Prisma Cloud by Palo Alto Networks Reviews

We use the CSPM (cloud security portion management) product from Palo Alto Networks for our day-to-day activities. We use this product every day, almost 24/7. I am a cloud security engineer in my organization, and I use this product to identify misconfigurations from the account level. We use AWS accounts in our organization. We have more than 150 accounts in our organization, and we get support from this product to identify the misconfiguration among all those cloud accounts.

Along with misconfiguration, we use it to generate custom RQL based on our requirements in our day-to-day activities. We use the solution for user access and onboarding Defender into our product to identify the vulnerabilities in our cloud environments. We see if the instances are publicly enabled or encrypted. 

It also helps us to check if some changes have to be done on load balancers ELB 1 or ELB 2 in our environment.

Almost from the product level, with all the cloud accounts, 1,600 global policies and 1,200 AWS-related policies are provided. We used to customize based on compliance and integrate it with Jira. Using Jira, we inform the end users about the misconfigurations in day-to-day activities. Finally, we'll try to get the solution for the alerts generated by the tool.

The solution's dashboard looks very user-friendly. The misconfigurations alert tab also looks good. The solution has both positives and negatives, but this product is the best compared to other solutions. According to our requirements, we can very easily identify the solutions based on cloud accounts, single accounts, or multiple accounts. The graphical way JSON was recently launched is very good to get the proper exact RQL based on the requirement.

Prisma Cloud is the amalgamation of multiple products. The main component was acquired from Twistlock. The main use case is to perform cloud security posture assessments of your cloud workload. You can connect multiple cloud providers to Prisma Cloud and review the security configurations.

The two Prisma modules I use are cloud security posture management and cloud workload protection. The compute part of Prisma Cloud Cloud can also be deployed on-prem. It's mainly for an on-premise environment. You can deploy a standalone host to protect or review the configurations if you have a Kubernetes Docker host.

I work for a system integrator, so I deploy these solutions to customers, but I don't typically operate them. Clients are looking for visibility into their multi-cloud environment. When you have an environment distributed across AWS, Azure, etc., controlling all the cloud environments from different consoles is difficult. 

Prisma Cloud gives you one console to see all of your assets, review their configurations, and build your processes. If you have a development team or your organization is developing a product, you can use Prisma Cloud to secure the product development lifecycle. You can integrate Prisma Cloud with your CICD pipelines to scan the containers and ensure they aren't vulnerable to any known CVEs.

It's a single pane of glass that covers all aspects of your cloud environment. It also provides your DevSecOps or DevOps teams with an excellent tool. Prisma Cloud is a collection of acquisitions, so you have multiple products within one tool. 

None of the solutions that promise to reduce alerts have done that, but Prisma Cloud gives you meaningful alerts. In rare cases, I've experienced alert fatigue or some false positives. It identifies guaranteed alerts. I can prioritize alerts based on several factors. If you have a resource on the cloud that has given vulnerability, it will check to see if the resource is exposed to the Internet and prioritize it accordingly. 

Primarily, we are attempting to secure our public cloud security posture through compliance and vulnerability scanning.

Overall, the solution is effective for helping us take a preventative approach to cloud security. We have managed to remediate thousands of high impact misconfigurations or vulnerabilities that have been detected by the tool.

It is how we are securing access to these public facing resources, i.e., how we are locking down S3 buckets, RDP to EC2 instances, or other administrative access that might otherwise allow easy compromise. The value to the business is simply just securing these cloud assets in alignment with security policies and best practices that we have defined.

The comprehensiveness of the solution is good for securing the entire cloud-native development lifecycle, across build, deploy, and run. We are exclusively an Azure DevOps shop. Thus, we are well-aligned with the capabilities that Prisma offers. Its ability to participate in and integrate with the DevOps lifecycle has been very good for us.

Prisma Cloud has enabled us to integrate security into our CI/CD pipeline and add touchpoints into existing DevOps processes. We are integrated in a handful of CI/CD pipelines at the moment. These touchpoints are fairly seamless in our DevOps processes. We are performing the scan and failing builds automatically without developer involvement, but we use the Visual Studio plugin. Therefore, developers can self-service scan their work prior to the build process. It is both seamless and on-demand for the people who choose to use it.

The integration of security into our CI/CD pipeline has affected collaboration and trust between our DevOps and SecOps teams has improved, though there is some diplomacy that has to occur there. The way that it's improved: We approached vulnerability management and cloud security posture with these teams historically by presenting them a list of findings, like a laundry list of things they need to go fix. These teams aren't staffed for moving backwards and fixing old problems, so we established a process for working with them that starts with securing net new development. We can do that without much of an ask, in terms of their time, by having these integrations into their CI/CD pipeline along with self-service scanning tools. So, we have the capability of securing new development while they are completing the lengthy task of reviewing and remediating existing deployments.

The solution provides risk clarity at runtime and across the entire pipeline, showing issues as they are discovered during the build phases. We are applying the same secure configuration baseline scans in the pipeline that we're doing for the deployed assets. Most of the time, our developers can correct these issues.

I am using Prisma Cloud CSPM. It is a business as well as an enterprise license. We have the licenses for data security and host security for particular tenants. We have IAM, Code to Cloud, CI/CD pipelines, and scanning of code. These models are activated.

We are getting alerts and vulnerabilities for cloud asset misconfiguration and identity access management. We are using Prisma Cloud to find out these vulnerabilities and remediate them manually and automatically.

We have a multi-cloud environment. We have on boarded multiple client clouds. The data is on the AWS, Azure, Oracle, and Google clouds. All the organization-level accounts or individual accounts are onboarded into Prisma Cloud. Instead of using cloud-native CSPM solutions such as Security Hub for AWS, Security Command Center for GCP, and Microsoft Defender for Azure, we have integrated all cloud accounts with Prisma Cloud. So, centrally, we can manage and monitor all the vulnerabilities, misconfigurations, and cloud environments. We have all the logs. It may be the audit log. It may be the virtual network log, network flow log, firewall log, or any cloud trail log.

We can monitor all the cloud assets and cloud resources. For example, if a user has wildcard permission or is a power user but only requires read-only access, Prisma Cloud lets us know. It recommends the access that needs to be given to the user. We can create custom policies according to the customer usage over the last 90 days.

If some users and service accounts have access keys that are not rotated in 90 days, Prisma Cloud alerts us that a key has expired or not rotated in 90 days. We then manually rotate the keys and update them in the cloud environment. Prisma Cloud provides best practices for insider threats and external security exposure.

If a VM or S3 bucket is publicly exposed, Prisma Cloud alerts us about it. It also suggests a way to fix the issue. It provides remediation and also provides information about the severity. The recommendations are given based on best practices and ISO standards, and we can then remediate those alerts.

Prisma Cloud provides security spanning multi- and hybrid-cloud environments. They are also launching Prisma for MSPs. It is in progress and not yet officially launched. That will help with the next-generation cloud security.

Prisma Cloud continuously scans the cloud assets we have, such as virtual machines, S3 buckets, IAM configurations, CloudTrail logs, and VPC flow logs. It continuously scans and generates alerts. There is also a feature for the outbound integration with Splunk, Teams, or Slack so that you can get alerts in these solutions.

The remediation team takes action on generated alerts. The recommendations that it gives speed up the remediation. We can remediate issues or threats before they spread in the cloud environment.

It has a lot of features. It has different modules for application security, cloud security, DSP, etc. There are different versions. Prisma Cloud provides overall network security, application data security, and customer data security. If a customer has a Palo Alto firewall installed on their on-premise data centers, its logs can be integrated into Prisma Cloud. From the cloud infrastructure perspective and the network infrastructure perspective, Prisma Cloud helps to improve the overall security posture. It is very helpful.

Because of Prisma Cloud, we have reduced asset misconfiguration within the asset inventory. We have also reduced the risk and improved governance and compliance. We get proper alerts and recommendations to improve the security posture. It also helps from the application security perspective.

Its benefits can be realized very quickly. Once a cloud account or a cloud environment is integrated with Prisma Cloud, it takes seven to eight hours for Prisma Cloud to scan it. After the logs are ingested into Prisma Cloud, it assesses misconfigurations and generates alerts.

From the operations perspective, it is good. The console availability is there. They notify us about any upgrades and maintenance. For any data or logs being ingested, it creates alerts and provides the recommendation.

It categorizes the risks based on their severity. We are confident about our security and compliance postures. We can create our own compliance rules or follow the compliance standards applicable to an industry such as HIPAA, SOC2, etc. It is a good feature.

It is comprehensive. It can scan all cloud assets. It can scan Docker images, so image scanning is there. Infrastructure As Code scanning is there. Agent-based scanning is there. Container security is there. We can scan these and find out the vulnerabilities. Prisma Cloud supports application security and container security.

It reduces the remediation time. The critical alerts that we get also provide the remediation steps. We can remediate an issue in five to ten minutes.

They have data security posture management. We can apply the data loss prevention policies to S3 buckets or the data assets we have in the cloud. It is a good tool for securing our sensitive information.

Prisma Cloud is more cost-effective than cloud-native tools. We can remediate the multi-cloud environment and improve the overall cloud security through this single tool. As compared to the other solutions, Prisma Cloud is good. There is runtime protection, container security, and other things for multi-cloud environments.

There are three pieces to our use case. For the container piece, which used to be Twistlock, we use static scan to scan our artifact repositories and we use that data to remediate issues and provide it back to developers. We also do runtime monitoring on our orchestrators, which are primarily Kubernetes, but some DC/OS as well. Right now, it's all on-premises, although we'll be moving that to the cloud in the future. 

And we use what used to be RedLock, before it was incorporated into the solution.

Prisma Cloud has definitely enabled us to integrate security into our CI/CD pipeline and add touchpoints into existing DevOps processes for container. In the container those touchpoints are pretty seamless. We've been able to implement security control gates and automate notifications back to teams of vulnerabilities in the container orchestrator. It all works pretty smoothly, but it required a fair amount of work on our part to make that happen. But we did not run into limitations of the tool. It enabled us pretty well. The one part where we have a little bit of a gap that most of those are at deployment time. We haven't shifted all those controls back to the team level at build time yet. And we haven't really tackled the cloud space in the same way yet. 

I'm not sure we have SecOps in the container space exactly in the same way we do in other DevOps. We shifted a lot of the security responsibility into the development teams and into the Ops teams themselves. There's less of a separation. But overall, the solution has increased collaboration because of data visibility.

It also does pretty well at providing risk clarity at runtime, and across the entire pipeline, showing issues as they are discovered during the build phases. It does a good job in terms of the speed of detection, and you can look at it in terms of CVSS score or an arbitrary term for severity level. Our developers are able to correct the issues.

We are clearly better off in that we have visibility, where there was a gap before. We know where our container vulnerabilities and misconfigurations are, and even on the cloud side, where cloud misconfigurations are happening. That visibility is a huge benefit. 

The other part is actually using that data to reduce risk and that's happened really well on the container side. On the cloud side, there's still room to grow, but that's not an issue with Prisma Cloud itself. These tools are only a part of the equation. It takes a lot of organizational work and culture and prioritization to address the output of these tools, and that takes time.

We use Prisma Cloud primarily for clients with a multi-cloud environment who require all these posture checks to be done uniformly from a single pane of glass to ensure they are in compliance. They have regulatory policies that require integration with the SIEM to generate alerts and reports. That's the primary use case for a CSPM solution. For cloud workload protection, we need vulnerability management, runtime defense, as well as image, container,  and registry scanning.

In terms of modules, we started with Redlock, the cloud security posture management component, and followed with Twistlock for cloud workload protection. Lately, I've been using Aporeto for identity-based micro-segmentation and BridgeCrew for cloud security.

Identity-based micro-segmentation allows you to create microparameters across workloads on the cloud and on-premises. You can enforce a pure wireless model through whitelisting flows in various workloads. Cloud security is primarily for core security, including SaaS and PaaS tools for scanning container images and core infrastructure. We have Terraforms, which we need to scan if we forget to remove any passwords or if there is some consideration drift between what you've configured in the IaC and what has materialized into the cloud infrastructure. 

I don't think we have had more than four or five admins for any project. We provide read-only access to the monitoring guys and custom authentication authorization privileges to a couple of users. The number of authorized users varies from plan to plan. Lots of people don't need to have access to the solution. 

Prisma Cloud helped us with compliance. Most of my deployments have been greenfield, so I don't have a benchmark to compare how the security posture has improved. I've always used this from day zero of the configuration. However, I can say that the compliance checks for PCI, DSS, HIPAA, etc., made my life simpler. I don't need to look at each of these standards and compare the rules I have in place.

It also enabled us to adopt a preventative approach to security. It gives us an option to monitor and remediate, so I don't think there is any challenge. If we see something going wrong, the solution offers a way to implement preventative controls. 

You can incorporate Prisma into DevSecOps and put it into any of the pipelines, like Jenkins and Azure DevOps. I don't think there are any challenges. You have all the ready-made plugins on these CI/CD tools, so you don't need to do or write a custom script plugin or anything. It's already available. It takes care of your end-to-end security from build to deployment and runs.

The cloud workload protection module Twistlock has ready-made plugins. Still, I don't think there was a plunging for identity-based micro-segmentation sites in the past, so we had to build a pipeline manually, I think they released a plugin for IBMS, but I never worked on it.

Prisma provides a single pane of glass for all our cloud resources to control all these different functionalities from various menus. It also helps us assess risk at runtime and throughout the whole pipeline. I have never compared Prisma with other tools, like Qualys or Tenable, so I cannot say which gives better results regarding runtime. However, I get a lot of actionable insights and suggestions from the tool about the next steps to follow.

The solution provides excellent security coverage of multi-cloud and hybrid environments. Without it, I would need to create a manual playbook for each cloud. There is a lot to maintain for each cloud, and you can't monitor from a single pane of glass. That's an administrative nightmare because you can't pull compatible reports. If I identify some compliance issues on AWS, I don't have a similar set of parameters to compare those for Google Cloud or Microsoft Azure. I definitely need this for a multi-cloud environment. 

I can get a relatively good amount of end-to-end security within the cloud. All these pieces fit together to address all my cloud needs. Of course, I don't think any vendors target security within the microservices, analytics, or data warehouse. I'm unsure because I haven't done it, but I don't think anything is missing.

It gives developers the tools they need to correct issues so they do not have to write their own scripts. Sometimes, I need an administrator to work with these developers, so it's not fully automated. Maybe I didn't find the best way to do it. Perhaps I need to find a linter or something, but there were many instances where I needed to involve someone to work with the developer. I don't think we are doing everything from the developer's end. 

Prisma also substantially reduced alert investigation times because we previously did everything by hand. We used to scan it manually, so it depended on the periodicity of scans. Earlier, we used to run scans for a couple of customers about every 15 days, and then we did the remediation. Now, all these scans run every minute or 15 minutes, so it's faster.  

The main use case was identification of cloud security compliance and detection of misconfigurations (including user and service principal identity and permissions) across multi-cloud environment. Secondary use case was development of custom policies based on internal security requirements of the banking client.

For the Financial Services client, I mainly used the CSPM and Cloud Infrastructure Entitlement Management (CIEM) modules. Code Security module was integrated to a limited extent, as part of CI/CD pipeline to enable Infrastructure as Code scanning before deployment. The primary cloud platforms of this client were AWS and Azure (limited cloud presence).

I also used Prisma Cloud for a PoC for another client of mine who used Azure and Oracle cloud platforms. The evaluation included different capability set as well: in addition to CSPM, CIEM, the Cloud Workload Protection Platform (CWPP) module capabilties were evaluated.

Prisma Cloud provides security spanning multi-cloud environments. I have used the it for securing AWS, Azure, and Oracle Cloud environments.

Main Benefit: 

Increased visibility across multiple cloud platforms is the main benefit. Before implementing Prisma Cloud, cloud-native solutions were available, however they did not show all of the problems that were present. The main benefit of implementing Prisma Cloud was the increased visibility into cloud permissions of users, roles and their usage in AWS. Prisma Cloud enabled that visibility and enabled the teams to see misconfigurations that were present in the cloud environment and start addressing them.

In addition to the identity part, Prisma Cloud provided some foundational visibility into the cloud workload misconfigurations. While a lot of false positives were identified, after the initial alert triage, the result was a lot of valuable insights to various misconfigurations.

Threat Detection: 

In regards to threat detection, for the other client where I carried out the PoC, I have done some testing after onboarding the Cloud Workload Protection module. Malware samples, EICAR files were uploaded to the test environment, and Prisma Cloud detected all of it.

Compliance Monitoring:

During the PoC for one of the clients, I have used cloud compliance monitoring of Prisma Cloud CSPM as well as CWPP modules, and found some discrepancies between the two. Some built-in compliance frameworks are available for the CSPM module, however not available in CWPP module. Cloud compliance monitoring and reporting can be done, however, there were discrepancies on what built-in compliance policies and frameworks are available in different modules. Custom security and compliance policies can be created and were used extensively in the Financial Services customer's project.

Hybrid Environments:

In regards to hybrid environments, I have only used it for Kubernetes deployment during the PoC. Kubernetes can be hosted on-premises or used as a managed service offered by any of the major cloud providers. I suppose that covers the hybrid use case. I have not used agent-based installations on anything other than Azure Kubernetes Service (AKS). In my experience, this part is where Prisma Cloud stands out from the competitors. It demonstrated easy onboarding as well as comprehensive visualisation of Kubernetes workloads running on the cluster, vulnerability and malware detection capabilties.

Features That Require Client's Time Investment:

The initial "alert burndown", as Palo Alto Networks themselves call it. The alert triage and policy tuning phase where the security team goes in, reviews the initial findings, updates the policies and/or creates custom ones, and disables some of the policies that are not relevant so that internal teams are not overloaded. That has required a significant amount of time invested. For the Financial Services customer, Code Security module has also been deployed (Checkov integration into the CI/CD pipeline). It took a lot of time to tune Code Security policies, because it performs static analysis of Infrastructure as Code files. It can produce a lot of false positives, especially in cases where Terraform modules are used in the infrastructure code. 

We utilize the entire Prisma Cloud suite for container security, API security, and CASB. Our primary focus is on the financial services industry, including banking and insurance.

We implemented Prisma Cloud mostly for compliance to protect against vulnerabilities and weaknesses.

Prisma Cloud's compliance is extremely important to our customers.

Prisma Cloud offers comprehensive security across multi-cloud environments. This is crucial due to the increasing trend of cloud adoption and digital migration. However, some clients still maintain a hybrid footprint across various platforms like Azure, AWS, and Google Cloud. To address this, Prisma Cloud's technology extends to secure hybrid environments effectively. Its coverage goes beyond traditional one-size-fits-all solutions and encompasses both public and private cloud infrastructures.

It offers approximately 80 percent coverage for securing the entire cloud-native stack. While they boast a robust "shift left" component through their API, other products in this space are equally competitive. However, if seeking a single solution that addresses the majority of our needs, Prisma Cloud presents a strong option, especially considering the diverse technologies within our cloud footprint. Additionally, if we choose to standardize Palo Alto across our entire infrastructure, Prisma Cloud integrates seamlessly with other modules within their ecosystem. While not claiming to be the best-of-breed solution in every aspect, Prisma Cloud consistently ranks highly in Gartner reports for most of its functionalities, providing a solid foundation for technology consolidation.

It is a leading full automation product. Their SOAR technologies offer a vast array of integrations, all well-designed and ready to use out of the box. This suggests their overall automation capabilities are indeed top-notch.

Prisma Cloud excels in its field. I believe their solution covers detection and prevention in a world-leading manner. They largely deliver on their promises, demonstrating reliable performance. Additionally, they offer excellent support resources, including comprehensive online documentation, training programs, and a robust learning management system. Their onboarding and development programs are also commendable, providing users with the resources and support they need to succeed.

Our customers' organizations are enhanced because Prisma Cloud improves their compliance posture, particularly for those with SOC teams. It provides valuable insights and seamless integration, offering peace of mind that all security bases are covered.

Although the benefits of Prisma Cloud can be observed within three to six months after deployment, this timeframe may be extended for mature clients who prioritize rapid deployment. It is during the post-deployment phase, which typically lasts three to six months, that the full range of benefits becomes apparent.

Prisma Cloud does a good enough job of consolidating technology for our customers.

It integrates seamlessly with other Palo Alto products and provides one tool to protect all cloud resources.

Prisma Cloud helps provide clarity across our entire pipeline.

Prisma Cloud helps reduce runtime alerts by 50 percent and reduces investigation time for our customers by 40 to 50 percent. There is much less lifting for the operations team.