Prisma Cloud by Palo Alto Networks Reviews

We use Prisma Cloud for the banking sector to check the policies as required.

Prisma Cloud provides security scanning in multi and hybrid cloud environments. This is important because customers often ask if they need certain services, such as detection, auto-remediation, and policies. AWS has all of these features, but why would a customer use anything else? The answer is that Prisma Cloud is multi-cloud, so it can monitor multiple clouds as well as on-premise networks. This is often a key requirement for customers.

Prisma Cloud can help us take a preventative approach to cloud security. It is built for developers and provides a range of features, including RQL, multi-cloud support, and endpoint detection.

Prisma Cloud provides the visibility and control we need. It properly manages all cloud assets and provides information about assets in our cloud.

Prisma Cloud provides us with a single tool to protect all our cloud resources and applications, eliminating the need to manage and reconcile disparate security and compliance reports.

Prisma Cloud provides risk clarity at runtime and throughout the entire pipeline. It also shows issues as they are discovered during the build phases.

The developers are able to correct issues using the tools they used to code.

The alert investigation time has been reduced by half an hour.

Prisma Cloud's most important feature is its auto-remediation. This feature automatically fixes security vulnerabilities in our cloud or on-premises environment. This can help us to improve our security posture and reduce our risk of a security breach.

Prisma Cloud lags behind in terms of security automation capabilities. Specifically, the investigation feature is not fully automated and requires users to know the RQL language. This can be a barrier for new users.

Prisma Cloud is not updating the real-time information on the UI for our cloud assets. It takes approximately two to three hours for the information to be updated.

I would like Palo Alto to provide a three-month free trial for Prisma Cloud.

The stability has room for improvement.

I have been using Prisma Cloud by Palo Alto Networks for two months.

Prisma Cloud is not stable except for our AWS clients.

Prisma Cloud is scalable.

The initial setup is straightforward. The deployment can take anywhere from two days to 15 days. We deploy based on the customer's requirements. 

We implement the solution for our clients.

Prisma Cloud is more expensive than Check Point CloudGuard.

I give Prisma Cloud by Palo Alto Networks an eight out of ten.

Based on an organization's basic requirements for auditing and detection, I would recommend Prisma Cloud.

The best thing I have learned about Prisma Cloud is that it is a single platform, like SIEM. This is beneficial for network engineers because it reduces the complexity of finding the cause of an issue. With Prisma Cloud, everything can be found in one place.

I was managing Prisma Cloud for a client. They were scanning container images for vulnerabilities and remediation.

Prisma Cloud is a terrific resource for preventing security concerns, from breaches to malware. They provide a compliance index, which is an excellent feature. Prisma Cloud provides visibility into and control over complex cloud environments. It could provide more awareness about the need to implement different types of benchmarks. Prisma helped our governance evolve. It enabled us to build more policies and determine where we needed exceptions.

We could use Prisma to integrate security into our client's CI/CD pipeline and add touchpoints to existing DevOps processes. However, the touchpoints weren't as seamless as we would've liked. It was a little tricky because they were moving to two different types of cloud accounts. They had to decide whether to use Prisma Cloud or another tool for those new cloud accounts. It's a difficult question because they were doing a lot of cleanup for PTS and moving to the more recent version of AKS. It depends on the strategy.

The client wasn't using all of the features, but the one that stood out was infrastructure-as-code (IaC). I built IaC use cases and was trying to get them to use it. I also liked cloud workload protection. I worked with the vulnerability management team to develop a process. It's a manual process, so it can be challenging to remediate many image or container issues. It was nice that we could build out a reporting process and download the reports. The reports are solid.

Prisma Cloud provides security across multi-cloud and hybrid environments. My client was migrating to Azure, but it's great for anyone with a hybrid environment. Prisma offers visibility to developers and high-level leadership because the dashboard is excellent and the alerts are comprehensive. You can understand it even if you don't know all the technical terms. For example, when I wanted them to use another feature that would've been beneficial, I could demonstrate it to them visually so they could understand. 

The automation is a mixed bag. Sometimes you'll run into issues while mitigating various vulnerabilities, and it's still a manual process. You can automate with an API, but it depends on the corporate policies for containers. You have the option. However, it's still a struggle, but that's not necessarily due to Prisma Cloud. You have many workloads in the pipeline, and things are constantly being repaved. The containers are up and down, and the environment changes continuously, so many things are hard to automate. It's possible if you put the work into it.

Prisma can comprehensively protect a cloud-native development environment. You must also consider cloud security posture management. That's where infrastructure-as-code comes into play. You must ensure that you're utilizing the alert feature in the dashboard for the analytics. If you're not, then you need to integrate something else. The client wasn't using CSPM, but it was on the roadmap. They didn't because they're moving to an Azure environment. 

Prisma is good about compliance, and their support is excellent, but they struggle with automation and integration. They need to stay on top of the newest types of connectors. How can you connect other applications and other tools in order for this to work cohesively? That's a challenge.

I've been managing that solution for a year.

Prisma Cloud is solid. 

Prisma Cloud is highly scalable. 

I rate Palo Alto's support an eight out of ten. 

Positive

I don't think Prisma saved this organization any money, but it could have. They didn't know how to optimize Prisma Cloud. I was trying to help them do that, but they had other high-level projects that got in the way. They needed to consider their budgets and which Prisma features they wanted to use.

If they were to build out those use cases and map out anything involving governance and compliance, they would find that this tool could save them lots of money. If Prisma Cloud is optimized, it's an excellent tool that isn't as costly as some think. You need to invest time and effort to determine the number of cloud accounts you're connecting and how many containers you expect to stand up.

Once you're more aware of how to optimize Prisma, you can determine how many credits you need. It's all based on credits, which will be expensive if you purchase too many credits. This client bought more credits than they needed. I told them it was unnecessary because somebody in the DevOps team decided they were going to push everything to the dev environment needlessly. They crossed a threshold that didn't need to happen and panicked. A strategy to optimize costs will save you money.

I rate Prisma Cloud a nine out of ten. Before implementing Prisma, research the different features and look at your current tools to identify the gaps. What is not meeting your compliance needs? What policies do you have, and how can Prisma align with the strategy?

We use Prisma Cloud in several ways and there are a lot of use cases. The first way that we use it is for inventory. It keeps a near real-time inventory of virtual compute storage and services. Second, we use it for monitoring and alerting of misconfigurations or other items of security significance. Next is compliance. We use it to monitor compliance with the centers for internet security (CIS) benchmarks.

Prisma provides security that spans multi/hybrid-cloud environments. We have it configured to watch for compliance in AWS, the Google Cloud Platform, and very soon, Azure as well. This is important to us because our risk management organization mandated the fact that we would maintain this overwatch capability in any of our clouds that have virtual compute storage or workloads.

Prisma's comprehensiveness for protecting the full cloud-native stack is excellent.

The comprehensiveness of the cloud-native development lifecycles is excellent. For us, the deploy functionality is not applicable but the build and run capabilities are. It positively affects our operations and gives us optics that we wouldn't otherwise have, at the speed of the cloud.

Prisma provides the visibility and control that we need, regardless of how complex our environments are. This very much boosts our confidence in our security and compliance postures. It's also been deemed acceptable as a sufficient presence and efficacy of control by our internal auditors and external regulators alike.

This solution has enabled us to integrate security into our CI/CD pipelines and add touchpoints as a control stop in the release chain. The touchpoints are seamless and very natural to our automation.

Prisma Cloud is a single tool that we can use to protect all of our cloud resources without having to manage and reconcile several security and compliance reports. It unifies and simplifies the overall operations.

Using this tool provides us with risk clarity across the entire pipeline because we use it as a pre-deployment control, ensuring that the run state is known and the risk posture is known at runtime. Our developers use this information to correct issues using our tools for YAML, JSON, CloudFormation templates, and Terraform.

Prisma does so much pre-screening that it limits the number of runtime alerts we get. This is because those pre-deployment code controls are known before the run state.

The investigations capabilities enhance our process and lower incident response and threat detection time. However, it is an enabler and it is run in parallel with our SIEM, which is Splunk. Most of what we're going to do, investigation-wise, is going to be in Splunk, simply because there's better domain knowledge about the use of that tool in Splunk's query language.

The most valuable feature is the continuous cloud compliance monitoring and alerting. The way Prisma works is that it has a tentacle from Palo Alto's AWS presence into ours. That tentacle is an application program interface, an API, a listener. That listener goes in and is entitled to look at all of the Amazon Web Services' logging facilities. It can then do event correlation, and it can tattletale on misconfigurations such as an S3 storage bucket made publicly available. We wouldn't otherwise be aware of that if Prisma didn't watch for it and alert on it.

Prisma provides cloud workload protection and cloud network security in a single pane of glass, and these items are very important to us. It also provides cloud infrastructure entitlement management but identity and access management is not something that we use Prisma for. We implemented a PoC but we opted to use another tool for that use case.

The security automation capabilities provided by this product are excellent and industry-leading. Palo Alto bought a company called Twistlock, which makes a pre-deployment code scanner. They added its functionality to the feature set of Prisma in the form of this compute module. Now, we're able to use the Twistlock capability in our automation, which includes our toolchains and pipelines.

This tool provides excellent features for preventative cloud security. We use all of the auto-remediation capabilities that Prisma offers out of the box. That "see something, do something" auto-remediation capability within Prisma keeps our human responders from having to do anything. It's automated, meaning that if it sees something, it will right the wrong because it has the entitlement to do that with its Prisma auto-remediation role. It's great labor savings and also closes off things much quicker than a human could.

Palo just keeps bolting on valuable features. They just show up in the console, and they have their little question mark, down in the lower right-hand corner, that shows what's new, and what's changed for August or September. They just keep pouring value into the tool and not charging us for it. We like that.

We would like to have the detections be more contemporaneous. For example, we've seen detections of an overprivileged user or whatever it might be in any of the hundreds of Prisma policies, where there are 50 minutes of latency between the event and the alert. We'd always want that to be as quick as possible, and this is going to be true for every customer.

The billing function, with the credits and the by-workload-licensing and billing, is something that is a little wonky and can be improved.

We began using Prisma Cloud in October or November 2018, when it was still known as RedLock.

Stability-wise, it has been perfect.

The scalability is excellent. Palo keeps adding cloud support, such as for Alibaba, Oracle, and others.

We have approximately 5,500 employees. Our deployment is all-encompassing overwatch to all of our AWS accounts, of which there are 66. We also have two or three different folders within GCP.

We do have plans to increase our usage. This includes using it for more of its capabilities. For example, there is a workload protection link that we haven't fully embraced. There are also some network security features and some dashboarding and geo-mapping capabilities that we could make better use of.

The technical support is excellent. We have premium support with Palo Alto and I never have any critique for the quality or speed of support.

We have used this solution from the outset of our cloud journey. It began with Evident.io, then it became RedLock, and then it became Prisma Cloud.

The initial setup is very straightforward. We did it several times.

The first one was deployed to AWS, which probably took about an hour. Years later, as we adopted the Google Cloud, it was configured in probably half an hour.

Palo provides the necessary setup instructions and you can't go wrong, as long as you have the role entitlement set up for Prisma. The handshake only takes about an hour.

Our deployment was done entirely in-house.

We have three people, full-time, who are responsible for the maintenance. Their roles are policy management, meaning these are the rule sets. It's called RQL, the RedLock query language, the out-of-the-box policies that are ever dynamic. When there's a new policy, we have to go in and rationalize that with our cyber organization.

We have to scrutinize the risk rating that's put on it by Palo. We have to realize when we're going to turn it on and turn it off. Also, we have to consider the resulting incident response procedures associated with the alert happening.

One metric that would be meaningful in this regard is that our company has had no cloud-based compromise. 

You can expect a premium price because it is a premium quality product by a leading supplier.

We are a strategic partner with Palo Alto, meaning that we use all of their solutions. For example, we use their NG firewalls, WildFire, Panorama, Prisma, and all of their stuff. Because Prisma was an add-on for us, we get good pricing on it.

There are costs in addition to the standard licensing fees. The credits consumption billing model is new and we're going to be using more of the features. As we embrace further and we start to use these workload security protections, those come at an incremental cost. So, I would say that our utilization, and thus the cost, would trend up as it has in the past.

We evaluated several other products such as DivvyCloud, Dome9, and a product by Sophos.

We did a full comparison matrix and rationalization of each of the capabilities. Our sister company was using DivvyCloud at the time and as we do from time to time, we conferred with them about what their likes and dislikes were. They were moderately pleased with it but ultimately, we ended up going with Palo Alto.

My advice for anybody who is considering this product is to give it a good look. Give it a good cost-balance rationalization versus the cost of a compromise or breach, because it's your defense mechanism against exposure.

I would rate this solution a ten out of ten.

We had an internal debate regarding our firewall solution for the cloud. Initially we had a vendor that suggested we could build a whole environment using the Azure firewall, but we had requirements for Zero Trust architecture. We are essentially like a bank. We were planning to host some PCI services in the cloud and we were planning to create all the zones. When we looked at the feature set of Azure, we were not able to find Layer 7 visibility, which we had on our firewalls, and that is where the debate started. We thought it was better to go with a solution that gives us that level of visibility. Our team was comfortable with Palo Alto as a data center firewall, so we went for Prisma Cloud.

The comprehensiveness of the solution for protecting the full cloud-native stack is pretty good. It is doing a good job in three areas: identification, detection, and the response part is also very clear. We are able to see what is wrong, what is happening, and what we allowed, even for troubleshooting. If something goes bad, we need to check where it went bad and where it started. For example, if there is an issue that seems to be performance-related, we are able to look at the logs and the traffic flow and identify if the issue really is performance-related or if it is a security issue. Because we are new to the cloud, we are using a combination of different features to understand what is going on, if the application owner does not know what is wrong. We use the traffic analysis to find out what it was like yesterday or the day before and what is missing. Perhaps it is an authentication issue. We use it a lot for troubleshooting.

We have implemented Palo Alto's SOAR solution, Demisto, and have automated some of the things that our SOC team identified, related to spam and phishing. Those workflows are working very well. Things that would take an analyst between three and six hours to do can now be achieved in five to eight minutes because of the automation capabilities.

Overall, the Palo Alto solution is extremely good for helping us take a preventative approach to cloud security. One of the problems that we had was that, in the cloud, networking is different from standard networking. Although only a portion of our teams is trained on the cloud part, because we had engineers who were using the platform, they were able to quickly adapt. We were able to use our own engineers who were trained in the data center to very quickly be able to work on Prisma Cloud. But when we initially tried to do that with Azure itself, we had a lot of difficulty because they did not have the background in how Azure cloud works.

Also, when you have a hybrid cloud deployment, you will have something on-prem. Maybe your authentication or certain applications are still running on-prem and you are using your gateway to communicate with the cloud. A lot of troubleshooting happens in both the data centers. When we initially deployed, we had separate people for the cloud and for the local data centers. This is where the complication occurred. Both teams would argue about a lot of things. Having a single solution, we're able to troubleshoot very quickly. The same people who work on our Palo Alto data center firewalls are able to use Prisma Cloud to search and find out what went wrong, even though it's a part of the Azure infrastructure. That has been very good for us. They were easily able to adapt and, without much training, they were able to understand how to use Prisma Cloud to see what is happening, where things are getting blocked, and where we need to troubleshoot.

The solution provides the visibility and control we need, regardless of how complex or distributed the cloud environments become. If you have traffic passing through multiple zones and you have your own data center as well, that is where it does the magic. Using Prisma Cloud, we're able to quickly troubleshoot and identify where the problem is. Suppose that a particular feature in Office 365 is not working. The packet capture capability really helps us. In certain cases, we have seen where Microsoft has had bugs and that is one area where this solution has really helped us. We have been able to use the packet capture capability to find out why it was not working. That would not have been possible in a normal solution. We are using it extensively for troubleshooting. We are capturing the data and then going back to the service provider with the required logs and showing them the expected response and what we are getting. We can show them that the issue is on their side.

When it comes to Zero Trust architecture, it's extremely good for compliance. In our data center, we did a massive project on NSX wherein we had seven PCI requirements. We needed to ensure that all the PCI apps pass through the firewall and that they only communicate with the required resources and that there was no unexpected communication. We used Prisma Cloud to implement Zero Trust architecture in the cloud. Even in between the subnets, there is no communication allowed. Only what we allowed is passing through the firewall. The rest is getting blocked, which is very good for compliance.

If I have to generate a report for the PCI auditor, it is very simple. I can show him that we have the firewall with the vulnerability and IPS capabilities turned on, and very quickly provide evidence to him for the certification part. This is exactly what we wanted and is one of the ways in which the solution is helping us.

Another of the great things about Prisma Cloud is that the management console is hosted. That means we are not managing the backend. We just use Prisma Cloud to find out where an issue is. We can go back in time and it is much faster. If you have an appliance, the administration and support of it are also part of your job. But when you have Prisma Cloud, you don't care about those things. You just focus on the issues and manage the cloud appliances. This is something that is new for us and extremely good. Even though we have a lot of traffic, the search and capabilities are very fast, making them extremely good for troubleshooting.

Because the response is much faster, we're able to quickly find problems, and even things that are not related to networking but that are related to an application. We are able to help the developers by telling them that this is where the reset packet is coming from and what is expected.

We are using the new Prisma Cloud 2.0 Cloud Security Posture Management features. For example, there are some pre-built checklists that we utilize. It really helps us identify things, compared to Panorama, which is the on-prem solution. There are a lot of elements that are way better than Panorama. For instance, it helps us know which things we really need to work on, identifying issues that are of high importance. The dashboards and the console are quite good compared to Panorama.

If one of our teams is talking about slowness, we are able to find out where this slowness is coming from, what is not responding. If there is a lock on the database, and issues are constantly being reported, we are able to know exactly what is causing the issue in the backend application.

The main feature is the management console which gives us a single place to manage all our requirements. We have multiple zones and, using UDR [user-defined routing] we are sending the traffic back to Palo Alto. From there we are defining the rules for each application. What we like about it is the ease of use and the visibility.

The application visibility is amazing. For example, sometimes we don't know what a particular custom port is for and what is running on it. The visibility enables us to identify applications, what the protocol is, and what service is behind it. Within Azure, it is doing a great job of providing visibility. We know exactly what is passing through our network. If there is an issue of any sort we are able to quickly detect it and fix the problem.

The solution provides Cloud Security Posture Management, Cloud Workload Protection, Cloud Network Security, and Cloud Infrastructure Entitlement Management in a single pane of glass. When it comes to anomaly detection, because we have Layer 7 visibility, if there is something suspicious, even though it is allowed, we are able to identify it using the anomaly detection feature. We also wanted something where we could go back in time, in terms of visibility. Suppose something happened two hours back. Because of the console, we are able to search things like that, two hours back, easily, and see what happened, what change might have happened, and where the traffic was coming from. These features are very good for us in terms of investigation.

In addition, there are some forensic features we are utilizing within the solution, plus data security features. For example, if we have something related to financial information, we can scan it using Prisma Cloud. We are using a mixture of everything it offers, including network traffic analysis, user activity, and vulnerability detection. All these things are in one place, which is something we really like.

Also, if we are not aware of what the port requirements are for an application, which is a huge issue for us, we can put it into learning mode and use the solution to detect what the exact port requirements are. We can then meet to discuss which ones we'll allow and which ones are probably not required.

The only part that is actually tough for us is that we have a professional services resource from Palo Alto working with us on customization. One of the things that we are thinking about is that if we have similar requirements in the future, how can we get his capability in-house? The professional services person is a developer and he takes our requirements and writes the code for the APIs or whatever he needs to access. We will likely be looking for a resource for the Demisto platform.

The automation also took us time, more than we thought it would take. We had some challenges because Demisto was a third-party product. Initially, the engineer who is with us thought that everything was possible, but later on, when he tried to do everything, he was not able to do some things. We had to change the strategy multiple times. But we have now reached a point where we are in a comfort zone and we have been able to achieve what we wanted to do.

Also, getting new guys trained on using the solution requires some thought. If someone is already trained on Palo Alto then he's able to adapt quickly. But, if someone is coming from another platform such as Fortinet, or maybe he's from the system side, that is where we need some help. We need to find out if there is an online track or training that they can go to.

Related to training is the fact that changes made in the solution are reflected directly in the production environment. As of now, we are not aware of any method for creating a demo environment where we can train new people. These are the challenges we have.

We have been using Prisma Cloud by Palo Alto Networks for about eight months.

We have not had many issues with the solution's stability, and whatever challenges we have had have been in the public cloud. But with the solution itself there has only been one issue we got stuck on and that was NAT-ing. It was resolved later. We ran into some issues with our design because public internet access was an issue, and that took us some time. But it was only the NAT-ing part where we got stuck. The rest has all been smooth.

As of now, we have not put a load on the system, so we will only know about how it handles that when we start migrating our services. For now, we've just built the landing zones and only very few services are there. It will take like a year or so before we know how it will handle our load.

This is our main firewall solution. We are not relying on the cloud-based firewall as of now. All our traffic is going through Prisma Cloud. Once we add our workloads, we will be using the full capacity of the solution.

We have not had any issues up to now.

We initially tried to use the Azure firewall and the VPC that is available in Azure, but we had very limited capabilities that way. It was just a packet filtering solution with a lot of limitations and we ended up going back to Palo Alto.

The initial setup was straightforward. There was an engineer who really helped us and we worked with them directly. We did not have any challenges.

The initial deployment took us about 15 days and whatever challenges we had were actually from the design side. We wanted to do certain things in a different way and we made a few changes later on, but from the deployment and onboarding perspectives, it was straightforward.

We have a team of about 12 individuals who are using Prisma Cloud, all from the network side, who are involved in the design. On the security side, three people use it. We want to increase that number, but as I mentioned earlier, there is the issue of how we can train people. For maintenance, we have a 24/7 setup and we have at least six to eight engineers, three per shift. Most of them are from the network security side, senior network security engineers, who mainly handle proxy and firewall.

Our implementation strategy included using a third-party vendor, Crayon, who actually set up the basic design for us. Once the design was ready, we consulted with the Palo Alto team telling them that this was what we wanted to implement: We will have this many zones and these are the subnets. It didn't take much time because we knew exactly what our subnets were but also because the team that was helping us had already had experience with deployment.

Our experience with Crayon went well. Our timeline was extremely short and in the time that was available they did an excellent job. We reached a point where the landing zones were ready and whatever issues we had were resolved.

I can't say much about the pricing because we still have not started using the solution to its full capabilities. As of now, we don't have any issues. Whatever we have asked for has been delivered.

If you pay for three years of Palo Alto, it's better. If you're planning on doing this, it's obviously not going to be for one year, so it's better if you go with a three-year license.

The only challenge we have is with the public cloud vendor pricing. The biggest lesson I have learned is around the issues related to pricing for public cloud. So when you are doing your segmentation and design, it is extremely important that you work with someone who knows and understands what kinds of needs you will have in the future and how what you are doing will affect you in terms of costs. If you have multiple firewalls, the public cloud vendor will also charge you. There are a lot of hidden costs.

Every decision you make will have certain cost implications. It is better that you try to foresee and forecast how these decisions are going to affect you. The more data that passes through, the more the public cloud will charge you. If, right now, you're doing five applications, try to think about what 100 or 250 applications will cost you later.

If we had gone with the regular Azure solution, some of the concerns were the logging, monitoring, and search capabilities. If something was getting blocked how would we detect that? The troubleshooting was very complicated. That is why we went with Prisma Cloud, for the troubleshooting.

Microsoft is not up to where Palo Alto is, right now. Maybe in six months or a year, they will have some comparable capabilities, but as of now, there is no competitor.

Before choosing the Palo Alto product we checked Cisco and Fortinet. In my experience, it seemed that Cisco and Forinet were still building their products. They were not ready. We were lucky that when we went to Palo Alto they already had done some deployments. They already had a solution ready on the marketplace. They were quickly able to provide us the demo license and walk us through the capabilities and our requirements. The other vendors, when we started a year ago, were not ready.

If you have compliance requirements such as PCI or ISO, going with Palo Alto would be a good option. It will make your life much easier. If you do not have Layer 7 visibility requirements and you do not have auditing and related requirements, then you could probably survive by going with a traditional firewall. But if you are a midsize or enterprise company, you will need something that has the capabilities of Prisma Cloud. Otherwise, you will have issues. It is very difficult to work with the typical solution where there is no log and you don't know exactly what happened and there is too much trial and error.

Instead of allowing everything and then trying to limit things from there, if you go with a proper solution, you will know exactly what is blocked, where it is blocked, and what to allow and what not to allow. In terms of visibility, Prisma Cloud is very good.

One thing to be aware of is that we have a debate in our environment wherein some engineers from the cloud division say that if we had an Azure-based product, the same engineer who is handling the cloud, who is the global administrator, would have visibility into where a problem is and could handle that part. But because we are using Palo Alto, which has its own administrators, we still have this discussion going on.

Prisma Cloud also provides security spanning multi- and hybrid-cloud environments, which is very good for us. We do not have hybrid cloud as of now, but we are planning, in the future , to be hosting infrastructure on different cloud providers. As of now we only have Azure.

Because Zero Trust is something new for us, we have actually seen a significant increase in alerts. Previously, we only had intra-zone traffic. Now we have inter-zone traffic. Zero Trust deployments are very different from traditional deployments. It's something we have to work on. However, because of the increased security, we know that a given computer tried to scan something during office hours, or who was trying to make certain changes. So alerts have increased because of the features that we have turned on.

We primarily use Prisma Cloud as a cloud security posture management (CSPM) module. Prisma Cloud is designed to catch vulnerabilities at the config level and capture everything on a cloud workload, so we mainly use it to identify any posture management issues that we are having in our cloud workloads. We also use it as an enterprise antivirus solution, so it's a kind of endpoint security solution.

Our setup is hybrid. We use SaaS also. We mostly work in AWS but we have customers who work with GCP and Azure as well. About 60 percent of our customers use AWS, 30 percent use Azure, and the remaining 10 percent are on GCP. Prisma Cloud covers the full scope. And for XDR, we have an info technology solution that we use for the Gulf cloud. So we have the EDF solution rolled out to approximately around 500 instances right now.  

Prisma Cloud is used heavily in our all production teams. Some might not be directly using the product since our team is the service owner and we manage Prisma. Our team has around 10 members teams, and they are the primary users. From an engineering aspect, there are another 10 team members who use it basically. Those are the actual people who work hands-on with Prisma Cloud. Aside from that, there are some product teams that use Prisma indirectly. If we detect something wrong with their products, we take care of it, but I don't think they have an active account on Prisma Cloud.

Prisma Cloud has been helpful from a security operations perspective. When a new product is getting onboarded or we are creating a new product — specifically when we need to create a new peripheral— it's inevitable that there will be a kind of vulnerability due to posture management. Everything we produce goes through via CICD, and it's kind of automated. Still, there are some scenarios where we see some gaps. So we can discover where those gaps exist, like if someone left an open port or an instance got compromised. 

These kinds of situations are really crucial for us,  and Prisma Cloud handles them really well. We know ahead of time if a particular posture is bad and we have several accounts in the same posture. Prisma gives us a deep dive with statistics and metrics, so we know which accounts are doing bad in terms of posture, how many accounts are out of alignment with the policy strategy, how many are not compliant. Also, it helps us identify who might be doing something shady. 

So we get some good functionality overall in that dashboard. Their dashboard is not customizable, however, so that's a feature we'd like to say. At the same time, what they do provide on their dashboard is pretty helpful. It enables us to make the posture management more mature. We're able to protect against or eliminate some potential incidents that could have happened if we didn't have Prisma. 

Prisma Cloud is quite simple to use. The web GUI is powerful. Prisma Cloud scans the overall architecture of the AWS network to identify open ports and other vulnerabilities, then highlights them. It's really good at managing compliance. We get out-of-the-box policies for SOC 2, Fedramp, and other compliance solutions, so we do not need to tune most of the rules because they are quite compliant, useful, and don't get too many false positives. 

And in terms of Prisma Cloud's XDR solution, we do not have anything at scope at present that can give us the same in-depth visibility on the endpoint level. So if something goes bad on the endpoint, Prisma's XDR solutions can really go deep down to identify which process is doing malicious activity, what was the network connection, how many times it has been opened, and who is using that kind of solution or that kind of process. So it's a long chain and its graphical representation is also very good. We feel like we have power in our hands. We have full visibility about what is happening on an endpoint level. 

When it comes to securing new SaaS applications, Prism Cloud is good. If I had to rate it, I would say seven out of 10. It gives us really good visibility. In the cloud, if you do not know what you are working with or you do not have full visibility, you cannot protect it. It's a good solution at least to cover CSPM. We have other tools also like Qualys that take care of the vulnerability management on the A-level staff — in the operating system working staff — but when it comes to the configuration level, Prisma is the best fit for us. 

Prisma Cloud's dashboards should be customizable. That's very important. Other similar solutions are more elastic so you have the power to create customized dashboards. In Prisma Cloud, you cannot do that. Prisma also should allow users to fully automate the workflow of an identified set. Right now, it can give us a hint about what has happened and there is an option to remediate that, but for some reason, that doesn't work. 

Another pain point is integration with ticketing solutions. We need bidirectional integration of Prisma Cloud and our ticketing tool. Currently, we only have one-way integration. When an alert appears in Prisma Cloud, it shows up in our ticketing tool as well. But if someone closes that ticket in our ticketing tool, that alert doesn't resolve in Prisma Cloud. We have to do it manually each time, which is a waste of time. 

 I am not sure how much Prisma Cloud protects against zero-day threats. Those kinds of threats really work in different kinds of patterns, like identify some kind of CBE, that kind of stuff. But considering the way it works for us, I don't think it'll be able to capture a zero-day threat if it is a vulnerability because Prisma Cloud actually doesn't capture vulnerability. It captures errors in posture management. That's a different thing. I don't know if there is any zero-day that Prisma can identify in AWS instantly. Probably, we can ask them to create a custom policy, but that generally takes time. We haven't seen that kind of scenario where we actually have to handle a zero-day threat with Prisma Cloud, because that gets covered mostly by Qualys.

I've been using Prisma Cloud for almost two years now.

Prisma Cloud is quite stable. At times, it goes down, but that's very rare. We have some tickets with them, but when we see some issues, they sort it out in no time. We do not have a lot of unplanned downtime. It happens rarely. So I think in the last year, we haven't seen anything like that.

Prisma Cloud is quite scalable. In our current licensing model, we're able to heavily extend our cloud workload and onboard a lot of customers. It really helps, and it is on par with other solutions.

I think Prisma Cloud's support is quite good. I would rate them seven out of 10 overall. They have changed their teams. The last team was comparatively not as good as the one we have right now. I would rate them five out of 10, but they have improved a lot. The new team is quite helpful. When we have an issue, they take care of it personally if we do not get an answer within the terms of the SLA. We tend to escalate to them and get a prompt answer. The relationship between our management and their team is quite good as well. .

We have a biweekly or weekly call with their tech support team. We are in constant communication about issues and operating problems with them. It's kind of a collab call with their tech support team, and we have, I think, a monthly call with them as well. So whenever we have issues, we have direct access to their support portal. We create tickets and discuss issues on the call weekly.

Transitioning to the new support team was relatively easy. They switched because of the internal structure and the way they work. Most of the engineering folks work out of Dublin and we are in India. The previous team was from the western time zone. That complicated things in terms of scheduling. So I think the current team is right now in Ireland and it's in the UK time zone. That works best for us. 

We have an engineering team that does the implementation for us, and our team specifically handles the operations once that product is set up for us. And then that product is handed over to us for the daily BA stuff accessing the security, the CSPM kind of module. We are not involved directly. When the product gets onboarded, it's handed over to us. We handle the management side, like if you need to create a new rule or you need to find teams for the rule. But the initial implementation is handled by our engineers.

I would rate Prisma Cloud six out 10. I would recommend it if you are using AWS or anything like that. It's quite a tool and I'm impressed with how they have been improving and onboarding new features in the past one and a half years. If you have the proper logging system and can implement it properly within your architecture, it can work really well.

If you are weighing Prisma Cloud versus some CASB solution, I would say that it depends on your use case. CASBs are a different kind of approach. When someone is already using a CASB solution, that's quite a mature setup while CSPM is another side of handling security. So if someone has CASB in place and feels they don't need CSPM, then that might be true for a particular use case at a particular point in time. But also we need to think of the current use case and the level of maturity at a given point in time and consider whether the security is enough.

It's a service that we have acquired for our cybersecurity department. We deployed Prisma Cloud by Palo Alto in all our clouds, which are Amazon, Azure, and Alibaba.

We are doing cloud security compliance as a security posture, and we are also doing workflow protection.

The solution gives us a lot of visibility across all of our cloud solutions. It helps with the security posture across all of our clouds. 

The security posture and workflow protection are excellent.

From the initial POC, compared to what we had witnessed with Check Point, it's easier to use.

Prisma Cloud is quite a good solution. However, the price is not good. 

We'd like to have more native integration with clouds and additional security checks in the future. It will be nice to see a general evolution of the solution. 

I've been using the solution for about one year.

The stability has been good so far after less than a year of use.

We are early in the process in terms of using the solution. We're not expecting to scale in the next few years. The problem there will be the licensing costs.

Right now, the environment we use is quite big already. We have several clouds already and need the visibility the solution provides. 

Our consultants deal with technical support. I do not deal with support directly. 

We did not previously use a different solution. We wanted our partner to validate our security with a tool from time to time. However, it was a service they were providing to us.

My team was involved in the deployment. I was not directly involved. It was straightforward with the help of our consultants.

Our consulting partner helped us with the initial deployment. 

We witnessed an ROI. It helped reduce risks and sped up threat detection. We avoided human mistakes as well while using this solution. 

We noted the value almost immediately once it was deployed. 

The price is high. In the future, when there are more competitors at the same level with different clouds, maybe the position will be different. 

We evaluated Check Point due to the relationship we have with them. Yet, they did not completely support Alibaba. Alibaba was only compatible with Check Point and Prisma. However, Check Point was at a very early stage and not quite as developed. 

I'd rate the solution an eight out of ten. 

I generally use Prisma Cloud to dive deeper into any security findings generated by Prisma. It's also a good way to get a complete inventory of all our cloud assets spread across different cloud platforms.

The customers that we work with have really benefited from Prisma Cloud by including it in their workflows and security audits. Prisma Cloud has really helped them improve their security posture.

Prisma Cloud's inventory reporting is pretty good. If you have multiple clouds or platforms, you can have a list of all your cloud resources within Prisma. The security posture management is also great.

We continuously work with our security teams to find any issues with their infrastructure. Prisma continuously monitors the infrastructure, which helps us locate those resources and patch those findings.

The information presented in the UI sometimes doesn't look intuitive enough. For instance, if I want to look at all the resources that are affected by a certain finding, sometimes it's not easy to locate how to look at all those resources in one place. But that's just a UI quirk. However, API-wise, Prisma Cloud is pretty good for locating what you're looking to find.

I have been using Prisma Cloud by Palo Alto Networks for the past six months.

It is a stable product. I haven't seen any outages with Prisma Cloud.

It is a scalable product.

Prisma Cloud's customer service is pretty great.

Positive

We used a different solution before switching to Prisma Cloud. The decision to switch to Prisma Cloud was a strategic decision made by the enterprise.

The initial deployment was pretty straightforward. We primarily use it with our AWS cloud, and it's pretty easy to set up cross-account roles to get access to Prisma. Prisma Cloud uses cross-account IAM roles in AWS. You just set those roles up using a stack SAT across your entire set of AWS accounts, and Prisma can access all those accounts immediately.

We implemented in-house.

Prisma Cloud has really improved our productivity and freed up resource time from manually hunting for findings to automating it.

Before choosing Prisma Cloud, we did a few POCs for products like DivvyCloud, Dome9, and Cisive. All these products pretty much do the same thing with a few differentiating factors, but not enough to really stand out.

I rate Prisma Cloud an eight on a scale of one to ten for ease of use. It is pretty intuitive, except for not being able to locate resources affected by a certain finding individually.

Prisma Cloud has helped free up staff to work on other projects. Previously, we used to do ad hoc scripting to find different resources affected by a certain finding. However, we no longer have to do that because everything is automated.

At least ten hours each week were freed up because of the Prisma Cloud.

Meeting with all the industry professionals at the RSA conference is a great feeling. We get to learn about the latest trends in cybersecurity, all the new products that are coming up to tackle all the challenges, and especially the role of AI and machine learning in cybersecurity.

We've been looking at improving our hybrid connectivity solutions and making them more secure. We explored a few solutions at the RSA conference, which will come into play when we decide.

Overall, I rate Prisma Cloud an eight out of ten.

We were implementing and expanding a system that we had internally. We were creating a system called Midas, which was about keeping data safe. It was cloud-based. We wanted to keep data safe and provide an analytics environment on the cloud.

We now have a service offering that secures data and allows large volumes of data to be secured and exposed within a tight and well-founded community.

It helped to reduce downtime in our organization.

Its ease of integration is valuable because we need to get the solution out of the door quickly, so speed and ease matter.

The area for improvement is less about the product and more about the upsell. If we've already agreed that we'd like your product x, y, or z, don't try to add fries to my burger. I don't need it.

The firm has been using it for about two years. My direct interaction with it was about a year ago.

I didn't notice any kind of instability, but there are foibles and little nuances.

We are happy with it overall. I'd rate them an eight out of ten.

Positive

We had a number of different solutions and still do.

It was in-between in terms of complexity. We leveraged our Palo Alto friends to help us get over the humps, and they did a great job.

We didn't take help from any third party. Palo Alto implemented it.

We have not seen an ROI in this case, but we didn't buy it for a return on investment.

We evaluated multiple solutions. They have a well-known product line in the industry, and we stopped and talked with them and picked them because of their capabilities and competencies.

In terms of providing a unified platform that natively integrates all security capabilities, I'm not expert enough to say that it supplies everything, but it's well-known. There are a number of different features and capabilities in their suite.

To a colleague at another company who says, “We are just looking for the cheapest and fastest firewall," I would say that it's never the cheapest and the fastest. You always need to lay down what your needs are and then go after who has the right level of capabilities, competencies, and price point.

Palo Alto embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. Every vendor needs to be considering how they're going to appropriately integrate both generative AI and machine learning. As we move forward, it's going to be table stakes.

In terms of the value I receive from attending an RSA Conference, I have two hats. I'm working for an organization. It's federally funded research and development. Attending an RSA Conference helps me keep a finger on the pulse of that, but I also am a security blogger, so I make sure that I'm keeping up to date. Talking to people is another important part of this conference. The one thing that's missing from the conference is that there's so much focus on reaction instead of protection up front and thinking about things up front, but it's a very valuable conference overall. 

Overall, I'd rate them an eight out of ten. They are well known in this field, and they do have good products that are niche to what they're doing.

We provide our customers with a secure cloud platform. The client uses this solution for their architecture and we check the reports once a month and provide them with guidance on how to improve their cloud operation.

Prisma Cloud by Palo Alto Networks provides a security span in multiple cloud and hybrid cloud environments. This is an important step to be able to have visibility of all the cloud environments.

The solution has helped me to take a preventative approach to cloud security. This technology is what is going to be used predominantly in the future. The newest standards are being used in this solution technology providing us with a preventive approach.

This solution benefits organizations because it uses the newest technology to provide a safe cloud environment.

We do not have a very complex environment but for our usage, the solution provides us visibility and control.

The solution provides us with a single tool that protects all our cloud resources without having to manage and reconcile security compliance reports.

The most valuable feature of Prisma Cloud by Palo Alto Networks is the CSPM, which we use the most. Additionally, the investigation and alerts are useful, and the creation of queries.

The solution is improved frequently, approximately twice a month.

Support is an area that needs improvement.

I have been using Prisma Cloud by Palo Alto Networks for approximately two years.

Prisma Cloud by Palo Alto Networks has been a stable solution.

We have approximately six engineers using this solution in my organization.

The scalability of Prisma Cloud by Palo Alto Networks is good. If we want to scale, we only need to purchase another license.

The technical support is not good at responding to questions compared to other companies. They can be slow to respond and not professional enough. There are times when we have a question and they give us a general answer that is not helpful.

The initial setup of Prisma Cloud by Palo Alto Networks is easy.

The solution has saved us money.

The pricing structure is easy to understand. Depending on the use case the pricing of the solution can be different. There are not any additional costs to the standard living fees.

I rate Prisma Cloud by Palo Alto Networks an eight out of ten.

We are using the solution to manage vulnerabilities in containers. We use it to detect vulnerabilities and remediate vulnerabilities found in containers running in the public cloud, like AWS.

We are using the latest version.

It helps us in detecting our vulnerabilities and protecting our security posture. It also provides automated remedies. We don't see this as a preventative measure, but it helps us in timely detection and remediation of our problems. This means we will not be exploited and made vulnerable to bad actors.

Prisma Cloud provides the visibility and control that we need, regardless of how complex or distributed our cloud environments become, which is very nice. We have an extremely distributed system. Prisma Cloud provides good visibility across the distribution of our system. This definitely adds to our confidence. At any single point of time, we can see our entire cloud posture across our environment, which definitely helps and gives us more confidence to use this product.

It has definitely worked. It has improved the overall collaboration between SecOps and DevOps. Now, instead of asking people to do something, it is a default offering in the CI/CD. There is less manual intervention and more seamless integration. It is why we don't have many dependencies across many teams, which is definitely a better state. 

We have only used two of its features: vulnerability scanning and compliance. We found that the vulnerability scanning has been the most useful feature so far. It has good detection capabilities that we have been able to integrate with our CI/CD pipeline.

The solution provides the following in a single pane of glass: Cloud Workload Protection and Cloud Network Security. These are very important features because they represent some of the basic security requirements that we have to harden our infrastructure. These are non-negotiable requirements. They form some of the basic building blocks for our entire security infrastructure, which is why they are required.

Areas like the deployment of their defenders and their central control need manual intervention. They should focus more on automation. They have a very generic case for small companies. However, for bigger companies to work, we have to do a lot of changes to our system to accommodate it. Therefore, they should change their system or deployment models so it can be easy to integrate into existing architectures.

Prisma Cloud has enabled us to integrate security into our CI/CD pipeline and add touchpoints into existing DevOps processes. It is not 100 percent seamless since we still need to do some manual interventions. Because the way that we have designed our CI/CD for Prisma Cloud, the integration was neither smooth nor was it 100 percent seamless.

I have been using it for a year.

We had some initial hiccups. Wherein, if the number of defenders increased beyond a point, we started seeing some scalable alerts and concerns. Over time they fixed it, and it is better now.

It is scalable only to a particular number. Up to 10,000 defenders connecting to the console for small- to medium-sized companies is the perfect fit.

Prisma Cloud provides security spanning multi- and hybrid-cloud environments. This is very important because we want our solutions to scale with us. We should be able to operate in all public clouds.

We have plans to increase usage. We will be using it extensively.

The service was okay. It was an average experience. I would rate them as seven out of 10.

They respond to our needs on time. Technically, they are sound. 

Neutral

We didn't use another solution previously.

We wanted a non-SaaS, in-house solution.

The initial setup was a bit challenging, but that is typical with any big company. It took some discussions and collaborations to get them at par to onboard us.

The deployment took three to four months.

We followed our standard CI/CD process. Defenders were deployed into the cloud through our public cloud deployment channels using CI/CD. In order to accommodate their containers, we had to make some changes

Our management is happy, so I think that they are happy with what they are paying for it.

Prisma Cloud provides risk clarity across the entire pipeline, showing issues as they are resolved. It has expedited our operations, which are definitely better. We have been able to detect things faster and remedy them faster. 

Investigation time has definitely shortened because we now know things immediately. It has generally increased the detection and alerting time.

We also evaluated Aqua Security.

Focus on operationalizing the service. Don't just keep focusing on features, but also how you will deploy the solution and how it will be part of your entire CI/CD pipeline, then how will you manage all the features and the long-term running of this service. This is where you should start your focus. You can only use the features if you are doing a seamless integration, so focus your requirements on running, maintaining, and continuous use of it.

The comprehensiveness of the solution is good for securing the entire cloud-native development lifecycle, across build, deploy, and run. There is room for improvement, but it is better than other solutions. It is somewhere between seven to eight out of 10, in terms of its comprehensiveness. It doesn't affect our operations that much because we have some long-term goals and we are hoping that this solution will also deliver in that time. For the long term future, we made some changes to our design to accommodate these things.

I would rate the solution as eight out of 10.