2019-05-15T05:16:00Z
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
  • 0
  • 14

What needs improvement with Prisma SaaS by Palo Alto Networks?

Please share with the community what you think needs improvement with Prisma SaaS by Palo Alto Networks.

What are its weaknesses? What would you like to see changed in a future version?

11
PeerSpot user
11 Answers
Hemant Rajput - PeerSpot reviewer
Deputy Manager at a tech services company with 10,001+ employees
Real User
Top 20
2022-10-10T05:01:00Z
Oct 10, 2022

The frequency of updates could be reduced. The updates are necessary, but they occur too frequently. The updates require devices to be rebooted, so there's downtime in the production environment. It's difficult to ask for downtime in a critical production environment every time there is an update. The software versions should be stable for longer durations. For example, six months or a year.

Search for a product comparison
Gabriel Franco - PeerSpot reviewer
Senior Service Delivery Engineer at Netdata Innovation Center
Real User
Top 5
2022-06-06T22:11:00Z
Jun 6, 2022

They can add some new characteristics. For example, when an incident triggers, they can automatically send a template for a particular match that is related to the policy. We don't have that right now. It is something to improve. There could be more automation for certain actions. For example, for a particular group, it can send an administrator alert to their manager. It was one of the concerns of our customers. You have three types of rules in SaaS Security API. You have the asset policies. You have the user activity policies, and you have the security control rules. Asset policies are more general, and they are more focused on the general behavior of an asset, which is a file. The user activity rules control or alert about unusual user activity or compliance violations, such as when a user uploads a large number of files. It would be good if you can put User IDs for the asset rules. In the asset rules, you can use the Azure AD group, but you cannot use the User ID. That would be a good improvement. Palo Alto has a lot of different solutions, and it would be good if the DLP part can be integrated with other solutions as well.

Angell Duran - PeerSpot reviewer
Senior Engineer at Cloudrise
Real User
Top 20
2022-03-24T19:29:05Z
Mar 24, 2022

Palo Alto does a great job on managing updates to their products. It can be difficult managing all the subscription updates, especially if they are manual. There should be a process in place. One area of challenge is for them to stay on top of current CVEs on their platform. Anything in the lines of compliance should be current from potential attacks. They have a URL link where customers can make recommendations to map to specific compliance frameworks or standards. That's great, but instead of having the customer identify those, they should make sure they're using the most recent version. The NIST SP 800-53 Rev. 4, should be mapped to NIST SP 800-53 Rev. 5 current version. Many people are unaware of this change. Should use the most current version, unless you have an exception for legacy systems.

MR
Senior Security Engineer at a manufacturing company with 501-1,000 employees
Real User
Top 20
2021-10-31T20:47:00Z
Oct 31, 2021

Prisma would be a stronger solution if it could aggregate resources by project or by application. So say we have an application we've developed in AWS and five applications we've developed in Azure. The platform will group it according to those applications, but it's based on the tags we use in Azure, which means I have to rely on development teams to tag resources properly. If they don't do that, it doesn't group them properly in the platform. It would be nice if we could group the application according to the platform itself instead of relying on the development team to tag correctly in the cloud environment. My development team for one project might be different from the development team in another project. If I see a resource that needs to be fixed or changed, I need to know what project that resource is associated with. Ideally, I don't want to have to go into Azure and try to figure that out. So if I could tag it using the platform itself rather than relying on the tags that the development team uses in Azure, that would be extremely helpful. I wouldn't say Prisma is particularly useful for protecting data. It's hard to say. We're not looking at the data of the resources, so to speak, using Prisma. It's more like the resources that hold the data.

Darshil Sanghvi - PeerSpot reviewer
Consultant at a tech services company with 501-1,000 employees
Reseller
Top 5Leaderboard
2021-06-05T14:55:44Z
Jun 5, 2021

I would like to see a hybrid model which has API plus in-line security, where the user's data is controlled via an API call and also controlled in-line.

JJ
DevOps Engineer at a tech services company with 10,001+ employees
Real User
2021-04-10T09:28:11Z
Apr 10, 2021

We are using the SaaS offering. We use our applications for microservices. We use Twistlock to scan containers, and it displays these results in Prisma, which is a good feature because we can see vulnerabilities with respect to these containers. We can see everything in a very detailed manner. However, when you have different environments for a single application, such as DEV, QA, PROD, and TEST, all these environments run multiple containers, which can lead to a very high number of containers. In such a scenario, it shows you the alerts for all those containers that have vulnerabilities. If you show the results of all the containers that share the same image, it is not going to add any value. Therefore, they should narrow down the alerts based on a container. It should show information for a single container. Otherwise, the person who is looking at the results gets the impression that he has to fix all these issues. This is something that they can improve.

Learn what your peers think about Prisma SaaS by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
657,849 professionals have used our research since 2012.
PG
Senior Executive at a tech services company with 1,001-5,000 employees
Real User
Top 20
2021-04-08T12:51:36Z
Apr 8, 2021

My clients would like to see a more feature-rich product.

GA
Consultant at Trillennium (Pvt) Ltd
Reseller
Top 20
2020-06-07T09:09:01Z
Jun 7, 2020

The price can be reduced to make it more competitive.

Rakesh Rawat - PeerSpot reviewer
Network Engineer at Acliv Technologies Pvt Ltd
Real User
2019-09-01T08:49:00Z
Sep 1, 2019

Overall it is actually very good. I haven't yet had any issue at all. One thing that would help is if we could get a guide. With Cisco, for example, you can just type the problem regarding your Cisco product and you will easily get your solution. In Palo Alto, however, it's not easy to find the solutions.

JM
Senior Director at a logistics company with 501-1,000 employees
Real User
2019-05-16T06:50:00Z
May 16, 2019

They automatically update and they should give us time to fully understand what they're updating so that we can make sure it doesn't impact production.

Girish Vyas - PeerSpot reviewer
Architect - Cloud Serviced at a comms service provider with 10,001+ employees
Real User
Top 20
2019-05-15T05:16:00Z
May 15, 2019

There are a lot of cloud-based applications that are supported, such as Box, Skype, Google Drive, and SharePoint, but there are many more than have not been totally integrated. They cannot use in-house apps because they are not generic services. I would like to see support for custom applications. There are also certain storage services that are not integrated, like AWS S3. If the services are created by the customer then it would be very nice to have those protected too. Right now, this is a data at rest CASB, but it would be nice if it included features such as forward proxy or reverse proxy. It would be able to provide the OTP to those gateways and anyone who can integrate with Aperture can send the data to have it authenticated, via Aperture to the cloud, rather than just scanned. Essentially, if it can be made to act as an auth server, to automatically handle the forward proxy CASB, it would be good.

Related Questions
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Dec 15, 2021
How does Prisma SaaS by Palo Alto Networks compare with Zscaler internet access? Which is better and why?
See 1 answer
Janet Staver - PeerSpot reviewer
Tech Blogger
Dec 15, 2021
Prisma SaaS by Palo Alto Networks is stable, easy to integrate, easy to use, and very scalable.  It has a very user-friendly interface, has a straightforward setup, and the remediation process is easy compared to other platforms. Moreover, it has good performance and technical support. In addition, Prisma has the ability to quarantine and clean a malware file very well, which is a great feature that provides a lot of security. Whatsmore is that the solution works with Oracle Cloud while other SaaS solutions aren’t always compatible. Compared to other solutions, Prisma SaaS is flexible. While Prisma SaaS has many good things going for it, its one major disappointment is that it does not support the reverse proxy type of integrations, which can be a deal-breaker for some people. Prisma SaaS also lacks a hybrid model. Zscaler internet access has good VPN technology and the internet security it provides is by far its most valuable feature. Some of its other valuable features are that it is a lightweight solution, it is very easy to set up, configure, and maintain, and the protection is in the cloud. What I find to be most useful is that it delivers safe web access for employees that work remotely, and it also increases cybersecurity, making it efficient by saving a lot of time. The only thing that I don’t like about Zscaler is that there are a few new features that are not compatible with Azure Cloud. I wish they also had more video documentation and training materials available, but I think they plan to expand on that front soon. Conclusion: After evaluating both Prisma SaaS by Palo Alto Networks as well as Zscaler internet access, I ultimately decided to go with Zscaler because Prisma SaaS wasn’t as feature-rich as I expected it to be, and Prisma SaaS was also the more pricey option.
it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees
Mar 24, 2022
Hi, We all know it's really hard to get good pricing and cost information. Please share what you can so you can help your peers.
2 out of 9 answers
Rakesh Rawat - PeerSpot reviewer
Network Engineer at Acliv Technologies Pvt Ltd
Sep 1, 2019
The solution is actually very expensive. I don't know the particulars since the purchasing team dealt with it.
Girish Vyas - PeerSpot reviewer
Architect - Cloud Serviced at a comms service provider with 10,001+ employees
May 15, 2019
The pricing for this solution is on the higher end. Our customer felt that the solution was a bit overpriced but they had nothing that offered them better protection. The licensing fees are on a yearly basis, and there are no additional costs.
Download Free Report
Download our free Prisma SaaS by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
657,849 professionals have used our research since 2012.