Cortex Cloud by Palo Alto Networks Reviews

We are a Palo Alto Alliance partner and our clients are Fortune 500 companies. We utilize a multi-cloud network architecture, with the primary constraint being the inability to manage everything through a single interface. By implementing uniform guardrails, we address the issue of inconsistent security policies when using native cloud security controls. This is one of the key considerations. Additionally, we employ micro-segmentation using cloud network security modules of Prisma Cloud to minimize the attack surface for various workloads.

The primary use case that was lacking was a single pane of glass. Additionally, prior to implementing Prisma Cloud, we used to manually perform these tasks using AWS CloudFormation Templates or Azure Resource Manager Templates. However, Prisma Cloud helped us address this issue by providing a unified administration interface. One of the problems we faced was the inability to view vulnerabilities across different cloud workloads and compare risks across different platforms. These were the challenges we encountered before deploying Prisma Cloud. While we didn't completely solve all of them after implementing Prisma Cloud, we did make significant progress in that regard.

Prisma Cloud offers security scanning for various cloud environments. In some client environments, there is only a single cloud, so the fact that Prisma Cloud can scan multiple clouds doesn't make a significant difference. These clients have a limited presence in the cloud, with few workloads or resources deployed. Consequently, it doesn't provide substantial value in such cases. However, for large companies, manufacturing companies, or companies with significant IT intellectual property in the cloud, with multiple tenants and a widespread cloud presence across different regions and replication, deploying a solution like Prisma Cloud becomes necessary.

Prisma Cloud enables us to adopt a proactive approach to cloud security. It goes beyond providing visibility and monitoring capabilities by offering a wide range of auto-remediation features. It provides numerous security controls and the ability to enforce commonly configured guardrails, primarily in monitoring mode. It is a comprehensive product that caters not only to detection but also prevention.

Prisma Cloud has helped reduce the number of people required to support or manage these cloud platforms, especially in terms of security. So now, instead of needing three different individuals to manage three different clouds, it may be possible to use just one resource to handle all three clouds, particularly focusing on security. This approach facilitates resource reduction, which is especially beneficial for clients operating within tight budgets. Additionally, there's the advantage of having a single pane of glass, where we can access various informative graphs, charts, and reports. These resources assist in explaining technical matters to non-technical leadership, making it easier to articulate concepts and insights to executives and other non-technical individuals. Personally, this has been helpful for me and our organization. The benefits for clients vary depending on the size of the environment. Personally, when we started using Prisma Cloud as an offering, it took two and a half to three months, which was the rough estimate. However, back then, not all the modules that are available today existed. So those numbers might have changed if all the modules were available at that time.

Prisma Cloud offers the visibility and control we require, regardless of the complexity or distribution of our cloud environments. Since it is built on top of these existing clouds and utilizes many of the services provided by large-scale cloud platforms, there is typically no issue with visibility. Regardless of the complexity of the environment, we always achieve visibility. The way we store and analyze the data, as well as how we visualize information, depends on the operator of the tool. Prisma Cloud is a reliable tool that never fails.

Prisma Cloud enables us to integrate security into our CI/CD pipeline. We primarily use it for the container. We have integrated image scanning and registry scanning into our CI/CD pipelines, specifically Azure DevOps. The DevSecOps team is responsible for managing this process.

Prisma offers us a unified tool that safeguards all our cloud resources and applications, eliminating the need to handle and reconcile separate security and compliance reports, with the exception of billing costs and management. From a security perspective, we haven't encountered any other reports for the majority of our clients. While a few clients may have additional requirements, Prisma Cloud efficiently handles all of those as well.

Prisma has reduced runtime alerts.

Prisma has reduced the time required for alert investigation. We now have a comprehensive understanding of the entire lifecycle of where things went wrong or which part of the runtime or execution for a specific process went wrong, particularly in terms of security.

Prisma Cloud has saved us money by reducing resources. 

Cloud security posture management is the preferred feature among other vendors.

There is room for improvement on the logging and monitoring front because it's still not as holistic as I would want it to be. Especially in the sense that we have different modules within Prisma Cloud, but then the visibility that we get from the output of each of these modules cannot be stitched together. Perhaps we could deploy something like a SIEM or SOAR platform to get this telemetry. As of now, we are lacking that part. So now I'm sure that was not the primary intent for that. It would really make a difference if Palo Alto Networks improves this.

The identity-based micro-segmentation in our cloud-native services requires a significant improvement. It fails to address many of the problems that its predecessor used to solve. Previously, there was identity-based micro-segmentation, but it was phased out, reaching its end-of-life and end-of-support. Now, we have cloud network security, which lacks a crucial feature that IBM used to offer. This is something we strongly desire, as we have had multiple discussions with Palo Alto regarding this matter. I am uncertain if there is a roadmap for implementing this feature, but the cloud network security module requires a substantial upgrade.

I have never encountered any challenges regarding any modules. Occasionally, they do undergo planned maintenance outages, but those are well-communicated in advance. Therefore, I don't consider them to be challenging. Prisma Cloud is reliable, and I would rate its stability at nine out of ten.

I would rate the scalability of Prisma Cloud as an eight out of ten. The only concern lies not with Prisma itself, but rather with the existing client environment. Many clients have flawed infrastructures, making it challenging to achieve the level of optimization required to fully realize the benefits of Prisma Cloud. However, this issue cannot be attributed to Prisma.

We extensively contacted technical support because we used to experience numerous issues. However, our main purpose is to inquire about additional capabilities and make minor tweaks. The tech support provided by Palo Alto is excellent, without a doubt. This could be one of the reasons why Prisma Cloud is relatively expensive. 

We are an advanced partner, rather than an end user, which grants us easier access to technical support compared to clients. However, based on feedback from our clients, their technical support is exceptional.

Positive

The initial setup is straightforward. In the beginning, we used professional services for a couple of clients but now we do it all in-house. 

The implementation is completed in-house.

From a security standpoint, we have significantly enhanced our client's security posture by implementing Prisma Cloud. However, we still need to assess the return on investment. While we have achieved notable resource reduction, it remains uncertain whether it has yielded a better long-term ROI.

Prisma Cloud is remarkably expensive. Not everyone can afford it, without a doubt. Although we don't directly sell the product, we occasionally engage in reselling certain components, and it requires significant effort to make sales. There's no denying that it's expensive.

I evaluated Snyk, which is a competitively priced product. However, I personally am not very familiar with how it works or the benefits gained by the different clients I've worked with, as I haven't had much experience with it. I conducted a couple of use cases and found it to be quite similar to Prisma Cloud in terms of features, although the interface has a different look and feel. I have been informed that Snyk is considerably cheaper compared to Prisma Cloud.

I would rate Prisma Cloud by Palo Alto Networks a seven out of ten, primarily due to the need for improvement in identity-based micro-segmentation and cloud network security. I appreciate the potential it offers for deployment, but the new module has yet to reach a point where we can effectively reduce risks.

All the cloud environments existed before Prisma Cloud came in. I don't believe we can build many things using Prisma Cloud, except for implementing guardrails. For instance, we can secure these workloads, but it will take time for them to be fully developed. The scanners, such as the infrastructure as code scanners that Prisma Cloud can certainly check, are capable of performing static and code analysis, among other tasks. However, I don't think Prisma Cloud is designed specifically for that purpose.

Prisma offers risk clarity from a core security perspective, but it does not cover the entire pipeline. To cover the entire pipeline, we would need to utilize a SaaS or DaaS tool. Prisma Cloud cannot serve as a substitute for those tools.

I used to primarily work with cloud-native services. So, I would leverage cognitive services across all three clouds. That was my main focus initially. However, now I have started using other tools such as Snyk and various reports. Additionally, I have also recently started using CSPM. I'm not entirely familiar with all of them yet, but I have been working on them since the beginning.

No maintenance is required from our end.

In terms of use cases, we had a single client. This client belonged to the insurance sector here in India, specifically a large insurance chain. We discovered that they had migrated to a cloud environment and had some security controls in place. However, they lacked expertise in understanding the threats associated with the cloud. From a resource and organizational perspective, they didn't possess the necessary skill set to implement a comprehensive governance framework. This client operates within the insurance industry, regulated by the Insurance Regulatory and Development Authority in India, which has revised some pipelines for the current financial year. The IRDA also serves as a regulatory authority for Indian banks. As a result, the client needed to strengthen their controls, particularly those with higher significance.
Their objective was to implement a few security controls to successfully pass an upcoming audit. We recommended that they integrate Prisma into their infrastructure. This would allow them to generate reports promptly whenever required and help fine-tune existing policies or guide the infrastructure development team in implementing new ones. Prisma would scan the entire infrastructure and provide the best recommendations. It was a challenging use case in terms of implementation, as only a few clients were familiar with Prisma's capabilities. Prisma is a cloud service that enables the hosting of applications and infrastructure.

We wanted to address vulnerabilities that we identified from a logging and monitoring perspective, which is why we implemented Prisma Cloud.

If we discuss a multi-cloud environment or a multi-fleet architecture or implement it as a fleet architecture, Prisma Cloud offers comprehensive functionality. It enables us to obtain complete reports or scanning reports from the tool on an enterprise scale. However, this process takes time. Although it is completed within seconds, if we have a larger infrastructure with multiple running instances, the tool will require more time. Nevertheless, the resulting report will be accurate and provide a comprehensive perspective.

In terms of a multi-cloud environment, our observations indicate that if we implement and configure Prisma Cloud with Azure and AWS, the tool performs well. On the other hand, when performing checks on AWS and GCP, the tool exhibits better performance on AWS. It does not meet the same standards on the GCP side, but it remains accurate. Azure is compatible with AWS and shows promising results. Additionally, we are currently conducting tests on the Azure environment.

Regarding the entire infrastructure, whether it follows an SAP model, PaaS model, or a previous model based on infrastructure, our testing has yielded positive results, particularly when using the SaaS model. AWS achieves 100 percent accuracy. From larger clients to smaller ones, even within internal GCP corridors where Prisma is connected, they are effectively protected.

Prisma's security automation capabilities are straightforward. We need to ensure that we have a clear understanding of our intended automation actions before proceeding. I was engaged with a company in the oil and gas sector that utilizes AWS infrastructure. They adopted Prisma Cloud and we implemented some automation. During testing, the alerts were satisfactory. However, in subsequent attempts, vulnerabilities were detected after the automation was executed. I wouldn't describe it as difficult, but rather as tricky.

Prisma Cloud assists us in adopting a proactive approach to cloud security. It provides us with a comprehensive view of areas that require fine-tuning. This perspective encompasses not only governance and threats but also the overall security landscape.

Prisma Cloud helped us reduce manual effort by up to eighty percent. It fine-tuned policies and implemented security controls for the cloud, including threat and vulnerability management. We no longer need to manually review these aspects. However, we still receive recommendations for mitigation. Prisma Cloud suggests actions to take from a governance and security perspective. For example, if we have an open port that is not in use, it advises disabling it. Previously, I or my team would spend around ten to twelve hours a day fine-tuning Azure or AWS services by accessing different dashboards. Now, with Prisma Cloud, we can accomplish all of this through a single console. We simply log on to the Prisma Cloud console and configure the services. Prisma Cloud integrates all the services and provides us with recommendations for remediation. As a result, our effort has been reduced by eighty percent since implementing Prisma. We were able to see all the benefits within a year and a half.

Prisma Cloud provides the 100 percent visibility and control we need regardless of how complex or distributed our cloud environments become. By utilizing Prisma Cloud, we have significantly reduced our manual effort to nearly eighty posts. Having everything consolidated on a single console greatly enhances the efficiency and productivity of our team. Moreover, from both a practical and financial perspective, it is undoubtedly a more advantageous approach.

Prisma Cloud offers risk clarity in real-time throughout our CI/CD pipeline infrastructure.

Prisma Cloud has reduced runtime alerts. I have only seen two alerts.

Prisma Cloud has reduced alert investigation times.

Prisma Cloud has saved our larger clients around $100,000 per month.

Prisma needs to regularly update itself because there are regulatory compliance requirements that have already been published, yet they have not been integrated into Prisma. This poses a challenge as we have to manually address these issues in our use cases.

We have discovered that Prisma is not functioning properly with GCP. I am unsure if this is due to the security policies being implemented by Google. There are restrictions in place, but from a GCP perspective, the security scanning is quite limited.

The deployment is a tricky task as it requires thorough configuration checks. There was a scenario where we discovered that the deployment had already been completed. However, during integration, we encountered a configuration issue. As a result, the logs from the cloud area were transformed into incidents, resembling an actual security breach. This caused concern among my team, and we were under the impression that an attack had occurred.

Palo Alto offers a different product, and they have introduced Prisma Cloud for a specific purpose, particularly for individuals who are new to the technology. The idea is, for example, to provide a single platform for accessing various Over-the-Top platforms for watching web series or movies. Instead of purchasing multiple OTT platforms, the concept is to offer one comprehensive platform. By paying for a single platform, users can obtain a subscription for services like Netflix or Amazon Prime, without having to spend thousands of dollars individually. Prisma Cloud follows a similar approach, which is perfectly acceptable. Consider the scenario where a client, using Microsoft or Azure environment, desires to use a third-party tool instead of investing in Microsoft Defender. In this case, Prisma Cloud comes into play. However, at some point, they may realize the need for Microsoft Defender as well, which would cost them a significant amount of fifty thousand dollars. To avoid such expenses, the idea of offering a complete package to the client arises. 

This complete package enables the client to use a single tool for scanning, obtaining reports and even automating the fine-tuning process. Consequently, the client can invest fifty thousand dollars to obtain the complete package, rather than searching for and purchasing three separate products, which would cost a significant amount of dollars. The complete package offers the same functionalities at half the price. From a product perspective, it is crucial to integrate certain services that assist clients in deciding to invest in Prisma Cloud. In the Indian market, where we have observed our clients, there is a lack of awareness regarding Prisma Cloud and its functionality. Clients are primarily concerned with whether Prisma Cloud can simply scan their products and provide recommendations. They question whether they can perform these tasks manually or use cloud-native services. This perspective influences the clients' decision-making process.

I have been using Prisma Cloud by Palo Alto Networks for two years.

The stability of Prisma Cloud depends on how the infrastructure has been configured specifically for that tool, taking into account the load and architecture of our infrastructure. The tool responds well in small-scale infrastructures, functioning perfectly without any issues. However, in larger environments, I have not encountered any crashing or lagging problems but the time it takes to scan the infrastructure varies depending on its size. 

Prisma Cloud is 100 percent scalable.

I contacted technical support during deployment because we encountered some challenges. The support was excellent, and the conversation went well. It was crucial to address the issues promptly because the entire infrastructure was at stake due to its complexities. We were uncertain about the potential impact of deploying a new tool in the infrastructure. Unfortunately, we faced some issues at one point, but they were resolved within the designated timeframe.

Neutral

As an organization, we possess certain tools, some of which have been developed in-house. However, it is important to note that no tool can be entirely relied upon, as perfection is unattainable. Some abnormalities have arisen and subsequently been addressed. Our main focus in the previous year was on utilizing cloud-native tools. We are now using Prisma Cloud and also looking at Citrix.

The initial setup took some time. It was not straightforward. For a few of the clients we have implemented, it will be straightforward. However, in our organization, it conflicts because we have certain lines of business and restrictions, so it took a bit longer. The deployment took around one month and required 15 people.

In general, Prisma Cloud is much cheaper than cloud-native services.

We are having conversations with Citrix to evaluate their solution.

I rate Prisma Cloud by Palo Alto Networks a nine out of ten.

We are the aligned partner for Prisma. We recommend the same tool to our clients, and the entire team is actively involved in training on the Prisma Cloud. In my interactions with various clients and stakeholders, I have noticed that some of them are not familiar with Prisma. However, they prioritize security and want to secure their cloud infrastructure. While some clients may not have the capability to use cloud-native tools, based on my observations, most of them are gradually transitioning to the cloud infrastructure and showing interest in the Prisma Cloud.

From a cloud security standpoint, and specifically as an organization, we are not bound by any specific domain. Our focus lies in securing the infrastructure from the client's perspective. For instance, consider a client who is new to the cloud and has migrated their infrastructure. If we do not have any governance measures in place for this scenario, our recommendation would be to opt for the comprehensive package offered by Prisma Cloud. This ensures that in the future or upcoming days, the client won't need to explore numerous other modules. However, it is worth noting that some clients may prefer to use separate modules. In general, we tailor our governance, security, and threat detection solutions to meet the specific requirements of each client. Internally, we provide a complete package.

In the current scenario, where my team is performing the migration for Prisma Cloud or the deployment area, we haven't yet tested the tool. We are planning to proceed with that testing. However, based on our discussions with the Prisma partner, they will integrate some functionalities because, in the DevOps environment, we haven't achieved the expected results. I wouldn't claim it's a hundred percent comprehensive, but based on our discussions and experiences so far, it's still a work in progress. We have conducted two tests, but the results haven't met our expectations.

From a DevOps standpoint, the CI/CD pipeline is still undergoing testing. I'm unsure about the time it will take, but initially, we are testing what we have learned from a CI/CD standpoint and a DevOps standpoint. We are currently investigating the best course of action and how we can integrate effectively. In some of our engagements, clients are requesting the integration of Prisma Cloud to optimize their DevOps area when deploying. However, currently, from a KPM perspective, this task is still manual. From a development standpoint, it will require time. It won't be accomplished in a single day or month, but rather, it will take time. This is because the configuration is still in progress. Moreover, from a security perspective, there are certain areas where we are uncertain. For instance, when considering GCP, it presents a gray area where we have been unable to identify any solutions from Prisma's standpoint. However, we need to determine how to effectively integrate the GCP infrastructure within the field.

Prisma Cloud can scan and monitor, depending on how it is configured. It can also trigger alerts, but it cannot stop an attack.

Prisma Cloud is maintained by Palo Alto.

Prisma Cloud will undoubtedly assist organizations in comprehending their infrastructure and identifying areas of uncertainty. The solution will streamline and minimize manual efforts. Users can obtain the comprehensive report with a single click, eliminating the need to access various services to retrieve logs. I highly recommend Prisma Cloud as it is cost-effective, and user-friendly, although its configuration can be a bit challenging.

We specialize in all Palo Alto modules, including visibility, compliance, governance, threat detection, data security, and hub security. Our comprehensive suite of services covers all aspects of these modules. We leverage the SaaS security product for advanced threat detection, and for all-encompassing monitoring, we utilize Cortex XDR from Palo Alto.

Many customers store sensitive data in on-premises data centers and require robust security measures. Prisma Access licenses can protect internal networks, but some customers prefer avoiding internet exposure. To address this, we offer gateways that create a secure environment for internet access. With the rise of remote work, we provide VPN connections, such as GlobalProtect, for secure access to both internal and external resources. Customers can deploy multiple gateways in different regions to meet their needs. Traffic flow typically involves a VPN connection to a gateway, followed by routing through internal service connections and potentially a data center firewall before reaching the desired resource. For external access, traffic is routed directly to the internet through the VPN.

Prisma Cloud offers comprehensive security across multi and hybrid cloud environments. For instance, our ADEM tool, considered industry-leading, requires installation on user machines to enable continuous monitoring of all ADEM-equipped users. This includes detecting anomalous activity outside the corporate network and tracking user online time, providing valuable insights into network usage.

Security automation and EA Ops significantly reduce manual configuration and management tasks compared to previous methods, saving valuable time. Now, we only need to configure a few minor details rather than handling everything. For instance, with service connections and gateways, we don't have to manage multiple VPN gateways; Palo Alto is managed on the backend. Our primary responsibility will be monitoring after initial tunnel creation. We've preconfigured connections to on-premises firewalls, whether third-party or Palo Alto, eliminating manual configuration. Automation is in place, and we'll only need to purchase licenses. The autonomous system further enhances automation for all processes.

Intune security automation has significantly reduced our costs, making us more financially efficient making us more financially efficient. Automation is now highly valued as it eliminates the need for engineers to configure and manage systems manually. With AI-driven automation, we can effectively monitor configurations through a dashboard, providing a complete overview. This automation simplifies tasks like creating BGP connections, which previously required complex CLI commands. Prisma Access Palo Alto's GUI interface automates tenant creation with minimal input. Integrating Prisma MDM and Palo Alto device deployment further streamlines the process, reducing manual intervention. Overall, this automation saves money and frees up engineer resources by eliminating time-consuming configuration tasks.

Palo Alto Networks is a global leader in cybersecurity, providing top-tier protection to its customer base of over 90,000. Traditionally, customers relied on on-premise hardware firewalls, but the shift towards cloud-based solutions has driven a demand for more flexible and cost-effective security options. In response, Palo Alto Networks offers cloud security solutions that leverage its existing global device infrastructure. Customers only need to purchase licenses to activate cloud security features, tailoring protection to their specific needs for internal, external, or network environments. For customers seeking complete independence, Palo Alto Networks also provides interconnect licenses that eliminate the need for a service connection.

Customers do not directly purchase Palo Alto products or deploy them into production. Our professional engineers provide a lab environment for customers to test any desired Palo Alto services, from essential Prisma Access to advanced cybersecurity solutions like SaaS security and Cortex XDR. Once customers are satisfied with the lab environment, they can deploy the chosen products into production. If they encounter any issues during deployment or operation, the support team promptly addresses them.

I have resolved numerous customer issues, closing over 400 or 500 cases globally. While many cases can be resolved within a week, some complex issues may take up to a month. Palo Alto Networks aims to provide timely support for all customer issues, regardless of severity. When a customer encounters a VPN connection problem, they can create a case with varying priority levels. Critical cases are assigned to engineers immediately, with hourly updates provided to the customer. If the issue persists, the case is escalated to senior resources. Prisma, a relatively new platform, is constantly being monitored for bugs. Any issues identified are addressed promptly and communicated to customers. Our goal is to deliver exceptional support services.

Prisma Cloud offers complete visibility across our entire environment, from end users to the data center. We'll have full control and oversight within a single unified portal, eliminating the need to juggle multiple platforms as often required by other solutions. Prisma Cloud provides dedicated applications for various functions, such as SaaS security, threat and vulnerability management, cloud identity engine, and log analysis. These applications work seamlessly together, automatically connecting through APIs once deployed and licensed. For configuration management, the Strata Cloud Manager handles Prisma Access and Prisma SD-WAN. This centralized approach allows us to efficiently manage multiple aspects of our security infrastructure within a single platform.

Prisma Cloud offers SaaS security and data loss prevention as separate features requiring additional licensing. Both can be managed through a single portal. For threat prevention, they provide Cortex XDR, a recent cybersecurity offering from Palo Alto. When combined, we have a single tool to protect all of our cloud resources and applications.

Prisma Cloud helps reduce the number of runtime alerts. Users will only receive live alerts generated when Prisma detects an issue within the environment. For instance, if Prisma Access observes an attack, it will generate a live alert visible in the startup cloud manager's dashboard.

Prisma Cloud effectively reduces the overall number of alerts by prioritizing them into categories: critical, high, medium, low, and informational. Less critical warnings are consolidated into the informational category, minimizing alert fatigue. Critical alerts persist until resolved, and recurring issues can be configured to trigger email notifications for proactive monitoring, ensuring timely attention even when engineers are unavailable.

Prisma Cloud offers significant cost savings for customers. Previously, customers managed multiple firewalls, including internal and external devices. With Prisma Access, this complex management is eliminated, as Palo Alto handles firewall management. Customers configure and purchase a license to access gateways for end-user connections. This eliminates the need to purchase expensive individual firewalls, which can cost billions. While customers retain visibility through a provided portal to monitor traffic, the primary benefit is the streamlined management and cost reduction achieved through Prisma Cloud.

Visibility and control are valuable features. Customers desire complete oversight to monitor resource access, both internal and external, and verify user activity. ADEM, a purchasable license, enhances network visibility by tracking traffic patterns and identifying potential threats through a dashboard. Our Strata Cloud Manager platform unifies Prisma access and cloud management, while also accommodating next-generation firewall administration. The dashboard provides in-depth visibility into threats and vulnerabilities.

Prisma Cloud's most valuable feature is its user identification capabilities. By integrating with Active Directory or LDAP servers, it efficiently manages user access to cloud resources. Previously, determining user access required multiple hops through internal resources, consuming significant bandwidth. Prisma Cloud's Cloud Identity Engine directly connects to identity providers, streamlining user authentication and authorization. This improves performance and security by eliminating the need to constantly query Active Directory. Additionally, Prisma Cloud offers full visibility into network threats and vulnerabilities through a unified dashboard, reducing the need for multiple tools and licenses. This centralized approach enhances threat detection, response, and overall security posture.

The speed at which Palo Alto resolves bugs should be improved to prevent customers from experiencing issues while waiting for resolutions.

Palo Alto Prisma Cloud is relatively new, with only three years of history. While the documentation continually improves, it still has limitations compared to the extensive resources available for older products like hardware firewalls, which have been around for approximately 20 years. Despite these shortcomings, Prisma Cloud's documentation is growing, and knowledge base articles can be helpful for troubleshooting issues.

I have been using Prisma Cloud for two years.

The quality of technical support varies depending on the issue a customer faces. High-priority cases demand immediate attention and daily follow-up to prevent customer frustration. I have resolved hundreds of Palo Alto cases, including critical ones. These cases require engineers to provide half-hourly updates and expedite troubleshooting. A recent critical case involved a customer migrating Panorama configuration and experiencing Prisma Access account verification issues. The initial engineer engaged with Prisma Access but encountered licensing problems. I escalated the case, collaborating with licensing and engineering teams to resolve the API-related issue and restore service. While such cases are time-consuming due to limited resources, a global team of engineers can address troubleshooting needs.

Positive

The initial deployment was smooth due to excellent support from Palo Alto's professional services engineer. They provided a clear overview of our deployment needs, considering the customer's two branches and primarily remote workforce. We determined six VPN gateway connections were required, two in the US, India, and Europe, and two branch office connections. Palo Alto created a lab environment, presented the network topology, and demonstrated traffic flow. Additionally, they introduced the split tunneling feature, allowing specific traffic like Google search to bypass Prisma Access and access the internet directly. Overall, the top-tier engineers at Palo Alto delivered exceptional customer service and ensured a seamless implementation.

I would rate Prisma Cloud nine out of ten. I am deducting a point because of the limited documentation.

I use Prisma Cloud for one of my clients to provide Cloud Workload Protection Platform, Cloud Security Posture Management, and Identity and User Controls services.

Prisma Cloud is the tool of choice for my client's container security and infrastructure-as-code security, including cloud security posture management.

We implemented Prisma Cloud primarily for its code-to-cloud feature. Recognizing the industry's emphasis on automated resource deployment, we developed a Terraform script to deploy resources on the Azure platform. We aim to maintain full security monitoring from the initial code to the cloud environment. By proactively identifying and addressing high-critical vulnerabilities in container images during the build process and enforcing compliance standards within Terraform scripts through policy-driven pipelines, Prisma Cloud helps us mitigate risks and ensure the security of our cloud infrastructure.

Prisma Cloud offers full integration with all major cloud platforms, making it a versatile choice for multi-cloud environments. I've successfully implemented it for both GCP and Azure, which provides consistent security coverage across both platforms. Its streamlined onboarding process for subscription or tenant-level agentless scanning and discovery is highly efficient. The platform's cloud discovery feature also offers valuable, cost-free, enhanced data for robust reporting. This, combined with informative labels, simplifies report generation at the product level, especially in organizations utilizing microservices and namespaces for application management. These capabilities make Prisma Cloud a vital asset for managing complex cloud infrastructures.

Prisma Cloud seamlessly integrates with popular DevOps tools like GitHub and Azure DevOps, which we commonly use for our clients. Automation is straightforward: incorporate a block into your workflow or pipeline to initiate scanning and other processes. Additionally, cloud account onboarding requires only adding a service as a key. This streamlined approach facilitates automated security guardrail implementation, eliminating the need for manual vulnerability remediation. Instead, scans are run directly within the pipeline, and critical vulnerabilities are flagged for immediate attention, enhancing overall security efficiency.

Shifting security left by ensuring only sanitized images are pushed to production for container use requires a dedicated team for twelve months to address all image vulnerabilities. Prisma Cloud automation significantly accelerates this process by remediating vulnerabilities automatically.

Prisma Cloud enhances visibility for our clients, enabling them to adopt a zero-trust model with monitoring at all entry and exit points. This full approach, coupled with a robust SOAR solution, effectively manages alerts from various tools and facilitates timely remediation efforts. The platform seamlessly integrates cloud security, application security, and threat detection, providing our client a unified view of their security posture.

Prisma Cloud offers comprehensive security across the entire cloud-native development lifecycle, covering all stages from code creation to cloud deployment, including the build, run, and deploy phases. Essentially, it provides security protection for every critical step within the development and production process.

Prisma Cloud offers a consolidated tool for cloud security, effectively covering CSPM, CNAP, CWPP, and ISE components. While their AppSec capabilities are still under development, I anticipate a comprehensive solution in the near future. Although Prisma Cloud is a strong standalone option, integrating a SOAR tool from another provider might be necessary for a truly end-to-end solution.

Prisma Cloud has proven effective in reducing runtime alerts by up to 20 percent, a significant benefit for our clients. While they are still verifying our adherence to proper procedures for this new solution, it's worth noting that Prisma Cloud offers a comprehensive set of policies, including those for detecting crypto mining and other threats.

Prisma Cloud is currently the market leader in runtime protection, enhanced by its ownership of Syslog and seamless integration. Its exceptional container security capabilities and an unmatched ability to address the MITRE ATT&CK framework distinguish it from other tools. This full suite of features positions Prisma Cloud as the optimal solution for our needs.

Prisma Cloud offers robust runtime scanning capabilities, which is beneficial for security teams. However, deploying additional security tools within existing infrastructure can be challenging due to resource consumption, potentially leading to application performance issues. Prisma Cloud's advantage lies in its minimal resource usage as it runs from ports, making it easier to convince stakeholders to implement runtime security measures and ensure ongoing application protection in production environments.

Prisma Cloud's security auditing capabilities are under development. Enterprise reporting could be improved, as the current data is insufficient for developers' needs, resulting in excessive noise. The platform currently lacks status information for deferred image vulnerabilities, such as specifying the version of an image vulnerability in reports. This functionality is being developed. Additionally, separating OS-level and application-level vulnerabilities is necessary to accommodate organizations focusing solely on cloud security. Prisma Cloud is already working on this feature.

Prisma Cloud's enterprise reporting needs significant improvement. We have already discussed this issue with them. The current reports are excessively noisy, making it impractical for developers to address the vast number of reported vulnerabilities. To streamline the process, we require a clear distinction between vulnerabilities originating from the application and those stemming from base images. While developers should address application vulnerabilities, base image issues necessitate using third-party base images and regular updates. Many organizations already have dedicated application security tools, so duplicating efforts is undesirable. A self-service portal allowing developers to onboard their own repositories would alleviate the need for admin intervention. Additionally, Prisma Cloud should provide a mechanism to defer vulnerabilities without known fixes, improving report clarity.

I have been using Prisma Cloud by Palo Alto Networks for two and a half years.

I would rate the stability of Prisma Cloud seven out of ten. It has room for improvement.

Prisma Cloud is scalable. I would rate the scalability eight out of ten.

The technical support is good.

Positive

All Prisma Cloud deployments are straightforward due to the comprehensive and improved documentation. Following the steps outlined, the tenant can be onboarded, and scanning can be initiated within approximately two days.

Prisma Cloud is cost-efficient, but the credits are on the higher end.

Prisma Cloud is the market leader in container security. While Microsoft Defender for Cloud also offers container security features, our comparison of Wiz, Defender for Cloud, and Prisma Cloud revealed that Wiz lacks enforcement capabilities, preventing us from blocking or denying actions. Additionally, Defender for Cloud's pricing model, based on virtual CPUs, becomes prohibitively expensive for container clusters, which often have thousands of them. Prisma Cloud's cost-effective, credit-based pricing and robust enforcement capabilities make it the right choice for our needs.

I would rate Prisma Cloud by Palo Alto Networks seven out of ten.

I would not consider time to remediate a capability as it's dependent on the resource owner's actions. The alert will remain unresolved until they address the misconfiguration on machines X, Y, or Z. This is not solely a tool limitation; At the same time, full auto-remediation is an organizational goal, often hindered by specific needs and customizations. Consequently, without complete auto-remediation, achieving desired service-level agreements is challenging.

Our client is a medium retail enterprise business.

I work for a monetary provider and handle around five customers. We mostly use Prisma Cloud for CSPN, but we have a banking customer using CWPP. 

Apart from those two use cases, the other customers are not interested in Prisma Cloud's other functionalities because they're green and already have other solutions with partners that they say are more mature. We have not implemented them in the customers' production environment, but we have toyed around with proofs of concept.

My organization is not primarily a customer. We don't use it a lot because we're a security company that mainly provides customers with solutions using this. That said, visibility is the most significant benefit for our clients because some are so large that they're unaware of what they have. 

They don't have adequate governance over expenses, security, and the parts of the network that are communicating. Prisma Cloud gives them reports that will provide instant insight into what's there. A new feature creates a visual map of networks and communications in the discovery part. It's excellent because you can instantly visualize everything. That's one feature that all the customers appreciate.

It performs well in complicated cloud environments. You only need to add your cloud account credentials. Most of the time, Palo Alto recommends using a full admin account for a service account accessing the tool. The tool works just as well, regardless of the company size. That's one of Prisma's biggest strengths. No matter how big you are, the tool can see everything.

Prisma Cloud can scan any cloud provider. We currently use Prisma on GCP, Amazon, Azure, and Alibaba. We also have Oracle, but I haven't used it for Oracle yet. This is crucial because some customers aren't proficient in managing multiple cloud environments. They only need to go to Prisma Cloud and see what they have because the team managing security is not the same one developing the solutions. 

Prisma offers a single pane of glass that lets you do most of what you want in one place. It's not only configurations but also knowing what you have, and your assets are doing. That's the main selling point of Prisma Cloud. It provides you with visualized reports, whether it's in the cloud, live serverless, containers, etc. 

I haven't toyed with CAB personally, but I think you can do that because you can scan images and deployments. I wouldn't say it gives you a lot of value in that regard because most of the CI/CD issues are application-level problems that Prisma Cloud or any other tool wouldn't help you with. Regarding security, you can deploy agents during the integration deployment and gain complete visibility with total memorability that you might introduce in the pipeline. Still, I think it will be a tiny part of the pipeline.

You will not see the problem if you're running an OGs application. While the developers can pinpoint the issue with the information provided, it will never relate to a piece of code and solve it. No tool can tell you exactly which part of the application is the problem, but a tool can identify which process has a vulnerability. Apart from that, many developers have issues finding the root cause of the vulnerability. When it's a library-related vulnerability, the TVD tells you to use another library or play the library. When your own code has the vulnerability, it's hard to pinpoint that.

Prisma provides a lot of information. You can see real-time alerts and forward them to JIRA or whatever tool you use with API or TVD. It also offers anomaly detection. If an administrator is logging in at weird times and doing strange functions, this tool can notify you about them. The anomaly detection is a correlation engine. You seldom get false positives. When it is a false positive, it's something you would expect. The only times I got a false positive were when the administrator forgot the password and tried logging in 50 times. At that point, they just need to contact support and change the password. 

Prisma has massively reduced our alert investigation times. It's 50 times quicker. Without this tool, we must dig up AWS logs, and the format isn't too accessible. The difference between using this tool to investigate an issue compared to a cloud-native solution is two hours versus two minutes. Digging up two logs using Ctrl-left is not the best approach, and it's the only approach cloud providers give you. 

The solution saved us because it helps us turn off idle machines. Most are machines we have turned on, and we didn't know what they do, but we didn't want to turn them off. Prisma Cloud lets you see the communication flows and the asset's actions on the communication map. If you see a device not communicating, it's easier to investigate what it's doing. Sometimes, it's a device generating reports at a particular time. You can schedule it to turn off when it's not active to save money. You also save money by spending less time solving your issues.

Doing cloud compliance without this tool would be impossible because cloud solutions are huge and highly complex. SOS compliance requires that you provide reports in under 24 hours. That's not possible without an automated tool like Prisma Cloud and the CSPN module. You would need to purchase Prisma or a competitor. It helps a lot because some customers have weird compliance requirements, and you can do it all on Prisma Cloud.

You can create custom compliance configurations according to your customer's needs and set Prisma up to provide the reports every 24 hours. In fact, you can do reports in 10-minute intervals or in real time. The client can access the dashboard and see if they're compliant. C-level executives in any company love that. 

The most valuable features are the alerts and auto-remediation because it allows us a lot of flexibility to customize and do functions the Palo Alto team never intended. We faced some challenges with certificates because we also have next-gen firewalls. We would like to equip all the traffic because there have been many cases in which the developers have made mistakes. Deploying certificates on virtual machines can be complex in a development environment, but we managed to do that with Prisma Cloud.

Prisma performs well in a fully cloud-native stack if you run several layers and Kubernetes. It's not so smooth if you migrate VMs into the cloud. Some customers try to do that with Prisma Cloud, but it's not compatible with Windows Server. However, you can deploy serverless containers without issue. You must deploy personal cloud agents into the virtual machines. The agents are called defenders. That module is excellent because you can see communications and vulnerabilities across your environment. It can also scan for malware. It tries to do many tasks at once, say the value it provides is the ability to see communications between devices.

The agent can block the traffic trying to exploit the vulnerability, but it can't fix the problem. That's on the application level. Most of the time, you give the application development team the vulnerability report, and they fix the issue, but Prisma protects you in the meantime. You can sleep well knowing that the agent is blocking the malicious traffic.

They recently added a module called Code Security that enables you to scan repositories or infrastructure as code. You can see concept errors like CSPN problems before the deployment. In tab use cases, it's excellent because you can see if there are misconfigurations in Terraform without having to deploy the instance or whatever you are deploying. That can save you money because sometimes people are deploying machines with problems that are easily fixable. It also improves security because you can fix a vulnerability before you have it with Cloud Security, but that's a rather new solution.

The IMD feature could be improved, but Palo Alto is working on that. It's a relatively new module that attempts to identify unnecessary permissions. Prisma Cloud is a platform that adds new modules whenever Palo Alto acquires a company or develops a new solution. The development team is trying to add new features. It also has Click Code Security for infrastructure security, but it doesn't add much value unless your DevOps team is really junior.

While Prisma provides a lot of visibility, it also creates a ton of work. Most customers that implement Prisma Cloud have thousands of alerts that are urgent. It creates a high workload initially. Apart from that, it solves the problems you have. Palo Alto says that 99 percent of breaches come from misconfiguration. I have seen that first hand. I think the fewest alerts a customer had was around 100 still, but they used another tool for that, so that saves a lot.

I have been working with Prisma Cloud for about 15 months.

Prisma's stability is close to 100 percent because it's just a dashboard that connects to your public cloud. It's essentially a website that never goes down, and you could also host it locally if your security requires it. Most of the customers use the Prisma Cloud platform. If it goes down for any reason, the security agents work independently of Prisma Cloud. You send logs to Prisma Cloud and update the configurations via the cloud. However, if the platform goes offline, you still have top-notch security.

As long as you purchase credits, Prisma Cloud is easy to scale.

I have never contacted Palo Alto support because our team is highly proficient in the solution and the platform is easy to use. You deploy the agents, and it just works. 

It's straightforward to deploy the solution because it's cloud-based, so you just set up an account, username, and password. If you think about it, the Prisma Cloud tool does not do much, but what it does is valuable. It does something simple on a scale that human beings could not do. 

Based on my own experience, I would I rate Prisma Cloud a ten out of ten. However, I haven't compared it with other solutions, so maybe other solutions have more features that Prisma is lacking. My advice is to implement Prisma if it has the features you want but also shop around because I'm sure other solutions are just as good as this one.

We use the compliance and vulnerability management modules. We are a bank and have certain controls in place. My business unit is cloud-only, and we need to enforce controls, and for audit purposes, we need to collect evidence of control enforcement. We have a number of controls around cloud resources. We configure Prisma to enforce those controls pretty automatically. Prisma generates evidence of the controls that we can present to auditors when we are audited. If we didn't solve this problem, we could lose our license.

It's hard for me to say how Prisma has improved our organization because it was implemented before I joined. But given the number of security controls that have been automated with Prisma, we have managed to achieve a fair amount of manual cost reduction for our control testers. And the automation and integration capabilities of Prisma have allowed us to save a lot of engineer time on evidence. Without Prisma, we would have to do all these things manually. Overall, it results in a huge FTE reduction.

With the number of controls that need to be tested, we would be talking about a team of around 100 people. With the Australian salaries, Prisma is probably saving us $1,000,000 to $2,000,000 a year.

The framework to configure controls is pretty good; it's pretty sophisticated. We can implement a fair amount of testing for a fair number of controls.

It's vulnerability management is quite good, and its integration functionality is something that we have found to be pretty capable.

We also use Twistlock for container security, which is good.

And Prisma Cloud's security automation capabilities are quite good. We use the periodic scanners, and we feed Prisma filings into our control evidence management system. They tick all the boxes for us.

One thing that is missing is Cloud Run runtime security—serverless. That would be great to have in the tool. It's not that easy to have Cloud Run in specific environments.

We have also found that Google Security Command Center has a little bit better coverage for GCP because it's native. That's why we pay for both tools. But ideally, we should only need one tool. Prisma Cloud's coverage of GCP is okay, but a little better coverage would be better.

Our cloud environment is complex, and Prisma doesn't cover all aspects of it. We don't rely on Prisma for any kind of security discovery. We just rely on it as a control-test and automation tool.

We get a few alerts in Prisma, and it allows us to trace any violations back to the source. It's a pretty straightforward interface.

Another thing that we have found useful with Prisma is its Jira integration. When our integration finds a new alert, it creates a ticket in Jira, so it's fully visible and tracked, appearing in all the dashboards.

I joined this branch of the bank six months ago, and Prisma is my portfolio now.

It's stable enough. I can't remember any outages of Prisma Cloud.

It's a SaaS service and is licensed both for our team and for the enterprise. On our side, there are 1,000-plus user licenses. We have five or six integration points, so in that regard, it's not humongous.

We are growing extremely quickly, and Prisma Cloud provides all the required services without any need for us to do anything to scale. It's pretty elastic. We'll probably grow by 10 times in the next couple of years. So far, I don't have any doubts that Prisma will support us.

I've never dealt with their technical support. Prisma Cloud just works.

Our bank itself is huge and uses all sorts of solutions. My business unit is quite young, it's only three years old, and I don't think there were any solutions in this space.

Deploying it was pretty straightforward compared to other tools. We implemented a fair number of compliance rules pretty quickly. I recently participated in some integration activities, and integration-wise, it was very straightforward.

As for maintenance on our side, there really isn't any. We periodically need to review the controls being tested and the control automation, to make sure that they're aligned with changes in the controls. Other than that, it's pretty maintenance-free.

We have managed to save a fair amount of money and effort in hiring manual testers. That's what automation does for us.

I wouldn't mind if it were cheaper. We are spending a fair amount of money on Prisma Cloud. It's probably okay, but, funnily enough, banks don't have money. Periodically, we have cycles of cost-cutting, so if we could save on Prisma Cloud, that would be great.

We don't use Prisma for build and deploy, we use another set of tools. Right now, we are doing our internal due diligence to figure out if we can replace all of those with a single tool, whether it's Prisma or any other tool. We don't know at the moment.

It's very hard to attribute any kind of runtime alert reduction to Prisma Cloud as we use a whole zoo of tools. Prisma is just one piece of the puzzle. We don't have too many runtime alerts thanks to the joint work between our build tools, deployment prevention security tools, and Prisma.

While it's a good tool, you need to be mindful of serverless because serverless runtime security is tricky and, unfortunately, Prisma doesn't do too much there. Other than that, it's a good tool.

Prisma Cloud by Palo Alto Networks is a comprehensive cloud security platform that encompasses vulnerability management, container management, Kubernetes management, and serverless management. It utilizes modules, such as Cloud Workload Protection, to provide comprehensive cloud security. Before deploying any applications, Prisma Cloud performs cloud scans to identify and address vulnerabilities, minimizing potential threats. The solution provides visibility into our cloud environment, enabling us to effectively manage and monitor our infrastructure. This capability is particularly valuable in the financial industry, where hybrid multi-cloud environments are prevalent.

We use all the modules Prisma Cloud offers.

Prisma Cloud offers security scanning for multi-cloud and hybrid cloud environments. This is crucial because managing multiple cloud accounts, such as AWS, GCP, and Azure, typically necessitates accessing each account individually to view the inventories of assets and services. Prisma Cloud eliminates this inconvenience by consolidating all of this information into a single unified interface, providing a comprehensive overview.

The comprehensiveness enhances threat protection by providing integrated and out-of-the-box policies, along with all the necessary components, to effectively secure cloud environments and achieve comprehensive visibility through Prisma's capabilities.

The security automation capabilities of Prisma Cloud are effective. We can automatically remediate some of the alerts using predefined policies. We utilize Defender to detect vulnerabilities in our containers, AKS, and GKE environments.

Prisma Cloud has benefited our organization in so many ways that we can't count them all on our fingers. The Cloud Security Posture Management module of Prisma provides a wide range of capabilities, including visibility, governance, compliance, auto-remediation, integration with hybrid cloud environments, vulnerability reporting, and blocking capabilities. It also offers compliance reports, integration with third-party tools for vulnerability and alert notifications, and Cloud Workload Protection capabilities for blocking, alerting, and specifying affected containers or servers. Additionally, it provides visibility into code security by monitoring the Infrastructure as a Code environment for unauthorized users.

It enables a proactive approach to cloud security, allowing us to prevent vulnerabilities, threats, and complications arising in cloud or hybrid cloud environments. We can easily investigate and obtain comprehensive reports.

We spent the first five months after implementing Prisma Cloud familiarizing ourselves with the solution and completing the training sessions provided by Palo Alto. During this time, we began to see the benefits that Prisma Cloud offered our organization.

Prisma Cloud works with the CIB. Therefore, when we build and deploy something, we can incorporate a Prisma scan, which assists us in scanning the images and gaining insights into the state of our environment. It provides us with comprehensive visibility and raises alerts or triggers notifications to inform us of any missing elements or potential issues. This is how Prisma can contribute to the build and deploy phases.

It provides deep visibility and control regardless of how complex our cloud environment becomes.

Prisma Cloud enables us to integrate security into our CI/CD pipeline and it provides us with a single tool to protect all of our cloud resources.

Prisma Cloud provides run-time risk clarity throughout the entire pipeline, revealing issues as they arise. This enables us to effectively block vulnerabilities and rectify identified problems.

We have reduced run-time alerts. The run-time protection has helped many of our clients protect their environments.

Prisma Cloud has significantly reduced our investigation time. The clear visibility it provides into our environment and the process flow has streamlined our investigations. Additionally, using Prisma to investigate issues rather than directly accessing our cloud accounts saves valuable time.

The most valuable features of Prisma Cloud are its cloud security posture management and cloud workload protection capabilities. Integrating Prisma Cloud with our cloud service providers provides a comprehensive view of our multiple cloud environments through a single dashboard. This enhanced visibility improves vulnerability management and compliance. With CWP, we can gain complete visibility into all workloads within our environment.

We are encountering issues with the new permissions required for AWS integration with Prisma. Specifically, we need a mechanism to automatically identify and integrate the missing configuration permissions that are introduced on a biweekly or monthly basis. We have requested the Palo Alto team to develop this automation, and we are eagerly awaiting its implementation. We appreciate the efforts of the engineering team for their contributions.

I have been using Prisma Cloud by Palo Alto Networks for two years.

Prisma Cloud is a stable platform. The only downtime we experience is scheduled, and Palo Alto notifies us in advance of the scheduled outage and its duration.

I would rate the scalability of Prisma Cloud a nine out of ten. I have received positive feedback from our clients indicating that Prisma Cloud is an excellent fit for their environment.

We have repeatedly contacted technical support to address issues encountered by both ourselves and our clients. The support is helpful.

Positive

We previously used AWS GuardDuty for vulnerability management and compliance visibility, but it was not user-friendly due to the requirement to log into separate accounts to access reports.

When I first started using Prisma, I found it to be very easy to learn. Several of our engineers were already familiar with Prisma Cloud and were able to help me understand how it worked, including the UI, navigation, and integration with other tools. They also showed me how to make API calls and integrate Prisma with third-party tools. Additionally, the Prisma team was incredibly helpful whenever I contacted them for assistance. They were always willing to answer my questions and help me troubleshoot any issues I was having.

I completed the implementation myself after completing the training sessions with the Palo Alto team and attending a lab session for the Prisma Cloud deployment.

I don't have direct access to financial information, so I'm not fully aware of the overall costs. However, I do work with clients and solution teams to provide relevant solutions. I also collaborate with the research team to explain Prisma's capabilities and its comprehensive range of features. When I see the credits and other similar programs may make Prisma's licensing costs appear lower than those of competing tools, it's important to consider the overall cost when evaluating cloud security solutions. For example, when implementing cloud security measures for CSPs or CWPs, other tools may be required, potentially leading to higher overall costs than Prisma Cloud's comprehensive solution.

I would rate Prisma Cloud by Palo Alto Networks nine out of ten.

Prisma Cloud necessitates maintenance for both weekly and monthly updates.

My advice to new users and researchers is to delve into Prisma Cloud's capabilities and potential. Understanding the full scope of what it can do is crucial for new users. It's not just about visibility or the GUI; it's about the underlying work that engineers do, such as runtime protection, virus detection, and code security. New users should have a clear understanding of these capabilities. They should participate in sessions, practices, and labs to gain hands-on experience.

We primarily use Prisma Cloud as a cloud security posture management (CSPM) module. Prisma Cloud is designed to catch vulnerabilities at the config level and capture everything on a cloud workload, so we mainly use it to identify any posture management issues that we are having in our cloud workloads. We also use it as an enterprise antivirus solution, so it's a kind of endpoint security solution.

Our setup is hybrid. We use SaaS also. We mostly work in AWS but we have customers who work with GCP and Azure as well. About 60 percent of our customers use AWS, 30 percent use Azure, and the remaining 10 percent are on GCP. Prisma Cloud covers the full scope. And for XDR, we have an info technology solution that we use for the Gulf cloud. So we have the EDF solution rolled out to approximately around 500 instances right now.  

Prisma Cloud is used heavily in our all production teams. Some might not be directly using the product since our team is the service owner and we manage Prisma. Our team has around 10 members teams, and they are the primary users. From an engineering aspect, there are another 10 team members who use it basically. Those are the actual people who work hands-on with Prisma Cloud. Aside from that, there are some product teams that use Prisma indirectly. If we detect something wrong with their products, we take care of it, but I don't think they have an active account on Prisma Cloud.

Prisma Cloud has been helpful from a security operations perspective. When a new product is getting onboarded or we are creating a new product — specifically when we need to create a new peripheral— it's inevitable that there will be a kind of vulnerability due to posture management. Everything we produce goes through via CICD, and it's kind of automated. Still, there are some scenarios where we see some gaps. So we can discover where those gaps exist, like if someone left an open port or an instance got compromised. 

These kinds of situations are really crucial for us,  and Prisma Cloud handles them really well. We know ahead of time if a particular posture is bad and we have several accounts in the same posture. Prisma gives us a deep dive with statistics and metrics, so we know which accounts are doing bad in terms of posture, how many accounts are out of alignment with the policy strategy, how many are not compliant. Also, it helps us identify who might be doing something shady. 

So we get some good functionality overall in that dashboard. Their dashboard is not customizable, however, so that's a feature we'd like to say. At the same time, what they do provide on their dashboard is pretty helpful. It enables us to make the posture management more mature. We're able to protect against or eliminate some potential incidents that could have happened if we didn't have Prisma. 

Prisma Cloud is quite simple to use. The web GUI is powerful. Prisma Cloud scans the overall architecture of the AWS network to identify open ports and other vulnerabilities, then highlights them. It's really good at managing compliance. We get out-of-the-box policies for SOC 2, Fedramp, and other compliance solutions, so we do not need to tune most of the rules because they are quite compliant, useful, and don't get too many false positives. 

And in terms of Prisma Cloud's XDR solution, we do not have anything at scope at present that can give us the same in-depth visibility on the endpoint level. So if something goes bad on the endpoint, Prisma's XDR solutions can really go deep down to identify which process is doing malicious activity, what was the network connection, how many times it has been opened, and who is using that kind of solution or that kind of process. So it's a long chain and its graphical representation is also very good. We feel like we have power in our hands. We have full visibility about what is happening on an endpoint level. 

When it comes to securing new SaaS applications, Prism Cloud is good. If I had to rate it, I would say seven out of 10. It gives us really good visibility. In the cloud, if you do not know what you are working with or you do not have full visibility, you cannot protect it. It's a good solution at least to cover CSPM. We have other tools also like Qualys that take care of the vulnerability management on the A-level staff — in the operating system working staff — but when it comes to the configuration level, Prisma is the best fit for us. 

Prisma Cloud's dashboards should be customizable. That's very important. Other similar solutions are more elastic so you have the power to create customized dashboards. In Prisma Cloud, you cannot do that. Prisma also should allow users to fully automate the workflow of an identified set. Right now, it can give us a hint about what has happened and there is an option to remediate that, but for some reason, that doesn't work. 

Another pain point is integration with ticketing solutions. We need bidirectional integration of Prisma Cloud and our ticketing tool. Currently, we only have one-way integration. When an alert appears in Prisma Cloud, it shows up in our ticketing tool as well. But if someone closes that ticket in our ticketing tool, that alert doesn't resolve in Prisma Cloud. We have to do it manually each time, which is a waste of time. 

 I am not sure how much Prisma Cloud protects against zero-day threats. Those kinds of threats really work in different kinds of patterns, like identify some kind of CBE, that kind of stuff. But considering the way it works for us, I don't think it'll be able to capture a zero-day threat if it is a vulnerability because Prisma Cloud actually doesn't capture vulnerability. It captures errors in posture management. That's a different thing. I don't know if there is any zero-day that Prisma can identify in AWS instantly. Probably, we can ask them to create a custom policy, but that generally takes time. We haven't seen that kind of scenario where we actually have to handle a zero-day threat with Prisma Cloud, because that gets covered mostly by Qualys.

I've been using Prisma Cloud for almost two years now.

Prisma Cloud is quite stable. At times, it goes down, but that's very rare. We have some tickets with them, but when we see some issues, they sort it out in no time. We do not have a lot of unplanned downtime. It happens rarely. So I think in the last year, we haven't seen anything like that.

Prisma Cloud is quite scalable. In our current licensing model, we're able to heavily extend our cloud workload and onboard a lot of customers. It really helps, and it is on par with other solutions.

I think Prisma Cloud's support is quite good. I would rate them seven out of 10 overall. They have changed their teams. The last team was comparatively not as good as the one we have right now. I would rate them five out of 10, but they have improved a lot. The new team is quite helpful. When we have an issue, they take care of it personally if we do not get an answer within the terms of the SLA. We tend to escalate to them and get a prompt answer. The relationship between our management and their team is quite good as well. .

We have a biweekly or weekly call with their tech support team. We are in constant communication about issues and operating problems with them. It's kind of a collab call with their tech support team, and we have, I think, a monthly call with them as well. So whenever we have issues, we have direct access to their support portal. We create tickets and discuss issues on the call weekly.

Transitioning to the new support team was relatively easy. They switched because of the internal structure and the way they work. Most of the engineering folks work out of Dublin and we are in India. The previous team was from the western time zone. That complicated things in terms of scheduling. So I think the current team is right now in Ireland and it's in the UK time zone. That works best for us. 

We have an engineering team that does the implementation for us, and our team specifically handles the operations once that product is set up for us. And then that product is handed over to us for the daily BA stuff accessing the security, the CSPM kind of module. We are not involved directly. When the product gets onboarded, it's handed over to us. We handle the management side, like if you need to create a new rule or you need to find teams for the rule. But the initial implementation is handled by our engineers.

I would rate Prisma Cloud six out 10. I would recommend it if you are using AWS or anything like that. It's quite a tool and I'm impressed with how they have been improving and onboarding new features in the past one and a half years. If you have the proper logging system and can implement it properly within your architecture, it can work really well.

If you are weighing Prisma Cloud versus some CASB solution, I would say that it depends on your use case. CASBs are a different kind of approach. When someone is already using a CASB solution, that's quite a mature setup while CSPM is another side of handling security. So if someone has CASB in place and feels they don't need CSPM, then that might be true for a particular use case at a particular point in time. But also we need to think of the current use case and the level of maturity at a given point in time and consider whether the security is enough.