Veracode and Prisma Cloud by Palo Alto Networks offer competitive pricing and valuable security features. Veracode has mixed reviews on customer support and setup complexity, while Prisma Cloud receives positive feedback in these areas. Veracode emphasizes ROI and comprehensive security testing, while Prisma Cloud focuses on cost savings and compliance automation.
The summary above is based on 283 interviews we conducted recently with Veracode and Prisma Cloud by Palo Alto Networks users. To access the review's full transcripts, download our report.
"PingSafe's integration is smooth. They are highly customer-oriented, and the integration went well for us."
"My favorite feature is Storyline."
"There's real-time threat detection. It can show threats and find issues based on their severity and helps us with real-time monitoring."
"PingSafe offers an intuitive user interface that lets us navigate quickly and easily."
"When creating cloud infrastructure, Cloud Native Security evaluates the cloud security parameters and how they will impact the organization's risk. It lets us know whether our security parameter conforms to international industry standards. It alerts us about anything that increases our risk, so we can address those vulnerabilities and prevent attacks."
"It is scalable, stable, and can detect any threat on a machine. It uses artificial intelligence and can lock down any virus."
"The solution is a good alerting tool."
"Cloud Native Security offers attack path analysis."
"CSPM is very useful because it gives us good policies and violation alerts."
"Prisma Cloud has enabled us to take a very strong preventive approach to cloud security. One of the hardest things with cloud is getting visibility into workloads. With Prisma Cloud, you can go in and get that visibility, then set up policies to alert on risky behavior, e.g., if there are security groups or firewall ports open up. So, it is very helpful in preventing configuration errors in the cloud by having visibility. If there are issues, then you can find them and fix them."
"Prisma Cloud also provides the visibility and control you need, regardless of how complex or distributed your cloud environments become. It helps to simplify that complexity. Now we know what the best practices are, and if something is missing we know."
"It has a feature for customized security policy. I implement it in banking, health insurance, and other sectors, and every organization has its own customized policies and procedures. In Prisma Cloud, you can customize policies, and based on that, you can do monitoring."
"You can also integrate with Amazon Managed Services. You can also get a snapshot in time, whether that's over a 24-hour period, seven days, or a month, to determine what the estate might look like at a certain point in time and generate reports from that for vulnerability management forums."
"Prisma Cloud's monitoring features such as the compute compliance dashboard and the vulnerability dashboard, where we can get a clear visualization of their docker, have also been valuable. We can get layer-by-layer information that helps us see exactly where it's noncompliant. They update the dashboards quite frequently."
"Comprehensive and valuable for providing security. It is scalable, its stability is impressive, and setting it up is straightforward."
"The most valuable feature of Prisma Cloud is WAF (web application firewall)."
"One of the best things they offer is the scalability. The fact that you can work with it through the cloud means that if you have unintegrated business units, you don't have to worry about having a solution on-prem and having the network connection; you don't have to worry about giving up source code, you are just sending your binary files for most of the applications. So it scales much faster."
"With the pipeline scanner, it's easier for developers to scan their products, as they don't have to export anything from their computers. They can do everything with the command line on their computer."
"Vulnerability Management and mitigation recommendations help with resolution of issues found, prior to deployment to production."
"For use cases where our company buys a product with the source code, but only the final executables or the binaries, only Veracode is able to work on that type of tool."
"The coding standards in our development group have improved. From scanning our code we've learned the patterns and techniques to make our code more secure. An example would be SQL injection. We have mitigated all the SQL injection in our applications."
"Veracode is a valuable tool in our secure SDLC process."
"There have been a lot of benefits gained from Veracode. Compared to other tools, Veracode has good flexibility with an easy way to run a scan. We get in-depth details on how to fix things and go through the process. They provide good process documents, community, and consultation for any issues that occur during the use of Veracode."
"It pinpoints the errors. Its accuracy is very interesting. It also elaborates on flaws, meaning it provides you with details about what is valid or not and how something can be fixed."
"There is room for improvement in the current active licensing model for PingSafe."
"After closing an alert in Cloud Native Security, it still shows as unresolved."
"We are getting reports only in a predefined form. I would like to have customized reports so that I can see how many issues are open or closed today or in two weeks."
"We had a glitch in PingSafe where it fed us false positives in the past."
"One of the issues with the product stems from the fact that it clubs different resources under one ticket."
"There is no break-glass account feature. They should implement this as soon as possible because we can't implement SSO without a break-glass feature."
"PingSafe can improve by eliminating 100 percent of the false positives."
"The Automation tab is an add-on that doesn’t work properly. They provide a list of scripts that don’t work and I have asked support to assist but they won’t help. When running on various endpoints the script doesn’t work and if it does, it’s only a couple. There are a lot of useful scripts that would be beneficial to run forensics, event logs, and process lists running on the endpoint."
"The feedback that we have given to the Palo Alto team is that the UI can be improved. When you press the "back" button on your browser from the Investigate tab, the query that you're working on just disappears. It won't keep the query on the "back" button."
"When it comes to protecting the full cloud-native stack, it has the right breadth. They're covering all the topics I would care about, like container, cloud configuration, and serverless. There's one gap. There could be a better set of features around identity management—native AWS—IAM roles, and service account management. The depth in each of those areas varies a little bit. While they may have the breadth, I think there's still work to do in flushing out each of those feature sets."
"Prisma is good about compliance, and their support is excellent, but they struggle with automation and integration. They need to stay on top of the newest types of connectors. How can you connect other applications and other tools in order for this to work cohesively? That's a challenge."
"They can improve the integrations into the SDLC lifecycle."
"The UI could use some improvement; we usually find the information we're looking for, but what fields can be clicked on and what workflow to follow to get the required information is not always evident. Sometimes we're all over the place, clicking around to drill in and uncover the alert and investigation details we're looking for."
"One major observation is that it is not possible to implement Prisma Cloud on-premises. This is the limitation. Prisma Cloud itself is on a cloud. It is sitting on AWS and Google Cloud. It is a SaaS solution, but some of my clients have a local regulatory requirement, and they want to install it locally on their premises. That capability is not there, but government entities and ministries want to have Prisma Cloud installed locally."
"They need to improve the API gateway."
"The regional cost of Prisma Cloud in South Africa is high and could be improved."
"There is also a size limit of 100 MB so we cannot upload files that are larger than that. That could be improved. Also, the duration of the scan is a bit too long."
"Their scanning engine is sometimes a little bit slow. They can improve the scan time."
"Veracode's container scanning could be improved. We containerize all the platforms we use inside a Docker image. For example, we create a Microsoft Docker image that we build our application on top of. I would like Veracode to implement IT scans before we commit the code."
"They could improve how they fix vulnerabilities. They could have more support in place to help the developers."
"From what we have seen of Veracode's SCA offering, it is just average."
"I've found that Veracode is not particularly suitable for Dynamic Application Security Testing."
"It takes a lot of time to scan the applications. They can make them faster and provide an option to scan a specific portion of the app. Such a feature would be very helpful."
"Improving sorting through findings reports to filter by only what is critically relevant will help developers focus on issues."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
More Prisma Cloud by Palo Alto Networks Pricing and Cost Advice →
Prisma Cloud by Palo Alto Networks is ranked 1st in Container Security with 82 reviews while Veracode is ranked 4th in Container Security with 194 reviews. Prisma Cloud by Palo Alto Networks is rated 8.4, while Veracode is rated 8.2. The top reviewer of Prisma Cloud by Palo Alto Networks writes "The dashboard is very user-friendly and can be used to generate custom RQL based on user requirements". On the other hand, the top reviewer of Veracode writes "Helps to reduce false positives and prevent vulnerable code from entering production, but does not support incremental scanning ". Prisma Cloud by Palo Alto Networks is most compared with Wiz, Microsoft Defender for Cloud, Aqua Cloud Security Platform, AWS Security Hub and CrowdStrike Falcon Cloud Security, whereas Veracode is most compared with SonarQube, Checkmarx One, Fortify on Demand, Snyk and Fortify Static Code Analyzer. See our Prisma Cloud by Palo Alto Networks vs. Veracode report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.