IT Central Station is now PeerSpot: Here's why

Prisma SaaS by Palo Alto Networks OverviewUNIXBusinessApplication

Prisma SaaS by Palo Alto Networks is #5 ranked solution in CASB solutions. PeerSpot users give Prisma SaaS by Palo Alto Networks an average rating of 8.4 out of 10. Prisma SaaS by Palo Alto Networks is most commonly compared to Cisco Umbrella: Prisma SaaS by Palo Alto Networks vs Cisco Umbrella. Prisma SaaS by Palo Alto Networks is popular among the large enterprise segment, accounting for 70% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 26% of all views.
Prisma SaaS by Palo Alto Networks Buyer's Guide

Download the Prisma SaaS by Palo Alto Networks Buyer's Guide including reviews and more. Updated: July 2022

What is Prisma SaaS by Palo Alto Networks?

Since software as a service is so easy, use of SaaS applications is exploding. Because of that simplicity, though, the security risks of SaaS are also on the rise. Unsanctioned SaaS apps can expose sensitive data and propagate malware, and even sanctioned SaaS adoption can increase the risk of data exposure, breaches and noncompliance. By offering advanced data protection and consistency across applications, Prisma SaaS reins in the risks. It addresses your cloud access security broker needs and provides advanced capabilities in risk discovery, data loss prevention, compliance assurance, data governance, user behavior monitoring and advanced threat prevention. Now you can maintain compliance while preventing data leaks and business disruption through a fully cloud-delivered CASB deployment.

Prisma SaaS by Palo Alto Networks was previously known as Palo Alto Networks Prisma SaaS, Prisma SaaS, Palo Alto Networks Aperture, Aperture.

Prisma SaaS by Palo Alto Networks Customers

University of Arkansas

Prisma SaaS by Palo Alto Networks Video

Prisma SaaS by Palo Alto Networks Pricing Advice

What users are saying about Prisma SaaS by Palo Alto Networks pricing:
  • "Prisma is in the middle of the road. It's not the most expensive, but it's not the cheapest. There aren't any additional costs, to my knowledge. I know they have some extra modules, but we didn't use them."
  • "They price their products using credit modules."
  • "Prisma SaaS is more expensive than similar solutions but I think it's worth it."
  • "The licensing fees are paid on a yearly basis and for what we get, the price is good."
  • Prisma SaaS by Palo Alto Networks Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    Gabriel Franco - PeerSpot reviewer
    Senior Service Delivery Engineer at NetData Innovation Center
    Real User
    Top 10
    Supports custom expressions, helps with compliance, and integrates well with Azure AD
    Pros and Cons
    • "You have the ability to create your own expressions for your data. Palo Alto understands that DLP is not the same for all consumers. You might have a particular need to fulfill, and they give you the opportunity to create a custom expression to match the specific format that you have. For a confidential file property that you have in your files, you can add a metadata field. It gives you that opportunity to create that."
    • "They can add some new characteristics. For example, when an incident triggers, they can automatically send a template for a particular match that is related to the policy. We don't have that right now. It is something to improve. There could be more automation for certain actions. For example, for a particular group, it can send an administrator alert to their manager. It was one of the concerns of our customers."

    What is our primary use case?

    We are a partner of Palo Alto. We focus on healthcare customers, and we help them onboard and manage different Palo Alto solutions, including Prisma SaaS.

    It gives you visibility and an understanding of what you have in your environment. A couple of years ago, all the information that you had in your SaaS environment was kind of a black box. You didn't have any information about what you or your employees had there. So, visibility is one use case, and another very important use case is the ability to review the way the files and information are shared. You can see if a confidential file is being shared. Having this information and awareness is important for the administrators of Office 365 and other environments so that they can make corrections.

    With the use of the Data Loss Prevention (DLP) module, the scanning process scans all the files that you have in there and classifies them through the DLP engine. So, when you get your results, you would have files with the matching results, such as with credit card numbers or phone numbers. There are also data profiles or policies, such as PCI, PII, or GDPR compliance. Palo Alto is working on adding more profiles, such as HIPAA, based on different compliance standards in the industry.

    It is a SaaS solution, and we are using its most recent version.

    How has it helped my organization?

    You get the control and visibility into what you have in your SaaS applications. It helps you to know what you have in your environment and then meet your compliance needs. You get to know whether all of them are on a single platform. You also get an understanding of what type of information you have and how it is disposed of. Based on the results that you get from the scanning process, you can accomplish goals, such as PCI compliance or GDPR compliance. Most of the customers are governed by their security information team and have an obligation to be compliant with different industry standards, such as PCI, PII, or GDPR. With this platform, you are a step ahead in knowing what you have in your environment and accomplishing the compliance goals.

    What is most valuable?

    You have the ability to create your own expressions for your data. Palo Alto understands that DLP is not the same for all consumers. You might have a particular need to fulfill, and they give you the opportunity to create a custom expression to match the specific format that you have. For a confidential file property that you have in your files, you can add a metadata field. It gives you that opportunity to create that.

    Another thing that I really like is the Azure AD integration. You can integrate with Azure AD in order to apply what they call the groups in Azure AD. You can apply groups, and you can have different characteristics, but the most important thing for me is that you can select groups and put the groups into your policies because your DLP or the things that you want to catch may be different for different departments. Your requirements would be different for your HR department versus your development team. For the HR department, it would be more useful to have PII information because they are trying to work with new employees and information. So, it should be different. With Azure AD, you can make a differentiation between these two departments. I found that very useful.

    What needs improvement?

    They can add some new characteristics. For example, when an incident triggers, they can automatically send a template for a particular match that is related to the policy. We don't have that right now. It is something to improve. There could be more automation for certain actions. For example, for a particular group, it can send an administrator alert to their manager. It was one of the concerns of our customers. 

    You have three types of rules in SaaS Security API. You have the asset policies. You have the user activity policies, and you have the security control rules. Asset policies are more general, and they are more focused on the general behavior of an asset, which is a file. The user activity rules control or alert about unusual user activity or compliance violations, such as when a user uploads a large number of files. It would be good if you can put User IDs for the asset rules. In the asset rules, you can use the Azure AD group, but you cannot use the User ID. That would be a good improvement. 

    Palo Alto has a lot of different solutions, and it would be good if the DLP part can be integrated with other solutions as well.

    Buyer's Guide
    Prisma SaaS by Palo Alto Networks
    July 2022
    Learn what your peers think about Prisma SaaS by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
    621,327 professionals have used our research since 2012.

    For how long have I used the solution?

    I've been working with Prisma SaaS for two years.

    What do I think about the stability of the solution?

    In general, it is good, but everything could be a little bit better. For example, they are working on including more data to catch or trying to reduce the gaps between the matches. It is DLP, but it is not perfect. We're going to have a false positive. They are working on closing that gap and being more accurate, but in general, it gives you accurate and reliable information.

    What do I think about the scalability of the solution?

    You can onboard certain applications, and if you add more and more files, it's going to continue scanning those files. If you take a business decision to purchase a new SaaS application for your team, such as Slack, you can onboard that new application. You don't have a particular limitation on that. So, if you want to grow and have more business applications, your only concern should be whether they are supported by SaaS Security API. That's because not all the applications work the same way or have the same characteristics, but it gives you an opportunity to grow.

    We have had environments with 200 to 2,000 users. It depends on a customer's SaaS environment, and if they want to apply to all of it or a part of it. There was a requirement from a customer to be notified when there is a file share with certain domains, which were their competitor's domains. That way they would get to know when someone from inside the company is sharing information with the competitors. Another common requirement is to be notified or create an incident when I share a public file in my Office 365 account. 

    It is gaining more popularity among different customers in the last year. Palo Alto is trying to focus and combine it with other types of solutions related to DLP in order to secure not only your SaaS environment but all of your perimeter. Palo Alto is going to be very focused on that, and its usage is going to increase. In the past, it was not something that a lot of customers required. Palo Alto is working on improving the platform and making it more attractive to meet customers' needs. The market is changing continuously, and Palo Alto is focused on having DLP in different environments.

    How are customer service and support?

    I didn't use their support that much, but it is fine. Palo Alto has different teams that are focused on different types of solutions. They have a SaaS team for the SaaS API problems that can come. They are good, but sometimes, it would be good to have a quicker response from their side because you want to resolve an issue as fast as you can. They have a lot of companies, and it is kind of hard. You would find this problem with most of their partners, but they always come to you with a good disposition and try to solve it in the shortest time possible. So, overall, their support is good. I would rate them a four out of five.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    I didn't use any similar solution previously. The company that I have been working for is very focused on Palo Alto solutions, and I didn't have the opportunity to work with other tools that are on the market.

    How was the initial setup?

    In most cases, it is easy, but it depends on the application that the customers want to onboard. For example, if you want to onboard Office 365, Microsoft Teams, and Exchange, the onboarding is easy because you can use the same user account for these three solutions. The challenging part is that you need to create an account with the specific rights for communication and gathering the appropriate information. That's more complex. In some cases, the companies are not completely controlling their Office 365 environment. They have a leader company that gives you the rights, which can take a bit longer.

    It could be challenging when you try to use the S3 bucket because you have to work with the IAM to get the exact privilege access to the bucket. That's a more complex part, but if you know what you are doing, it's not that hard.

    For me, its implementation is very straightforward. I would rate it a four out of five in terms of ease. Its duration varies because it depends on the information that you have in your SaaS applications because it's going to communicate with your applications through API.  It depends on a lot of things, but in my experience, one week to one and a half weeks is generally enough time. It is not something set in stone. It can take less or more, but you obtain a lot of information once that is finished.

    What about the implementation team?

    It is not necessary to have a consultant from Palo Alto. The activation part is straightforward. They send you a magic link to have access and configure it. It takes about 20 to 30 minutes to generate the tenant, if I am not wrong. After that, it's very straightforward. There is documentation about each application that you want to onboard.

    Before implementing it, it is very important to have a conversation with the customer about the applications they want to onboard, and inside those applications, what type of information they want to catch. For example, a pharmaceutical company might not be as aware of all the compliances for HIPAA or PII. It is important to have that information in order to understand what they want to catch. You can have that covered with predefined ones. We might also have to create custom ones, but it is not that necessary to have someone from Palo Alto if you have a correct partner who knows about the platform.

    After onboarding applications, we recommend testing the rules on specific owner files to verify that the results that you are obtaining are accurate and as expected. If they are good, you can go ahead and apply the rules for all. Because a rule is already tested, you don't have to modify it a lot later. If you have a new need, you can create a new rule. After that, the knowledge transfer with the customer is very important. It is not a complex application to manage for the customer, but they really need to understand what it's doing. This knowledge transfer is really important, and it is something that we care about a lot in the company.

    What other advice do I have?

    After rebranding, its name now is SaaS Security API. My experience with the product is mostly good. Before going for this solution, it's very important to understand what the customer is looking for. In terms of visibility, it's very good because it's an opportunity to have a lot of visibility about the applications that you onboard. For example, you have all that information centralized, and you can apply policies for them. It is very good for that purpose, but it's communication through an API. So, it's not something like a firewall where you can block something instantaneously. It requires a different approach. You need to have an understanding and the objective to obtain visibility and gain more results.

    You need to be very clear about what you are looking for and what type of information or compliance you want. Focus on not using it as an individual solution. It's a platform that generates more value when working together with other solutions. 

    I would rate this solution an eight out of ten.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
    Flag as inappropriate
    PeerSpot user
    Senior Security Engineer at a manufacturing company with 501-1,000 employees
    Real User
    Top 20
    We know instantly if somebody configures something in a way that's vulnerable
    Pros and Cons
    • "Prisma's most valuable feature would be its ability to identify bad or risky configurations."
    • "Prisma would be a stronger solution if it could aggregate resources by project or by application. So say we have an application we've developed in AWS and five applications we've developed in Azure. The platform will group it according to those applications, but it's based on the tags we use in Azure, which means I have to rely on development teams to tag resources properly."

    What is our primary use case?

    We use it to monitor our cloud environments to get a real-time inventory of what's being stood up, what's being torn down, vulnerability management, risk management, and all of our cloud resources across all AWS, Azure, and GCP.

    How has it helped my organization?

    If somebody configures something in a way that's vulnerable, we know instantly. We'll get an alert and address it so that it's remediated and not left open. For example, if somebody stands up a new storage container and inadvertently makes it publicly accessible, that's something we'd want to know right away to prevent a breach. We could automate it to prevent it from being stood up with public access. 

    We can prevent specifically forbidden configurations automatically by using this tool to never allow a resource storage container to be stood up and made publicly accessible. Automation is key there, and I'd say that would be an example of how Palo Alto has improved my organization.

    Prisma SaaS helps us keep pace with SaaS growth in our organization. Everything's going to the cloud, and containers are being used more and more. As security professionals, we don't live in the development world, so we need to know what's going on in that realm, and the platform will help us identify those things and make sure that they're stood up securely. 

    If there's something new, a new vulnerability, or a new standard, we'll be alerted about it. That's important because we don't speak developer language, and we, as security folks, consume the data. We must understand what's being stood up and how, and the platform will help us identify that and explain why it's vulnerable and needs to be fixed.

    What is most valuable?

    Prisma's most valuable feature would be its ability to identify bad or risky configurations. People stand up stuff in the cloud all the time, and as security professionals, we're not always aware of it. Prisma is critical for flagging real-time inventory and configuration risks, general vulnerabilities, and also issues in Kubernetes. Prisma is very effective for securing new SaaS applications. The code used to configure new SaaS applications is critical for identifying what we want as our security standards and confirming that they're being practiced.

    What needs improvement?

    Prisma would be a stronger solution if it could aggregate resources by project or by application. So say we have an application we've developed in AWS and five applications we've developed in Azure. The platform will group it according to those applications, but it's based on the tags we use in Azure, which means I have to rely on development teams to tag resources properly. If they don't do that, it doesn't group them properly in the platform. 

    It would be nice if we could group the application according to the platform itself instead of relying on the development team to tag correctly in the cloud environment. My development team for one project might be different from the development team in another project. If I see a resource that needs to be fixed or changed, I need to know what project that resource is associated with. Ideally, I don't want to have to go into Azure and try to figure that out. So if I could tag it using the platform itself rather than relying on the tags that the development team uses in Azure, that would be extremely helpful. I wouldn't say Prisma is particularly useful for protecting data. It's hard to say. We're not looking at the data of the resources, so to speak, using Prisma. It's more like the resources that hold the data.

    For how long have I used the solution?

    I've been working with Prisma SaaS for about five years.

    What do I think about the stability of the solution?

    I'd say Prisma is extremely stable. We haven't had any issues there.

    What do I think about the scalability of the solution?

    Prisma is highly scalable. It's a cloud solution, so it automatically updates when new resources come out. We don't have to do anything. It just sees it and adjusts accordingly. I recently started a new role at a company, and we're planning on implementing it and using it more. Where I came from, we used it extensively and relied on it to monitor and manage our cloud environment.

    How are customer service and support?

    I rate Palo Alto tech support seven out of 10. The technical support used to be a lot better when they were a smaller company. Back when they were called Evident.io and then RedLock, they were more personable and provided good one-on-one technical support. Their support structure changed about a year and a half ago. Now, they're more like group support, and I don't think it's as thorough, but it's still okay. 

    How would you rate customer service and support?

    Neutral

    How was the initial setup?

    I would say the cloud SaaS part was extremely straightforward to set up. We had no problems there. Then there is the container compute area called Compute in Prisma. It's almost like a product within a product. You have to deploy the container section on an agent to your container host. That's a little more complicated because we have to rely on development teams to deploy the agent, but tying the platform to your cloud subscriptions was straightforward and took only 30 minutes to an hour. 

    It is a little more involved to set up the Kubernetes containers and deploy the agent. That could take up to a day because you have to collaborate with other teams to get that deployed and make sure it's pulling the right data. Then again, it depends on how receptive your development team is to deploying the agents. That part usually takes around three hours. It takes one or two security engineers to deploy and maintain. 

    What about the implementation team?

    We did it in-house with some help from Palo Alto that we purchased through a support license.

    What was our ROI?

    I don't have specific metrics, but I will say that it helps us know what we don't know, and that's ideal from a security perspective—seeing things that we didn't realize were an issue. The return on that investment is significant because you can't secure what you don't know is there. Prisma accomplishes that pretty easily without having to be on the platform constantly responding to alerts.

    Prisma integrates pretty nicely even if you aren't using other Palo Alto products. It's very effective for a CSP solution, and the time to value is almost instant. As soon as you stand it up, it shows value by telling you all the vulnerabilities or risks in that environment. I feel like Prisma is one of those things that is essential. If you have resources in the cloud, you're going to need something to monitor it, and it's not ridiculously priced. I'm not too involved in the budget, so it's one of those things that's a necessary evil. I feel like it's a reasonably priced necessary evil.

    What's my experience with pricing, setup cost, and licensing?

    Prisma is in the middle of the road. It's not the most expensive, but it's not the cheapest. There aren't any additional costs, to my knowledge. I know they have some extra modules, but we didn't use them. 

    I'd say the price fits the solution. Prisma is capable of many other things, but Palo Alto doesn't charge you extra for those things, unlike other companies. You can use them or not. Because your environment grows, you may not use it now, you may not need it now, but you may in the future. Those capabilities are there without an additional cost for a different module where other companies will break it out, where you have to pay for those things.

    Which other solutions did I evaluate?

    We evaluated a few, including Sysdig, Threat Stack, and Lacework. The deciding factor was the ease of use. It's critical to understand what you're looking at and for the platform to provide value with reports. The data presentation in Prisma was more straightforward.

    What other advice do I have?

    I rate Prisma SaaS nine out of 10. Ideally, you want a platform that will save you time by giving you the information quickly so you can understand it and act on it. Many platforms have loads of colorful graphs or bells and whistles, but they don't help you get to the bottom of what you're looking at. I feel that Prisma does that. You can get so much information directly from the platform without the need to reach out to other teams or go into the cloud to understand what you're seeing.

    Which deployment model are you using for this solution?

    Public Cloud
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    Buyer's Guide
    Prisma SaaS by Palo Alto Networks
    July 2022
    Learn what your peers think about Prisma SaaS by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
    621,327 professionals have used our research since 2012.
    DevOps Engineer at a tech services company with 10,001+ employees
    Real User
    Useful predefined rules, multiple integrations, descriptive alerts, and great stability
    Pros and Cons
    • "It has predefined or preconfigured rules, which are getting periodically updated. They are providing continuous improvements and periodically updating all search queries that they are looking for. That is one thing that helps us to stay vigilant and focused. If we query our AWS account for any breaches or vulnerabilities with any of the cloud tests, and it alerts us based on these predefined rules. It also provides an option to configure our own rules, and based on these rules, it can query the cloud trail logs, pull the information, and trigger alerts in real-time. I haven't explored this feature much because there are multiple accounts, and we don't have enough time to explore this feature. It also provides multiple integrations. When vulnerabilities or breaches are happening, you should be aware of them immediately. It provides integration with tools such as Slack, PagerDuty so that you can get alerted as soon as the high severity stuff comes up. For example, you have a security group that has allowed public traffic on port 22. As TechOps, you should be aware of this immediately. You cannot scan each machine or look into all security groups to identify it. So, Prisma helps us and alerts us when this kind of high-priority stuff comes up. It has different statistics, analytics, and graphs for data. The description of alerts is also pretty good. They describe what are the possible causes for this and what are the solutions. From Prisma Cloud, you can directly go to the AWS account. When you click on an alert, a resource, or a resource ID, it takes you to the AWS console where you need to log in. If you are already logged in, it will take you to that instance directly, and you can fix the issue there. I have found this feature very useful."
    • "We are using the SaaS offering. We use our applications for microservices. We use Twistlock to scan containers, and it displays these results in Prisma, which is a good feature because we can see vulnerabilities with respect to these containers. We can see everything in a very detailed manner. However, when you have different environments for a single application, such as DEV, QA, PROD, and TEST, all these environments run multiple containers, which can lead to a very high number of containers. In such a scenario, it shows you the alerts for all those containers that have vulnerabilities. If you show the results of all the containers that share the same image, it is not going to add any value. Therefore, they should narrow down the alerts based on a container. It should show information for a single container. Otherwise, the person who is looking at the results gets the impression that he has to fix all these issues. This is something that they can improve."

    What is our primary use case?

    We are basically using it for cloud governance. We have AWS as our public cloud service, and we have multiple cloud accounts that we manage. We're using Prisma SaaS for the cloud governance of these accounts. 

    How has it helped my organization?

    It has been very useful so far. We are a part of a small team, and we have almost 20 accounts. Therefore, it is difficult for us to log in to each account and look at cloud trail and other things. It is not possible to log in manually and check each of the vulnerabilities. Prisma has helped us a lot. It shows the alerts in real-time, and we are pretty happy with the service it offers. We now know how to categorize alerts, which ones need immediate attention, and on which ones can we act a bit later.

    What is most valuable?

    It has predefined or preconfigured rules, which are getting periodically updated. They are providing continuous improvements and periodically updating all search queries that they are looking for. That is one thing that helps us to stay vigilant and focused. If we query our AWS account for any breaches or vulnerabilities with any of the cloud tests, and it alerts us based on these predefined rules. It also provides an option to configure our own rules, and based on these rules, it can query the cloud trail logs, pull the information, and trigger alerts in real-time. I haven't explored this feature much because there are multiple accounts, and we don't have enough time to explore this feature. 

    It also provides multiple integrations. When vulnerabilities or breaches are happening, you should be aware of them immediately. It provides integration with tools such as Slack, PagerDuty so that you can get alerted as soon as the high severity stuff comes up. For example, you have a security group that has allowed public traffic on port 22. As TechOps, you should be aware of this immediately. You cannot scan each machine or look into all security groups to identify it. So, Prisma helps us and alerts us when this kind of high-priority stuff comes up. 

    It has different statistics, analytics, and graphs for data. The description of alerts is also pretty good. They describe what are the possible causes for this and what are the solutions. From Prisma Cloud, you can directly go to the AWS account. When you click on an alert, a resource, or a resource ID, it takes you to the AWS console where you need to log in. If you are already logged in, it will take you to that instance directly, and you can fix the issue there. I have found this feature very useful.

    What needs improvement?

    We are using the SaaS offering. We use our applications for microservices. We use Twistlock to scan containers, and it displays these results in Prisma, which is a good feature because we can see vulnerabilities with respect to these containers. We can see everything in a very detailed manner. However, when you have different environments for a single application, such as DEV, QA, PROD, and TEST, all these environments run multiple containers, which can lead to a very high number of containers. In such a scenario, it shows you the alerts for all those containers that have vulnerabilities. If you show the results of all the containers that share the same image, it is not going to add any value. Therefore, they should narrow down the alerts based on a container. It should show information for a single container. Otherwise, the person who is looking at the results gets the impression that he has to fix all these issues. This is something that they can improve.

    For how long have I used the solution?

    I have been using this solution for two years.

    What do I think about the stability of the solution?

    Its stability has been great. 

    Which solution did I use previously and why did I switch?

    I have used different tools previously. I have used Evident. Prisma is much better than Evident in terms of the information it provides for alerts. In Evident, they provide a little bit of information about the triggered alert, whereas Prisma provides in-depth details.

    How was the initial setup?

    It is pretty straightforward. It is a two-step procedure. You need to create the roles and mention the role in the Prisma config. You have to create a role in the corresponding AWS account or Azure account and give that role information while configuring Prisma. So, you need to provide the account ID number, the role that you have created, and a short description of the account that you're using. You also need to enable a couple of other things, such as VPC flow logs and cloud trail for Prisma. If these are not configured, Prisma will still get configured, but it will alert you that you have not configured the flow logs, cloud trail, and all other events. After that, Prisma will immediately start scanning the account. 

    It also has a provision for grouping your accounts into a particular group. If you have a project that has multiple accounts, you can group them together as a central group. If all those accounts are managed by a single team, you can enable alert notifications for that single team instead of each account. Everything is pretty good in terms of management activities.

    Deployment hardly takes five to ten minutes. It is a SaaS offering. It is a managed service by Palo Alto. You don't have to configure anything at your site for Prisma. You don't have to create any sort of instances or deploy it. You just need to onboard the accounts.

    What about the implementation team?

    It doesn't require any maintenance. It is managed by our corporate IT team. They have onboarded all the AWS accounts with respect to my organization. These AWS accounts belong to multiple groups of people. 

    My department has around 30 people who use this solution as DevOps, and we have the access to the portal. We have enabled read-only access for certain groups so that they can go and look into the alerts and do the necessary things. We have created multiple read-only groups, and we have assigned a set of users to each read-only group.

    What was our ROI?

    It has definitely provided an ROI.

    Which other solutions did I evaluate?

    We looked into multiple options, and we chose Prisma considering the price and the features it offered.

    We started off with AWS three years ago. As the number of accounts grew, we felt the need to use some sort of cloud governance tool because it is not possible for us to log in to each account and look for issues that may impact the organization. That's why we started to use Prisma. We are using multiple solutions from Palo Alto. We use Twistlock for container scanning and things like that.

    What other advice do I have?

    I have positive feedback about this product. We are happy with this product and the features it offers for the price. 

    I would rate Prisma SaaS an eight out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Angell Duran - PeerSpot reviewer
    Senior Engineer at Cloudrise
    Real User
    Top 20
    Reasonably priced tool that is easy to configure with great support
    Pros and Cons
    • "The most valuable feature of Prisma Cloud-native, in my opinion, is that it assists in identifying, analyzing, and remediating vulnerabilities."
    • "One area for improvement is for them to stay on top of keeping their CVEs on their platform up to date."

    What is our primary use case?

    As a Palo Alto provider, their Platform as a Service (PaaS) for their Prisma Cloud-Native product, is offered as a hosted or Software as a Service (SaaS) version. As a user their product should scan and manage cloud container images to identify vulnerabilities. It's a key feature for identifying CI/CD development issues for remediation. 

    What is most valuable?

    The most valuable feature of Prisma Cloud-Native, in my opinion, is that it assists in identifying, analyzing, and remediating vulnerabilities.

    What needs improvement?

    Palo Alto does a great job on managing updates to their products. It can be difficult managing all the subscription updates, especially if they are manual. There should be a process in place. 

    One area of challenge is for them to stay on top of current CVEs on their platform. Anything in the lines of compliance should be current from potential attacks. They have a URL link where customers can make recommendations to map to specific compliance frameworks or standards. That's great, but instead of having the customer identify those, they should make sure they're using the most recent version. The NIST SP 800-53 Rev. 4, should be mapped to NIST SP 800-53 Rev. 5 current version. Many people are unaware of this change. Should use the most current version, unless you have an exception for legacy systems.

    For how long have I used the solution?

    I have been using Palo Alto Prisma Cloud for about a year now.

    I'm currently supporting a Prisma Cloud-Native re-configuration project. It's their Software-as-a-Service (SaaS) version in the Cloud to scan for vulnerabilities. 

    What do I think about the stability of the solution?

    Prisma Palo Alto Networks is an optimal solution. They use the Amazon platform. They have some extremely talented engineers who keep the product up to date. Version updates could be a challenge as some versions are not automated. They don't always push you to update unless you're maybe using the hosted version. If you are unaware of this, you may have been using an older version for an extended period of time. There will be bugs and issues, and it will not perform optimally. It's important to use the most current version. 

    How are customer service and support?

    Palo Alot support is great. There are no complaints.

    Which solution did I use previously and why did I switch?

    I am familiar with Trend Micro, and WatchGuard solutions. I really like Trend Micro. They are excellent, in my opinion. They are great for anti-malware, as well as scanning your desktops and computers for personal or business use.

    Proofpoint is another product that I really like for DLP Endpoint Security. They do an excellent job.

    How was the initial setup?

    I didn't do the original configuration, but I am doing some of the re-configuration. It is important to understand your organization's infrastructure, cloud containers, and all the various types of administrative access controls. It all comes down to having the knowledge and visibility to configure it with your environment. 

    What's my experience with pricing, setup cost, and licensing?

    The pricing is reasonable for Palo Alto. They price their products using credit modules. There are various types of modules in each section. I believe there are four different modules. If you want to ensure that you are saving on cost, you should develop a very good DevOps or DevSecOps process with the cloud engineers and development team. Meaning, when the development team is no longer creating apps or working in their CI/CD environment, they must scale down, repave and decommission or it could increase your costs significantly.

    Which deployment model are you using for this solution?

    Private Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    Flag as inappropriate
    PeerSpot user
    KostiantynFrolov - PeerSpot reviewer
    Lead Security Engineer at ESKA
    Real User
    Top 5
    A top-choice solution for flexibility and security
    Pros and Cons
    • "Prisma SaaS is very easy to use; it's common sense — it's the best-in-class."

      What is our primary use case?

      I am an integrator. Prisma SaaS is the most preferred solution among our customers — my customers really like it. Currently, I have three customers that are using this solution. 

      Many of my customers work in the financial sector. Prisma SaaS is a top-choice solution for customers who are looking for more flexibility and secure edge points. Prisma Saas has taken big steps to please its customers. It's a cloud-based solution and cloud security is at the edge of the market. The Coronavirus and the pandemic pushed the market to the cloud.

      What is most valuable?

      Prisma SaaS is very easy to use; it's common sense — it's the best-in-class.  

      Palo Alto is always up to the challenge. It works great with the Oracle Cloud; other SaaS solutions don't always work with various clouds. Prisma Cloud is the best. My customers love it; they all use it in various ways.

      For how long have I used the solution?

      I have been using Prisma SaaS for roughly two years. 

      What do I think about the stability of the solution?

      Prisma SaaS is very stable. Palo Alto is leading the market in terms of security solutions. Other security providers are slow and a year behind Palo Alto. By the time they catch up, Palo Alto will already be working on new questions. 

      What do I think about the scalability of the solution?

      This solution is very scalable. I can't think of another solution that functions better. It's very flexible — that's one of the reasons why it's more expensive than similar solutions. 

      How are customer service and technical support?

      Palo Alto offers great support to their partners — we're a partner. Their support team is very knowledgeable. 

      I am Russian and Ukrainian. Palo Alto provides me with support in English. My customers are not English speakers, therefore, I act as a translator for them when I communicate with support — from English to Russian and then back. 

      How was the initial setup?

      Installation is simple. There are a few steps involved but with help from customer service and some simple troubleshooting, it's not too bad.  

      What about the implementation team?

      I have fully installed this solution for three customers. Depending on the project, you'll need anywhere from one to three engineers. Installation and configuration also depend on the cloud that the customer uses. 

      What's my experience with pricing, setup cost, and licensing?

      Prisma SaaS is more expensive than similar solutions but I think it's worth it. 

      If I were to choose a low-cost solution for another vendor, it wouldn't be as effective. With low cost comes low usability and low effectiveness. 

      What other advice do I have?

      I would highly recommend Prisma SaaS to others. Speaking as an ambassador for Palo Alto and Prisma access, it's the best solution on the market. Overall, on a scale from one to ten, I would give Prisma SaaS a rating of ten. 

      The price is my only concern, otherwise, Palo Alto is the best. Still, every year, Palo Alto lowers the price of its solutions. 

      Which deployment model are you using for this solution?

      Public Cloud
      Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
      PeerSpot user
      Darshil Sanghvi - PeerSpot reviewer
      Consultant at a tech services company with 501-1,000 employees
      Reseller
      Top 5Leaderboard
      Good ability to quarantine and clean a malware file; lacks a hybrid model
      Pros and Cons
      • "To quarantine and clean a malware file provides a lot of security."
      • "Lacks a hybrid model which has API plus in-line security."

      What is our primary use case?

      This solution helps us with visibility of the data stored in the cloud and it even scans our files. If a user is trying to upload any kind of malware file or a script, Prisma SaaS scans those files and helps us identify anything malicious. If it finds something, it directly cleans the file. We are partners with Prisma SaaS.

      What is most valuable?

      I've evaluated multiple solutions on the market but to quarantine and clean a malware file is something I haven't seen anywhere else. It's a great feature and provides a lot of security.  

      What needs improvement?

      I would like to see a hybrid model which has API plus in-line security, where the user's data is controlled via an API call and also controlled in-line. 

      For how long have I used the solution?

      We been using this solution for over a year. 

      What do I think about the stability of the solution?

      We've never had any issues in terms of stability. 

      What do I think about the scalability of the solution?

      In terms of scalability, we initially went with the out-of-the-box solution which was able to support around 40 to 50 users and it was fine. There was no need for any add-ons. We now have a license for 200 users and it scales well. 

      How are customer service and technical support?

      Technical support is responsive. We contacted them a few times and they were helpful. 

      How was the initial setup?

      The initial setup was straightforward. It was completely on cloud and easily activated, and we were up and running quite quickly.

      What's my experience with pricing, setup cost, and licensing?

      The licensing of this solution is a little expensive and is paid on an annual basis. 

      What other advice do I have?

      If a company is looking for an API-based technology to control their SaaS data uses and user access, then Prisma SaaS is a good product but if they're looking for a complete CASB solution, then this is not suitable. The solution provides a lot of security but when you look at it in terms of the high cost for licensing, then it is not cost effective to spend that amount just to protect the data stored by the user.

      I rate this solution a six out of 10. 

      Which deployment model are you using for this solution?

      Public Cloud
      Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
      PeerSpot user
      Senior Executive at a tech services company with 1,001-5,000 employees
      Real User
      Top 20
      User-friendly, straightforward to set up with good integration, and the remediation process is easy
      Pros and Cons
      • "The remediation process is easy compared to other platforms."
      • "My clients would like to see a more feature-rich product."

      What is our primary use case?

      We are a solution provider and we have implemented Prism Cloud for a couple of clients.

      Our clients use this product for their container security.

      What is most valuable?

      The remediation process is easy compared to other platforms.

      The interface is user-friendly.

      What needs improvement?

      My clients would like to see a more feature-rich product.

      For how long have I used the solution?

      We have been using Prisma SaaS for about three months.

      What do I think about the stability of the solution?

      Stability-wise, I feel that it is good.

      What do I think about the scalability of the solution?

      We have not yet tried to expand beyond our integration with one cloud platform. This is something that we may do in the future.

      There are three people in my organization who use it.

      How are customer service and technical support?

      Technical support from Palo Alto has been responsive and they are good.

      Which solution did I use previously and why did I switch?

      We implemented Azure Secure Center before trying this product.

      How was the initial setup?

      This product is straightforward to set up and the integration is good.

      What's my experience with pricing, setup cost, and licensing?

      The licensing fees are paid on a yearly basis and for what we get, the price is good. However, the pricing should be better.

      Which other solutions did I evaluate?

      We did not have a great deal of time to evaluate other products.

      What other advice do I have?

      For anybody who is looking for a contained-based solution, I definitely recommend this product.

      I would rate this solution an eight out of ten.

      Which deployment model are you using for this solution?

      Public Cloud
      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      PeerSpot user
      Head of Pre-Sales at a tech services company with 51-200 employees
      Real User
      Top 5Leaderboard
      Can be stable and easy to integrate but needs reverse proxy integrations

      What is our primary use case?

      Prisma SaaS can be used to secure sanction applications that people use on enterprises. You can integrate the solution using ATI to sanction applications such as Office 365, Google, and Salesforce. You can apply controls to protect from data leakage and then apply cloud-based DLP policies.

      What is most valuable?

      The valuable features are that it is easy to use, easy to integrate, and is stable. It's scalable as well.

      What needs improvement?

      When it comes to integration mechanisms, Prisma SaaS does not support reverse proxy type of integrations. For example, a product like Netskope has a lot more integration mechanisms than does Prisma.

      For how long have I used the solution?

      I've been using it for about one year.

      What do I think about the stability of the solution?

      It's a stable product.

      What do I think about the scalability of the solution?

      It's scalable. We have about 500 users.

      How are customer service and technical support?

      The technical support has been good.

      How was the initial setup?

      Prisma SaaS requires a small implementation. Two engineers would be sufficient for the deployment process.

      What about the implementation team?

      We implemented it ourselves.

      What other advice do I have?

      I would rate Prisma SaaS at seven on a scale from one to ten. It is easy to integrate and is stable and scalable, but it needs to support reverse proxy integrations.

      Which deployment model are you using for this solution?

      Public Cloud
      Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
      PeerSpot user
      Buyer's Guide
      Download our free Prisma SaaS by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.
      Updated: July 2022
      Buyer's Guide
      Download our free Prisma SaaS by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.