Check Point CloudGuard CNAPP vs Prisma Cloud by Palo Alto Networks comparison

Check Point CloudGuard CNAPP vs. Prisma Cloud by Palo Alto Networks

Download the complete report

Helped 815,129 peers since 2012

Categories and Ranking

SentinelOne Singularity Clo...

Featured Reviews

Andrew W

VP - Information Technology at a financial services firm with 201-500 employees

Aug 29, 2024

Tells us about vulnerabilities as well as their impact and helps to focus on real issues

Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.

Read full review

Yokesh Mani

Deputy Manager at Computer Age Management Services Pvt. Ltd.

Jan 23, 2024

Easy to write custom rules and policies in the UI with limited coding knowledge

The user interface could be improved. Sometimes, the visibility is not immediately available for the environment. We have the native servers that come with the solutions, but we cannot see them in the Check Point log. Another issue is with the integrated file monitoring. It would make sense to have stuff like file integrity monitoring and malware scanning available within this module because we don't want to integrate another product. For example, let's say it's showing a process violation. It should be able to do some additional malware scanning in that particular bucket to get some additional information. I don't want to integrate with another third-party tool or go to the native server to check something. It would be helpful to have integrated monitoring and malware scanning for the file types. There are a few flaws with the security management portal where I have limited visibility into the workload protection features. There is no error visibility where I can see the communication and workflow between services. Some of the dashboards need to be fine-tuned if they are not customized. For example, I cannot customize anything on the effective risk management dashboard. Some of the information is not correct for my tenant. With respect to passwords and user management, there are no policies I can measure at the user level. If the user was created more than six months ago, you don't need to worry about that password or do anything like two-factor authentication associated with that user. They can still log in after six months or one year. It's also a challenge to use CloudGuard's agentless workload posture with AWS. An Azure storage is summed up with a CNAPP encryption by default. We tried onboarding this data, but the problem is the attachment is not done. After a few days, we identified that it was impossible to do the encryption detection. But CloudGuard's default rules say that this has to be encrypted. The AWS module says that we cannot access this volume with this encryption, so we cannot use an agentless workload posture with AWS because of this. It is a best practice to ensure that all the volumes are being encrypted. Without the encryption, how can I do this? It is a big challenge for CloudGuard.

Read full review

Mohammad Qaw

Senior Security Consultant at helpag

Aug 20, 2024

It gives you one console to see all of your assets, review their configurations, and build your processes

Most customers use Prisma Cloud for visibility and compliance. Prisma has so many features, but many organizations do not use them. They primarily use the visibility part to connect all their cloud accounts and hosts for visibility to see if they are missing any security controls or if they have any misconfigurations. You can connect it to cloud environments such as Azure, AWS, Oracle Cloud, Alibaba, etc., or to an on-prem data center. Prisma Cloud gives you so many options to automate processes related to your daily operations. When it comes to cybersecurity, you can automate things with their existing APIs. They also have out-of-the-box integrations with many solutions. I have not seen any limitations. Everything is customizable. You can do whatever you want, defining the reporting and custom use cases. They recently updated the UI, so it's much better than before.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"PingSafe can integrate all your cloud accounts and resources you create in the AWS account, We have set it up to scan the AWS transfer services, EC2, security groups, and GitHub."

"It saves time, makes your environment more secure, and improves compliance. PingSafe helps with audits, ensuring that you are following best practices for cloud security. You don't need to be an expert to use it and improve your security."

"As a frequently audited company, we value PingSafe's compliance monitoring features. They give us a report with a compliance score for how well we meet certain regulatory standards, like HIPAA. We can show our compliance as a percentage. It's also a way to show that we are serious about security."

"There's real-time threat detection. It can show threats and find issues based on their severity and helps us with real-time monitoring."

"The visibility is the best part of the solution."

"With PingSafe, it's easy to onboard new accounts."

"Singularity Cloud Native Security provides us with a platform to scan instances when they are getting created, and the dashboard helps us to identify the critical issues."

"The most valuable feature of PingSafe is its integration with most of our technology stack, specifically all of our cloud platforms and ticketing software."

More SentinelOne Singularity Cloud Security pros

"The identification of misconfigurations, maintenance of compliance in a centralized way, and visibility across all the multi-cloud tenants are the key functionalities."

"It presents great visibility of the traffic flow of our cloud, providing information on what data and users are circulating and in the event of a threat, it immediately identifies them by providing detailed and granular information from our entire environment."

"The feature that I find most valuable is the blocking feature."

"Alerts of cloud activity happening across all accounts is helpful."

"The most valuable feature of Check Point CloudGuard Posture Management is the training."

"The platform's full visibility and control across many cloud environments allows us to effectively monitor the security posture, uncover vulnerabilities, and consistently enforce security standards."

"This solution helps to keep everything visible, and it also alerts us if something is wrong, such as if someone opened extra ports or services that they are not supposed to. This is a valuable tool for monitoring and maintaining our cloud environment."

"This solution has saved the company from unnecessary data loss that occurs due to cyber attacks."

More Check Point CloudGuard CNAPP pros

"We are provided with a single tool to protect all of our cloud resources and applications without having to manage and reconcile compliance reports."

"The application visibility is amazing. For example, sometimes we don't know what a particular custom port is for and what is running on it. The visibility enables us to identify applications, what the protocol is, and what service is behind it. Within Azure, it is doing a great job of providing visibility. We know exactly what is passing through our network. If there is an issue of any sort we are able to quickly detect it and fix the problem."

"The visibility on alerts helps you investigate more easily and see details faster."

"Prisma Cloud also provides the visibility and control you need, regardless of how complex or distributed your cloud environments become. It helps to simplify that complexity. Now we know what the best practices are, and if something is missing we know."

"It provides good visibility and control regardless of the complexity."

"Prisma was extremely comprehensive. It's easy to drill down to gather more information and keep going. It seemed like you could drill down forever to see what the vulnerability was linked to."

"My favorite feature is the CWPP module. We can define various kinds of rules for vulnerabilities, incidents, or suspicious activities."

"Prisma Cloud's most important feature is its auto-remediation."

More Prisma Cloud by Palo Alto Networks pros

Cons

"PingSafe can improve by eliminating 100 percent of the false positives."

"I used to work on AWS. At times, I would generate a normal bug in my system, and then I would check PingSafe. The alert used to come after about three and a half hours. It used to take that long to generate the alert about the vulnerability in my system. If a hacker attacks a system and PingSafe takes three to four hours to generate an alert, it will not be beneficial for the company. It would be helpful if we get the alert in five to ten minutes."

"I would like additional integrations."

"In some cases, the rules are strictly enforced but do not align with real-world use cases."

"The Infrastructure as Code service available in PingSafe and the services available in AWS cloud security can be merged so that we can get the security data directly from AWS cloud in PingSafe. This way, all the data related to security will be in one single place. Currently, we have to check a couple of things on PingSafe, and we have to validate that same data on the AWS Cloud to be sure. If they can collaborate like that, it will be great."

"Whenever I view the processes and the process aspect, it takes a long time to load."

"When you find a vulnerability and resolve it, the same issue will not occur again. I want PingSafe to block the same vulnerability from appearing again. I want something like a playbook where the steps that we take to resolve an issue are repeated when that issue happens again."

"Maybe container runtime security could be improved."

More SentinelOne Singularity Cloud Security cons

"The costs are really high if you want the entire capabilities of the platform."

"The entire system is complicated, and the setup process may not cater to the company's demands."

"CloudGuard CNAPP could be enhanced by increasing the number of components that run natively on Azure."

"The tool should incorporate more use cases like improving security scores. It should also improve documentation."

"Automation and advanced threat prevention have room for improvement."

"When rules change, it messes up the remediation. They haven't found a fix for that yet. The remediation rule goes into limbo. It's an architectural design flaw within their end compliance engine—a serious bug."

"We were demotivated by the lack of native automation modules for the Terraform and Ansible tools."

"The price of this solution should be reduced so that it is more affordable to scale."

More Check Point CloudGuard CNAPP cons

"When there are updates, whether daily, weekly, or monthly, it needs configuration or permission adjustments. There is no automation for that, which is too bad."

"More documentation with real-world use cases would be helpful."

"This solution is more AWS and Azure-centric. It needs to be more specific on the GCP side, which they are working on."

"They charge seven workloads for monitoring one compute, and that is quite expensive. This makes it difficult to move fully with the compute part because of the workload."

"I would like to see the inclusion of automated counter-attack, although this is probably illegal."

"Some module customization might be needed and certain features like adding custom labels are currently unavailable unless we have administrator access."

"Sometimes, on the Azure side, there are issues. Some errors aren't being found on Prisma Cloud."

"Currently, custom reports are available, but I feel that those reports are targeting just the L1 or L2 engineers because they are very verbose. So, for every alert, there is a proper description, but as a security posture management portal, Prisma Cloud should give me a dashboard that I can present to my stakeholders, such as CSO, CRO, or CTO. It should be at a little bit higher level. They should definitely put effort into reporting because the reporting does not reflect the requirements of a dashboard for your stakeholders. There are a couple of things that are present on the portal, but we don't have the option to customize dashboards or widgets. There are a limited set of widgets, and those widgets don't add value from the perspective of a security team or any professional who is above L1 or L2 level. Because of this, the reach of Prisma Cloud in an organization or the access to Prisma Cloud will be limited only to L1 and L2 engineers. This is something that their development team should look into."

More Prisma Cloud by Palo Alto Networks cons

Pricing and Cost Advice

"I am not involved in the pricing, but it is cost-effective."

"PingSafe's pricing is good because it provides us with a solution."

"As a partner, we receive a discount on the licenses."

"For pricing, it currently seems to be in line with market rates."

"It is not that expensive. There are some tools that are double the cost of PingSafe. It is good on the pricing side."

"PingSafe's primary advantage is its ability to consolidate multiple tools into a single user interface, but, beyond this convenience, it may not offer significant additional benefits to justify its price."

"The pricing for PingSafe in India was more reasonable than other competitors."

"Its pricing is constant. It has been constant over the previous year, so I am happy with it. However, price distribution can be better explained. That is the only area I am worried about. Otherwise, the pricing is very reasonable."

More SentinelOne Singularity Cloud Security pricing and cost advice

"The license for CloudGuard Posture Management is about $80 a year, and it's based on your cloud footprint, not the number of users. So you could have a million users, and it doesn't matter."

"The licensing and costs are straightforward, as they have a baseline of 100 workloads (number of instances) within one license with no additional nor hidden charges. If you want to have 200 workloads under Dome9, then you need to take out two licenses for that. Also, it does not have any impact on cloud billing, as data is shared using the API call. This is well within the limit of free API calls provided by the cloud provider."

"Right now, we have licenses on 500 machines, and they are not cheap."

"Check Point CloudGuard Posture Management is always known as a good solution but an expensive one. When you're using Cisco, Check Point, or Palo Alto, you know that you will pay more, but you know that it will work."

"Everything in this field is very expensive."

"It is a very straightforward licensing model that is based on the number of assets you are discovering and managing with the solution."

"The pricing is tremendous and super cheap. It is shockingly cheap for what you get out of it. I am happy with that. I hope that doesn't get reported back and they increase the prices. I love the pricing and the licensing makes sense. It is just assets: The more stuff that you have, the more you pay."

"I would advise taking into account the existing number of devices and add a forecast of the number of devices to be added in the coming year or two, to obtain better pricing."

More Check Point CloudGuard CNAPP pricing and cost advice

"Its price is reasonable as compared to other products. The main challenge is explaining the licensing model to customers. It isn't a problem related to Palo Alto. Commonly, people don't understand cloud licensing or security licensing. When they have fixed virtual machines, they know what they are going to be charged, but when it comes to cloud automation, it is hard for them to get clarity in case of high workloads or when they have enabled auto-scaling, etc. It would be helpful if Palo Alto can educate people on their licensing programs."

"It is fairly priced. However, its price can be better so that small banks or small organizations can afford it and adopt it to secure their environment and data."

"The product is very expensive, but the cost is a necessary evil; I don't know how we could have any kind of cloud presence without this type of monitoring. The pricing is calculated by module and resource usage. Ultimately, it saves us money in the amount of time we would spend uncovering what it uncovers, and we might not make the required discoveries without it anyway. Prisma offers incredible value, though I wish it were cheaper."

"The pricing is good. They gave us some good discounts right at the end of the year based on the value that it brings, visibility, and the ability to build in cloud, compliance, and security within one dashboard."

"Prisma Cloud is remarkably expensive."

"We are encountering some resistance in the African market regarding the cost of Prisma Cloud."

"If a competitor came along and said, "We'll give you half the price," that doesn't necessarily mean that's the right answer, at all. We wouldn't necessarily entertain it that way. Does it do what we need it to do? Does it work with the things that we want it to work with? That is the important part for us. Pricing wasn't the big consideration it might be in some organizations. We spend millions on public cloud. In that context, it would not make sense to worry about the small price differences that you get between the products."

"One thing we're very pleased about is how the licensing model for Prisma is based on work resources. You buy a certain amount of work resources and then, as they enable new capabilities within Prisma, it just takes those work resource units and applies them to new features. This enables us to test and use the new features without having to go back and ask for and procure a whole new product, which could require going through weeks, and maybe months, of a procurement process."

More Prisma Cloud by Palo Alto Networks pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Cloud Security Posture Management (CSPM) solutions are best for your needs.

See recommendations

815,129 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

19%

Financial Services Firm

16%

Manufacturing Company

10%

Insurance Company

Financial Services Firm

15%

Computer Software Company

14%

Manufacturing Company

Security Firm

Educational Organization

17%

Financial Services Firm

13%

Computer Software Company

13%

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about PingSafe?

The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...

What is your experience regarding pricing and costs for PingSafe?

I am personally not taking care of the pricing part, but when we moved from CrowdStrike to Singularity Cloud Native S...

What needs improvement with PingSafe?

They can provide some kind of alert when a new type of risk is there. There can be a specific type of alert showing t...

What do you like most about Check Point CloudGuard Posture Management?

The visibility in our cloud environment is the most valuable feature.

What is your experience regarding pricing and costs for Check Point CloudGuard Posture Management?

The price is on the higher end.

What needs improvement with Check Point CloudGuard Posture Management?

We have concerns regarding the pricing and would appreciate seeing some improvements.

What is your primary use case for Prisma Cloud by Palo Alto Networks ?

Prisma Cloud helps support DevSecOps methodologies, making those responsibilities easier to manage.

What Cloud-Native Application Protection Platform do you recommend?

We like Prisma Cloud by Palo Alto Networks, since it offers us incredible visibility into our entire cloud system. We...

What do you think of Aqua Security vs Prisma Cloud?

Aqua Security is easy to use and very manageable. Its main focus is on Kubernetes and Docker. Security is a very valu...

Wiz vs SentinelOne Singularity Cloud Security

Comparisons

Compared 32% of the time

AWS GuardDuty vs SentinelOne Singularity Cloud Security

Compared 8% of the time

Orca Security vs SentinelOne Singularity Cloud Security

Compared 7% of the time

Microsoft Defender for Cloud vs SentinelOne Singularity Cloud Security

Compared 5% of the time

Deepfence ThreatMapper vs SentinelOne Singularity Cloud Security

Compared 2% of the time

More SentinelOne Singularity Cloud Security Competitors

Wiz vs Check Point CloudGuard CNAPP

Compared 19% of the time

Microsoft Defender for Cloud vs Check Point CloudGuard CNAPP

Compared 10% of the time

AWS GuardDuty vs Check Point CloudGuard CNAPP

Compared 10% of the time

Cloudflare vs Check Point CloudGuard CNAPP

Compared 4% of the time

Microsoft Defender for Cloud Apps vs Check Point CloudGuard CNAPP

Compared 2% of the time

More Check Point CloudGuard CNAPP Competitors

Wiz vs Prisma Cloud by Palo Alto Networks

Compared 21% of the time

Microsoft Defender for Cloud vs Prisma Cloud by Palo Alto Networks

Compared 13% of the time

CrowdStrike Falcon Cloud Security vs Prisma Cloud by Palo Alto Networks

Compared 5% of the time

Aqua Cloud Security Platform vs Prisma Cloud by Palo Alto Networks

Compared 5% of the time

JFrog Xray vs Prisma Cloud by Palo Alto Networks

Compared 2% of the time

More Prisma Cloud by Palo Alto Networks Competitors

Product Reports

SentinelOne Singularity Cloud Security

Download SentinelOne Singularity Cloud Security product report

SentinelOne Singularity Cloud Security report

Check Point CloudGuard CNAPP

November 2024

Download Check Point CloudGuard CNAPP product report

Prisma Cloud by Palo Alto Networks

Download Prisma Cloud by Palo Alto Networks product report

Prisma Cloud by Palo Alto Networks report

Also Known As

PingSafe

Check Point CloudGuard Posture Management, Dome9, Check Point CloudGuard Workload Protection, Check Point CloudGuard Intelligence

Palo Alto Networks Prisma Cloud, Prisma Public Cloud, RedLock Cloud 360, RedLock, Twistlock, Aporeto

Learn More

SentinelOne

Check Point Software Technologies

Palo Alto Networks

Overview

SentinelOne Singularity Cloud Security protects cloud workloads, offering advanced threat detection and automated response. It integrates seamlessly with cloud environments and secures containerized applications and virtual machines against vulnerabilities.

SentinelOne Singularity Cloud Security is renowned for its efficiency in mitigating threats in real-time. The platform integrates effortlessly with existing cloud environments, ensuring robust cloud security management with minimal manual intervention. Securing containerized applications and virtual machines, it excels in threat intelligence and endpoint protection. However, improvements are needed in performance during high workload periods, and more integrations with third-party tools and better documentation would be beneficial. Users often find the installation process complex, support response times slow, and the dashboard's navigation unintuitive.

What are the key features of SentinelOne Singularity Cloud Security?

Real-time Threat Detection: Identifies and mitigates threats as they occur.
Automated Response: Automatically responds to threats to minimize impact.
Ease of Deployment: Simple setup process with scalable options.
Machine Learning Insights: AI-driven insights enhance threat prevention.
Seamless Integration: Integrates with cloud environments for unified security management.

What are the primary benefits or ROI to expect from SentinelOne Singularity Cloud Security?

Enhanced Threat Mitigation: Improved security against real-time threats.
Reduced Manual Intervention: Automated processes save time and resources.
Scalability: Easily adapts to growing security requirements.
Centralized Management: Manage security across platforms from a single console.
Advanced Threat Intelligence: Provides in-depth analysis and protection.

In specific industries, SentinelOne Singularity Cloud Security is implemented to safeguard critical data and infrastructure. Organizations in finance, healthcare, and technology depend on its real-time threat detection and automated response to protect sensitive information. Its ability to secure containerized applications and virtual machines is particularly valuable in dynamic environments where rapid scaling is necessary.

Check Point CloudGuard CNAPP is a cloud-native application protection platform designed to secure your cloud environments and applications. By combining CSPM, CWPP, CSNS, and WAF capabilities, it provides a comprehensive solution to protect your cloud environment from a wide range of threats.

CloudGuard CNAPP delivers end-to-end cloud security, including workload protection, vulnerability management, and identity management, all while maintaining continuous compliance. It uses advanced AI to detect and prevent threats, offering protection for containers, serverless applications, and APIs. CloudGuard CNAPP also emphasizes simplifying security management, integrating directly with cloud platforms like AWS, Azure, and GCP.

CloudGuard CNAPP provides customers with more context to drive actionable security and smarter prevention, from code-to-cloud, across the application lifecycle. More Context Means Actionable Security, Smarter Prevention. The primary components are:

Unified & Modular Platform - A single platform unifying SAST, CSPM, DSPM, CIEM, CWPP, WAF, and Cloud Detection and Response.
Continuous Cloud Security - Automatic enforcement of security requirements and internal policies from development to runtime.
Real-time Detection & Protection - Real-time incidents and vulnerability detection with a single-click or automated remediation.

What are the key features of CloudGuard CNAPP?

Workload Protection: Secures cloud-based workloads, including VMs, containers, and serverless functions, from vulnerabilities and attacks.
Posture Management: Continuously monitors cloud configurations and assets to ensure compliance with security standards and policies.
Threat Prevention: Uses AI-driven threat detection to block malware, ransomware, and zero-day exploits in real-time.
Compliance Automation: Automates compliance checks and ensures adherence to industry regulations, such as GDPR, HIPAA, and PCI-DSS.
Identity and Access Management (IAM) Protection: Secures identities by managing access policies and detecting misconfigurations in permissions.

What are the key benefits to consider?

Improved Cloud Visibility: Provides clear insights into cloud environments, assets, and workloads, helping teams detect misconfigurations and vulnerabilities early.
Risk Reduction: Threat prevention features help reduce the risk of breaches by identifying and blocking potential attacks before they can exploit system weaknesses.
Operational Efficiency: Automated compliance and posture management reduce the manual work needed to maintain security standards.
Multi-cloud Support: CloudGuard CNAPP integrates across AWS, Azure, and Google Cloud, streamlining security operations for hybrid and multi-cloud deployments.

Check Point CloudGuard CNAPP simplifies cloud security management with integrated protection and automation.

Prisma Cloud by Palo Alto Networks is a cloud security solution used for cloud security posture management, cloud workload protection, container security, and code security. It provides visibility, monitoring, and alerting for security issues in multi-cloud environments.

The solution is user-friendly, easy to set up, and integrates with SIEM for generating alerts and reports. Its most valuable features include security features, monitoring capabilities, reporting, compliance monitoring, vulnerability dashboard, data security features, and multi-cloud capabilities. Prisma Cloud has helped organizations by providing comprehensive protection, automating workflows, simplifying troubleshooting, and improving collaboration between SecOps and DevOps.

Prisma Cloud Features

Prisma Cloud offers comprehensive security coverage in all areas of the cloud development lifecycle:

Code security: Protect configurations, scan code before it enters production, and integrate with other tools.
Security posture management: Monitor posture, identify and remove threats, and provide compliance across public clouds.
Workload protection: Secure hosts and containers across the application lifecycle.
Network security: Gain network visibility and enforce micro segmentation.
Identity security: Enforce permissions and secure identities across clouds.

Benefits of Prisma Cloud

Unified management: All users use the same dashboards built via shared onboarding, allowing cloud security to be addressed from a single agent framework.
High-speed onboarding: Multiple cloud accounts and users are onboarded within seconds, rapidly activating integrated security capabilities.
Multiple integration options: Prisma Cloud can integrate with widely used IDE, SCM, and CI/CD workflows early in development, enabling users to identify and fix vulnerabilities and compliance issues before they enter production. Prisma Cloud supports all major workflows, automation frameworks, and third-party tools.

Reviews from Real Users

Prisma Cloud stands out among its competitors for a number of reasons. Two major ones are its integration capabilities, as well as its visibility, which makes it very easy for users to get a full picture of the cloud environment.

Alex J., an information security manager at Cobalt.io, writes, “Prisma Cloud has enabled us to take a very strong preventive approach to cloud security. One of the hardest things with cloud is getting visibility into workloads. With Prisma Cloud, you can go in and get that visibility, then set up policies to alert on risky behavior, e.g., if there are security groups or firewall ports open up. So, it is very helpful in preventing configuration errors in the cloud by having visibility. If there are issues, then you can find them and fix them.”

Luke L., a cloud security specialist for a financial services firm, writes, “You can also integrate with Amazon Managed Services. You can also get a snapshot in time, whether that's over a 24-hour period, seven days, or a month, to determine what the estate might look like at a certain point in time and generate reports from that for vulnerability management forums.”

Sample Customers

Information Not Available

Symantec, Citrix, Car and Driver, Virgin, Cloud Technology Partners

Amgen, Genpact, Western Asset, Zipongo, Proofpoint, NerdWallet, Axfood, 21st Century Fox, Veeva Systems, Reinsurance Group of America

Check Point CloudGuard CNAPP vs. Prisma Cloud by Palo Alto Networks