Provides multi-cloud security visibility, but requires customisation and is great for AWS and Kubernetes, but average for Azure and OCIPrisma Cloud is based on acquisitions, which is both a pro and con. Palo Alto Networks made it fast to the market, however, they are now catching up and trying to integrate their acquired solutions into the Prisma Cloud platform. Ability to See the Full Picture of Risk: The main hurdle from user standpoint for me was the ability to see the full picture without effort. This was still true when I last used it in April 2024. A user has to switch between the modules to get different pieces of information. To see the CWPP data, you need to switch to that module. To see the code security part, you need to switch to the Code Security module. It is the same story with CSPM. At least two competitors of Prisma Cloud offer a better experience when it comes to visualisation of data. They show the full view of a risk (what Prisma Cloud claims to do, but does not do well). The good news - Prisma Cloud is catching up and has slightly improved over time. The User Interface: I simply didn't like the first one, then they changed it and made it even worse. But that might be a matter of preference, not an actual negative. Ease of Building Custom Policies: The RQL and APIs are poorly documented, which significantly complicates building of custom policies. There should be no expectation that someone without a clue on how cloud services are constructed can effectively write custom policies using any of CNAPP offerings available in the market, however, this is especially true for Prisma Cloud. When we compare Prisma Cloud with competitors, for sure, it is much more difficult to create custom policies because the APIs themselves are not that well documented. When discussing this topic with their Professional Services engineer who was assigned to the project, the person admitted that at times it is trial and error path to building custom policies. The JSON preview feature did help to improve it, but you still need to guess which API to pick to get what you want. With all that said, Prisma Cloud offers a powerful custom policy building engine, and when a skilled person works on it, they can do advanced queries, joining the results of different APIs for example and using them to futher build the custom policy. Quality Control Issues: During the year-long project while working on alert triage, I encountered a number of CIEM policies that were displaying odd results, which were reported to the Customer Success team and were addressed with an update. This was an indicator that these built-in policies have not been tested that much, since the issue that was identified was impacting all users.
