Try our new research platform with insights from 80,000+ expert users
TodorShuev - PeerSpot reviewer
System Administrator at a computer software company with 501-1,000 employees
Real User
Top 10
Provides secure access and comes with flexible licensing and a single console
Pros and Cons
  • "There is a system for monitoring the traffic. You can monitor the traffic of the connected people and point out any issues on the connection part."
  • "The user interface could be better. They need to work a little bit on the console. It is similar to their firewalls but not exactly. They need to clean it up a bit."

What is our primary use case?

We need global connectivity because we are a software company, and we have a lot of contractors around the globe. We are using Prisma Access for them to be able to connect from anywhere and have access to our data center, which is on-premises. It is not in the cloud.

We are using its latest version. It is always up to date. 

How has it helped my organization?

It provides zero trust security and access to our resources. It brings security and provides access. The security provided by Prisma Access is very good. I would rate it a nine out of ten in terms of security.

Prisma Access provides all its capabilities in a single, cloud-delivered platform, which is very good. Before choosing Prisma Access, we did extensive research. A single console was very important for us. If we had gone for Cisco, we would have had to combine three different products of Cisco, and we would have had three different consoles to manage, which is not what we wanted.

Prisma Access provides traffic analysis, which is very important for us because we want to know what is happening with the traffic, who is connected, how they are connected, and what is happening with the endpoint during this connection. We are working with the current information, and it is very important. For threat prevention, we are going to implement Palo Alto WildFire.

Prisma Access provides millions of security updates per day. It is very important because if we have zero-day or any other type of breach, it would not be good. There should be regular updates.

Prisma Access' ADEM was another feature that made us go for Prisma Access as compared to the other vendors. It provides real and synthetic traffic analysis, but it also depends on how you tune up ADEM. You need to make rules in order to maintain certain services. If you are doing it right, it will be able to show you where the weak point to the connection is. ADEM does not affect the digital experience for end-users. They do not even know that it is there.

Prisma Access does not enable us to deliver better applications, but it has had an impact. It is stopping some applications that our people are using.

What is most valuable?

It is easy. There are service connections that they are using for connecting from the cloud to your data center. It is simple. 

There is a system for monitoring the traffic. You can monitor the traffic of the connected people and point out any issues on the connection part. 

What needs improvement?

The user interface could be better. They need to work a little bit on the console. It is similar to their firewalls but not exactly. They need to clean it up a bit.

Prisma Access' ADEM is good when it comes to segment-wise insights across the entire service delivery path. The only minus is that it is not supporting Linux. It is only for Windows and macOS.

We are not able to manage firewalls from the cloud. They have promised to make this feature available in the future where we will be able to manage firewalls from the cloud. Currently, we can only use Panorama to manage firewalls.

Buyer's Guide
Prisma Access by Palo Alto Networks
October 2024
Learn what your peers think about Prisma Access by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.

For how long have I used the solution?

I have been using this solution for two months.

What do I think about the stability of the solution?

It is very stable. I would rate it a ten out of ten in terms of stability.

What do I think about the scalability of the solution?

It is very scalable. We have 200 users. I would rate it a ten out of ten in terms of scalability. 

We use it very often. It has been okay so far.

How are customer service and support?

We take the help of the integrator who is helping us. We still have questions regarding the product. They have provided a service engineer, and we work with him. We are able to call him directly for any help.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did not use any other solution previously. 

How was the initial setup?

It is straightforward because all the work is done by Palo Alto. They provide help for the initial setup to go without any issues or with minimum problems. They power up the machines, and they give us console access from there.

After Prisma Access was set up, it took us about a week to tune everything and connect our data centers to Prisma Access, etc.

We had two engineers for its setup. It does require maintenance. I am the only person handling the maintenance. It is not difficult to maintain.

What about the implementation team?

We use an integrator. 

What was our ROI?

It is too early for that. We need a little bit more time to see the ROI.

What's my experience with pricing, setup cost, and licensing?

It is not cheap. It is expensive. The good thing is that you are able to pay for what you need, but overall, it is not cheap. The pricing is not based on packages. You pay based on the features. If you want DLP, you only pay for DLP. They are very flexible. It is not cheap, but the licensing is flexible. There are no additional costs in addition to the standard licensing fees.

I would advise starting with the lowest package or minimum services, and then you can upgrade based on your needs. The full package is not cheap, and you might not need all the features.

Their cloud access router could be a little bit cheaper.

Which other solutions did I evaluate?

We evaluated Cato Networks, Cisco Umbrella, and Zscaler. We also had presentations from Perimeter 81 and CloudFlare.

We went for Prisma Access because it is able to integrate with their firewalls. They have very good connectivity. Palo Alto is a leader in the next-generation firewall, which means their security is good. 

What other advice do I have?

Prisma Access has a lot of features, but we have been using it for only two months. We have not fully used it yet. We have not used the whole functionality.

The good thing is that they are providing a proof of concept. You can do a proof of concept and see if it is suitable for you. If you are already using Palo Alto firewalls, it will be better for you. It will be much easier for you to use Prisma Access.

If you are familiar with Palo Alto in general, it is easy to use because it is very similar to their operating system of firewalls. If you have previous experience with Palo Alto, it is much easier. Otherwise, it will take a little bit of time, but it is easy. The only thing that can be a bit complicated is the service connection. In Prisma Access, you have two types of connections: service connection and network connection. They do almost the same thing. They can create confusion if you are not familiar with them.

Prisma Access can secure not just web-based apps but non-web apps as well, but we are not using this feature currently. 

Overall, I would rate Prisma Access an eight out of ten. That is because we cannot manage firewalls from the cloud.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Network and Security Engineer at a security firm with 11-50 employees
Real User
Top 10
A cost-effective solution with comprehensive security, but the dashboard response time should be better
Pros and Cons
  • "Prisma Access provides comprehensive security. It provides URL filtering, application control, SSL, DLP, etc. It provides complete security for the cloud environment."
  • "Its security is good. Everything is good, but the way the dashboard responds can be improved. It takes time to implement a policy. If you change only two or three lines and push the policy to make the change work, it takes 20 to 30 minutes even for a small change. That is something very irritating from the implementation perspective."

What is our primary use case?

We are an integrator. We are providing the services to a partner of Palo Alto. We are using Prisma Access, Cortex XDR, and Cortex Data Lake.

We are using two kinds of services for security: one is Zscaler and the other one is Prisma Access. For Internet security, we are using Zscaler, and for SaaS applications security, we are using Prisma Access. 

By implementing Prisma Access, we wanted to secure the traffic for SaaS applications such as Office 365. We had SaaS application traffic that was already bypassed, but because it was UDP traffic, it was still going to the Internet. There were some internal customer applications over the cloud, and we wanted to secure the content of those applications over the cloud. That is why we are using Prisma Access.

How has it helped my organization?

Prisma Access provides comprehensive security. It provides URL filtering, application control, SSL, DLP, etc. It provides complete security for the cloud environment.

We are using IPSec. If you compare it with Zscaler, there is no limit for IPSec bandwidth or throughput. Zscaler provides only 400 Mbps, whereas, with Prisma Access, we are not facing any such issues. We are getting unlimited bandwidth for IPSec. This is one of the main benefits when it comes to the cloud because sometimes the backplane could be very high. In such cases, Prisma Access is very helpful for us.

For our data at rest, which is our data stored in the cloud, we are using the CASB properties of Prisma Access. It provides security to our data at rest.

The way the product is designed is good. It does not take much time to identify a problem and what is going on because we have zone-based and site-based configurations. Whenever we have something coming from users, we get reported about the issue. It is very easy to troubleshoot. With the integration of Prisma Access with Cortex XDR, we can easily identify what is going on.

The logs that Prisma Access provides are also very detailed, so it is very easy to identify the issue and the root cause for resolution. Once you have identified the issue, the solution does not take much time.

We have a centralized dashboard. In the same dashboard, they have integrated multiple parts, such as Cortex Data Lake, GlobalProtect, and Prisma Access for Internet security or cybersecurity as well. There is a single dashboard integrated with different tools. It provides comprehensive security and is easy to manage.

In our infrastructure, we are getting 200 to 300 alerts on a daily basis. We get alerts about all kinds of issues, such as when the tunnel is fluctuating, reports are not getting generated, or there is some compliance issue in configuration. The alerting part is very good in Prisma Access. We get alerts instantly whenever there is a fluctuation. We, as administrators, look into them and resolve them on a priority basis.

These alerts reduce the resolution time and provide insights to proactively resolve an issue. This is a very helpful part of Prisma Access, but this capability is there in every product these days.

What is most valuable?

We are able to implement security control over the SaaS application traffic. We are able to implement the security posture, and we are able to implement the IPSec tunnel. We are using GRE as well. We are able to implement security for multiple use cases with Prisma Access.

It provides SSL inspection for private or internal applications. That is one of the key features we are getting from Prisma Access. We are using GlobalProtect along with Prisma Access. Even for our SaaS applications, we are doing SSL.

What needs improvement?

Prisma Access is good. Its security is good. Everything is good, but the way the dashboard responds can be improved. It takes time to implement a policy. If you change only 2 or 3 lines and push the policy to make the change work, it takes 20 to 30 minutes even for a small change. That is something very irritating from the implementation perspective. The response time of the dashboard for configuring things needs to be improved. It should be quick.

Its implementation is also a bit complex.

For how long have I used the solution?

We have been using this solution for 2.5 years. 

What do I think about the stability of the solution?

It is stable. I would rate it an 8 out of 10 for stability.

What do I think about the scalability of the solution?

It is very scalable. I would rate it a 10 out of 10 for scalability.

Our clients are enterprises. 

How are customer service and support?

Their TAC part is okay. It is not the best, and it is also not the worst. They are good. I would rate them an 8 out of 10.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We have been also using Zscaler, but we are moving to Prisma Access completely. The decision to move is taken by the management. Zscaler is a better product, but it is very expensive. 

Another thing is that management has decided to use the firewall solution of Palo Alto going forward. That is why they are proactively switching to Prisma Access. There will be better synchronization between security products. There will be GlobalProtect and Palo Alto Firewall in place going forward.

How was the initial setup?

We had to define the architecture first. We were already using Zscaler, so it was a bit complex to shift the traffic to Prisma Access. It took months to implement this solution to segregate the traffic from Zscaler and move it to Prisma Access. It was not an easy task. It was a bit complex. Once it was implemented, it was good.

Its implementation could be difficult, but when it comes to operations, it is easy. The maintenance part is also good. Only the configuration part takes time. The portal also lags at times.

The implementation duration varies. An implementation can take weeks or months. It depends on your network, infrastructure, and applications. 

What's my experience with pricing, setup cost, and licensing?

As compared to other solutions, Prisma Access is much cheaper. It is probably 30% to 40% cheaper than other solutions, but I do not know the exact cost.

A customer is using 250,000 user licenses for Zscaler. You can understand what Palo Alto would offer to take over this kind of project. The price can be negotiated in many ways.

Which other solutions did I evaluate?

I am not sure if any other solution was evaluated, but I am pretty sure that PoC was not done for any other product. 

What other advice do I have?

If you are looking for a cloud security solution, you need to know how many applications are there on the cloud and what is your budget. Prisma Access is overall beneficial. Zscaler could be more expensive or trickier to manage because it requires expertise. Prisma Access is easier.

We have not done any automation. Everything is manual. We have not integrated any of the REST APIs with Prisma Access. We know that REST API is supported in Prisma Access.

Overall, I would rate Prisma Access a 7 out of 10.

Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
Flag as inappropriate
PeerSpot user
Buyer's Guide
Prisma Access by Palo Alto Networks
October 2024
Learn what your peers think about Prisma Access by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
Gabriel Franco - PeerSpot reviewer
Senior Service Delivery Engineer at Netdata Innovation Center
Real User
Top 20
Provides threat prevention and gives us the ability to configure clientless VPN, which helps us address specific applications that are consumed through Prisma
Pros and Cons
  • "The most valuable feature is the ability to change the gateway. For example, if there's a problem with a specific region or vendor, we can make modifications. The solution is scalable, and there are different gateways that can be created depending on the demand."
  • "I would like the solution to support a different type of authentication. We can't configure a secondary method for our portal."

What is our primary use case?

Prisma Access is useful for organizations with hardware and firewalls that don't support their total number of users for remote working. If they need to increase this quantity, instead of increasing the hardware, they can use a solution as a firewall service.

A maximum of 200 people use this solution. We don't utilize all of the solution's capabilities.

How has it helped my organization?

I had a customer who needed to move all of their operations to work from home during the pandemic. They moved all of their configurations to Prisma Access, and we helped them enable permissions for their users to work from home.

Prisma Access provides better app performance. It allows all the traffic that's really needed for applications and internal resources without any impact on the hardware. It can be continuously scaled in case more resources are needed.

What is most valuable?

The most valuable feature is the ability to change the gateway. For example, if there's a problem with a specific region or vendor, we can make modifications. The solution is scalable, and there are different gateways that can be created depending on the demand.

Prisma Access supports all of the traffic that the user generates. We have the ability to send all of the traffic through the Prisma Access firewalls.

Prisma Access provides traffic analysis, threat prevention, URL filtering, and segmentation capabilities. It also provides DLP. If you have Panorama to manage firewalls and you have a device group that has some configurations with specific profiles for the spyware or antivirus, it's good to have the ability to replicate that in your Prisma Access environment without any compatibility issues.

It's important that Prisma Access provides millions of security updates per day because we have to be aware of attacks in the cybersecurity industry. It's very helpful to have these updates from Palo Alto because they can prevent the organization or customers from having issues.

Prisma Access gives us the ability to configure clientless VPN, which helps us address specific applications that are consumed through Prisma.

The Autonomous Digital Experience Management feature is helpful because it shows the source of a problem. One user could say that they have a problem with slowness or that some applications don't work that well. It could be a problem with Prisma or a problem with the user's internet provider.

The security provided by Prisma Access is very good because we have the same configurations and models that we have on our normal firewalls. If you have worked with Palo Alto before with firewalls or Panorama, it's very easy to create configurations to implement your security posture. It's on the same technology as Palo Alto, so it's compatible with firewalls. It's also very secure, and it has the same scalability options.

My organization has created different gateways, so they have two different cloud vendors. This redundancy on cloud is helpful. There is redundancy at different branches to provide a backup in case there is a problem with a vendor in a specific area.

What needs improvement?

I would like the solution to support a different type of authentication. We can't configure a secondary method for our portal.

For how long have I used the solution?

I've worked with Prisma Access for about six months.

What do I think about the stability of the solution?

The stability is very good. I haven't had issues with the connection or dropping traffic.

What do I think about the scalability of the solution?

I haven't had any issues with scalability. The solution allows us to define all of the resources that we need. For example, we can define the IP addresses that we need for the number of users that will be connected. If there's a large quantity of users, they can increase the resources. 

How are customer service and support?

The technical support could be faster after we open up a case.

How was the initial setup?

Setup is very straightforward. Prisma Access has very extensive documentation. If you use that, it's easy to deploy the solution. You need to read a lot more for routing considerations, but I think it's easy for people with startup experience.

The amount of time it takes to deploy the solution depends on the complexity of the consumer's considerations. Normally, the basic implementation and policy authentication can be completed in two or three hours.

We require a few people for maintenance. One person provides support and two people do the implementation.

What about the implementation team?

I received some help from engineers who had more experience in the company. They taught me how to configure it, and I was able to complete the deployment after that.

What other advice do I have?

I would rate this solution as nine out of ten. 

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Alex Kisakye - PeerSpot reviewer
Senior DevSecOps Engineer at Sympli Australia Pty
Real User
The dashboard is intuitive, the pricing is easy to understand, and the run time security feature is unique & valuable
Pros and Cons
  • "A feature I've found very helpful is run time security because most of the products on the market will look at security during the build time, and they don't really look at what happens once you're going into production."
  • "There is room for improvement in the multi-environment visibility, especially around containers."

What is our primary use case?

We use Prisma Compute for container monitoring and Prisma Cloud for cloud monitoring. Compute looks at workload security, and we use it for container security, build security, and assessments. Cloud looks at our AWS account and gives us input on any security issues with our AWS workload.

How has it helped my organization?

We now know if there's any vulnerabilities during runtime, which is not something we had before. We didn't used to have visibility into our cloud infrastructure or our container space once the containers were running but we do have that visibility now. We also have visibility into how the different pieces of our solution talk to each other, so we know which services talk to each other, and then we are able to pick up anomalies. For example, when service A is talking to service B and there's no reason why they should be talking to each other. That's been a real help.

The solution is pretty comprehensive across all three tenets of build, run, and software. This has improved our operations because, for example, at build time if there is an inability within dependencies or within the Docker images we're going to use, we are able to stop, build, and remediate at that point. Within our registries where we keep our containers, we are still able to look back and see how vulnerabilities were corrected over time. Sometimes you build images in a repository, so a vulnerability might get discovered on the internet and it's good to know whether you're still safe before you run your images. Also, once you are running, it's helpful to know that you are still running secure environments.

What is most valuable?

A feature I've found very helpful is run time security because most of the products on the market will look at security during the build time, and they don't really look at what happens once you're going into production. 

It's a perfect solution for protecting the full stack native cloud. There's been a lot of development over time, so it's gotten better during the time we've been using it. 

The solution provides visibility and it's pretty simple to use. The dashboard is very intuitive. The solution makes it easy because we can look at one screen and see vulnerabilities across the infrastructure.

What needs improvement?

There is room for improvement in the multi-environment visibility, especially around containers. The product easily gets confused if you have, for example, similar Docker images that are running in different environments. It does not have a way of isolating that even though it's the same image, it's running in a different environment. It just consolidates that reporting and makes it difficult to figure out how far your plus range is.

I don't think the solution has a preventative approach. I think most of it is really more fighting. I guess you could use what it finds to predict what might happen in the future, but I haven't seen any features that are preventative.

For how long have I used the solution?

I've been using this solution for three years now. 

What do I think about the stability of the solution?

The solution is very stable. I think in the last year we've done around four upgrades and it's never missed a beat, even through those.

What do I think about the scalability of the solution?

The solution scales quite easily. We've thrown a lot at it and it's still standing. Everything that we run goes through Prisma. 

How are customer service and support?

I think the support has a lot to improve on. Sometimes it's very difficult to get context around tickets, especially if they get keep on getting switched around, and then there are many issues. Not issues per se, but there are times when you need help and the person who is running the ticket is not able to service your ticket and then they have to push it on to engineering and that takes forever. I would rate the customer service as a five out of ten. 

How would you rate customer service and support?

Neutral

How was the initial setup?

The initial setup was pretty straightforward. The product has very good documentation that is very easy to follow. Deployment took about a day. Rolling it out took longer, but that was because of internal challenges, not the product itself. 

What about the implementation team?

We handled it all in-house. I actually did the deployment myself, and it went good. We used Terraform for deploying, and ran it in ECS, in our container environment. Our services are all running in AWS ECS, so we used their ECS module to plug our content environments into Prisma, and then we used their standalone agent for the rest of our systems that are not running container services.

What was our ROI?

We have seen an ROI because now it takes less time to identify vulnerabilities and fix them. When vulnerabilities are detected, the responsible teams are notified immediately, as opposed to having security go around once a week.

What's my experience with pricing, setup cost, and licensing?

The pricing is very friendly and that's the reason why we renewed this solution. It was really just based on pricing, and the licensing is also pretty understandable. It's not confusing to figure out your workload and how much you'd be paying for the solution. 

We chose a mixed infrastructure where we have a bit on-prem and then also a direct cloud version. If you're running it on-prem, you have to meet infrastructure costs for the solution to run on your server in addition to standard licensing costs.

Which other solutions did I evaluate?

Before we did our last renewal we looked at a couple of other products. We chose to renew because of the pricing and licensing of this solution. 

What other advice do I have?

The crux of why we're using the product is because of the automations. We are very confident that the product will keep us secure at all times. 

We are able to inject Prisma into our build jobs without it really affecting our build times or the developers.

The solution has reduced alerts investigation times by 60-70%.

I would rate this product as a nine out of ten. 

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Manager Network Design at MEEZA, Managed IT Services Provider
Real User
Top 5Leaderboard
Along with a straightforward setup phase, the tool also offers exceptionally high stability
Pros and Cons
  • "The most valuable features of the solution stem from the fact that it offers stability and scalability while being a very secure product."
  • "The product's current price is an area of shortcoming where improvements are required."

What is our primary use case?

I use Prisma Access by Palo Alto Networks in our company for remote access, especially to help new users connect to corporate resources from over a distance, in other countries, or while they are not in the office.

How has it helped my organization?

I have seen some benefits from using the solution in our company since it offers mobility. My company has users around the world who connect to the resources remotely without any issues because of Prisma Access by Palo Alto Networks.

What is most valuable?

The most valuable features of the solution stem from the fact that it offers stability and scalability while being a very secure product.

What needs improvement?

Certain complications are related to the VPN part of the product, which can lead to a very deep and technical discussion. From an improvement perspective, I want the product to be integrated with SASE products.

Palo Alto Networks GlobalProtect or VPN in general with a cloud-based service would be a great improvement.

The product should be made more capable of offering more integration with the recent technologies introduced in the market. The product's integration capabilities with the already existing products in the market are good.

The product's current price is an area of shortcoming where improvements are required.

For how long have I used the solution?

I have been using Prisma Access by Palo Alto Networks for four years. As it is a security product, our company keeps it updated to the latest version.

What do I think about the stability of the solution?

It is a 100 percent stable solution. Stability-wise, I rate the solution a ten out of ten.

What do I think about the scalability of the solution?

It is a very scalable solution.

Around 800 people in my organization use Prisma Access by Palo Alto Networks. The solution can be scaled up to fit around 3,000 users at a time.

Prisma Access by Palo Alto Networks is used extensively twenty-four hours a day and seven days a week in my organization since we operate in different time zones.

How are customer service and support?

The support offered by Palo Alto Networks is amazing. Whenever my company opens a ticket with the support team of Palo Alto Networks, we get amazing support. The support team of Palo Alto Networks is fast, customer-friendly, and knowledgeable.

Which solution did I use previously and why did I switch?

I have experience with Cisco and Fortinet. I have experience with Cisco AnyConnect Secure Mobility Client. The last time we used Cisco AnyConnect Secure Mobility Client in our company was three years ago, after which it was phased out from the set of standard solutions we use. Based on my experience with Fortinet and FortiClient, I can say that the support is not at the same level as the one offered by Palo Alto Networks. Fortinet's technical support team is not as strong as the technical team of Palo Alto Networks. Only the prices of Fortinet and FortiClient were good compared to Palo Alto Networks.

How was the initial setup?

The product's initial setup phase was very straightforward.

The deployment process involves identifying the user profiling and figuring out what exactly its users need, meaning there are some prerequisites involved in the deployment's preparation phase, and it is the most important process critical for the product's success.

The solution is deployed on an on-premises model.

The solution can be deployed in two days.

What about the implementation team?

The deployment can be carried out with the help of our company's in-house team.

What's my experience with pricing, setup cost, and licensing?

Prisma Access by Palo Alto Networks is an expensive solution, especially when compared to other solutions like Cisco. There are no additional charges apart from the standard licensing costs attached to the solution.

What other advice do I have?

Those who plan to use the solution should ensure very good user profiling is carried out, after which they should link the product with the corporate security policy. Prisma Access by Palo Alto Networks is a very flexible solution, and you need to know exactly what you want out of the solution, which should align with the policies in your company as it is an area that differs from one corporate entity to another.

Considering the cost of the solution, I rate the overall tool a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Sr systems eng at a computer software company with 1,001-5,000 employees
Real User
The UI is buggy and not intuitive, but it provides decent security
Pros and Cons
  • "Prisma helped us build a moat around our production systems. It's now impossible to log into our production from a non-MDM laptop. Prisma Access provides decent security overall."
  • "It applies commits to the firewalls slowly. There isn't an API you can use for anything. We've previously had trouble with the egress IP addresses though we expressed to engineering that those mustn't change. They changed several times without warning, causing a lot of headaches."

What is our primary use case?

We use Prisma Access to build an allowlist that we put into Socks App, so we can gate access to what we want based on whether someone is allowed onto the VPN. Prisma is a SaaS product. We have the cloud-managed version that we use to access a mixture of on-prem, public cloud, and SaaS tools. 

We aren't using it extensively. There are only around six rules. I've had five hundred or a thousand rules in previous companies that used Palo Alto Networks. We have six, so we're not using the solution extensively. We're looking at various products for DNS filtering and security, so we will potentially get rid of Prisma Access in the future. It's a heavy-handed way of doing what we're trying to do.

How has it helped my organization?

Prisma helped us build a moat around our production systems. It's now impossible to log into our production from a non-MDM laptop. Prisma Access provides decent security overall.

Prisma Access protects all app traffic so users can access all our apps, which is crucial because we want this to be as transparent as possible. The ability to secure web-based and other apps is also critical. We use this as a gateway into production or specific systems. That might be over 443, HTTPS, DB, or any other protocol.

What is most valuable?

Prisma Access offers features in one cloud-delivered platform, which is pretty important. Anything we can do to reduce the complexity of this is good. It will get messed up at some point if there are too many moving parts.

The traffic analysis, threat prevention, and URL filtering features are pretty critical. Prisma Access is our frontline defense for our production environments. On top of that, it protects the engineering staff's endpoints, so it needs to provide essential URL scanning and WildFire AV detection.

What needs improvement?

I've had a ton of issues with Prisma Access. The UI is horrible and not intuitive. For example, error handling when applying configuration changes is atrocious. The UI itself is buggy and lags. The sales staff tried to be helpful, but they sold us the wrong license SKU, which broke our environment, and it took two months for them to fix it. Two months is an eternity for something as critical as this.

It applies commits to the firewalls slowly. There isn't an API you can use for anything. We've previously had trouble with the egress IP addresses though we expressed to engineering that those mustn't change. They changed several times without warning, causing a lot of headaches.

For how long have I used the solution?

I have used Prisma Access for a year and a half. 

What do I think about the stability of the solution?

Prisma hasn't broken yet. There have been a lot of outages, but luckily only a handful have affected us.

What do I think about the scalability of the solution?

Prisma is somewhat scalable. We want to use this as an allowlist for our external applications. However, other external tools don't allow you to add an arbitrary number of IPs. If we were going to put in the complete list of active and reserved IPs that we get from our seven points of presence, then that's roughly 41 IPs. That goes over the max of 40 that GKE and GCT use. We can't use it to gate Kubernetes pods because there are too many IPs.

We can't seem to remove them once they're added. I've opened several support cases, and we still have half. Half of this list is all reserved and unusable points of presence because they aren't assigned to anything. It is a bit cumbersome and not as agile or straightforward as I was led to believe.

How are customer service and support?

I rate Palo Alto's support a four out of ten. When I put in a ticket for a problem, they will send me a link to documentation that is either for the wrong product or something that doesn't apply to me. I usually get on a Zoom call with an engineer, show them the problem, and wait a week or two before I get a solution.

How would you rate customer service and support?

Neutral

How was the initial setup?

Setting up Prisma Access was relatively straightforward for our use case. We deployed some firewalls in our system and used the IP addresses we got from those to inform and allow this. So it was very straightforward to get it to work, but tweaking it over time has been cumbersome.

I was the only person from our company working on the deployment. I designed and implemented the architecture, then deployed the tool to the endpoints internally. I'm responsible for educating the users and troubleshooting problems they find. I do things like telling a guy, "No, there isn't a problem with the VPN. You shouldn't use the web version of Spotify because only crazy people do that."

What about the implementation team?

We used CDW and Palo Alto professional services. It was fine. It wasn't the best engagement, but it wasn't the worst.

What was our ROI?

It's hard to say if we've seen an ROI. I imagine we have. We haven't been breached, so that's something.

What's my experience with pricing, setup cost, and licensing?

There's no reason not to buy the enterprise version that gives you unlimited PoPs, but you must understand the limitations you impose on yourself if you do that. If you go crazy, that allowlist will be too big for Kubernetes clusters.

The API that pulls the egress IPs allocated to you should be updated by the minute or as often as possible. There's no forewarning of impending changes. That should be built into your CI/CD system so no one needs to update anything manually. It should just flow through. However, you need notifications because it's a slippery slope. If you're adding and changing IPs all the time, who knows what's what anymore.

Which other solutions did I evaluate?

I did demos of around 16 different products that do something similar, including Zscaler, Netskope, Fortinet, Twingate, and Tailscale. Palo Alto was the only solution that could give us dedicated egress IPs. 

What other advice do I have?

I rate Prisma Access a four out of ten. There are many tools out there that can do the same actions. This is not the best tool to use if you're only looking for an allowlist for production. 

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Burak Dartar - PeerSpot reviewer
Cybersecurity Unit Manager at a university with 11-50 employees
Real User
Unlike traditional VPN, we were able to analyze and block things immediately, and track user connections
Pros and Cons
  • "The protection for web-based applications was helpful for my colleagues who didn't want a particular application on their devices. And the non-web access protection was more for our developers because they were writing and building code on their computers. Prisma Access was able to protect them."
  • "Sometimes, we encountered a portal crash. When we told Palo Alto they said it might be the browser or cache, but I think they need to improve it on their side."

What is our primary use case?

In my first company, we encountered some problems with endpoints because we had colleagues working out of country and we didn't know what happened to their clients. We used Prisma Access for information regarding the client status and the client programs because it can check and control client operations.

In that company, before Prisma Access, we used public access and we encountered many attacks from outside. Our DevOps and software engineers always connected from outside. When I came to that company I changed things, but without Prisma Access but it was very difficult. I had to do IAM per user. But when we integrated Prisma Access we could grant access by integrating the identity storage. I could grant access very quickly and see the behavior of my developers and software engineers. Sometimes they would come with new requests and Prisma Access provided quick policy deployment.

How has it helped my organization?

The solution helped us immediately solve the problem with our colleagues' endpoints when we encountered it.

When we integrated with Palo Alto's Cortex application in the cloud, it provided threat analysis and we didn't worry about malware or malicious traffic from Prisma Access. It was analyzing and blocking things after the Prisma Access analysis. When we used traditional VPN applications, there was no threat analysis and we counted on that from the firewall. But with Prisma Access working as a firewall and VPN, the security engineer could see everything in one portal. That meant we could analyze and block things immediately.

For my company, the features and remote accessibility were an improvement over the more traditional VPN applications. With Prisma Access we could grant more security than our public access allowed. We had more tracking of the client side. We could see and calculate their work shift time. We didn't have these features in traditional VPN tools.

We had new vulnerabilities or threats coming up daily. Using a traditional firewall or VPN, updates depended on a schedule, but Prisma Access updated itself by checking the threat database and protected us that way.

The biggest thing I learned from using Prisma Access was that, compared to conventional VPN applications, where we didn't know how users were behaving or when they were connecting, we could see how they were behaving and when they were connected. We could see what they encountered, the problems, before they complained.

What is most valuable?

The cloud VPN features mean we can connect everywhere and track where all our users are connecting. It's a helpful feature for us. We used to use traditional VPN tools, not cloud-based VPN, but Prisma Access came out with new, innovative features, including client-tracking, which was more valuable for our company. It was very impressive for us. The solution's VPN connection provided a lot of protection and was proactive. It was a better option for us. 

Also, we can split our web application and client internet traffic with Prisma Access so that it is protecting both web applications and our specific, non-web applications. The protection for web-based applications was helpful for my colleagues who didn't want a particular application on their devices. And the non-web access protection was more for our developers because they were writing and building code on their computers. Prisma Access was able to protect them.

What needs improvement?

Sometimes, we encountered a portal crash. When we told Palo Alto they said it might be the browser or cache, but I think they need to improve it on their side.

For how long have I used the solution?

I have been using Prisma Access by Palo Alto for four years. I integrated it for my first company and I implemented it for a proof of concept for another company and they love it.

In my current company, we are not using it because this company is working on-prem, but we have a digital transformation plan for next year.

What do I think about the stability of the solution?

It's reliable.

What do I think about the scalability of the solution?

It provides scalability in terms of the features and they are giving a bonus depending on the number of users. In my previous company we had 2,000 users.

I am always tracking the new technologies and features. I see there are many AI and digital technologies and I believe Prisma Access will use these more effectively. It may integrate with AI technologies and some of the analysis, as well as policies and access, will be done automatically by Prisma Access.

How are customer service and support?

They have a separate technical team for Prisma Access. Normally, Palo Alto has TAC engineers working on their different products, but they have a specific Prisma Access support team in my country. When we called or created tickets they supported us immensely. I expected to hear from them within one hour.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used a traditional VPN solution, but nothing like Prisma Access.

How was the initial setup?

The initial setup is very easy. I have deployed it three times and it was integrated within two hours.

One network engineer, one network security engineer, and a system engineer are enough for the deployment and maintenance.

What about the implementation team?

The implementation strategy was designed by Palo Alto engineers. They have good tech support guys who assisted us and explained all steps. They gave us some options and helped us choose the most effective way.

When they configured it from our requirements it worked the first time. Normally things didn't work like that before, but with Prisma Access it was integrated on the first try.

Which other solutions did I evaluate?

Where I'm working now we have FortiGate but at my old company, we didn't prefer that. When Palo Alto did the presentation at my old company, we understood they were professionals and that their features were more valuable than FortiGate.

What other advice do I have?

You don't need to worry because it will be integrated very quickly when you work with the Prisma Access support team. Be sure to ask many questions to understand the Prisma Access features and you will be able to use it very effectively.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Alikhayyam Guluzada - PeerSpot reviewer
Chief Information Security Officer at Prosol LLC
Real User
Top 10
Integrates easily with cybersecurity solutions and has been very effective in securing our environment
Pros and Cons
  • "Its frontend is user-friendly. It is easy to use for us."
  • "Its integration with non-Palo Alto products can be improved. Currently, it is easy to integrate it with other Palo Alto products such as Cortex XDR. It integrates well with other Palo Alto products. A major part of our network is based on Palo Alto products, but for those companies that use multi-vendor products in their infrastructure, Palo Alto should optimize the integration of Prisma Access with the network devices from other vendors."

What is our primary use case?

We use this solution for container security. We use it in an environment with 200 developers.

We use its latest version and the version prior to the latest one.

How has it helped my organization?

It helps with container security. Month by month, developer accounts in the company are increasing. Prisma Access supported and helped us very effectively in securing their workstations and working environment.

Prisma Access is good for securing access and privileges. Our developers have a security background, and they have knowledge of cybersecurity. It gives us assurance that they would not be able to do anything as an insider cyber attacker. They would not be able to use their environment to jump to other servers because such functions are prevented by this solution.

Prisma Access can protect all app traffic, but we classify the apps inside the company and choose the critical and the medium-risk level apps. This protection is important security-wise. On the IT side, it is important. It is also important on the business side, but they are only concerned about the price. We tried to connect with Palo Alto to get a discount on the first and second years to make the company get the maximum benefit and see the benefit of this solution. After that, they can remove the discounts, and it will be the decision of the company whether to continue with this solution or not.

Prisma Access secures not just web-based apps but non-web apps as well. However, about 70% of our applications are web-based applications. If they do not get the discounts, we will only use them for critical web-based applications. Based on my experience, Prisma Access is good not only for web-based but also for non-web applications. It is effective.

Prisma Access provides traffic analysis. We are also using Cortex XDR. It is Palo Alto's XDR solution that also supports us for traffic analysis. By using both of them in one environment, we have an end-to-end, more holistic, and zero-trust approach.

Prisma Access provides millions of security updates per day. We are also from the cybersecurity side, so we understand that it is a new product. It has only been around for two or three years. In every new product, such updates are welcomed, but we hope that in the next few years, there will be fewer such updates and more targeted updates.

Prisma Access enables us to deliver better applications on the security side but not the business and IT side. We are now more confident that our applications are secure.

What is most valuable?

Its front end is user-friendly. It is easy to use for us. We are familiar with other Palo Alto products. Its interface is similar to other products of Palo Alto, so it is familiar and easy to use for us.

My experience with Prisma Access has been perfect. It is good considering the fact that our networks are mainly based on Palo Alto products. We are using Palo Alto's next-generation firewalls and Cortex XDR, so it is good to have Prisma Access in the infrastructure to get a fast network environment.

What needs improvement?

Its integration with non-Palo Alto products can be improved. Currently, it is easy to integrate it with other Palo Alto products such as Cortex XDR. It integrates well with other Palo Alto products. A major part of our network is based on Palo Alto products, but for those companies that use multi-vendor products in their infrastructure, Palo Alto should optimize the integration of Prisma Access with the network devices from other vendors.

They should also increase their support team. There is scope to optimize their support.

For how long have I used the solution?

We have been using this solution for about eight months.

What do I think about the stability of the solution?

Stability depends on the company that has developed a solution. As a vendor, we see Palo Alto as a stable company. Their stock value has increased year by year. Based on our communication with the headquarters of Palo Alto, we see that they are investing more and more in their cybersecurity solutions in terms of financials, features, and talent. Therefore, it is one of the stable solutions.

What do I think about the scalability of the solution?

It is scalable for now. It has only been eight months since we have applied this solution in our environment.

On the client side, there are about 200 users. Overall, there are 500 users on the client side and our side. Most of them are developers and network security and IT security people. In our SOC center, they are monitoring this solution too.

It is being used on a daily basis. We have integrated this solution with the SIEM solution, and when an incident or a request comes, we focus on this. On a daily basis, we have some alerts and incidents coming.

How are customer service and support?

Their technical support is good, but in some cases, when we asked them some questions, they took several days or hours to discuss that internally and come up with the answers from their side. However, it is acceptable because we know that it is a new product.

Which solution did I use previously and why did I switch?

We did not have any solution for providing a secure environment on the developer's side. It is our first year, and it has been surprising and effective for us. 

How was the initial setup?

The deployment of the key features of the product took about three months, but that was because of the delays from our side and the client's side. 

It was a standard deployment. We took sample applications and tested it on them as a PoC. We became familiar with the security function of the product, and we realized its benefits. We then applied it part by part to other web applications and non-web applications.

It is deployed on the cloud. We use Google and other clouds.

What about the implementation team?

For the initial setup, we got support from the Palo Alto support team, so it was good. We are satisfied with them.

In our cyber team, we have around 40 experts. As a project team, they also engage. We use their support too.

For its deployment and maintenance, we have about 12 people who are actively engaged, but overall, there are 30 people engaged with this project.

What's my experience with pricing, setup cost, and licensing?

In terms of pricing, considering that it is a two or three years old solution, they should apply big discounts for the next two or three years. This approach will be better for them to capture the market.

There are no additional costs. After purchasing and acquiring this solution, we also got support. 

Which other solutions did I evaluate?

We evaluated Cato Networks, Check Point, and Prisma Access. We went for Prisma Access because of its features and its integration with other cybersecurity solutions. Its integration is easy, and it takes less time to integrate it with other cybersecurity solutions. 

There are also open-source applications. They are also good, but they need more tuning and more time to get to the level of solutions like Prisma Access. A benefit of these open-source solutions is that you can tune them according to your environment. They are also free, so there is a cost-benefit.

What other advice do I have?

It is one of the top solutions in the market. I hope that they will continue to tune and optimize their product based on the feedback that they get from the users. This way, it will keep its place among the top ten solutions in the global market.

Overall, I would rate Prisma Access an eight out of ten. It is good, but they should improve their support and its integration with non-Palo Alto solutions.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Prisma Access by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.
Updated: October 2024
Buyer's Guide
Download our free Prisma Access by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.