Cortex Cloud by Palo Alto Networks Reviews

We are using it for monitoring our cloud environment and detecting misconfigurations in our hosted accounts in AWS or Azure.

As the security operations team, our job is to monitor for misconfigurations and potential incidents in our environment. This solution does a good job of monitoring those for us and of alerting us to misconfigurations before they become potential security incidents or problems.

We've set the tool up so that it provides feedback directly to the teams responsible for their AWS or cloud accounts. It has been really helpful by getting information directly to the teams. They can see what the problem is and they can fix it without us having to go chase them down and tell them that they have a misconfiguration.

The solution secures the entire spectrum of compute options such as hosts and VMs, containers and Containers as a Service. We are not using the container piece as yet, but that is a functionality that we're looking forward to getting to use. Overall, it gives us fantastic visibility into the cloud environment.

Prisma Cloud also provides the data needed to pinpoint root cause and prevent an issue from occurring again. A lot of that has to do with the policies that are built into the solution and the documentation around those policies. The policy will tell the user what the misconfiguration is, as well as give them remediation steps to fix the misconfiguration. It speeds up our remediation efforts. In some of the cases, when my team, the security team, gets involved, we're not necessarily experts in AWS and wouldn't necessarily know how to remediate the issue that was identified. But because the instructions are included as part of the Prisma Cloud product, we can just cut and paste it and provide it to the team. And when the teams are addressing these directly, they also have access to those remediation instructions and can refer them to figure out what they need to do to remediate the issue and to speed up remediation on misconfigurations. 

In some cases, these capabilities could be saving us hours in remediation work. In other cases, it may not really be of value to the team. For example, if an S3 bucket is public facing, they know how to fix that. But on some of the more complex issues or policies, it might otherwise take a lot more work for somebody to figure out what to do to fix the issue that was identified.

In terms of the solution’s ability to show issues as they are discovered during the build phases, I can only speak to post-deployment because we don't have it integrated earlier in the pipeline. But as far as post-deployment goes, we get notified just about immediately when something comes up that is misconfigured. And when that gets remediated, the alert goes away immediately in the tool. That makes it really easy in a shared platform like this, where we have shared responsibility between the team that's involved and my security operations team. It makes it really easy for us to be able to go into the tool and say, "There was an alert but that alert is now gone and that means that the issue has been resolved," and know we don't have to do any further research.

For the developers, it speeds up their ability to fix things. And for my team, it saves us a ton of time in not having to potentially investigate each one of those misconfigurations to see if it is still a misconfiguration or not, because it's closed out automatically once it has been remediated. On an average day, these abilities in the solution save my team two to three hours, due to the fact that Prisma Cloud is constantly updating the alerts and closing out any alerts that are no longer valid.

The policies that come prepackaged in the tool have been very valuable to us. They're accurate and they provide good guidance as to why the policy was created, as well as how to remediate anything that violates the policy. 

The Inventory functionality, enabling us to identify all of the resources deployed into a single account in either AWS or Azure, or into Prisma Cloud as a whole, has been really useful for us.

And the investigate function that allows us to view the connections between different resources in the cloud is also very useful. It allows us to see the relationship traffic between different entities in our cloud environment.

The integration of the Compute function into the cloud monitoring function—because those are two different tools that are being combined together—could use some more work. It still feels a little bit disjointed.

Also, the permissions modeling around the tool is improving, but is still a little bit rough. The concept of having roles that certain users have to switch between, rather than have a single login that gives them visibility into all of the different pieces, is a little bit confusing for my users. It can take some time out of our day to try to explain to them what they need to do to get to the information they need.

I have been using Palo Alto Prisma Cloud for about a year and a half.

We really have had very few issues with the stability. It's been up, it's been working. We've had, maybe, two or three very minor interruptions of the service and our ability to log in to it. In each case there was a half an hour or an hour, at most, during which we were unable to get into it, and then it was resolved. There was usually information on it in the support portal including the reason for it and the expectation around when they would get it back up.

It seems to scale fine for us. We started out with 10 to 15 accounts in there and we're now up to over 200 accounts and, on our end, seemingly nothing has changed. It's as responsive as it's ever been. We just send off our logs. Everything seems to integrate properly with no complaints on our side.

We have nearly 600 users in the system, and they're broken out into two different levels. There are the full system administrators, like myself and my team and the security team that is responsible for our cloud environment as a whole. We have visibility across the entire environment. And then we have the development teams and they are really limited to accessing their specific accounts that are deployed into Prisma Cloud. They have full control over those accounts.

For our cloud environments, the adoption rate is pretty much 100 percent. A lot of that has to do with that automated deployment we created. A new account gets started and it is automatically added to the tool. All of the monitoring is configured and everything else is set up by default. You can't build a new cloud account in our environment without it getting added in. We have full coverage, and we intend to keep it that way.

Tech support has been very responsive. They are quick to respond to tickets and knowledgeable in their responses. Their turnaround time is usually 24 to 48 hours. It's very rare that we would open anything that would be considered a high-priority ticket or incident. Most of the stuff was lower priority and that turnaround was perfectly acceptable to us.

This is our first tool of this sort.

The initial setup was really straightforward. We then started using the provided APIs to do some automated integration between our cloud environment and Prisma Cloud. That has worked really well for us and has streamlined our deployment by a good deal. However, what we found was that the APIs were changing as we were doing our deployment. We started down the path we created with some of those integrations, and then there were undocumented changes to the APIs which broke our integrations. We then had to go back and fix those integrations.

What may have happened were improvements in the API on the backend and those interfered with what we had been doing. It meant that we had to go back and reconfigure that integration to make it work. My understanding from our team that was responsible for that is that the new integration works better than the old integration did. So the changes Palo Alto made were an improvement and made the environment better, but it was something of a surprise to us, without any obvious documentation or heads-up that that was going to change. That caught us a little bit out and broke the integration until we figured out what had changed and fixed it.

There is only a learning curve on the Compute piece, specifically, and understanding how to pivot between that and the rest of the tool, for users who have access to both. There's definitely a learning curve for that because it's not at all obvious when you get into the tool the first time. There is some documentation on that, but we put together our own internal documentation, which we've shared with the teams to give them more step-by-step instructions on what it is that they need to do to get to the information that they're looking for.

The full deployment took us roughly a month, including the initial deployment of rolling everything out, and then the extended deployment of building it to do automated deployments into new environments, so that every new environment gets added automatically.

Our implementation strategy was to pick up all of the accounts that we knew that we had to do manually, while we were working on building out that automation to speed up the onboarding of the new accounts that we were creating.

We did all of that on our own, just following the API documentation that they had provided. We had a technical manager from Palo Alto with whom we were working as we were doing the deployment, but the automated deployment work that we did was all on our own and all done internally.

At this point, we really don't have anybody dedicated to deployment because we've automated that process. That has vastly simplified our deployment. Maintenance-wise, as it is a SaaS platform, we don't really have anybody who works on it on a regular basis. It's really more ad hoc. If something is down, if we try to connect to it and if we can't get into the portal or whatever the case may be, then somebody will open a ticket with support to see what's going on.

We have seen ROI although it's a little hard to measure because we didn't have anything like this before.

The biggest areas of ROI that we've seen with it have been the uptake by the organization, the ease of deploying the tool—especially since we got that full automation piece created and taken care of—as well as the visibility and the speed at which somebody can start using the tool. I generally give employees about an hour or two of training on the tool and then turn them loose on it, and they're capable of working out of it and getting most of the value. There are some things that take more time to get up to speed on, but for the most part, they're able to get up to speed pretty quickly, which is great.

The pricing and the licensing are both very fair.

There aren't any costs in addition to the standard licensing fees, at this time. My understanding is that at the beginning of 2021 they're not necessarily changing the licensing model, but they're changing how some of the new additions to the tool are going to be licensed, and that those would be an additional cost beyond what we're paying now.

The biggest advice I would give in terms of costs would be to try to understand what the growth is going to look like. That's really been our biggest struggle, that we don't have an idea of what our future growth is going to be on the platform. We go from X number of licenses to Y number of licenses without a plan on how we're going to get from A to B, and a lot of that comes as a bit of a surprise. It can make budgeting a real challenge for it. If an organization knows what it has in place, or can get an idea of what its growth is going to look like, that would really help with the budgeting piece.

We had looked at a number of other tools. I can't tell you off the top of my head what we had looked at, but Prisma Cloud was the tool that we had always decided that we wanted to have. This was the one that we felt would give us the best coverage and the best solution, and I feel that we were correct on that.

The big pro with Prisma Cloud was that we felt it gave us better visibility into the environment and into the connections between entities in the cloud. That visualization piece is fantastic in this tool. We felt like that wasn't really there in some of the other tools. 

Some of the other tools had a little bit better or broader policy base, when we were initially looking at them. I have a feeling that at this point, with the rate that Palo Alto is releasing new policies and putting them into production, that it is probably at parity now. But there was a feeling, at the time, among some of the other members of the team that Palo Alto came up short and didn't have as many policies as some of the other tools that we were looking at.

I would highly recommend automating the process of deploying it. That has made just a huge improvement on the uptake of the tool in our environment and in the ease of integration. There's work involved in getting that done, but if we were trying to do this manually, we would never be able to keep up with the rate that we've been growing our environment.

The biggest lesson I've learned in using this solution is that we were absolutely right that we needed a tool like this in our environment to keep track of our AWS environment. It has identified a number of misconfigurations and it has allowed us to answer a lot of questions about those misconfigurations that would have taken significantly more time to answer if we were trying to do so using native AWS tools.

The tool has an auto-remediation functionality that is attractive to us. It is something that we've discussed, but we're not really comfortable in using it. It would be really useful to be able to auto-remediate security misconfigurations. For example, if somebody were to open something up that should be closed, and that violated one of our policies, we could have Prisma Cloud automatically close that. That would give us better control over the environment without having to have anybody manually remediate some of the issues.

Prisma Cloud also secures the entire development lifecycle from build to deploy to run. We could integrate it closer into our CI/CD pipeline. We just haven't gone down that path at this point. We will be doing that with the Compute functionality and some of the teams are already doing that. The functionality is there but we're just not taking advantage of it. The reason we're not doing so is that it's not how we initially built the tool out. Some of the teams have an interest in doing that and other teams do not. It's up to the individual teams as to whether or not it provides them value to do that sort of an integration.

As for the solution's alerts, we have them identified at different severities, but we do not filter them based on that. We use those as a way of prioritizing things for the teams, to let them know that if it's "high" they need to meet the SLA tied to that, and similarly if it's "medium" or "low." We handle it that way rather than using the filtering. The way we do it does help our teams understand what situations are most critical. We went through all of the policies that we have enabled and set our priority levels on them and categorized them in the way that we think that they needed to be categorized. The idea is that the alerts get to the teams at the right priority so that they know what priority they need to assign to remediating any issues that they have in their environment.

I would rate the solution an eight out of 10. The counts against it would be that the Compute integration still seems to need a little bit of work, as though it's working its way through things. And some of the other administrative pieces can be a little bit difficult. But the visibility is great and I'm pretty happy with everything else.

Previously, we were primarily using Amazon Web Services in a product division. We initially deployed RedLock (Prisma Cloud) as a PoC for that product division. Because it is a large organization, we knew that there were Azure and GCP for other cloud workloads. So, we needed a multi-cloud solution. In my current role, we are primarily running GCP, but we do have some presence in Amazon Web Services as well. So, in both those use cases, the multi-cloud functionality was a big requirement.

We are on the latest version of Prisma Cloud.

It is very important that Prisma Cloud provides security spanning multi-cloud environments, where you have Amazon, Azure, and GCP multiple cloud environments. Being able to centralize all those assets, have visibility, and set some policies and rules within one dashboard when you have multiple cloud accounts is a big advantage.

The comprehensiveness of Prisma Cloud for securing the entire cloud-native development lifecycle was shown when Palo Alto bought Twistlock and integrated in some of the container security pieces, particularly for containers, Docker, and Kubernetes, and building in the Prismic Cloud Compute tab. Having that functionality from Twistlock more focused on Docker and containers filled in some of the space where the original Prisma RedLock piece was a little more focused on just the API, e.g., passive scanning. The integration of Twistlock into Prisma Cloud Compute definitely expanded this functionality into the container and Docker space, which is a big growth area in the cloud as well.

Prisma Cloud has enabled us to take a very strong preventive approach to cloud security. One of the hardest things with cloud is getting visibility into workloads. With Prisma Cloud, you can go in and get that visibility, then set up policies to alert on risky behavior, e.g., if there are security groups or firewall ports open up. So, it is very helpful in preventing configuration errors in the cloud by having visibility. If there are issues, then you can find them and fix them. 

Educates and trains cloud operators on how to better design their different cloud and infrastructure deployments. Prisma Cloud has very good remediation steps built in. So, if you do find an issue, they will give you steps on, "Here is how you go into the Console and make this change to close out this issue, preventing this in the future." So, it is a strong tool for the prevention and protection of the cloud, in general.

We have gone in and done some tuning to remove alerts that were false positives. That reduced some of the alerts. Then, as our team has gone in and fixed issues, we have seen from the metrics and tracking of Prisma Cloud that alerts have been reduced.

The compliance tabs were helpful just to have visibility into the assets as well as the asset management tabs. In the cloud, everything is very dynamic and ephemeral. So, being able to see dynamic asset inventory for what we have in cloud environments was a huge plus. Just to have that visibility in a dashboard instead of having to dump things into a spreadsheet, e.g., you are trying to do asset inventory and spreadsheets, then five minutes later it changes cause the cloud is dynamic. So, the asset inventory and compliance tabs are strong. 

When the cloud team makes a change that may introduce some risk, then we get alerts.

We pretty heavily used the Resource Query Language (RQL) and the investigate tab to find what instances and cloud resources are externally facing and might be higher risk, looking for particular patterns in the resources. 

Prisma Cloud provides the following in a single pane of glass within a dashboard: Cloud Security Posture Management, Cloud Workload Protection, Cloud Network Security, and Cloud Infrastructure Entitlement Management. It is particularly challenging, especially in a multi-cloud environment, where you would have to log into your Google Cloud, then look for your infrastructure and alerting within Google. In addition, you have to switch over to Amazon and log into an AWS Console to do some work with Amazon. Having that central visibility across multiple cloud environments is definitely important when you have different sources and different dashboards for the cloud, which will still be separate, but you still have some centralization within that dashboard.

The solution’s security automation capabilities are definitely good. We use some of the automation within the alerting, where if Prisma Cloud detected a change and there was a certain threshold, e.g., if it was above a medium or a high risk issue, then we would send off an alert that would go to our infrastructure team/Slack channel, creating a Jira ticket. The automation with Slack and Jira have been very good feature points. 

The Prisma Cloud tool identifies for the security team the resource in the cloud that is the offender, such as, the context, the resource in the cloud, what is the cloud account, and the cloud environment that the resource is in. Then, there is always very good context on remediation, e.g., how do we go in and fix that issue? Do we either go through automation or log into the Cloud Console to do some remediation? The alerts include the context that is needed as well as the risk ranking and severity, whether it is a high, medium, or low issue.

The Prisma Cloud Console always has good remediation steps, whether it is going into the Console, updating a Cloud Formation, or Terraform scripts. The remediation guidance is always very helpful from Prisma Cloud.

Some of the usability within the Compute functionality needs improvement. I think when Palo Alto added on the Twistlock functionality, they added a Compute tab on the left side of the navigation. Some of the navigation is just a little dense. There is a lot of navigation where there is a tab and dropdowns. So, just improving some of the navigation where there is just a very dense amount of buttons and drop-down menus, that is probably the only thing, which comes from having a lot of features. Because there are a lot of buttons, just navigating around the platform can be a little challenging for new users.

They could improve a little bit of the navigation, where I have to kind of look through a lot of the different menus and dropdowns. Part of this just comes from it having so many awesome features. However, the navigation can sometimes be a little bit like, "I can't remember where the tab was," so I have to click and search around. This is not a big negative point, but it is definitely an area for improvement.

I started using this solution when it was still called RedLock. Before Palo Alto bought RedLock, I used RedLock for about a year and then for another year or two once Palo Alto bought them, rebranding them as Prisma Cloud. So, I have been using it for about three or four years.

It is very stable and solid. We haven't really had any issues with the dashboard. The availability is there. The ability to log in and get near real-time data on our cloud environment is very good. Overall, the stability and accessibility has been good.

We use it pretty much daily, several days a week. We are licensed for 200 workloads in Prisma Cloud.

We are definitely still working on maturing some of our operations. We have a pretty small infrastructure team; just two engineers who are focused on infrastructure. We are trying to automate as much as we can, and Prisma Cloud supports most of that. There are still some cases where you have to log into the Console and do some clicking around. However, for the most part, we are trying to automate as much as we can to scale those operations with a very small infrastructure and security team.

Their customer and technical support is very good. They helped us on scoping, getting an estimate for how many workloads and resources that we had. Their support team helped us through some issues on the configuration in the API on the Defender side. We had a couple questions that came up and the customer success and support engineers were very responsive and helpful. 

The sales team was really good. We leveraged some of our relationships, working extensively with some of the leadership at Palo Alto in Unit 42 on their threat team. The sales team gave us a pretty good deal right before the end of the year, last year. So, we were able to get a good discount, so we were able to get the purchase done. Overall, it was a good experience.

This was a new implementation for our company.

Deploying the baseline for Prisma Cloud, its API configuration, was straightforward. To set up the API roles and hook in the API connectivity, we were able to do that within a couple of hours. The Prisma Cloud piece at the API level was very quick. The Defender agents were a bit more complicated because we had to deploy the Compute Defender agents into our containers, Docker, and Kubernetes. That was a little more complex, because we were deploying, not just connecting an API. We were deploying agents within our environment. So, the API side was very simple and fast. The Defender side was a bit more complicated.

We are still working on expanding and deploying some more Defender agents. The API piece was deployed within about a week, which was very fast. On the Defender side, with the infrastructure team's input, it took us several weeks to get the Defender agents deployed.

When we deployed Prisma Cloud, we established some baselines for security and our infrastructure team for what was running in the cloud. They were using some automation and scripting. They thought everything was okay with the script: We just run a script and it deploys this server and infrastructure in the cloud. What we found was that there were some misconfigurations. They had a default script that was opening up some ports that were not needed. So, we worked with the infrastructure team, went back, and said, "Okay, these ports were uncovered with our Prisma Cloud scanning. Is there a business use? Is there any valid reason for these ports to be open?" The team said, "No we don't really need these ports." It was just a default that we need to deploy in Google or AWS. It was just a default that was added in. So, we worked with them to go back and change some of their defaults, then change some of their scripts. Now, in future cases, when they deploy the Terraform script, it would make sure that those ports are automatically closed.

We purchased directly from Palo Alto. We didn't use a system integrator. We purchased directly from them and went through their support team. I have a good relationship with the sales and customer success team at Palo Alto just from past relationships. So, we did a direct purchase.

We will eventually see return on investment just out of the automation and the ability to scale the platform up.

We have reduced alert investigation times by approximately a couple hours a week.

The pricing is good. They gave us some good discounts right at the end of the year based on the value that it brings, visibility, and the ability to build in cloud, compliance, and security within one dashboard. 

We did look at a couple other vendors who do similar cloud workload protections. Based on the relationships that we have with Palo Alto, we knew that Palo Alto was kind of the leader in this space. We had hands-on experience with the tool and Palo Alto was also a customer of ours. So, we had some strong relationships and Palo Alto was the leader. 

We did some demos with different tools that were not as comprehensive. We had some tools that we looked at which just focused more on the container side and some that focused more on the cloud API layer. Since Prisma Cloud has unified some of these different pieces into one platform, we ultimately decided that Prisma Cloud was going to be the best solution for us.

It is a good tool. Work with your stakeholders and cloud teams to implement Prisma Cloud within as many environments as you can to get that rich amount of data, then come up with a strong strategy for integrations and alerting. Prisma Cloud has a lot of integrations out-of-the-box, like ServiceNow, Jira, and Slack. Understand what your business teams need as well as what your engineering and developers need. Try to work on the integrations that allow for the maximum amount of integration and automation within a cloud environment. So, work with your business teams to come up with a plan for how to implement it in your cloud, then how to best integrate the tooling and alerting.

While Prisma Cloud does have the ability to do auto-remediation, which is a part of their automation, we didn't turn any of that on now because those features have a tendency to sometimes break things. For example, it will automatically shut down a security group or server that can sometimes have an impact into availability. So, we don't use any of the auto-remediation features, but we do have automation setup with Jira and Slack to create tickets and events for our ticketing and infrastructure teams/Slack channels.

We definitely want to continue to explore and build-in some of the Shift Left principles, getting the tool into our dev cycles earlier. We do have some plans to expand more on the dev side. I am hiring an AppSec engineer who will be focused more on the development and AppSec side. That is something that is in our roadmap. It has just been something that we have been trying to work on and get into our backlog of a lot of projects.

I would rate this solution as a nine out of 10.

We currently leverage Prisma Cloud's Cloud Security Posture Management and Cloud Workload Protection Platform modules and plan to migrate to their full Cloud Native Application Protection Platform solution for a more holistic security approach.

Our security system uses three major CSPMs, ingesting logs and integrating them with a central CSPM page for visibility. We also incorporate identity and document management systems. Prisma Cloud's detection tool based on its policies provides initial alerts, with our SOC team focusing on the most relevant ones. We leverage a modified threat framework combining NTSF and MITRE to monitor key policy areas like malware, unauthorized access, phishing, data loss, and system failures. Within Prisma, we categorize policies based on our organization's priorities, using custom tags to identify them and create dashboards. Webhooks then send these alerts to our SIEM platform for further analysis.

Prisma Cloud offers security spanning across multi-cloud and hybrid cloud deployments, supporting industry leaders like Google Cloud Platform, Microsoft Azure, Amazon Web Services, Alibaba Cloud, and Oracle Cloud.

Prisma Cloud simplifies compliance with regulations, a crucial security aspect for large organizations, by providing full visibility into our cloud environments. This eliminates the time-consuming need to manually check configurations within each cloud service provider. With Prisma Cloud's single pane of glass view, everything can be done in one place, saving us an average of 15-20 percent of the time compared to the previous method of having a dedicated person manage each CSP individually.

Automation streamlines report delivery and notification generation. It can also integrate with various third-party services like Slack, Jira, Microsoft Teams, and Microsoft Sentinel, allowing for further automated notifications and actions within those platforms.

Our cloud visibility was limited before Prisma Cloud. Now, we have a good level of insight, not perfect, but significantly improved. We can monitor new deployments, configurations, and overall activity. This is crucial because most organizations, like ours, are increasingly cloud-based. Stricter regulations require compliance, and Prisma Cloud simplifies this. They offer pre-built compliance standards so we can easily generate reports, ensuring we meet our obligations.

While Prisma Cloud delivered as promised, realizing its full benefits in our large organization took several months. Due to the size and complexity of our internal communication and collaboration structures, it naturally took time for everyone to fully understand and adopt the platform's capabilities.

Prisma Cloud offers timely runtime alerts when properly configured. These alerts integrate well with our SIEM and are easy to understand. However, the majority stem from the CSPM module, as CWPP typically necessitates manual investigation for actionable insights. Prisma Cloud has reduced the runtime alerts by 20 percent.

Our initial Prisma Cloud deployment has already delivered a 5 percent cost saving, and we expect these savings to grow as we expand its use across our cloud environment.

Our primary focus right now is compliance. This means having clear visibility into our organization's security posture. Additionally, agentless scanning with Prisma Cloud is important for us. While we're also interested in the Cloud Workload Protection Platform, it's important to consider that our environment includes both containers and virtual machines. Overall, the most valuable features for us in Prisma Cloud are those that provide visibility, ensure compliance with regulations, and help us align our on-premises servers and cloud environments with mandated security standards.

Prisma Cloud stands out as a user-friendly and powerful CSPM solution thanks to its comprehensive capabilities, built-in features, and flexible tagging system. It simplifies cloud security by automatically connecting to numerous cloud service providers and pulling relevant information for our use, minimizing the need for manual configuration and troubleshooting.

Prisma Cloud's preventative approach to cloud security can be complex, especially for features like automated certificates. These require specific access permissions for Prisma Cloud, introducing dependencies and additional configuration steps.

While Prisma Cloud offers agent-based deployment for comprehensive visibility and control, agent dependencies and user resistance can create hurdles. Improved agentless scanning capabilities from Prisma Cloud would be ideal, but currently, agents remain necessary for optimal visibility.

Prisma Cloud is a powerful security platform, but like any similar tool, it won't eliminate the need for occasional manual interaction with our CSPs. While Prisma Cloud can handle many tasks, some actions might still require us to log directly into our CSP account.

The CSP logs could be improved by providing more visibility into the specific logs Prisma is feeding. Since CSP has multiple versions and Prisma might be receiving different logs than expected, it would be helpful to have a clearer indication of the log types or more detailed logs themselves. This would allow us to verify if we're receiving everything or missing something. While Prisma Cloud offers log searching, it requires queries to navigate the vast amount of data. Ideally, Prisma could integrate a simpler way to view the logs it's collecting without extensive searching.

Some module customization might be needed and certain features like adding custom labels are currently unavailable unless we have administrator access. This limitation can be frustrating and I would like to have this functionality included in Prisma Cloud.

I have been using Prisma Cloud for two years.

I would rate the stability of Prisma Cloud seven out of ten. Occasionally when we have an issue it can take some time to resolve.

I would rate the scalability of Prisma Cloud nine out of ten.

We have a dedicated account manager who provides support whenever needed. While they're always responsive, responses may occasionally take some time.

Positive

Despite being a cloud-based solution designed for easy deployment, Prisma Cloud's initial setup took a few months due to our team's workload on other projects. Fortunately, only two people were required for the actual deployment process, which itself is straightforward as long as the necessary network connectivity is established beforehand.

Prisma Cloud's licensing system functions as expected with a solid licensing infrastructure.

In our evaluation of Wiz and Aqua Cloud Security Platform, we investigated their capabilities to address detection rule limitations in Prisma Cloud CSPM. We were hoping to find alternative solutions offering broader rejection capabilities. However, both Wiz and Aqua require agents for in-depth details, similar to Prisma Cloud. While neither excelled in overall detection capabilities, Wiz impressed us with its integration of external alerts. Unlike Prisma Cloud, Wiz allows for easy visibility and filtering of alerts from AWS Guard Duty, a significant advantage.

I would rate Prisma Cloud by Palo Alto Networks eight out of ten.

Prisma Cloud offers built-in security automation for tasks like remediating misconfigurations. For instance, it can automatically adjust a non-compliant AWS configuration, but only if you grant the necessary permissions. While this is useful, a SOAR solution like XSOAR can provide a fuller approach to security automation.

Over 50 people in multiple departments within our organization USE.

Prisma Cloud required minor maintenance for platform updates and policy changes that need to be reviewed.

While many Cloud Security Posture Management tools offer similar features, consider your budget before choosing Prisma Cloud. Some CSPMs bundle all functionalities into one package, forcing you to pay for everything even if you don't need it. Prisma Cloud, on the other hand, allows you to purchase only the modules relevant to your organization's needs. Additionally, Palo Alto is a well-established vendor in the market.

We use it for mobile access, and we probably will also adopt a direct connection to our small branch offices across Europe.

Prisma Cloud has improved the response time and the availability of our applications on-premises and on the cloud for our users in many different countries in Western Europe, Eastern Europe, and the United States.

We use it for our mobile users. Prisma Cloud is a very strong and robust platform that improves endpoint security. The COVID-19 pandemic made us realize that we should be able to permit more or less 50% of our employees to work confidently and securely from home.

Prisma Cloud provides security across multi-cloud and hybrid-cloud environments. We already have developed a direct connection between the Prisma Cloud platform and the Azure Cloud solution. We also have integration with the AWS cloud where most of our servers are now located. It was absolutely a strategic choice for us.

We have decided to adopt almost all the security features that Prisma Cloud offers, such as DNS security, threat prevention, vulnerability analysis, anti-phishing, email, and so on. We did not use Prisma Cloud for security automation capabilities. We have a very specific application for the OTC environment, and we prefer to maintain this environment completely separate from the other world of traditional information technology applications.

Prisma Cloud helps with cloud security, but we are also managing security at many different levels. We have endpoint protection, firewalls, SIEM, and log collectors. We also have dedicated probes that work silently to discover any anomalies, such as zero-day threats, that could be there. We have a Palo Alto firewall, and this cloud solution also has some predefined level of security managed by the cloud provider.

Prisma Cloud provides the visibility and control we need, regardless of how complex or distributed our cloud environments become. We can very quickly and easily analyze the clusters, the connections, and so on. We have very good control over the data flow and any possible security problems. It increases our confidence in our security and compliance postures.

About 50% of our people work from a private network, not inside the company. The protection of the endpoints is more difficult than the protection inside the office. Prisma Cloud can elevate the level of security for people who are working from home or are traveling to another country and so on.

Prisma Cloud provides us with a single tool to protect all of our cloud resources and applications, without having to manage and reconcile disparate security and compliance reports. Prisma Cloud is used by remote users that are working from home, and that is it. It makes our operations easier.

I have daily evidence of any possible new threats that could appear. I get to know how often a threat was blocked and from which client these threats were blocked. We can then very quickly contact the user if there is a compromised endpoint.

Prisma Cloud sends the email and data to the administrative IT staff in case a very severe threat appears. So far, we have not received any alerts related to severe threats.

Prisma Cloud has reduced a lot of our alert investigation time. We have perfect visibility of every single connection from our colleagues who are working from home, a hotel, or any other place. We have activated a mechanism by which the VPN connection is mandatory as soon as the end users switch their computers on. If I have a severe alert, I could investigate the related bad behavior and node in 10 to 15 minutes.

We found it to be easy and flexible. We could easily configure it for our needs, and we could spread the Prisma Cloud platform to 16 countries without encountering any kind of problem.

It can be too expensive for small companies.

In terms of features, I wouldn't add anything specific. They did a major improvement in the field of reporting. It can automatically produce statistics on usage and so on. This aspect was not very well developed at the beginning of the project, but now, there is a very big improvement in this specific field. Reporting is better than the previous versions, so at the moment, for our needs, the solution is good enough. We might need something in the future, but at the moment, we are not asking Palo Alto for any new developments.

We have been using this solution for half a year. We started the project at the beginning of this year, and at the moment, we have about 2,100 people who use this solution.

It is very stable. The platform is quite robust and available. From the time the project was released to other countries, we received one or two tickets for a sporadic problem for some users.

We have 4,000 licenses. We have Prisma Cloud in 16 different countries with a total of about 2,100 people. We do not have a large presence in the Extreme East or Middle East, but we have people connecting from Europe and also from Russia. It works perfectly.

Its usage will increase when there is a new acquisition or there is a new office somewhere in the world. 

The customer support is good and professional. I would rate them a ten out of ten.

Positive

We did not use any similar solution before. We adopted the same VPN technology based on the on-premise firewall that we already had, but there was a very big consumption of bandwidth. It was sometimes a little bit difficult to manage a high number of remote users, and this problem was completely solved by Prisma Cloud.

I was involved in its deployment. It took us about nine months to implement it.

In terms of the implementation strategy, we started with deciding about the site of our company that should be directly connected to Prisma Cloud. We produced an inventory of the applications and identified whether they are located on-premise, on Azure cloud, or on AWS cloud. We then started to configure the server and endpoints inside Prisma Cloud. We established the service connection between the site and Prisma Cloud, and we started to develop the solution for the end users. We selected a subset of users. We selected about 100 people from different departments in different countries to be sure that the solution was working properly in every country and every application environment.

We received very professional and qualified support from both Palo Alto technicians and a platinum partner that normally assists us in developing Palo Alto technologies.

We had two people from Palo Alto for implementation. We had one senior engineer and one junior engineer from Palo Alto. We had two engineers from our partner. We did not have a lot of staff.

In terms of maintenance, Prisma Cloud is subject to periodic updates, and we follow what is required by Palo Alto. For maintenance, we have a colleague of mine and one person from our partner.

It was a good investment because now we can manage so many remote users without any problems.

The platform is not famous for being cheap. It is quite expensive, but we know that we have the protection, so there is enough value for what we pay for. It is worth the money.

It takes more or less nine months to realize its benefits.

This solution is good for a company with at least 400 people that must be connected remotely. For smaller companies, it can be too expensive.

There are no costs in addition to standard licensing. We pay based on the number of users. We have 4,000 user licenses, and we use more or less 60% of our licenses.

We evaluated solutions from Cato Networks and Palo Alto. Because we have quite a large installation of Palo Alto's firewall and in-depth knowledge of this technology, we decided to adopt Prisma Cloud.

I am very satisfied with Prisma Cloud, and we do not have any plans to change to anything else. I am confident that we will retain this solution for a long time.

Overall, I would rate Prisma Cloud a ten out of ten. We have received very positive feedback regarding this solution. I would recommend it to others.

We use Prisma Cloud by Palo Alto Networks for our cloud security posture management.

Prisma Cloud by Palo Alto Networks has multiple aspects that help protect the full cloud-native stack. We are not concerned with just one cloud at the enterprise level; we are focused on the multiple cloud environments we have. The solution provides us with a comprehensive dashboard and a comprehensive view of our cloud security posture. Furthermore, the solution not only covers the security posture but also informs us of our compliance with leading industry standards.

The solution does have security automation capabilities, but we do not use much of it in this case. We use automation for the alerts; if there are any misconfigurations, the alerts are automated. However, we do not mitigate any specific items using automation, as that is something we have not configured. We prefer to first look at the problem manually, and then take action against it.

There is no single comprehensive cloud security solution. We will need to use multiple tools, such as those offered by Palo Alto Networks and Check Point. Every security firm has a range of products, so if we consider all of them, we can have anti-virus, anti-malware, vulnerability assessment solutions, EDP software, and cloud security posture management. We need to evaluate each tool, and Prisma and Check Point both offer good solutions, including next-generation firewalls.

The solution provides the visibility and control we need, regardless of how complex or distributed our cloud environment becomes.

The solution can enable us to incorporate security into our CI/CD pipeline and add checkpoints to existing DevOps processes. From an automation standpoint, we enabled certain monitoring features. However, the remediation steps are still manual. This can be integrated into our DevOps pipeline, though some of the features are not being used as we prefer to keep it manual.

The solution provides us with a single tool to protect all of our cloud resources and applications, without having to manage and reconcile disparate security and compliance reports.

The solution reduced runtime alerts. We don't need to receive all the runtime alerts every time, as they will overwhelm us with messages. People often neglect this. Depending on the situation, generally, only very important alerts should be sent. I prefer that the solution be configured for when there is a major business impact. For minor alerts and notifications, we can still check the dashboard. Generally, we monitor the dashboards at certain times. We don't need to be alerted for everything, as this will defeat the purpose of this mechanism.

The solution significantly improved the time taken to investigate alerts by 40 percent with the alert monitoring and all its mechanisms, we receive our critical alerts quickly via email. We can even configure the remediation, although we have not done so yet. 

I appreciate the multi-cloud support that this solution provides; I can use it with AWS, Microsoft Azure, and Google Cloud. I find the ability to configure alerts and monitor misconfigurations in the cloud to be particularly useful, and we take advantage of this feature as well.

Prisma Cloud by Palo Alto Networks is an impressive solution. The solution continuously assesses our security posture, making it the ideal preventive measure. If any misconfigurations occur, I am immediately notified of any unnecessary ports that are open in my cloud. This alerting system allows me to take the necessary steps to secure it before any attack can occur, making it the best preventive measure for our cloud.

I now extensively use cloud security posture management. There needs to be a mechanism that allows me to manually configure compliance more easily. Currently, it requires programming knowledge, so if someone without hardware programming knowledge could customize certain features to their requirements, it would be very helpful.

I have been using the solution for five months.

The solution is stable because it is a SaaS offering.

Nowadays, all cloud solutions are scalable; scalability should be a given feature and does not need to be asked for.

A maximum of ten people have administrative-level access, which will be used by 50 to 60 Security Operations Center personnel. This personnel must log in with various role-based access rights. In total, we have around 70 people using the solution.

In my previous project, we had a dedicated team associated with the account, so we did not have to pay for support. This was beneficial because, most of the time, we would go to our account team instead of the technical support, and our issues would be resolved quickly.

Positive

The initial setup is seamless. We only need to integrate our API key and connect it.

The deployment took one hour.

I can see one return on investment due to continuous monitoring. Before, we had a few staff members who monitored our environment, but now the alerting and other processes happen automatically, so there is a good ROI in terms of resources. Additionally, the security posture of the environment is increased and fewer incidents occur, which improves our response time and resource efficiency. There are also indirect ROIs.

The pricing is competitive; for the most part, the security firms have similar prices. Therefore, I believe it is competitive and a good investment. The solution is good quality, so I would not hesitate to invest in Prisma Cloud by Palo Alto Networks.

I give the solution a nine out of ten.

I absolutely recommend Prisma Cloud by Palo Alto Networks at an enterprise level because the solution is an enterprise-grade product.

Primarily the intent was to have a better understanding of our cloud security posture. My remit is to understand how well our existing estate in cloud marries up to the industry benchmarks, such as CIS or NIST, or even AWS's version of security controls and benchmarks.

When a stack is provisioned in a cloud environment, whether in AWS or Azure or Google Cloud, I can get an appreciation of how well the configuration is in alignment with those standards. And if it's out of alignment, I can effectively task those who are accountable for resources in clouds to actually remediate any identifiable vulnerabilities.

The solution is really comprehensive. Especially over the past three to four years, I was heavily dependent on AWS-native toolsets and config management. I had to be concerned about whether there were any permissive security groups or scenarios where logging might not have been enabled on S3 buckets, or if we didn't have encryption on EBS volumes. I was quite dependent on some of the native stacks within AWS.

Prisma not only looks at the workloads for an existing cloud service provider, but it looks at multiple cloud service providers outside of the native stack. Although the native tools on offer within AWS and Azure are really good, I don't want to be heavily dependent on them. And with Google, where they don't have a security hub where you can get that visibility, then you're quite dependent on tools like Prisma Cloud to be able to give you that. In the past, that used to be Dome9 or Evident.io. Palo Alto acquired Evident.io, and that became rebranded as this cloud posture management solution. It's proven really useful for me.

It integrates capabilities across both cloud security posture management and cloud workload protection. The cloud security posture management is what it was initially intended for, looking at configuration of cloud service workloads for AWS, Azure, Google, and Alibaba. And you can look at how the configuration of certain workloads align to standards of CIS, NIST, PII, etc.

And that brings our DevOps and SecOps teams closer together. The engineering aspect is accountable for provisioning dedicated accounts for cloud consumers within the organization. There might be just an entity within the business that has a specific use case. You then want to go to ensure that they take accountability for building their services in the cloud, so that it's not just a central function or that engineering is solely responsible. You want something of a handoff so that consumers of cloud within the organization can also have that accountability, so that it's a shared responsibility. Then, if you're in operations, you have visibility into what certain workloads are doing and whether they're matching the standards that have been set by the organization from a risk perspective.

You've also got the software engineering side of the business and they might just be focused on consuming base images. They may be building container environments or even non-container environments or hosting VMs. They also have a level of accountability to ensure that the apps or packages that they build on top of the base image meet a certain level of compliance, depending on what your business risk-appetite is. So it's really useful in that you've got that shared accountability and responsibility. And overall, you can then hand that off to security, vulnerability management, or compliance teams, to have a bird's-eye view of what each of those entities is doing and how well they're marrying up to the expected standards.

Prior to Prisma cloud, you'd have to have point solutions for container runtime scanning and image scanning. They could be coupled together, but even so, if you were running multiple cloud service providers in parallel, you could never really get the whole picture from a governance perspective. You would struggle to actually determine, "Okay, how are we doing against the CIS benchmark for Azure, GCP, and AWS, and where are the gaps that we need to address from a governance and a compliance perspective so as to reduce our risk and the threat landscape?" Now that you've got Prisma Cloud, you can get that holistic view in a single pane of glass, especially if you're running multiple cloud workloads or a number of cloud workloads with one cloud service provider. It gives you the ability to look at private, public, or hybrid offerings. It saves me having to go to market and also run a number of proofs of concepts for point solutions. It's an indication of how the market has matured and how Palo Alto, with Prisma Cloud in particular, understands what their consumers and clients want.

It can certainly help reduce alert investigation times, because you've got the detail that comes with the alert, to help remediate. The level of detail offered up by Prisma Cloud, for a given engineer who might not be that familiar with a specific type of configuration or a specific type of alert, saves the engineer having to delve into runbooks or online resources to learn how to remediate a particular alert. You have to compare it to a SIEM solution where you get an event or an alert is triggered. It's usually based on a log entry and the engineer would have to then start to investigate what that alert might mean. But with Prisma Cloud and Prisma Cloud Compute, you get that level of detail off the back of every event, which is really useful.

It's hard to quantify how much time it might save, but think about the number of events and what it would be like if they didn't have that level of detail on how to remediate, each time an event occurred. Suppose you had a threshold or a setting that was quite conservative, based on a particular cloud workload, and that there were a number of accounts provisioned throughout the day and, for each of those accounts, there were a number of config settings that weren't in alignment with a given standard. For each of those events, unless there was that level of detail, the engineer would have to look at the cloud service provider's configuration runbooks or their own runbooks to understand, "Okay, how do I change something from this to this? What's the polar opposite for me to get this right?" The great thing about Prisma Cloud is that it provides that right out-of-the-box, so you can quickly deduce what needs to be done. For each event, you might be saving five or 10 minutes, because you've got all the information there, served up on a plate.

For me, what was valuable from the outset was the fact that, regardless of what cloud service provider you're with, I could segregate visibility of specific accounts to account owners. For example, at AWS, you might have an estate that's solely managed by yourself, or there might be a number of teams within the organization that do so.

You can also integrate with Amazon Managed Services. You can also get a snapshot in time, whether that's over a 24-hour period, seven days, or a month, to determine what the estate might look like at a certain point in time and generate reports from that for vulnerability management forums. In addition to that, I can get a snapshot of what I deemed were the priority vulnerabilities, whether it was identity access management, key rotation, or secrets management. Whatever you deem to be a priority for mitigating threats for your environment, you can get that as a snapshot.

You can also automate how frequently you want reports to be generated. You can then understand whether there has been any improvement or reduction in vulnerabilities over a certain time period.

The solution also enables you to ingest logs to your preferred SIEM provider so that you've got a better understanding of how things stack up with event correlation and SIEM systems.

If you've got an Azure presence, you might be using Office 365 and you might also have a presence in Google Cloud for the data, specifically. You might also want to look at scenarios where, if you're using tools and capabilities for DevOps, like Slack, you can plug those into Prisma Cloud as well to understand how well they marry up to vulnerabilities. You can also use it for driving out instant vulnerabilities into Slack. That way, you're looking at what your third-party SaaS providers are doing in relation to certain benchmarks. That's really useful as well.

In addition, an engineer may provision something like a shared service, a DNS capability, a sandbox environment, or a proof of concept. The ability to filter alerts by severity helps when reporting on the services that have been provisioned. They'll come back as a high, medium, or low severity and then I ensure that we align with our risk-appetite and prioritize higher and medium vulnerabilities so that they are closed out within a given timeframe.

When it comes to root cause, Prisma Cloud is quite intuitive. If you have an S3 bucket that has been set to public but, realistically, it shouldn't have been, you can look at how to remediate that quite intuitively, based on what the solution offers up as a default setting. It will offer up a way to actually resolve and apply the correct settings, in line with a given standard. There's almost no thinking involved. It's on-point and it's as if it offers up the specific criteria and runbooks to resolve particular vulnerabilities.

That assists security, giving them an immediate way to resolve a given conflict or misalignment. The time-savings are really incomparable. If you were to identify a vulnerability or a risk, you might have to draw up what the remediation activity should look like. However, what Prisma Cloud does is that it actually presents you with a report on how to remediate. Alternatively, you can have dynamic events that are generated and applied to Slack, for example. Those events can then be sent off to a JIRA backlog or the like. The engineers will then look at what that specific event was, at what the criteria are, and it will tell them how to remediate it without their having to set time aside to explain it. The whole path is really intuitive and almost fully automated, once it's set up.

One scenario, in early days, was in trying to get a view on how you could segregate account access for role-based access controls. As a DevSecOps squad, you might have had five or six guys and girls who had access to the overall solution. If you wanted to hand that off to another team, like a software engineering team, or maybe just another cloud engineering team, there were concerns about sharing the whole dashboard, even if it was just read-only. But over the course of time, they've integrated that role-based access control so that users should only be able to view their own accounts and their own workloads, rather than all of the accounts.

Another concern I had was the fact that you couldn't ingest the accounts into Prisma Cloud in an automated sense. You had to manually integrate them or onboard them. They have since driven out new features and capabilities, over the last 12 months, to cater for that. At an organizational level you can now plug that straight into Prisma Cloud, as and when new accounts are provisioned or created. Then, by default, the AWS account or the Azure account will actually be included, so you've got visibility straight away.

The lack of those two features was a limitation as to how far I could actually push it out within the organization for it to be consumed. They've addressed those now, which is really useful. I can't think of anything else that's really causing any shortcomings. It's everything and more at the moment.

I've been using Prisma Cloud for about 12 months now

It's pretty straightforward to run an automated setup, if you want to go down that route. The capabilities are there. But in terms of how we approached it, it was like a plug-and-play into our existing stack. Within AWS, you just have to point Prisma Cloud at your organizational level so that you can inherit all the accounts and then you have the scanning capability and the enforcement capability, all native within Prisma Cloud. There's nothing that we're doing that's over and above, nothing that we would have to automate other than what is actually provided natively within Prisma Cloud. I'm sure if you wanted to do additional automation, for example if you wanted to customize how it reports into Slack or how it reports into Atlassian tools, you could certainly do that, but there's nothing that is that complex, requiring you to do additional automation over and above what it already provides.

I haven't gone about calculating what the ROI might be.

But just looking at it from an operational engineering perspective and the benefits that come with it, and when it comes to the governance and compliance aspects of running AWS cloud workloads, I now put aside half an hour or an hour on a given day of the week, or alternative days of the week. I use that time to look at what the client security posture is, generate a number of reports, and hand them off to a number of engineering teams, all a lot quicker than I used to be able to do so two or three years ago.

In the past, at times I would have had to run Trusted Advisor from AWS, to look at a particular account, or run a number of reports from Trusted Advisor to look at multiple accounts. And with Trusted Advisor, I could never get a collective view on what the overall posture was of workloads within AWS. With Prisma Cloud, I can just select 30 AWS accounts, generate one report, and I've got everything I need to know, out-of-the-box. It gives me all the different services that might be compliant/non-compliant, have passed/failed, and that have high, medium, or low vulnerabilities. It has saved me hours being able to get those snapshots.

I can also step aside by putting an automated report in place and receive that on a weekly basis. I've also got visibility into when new accounts are provisioned, without my having to keep tabs on whether somebody has just provisioned a new account or not. The hours that are saved with it are really quite high.

As it stands now, I think things have moved forward somewhat. Prisma and the suite of tools by Palo Alto, along with the fact that they have integrated Prisma Cloud Compute as a one-stop shop, have really got it nailed. They understand that not all clients are running container workloads. They bring together point solutions, like what used to be Twistlock, into that whole ecosystem, alongside a cloud security posture management system, and they'll license it so that it's favorable for you as a consumer. You can think about how you can have that presence and not then be dependent on multiple third-parties.

Prisma cloud was originally destined for cloud security posture management, to determine how the configuration of cloud services aligns with given standards. Through the evolution of the product, they then integrated a capability they call Prisma Cloud Compute. That is derived from point solutions for container and image scanning. It has the capabilities on offer within a single pane of glass.

Prior to the given scenario with Prisma Cloud, you'd have to either go to Twistlock or Aqua Security for container workloads. If you were going open source, obviously that would be free, but you'd still have to be looking at independent point solutions. And if you were looking at governance and compliance, you'd have to look at the likes of Dome9, Evident.io, and OpenSCAP, in a combination with Trusted Advisor. But the fact that you can just lean into Prisma Cloud and have those capabilities readily available, and have an account manager that is priced based on workloads, makes it a favorable licensing model.

It also makes the whole RFP process a lot more streamlined and simplified. If you've got a purchasing specialist in-house, and then heads-of-functions who might have a vested interest in what the budget allocation is, from either a security perspective or from a DevOps cloud perspective, it's really quite transparent. They work the pricing model in your favor based on how you want to actually integrate with their products. From my exposure so far, they have been really flexible on whatever your current state is, with a view to what the future state might be. There's no hard sell. They "get" the journey that you're on, and they're trying to help you embrace cloud security, governance, and compliance as you go. That works favorably for them as well, because the more clients that they can acquire and onboard, the more they can share the experience, helping both the business and the consumer, overall.

Prior to Prisma cloud, I was looking at Dome9 and Evident.io. Around late 2018 to early 2019, Palo Alto acquired Evident.io and made it part of their Prisma suite of security tools.

At the time, the two that were favorable were Evident.io and Dome9, side-by-side, especially when running multiple AWS accounts in parallel. At the time, it was Dome9 that came out as more cost-effective. But I actually preferred Evident.io. It just happened to be that we were evaluating the Prisma suite and then discovered that Palo Alto had acquired Evident.io. For me that was really useful. As an organization, if we were already exploring the capabilities of Palo Alto and had a commercial presence with them, to then be able to use Prisma Cloud as part of that offering was really good for me as a security specialist in cloud. Prior to that, if as an organization you didn't have a third-party cloud security posture management system for AWS, you were heavily dependent on Trusted Advisor.

My advice is that if you have the opportunity to integrate and utilize Prisma Cloud you should, because it's almost a given that you can't get any other cloud security posture management system like Prisma Cloud. There are competitors that are striving to achieve the same types of things. However, when it comes to the governance element for a head of architecture or a head of compliance or even at the CSO level, without that holistic view, if you use one of them you are potentially flying blind. 

Once you've got a capability running in the cloud and the associated demand that comes through from the business to provision accounts for engineers or technical service owners or business users, the given is that not every team or every user that wants to consume the cloud workload has the required skill set to do so. There's a certain element of expertise that you need to securely run cloud workloads, just as is needed for running applications or infrastructure on-premise. However, unless you have an understanding of what you're opening up to—the risk element to running cloud workloads, such as a potential attacks or compromise of service—from an organizational perspective, it's only a matter of time before something is leaked or something gets compromised and that can be quite expensive to have to manage. There are a lot of unknowns. 

Yes, they do give you capabilities, such as Trusted Advisor, or you might have OpenSCAP or you might be using Forseti for Google Cloud, and there are similar capabilities within Azure. However, the cloud service providers aren't native security vendors. Their workloads are built around infrastructure- or platform-as-a-service. What you have to do is look at how you can complement what they do with security solutions that give you not just the north-south view, but the east-west as well. You shouldn't just be dependent on everything out-of-the-box. I get the fact that a lot of organizations want to be cloud-first and utilize native security capabilities, but sometimes those just don't give you enough. Whether you're looking at business-risk or cyber-risk, for me, Prisma Cloud is definitely out there as a specialist capability to help you mitigate the threat landscape in running cloud workloads.

I've certainly gone from a point where I understood what the risk was in not having something like this, and that's when I was heavily dependent on native tools that are offered up with cloud service providers. 

The first release that came out didn't include the workload management, because what happened, I believe, was that Palo Alto acquired Twistlock. Twistlock was then "framed" into cloud workload management within Prisma Cloud. What that meant was that you had a capability that looks at your container workloads, and that's called Prisma Cloud Compute, which is all available within a single pane of glass, but as a different set of capabilities. That is really useful, especially when you're running container workloads.

In terms of securing the entire development life cycle, if you integrate it within the Jenkins CI/CD pipeline, you can get the level of assurance needed for your golden images or trusted image. And then you can look at how you can enforce certain constraints for images that don't match the level of compliance required. In terms of going from what would be your image repository, when that's consumed you have the capability to look at what runtime scanning looks like from a container perspective. It's not really on par with, or catering to, what other products are looking at in terms of SAST and DAST capabilities. For those, you'd probably go to the market and look at something like Veracode or WhiteHat.

It all depends on the way an organization works, whether it has a distributed or centralized setup. Is there like a central DevOps or engineering function that is a single entity for consuming cloud-based services, or is there a function within the business that has primarily been building capabilities in the cloud for what would otherwise be infrastructure-as-a-service for internal business units? The difficulty there is the handoff. Do you look at running it as a central function, where the responsibility and the accountability is within the DevOps teams, or is that a function for SecOps to manage and run? The scenario is dependent on what the skill sets are of a given team and what the priorities are of that team. 

Let's say you have a security team that knows its area and handles governance, risk, and compliance, but doesn't have an engineering function. The difficulty there is how do you get the capability integrated into CI/CD pipelines if they don't have an engineering capability? You're then heavily relying on your DevOps teams to build out that capability on behalf of security. That would be a scenario for explaining why DevOps starts integrating with what would otherwise be CyberOps, and you get that DevSecOps cycle. They work closer together, to achieve the end result. 

But in terms of how seamless those CI/CD touchpoints are, it's a matter of having security experts that understand that CI/CD pipeline and where the handoffs are. The heads of function need to ensure that there's a particular level of responsibility and accountability amongst all those teams that are consuming cloud workloads. It's not just a point solution for engineering, cloud engineering, operations, or security. It's a whole collaboration effort amongst all those functions. And that can prove to be quite tricky. But once you've got a process, and the technology leaders understand what the ask is, I think it can work quite well.

When it comes to reducing runtime alerts, it depends on the sensitivity of the alerting that is applicable to the thresholds that you set. You can set a "learning mode" or "conservative mode," depending on what your risk-appetite is. You might want it to be configured in a way that is really sensitive, so that you're alerted to events and get insights into something that's out of character. But in terms of reducing the numbers of alerts, it all depends on how you configure it, based on the sensitivity that you want those alerts to be reporting on.

I would rate Prisma Cloud at eight out of 10. It's primarily down to the fact that I've got a third-party tool that gives me a holistic view of cloud security posture. At the click of a button I can determine what the current status is of our threat landscape, in either AWS or Azure, at a conflict level and at a workload level, especially with regards to Prisma Cloud Compute. It's all available within a single pane of glass. That's effectively what I was after about two or three years ago. The fact that it has now come together with a single provider is why I'd rate it an eight.

We are using CSPM, IM Security, and Cloud Workload Protection modules.

There are different use cases for Prisma Cloud. Our use case for the CSPM module is to assess compliance with standards such as HIPAA and GDPR, based on our current cloud CSV vendor and configuration. We need to use a CSPM tool to calculate the risk score associated with our current compliance posture.

Some of the reasons we implemented Prisma Cloud were to find the total number of assets in the compliance asset inventory and use the CSPM to assess our workload security. If we have a container environment, we can secure it using cloud workload protection. Additionally, IM Security can help us to determine if our saved credentials are exposed to the public network.

Prisma Cloud provides security for multi- and hybrid-cloud environments. This is the best use case for supporting multi-cloud vendors because, even if we have different cloud service providers, such as AWS, Azure, or GCP, we can manage and view all data in a single, consolidated screen.

All cloud service providers have limitations when it comes to cloud-native stack visibility. Prisma Cloud integrates with all CSPs, switches and correlates the data, and provides complete configuration details for alerts and incidents.

Prisma Cloud's security automation capabilities are effective, allowing us to specify our audit criteria and key configuration audit parameters to detect and automatically remediate misconfigurations. We also have playbooks to automate remediation.

It helps us take a preventative approach to cloud security. We recently received an incident alert for a resource with a security group that allows all ports, which is not a best practice. We will send a notification to the DevOps team and make a change to only allow the necessary ports. We can also automate this process to automatically remove all port access and only allow specific limited ports. Additionally, we can proactively define security keys for our servers and identify and fix vulnerabilities.

We have improved our organization in many ways. The first benefit is that we have from Prisma Cloud a complete asset inventory of all our cloud resources across all CSP vendors. This includes the number of assets and the number of VM instances currently running. This is a valuable use case, as it provides us with visibility into our entire cloud environment. The second benefit is that Prisma Cloud can help us identify misconfigured assets. This is also a valuable use case, as it helps us to ensure that our cloud resources are configured securely. The third benefit is that Prisma Cloud can help us to identify unusual access to our cloud resources. This can be helpful in identifying and responding to security threats. For example, if a user logs into a cloud instance from India and then two hours later logs into the same instance from the US, this could be a sign that the user's account has been compromised. Prisma Cloud can alert us to this type of activity so that we can investigate and take appropriate action.

The comprehensiveness in securing the entire cloud-native development lifecycle is great. We have integrated this solution with our CI/CD pipeline tools, so it scans and validates code in real-time, only allowing legitimate code to be processed further and executed.

It provides us with the visibility and control we need. At first, we may receive many alerts, but once we fine-tune them to generate genuine alerts only for legitimate traffic, our confidence in our security and compliance posture increases.

It also makes it easy to integrate our security with our existing CI/CD pipeline.

Prisma Cloud provides us with a single tool to protect all of our cloud resources and applications without having to manage and reconcile security tools.

Prisma Cloud provides clear visibility into risks at runtime and across the entire pipeline, showing issues as they are discovered. Our developers are able to correct the issues using just a few tools.

Prisma Cloud has reduced our runtime alerts by 20 percent. It reduced our alert investigation time to ten minutes. It also has saved us between 30 to 40 percent of our costs.

CSPM is the most valuable feature for any organization that runs its workloads in the cloud. CSPM can audit the current cloud configuration, identify misconfigurations, and assess risk.

If a customer is already running their workloads in the cloud and wants to secure them, Defender emails can be used to easily identify potential risks. Additionally, the CI/CD pipeline can be scanned to identify any vulnerabilities in the code that developers have written. When code is uploaded, it will be validated and only legitimate code will be applied to the production application. This means that no vulnerabilities will be present in the code.

CSPM can also be used to scan existing infrastructure for vulnerabilities.

The IM security has room for improvement. I would like more important features added.

I have been using Prisma Cloud by Palo Alto Networks for three years.

Prisma Cloud is stable.

Prisma Cloud is scalable.

The technical support is good.

Positive

The initial deployment was straightforward. All components can be deployed in one day, but the CSPM alone only takes half an hour.

Ten people were required for the deployment.

Prisma Cloud is more expensive than some other solutions, but when we consider all of its use cases, the cost averages out.

I would rate Prisma Cloud by Palo Alto Networks nine out of ten.

In terms of our location, we have different cloud service providers, such as AWS and Azure. The majority are AWS and Azure, where we have integrated Prisma Cloud. In terms of Docker and containers, we have integrated some types of labs and CI/CD parts. Therefore, we currently manage both AWS and Azure, as well as a few GCP parts, within a single console.

We have over 50 users.

Prisma Cloud requires maintenance and the OEM initially notifies us of the priority and schedule for maintenance.

We have cloud security posture management and CWPP.  We are also using Cortex, another Palo Alto product. We needed another cloud security tool to create an additional security layer on our CSPM solution. It's essential to secure our infrastructure against any zero-day attacks. 

We needed a cloud security tool to identify misconfigurations in our cloud infrastructure. We were using AWS Cloud Cover since we only had one cloud provider. We onboarded the SysTrack and were able to find the most configurations. In a short period of time, we detected the issues and got alerts.

Before we implemented Prisma Cloud, we were unable to detect misconfigurations based on the policies that we set up. Prisma has that capability. You can add custom policies, and the tool can handle the reconfiguration. 

You can also get feedback from the customer's side about custom policies that can be added on Prisma. We can see the custom policies contributed by other organizations, which has upskilled my knowledge. The primary benefit is the layer of security added to our other infrastructure. 

We started seeing the benefits immediately once the solution was fully deployed. After about a month, we could start digesting data into the tool. Then, we started enabling all the features that we secured for other organizations. After around two months, we could use the features and see the things we were unable to detect. We were able to set up remediation on the tool. Other teams like the developers and tech ops were able to get the details over Jira since it was integrated with SysTrack. 

Our development lifecycle was already prebuilt, and Prisma has absorbed it. There's nothing that Prisma doesn't cover or that isn't reported to the organization. The developers are able to see best practices for any type of resource. They secured training from the product team, and Palo Alto's developers attended it. They shared their knowledge base so we could make the right decisions about resources before making any changes to the AWS cloud.

Prisma can provide solid visibility even if your cloud infrastructure is complex. It can divide the infrastructure into different parts to give you visibility into vulnerability management, configurations, or workload protection. It doesn't matter how complex your cloud infrastructure is. Prisma can digest it and provide the right guidance.

Prisma was able to quickly integrate and onboard our account. As a fintech company, we need a cloud security tool with modules that can benefit the organization. It has a feature that gives you recurring reports for a specified period. 

The solution is handy for the team that handles the Jira tickets because it enables them to automate the tickets. We had to add them manually in the past, so Prisma has absorbed a significant chunk of their workload. It helps us to discover risks throughout the pipeline using the CWPP features. You can quickly identify a misconfiguration and resolve it. In addition to the features it adds, Prisma has helped us to solve tickets faster.

It creates an alert in under a minute. The software team receives this and notifies the owner of the resource within five minutes and resolves the issue according to the SLA. It helps us resolve zero-day cases. It would cost us a lot of money. Prisma helps us to resolve those issues promptly. 

I like Prisma's ability to integrate with other tools. We can integrate it with Jira so that when Prisma triggers an alert, it opens a ticket in Jira. That was a big selling point for the product. There's a feature called the guest custom template that allows you to trigger alerts in Jira based on the template. That can also be added as a feature on Jira.  

Prisma can work with multiple cloud types and hybrid environments. We use AWS, but Prisma also offers hybrid or multi-cloud features. You can onboard AWS, Azure, GCP, or any other cloud provider. You can do more with Prisma than basic cloud scanning. It can detect and handle misconfiguration on the local network or the cloud. 

The solution can control access and automate some tasks. For example, if any automation needs to be built on any of the API calls, we can have a consolidated page for any processes that need to use the API. You can use the APA. Once you establish console access, you can build automation and integrate it with Prisma.

The CSPM module has so many features for developing a preventative approach that you don't need to look to any others, but the IAC security module lets you store infrastructure as code securely. You can scan an IAC template from a tool like Terraform and compare it with the CSPM modules. 

I have one example of a threat that Prisma proactively prevented. In 2021, Prisma discovered and resolved a Log4J vulnerability shortly after it was introduced. 

It would be nice if Prisma Cloud merged its modules for CSPM and infrastructure as code. It would simplify the pricing and make it easier for customers to evaluate the solution because there are different modules, and you need to add it to your subscription separately. 

Overall, Prisma is continuously improving. They do feature requests by allowing the users to vote on things. If a recommendation receives enough votes, they will add it to the solution. 

We have used Prisma Cloud for two-and-a-half years

Prisma Cloud is stable. I've never experienced any downtime aside from the scheduled maintenance window. 

Prisma Cloud is scalable. You can add a hundred master accounts more than on the SysTrack Lab.

I rate Palo Alto support nine out of 10. Their product team has been helpful. I just had a conversation with them. They answer all my questions even if it's after hours. When you send them a message, you get a response in a minute or two. 

Positive

We had previously used PingSafe. I feel like switching to Prisma was the right decision. PingSafe lacked multiple features that Prisma has. After we did our PoC with Prisma, we found that these features added value to our cloud infrastructure security. Once we switched, we noticed an improvement at the management level. We also reduced the number of data tickets that we needed to manually create.

In the first phase, we did a PoC, and the initial deployment took around a month. We worked with Palo Alto's customer success and technical teams. We worked closely with them in the first year, but after that, our deployment was highly mature, so we didn't need to bug them so much. All of the implementation steps were provided by email. Two members of our team were involved. 

Prisma is a cloud-based solution, so it requires no maintenance on our side once it's deployed. Maintenance is handled during a scheduled window, and they send us advance notification the day before.  

Prisma costs a little more than our previous solution, but it has more features. Our previous solution lacked the features we expect from a CSPM tool.

We didn't look at anything else once we learned about this product and did a PoC. And once we evaluated Prisma, we discussed it internally with our team and made the decision to book it. 

I rate Prisma Cloud nine out of 10. If you're considering Prisma, I suggest starting with a PoC. Consider all the features and go for the ones that are suitable for your organization and add value. You could adopt the solution blindly, but there are some additional costs for the add-ons.