Prisma Access Browser Reviews

We are integrators, and we do not use Prisma Access Browser for our personal use or professional use; we use Prisma Access Browser to present the solution to our customers and to try to sell this solution because we are a Palo Alto partner.

I have hands-on experience with Prisma Access Browser, and I sometimes demonstrate the solution to our customers.

The first use cases for Prisma Access Browser are bring your own device, where the customer is not obliged to install a client or an agent, to do the Secure Web Gateway, and to do the URL filtering. The most interesting use case that interests our customers is the DLP features on Prisma Access Browser; it is a great DLP solution with watermark and prevents data exfiltration.

Regarding web exfiltration, the DLP features help us prevent web exfiltration to upload confidential documents, access in the share, access confidential documents, and download them. With Prisma Access Browser, we have the capability to block any exfiltration regarding web exfiltration.

We have the third channel in data exfiltration; we have email, we have web, and we have the endpoint. Prisma Access Browser can block exfiltration from the web, and if I use web email, it can also prevent exfiltration from web email.

When we use web email, we can prevent phishing attacks related to URL filtering with Prisma Access Browser, which prevents phishing attacks.

This is important for the cybersecurity strategy because threat prevention, real-time attacks, and all these features are related to Secure Web Gateway. The features that need to be in Secure Web Gateway include threat prevention, malware download or upload in file sharing, OneDrive, SharePoint, and access to malicious domains. All of the threat prevention is related to Secure Web Gateway, and this is very interesting for a customer.

SD-WAN capability is another solution, and it is not Prisma Access Browser; we do not have SD-WAN capability with Prisma Access Browser.

I would like to improve the private access to do the ZTNA. I think that Palo Alto has released the versions and integrated the private access in Prisma Access Browser, but I'm not sure. The feature that is missing in Prisma Access Browser is the capability to monitor the private access where a user can access a private app with authentication, posture, and granular access.

Regarding the pricing aspect, many customers find that the solution is a little bit expensive. Palo Alto should reconsider the pricing as it is a bit expensive.

I have been working with Prisma Access Browser for six months.

We are supported by Palo Alto as partners, and if we have a question on anything, we call directly and contact the team in France.

For me, there are no previous solutions, but I think that Netskope has an enterprise browser; I have not manipulated it yet.

The initial setup is not complex; it is very easy to install, very easy to use, and the interface is very intuitive; it is not very complicated.

I do find it cost-effective, but we need to change the customer's perspective to achieve this ROI. Many customers use Prisma Access Browser as an additional solution; they have a proxy installed on-prem and in the cloud. The customer needs to change their mindset to calculate a real ROI in front of Prisma Access Browser. Currently, customers do not do this; they just purchase Prisma Access Browser because the solution is very good, and it represents many interesting use cases, especially for contractors and unmanaged devices.

For me, there are no alternate solutions, but I think that Netskope has an enterprise browser; I have not manipulated it yet.

With granular policy enforcement, we can enforce policy for users, groups of users, or many domains; we can whitelist, blacklist, and in DLP, we have a main use case to block or prevent exfiltration and in threat prevention as well. The policy is very granular.

The advice I would share is that you should identify the application and the DLP policy, as well as blacklist and whitelist domains. Prepare to install Prisma Access Browser very easily and adapt and enroll all users very rapidly. I would rate this solution a 9 out of 10.

One of the customers I have worked with is Paytm, which is a giant online business transaction service in India. We have implemented the Prisma Access Browser for them.

The customer followed best practices for the Prisma Access Browser. They implemented it because they didn't have any security apart from EDR and firewall. That's why they chose browser isolation security and Prisma Access to connect between VAN and all. They implemented it with best practices, and our IT team would enhance the security. I'm not aware of how they implemented it later on.

I have experience with the Prisma Access Browser for about 400 to 500 users.

The best feature of the Prisma Access Browser is browser isolation. Isolation makes the user experience very good and real-time, while the container is in a different zone. This is a great feature because if phishing or something happens, it doesn't impact the user's system. The same capability is provided by Zscaler with RBI and Netskope as well.

Real-time threat monitoring for the Prisma Access Browser is good. It provides good data, and the customer was very happy. As part of the feedback, Palo Alto and I collected responses from them. They haven't faced any problems or false positives. The false positive scenario is less than 1% in Palo Alto.

There are no areas for improvement with Prisma Access Browser. I recommend improvements based on customer feedback, but the customer is not complaining about anything. That's why I'm not suggesting any improvement areas.

The switch happened within the last 12 months.

On a scale of one to 10, I would rate Palo Alto's customer service or technical support as three. Their support is very poor. For example, I was in a data center network down emergency. I called the support, and the customer had purchased premium support, top-tier support. After waiting for one hour, one representative came and said there was no technical person available. I explained I was in a network down emergency and needed support immediately. They replied that they didn't have any engineer and I needed to wait another 30 or 40 minutes. I waited and then escalated to Palo Alto management, after which I got the engineer.

Neutral

Previously, I have worked on Prisma Access Browser. I switched to Zscaler and then Check Point Harmony SASE. I am currently working on Harmony SASE.

Regarding the pricing for the Prisma Access Browser, it comes on the expensive side. I have seen the prices for Zscaler, Netskope, Harmony SASE, and Prisma Access. These are the market leaders of SASE solutions. Customers always look for Netskope, Zscaler, Palo Alto, or Harmony. Netskope is cheaper than Harmony SASE, then comes Netskope, followed by Palo Alto, and then Zscaler, with Zscaler being the most expensive. However, Zscaler is very good in terms of features compared to Prisma Access Browser.

The Prisma Access Browser does not have SD-WAN functionality. In fact, Palo Alto SD-WAN functionality is very poor. I discussed this with the Palo Alto team in their India head office, but they said they don't recommend Palo Alto SD-WAN to other customers. More often, customers go with Fortinet if they want SD-WAN functionality.

Palo Alto has offered SD-WAN for a long time, but they have acquired or collaborated with another company within the past two years. After that, they refined their SD-WAN solutions. Fortinet has been doing it for a long time. Customers in India don't trust Palo Alto for SD-WAN because Fortinet has acquired the market for SD-WAN. Fortinet is the only company providing the best SD-WAN solution with firewall features. Palo Alto hasn't captured that market, but they are very good in security compared to Fortinet. However, regarding SD-WAN, Fortinet's configuration part and manageability for underlay and overlay configuration are very easy compared to Palo Alto.

I can deal with Fortinet, Cisco, and Palo Alto products. I don't have experience with FortiGate, but I do have experience with Palo Alto and Check Point.

With Palo Alto, I am not familiar with Cortex Cloud, but I am familiar with Prisma Access Browser. I have a colleague who has experience with Cortex.

With Prisma Access Browser, I deal with the Secure Web Gateway. Regarding Data Loss Prevention (DLP), they went with email security, not EDR.

On a scale of 1-10, I rate Prisma Access Browser a 7.

I am using Prisma Access Browser for various purposes, and my main use case revolves around its advanced technology.

Prisma Access Browser is very advanced technology with different features, though we faced some hurdles during the first-time use, although it becomes easier to access over time.

The advanced technology means that all options are available as per our business needs.

There is granular policy enforcement in the product, and it has helped us manage our browsing activity. Regarding SD-WAN functionality, I want to clarify if we worked with it in Prisma Access Browser or in some other products.

I wanted to ask about the advantages of the product, but what about disadvantages? Do I see any improvements in Prisma Access Browser?

In the beginning, the solution may not be very user-friendly and could be complex.

I am using Prisma Access Browser, and I have been using it for three months since we installed it on the firewall in August.

It is extremely stable for our operations without glitches or latency.

The technical support from Palo Alto is very good. They provide support through StarLink, which is a distributor of Palo Alto in Pakistan, and if I open a case, the support team contacts me timely as per the priority of my complaint.

Positive

I have abandoned Sophos and am not using it anymore.

I find the installation of Prisma Access Browser overall easy. All deployment documents are available, so if you read the PDF and create a diagram as per your requirements, it makes the deployment phase much easier.

Currently, we are not in a stable state to check ROI since we are under attack. Our previous firewall had some glitches and due to some outdated computer systems, our organization is compromised. We are not considering savings right now because all major companies in Pakistan, especially in the oil and gas sector, are facing threats.

I find it quite expensive, but not more so than other products such as Sophos and Fortinet. For instance, with these rupees, we easily purchased a Sophos firewall with three years of subscription.

In the case of Palo Alto, we purchase it for one year subscription for the exact same rupees as compared to two years with others.

There is a major difference in pricing between both firewalls.

Palo Alto is the most expensive compared to Sophos.

I work with Palo Alto Firewall, and I am also interested in Prisma Access Browser and DLP.

I remember that I worked with Palo Alto as a user and a customer. Palo Alto has extremely advanced technology.

Prisma Access Browser is the most capable, advanced, and flexible product.

For Prisma Access Browser overall as a product, I would give it a 10 out of 10. It depends on the infrastructure of my company, but it's not in daily usage, and we can work without it, yet for qualities and functionalities, I find it to be excellent.

I basically work with SD-WAN, with firewalls; this is my current field.

My overall rating for Prisma Access Browser is 10 out of 10.

The project is finishing now and I have delivered the documentation. The project has been signed off. It is tunnel-based, and it is used to access the customer's private workload and to access the internet.

The Secure Web Gateway and SSL inspection are valuable features of Prisma Access Browser.

Prisma Access Browser improves security because the browser is one of the attack surfaces. It needs more security on the endpoint device and standardization of device usage. It also helps standardize the access policy to the internet.

The maturity of the product needs improvement as the implementation is very complex. The requirements are very hard to implement because it is for a top-level provider client, one of the most important telecom companies in Portugal. The product is not totally mature yet.

I have been familiar with Prisma Access Browser for eight months to one year.

The implementation was easy because I have experience with the product and similar products.

On a scale of one to five, I give the Palo Alto technical support three points.

Neutral

It is one client application that follows the wizard installation process.

For us, the implementation of Prisma Access Browser is a POC (Proof of Concept). It is currently being used, and based on the feedback, it can proceed to a final production implementation.

In general, it is good with no problems. The maturity of the product needs time. For the telecom customer, it is currently a proof of concept, and the customer provides feedback on whether to proceed with the production implementation.

I can compare it to Check Point browser protection, which is similar to Prisma Access Browser. Prisma Access Browser is Chrome-based while Check Point browser protection is a plugin. The security features are similar.

Check Point browser is more powerful for unknown threats. The emulation for the cloud is more powerful, as evident in the reports. Prisma Access Browser is more resource-consuming, while Check Point browser protection is more streamlined.

I work with Palo Alto Panorama, Prisma, Prisma Cloud, Prisma Access, Strata Cloud Manager, and Firewall on-premise including the VM-Series and PA-Series from the Palo Alto catalog.

I am in network security with 15 years of experience. I have five years of experience with Palo Alto, 15 years with Check Point, 15 years with Cisco, and five years with Imperva.

In the Portuguese market, Firewall has a 17% to 60% market share. Implementation is done in the cloud, in Azure and AWS, and includes firewall appliance for the one and two series.

Prisma Access Browser is currently replacing SSL VPN. A partner has one implementation in a major telecom provider in Portugal. A use case is to replace the partner with SSL VPN, a clientless VPN.

The overall rating for this solution is 6 out of 10.