Prisma Cloud by Palo Alto Networks Reviews

We're using the solution for container monitoring in one project and workload security in another. We've installed the agents on the servers to monitor for threats.

We haven't had an issue with the product for over a year. 

Its threat-hunting capabilities are very good. Security is a major thing for us.

We're using it in a banking setup and are using it only on a private cloud. 

The security automation is very useful.

Compared to AWS, the cost management is very low. The automation ensures we have limited tasks to do. In other security tools that I am using, there is no automation option at all.

We can integrate it very easily.

It's very easy to remotely connect. We can do that within fractions of a second.

We are getting a lot of visibility and control.

We've been able to reduce runtime alerts with Prisma Cloud.

We'd like to have more tools for threat hunting.

Sometimes, on the Azure side, there are issues. Some errors aren't being found on Prisma Cloud.

I've used Prisma Cloud for my past two projects. I've used it for one and a half years. 

We haven't had issues with downtime.

The solution is scalable. 

We've contacted support during some deployments on Windows servers in order to open ports. We had issues when we opened some ports and had no connection. Sometimes, their responses were slow or late.

Positive

The solution was very easy to deploy and integrate. We had a three-member team working on the setup. We only have ten to 20 servers. 

There is no maintenance needed after deployment.

The pricing can be a bit costly. However, it has low cost management.

We're a customer.

I'd rate the solution nine out of ten.

We use Prisma Cloud's CSPM and container modules to secure our workloads across multiple cloud platforms, including GCP, Azure, and AWS.

Prisma Cloud provides spanning for multi-cloud environments. We are using GCP, AWS, and Azure.

Security automation is beneficial. By hosting applications and containers in the cloud, we can implement policies to automatically detect and shut down unauthorized network access attempts, simultaneously alerting us to the potential threat.

The security automation has saved us around ten percent of our time.

Prisma Cloud has significantly enhanced our cloud security posture. When deploying applications to the cloud, prioritizing robust security is essential, especially within the complex Kubernetes environment. Prisma Cloud's comprehensive toolbox enables us to design and implement robust security systems, including RBAC. This unified platform allows for proactive security measures and rapid response to attacks, eliminating the need for multiple third-party tools. Its consolidated approach to scanning, monitoring, and traffic control proved highly effective during our previous engagement.

I quickly recognized the value of Prisma Cloud after reading about the effectiveness of its CSPM module in securing enterprise environments.

The software development lifecycle was previously handled as a separate task. I was involved in the build process, where developers frequently introduced security vulnerabilities that went unnoticed until Prisma Cloud was integrated into the system. The recognition of Prisma Cloud's value in addressing container security issues on the cloud became apparent. There was no integration between the SDLC scanning, building, deploying, and running and deploying systems. However, a process was being developed to enable full end-to-end monitoring by the development and security teams, including the desktop team, to identify security issues before applications reached the cloud. Prisma Cloud continues to monitor for vulnerabilities and security breaches even after deployment to the cloud.

Prisma Cloud provides visibility and management, allowing us to understand and control our environment. When we identify potential issues, we notify our superiors, who can take further action, such as removing a container. Due to our limited privileges, our role is primarily to report anomalies. Prisma Cloud offers valuable insight into what's happening in our environment, not just in terms of visibility but also in terms of access control. It's a reliable tool that has proven helpful in our work.

Prisma Cloud reduces our costs by consolidating multiple third-party tools into a single platform, eliminating the need for separate contracts with various vendors.

Prisma Cloud significantly reduced runtime alerts.

Prisma Cloud's most valuable asset is its ability to provide detailed visibility into container activity. It offers insights into application networking, container behavior, potential issues, and immediate remediation suggestions.

The training documentation provided for the two-hour boot camps is notoriously poor and disorganized. It might be beneficial to restructure the documentation into a step-by-step format that is more straightforward for beginners to follow.

I have been using Prisma Cloud by Palo Alto Networks for one year.

Prisma Cloud is a stable solution.

Prisma Cloud is designed to be highly scalable due to its cloud-based architecture.

The technical support was good.

Neutral

Some aspects of the deployment were straightforward, while others presented challenges due to the complexity of engineering. The entire process took between one and two months to complete.

Prisma Cloud is a high-end enterprise solution, making it quite expensive. As I am based in Nigeria, I have limited knowledge of its usage here, as it appears to be more widely adopted in North America and Europe.

I would rate Prisma Cloud by Palo Alto Networks eight out of ten. It's a complex, dynamic world with countless security challenges arising daily, and Prisma Cloud is a valuable tool for addressing many of them. While not an omnipotent solution, Prisma Cloud effectively tackles numerous security issues. However, as the threat landscape evolves, we must continually reassess and adapt our security strategies. Despite these challenges, Prisma Cloud remains an excellent tool for now.

Prisma Cloud was deployed in around 15 locations.

I suggest conducting a proof of concept in the desired deployment location for Prisma Cloud. Given that cost is a primary concern, I recommend discussing the matter with a Prisma Cloud solution architect before proceeding to the next stage.

Our primary use case for this solution is for CWP, CSPM, and scanning for run time. We also use it for monitoring mode and pipeline integration.

This solution has helped our organization by allowing us to have all the products integrated with the service now. This solution helped us by allowing us to schedule and fix things. This is not an easy thing if you're managing 1,000 plus resources.

The most valuable feature for me is the CSPM.

I think Prisma Cloud could improve its preventive governance policy and CWP run time modules.

I have been using this solution for about three years. 

I would say that this solution provides security spending in multi and hybrid cloud environments.

Regarding the comprehensiveness of this solution for protecting the full cloud-native stack, I would say that CSPM is suitable for postal security management, but other than that, there are a lot of pros and cons. We cannot say for 100% that this works for everything on the cloud.

Regarding Prisma Cloud, I would say it has helped us take a preventive approach to cloud security and that it works quite well.

Prisma Cloud provides the visibility and control that we need in the network overall, but the levels of visibility and control vary depending on the module. We need to have the solution integrated with the different tolls, which is quite complex. Our confidence in security and compliance postures is good overall in terms of complaints.

Prisma Cloud has enabled us to integrate security into our Ci/CD pipeline and as touch points into existing DevOps processes. When it comes to the seamlessness of the dash points in our DevOps and touchpoints, there are pros and cons, but a lot of the things have to do with the vendor itself and that's where the challenge is. The integrations are critical because we need to have a lot of talks with Prisma to sort out all those issues.

When it comes to this solution providing us with a single tool to protect our cloud resources and applications without having to manage our security and the compliance report, I would say it's fine with the organization. We plan to move in the future when we move the workloads into the cloud more and more, and we will think about it when we see how it will behave with more workloads and that's when we will discuss it all.

Prisma Cloud provides risk clarity at runtime across the entire pipeline showing issues as they are discovered during the billing basis. But other tools have more capability than Prisma for governance policies. Our developers can correct Prism's governance policies using the tools they use to code and only once they have indicated the safety pipeline, they will get the others to make it a bit more visible and fix vulnerabilities before moving to production.

We are currently using almost all modules of this solution.

I would say that Prisma Cloud has helped us reduce runtime alerts.

I would say that Prisma Cloud has helped us save money because it allows us to have information on the threat before it happens.

I would rate this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.

We use Prisma Cloud Data Security for security compliance and detection.

We implemented Prisma Cloud because it eliminates the need for hardware appliances, thereby reducing our on-premises footprint.

Prisma Cloud provides security scanning multi and hybrid cloud environments which is important.

Prisma Cloud provides comprehensive protection for the entire cloud-native stack, encompassing threat protection, global protection, threat intelligence, and zero-trust architecture.

Prisma Cloud's security automation capabilities are effective. It utilizes AI-powered cloud-based technology to analyze unknown files and identify potential threats.

Prisma Cloud employs a combination of features to safeguard against both known and unknown threats, including IPS and threat intelligence integration.

Prisma Cloud has benefited our organization by providing URL filtering, facilitating secure customer connections, implementing endpoint security with a zero-trust architecture, and enabling user identification.

Prisma Cloud safeguards our entire cloud-native development lifecycle. Palo Alto's architecture encompasses multiple engines, each with distinct functionalities. These engines include the SP3 engine, application visibility control engine, URL filtering engine, Wildfire, intelligent saving, zero trust, threat prevention, and content infection. Together, these engines enhance security, reliability, and threat monitoring.

Prisma Cloud provides visibility and control of our web traffic at the URL level and across other technologies.

Prisma Cloud's visibility improves our confidence in our security compliance posture.

Prisma Cloud effectively integrates security into our CI/CD pipeline and seamlessly harmonizes with existing DevOps processes.

Prisma Cloud provides a single monitoring tool. The single point of monitoring makes our company more secure.

Prisma Cloud provides up-to-date information about real-world threats at runtime and across the entire pipeline, through communications, community, and mail.

Prisma Cloud reduces the number of runtime alerts. The extent to which alerts are reduced depends on the appliance and the number of throughputs purchased.

Prisma Cloud has saved our organization money. 

What I like most about Prisma Cloud is its zero-day signatures, maximum security, minimal downtime, cloud visibility, control, and ease of deployment.

Firewalls can identify application and user activity within network traffic. This includes information such as, what applications are being used, what URLs are being accessed, how frequently applications are being accessed, and how much time users are spending on particular applications.

The Palo Alto support needs to improve. Their response time is not good.

I have been using Prisma Cloud by Palo Alto Networks for two years.

Prisma Cloud is stable.

Prisma Cloud is scalable.

The technical support is slow to respond.

Neutral

We previously used Fortinet, CheckPoint, and Cisco. Palo Alto Prisma Cloud is more efficient in single scans.

The initial deployment was straightforward. Using a basic configuration, we can deploy within six hours. I completed the deployment myself.

Prisma Cloud by Palo Alto Networks carries a higher cost, but its enhanced security measures justify the expense.

I would rate Prisma Cloud by Palo Alto Networks nine out of ten. Its architecture is well-designed, more reliable, and more secure.

We have Prisma Cloud deployed in multiple locations across the globe.

The maintenance is done on the cloud.

I recommend Prisma Cloud to others.

I am in a services company. My company is also a partner of Palo Alto, so all the Palo Alto products have been tested, researched, and deployed at least three to four times by every engineer in my team.

It is being used for posture management. We have many users coming from many locations. All of them are having the same experience and all are secured. We used to use CASB which is a solution for authentication. This solution is in line with CASB. It helps to ensure that data protection is fine and all the data is coming properly. We can see whether there are any leakages or vulnerabilities. We can check all these aspects of security with this solution. All this is configurable. It is a web-based solution.

Our company is a vendor. If customers want, they can purchase solutions via us. We then take care of the physical box as well as the configuration. We manage the physical as well as the logical. In the case of Palo Alto, it is all logical. We can even code for a customer if the customer wants to upgrade their existing cloud setup, migrate to a cloud setup, or bring in a new setup. It is our bread and butter. We are one of the leading sellers of Palo Alto solutions.

Prisma Cloud helps reduce vulnerabilities. The number of vulnerabilities is less. If you have 1,200 vulnerabilities, after implementing Prisma Cloud, the number is drastically reduced to 500. That is one of the key advantages of using Prisma Cloud. You can see its benefits within a month.

Prisma Cloud helps to identify all the vulnerabilities in modern scenarios. For traditional scenarios, we have enough products, but a solution like Prisma Cloud helps to identify vulnerabilities in containerized environments and modern traffic scenarios. It helps with run-time security and east-west traffic.

Prisma Cloud helps secure the entire cloud-native development lifecycle, across build, deploy, and run. I would rate it an eight out of ten for this.

As an enterprise architect, I seek three capabilities from a solution. It should be preventative. It should be corrective, and it should be detective. Prisma Cloud is good in these aspects. I would rate it an eight out of ten for these capabilities.

Palo Alto DSPM's discovery and data classification processes are comprehensive. I would rate it an eight out of ten for comprehensiveness. For data security, we have a DLP solution. We have a separate solution. We never use Palo Alto for that.

Palo Alto DSPM provides us with insights into the content it has discovered. It also provides automated discovery of new data assets as they onboard and a prioritized list of all the data security posture issues in our environment.

The security provided by Prisma Cloud is important for our customers, especially for our banking and finance customers. We are a service company. We never use any of these products. I am a security architect. I am the one responsible for assessing and finding the right product and then deploying the product with the help of my engineering team.

Prisma Cloud definitely reduces complexity. We can see the issues or vulnerabilities that have been there for a while. We get good clarity on why they have been there and how to resolve them. Palo Alto is very good at this, and they make complex work quick and easy.

Prisma Cloud drastically reduces the number of vulnerabilities in the organization. There can be 60% to 70% reduction. It also depends on the industry again. For the web-based industry, where the company is providing solutions through the internet, such as share market or banking companies, it is very helpful. Production companies rarely use online solutions. 

With the reduction in vulnerabilities, the security cost automatically reduces. There is an indirect impact on an organization's cost.

It is user-friendly. It has a good look and feel and reporting structure. It provides a single pane of glass. These are the things that I like.

There should be some kind of automation, AI incorporation, and bot system. All these would add value. For example, AI should be able to detect all related viruses based on one virus. That will be a great invention. 

I have been using this solution for about five years.

It is stable. I would rate it an eight out of ten for stability.

It is scalable. I would rate it an eight out of ten for scalability.

Their support is very good. I would rate them a nine out of ten.

Positive

I have worked with Trend Micro Deep Security, Singularity, and Lacework. There is a new vendor called Orca Security. They are phenomenal. They can even beat Palo Alto.

Prisma Cloud is better in terms of cost, GUI, and look and feel. There is a single pane of glass and very good reporting.

Its deployment is straightforward for me. It is deployed across multiple geographies and departments. We mainly work with enterprises.

We have some stringent processes for getting the system to a perfect stage and ensuring that it is running properly. It takes at least a month. We do all sorts of testing, and then based on our test outcome, we configure everything in the right way. After that, we consider the data shown in the report as official.

Prisma Cloud is one of the top solutions in the market. When customers ask for alternatives, I recommend Trend Micro Deep Security, Singularity, Lacework, and Orca to them. I provide them with a detailed comparison, and then customers make the decision. I help customers with architecture design, decision-making, vulnerability assessment, and penetration testing. I also help them compare vulnerabilities before and after implementing a solution.

There were some cases where we struggled with some customer requests such as related to zero trust. We were struggling to configure that. They thought that this product also supported zero trust. We then had to tell them to buy the Prisma Cloud CNAAP solution. In many cases, we also moved them from DSPM to CNAAP.

As a security professional, I would not suggest automated remediation. That is because we need to see that automatic remediation does not impact anything else. We have a team. We register all the vulnerabilities and threats, and then at the backend, we do the testing to ensure that remediation or automated remediation will not create any other problems. As soon as we get that assurance, only then we do the fix. This is a requirement from the customer side, especially from the banking and finance organizations. Because everything is crucial, we do not configure automatic resolution for any of the issues.

Overall, I would rate Prisma Cloud an eight out of ten.

Prisma protects our workloads and provides network security for our containers. Our infrastructure is mostly Azure-based and entirely on the cloud. We use the Prisma Compute and Prisma Network Security modules.

We have multiple security tools like Prisma, but not the same use cases. Prisma has its own unit use cases like image scanning, repository scanning, or container scanning. We have other tools as well, but they have different use cases.

We have about 15 users. Some are DevOps, infrastructure, and security engineers. There are also a few SOC analysts. I believe we'll expand usage in the coming years if everything goes well with other customers.

Before implementing Prisma Cloud, we didn't have any visibility into workspaces like Kubernetes and the underlying network of containers. Now, we have a better understanding of the resources interacting with Kubernetes and can identify vulnerabilities across the organization. In the past, we had limited information to take action on those resources, but now we can better understand the risks.

The solution has had a significant impact on our organization, especially our governance team. Once we get reports on non-compliant resources, we must take action before going live. We need to implement a risk-based approach to handle those non-compliant resources. Prisma offers a better understanding of whether the resources comply with regulations.

Prisma reduced runtime alerts by about 500 or something. We still get those because we're in the operational stage, but it's only a few. It has cut our average alert investigation times by about two days. Prisma probably saves us eight to ten hours total each week. 

I found the network queue sets useful. I also liked the Workload Protection Module, the vulnerability findings, and how the rule sets handle the vulnerabilities based on severity.

Prisma was easy to adopt in our CI/CD pipeline, but we only use it to scan the images for the last push in the CI. On the CD side, we use it for the assessment, like the pull and push. 

Prisma's notifications aren't up to industry standards. Also, Prisma is a bit harder to integrate than other tools. The deployment and onboarding are plug-and-play, but somewhat hard to handle in terms of integration with external operations tools. The product design isn't up to the current standard. I would recommend having higher standards in terms of integration with other tools, especially operationalized tools.

The product could better integrate business logs and runtime notifications from Enforcer and Network Security Module. I would recommend better visibility and integration for any violations.

I have been using Prisma for a year.

Prisma is stable.

We haven't used Prisma at scale. It hasn't grown since we deployed. We have four clusters but haven't added anything. We still keep the four clusters. We didn't add anything. In the coming months, we'll replicate this with other customers once we see that the solution is stable. 

Prisma's support was helpful. I rate them nine out of ten. 

Positive

We've never had another solution for this specific use case. This is the first. 

Some modules are straightforward to deploy, but others are a bit complex. End-to-end deployment of the modules and the whole network took approximately four months.

The Prisma team helped us in this deployment. The team helped us learn while implementing it. 

We've seen a return by reducing risks from cyberattacks and compliance issues. 

I recommend knowing the number of licenses you need for your operations and your expected workloads before signing a license agreement. There are no hidden costs as far as I know.

We looked at some solutions to improve security posture and risk management. Prisma was the product that had the capabilities we need in our price range.

I rate Prisma Cloud seven out of ten. Before you implement Prisma or any other solution, you need to ensure you have all the tools you need in place and know if it will fit into your current environment.

Our primary use case is to certify blueprints. We are helping both on the CSPM and the CWPP parts of it. We monitor the compute infrastructure and certify the project.

CACS for CSPM, we certify against the NIST 800-53 compliance standard.

For the compliance part, we have found the pie graph, where we can see all of the compliance standards in one go, to be a valuable feature.

Prisma Cloud's monitoring features such as the compute compliance dashboard and the vulnerability dashboard, where we can get a clear visualization of their docker, have also been valuable. We can get layer-by-layer information that helps us see exactly where it's noncompliant. They update the dashboards quite frequently.

Their data security feature is quite good as well.

Their training modules are good, and my team is okay with them.

Microsegmentation still needs improvement.

For data security, they have only specific regions like the US, and they need to move to Asia as well.

The most important thing has to do with the computing, licensing, and costing. They charge seven workloads for monitoring one compute, and that is quite expensive. This makes it difficult to move fully with the compute part because of the workload.

Their training modules need to have more live examples. We need to refer to the YouTube channel or follow Palo Alto to get the reference. If they can refer to the YouTube channel in their training and indicate that it can be referred to for further information, it would be good.

On their portal, they do not have which services are available in each region. While searching, it's very hard to find in which location a service is enabled. So, it would be great to have a list of services for each region.

I've been using Prisma Cloud for eight months. It is a SaaS solution.

It's stable as of now; it has not been down in the last eight months.

It is scalable as of now. We have 20 VMs.

Technical support is good. From what I've observed though, different regions seem to have different SMEs, subject matter experts, and different people have different knowledge. So, there is definitely a gap between the different SMEs.

We were using AWS products.

We switched because of twist lock for compute security. The Prisma Cloud dashboard is powerful, and it gives you at-a-glance compliance security against many standards. We can also write our own custom policies if we want to build our own standard. So, there are lots of benefits with Prisma Cloud.

It's a SaaS, so the initial setup is pretty straight forward. We are still onboarding, and most of the customers are in the dev environment as of now and not production. So, it was quite smooth. They have their contributions filed on the portal, the cloud formation templates.

The licensing cost is a bit high on the compute side. We get a corporate discount, which helps reduce overall cost. In some cases, you may need to have two licenses to onboard a project, which would make it expensive.

If your specialization involves blueprint certification against a compliance standard, then you can go with Prisma Cloud. It is very powerful for data loss prevention, and I would rate it at seven on a scale from one to ten.

Financial companies want to restrict user access, which means the users need to go through a subnet to access their services. When the user connects to the internet via the Prisma Cloud VPN, they can use different types of IP addresses globally. The changing IP addresses can be pretty complex. It costs a lot for the application site to apply for access.  

We negotiated with Palo Alto to get 20 servers, and the customers will be added to those 20 subnets. On the Spectrum Access side, we only need a white list of those twenty subnets, and we won't have issues in the future. 

The solution is managed by Palo Alto. We're using Panorama, a popular management tool, for managing the connection between the physical portal, firewall, and VPN, as well as Prisma Cloud.

The user experience is better than our previous solution. It gives us visibility into all the traffic. 

The most valuable feature is the closed VPN connection, which provides better performance than traditional VPN boxes. For example,  let's say a user in New York State normally connects in the East, but if they travel to the UK, they can connect to the same portal, which automatically redirects to any VPN gateway. We can control traffic based on Active Directory groups instead of the user's IP. That means a user in New York can access his application based on his user ID and AD group access when he travels to the UK or anywhere else.

Prisma Cloud can provide decent security across cloud environments, depending on how each company sets security policies. Prisma Cloud makes adding new users and managing access more flexible.  

I like Palo Alto's automated tool for migrating user data from other systems. We previously did this manually most of the time, but now we can update twice hourly automatically. 

During deployment, we created a tunnel from the cloud to our gateway in the data center because the users need some way to connect with the resources there, but all other traffic goes directly to the Palo Alto cloud. When the traffic goes to the Internet, sometimes it will come up with different IPs, causing some financial websites to be blocked. We needed to work with Palo Alto closely to solve this problem. 

Sometimes, when you assign subnets to regions, the IP address will jump from one location to another because it will automatically change substantially. Then, we need to add those IP subnets to our firewall for existing access. The need to update those subnets potentially causes maintenance or access issues. So far, we can only provide bigger customers with six subnets, and a small company may not be able to access those services. 

I rate Palo Alto customer service 10 out of 10. 

Positive

The migration takes time because we're typically not starting from scratch. We need to migrate everything from the existing VPN. I've used Prisma Cloud for a large financial enterprise with a complex infrastructure, and we worked on that for almost two years. It's less complicated for a mid-sized company, but the migration might take six to nine months.

It's hard to tell if there is an ROI in the short term. It may take a long time before you realize a return because there is a substantial initial investment. You can see a significant improvement in performance, but it may not necessarily save money. However, you'll ultimately improve service.

I rate Prisma Cloud nine out of 10. We would recommend it to any large global enterprise because it improves performance and offers a better user experience. It also gives you application-level control instead of regular IP address control. The latest version has many new features. So they can use the in-app Application ID and point to MAC applications instead of regular TCP/IP ports.