Prisma Access by Palo Alto Networks Reviews

Prisma SaaS can be used to secure sanction applications that people use on enterprises. You can integrate the solution using ATI to sanction applications such as Office 365, Google, and Salesforce. You can apply controls to protect from data leakage and then apply cloud-based DLP policies.

The valuable features are that it is easy to use, easy to integrate, and is stable. It's scalable as well.

When it comes to integration mechanisms, Prisma SaaS does not support reverse proxy type of integrations. For example, a product like Netskope has a lot more integration mechanisms than does Prisma.

I've been using it for about one year.

It's a stable product.

It's scalable. We have about 500 users.

The technical support has been good.

Prisma SaaS requires a small implementation. Two engineers would be sufficient for the deployment process.

We implemented it ourselves.

I would rate Prisma SaaS at seven on a scale from one to ten. It is easy to integrate and is stable and scalable, but it needs to support reverse proxy integrations.

We are basically using it for cloud governance. We have AWS as our public cloud service, and we have multiple cloud accounts that we manage. We're using Prisma SaaS for the cloud governance of these accounts. 

It has been very useful so far. We are a part of a small team, and we have almost 20 accounts. Therefore, it is difficult for us to log in to each account and look at cloud trail and other things. It is not possible to log in manually and check each of the vulnerabilities. Prisma has helped us a lot. It shows the alerts in real-time, and we are pretty happy with the service it offers. We now know how to categorize alerts, which ones need immediate attention, and on which ones can we act a bit later.

It has predefined or preconfigured rules, which are getting periodically updated. They are providing continuous improvements and periodically updating all search queries that they are looking for. That is one thing that helps us to stay vigilant and focused. If we query our AWS account for any breaches or vulnerabilities with any of the cloud tests, and it alerts us based on these predefined rules. It also provides an option to configure our own rules, and based on these rules, it can query the cloud trail logs, pull the information, and trigger alerts in real-time. I haven't explored this feature much because there are multiple accounts, and we don't have enough time to explore this feature. 

It also provides multiple integrations. When vulnerabilities or breaches are happening, you should be aware of them immediately. It provides integration with tools such as Slack, PagerDuty so that you can get alerted as soon as the high severity stuff comes up. For example, you have a security group that has allowed public traffic on port 22. As TechOps, you should be aware of this immediately. You cannot scan each machine or look into all security groups to identify it. So, Prisma helps us and alerts us when this kind of high-priority stuff comes up. 

It has different statistics, analytics, and graphs for data. The description of alerts is also pretty good. They describe what are the possible causes for this and what are the solutions. From Prisma Cloud, you can directly go to the AWS account. When you click on an alert, a resource, or a resource ID, it takes you to the AWS console where you need to log in. If you are already logged in, it will take you to that instance directly, and you can fix the issue there. I have found this feature very useful.

We are using the SaaS offering. We use our applications for microservices. We use Twistlock to scan containers, and it displays these results in Prisma, which is a good feature because we can see vulnerabilities with respect to these containers. We can see everything in a very detailed manner. However, when you have different environments for a single application, such as DEV, QA, PROD, and TEST, all these environments run multiple containers, which can lead to a very high number of containers. In such a scenario, it shows you the alerts for all those containers that have vulnerabilities. If you show the results of all the containers that share the same image, it is not going to add any value. Therefore, they should narrow down the alerts based on a container. It should show information for a single container. Otherwise, the person who is looking at the results gets the impression that he has to fix all these issues. This is something that they can improve.

I have been using this solution for two years.

Its stability has been great. 

I have used different tools previously. I have used Evident. Prisma is much better than Evident in terms of the information it provides for alerts. In Evident, they provide a little bit of information about the triggered alert, whereas Prisma provides in-depth details.

It is pretty straightforward. It is a two-step procedure. You need to create the roles and mention the role in the Prisma config. You have to create a role in the corresponding AWS account or Azure account and give that role information while configuring Prisma. So, you need to provide the account ID number, the role that you have created, and a short description of the account that you're using. You also need to enable a couple of other things, such as VPC flow logs and cloud trail for Prisma. If these are not configured, Prisma will still get configured, but it will alert you that you have not configured the flow logs, cloud trail, and all other events. After that, Prisma will immediately start scanning the account. 

It also has a provision for grouping your accounts into a particular group. If you have a project that has multiple accounts, you can group them together as a central group. If all those accounts are managed by a single team, you can enable alert notifications for that single team instead of each account. Everything is pretty good in terms of management activities.

Deployment hardly takes five to ten minutes. It is a SaaS offering. It is a managed service by Palo Alto. You don't have to configure anything at your site for Prisma. You don't have to create any sort of instances or deploy it. You just need to onboard the accounts.

It doesn't require any maintenance. It is managed by our corporate IT team. They have onboarded all the AWS accounts with respect to my organization. These AWS accounts belong to multiple groups of people. 

My department has around 30 people who use this solution as DevOps, and we have the access to the portal. We have enabled read-only access for certain groups so that they can go and look into the alerts and do the necessary things. We have created multiple read-only groups, and we have assigned a set of users to each read-only group.

It has definitely provided an ROI.

We looked into multiple options, and we chose Prisma considering the price and the features it offered.

We started off with AWS three years ago. As the number of accounts grew, we felt the need to use some sort of cloud governance tool because it is not possible for us to log in to each account and look for issues that may impact the organization. That's why we started to use Prisma. We are using multiple solutions from Palo Alto. We use Twistlock for container scanning and things like that.

I have positive feedback about this product. We are happy with this product and the features it offers for the price. 

I would rate Prisma SaaS an eight out of ten.

We are a solution provider and we have implemented Prism Cloud for a couple of clients.

Our clients use this product for their container security.

The remediation process is easy compared to other platforms.

The interface is user-friendly.

My clients would like to see a more feature-rich product.

We have been using Prisma SaaS for about three months.

Stability-wise, I feel that it is good.

We have not yet tried to expand beyond our integration with one cloud platform. This is something that we may do in the future.

There are three people in my organization who use it.

Technical support from Palo Alto has been responsive and they are good.

We implemented Azure Secure Center before trying this product.

This product is straightforward to set up and the integration is good.

The licensing fees are paid on a yearly basis and for what we get, the price is good. However, the pricing should be better.

We did not have a great deal of time to evaluate other products.

For anybody who is looking for a contained-based solution, I definitely recommend this product.

I would rate this solution an eight out of ten.

We use it to securely access cloud data centers or cloud platforms. If a customer has a lot of workload in the cloud, then from the Prisma Access cloud, they can create secure access to all cloud platforms.

The users can securely access any cloud data centers or cloud platforms. In terms of the features, it has all the features that Palo Alto Next-Generation Firewall has. It is also very stable and scalable.

When it comes to the VPN, it uses the global protect VPN functionality to connect remotely, but it has a feature limitation for assigning multiple IP subnets to different user groups. It would be much better if we are able to assign the current IP blocks for the subnets based on the user groups.

We got its distribution about eight months ago.

It is very stable.

It is very scalable. The scalability can be based on the number of users or the number of networks. You can expand it the way you want. In Sri Lanka, we have about 3,000 users.

Palo Alto's technical support is good because they have multiple methods and licenses. Their premier support seems better.

The initial setup is straightforward in a way, but there are certain things that may require Panorama, which is a centralized management platform. The management of certain things can only be done through Panorama. For the initial integration, a few steps have to be followed, but after that, it is easy to configure and use.

For the console-side deployment, one or two engineers would be enough. A complete user deployment may take a few weeks to complete.

Prisma Access is a little bit expensive.

I would recommend this solution to others. I would rate Prisma Access a nine out of ten.

We are a system integrator and Prisma Access is one of the security products that we implement for our clients. We handle all products, from high-level to low-level, and we propose an end-to-end solution for each customer. I am a pre-sales architect and engineer.

Prisma Access is the name of the GlobalProtect Cloud Service.

Normally, it is sold to users who want to use a VPN agent.

The most valuable feature is the ability to join your network and provide access through the VPN.

It is integrated with the MDM solution but it is not a VPN, so this is something that can be improved. Better integration with the MDM solution would be useful.

We don't hear from customers for a long time when they have this solution, so I think that it is stable.

Scaling is easy because it is just a license that you extend.

Our clients for this solution are typically small to medium-sized companies.

We work with similar solutions from a number of vendors including Fortinet, F5, Trend Micro, and others.

We have an in-house team that is responsible for implementing products for our clients.

We also perform the required maintenance, as well as technical support.

This is not an expensive product and everything is included with one license. We normally sell GlobalProtect bundled with a firewall if the customer wants an endpoint solution.

We have to pitch it to smaller customers. When it comes to medium-sized organizations, they are almost dedicated to a VPN solution. This is a good solution and I can recommend it, although it would be improved with better MDM integration.

I would rate this solution a seven out of ten.

We are a services organization at the diagnostic stage. We generally see what matches the customer's requirements.

The primary use case of this solution mostly serves as remote access to the applications, and the secure access of applications both for the cloud and for their private data centers.

They are mainly using the zero-trust platform, which is very commonly used right now.

The most valuable feature is the zero-trust part of this solution.

This solution addresses most of our requirements.

I would like to see an increase in third-party integration, in terms of identity and access management, or strong authentication.

I have been working with this solution for the last six months.

This solution is stable we have not had any major issues with it.

This solution is scalable. Our customers are large enterprise companies with anywhere from 4,000 to 10,000 users.

The cloud setup is straightforward, and the onboarding process is much better, but the on-premises initial setup is slightly complex.

Anyone who is considering working with Prisma Access should go ahead and implement it. This is a product that I recommend.

I would rate this solution a nine out of ten.

We are a solution provider and we work with our customers to provide them with cloud-based solutions. One of the categories we provide is in the security-related space, and Prisma SaaS is one that we are promoting.

One of the primary use cases is to create a more secure tunnel between home and office, allowing people to more securely work remotely from home.

We use the central monitoring tool from Palo Alto, which gives us good visibility on our network.

The performance is good.

The price can be reduced to make it more competitive.

We have been working with Prisma SaaS for the last six months.

Stability-wise, we have not had any problems.

We have had no issues with scalability.

We work with a variety of security vendors including Check Point and Fortinet. For cloud-based solutions, we work with Barracuda.

The suitability of a particular product or vendor will depend on the client's requirements, situation, and budget.

Compared to other products, the price is slightly high. In fact, sometimes there is a large pricing gap.

This is the best product that I have looked at, out of all of the competitors. We are still testing it, but from what I have seen, it is really good compared to the others.

I would rate this solution a ten out of ten.

This is a CASB product that we use to protect data that is in the cloud. We work with our client to protect them from unknown threats, as well as known threats such as the inadvertent sharing of files. An example of this is the uploading of a file by an admin that contains sensitive data that was not intended to be shared with anyone who is external to the organization, such as a Gmail address. This solution offers protection from these kinds of problems.

From my client's perspective, I can say that they had no control over their cloud data that they needed to protect. They had solutions that can handle their on-premise DLP, such as determining whether a particular service is malware-free. When it was on the cloud, such as Google Cloud, Google Drive, ServiceNow, or others, they were not sure how to protect it. With this solution, they are able to protect themselves, and also with data at rest. It has helped to protect against the propagation of malware from the cloud to the premises.

There are two features that I find very good. This solution provides a DLP on the cloud and very few people have a scanning device for data at rest. The second feature that I really like about this solution is the notifications that it provides. It provides me with timely notifications so that I can consider things such as whether actions are trusted or untrusted and I can quarantine the data on the fly.

There are a lot of cloud-based applications that are supported, such as Box, Skype, Google Drive, and SharePoint, but there are many more than have not been totally integrated. They cannot use in-house apps because they are not generic services. I would like to see support for custom applications. 

There are also certain storage services that are not integrated, like AWS S3. If the services are created by the customer then it would be very nice to have those protected too.

Right now, this is a data at rest CASB, but it would be nice if it included features such as forward proxy or reverse proxy. It would be able to provide the OTP to those gateways and anyone who can integrate with Aperture can send the data to have it authenticated, via Aperture to the cloud, rather than just scanned. Essentially, if it can be made to act as an auth server, to automatically handle the forward proxy CASB, it would be good.

Six months.

It seems to be a pretty stable product. It has been six months and we haven't seen many problems yet.

Given that it is in the cloud, I don't think that there is an issue with the scalability. You can just add agents or perform more integration very easily and it will work. Unless the price model changes because it is already a bit pricey from the perspective of the end-user, it is not a problem.

The scalability is based on devices rather than users, but I can say that there are perhaps six cloud accounts with around ten or fifteen apps that they are trying to protect.

The technical support is very friendly. They are aware of the solution and they can definitely help you if you are stuck with a problem.

Our customer was not aware of how to protect their cloud data, and this is the first solution that they chose.

The initial setup is simple. You just need to log into the Aperture cloud with your user ID and password, apply the license and you are done. After this, you just need to know how to integrate, but they already have documentation that can help you out.

The time required for deployment depends on how complex you are making the environment. If it's a very simple one, such as a Box or a Google Drive, then it will take around a day or two, maximum a week.

I would say that a complex environment may take between three and four weeks. It depends on the use case. If you want to do a POC setup on VPC or Google Drive then it may take less time. On the other hand, if you are integrating more services then it will take longer because you have to learn the product from scratch. There are no similar services.

Once this solution is configured, there is very little that you have to do unless the customer requests something new. If you integrate it with WildFire and AutoFocus, it will automatically get the latest volume or latest signatures, and it will notify you whenever that happens. If somebody is properly trained then one person can handle the maintenance.

We deployed this solution for our customer. We also used agents, provided with Aperture, on the local devices so that they could be easily connected to the cloud.

The pricing for this solution is on the higher end. Our customer felt that the solution was a bit overpriced but they had nothing that offered them better protection.

The licensing fees are on a yearly basis, and there are no additional costs.

There are now more vendors doing this, such as Oracle, but when we started there were very few. This is one of the reasons for choosing this solution.

This is a fairly good product if you are looking for something to protect data at rest. There are alternatives, like Oracle and McAfee, that also provide similar solutions, but you should do a POC with them first. In fact, you should always start with a POC because everyone has different needs. 

If you take the training that is available then you will be able to handle the maintenance yourself. There can be challenges when there are compliance issues, like somebody putting a file into quarantine. It will have to be taken out manually, and if the user is untrained then they will require technical help for this.

I would rate this solution eight and a half out of ten.