Prisma Cloud by Palo Alto Networks Reviews

We use the GlobalProtect module within Prisma Cloud to ensure the security of our mobile users.

Prisma Cloud provides security spanning for multi and hybrid cloud environments.

It includes automation capabilities that we can deploy if the environment is suitable.

Prisma Cloud has enabled us to migrate from multiple vendors, creating a more user-friendly experience for everyone.

Prisma Cloud enhances the security of our cloud-native development lifecycle from start to finish.

One of the advantages of Prisma Cloud's GlobalProtect module is that it provides a centralized tool for monitoring applications, user connections, and latency. Additionally, it allows us to track the percentage of availability.

Prisma Cloud saves the equivalent time of one full-time employee.

The most valuable aspect of Prisma Cloud compared to other VPNs is its security and performance.

In the GlobalProtect module, we can easily guide users experiencing connection issues through the notification column. Within that column, we can submit and escalate notifications on host entries for troubleshooting purposes. Additionally, we can troubleshoot by collecting direct logs during user data connections. On the security front, we have a wide range of SaaS-based items at our disposal. Using Prisma Cloud, we can send internet-based reminders about the option to create a VPN tunnel internally.

Palo Alto needs to add more support staff to improve their response time.

I have been using Prisma Cloud by Palo Alto Networks for two years.

I would rate the stability of Prisma Cloud ten out of ten.

I would rate the scalability of Prisma Cloud ten out of ten.

The support response time is slow, with resolutions sometimes taking up to two days.

Neutral

The initial deployment is straightforward. I have experience with two deployments. In my previous job, the deployment took six months to complete. Currently, we have 15 tenants to deploy and have successfully deployed ten within the first seven months.

The price for Prisma Cloud is reasonable.

I would rate Prisma Cloud by Palo Alto Networks eight out of ten. However, the delay in support time negatively impacts my overall assessment.

We have 90,000 accounts and have already migrated 50,000 users over to GlobalProtect.

Palo Alto does the maintenance.

I recommend Prisma Cloud to others, as long as the solution meets their requirements for cost, support, and number of locations.

The main reason why we are using Prisma Cloud is to identify any compliance issues. We have certain compliance requirements across our different resources, such as something should be completely inaccessible, logging should be enabled, and certain features should be enabled. So, we are using it to identify any such gaps in our cloud deployment. Basically, we are using it as a Cloud Security for Posture Management (CSPM) tool.

It is a SaaS solution. 

One of the things that we have been able to do with Prisma Cloud is that we have been able to generate real-time alerts and share them with our technology team. For certain resources, such as databases, we have certain P1 requirements that need to be fulfilled before our resource goes live. With Prisma, if we identify any such resource, then we just raise an alert directly with the support team, and the support team gets working on it. So, the turnaround time between us identifying a security gap and then closing it has gone down drastically, especially with respect to a few of the resources for which we have been able to put this plan into motion. We have reduced the timeline by 30%. That's because the phase of us identifying the gaps manually and then highlighting them to the team is gone, but the team still needs to remediate them. Of course, there is a provision in Prisma Cloud where I can reduce it further by allowing auto-remediate, but that is not something that we have gone for as an organization.

We are using it to find any gaps, create custom policies, or search in our cloud because even on the cloud portal, you don't get all the details readily available. With Prisma, you have the capability of searching for whatever you're looking for from a cloud perspective. It gives you easy access to all the resources for you to find any attribute or specific values that you're looking for in an attribute. Based on my experience with Azure and Prisma, search becomes much easier via Prisma than via your cloud.

As a pure-play CSPM, it is pretty good. From the data exposure perspective, Prisma Cloud does a fairly good job. Purely from the perspective of reading the conflicts, it is able to highlight any data exposures that I might be having.

There are two main things that Palo Alto should look into. The first is the reporting piece, and the second one is the support. 

Currently, custom reports are available, but I feel that those reports are targeting just the L1 or L2 engineers because they are very verbose. So, for every alert, there is a proper description, but as a security posture management portal, Prisma Cloud should give me a dashboard that I can present to my stakeholders, such as CSO, CRO, or CTO. It should be at a little bit higher level. They should definitely put effort into reporting because the reporting does not reflect the requirements of a dashboard for your stakeholders. There are a couple of things that are present on the portal, but we don't have the option to customize dashboards or widgets. There are a limited set of widgets, and those widgets don't add value from the perspective of a security team or any professional who is above L1 or L2 level. Because of this, the reach of Prisma Cloud in an organization or the access to Prisma Cloud will be limited only to L1 and L2 engineers. This is something that their development team should look into.

Their support needs to be improved. It is by far one of the worst support that I have seen.

We are using Azure Cloud. With AWS, Prisma is a lot more in-depth, but with Azure, it's still developing. There are certain APIs that Prisma is currently not able to read. Similarly, there were certain APIs that it was not able to read six months ago, but now, it is able to review those APIs, top-up resources, and give us proper security around that. Function apps were one of those things that were not there six months ago, but they are there now. So, it is still improving in terms of Azure. It is much more advance when it comes to AWS, but unfortunately, we are not using AWS. A problem for us is that in terms of protecting data, one of the key concepts is the identification of sensitive data, but this feature is currently not enabled for Azure. This feature is there for AWS, and it is able to read your S3 buckets in the case of AWS, but for Azure, it is currently not able to do any identification of your storage accounts or read data on the storage to give security around that. So, that is one of the weak points right now. So, from a data exfiltration perspective, it needs some improvement.

It is currently lacking in terms of network profiles. It is able to identify new resources, and we do get continuous alerts from Prisma when there is an issue, but there have been a few issues or glitches. I had raised a case with Palo Alto support, but the ticket was not going anywhere, so I just closed the ticket. From a network security group's point of view, we had found certain issues where it was not able to perform its function properly when it comes to the network profile. Apart from that, it has been working seamlessly. 

I've been using Prisma Cloud for around six months.

It is a stable platform. Especially with it being a SaaS platform, it just has to make API calls to the customers' cloud portals. I haven't found any issues with regard to stability, and I don't foresee any issues with stability based on the architecture that Prisma has.

It is pretty scalable. The only limitation is the licensing. Otherwise, everything is on the cloud, and I don't see any challenges with respect to scalability. I would consider it as a scalable solution.

Currently, there are around eight to 10 people who are working with Prisma, but we are still bringing it up to maturity. So, majorly, I and a couple of my colleagues are working with Prisma. The others have the account, but they are not active with respect to Prisma. Almost all of us are from InfoSec.

The support from Palo Alto needs to be improved a lot. It is by far one of the worst support services that I have seen. It takes a lot of time for them to come back, and nothing conclusive happens on the ticket as well. 

There was a ticket for which I called them for three months, and nothing was happening on that ticket. They were just gathering evidence that I had already shared. They asked for it again and again, and I got frustrated and just closed the ticket because I was just wasting my time. I was not getting any response. There was no progress that I was seeing in getting my issue getting resolved even after three months. This is not just for one ticket. There have been a couple of other tickets where I've faced similar issues with Palo Alto. So, support is definitely something that they should look into. 

Today, I won't recommend Palo Alto Prisma to someone because I'm not confident about their support. Their support is tricky. I would rate them a three or four out of 10. They are polite and have good communication skills, but my requirement from the support team is not getting fulfilled.

We haven't used any other product. 

I've been involved with the entire implementation of Prisma Cloud. I've manually done the implementation of Prisma in my current organization in terms of fine-tuning the policies, reviewing the policies, and basically bringing it up to maturity. We have not yet achieved maturity with the product. We have also encountered some problems with the product because of which the implementation has been a bit delayed.

The integration piece is pretty straightforward. In terms of the availability of the documentation, there is no issue. If you reach the right document, your issue gets resolved automatically, and you don't have to go to the support team. That was pretty smooth for me.

The initial integration barely took half a day. You just have to make some changes on your cloud platform, get the keys, and just put the keys manually. We had a lot of subscriptions, and when we were doing the integration, tenant-level integration was not available. So, I had to manually integrate or rather onboard each subscription. That's the reason why it took me half a day. It might have even been just a couple of hours.

As of now, we have not seen an ROI because we are not yet mature. We have not yet reached the maturity level that we want to reach.

My colleague had reviewed other solutions like Aqua and Cloudvisory. One of the reasons for selecting Prisma was that we have planned a multi-cloud approach, and based on our analysis, we felt that Prisma will be better suited for our feature requirements. The other reason was that we already have quite a few Palo Alto products in our environment, so we just thought that it will be easier for us to do integrations with Prisma. So, these were the two key reasons for that decision.

Currently, there are not many options to choose from across different products. So, from that perspective, Prisma is pretty decent. It works how CSPMs are supposed to work. They have to read up the config, and then throw you an alert if they find any misconfiguration. So, from that perspective, I didn't find it to be that different from other CSPMs. The integration pieces and other things are pretty simple in Prisma Cloud, which is something that we can take into account when comparing it with others.

I would recommend others to consider a CSPM product, whether they go with Prisma or another flavor of CSPM. It also depends on the deployment that the organization has, the use case, and the budget. For an organization similar to mine, I would definitely recommend going for CSPM and Palo Alto Firewall.

I would advise others to not go with the higher level of Prisma support. They should go for third-party professional services because, in my experience, they have a better understanding of the product than the Prisma support team. Currently, we have one of higher levels of support, and we are not getting the return on that support. If we go for a lower tier of support, we save that money and give it to a third-party professional service. That would be a better return on investment.

Prisma Cloud hasn't helped us to identify cloud applications that we were unaware that our employees were using. That has not been the case so far because when we had initially done the deployment, we had done it at the subscription level rather than at the tenant level. So, in our case, it is quite the opposite where there would be subscriptions that the client is not aware of. I think Prisma has come up with a release wherein we can integrate our cloud on a tenant level rather than the subscription level. That is something that we will be doing going forward.

I would rate this solution a seven out of 10.

I have mostly used the CSPM and CWP side of things. 

For one of our clients, we used the self-hosted version that we had deployed on IBM Cloud and the SaaS version hosted by Prisma itself. For the CWP side, we used it for securing applications of our clients, doing the runtime checks, and servicing the runtime events and plug-in vulnerabilities.

For the CSPM side, the use case was more heavily for compliance on the cloud. We had Google and AWS environments.

Its main benefit was that it made it easier to monitor our clients. It just made everything more efficient. There was efficiency.

Prisma Cloud provides security spanning multi-cloud environments. I have not worked with a hybrid cloud environment.

I never did anything with the automated features other than being able to click and have it do the relearn process when it comes to the runtime events. If I see that an application is creating a bunch of false positive runtime events, I can put it in an automatic relearn state. It will relearn what that application does so it is not firing off a bunch of false positives. That is the only automation I have used other than the Helm option provided at the time of deployment. It does some automation when it comes to deployment. That is about it. I am not sure about the savings money-wise, but I know that every time we deploy by Helm, it saves us time. It is hard to judge the time savings because I never deployed it in a manual way.

Prisma Cloud is pretty good for helping us take a preventative approach to cloud security. We can have lock-in controls where a developer cannot deploy vulnerabilities that are critical. We can prevent them from doing it that way. It is excellent in that regard. I also like the preventive controls on the runtime side. If you see a runtime event, you could put options in place to prevent that specific command from running, or you can shut down the console, container pod, etc. It is hard to measure the time savings. However, it can take us an hour if we have to reach out to the proper team to get a pod shut down. It would also depend on how responsive they are. Having something in place to automatically shut something down does save a lot of time.

When we first started deploying it, our team was new. We had done some training, but it did take us a little while to fully grasp all the benefits of Prisma Cloud itself. It could have taken a couple of weeks to a month before we really got a good grasp of everything. I would not say that this is the case with everyone. None of us in the team had done the cloud before, so it took us longer to understand and realize the benefits compared to others.

Prisma Cloud is pretty comprehensive. On the CSPM side of things, the SaaS-hosted version seems to have a lot more capability than the self-hosted version. The SaaS-hosted version is more comprehensive than the self-hosted version.

The visibility and control that Prisma Cloud provides affect confidence in the security and compliance postures. A great thing about it is that we can set up whatever specific compliance needs the clients have. It has a lot of features already built into it. It is a simple toggle action to enable the compliance that they need to follow. It lays out what is failing. It gives you all the information that you need to work with clients to get everything compliant. It also offers some options if you want to make custom policies and things like that. If the compliance policies that clients follow are not available nationally, they can have their own compliance policies. They can put those in. It is great.

Prisma Cloud provides a single tool to protect all of the cloud resources and applications, and then there are other tools that you can download from the console, such as the twistcli tool. It is all in there, but there are different tools that you can use as well.

Prisma Cloud saves a lot of time and probably a lot of money too. That is because you can log in to one specific tool. The CSPM SaaS side of it even has more, so being able to log in on that one tool helps. You do not have to worry about different tools to take care of different security aspects. Everything built into one saves a lot of time.

We were able to reduce runtime alerts as we worked with our clients to get to that security posture maturity. There were some clients that were getting probably 25 or more different alerts a day, and we were able to bring that down by more than half. We were on the way to getting even fewer alerts than that. It was quite a bit of a reduction. It is a slow process of getting the runtime alerts knocked down depending on how big the environment is, but it definitely helps.

When it comes to the vulnerability side of things, it has built-in top ten features or top ten vulnerabilities. We can look at them and say that these vulnerabilities are being ranked by Prisma Cloud as our top ten. These are the ones that we should be focusing on. We can work with our clients to help them determine which things should be knocked out first and so on.

Runtime protection and the ability to set up policies and controls are valuable.

The thing that I like the most is that when it comes to runtime events, whenever we see an event, we are able to look through the logs. It is pretty easy to look back through everything that took place. I also like the Radar screen for seeing how everything is connected.

While you can find everything, sometimes, it is a bit difficult. I have always had a little bit of an issue or struggle using the Resource Query Language that we can use to look through and find different things. I wish it was a little bit easier. It might be just my failings in that regard, but it can be a little bit difficult to find everything. You can find everything, but it is difficult sometimes.

If there is a way for auto Defender upgrades, that would be great. They started to implement it, but I do not know if they have done it yet. Having auto Defender upgrades so that we do not have to upgrade Defender manually would be helpful. If there is a way to push the upgrades from the console, that would be one way to improve it. I had created a couple of other requests for improvements, but I do not remember them at this point in time. I know that was one of them.

I started using it back in 2020 although I did a little bit of training a little bit before that around the end of 2019. It was originally Twistlock. I am not sure if Palo Alto had bought it out when I first started training with it.

I would rate it an eight out of ten for stability. Sometimes, on the SaaS version, the console would not load. It was a glitch on their end that they had to fix. We had issues with the GUI at a couple of points. We had issues whenever we were downloading the vulnerability report. It did not include all the information. Once they got some bugs worked out, it was pretty stable, but there were some issues.

It is very scalable. I would rate it a ten out of ten for scalability.

We had a couple of Fortune 500 clients. I do not know if we had anything that was small. A lot of them were big organizations, but some of the environments were small.

We had a client that had the SaaS version that had hundreds of different endpoints, if not more. Most of our clients were on the self-hosted version. Some of them only had four or eight different endpoints or hosts. One of them had about 50 different hosts, give or take. It was a wide array depending on the client we were working with.

When we started, there were three of us working with Prisma Cloud. There were about six of us by the time I left.

They are pretty good, but sometimes, it does take them a little bit longer to move from level 1 support to a higher-up level when it is a technical issue that they have not dealt with before. Overall, it is pretty good.

Positive

We also used a product called Aqua Security. We were using Aqua Security back when we were using the self-hosted version of Prisma and not the SaaS version of Prisma. We had not worked on the SaaS version yet, so I do not know if it is a completely fair comparison, but I did feel that at that point in time, Aqua Security had more features and a better layout. I do not know how that compares today. It has been a little over a year since I last touched Aqua Security, so I am not sure what updates and changes they have made.

We had a deployment team handling the initial deployments. We worked on the upgrades after the initial deployment, which were pretty straightforward, but I am not sure about the initial deployment. It seems to be pretty straightforward, but I have never done an initial deployment.

In terms of maintenance, it is just doing the upgrades. That is really about it. It seems that they push out a patch pretty close to every month. You can upgrade to the minor versions at the very least or security patches.

I would recommend Prisma Cloud to others. It does take a good bit of work to learn it and fully understand the complexity of it and all the features. There are still features in there that I do not even know about or have not even touched, but it is great for protecting the environment. It is easy to get into and understand some of it, but it requires a lot of learning to understand the whole complexity of it.

Its learning curve depends on what you need to do with it. I had taken a week-long class with it, and then there were other training sessions. It could take weeks, if not months, if you want to try to do all the different training they offer.

With my limited use of other platforms, I would rate Prisma Cloud a ten out of ten. This is the one that I have used the most. It is the best of the ones that I have used.

There are five pillars of Prisma Cloud, including CWPP for workloads and security posture in the basic configuration. We have also been working with application APIs. These are the areas in which I'm working.

Most of our customers are using multi-cloud or hybrid cloud environments, and the problem they were facing was that they didn't have a one-stop shop for managing all the clouds. For example, Azure has something like that capability, but there are some problems and gaps. Every cloud provider says, "This is our territory, and we can only secure our territory." But the whole idea of Prisma Cloud is that it can take any cloud, whether public or private, bring the accounts on board, and after that, everything is managed by Prisma Cloud.

Another problem with Azure is that it has very overwhelming alerts, making it hard to manage them in native Azure. With Prisma Cloud, we have different rules and it is easier and more manageable. It is not overwhelming. We can look at its different modules. If we're talking about identity management, we can go to that module and see the identity. That makes things quite manageable with Prisma Cloud.

When it comes to investigation time, Prisma Cloud has something like 18,000 or 19,000 predefined policies and has remediations as well, so we know what to do or what not to do. It helps reduce investigation time because all those policies are already there. They are the "top" policies, and it provides remediations alongside.

Most of the customers we are tackling have different tools and solutions, like Qualys, Nessus, and vulnerability management assessment solutions. There are plugins for them, and we can integrate Prisma Cloud with them. We can enrich our telemetry with their data and use the predefined correlation rules in Prisma Cloud. That means we have that work done in seconds.

We also like the firewalls.

It also perfectly provides security across multi- and hybrid cloud environments. We use it with multi-cloud environments, and there are five cloud providers supported, including Amazon Web Services, Oracle, GCP, Azure, and Alibaba. Most of the big companies out there are using multi-cloud or hybrid environments, and they share dependencies on different types of cloud.

The basic idea of Prisma Cloud, and what I like the most, is that it is a managed cloud and everything is easy to do. So we can integrate different cloud-native services. We can use solutions like Defender for Cloud, Azure, and Amazon Inspector and enhance our telemetry using these data lakes. Prisma Cloud is the best for integrating with these cloud-native solutions.

The automation is good so far. If we look at the Kubernetes runtime environment, there is good automation for that.

Prisma Cloud is all about a preventative approach, and we can use it for compliance as well.

We can also integrate it into a CI/CD pipeline, and it can scan different images and containers, such as Kubernetes. Also, when we are loading an account, there are some agents that scan as well. There is Lambda for automation, and, in the first phase—the staging environment—we can have our work done. Pipelining is a continuous process, and the scanning takes place in the previous stage only. It runs in a sandbox environment and gives us all the remediations.

Sometimes, credentials are hardcoded. We can use the code security module and correlate with the predefined rules provided by Prisma Cloud. We get alerts, and based on these alerts, we can harden the policies for that code.

And the dashboard provided by Prisma Cloud has capabilities through which we can make alerts visible based on their severity level. We can create a separate dashboard for rules related to medium or high severity. That way, without wasting our time, we get to the medium- and high-level alerts and tackle the things that need attention the most.

The automation capabilities are growing each day, but the problem is that the updates are not that frequent. There are some services on Amazon that have come out with updates, and Azure is also getting up to date. But Prisma takes some time to follow. There's a time gap that Prisma inherits from these clouds. I understand why it takes some time, but that time should be reduced.

I have been using Prisma Cloud by Palo Alto Networks for two years.

The stability is a 10 out of 10.

The scalability is also a 10 out of 10.

We have a team of 25 to 30 people. Our company is based in India, but we have offices in Malaysia, Singapore, and Bangladesh, and we have clients in India and outside of India. Most of them are enterprise-level.

Their technical support comes up with great solutions. Every time we call we definitely get a solution.

Positive

It is onboarding in the cloud. There are a lot of documents, but it is quite easy. I'm into training as well, and it is quite easy for me to train my interns on how to onboard accounts to Prisma Cloud. If we are only onboarding one account, it happens in minutes.

In terms of price, we have to see the value we are getting for the particular penny we are paying. In that context, Prisma Cloud is a value-back cloud-managed solution; cloud-native solutions are quite expensive. That's why a lot of our clients are shifting from cloud-native to Prisma Cloud: because of its effectiveness and because it is budget-friendly as well.

I love Prisma Cloud. It's a one-stop shop for managing cloud security. And it is very easy to use. The dashboard and all the UI are very easy.

Our use case for the solution is monitoring our cloud configurations for security. That use case, itself, is huge. We use the tool to monitor security configuration of our AWS and Azure clouds. Security configurations can include storage, networking, IAM, and monitoring of malicious traffic that it detects.

We have about 50 users and most of them use it to review their own resources.

If, for a certain environment, someone configures a connection to the internet, like Windows RDP, which is not allowed in our environment, we immediately get an alert that says, "Hey, there's been a configuration of Windows Remote Desktop Protocol, and it's connected directly to the internet." Because that violates our policy, and it's also not something we desire, we will immediately reach out to have that connection taken down.

We're also integrating it into our CI/CD pipeline. There are parts we've integrated already, but we haven't done so completely. For example, we've integrated container scanning into the CI/CD. When they build a container into the pipeline, it's automatically deployed and the results come back to our console where we're monitoring it. The beauty of it is that we give our developers access to this information. That way, as they build, they actually get near real-time alerting that says, "This configuration is good. This configuration is bad." We have found that very helpful because it provides instant feedback to the development team. Instead of doing a review later on where they find out, "Oh, this is not good," they already know: "Oh, we should not configure it this way, let's configure it more securely another way." They know because the alerts are in near real-time.

That's part of our strategy. We want to bring this information as close to the DevOps team as possible. That's where we feel the greatest benefit can be achieved. The near real-time feedback on what they're doing means they can correct it there, versus several days down the road when they've already forgotten what they did.

And where we have integrated it into our CI/CD pipeline, I am able to view vulnerabilities through our different stages of development.

It has enhanced collaboration between our DevOps and SecOps teams by being very transparent. Whatever we see, we want them to see. That's our strategy. Whatever we in security know, we want them to know, because it's a collaborative effort. We all need each other to get things fixed. If they're configuring something and it comes to us, we want them to see it. And our expectation is that, hopefully, they've fixed it by the time we contact them. Once they have fixed it, the alert goes away. Hopefully, it means that everyone has less to do.

We also use the solution's ability to filter alerts by levels of security. Within our cloud, we have accounts that are managed and certain groups are responsible. We're able to direct the learning and the reporting to the people who are managing those groups or those cloud accounts. The ability to filter alerts by levels of security definitely helps our team to understand which situations are the most critical. They're rated by high, medium, and low. Of course we go after the "highs" and tell them to fix them immediately, or as close to immediately as possible. We send the "mediums" and "lows" to tickets. In some instances, they've already fixed them because they've seen the issue and know we'll be knocking on the door. They realize, "Oh, we need to fix this or else we're going to get a ticket." They want to do it the right way and this gives them the information to enable them to make the proper configuration.

Prisma Cloud also provides the data needed to pinpoint root cause and prevent an issue from occurring again. When there's an alert and an issue, in the event it tells you how to fix it. It will say, "Go to this, click on this, do this, do that." It will tell you why you got the alert and how to fix it.

In addition, the solution’s ability to show issues as they are discovered during the build phases is really good. We have different environments. Our low environments are dev, QA, and integrations, environments that don't have any data. And then we have the upper environment which actually has production data. There's a gradual progression as we go from the lower environments and eventually, hopefully, they figure out what to do, and then go into the upper environment. We see the alerts come in and we see how they're configuring things. It gives us good feedback through the whole life cycle as they're developing a product. We see that in near real-time through the whole development cycle.

I don't know if the solution reduces runtime alerts, but its monitoring helps us to be more aware of vulnerabilities that come in the stack. Attackers may be using new vulnerabilities and Prisma Cloud has increased the visibility of any new runtime alerts.

It does reduce alert investigation times because of the information that the alerts give us. When we get an alert, it will tell us the source, where it comes from. We're able to identify things because it uses a protocol called a NetFlow. It tracks the network traffic for us and says, "This alert is generated because these attackers are generating alerts," or "It's coming internally from these devices," and it names them. For example, we run vulnerability scanning weekly in our environment to scan for weaknesses and report on them. At times, a vulnerability scanner may trigger an alert in Prisma. Prisma will say, "Oh yeah, something is scanning your environment." We're able to use this Prisma information to identify the resources that have been scanning our environment. We're able to identify that really quickly as our vulnerability scanner and we're able to dismiss it, based on the information that Prisma provides. Prisma also provides the name or ID of a particular service or user that may have triggered an alert. We are able to reach out to that individual to say, "Hey, is this you?" because of the information provided by Prisma, without having to look into tons of logs to identify who it was.

Per day, because Prisma gives us the information and we don't have to do individual research, it saves us at least one to two hours, easily and probably more. 

One of the most valuable features is monitoring of configurations for our cloud, because cloud configurations can be done in hundreds of ways. We use this tool to ensure that those configurations do not present a security risk by providing overly excessive rights or that they punch a hole that we're not aware of into the internet.

One of the strengths of this tool is because we, as a security team, are not configuring everything. We have a decentralized DevOps model, so we depend on individual groups to configure their environments for their development and product needs. That means we're not aware of exactly what they're doing because we're not there all the time. However, we are alerted to things such as if they open up a connection to the internet that's bringing traffic in. We can then ask questions, like, "Why do you need that? Did you secure it properly?" We have found it to be highly beneficial for monitoring those configurations across teams and our DevOps environment.

We're not only using the configuration, but also the containers, the container security, and the serverless function. Prisma will look to see that a configuration is done in a particular, secure pattern. When it's not done in that particular pattern, it gives us an alert that is either high, medium, or low. Based on those alerts, we then contact the owners of those environments and work with them on remediating the alerts. We also advise them on their weaker-than-desirable configuration and they fix it. We have people who are monitoring this on a regular basis and who reach out to the different DevOps groups.

It scans our containers in real time. Also, as they're built, it's looking into the container repository where the images are built, telling us ahead of time, "You have vulnerabilities here, and you should update this code before you deploy." And once it's deployed, it's scanning for vulnerabilities that are in production as the container is running. And we're also moving into serverless, where it runs off of codes, like Azure Functions and AWS Lambdas, which is a strip line of code. We're using Prisma for monitoring that too, making sure that the serverless is also configured correctly and that we don't have commands and functions in there that are overly permissive.

The challenge that Palo Alto and Prisma have is that, at times, the instructions in an event are a little bit dated and they're not usable. That doesn't apply to all the instructions, but there are times where, for example, the Microsoft or the Amazon side has made some changes and Palo Alto or Prisma was not aware of them. So as we try to remediate an alert in such a case, the instructions absolutely do not work. Then we open up a ticket and they'll reply, "Oh yeah, the API for so-and-so vendor changed and we'll have to work with them on that." That area could be done a little better.

One additional feature I'd like to see is more of a focus on API security. API security is an area that is definitely growing, because almost every web application has tons of APIs connecting to other web applications with tons of APIs. That's a huge area and I'd love to see a little bit more growth in that area. For example, when it comes to the monitoring of APIs within the clouded environment, who has access to the APIs? How old are the APIs' keys? How often are those APIs accessed? That would be good to know because they could be APIs that are never really accessed and maybe we should get rid of them. Also, what roles are attached to those APIs? And where are they connected to which resources? An audit and inventory of the use of APIs would be helpful.

I've been using Palo Alto Prisma for about a year and a half.

It's a stable solution.

The scalability is "average".

Palo Alto's technical support for this solution is okay.

We did not have a previous solution. It was the same solution called Redlock, which was then purchased by Palo Alto.

The initial setup took a day or two and was fairly straightforward.

As for our implementation strategy, it was 

• add in the cloud accounts
• set up alerting
• fine tune the alerts
  
• create process to respond to alerts
• edit the policies.

In terms of maintenance, one FTE would be preferable, but we do not have that.

We implemented it ourselves, with support from Prisma.

One thing we're very pleased about is how the licensing model for Prisma is based on work resources. You buy a certain amount of work resources and then, as they enable new capabilities within Prisma, it just takes those work resource units and applies them to new features. This enables us to test and use the new features without having to go back and ask for and procure a whole new product, which could require going through weeks, and maybe months, of a procurement process.

For example, when they brought in containers, we were able to utilize containers because it goes against our current allocation of work units. We were immediately able to do piloting on that. We're very appreciative of that kind of model. Traditionally, other models mean that they come out with a new product and we have to go through procurement and ask, "Can I have this?" You install it, or you put in the key, you activate it, and then you go through a whole process again. But this way, with Prisma, we're able to quickly assess the new capabilities and see if we want to use them or not. For containers, for example, we could just say, "Hey, this is not something we want to spend our work units on." And you just don't add anything to the containers. That's it.

The biggest lesson I have learned while using the solution is that you need to tune it well.

The Prisma tool offers a lot of functionality and a lot of configuration. It's a very powerful tool with a lot of features. For people who want to use this product, I would say it's definitely a good product to use. But please be aware also, that because it's so feature rich, to do it right and to use all the functionality, you need somebody with a dedicated amount of time to manage it. It's not complicated, but it will certainly take time for dedicated resources to fully utilize all that Prisma has to offer. Ideally, you should be prepared to assign someone as an SME to learn it and have that person teach others on the team.

I would rate Prisma Cloud at nine out of 10, compared to what's out there.

I primarily use the solution to uncover misconfiguration and for cloud code security. We can find gaps that hackers might access in order to steal data. It can trigger alerts and show you everything.

It's been helpful for managing multiple accounts. If we had to handle hundreds of accounts manually, it would take a lot of time. 

We've been able to mitigate issues and fix them before they become bigger problems. If the system detects any critical misconfiguration, we'll receive alerts. 

The risk control is very good. They have scanning that runs often and we can see the latest configurations and get alerts.

The solution offers very good configuration capabilities. It can show you how to resolve and remediate issues, and you can pull reports that will show you everything you need to know.

It provides security across multi- or hybrid-cloud environments. It can work with AWS, Azure, Google, Oracle, et cetera.

We have many projects within our organization, and we need protection from people trying to steal our information. We can see gaps from every corner of the cloud. Having a solution like this is important to our organization so that we have the capability to see and monitor everything from everywhere, which would be hard to do manually. 

We can take a preventative approach to cloud security. If anything is open to the public, we can find it and see it. That said, we are using other solutions also. Still, this product will alert you and engage you if there are any areas where information weaknesses filter up. It will guide you and show you how to fix the issues with configurations.

We might have witnessed some cost savings. If anything gets stolen, it would cost our company monetarily; however, that hasn't happened.

It does help us save time since we don't have to check every console ourselves manually. 

We've noted the benefits of the solution across the last five years.

The remediation data is already available in its logs. You don't have to Google fixes. It's already there on the platform.

We're using containers and Docker. Instead of using open-source, we can use our own code and cloud. We'll be able to know if there is a misconfiguration. For example, if there is an AWS-level misconfiguration, Prisma will help us discover this. 

We use a variety of tools, and we can use Prisma to handle various types of misconfiguration. It covers our entire cloud-native development life cycle.

It provides us with the visibility and control we need regardless of how complex or distributed our cloud environment becomes. It's very helpful. It mitigates 98% to 99% of mitigation issues. It's helped us maintain confidence in our compliance and security reporting. I'm able to see configuration changes. If something changes, I know.

It helps us reduce runtime alerts. You can log in and check each and every account via the portal quite easily. If I see an alert, I can quickly fix issues. Or I can go through each alert and find out which are important or not. It reduces the time we take to handle these tasks by 75%. We can focus on the alerts that have the most impact. It prioritizes alerts to critical, high, and low. 

The console is good and user-friendly. We can see the logs very easily. People without experience can also easily adopt the solution.

We only use the solution for misconfigurations. There may be other features that are lacking, however, we don't use the full scope of the product.

Technical support could use some improvement. 

I've been working with the solution for the last seven years.

The stability is very good. There is no issue. 

We only have two security people using the solution currently. We have it across multiple clouds and regions. 

We haven't had any issues scaling the solution. 

We've only used support if we've had issues around false positives. In those cases, we create a ticket.

Neutral

I also work with CrowdStrike. Both offer a lot of features. We've recently switched to CrowdStrike. 

The initial deployment is very easy. You can add it, for example, to your AWS account. You just need to configure it in Prisma Cloud. You may have to create a policy and allow access. After that, you'll be able to see the console. 

We had two people managing the setup process. The time it takes to deploy depends on how many accounts there are. If you only have one account, it's very easy and only takes one to two days. If you have 100+ accounts, you will need a few weeks. 

There is no maintenance needed from our end. 

We didn't use any consultants during the implementation. 

I don't manage the licensing aspect of the solution. 

We are not using application-level security here. At the application level, we're using other tools. We're also using other XDR and EDR tools. We're only using this product for misconfiguration.

I'd advise other users to try the solution. It's a product that offers many features. It's a good idea to go and look at the market and see which solution is the best. It depends on your environment and what you might need. 

I'd rate the solution eight out of ten.

I primarily use the solution for vulnerability management, compliance management, and sometimes defense and access control. It has a sandbox. We can scan and manage CI pipeline security. 

The cloud solution as one platform can provide us with a lot of features and cover most of what customers care about. 

I have some clients that are moving from computing to a container environment. For cloud sets, customers need to increase the power of security over the DevOps environment. It doesn't create any bottlenecks when launching new products. From a business perspective, it's very helpful and supportive. It expedites go-to-market.

The runtime defense and API security are very good. It offers very good application security.

It's very comprehensive. It can cover the full cloud-native stack. There is a wide range of integrations, and the compatibility with various cloud providers is very useful.

It's perfect in terms of the security automation. We can do everything from the portal and choose a variety of policies. It can cover medium to large customers. 

We can take a preventative approach to cloud security. It's helpful.

They are constantly updating and adding new features and offering support for each of the updates. 

It is very comprehensive. It covers all aspects of the customer's cloud.

It provides good visibility and control regardless of the complexity. 

We can integrate into CI/CD pipelines. It's very efficient. They can integrate with whatever CI tools the customer uses, including Windows, Linux, and so forth. 

Modules can be added to cover additional items from the customer's side.

It reduced runtime alerts. We've saved more than 50% to 60% of our time.

We've reduced alert investigation times. With any incident that happens, we can do an investigation and correlate and normalize the incident quickly. We've saved more than 70% of the time typically taken.

They could improve more features for the enterprise version of the solution. They need to also have more features for on-premises versions for companies that cannot access the cloud version. 

I've been using the solution for around two years. 

The solution is stable. I'd rate the solution eight out of ten. 

We use the solution for one location. 

It's a scalable solution. I'd rate it nine out of ten. 

I was not involved in the deployment of the solution. 

There is maintenance, however, it is very minor. You just need one to two people to manage it. 

The ROI users get from the tool is very high. 

The pricing is a little bit high. It is not a cheap product. 

I'm a partner and reseller.

I'd rate the solution nine out of ten. 

I'd recommend the solution to others. The cloud-based version is very good. Users can rely on the product.

I am using five modules of Prisma Cloud, and I have expertise in CSPM. The use cases are related to securing our host container environment and multi-cloud environment.

We were looking to resolve issues related to host and container security in the Kubernetes environment, vulnerability management, and compliance management.

One of the benefits of using Prisma Cloud is that we can easily make our cloud environment compliant. We can make it vulnerability-free, helping coders or application users bring their applications to production without vulnerabilities or malicious packages.

We have gotten good reviews from our customers, saying that they have improved their security with Prisma Cloud for their cloud environments. That includes customers in finance and in the medical field. And the reporting we get from Prisma is excellent.

It has helped us reduce runtime alerts by 70 to 80 percent.

And because it's very transparent, we can directly investigate things. It has reduced investigation time by 100 percent. We can easily go to the dashboard and check what's happening when investigating. We have to be experts with our tools to investigate and do a deep dive into an incident.

The best feature of Prisma Cloud is that the various modules have different features. With the CSPM, we have compliance management, and we also have an auto-remediation module. In CWP, we can go with runtime, where one of the great features is blocking vulnerabilities or malicious activities from the pipelines or CI. All five modules are taking a preventative approach to the security of the cloud environment, from the network to the cloud, posture management and workload protection.

In CI/CD, we have the option to add a Prisma scan, which helps us remove the vulnerabilities and malicious parts of packages used to create an application. This option enables us to scan the images before running or building them and to get a vulnerability report.

Prisma scans things and shows all the vulnerabilities and packages that are vulnerable, and which layers, by default, have vulnerabilities. So developers can easily go into the package or a particular layer and make changes to their code. It's very transparent.

Reporting from Prisma Cloud is very straightforward. We can export reports in CSV format, or we can use the APIs in Prisma to fetch reports. Reporting is very easy and customizable.

It is also compatible with multi-cloud and hybrid environments. It gives the option to onboard with five clouds: AWS, Azure, Alibaba, Oracle, and GCP. Most of the companies we deal with use parts of various services from different clouds. To provide them with solutions, we need Prisma Cloud, as it helps manage multi-cloud environments.

A lot of automation capabilities are coming out with the updates, and they are growing day by day. The basic automation covers remediation of alerts, and in live applications we can block malicious activities in the files where the vulnerabilities come across.

In terms of cloud-native application comprehensiveness, we can integrate various cloud-native applications with Prisma Cloud. We can use Defender to protect workloads or Kubernetes in any native cloud like AWS EKS.

The CSPM provides the whole asset inventory, where we can see all the services in our cloud environment and how they are working, as well as how the assets are connected to each other and which network is connected. We can see the configuration.

We face some GUI issues related to new permissions for AWS. So far, we don't have any automation to complete them through the GUI. We have to manually update the permissions. Our customers have faced some issues with that.

I have been using Prisma Cloud by Palo Alto Networks for more than four years.

The stability is a nine out of 10.

The scalability is a nine out of 10. We just need some of the automations to come around in Prisma.

With all the capabilities it has and how comprehensive it is, with CSPM, CWPP, and more, we get help from the technical team at Palo Alto. They help us to get into what Prisma Cloud is and all the capabilities it has.

Their technical support comes up with good solutions for every difficulty we face.

Positive

The initial deployment is very straightforward, with the help of the technical team and tech support. It's very easy to get into Prisma Cloud. It takes time, one to two weeks, to complete the deployment. Most of our customers are enterprise-level, although we also have small clients.

The maintenance is mostly handled by Palo Alto teams. The updates are scheduled so that we know at what time they will update and what the new features are. They are good when it comes to updates.

I'm on the technical side and not into sales, but Prisma Cloud is better than the native applications when it comes to pricing.

I suggest that my customers adopt Prisma for every module. It's the best security platform, where we can provide security for multiple clients without using the native security approach.

I highly recommend this solution.