Try our new research platform with insights from 80,000+ expert users

Prisma Cloud by Palo Alto Networks vs Trivy comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Feb 19, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

SentinelOne Singularity Clo...
Sponsored
Ranking in Container Security
3rd
Average Rating
8.8
Reviews Sentiment
7.9
Number of Reviews
107
Ranking in other categories
Vulnerability Management (6th), Cloud and Data Center Security (5th), Cloud Workload Protection Platforms (CWPP) (4th), Cloud Security Posture Management (CSPM) (3rd), Cloud-Native Application Protection Platforms (CNAPP) (3rd), Compliance Management (2nd)
Prisma Cloud by Palo Alto N...
Ranking in Container Security
1st
Average Rating
8.4
Reviews Sentiment
7.3
Number of Reviews
108
Ranking in other categories
Web Application Firewall (WAF) (6th), Cloud Security Posture Management (CSPM) (2nd), Cloud-Native Application Protection Platforms (CNAPP) (1st), Data Security Posture Management (DSPM) (1st)
Trivy
Ranking in Container Security
16th
Average Rating
8.6
Reviews Sentiment
7.5
Number of Reviews
8
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of April 2025, in the Container Security category, the mindshare of SentinelOne Singularity Cloud Security is 2.1%, up from 1.0% compared to the previous year. The mindshare of Prisma Cloud by Palo Alto Networks is 13.9%, down from 17.7% compared to the previous year. The mindshare of Trivy is 5.5%, up from 0.7% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Container Security
 

Featured Reviews

Andrew W - PeerSpot reviewer
Tells us about vulnerabilities as well as their impact and helps to focus on real issues
Looking at all the different pieces, it has got everything we need. Some of the pieces we do not even use. For example, we do not have Kubernetes Security. We are not running any K8 clusters, so it is good for us. Overall, we find the solution to be fantastic. There can be additional education components. This may not be truly fair to them because of what the product is going for, but it would be great to see additional education for compliance. It is not a criticism of the tool per se, but anything to help non-development resources understand some of the complexities of the cloud is always appreciated. Any additional educational resources are always helpful for security teams, especially those without a development background.
Mohammad Qaw - PeerSpot reviewer
It gives you one console to see all of your assets, review their configurations, and build your processes
Most customers use Prisma Cloud for visibility and compliance. Prisma has so many features, but many organizations do not use them. They primarily use the visibility part to connect all their cloud accounts and hosts for visibility to see if they are missing any security controls or if they have any misconfigurations. You can connect it to cloud environments such as Azure, AWS, Oracle Cloud, Alibaba, etc., or to an on-prem data center. Prisma Cloud gives you so many options to automate processes related to your daily operations. When it comes to cybersecurity, you can automate things with their existing APIs. They also have out-of-the-box integrations with many solutions. I have not seen any limitations. Everything is customizable. You can do whatever you want, defining the reporting and custom use cases. They recently updated the UI, so it's much better than before.
Utsav Sharma - PeerSpot reviewer
Maintain operational efficiency by detecting misconfigurations and vulnerabilities
The vulnerability scanning feature is excellent as it supports various container capabilities like Docker and Sharma. It also offers repository scanning in the source code domain, allowing pre-push code scans. The misconfiguration detection works well for CloudFormation, Docker files, and Terraform. Its compliance support, like NIST, ensures that configurations align with standards. Trivy helps me significantly detect misconfigurations missed by the ops engineers or in Terraform by the naked eye. It ensures that my deployments are free of misconfigurations and vulnerabilities.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable aspects of PingSafe are its alerting system and the remediation guidance it provides."
"SentinelOne stands out with its responsiveness to feature requests for Singularity Cloud Security."
"The mean time to detect has been reduced."
"Cloud Security has provided a single view to observe all workloads, prioritization for handling cloud assets, and reduced noise by distinguishing false positives effectively."
"I recommend SentinelOne due to its high-security capabilities, which are essential to safeguard data and systems from potential threats."
"It is pretty easy to integrate with this platform. When properly integrated, it monitors end-to-end."
"The most valuable features are automated threat response, AI detection, and static and dynamic detection."
"Singularity Cloud Security's most valuable features are its ease of scalability and comprehensive security measures."
"The framework to configure controls is pretty good; it's pretty sophisticated. We can implement a fair amount of testing for a fair number of controls."
"You can also integrate with Amazon Managed Services. You can also get a snapshot in time, whether that's over a 24-hour period, seven days, or a month, to determine what the estate might look like at a certain point in time and generate reports from that for vulnerability management forums."
"As a pure-play CSPM, it is pretty good. From the data exposure perspective, Prisma Cloud does a fairly good job. Purely from the perspective of reading the conflicts, it is able to highlight any data exposures that I might be having."
"The policies that come prepackaged in the tool have been very valuable to us. They're accurate and they provide good guidance as to why the policy was created, as well as how to remediate anything that violates the policy."
"The solution gives us a lot of visibility across all of our cloud solutions."
"Prisma Cloud's most valuable feature is its user identification capabilities."
"Integration is very easy. And because it supports security that spans multi- and hybrid-cloud environments, it's very easy to use."
"What I like most about Prisma Cloud is its zero-day signatures, maximum security, minimal downtime, cloud visibility, control, and ease of deployment."
"The most valuable feature of Trivy is its easy integration with the CI/CD pipeline."
"Overall, I would rate Trivy a ten out of ten."
"It is open-source."
"It's customizable, allowing me to add any rules and format HTML templates as I wish."
"I appreciate Trivy for being open-source and not requiring any payment."
"I definitely recommend Trivy."
"I can see vulnerabilities in the images of any applications deployed in the Kubernetes environment or as container applications."
"Trivy's open source nature and wide functionality are incredibly valuable."
 

Cons

"A vulnerability alert would appear, and we'd fix it, but then the same alert would return the next day."
"A few YouTube videos could be helpful. There isn't a lot of information out there to look at."
"After closing an alert in Cloud Native Security, it still shows as unresolved."
"I believe the UI/UX updates for SentinelOne Singularity Cloud Security have room for improvement."
"There's an array of upcoming versions with numerous features to be incorporated into the roadmap. Customers particularly appreciate the service's emphasis on intensive security, especially the secret scanning aspect. During the proof of concept (POC) phase, the system is required to gather logs from the customer's environment. This process entails obtaining specific permissions, especially in terms of gateway access. While most permissions for POC are manageable, the need for various permissions may need improvement, especially in the context of security."
"When we request any changes, they must be reflected in the next update."
"In addition to our telecom and Slack channels, it would be helpful to receive Cloud Native Security security notifications in Microsoft Teams."
"When we get a new finding from PingSafe, I wish we could get an alert in the console, so we can work on it before we see it in the report. It would be very useful for the team that is actively working on the PingSafe platform, so we can close the issue the same day before it appears in the daily report."
"Some module customization might be needed and certain features like adding custom labels are currently unavailable unless we have administrator access."
"The Fargate security microservice that's running doesn't support blocking features, which would be helpful. Another issue is the lifecycle. It isn't easy to upgrade if we have a console in Fargate."
"Palo Alto should work on ease-of-use and the user-friendliness to be more competitive with some competing products."
"In terms of securing cloud-native development at build time, a lot of improvement is needed. Currently, it's more a runtime solution than a build-time solution. For runtime, I would rate it at seven out of 10, but for build-time there is a lot of work to be done."
"While the code security feature has undergone recent enhancements, there is room for improvement in terms of its cost module."
"For some custom policies, we need more features."
"The alignment of Twistlock Defender agents with image repositories needs improvement. These deployed agents have no way of differentiating between on-premise and cloud-based image repositories. If I deploy a Defender agent to secure an on-premise Kubernetes cluster, that agent also tries to scan my ECR image repositories on AWS. So, we have limited options for aligning those Defenders with the repositories that we want them to scan. It is scanning everything rather than giving us the ability to be real granular in choosing which agents can scan which repositories."
"Getting new guys trained on using the solution requires some thought. If someone is already trained on Palo Alto then he's able to adapt quickly. But, if someone is coming from another platform such as Fortinet, or maybe he's from the system side, that is where we need some help. We need to find out if there is an online track or training that they can go to."
"Currently, the container image scanning is static. A dynamic scanning capability during runtime would be a significant advantage."
"In our CI/CD pipelines, Trivy lacks built-in functionality for report analysis."
"Trivy can improve by providing an output in PDF format. Additionally, it takes longer to scan container images built with many layers."
"For malware detection, I need to use two tools: Trivy as my anomaly scanner and ClamAV. I am integrating these two tools into the CI pipeline. If both malware and anomaly detection could be managed by one tool, I would not need to depend on two tools."
"The only problem is that Trivy does not support reporting features such as generating reports in CSV, which is useful for auditing and reporting."
"The reporting could be a little better. When integrating Trivy with CI, the interpretation of the reports could be improved."
"A dynamic scanning capability during runtime would be a significant advantage."
"In our CI/CD pipelines, Trivy lacks built-in functionality for report analysis."
 

Pricing and Cost Advice

"The price depends on the extension of the solution that you want to buy. If you want to buy just EDR, the price is less. XDR is a little bit more expensive. There are going to be different add-ons for Singularity."
"Its pricing was a little less than other providers."
"PingSafe is less expensive than other options."
"PingSafe's primary advantage is its ability to consolidate multiple tools into a single user interface, but, beyond this convenience, it may not offer significant additional benefits to justify its price."
"It's not expensive. The product is in its initial growth stages and appears more competitive compared to others. It comes in different variants, and I believe the enterprise version costs around $55 per user per year. I would rate it a five, somewhere fairly moderate."
"It is not that expensive. There are some tools that are double the cost of PingSafe. It is good on the pricing side."
"PingSafe is affordable."
"As a partner, we receive a discount on the licenses."
"The pricing is competitive; for the most part, the security firms have similar prices."
"One thing we're very pleased about is how the licensing model for Prisma is based on work resources. You buy a certain amount of work resources and then, as they enable new capabilities within Prisma, it just takes those work resource units and applies them to new features. This enables us to test and use the new features without having to go back and ask for and procure a whole new product, which could require going through weeks, and maybe months, of a procurement process."
"It is fairly priced. However, its price can be better so that small banks or small organizations can afford it and adopt it to secure their environment and data."
"The licensing cost is a bit high on the compute side."
"Prisma Cloud by Palo Alto Networks has helped the company save some money. Cost-wise, it's okay."
"If you pay for three years of Palo Alto, it's better. If you're planning on doing this, it's obviously not going to be for one year, so it's better if you go with a three-year license... The only challenge we have is with the public cloud vendor pricing. The biggest lesson I have learned is around the issues related to pricing for public cloud. So when you are doing your segmentation and design, it is extremely important that you work with someone who knows and understands what kinds of needs you will have in the future and how what you are doing will affect you in terms of costs."
"Its licensing cost depends on the type of license such as the business license or the enterprise license. The enterprise license is costlier than the business license, but we get more visibility and more modules. If you have a multi-cloud environment and subscribe to each cloud's native CSPM tool, it is costly. If you are using a single tool like Prisma Cloud, with a single license, you can monitor all environments, such as Google Cloud, Azure, AWS, and Oracle Cloud. The cost of Prisma Cloud is less than the cost of subscribing to the CSPM tool of each cloud provider. This is where Prisma Cloud can save costs."
"This solution is good for a company with at least 400 people that must be connected remotely. For smaller companies, it can be too expensive."
Information not available
report
Use our free recommendation engine to learn which Container Security solutions are best for your needs.
842,767 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
17%
Financial Services Firm
16%
Manufacturing Company
9%
Government
5%
Educational Organization
17%
Financial Services Firm
13%
Computer Software Company
13%
Manufacturing Company
9%
Computer Software Company
16%
Financial Services Firm
15%
Manufacturing Company
11%
Government
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about PingSafe?
The dashboard gives me an overview of all the things happening in the product, making it one of the tool's best featu...
What is your experience regarding pricing and costs for PingSafe?
It is cost-effective compared to other solutions in the market.
What needs improvement with PingSafe?
In version 2, a lot of rules have been deployed for Kubernetes security and CDR, which makes a lot of issues of criti...
What is your primary use case for Prisma Cloud by Palo Alto Networks ?
Prisma Cloud helps support DevSecOps methodologies, making those responsibilities easier to manage.
What Cloud-Native Application Protection Platform do you recommend?
We like Prisma Cloud by Palo Alto Networks, since it offers us incredible visibility into our entire cloud system. We...
What do you think of Aqua Security vs Prisma Cloud?
Aqua Security is easy to use and very manageable. Its main focus is on Kubernetes and Docker. Security is a very valu...
What needs improvement with Trivy?
One drawback I have observed with Trivy is the difficulty in building or integrating a UI, particularly for an operat...
What is your primary use case for Trivy?
The main use case for Trivy is to scan Docker images or packages for CVEs, specifically for vulnerabilities. I use th...
What advice do you have for others considering Trivy?
I rate Trivy an eight out of ten. This rating reflects its open-source nature, comprehensive scanning capabilities, a...
 

Also Known As

PingSafe
Prisma Public Cloud, RedLock Cloud 360, RedLock, Twistlock, Aporeto
No data available
 

Overview

 

Sample Customers

Information Not Available
Amgen, Genpact, Western Asset, Zipongo, Proofpoint, NerdWallet, Axfood, 21st Century Fox, Veeva Systems, Reinsurance Group of America
Information Not Available
Find out what your peers are saying about Prisma Cloud by Palo Alto Networks vs. Trivy and other solutions. Updated: January 2025.
842,767 professionals have used our research since 2012.