. There are a lot of unknowns. 

Yes, they do give you capabilities, such as Trusted Advisor, or you might have OpenSCAP or you might be using Forseti for Google Cloud, and there are similar capabilities within Azure. However, the cloud service providers aren't native security vendors. Their workloads are built around infrastructure- or platform-as-a-service. What you have to do is look at how you can complement what they do with security solutions that give you not just the north-south view, but the east-west as well. You shouldn't just be dependent on everything out-of-the-box. I get the fact that a lot of organizations want to be cloud-first and utilize native security capabilities, but sometimes those just don't give you enough. Whether you're looking at business-risk or cyber-risk, for me, Prisma Cloud is definitely out there as a specialist capability to help you mitigate the threat landscape in running cloud workloads.

I've certainly gone from a point where I understood what the risk was in not having something like this, and that's when I was heavily dependent on native tools that are offered up with cloud service providers. 

The first release that came out didn't include the workload management, because what happened, I believe, was that Palo Alto acquired Twistlock. Twistlock was then "framed" into cloud workload management within Prisma Cloud. What that meant was that you had a capability that looks at your container workloads, and that's called Prisma Cloud Compute, which is all available within a single pane of glass, but as a different set of capabilities. That is really useful, especially when you're running container workloads.

In terms of securing the entire development life cycle, if you integrate it within the Jenkins CI/CD pipeline, you can get the level of assurance needed for your golden images or trusted image. And then you can look at how you can enforce certain constraints for images that don't match the level of compliance required. In terms of going from what would be your image repository, when that's consumed you have the capability to look at what runtime scanning looks like from a container perspective. It's not really on par with, or catering to, what other products are looking at in terms of SAST and DAST capabilities. For those, you'd probably go to the market and look at something like Veracode or WhiteHat.

It all depends on the way an organization works, whether it has a distributed or centralized setup. Is there like a central DevOps or engineering function that is a single entity for consuming cloud-based services, or is there a function within the business that has primarily been building capabilities in the cloud for what would otherwise be infrastructure-as-a-service for internal business units? The difficulty there is the handoff. Do you look at running it as a central function, where the responsibility and the accountability is within the DevOps teams, or is that a function for SecOps to manage and run? The scenario is dependent on what the skill sets are of a given team and what the priorities are of that team. 

Let's say you have a security team that knows its area and handles governance, risk, and compliance, but doesn't have an engineering function. The difficulty there is how do you get the capability integrated into CI/CD pipelines if they don't have an engineering capability? You're then heavily relying on your DevOps teams to build out that capability on behalf of security. That would be a scenario for explaining why DevOps starts integrating with what would otherwise be CyberOps, and you get that DevSecOps cycle. They work closer together, to achieve the end result. 

But in terms of how seamless those CI/CD touchpoints are, it's a matter of having security experts that understand that CI/CD pipeline and where the handoffs are. The heads of function need to ensure that there's a particular level of responsibility and accountability amongst all those teams that are consuming cloud workloads. It's not just a point solution for engineering, cloud engineering, operations, or security. It's a whole collaboration effort amongst all those functions. And that can prove to be quite tricky. But once you've got a process, and the technology leaders understand what the ask is, I think it can work quite well.

When it comes to reducing runtime alerts, it depends on the sensitivity of the alerting that is applicable to the thresholds that you set. You can set a "learning mode" or "conservative mode," depending on what your risk-appetite is. You might want it to be configured in a way that is really sensitive, so that you're alerted to events and get insights into something that's out of character. But in terms of reducing the numbers of alerts, it all depends on how you configure it, based on the sensitivity that you want those alerts to be reporting on.

I would rate Prisma Cloud at eight out of 10. It's primarily down to the fact that I've got a third-party tool that gives me a holistic view of cloud security posture. At the click of a button I can determine what the current status is of our threat landscape, in either AWS or Azure, at a conflict level and at a workload level, especially with regards to Prisma Cloud Compute. It's all available within a single pane of glass. That's effectively what I was after about two or three years ago. The fact that it has now come together with a single provider is why I'd rate it an eight.

We use the CSPM (Cloud Security Posture Management) module that provides good visibility across workloads. The solution in general provides visibility, compliance, and governance across all of our workloads. 

Prevention along with Prisma Cloud's detection capabilities can be leveraged by deploying Defender on your workloads. Additionally, out-of-the-box rules, like compliance rules, runtime rules, or vulnerability rules can be further created to secure any cloud-native workload.  

You can identify any access details and over-privileged permissions using the CIEM (Cloud Identity and Entitlement Management) module by running IAM queries.

You can ingest your Flow Logs to Prisma Cloud and further analyze them using the network queries. You get a detailed view of network flow, configuration details of each resource, mapping of how resources are connected to each other, etc. 

The cloud identity security and cloud network security capabilities are very helpful.

Prisma Cloud helps you identify vulnerabilities and misconfigurations in your code by integrating with your VCS (Version Control System) for example GitHub repository. You will get an overview page as well as a detailed view based on the type like vulnerabilities, IAC misconfigurations, secrets, licenses, etc. There are different options available. If you want full visibility, you can also go to the supply chain graph and see these details. It helps in identifying these risks. It also shows the package dependencies that need to be mapped. In a case where a package is dependent on something, both are provided so that you can see the vulnerabilities. That's a good feature. You can further integrate security into our CI/CD pipeline like Jenkins.

Prisma Cloud provides security that spans multi and hybrid cloud environments. It provides security across AWS, GCP, Azure, Oracle, and Alibaba. We usually engage with customers with workloads across multiple clouds and Prisma Cloud is a good fit for these environments.

The comprehensiveness of Prisma Cloud for protecting the full cloud-native stack is great. It's a single tool that does everything. When Prisma started off, it was more of a CSPM and CW tool. Now, they have also expanded towards Code Security, which is also increasing. It covers a lot of features in terms of its CNAPP (Cloud-Native Application Protection Platform) capabilities and yet the ease of use is exemplary. It offers great automation as well. It's not just about security, it is also about automating these procedures as much as possible. For example, if you want to deploy Defender, you get auto-defend rules. 

It supports taking a more proactive approach to Cloud Security. We can modify existing policies or create policies if required and get alerted if there are any security violations. It can be further integrated into third-party solutions, by alerting channels like Slack. 

Prisma Cloud provides the visibility and control you need regardless of how complex or distributed your cloud environments become. With it, you can view all of your assets on your cloud account. You can even filter. There are different filters based on the cloud providers, and from there you can filter based on the service that you are looking at. Those are grouped in a particular order so that you can go to those resources. For example, if I want to check for an AWS EC2 instance, once I go there, I can select that instance name and get the config details as well. There is an audit trail if I want to see any changes that have been detected in these resources. It gives me complete visibility to the most granular level.

Prisma Cloud provides us with a single tool that protects all of our cloud resources and applications without having to manage and reconcile these other security and compliance reports. There is a compliance section. You can even have compliance available out of the box. You can filter the alerts based on the compliance rules. You can further generate a report for a compliance standard by creating an alert rule. You can add your email address and you can get your weekly report sent to you. All of those things are available and customizable. You can do a deep dive for your workloads, as in your VMs, your container, serverless, etc.

Prisma Cloud provides risk clarity at runtime and across the entire pipeline showing issues as they are discovered during the build phases. If it's colored in red, it indicates there are serious alerts. If it's green, it means it's all good. That's a high-level overview of visibility. However, it also indicates all the risks and categorizes those. 

Prisma Cloud helped to reduce runtime alerts. You can even create runtime rules. If you want to apply it globally, you can have it for all of your workloads. Once you create these, you will also get alerts for all those runtime rules that you have created for your workloads.

So far, we've reduced investigation times. The visibility on alerts helps you investigate more easily and see details faster. It helps you investigate similar alerts and take action accordingly. 

It is one solution that has multiple capabilities. It's not just a CSPM (Cloud Security Posture Management); it has CWP (Cloud Workload Protection), CCS (Cloud Code Security), CNS (Cloud Network Security), and CIEM (Cloud Identity and Entitlement Management) capabilities. Since it's all under one product, we don't have to buy multiple solutions. In that sense, we have saved money.  

We could not use the data security module. It's not available to our Indian customers.

The automation must continue to become much smoother. There are automation capabilities, however, there are certain challenges with that as well. The approach we generally take is we have to raise a support ticket and have multiple calls with the support engineers. That takes some amount of time. If it's a POC, proof of concept, or something like that is still fine. However, if it is the customer's production workloads that we are testing, that delays that entire implementation. Errors need to be resolved or there has to be faster support for these aspects.

At one point, one of our customers was looking for a compliance standard, which is not available out of the box on Prisma Cloud. Maybe not all standards are covered at this point.

When we face challenges and need to raise a support ticket, it takes time for them to get back to us and investigate the issue. We'd like the process to happen faster. We'd also like to have a dedicated source of support. If you have five or six consecutive issues, you have to follow up across five or six separate tickets. It would be easier if we just had one touchpoint that could manage multiple requests. 

I've been working with the solution for close to two years. 

I've dealt with technical support, They are good, however, the turnaround time is slow. When you are working on a POC, it's fine, however, when you begin to deal with production workloads, issues need to be resolved faster. 

Neutral

We're an implementation partner. 

It took me some time, first of all, to understand the product. However, that is important. You need to understand the product, and then get the value. There are different aspects of the product that have different scanning times. Once you onboard, it takes a certain time to get all the details. Also, there will be certain alerts that might not be default alerts. After a certain amount of time, you might have to funnel them. Or, you might want to narrow down to those alerts which are important to you. After that, you'll begin to see the actual value added and to get there, it will definitely take a certain amount of time. 

I'd rate the solution nine out of ten.