The solution is not very complex and is easy to manage for people who may or may not have knowledge about Palo Alto Networks.
Network lead at SDGC
An easy to manage solution that needs to improve initial support
Pros and Cons
- "The solution is not very complex and is easy to manage for people who may or may not have knowledge about Palo Alto Networks."
- "The initial support team is not very good. Most of the time, I have found that they are one to three years experienced only. They don't have network expertise. They know about Palo Alto products but don't know how to troubleshoot the issues. We have to guide them most of the time to troubleshoot correctly since their approach is not developed."
What is most valuable?
What needs improvement?
The initial support team is not very good. Most of the time, I have found that they are one to three years experienced only. They don't have network expertise. They know about Palo Alto products but don't know how to troubleshoot the issues. We have to guide them most of the time to troubleshoot correctly since their approach is not developed.
For how long have I used the solution?
I have been working with the solution for a few months.
What do I think about the stability of the solution?
The solution is very stable.
Buyer's Guide
Prisma Access by Palo Alto Networks
October 2024
Learn what your peers think about Prisma Access by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
What do I think about the scalability of the solution?
We are a large team and work for multiple customers.
How are customer service and support?
The senior engineers are very good and you need to escalate your issues to them.
How was the initial setup?
The tool is very easy to set up. It will take some time since you need to plan all the things. You also need to think about the migration of the existing infrastructure. It is not like you can complete the installation in a week. We will collect information first on users and categorize them from a user perspective like the applications and services which will be connected to the product. We will make a plan once we understand the user requirements. It is a long process and we will ensure that everything is secure. A document will be created with the data flow. We will ensure 100 percent that everything is working fine.
What other advice do I have?
Prisma Access is a good product and I would rate it a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Team lead at a tech services company with 10,001+ employees
Supports both data and voice, unlike other solutions, and enables us to do URL filtering
Pros and Cons
- "The visibility perspective is pretty cool. If I want to know how much data is being used for a specific project, I can look at how much data has been used, from which region, and which users have been connected. That visibility is very good so that I can see how many licenses we have and how many are used."
- "There should be a dedicated portal or SASE-based solution. They're trying to add a plugin but it needs a dedicated portal because it is now an enterprise solution for multiple organizations. People should be able to directly log in to a dedicated page for Prisma Access, rather than going into a Panorama plugin, and always having to update the plugin."
What is our primary use case?
Our use case started with the pandemic. Before the pandemic, our users worked in our office, but when the pandemic started our users were at home. They wanted to have the same kind of access that they had on-premises. We deployed a network and mobile services for them so that they could have the same experience sitting at home and access all the infra in the office. We use mobile access to connect to Prisma Access, and from Prisma Access we built a site-to-site VPN to connect to the office network so that they would have the same kind of access.
How has it helped my organization?
It is very helpful because it is protecting the applications that are behind it. It has so many components that we can use to secure our applications.
What is most valuable?
Prisma Access has all the features from Palo Alto. But the visibility perspective is pretty cool. If I want to know how much data is being used for a specific project, I can look at how much data has been used, from which region, and which users have been connected. That visibility is very good so that I can see how many licenses we have and how many are used. It gives a great view of what is happening, of everyone who is connected. That is one of the things I like.
It provides traffic analysis, threat prevention, and URL filtering, although I'm not sure if it provides segmentation. These features are very important. We wanted to filter traffic according to our standards. The URL filtering helps to filter the traffic so that we only send the traffic we want to on-premises or the internet. Without this, it would be very tough.
Also, it protects all your app traffic. It's like a next-generation firewall. It does everything.
For a non-technical guy, the reporting of Prisma Access is very easy. You need to know the navigation tabs, but it only has so many of them and you can do many things in the tabs. It is pretty easy because there aren't that many pages or options.
And the updates, like URL updates, IPS, IDS, and any WildFire subscription updates are very helpful for protecting our infra.
What needs improvement?
There should be a dedicated portal or SASE-based solution. They're trying to add a plugin but it needs a dedicated portal because it is now an enterprise solution for multiple organizations. People should be able to directly log in to a dedicated page for Prisma Access, rather than going into a Panorama plugin, and always having to update the plugin. An administrator should be able to look at it from a configuration perspective and not the management and maintenance perspectives.
For how long have I used the solution?
We started using Prisma Access by Palo Alto Networks with the pandemic in 2019, so I have been using it for over three years.
What do I think about the stability of the solution?
Initially, they were coming up with a new plugin every one or two months, and you would have to download it. But now, I don't see that. Their team continues to work on it, but as a customer, I see it as stable.
They're using the resources of GCP so if GCP in a specific region has some issues, it will impact Prisma Access. They have to look at some kind of backup.
What do I think about the scalability of the solution?
I don't see it as a scalable solution because it is running on top of VMs. They say it is scalable, but we didn't see it working that way for one or two incidents that we had. But later, they had more firewalls in the cloud and kept them on standby. Since then, I haven't seen that issue.
I have implemented the solution for 100,000-plus users, and most of them are connecting from home. It reduces the load on our on-premises firewall, handling posturing and VPN. It is a dedicated project, meaning everyone, all of our employees, uses the same solution to connect to the infra.
How are customer service and support?
When I started working with their support, the product was new for them as well so they were not all that familiar with it. They need to improve the technical support staff.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We were using Cisco AnyConnect but we replaced it, in part, with Zscaler and mostly with Prisma Access.
How was the initial setup?
Prisma Access works on Panorama which we have on a virtual machine on GCP. As with anything, if you don't know it, it is complicated, but once you understand it, it is very easy. If I look at it as a combination of before and after, the setup is of average difficulty. You can learn things very fast. It's not that difficult or complicated, but you should know the purpose of each part. Then it is easy.
When I did my initial deployment of Prisma Access in 2019, it took around five days. But by the time I had done two or three deployments, it was taking me 20 minutes to deploy.
The implementation strategy is totally dependent on the requirements. Some customers say they want the same feeling at home that they have in the office. Some customers say they want Prisma Access to reduce the burden on the existing on-premises firewall. The posture checks have to be done on Prisma Access and, once done, the traffic is forwarded.
Once you understand the product, two to three guys should be able to handle it for configuration, and then they can move on. But for operations, you need a team.
Which other solutions did I evaluate?
We evaluated Zscaler Private Access and multiple other cloud solutions.
Compared to Zscaler and other services, the advantage of Prisma Access is that it supports both data and voice. The other vendors don't support voice. With Prisma Access, we don't need to look for any other services or solutions. It supports your data and voice services as well and that is one of our most important requirements.
What other advice do I have?
At the end of the day, Prisma Access is nothing but a firewall that is hosted in the cloud. It depends on your capacity, the users that are connecting, and the VM you are running in the backend. It has all the capabilities and subscriptions that we were using on-premises. I don't see any challenges in terms of security. It is secure. They haven't compromised on anything with Prisma Access. It tries to protect us as much as possible.
It's crucial for us and is helping us a lot if you look at it from a business perspective.
We can do a lot with it and use it for eight to nine use cases. It supports your data and voice and, as I noted, I haven't seen any other product support both. Prisma Access is the best product. It depends on what you're looking for. But if you have a lot of requirements, you should go with Prisma Access.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Prisma Access by Palo Alto Networks
October 2024
Learn what your peers think about Prisma Access by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
814,649 professionals have used our research since 2012.
Single pane of glass for security and network management - Reduces operational complexity and administrative overhead
Pros and Cons
- "It's much faster and more secure than legacy solutions. It is also quite stable and scalable as well. We are able to see all the traffic in one place."
- "It would be nice to manage Prisma Access through the cloud instead of through Panorama. You can use the cloud version to monitor Prisma Access, but it doesn't have all the features yet, and it's not 100% done."
What is our primary use case?
We are a small team of ITOps Engineers. With Prisma, we can manage all our Edge Network Infrastructure (Mobile Users, Remote Networks, and Data Centers) in one location.
We also decommissioned our legacy MPLS connections and moved to VPN. If we need to expand to more offices, different countries, and different regions, it would be much simpler to do it with Prisma Access because the only things required are an internet connection and a pair of firewalls.
How has it helped my organization?
On our IT team, we now have a single interface (using Palo Alto Panorama) where we can monitor our whole infrastructure. The office and Data Center Firewalls, as well as, the Remote User VPN, forward all the traffic to the Prisma Access Infrastructure. There we can apply deep packet inspection and allow or deny traffic, and also apply additional security features like threat prevention, DNS security, malware and anti-virus protection etc.
For remote users, the VPN connection is more secure and much faster than the legacy solutions. Some of our users are located in different European countries. Now they can pick their closest location and connect to a VPN "concentrator" near their region. Whereas before, they needed to connect with one of our data centers in the UK.
Since everything is connected to Prisma, now we are able to be more proactive, detect end-user or site connectivity issues much faster. Before we were running multiple applications (NMS, Syslog, Netflow) that required a lot of engineering overhead to manage those, but also to extract the information needed. Now a lot of those tasks can be picked by the Service Desk team.
In addition, similarly to any other Cloud "Platform" the administrative tasks have been dramatically decreased. The upgrade process is very simple compared with any on-premise solution.
What is most valuable?
I don't think we have actually fully utilised all the functions of Prisma yet. The main concept of Prisma Access is what really help us to transition our infrastructure from a legacy and complex approach to a more simple and easy to manage and maintain one.
Prisma Access has three major components / connections:
- Remote connections: The links to the Remote Offices
- Mobile Users
- Service Connections : The links to the Data Centers.
You connect everything by establishing VPN tunnels with the Prisma Access Infrastructure. Prisma is now the “brain” of the infrastructure. All edge devices send all traffic to Prisma and Prisma has the knowledge to route the traffic to the correct destination. In addition you can also apply all the additional security features a NGFW can offer.
Since this is a cloud platform you can easily scale up adding more mobile users or new remote offices. Prisma will simple auto-run (if needed) additional instances in the cloud to support your load
Also, because everything's on the cloud, we don't have to worry about patching; we get all the new features as they come in. One of the biggest problems for us used to be to upgrade our VPN application. Now, it can be done with a click of a button. The administrative overhead has been reduced, and we are able to focus on things that actually matter.
What needs improvement?
The only drawback at the moment is that a “Cloud” solution like Prisma Access requires Palo Alto Panorama, which is normally a VM that sits in your DataCenter. Panorama is used for monitoring and mainly for configuring the different components of Prisma Access.
For the configuration part, Palo Alto has recently introduced an equivalent cloud application, but not all features are available yet. Also at this moment if you enable Prisma Access with Panorama you cannot migrate to the Cloud version.
For how long have I used the solution?
I've been working with the Palo Alto team since the beginning of the year (2021), when we started the initial setup. It took us around 2 months (multiple weekly sessions) to complete the setup. And the last 2 months we are fully utilising the Prisma components (Remote Networks, Service Connections and Mobile Users)
What do I think about the stability of the solution?
We have utilised Prisma Access for the late couple of months. Now we are in the process of migrating all our Remote users from the on premise Firewalls to the Prisma Access VPN as a Service solution.
Over this period we haven't faced any connectivity issues. Prisma Access underlying infrastructure is high available and scalable.
As any major Cloud Vendors line Google or AWS we may face outages in the future, but we havent experience any problems yet.
As with any infrastructure where the managent plane is in the cloud, we can know schedule an upgrade and the Prisma will take care the rest. No more complicated upgrade processes that could lead to outages and downtimes.
A few days ago the Prisma Access dataplane was upgraded. We had zero downtime and the auto-procwss went smoothly (as expected).
What do I think about the scalability of the solution?
As for scalability, you can easily bring more users to the platform; you would just need to buy additional licenses.
There is no need for purchasing new and more powerful hardware. Palo Alto will scale your platform up to support your infrastructure.
Simple integration with LDAP, SAML can help us to provision 100s of users quickly and onboard more users are the company is getting out of the pandemic freeze period.
How are customer service and technical support?
I think Palo Alto has great technical support in terms of the time of response and the efficiency of response.
Over the past few months we raised multiple tickets (P2-P4). On all of them the responses were quick within the SLA timelines. All the support Engineers had deep knowledge of the product, and always went above and beyond not only by fixing our issues, but also by trying to explain us why was misconfigured or what actually went wrong. Everyone had great communication skills, they were patient and listening our needs and requirements.
Which solution did I use previously and why did I switch?
We used local Cisco ASA Firewalls that were located in our two UK offices.Normally we had around 10-15 % of our users working remotely. During the pandemic we had to setup around 500 users to connect to the VPN. Unfortunately our ASAs had limited capabilities (250 max users for the 5515-X and 100 for the 5508-X). Our temporary solution was to use the AWS VPN solution for the remaining users.
At that point we realised that we need a flexible and scalable solution. In addition the company has embraced the cloud first approach a few years back by moving all our servers to the cloud, so utilising a VPN as a Service (offered by Prisma Access) was an expected next step.
In my team there are Cisco certified engineers and we have been using Cisco products for many years, but for my opinion when it comes to security and NGFWs, but they haven't reached the level of Prisma Access by Palo Alto Networks. I believe Palo Alto is the key player in the market.
How was the initial setup?
We had a mixture of different applications and vendors, and we wanted to merge everything under Prisma Access. The terminology is a bit different between Palo Alto and Cisco ASA, and between their local firewalls and the Prisma Access firewalls. It took us about a month to wrap our heads around it and understand how things worked. Once we did that, it was easy to implement. We have gradually migrated all our services. We did our MPLS and the connection to AWS, and now, we're slowly migrating the users. No one has noticed, so it has been seamless.
We don't have a big infrastructure and did the migration piece by piece, and it was really easy and seamless.
To set up the infrastructure with the team, it took us less than a week. The gradual migration took us three weeks, but the basic setup takes less than a week.
What about the implementation team?
We used the Palo Alto professional services, which mainly help us though multiple Zoom sessions to understand all the Prisma components and also to configure the core Prisma setup. The fine tuning was done by the in-house team.
We had a great experience. All the Palo Alto consultants had a great knowledge of the product and they were very helpful, making it very simple for us to understand this new Platform. They were never leaving any questions unanswered and they were always providing accurate documentation and references for my team to get the required knowledge and to understand / follow up during the Setup.
What was our ROI?
I think the ROI has been good. We no longer need people to maintain the whole infrastructure, and we do not need to spend money on different services that we no longer use like MPLS or other kinds of support.
Also, the fact that we can quickly scale up without worrying about buying additional licensing is great for us.
What's my experience with pricing, setup cost, and licensing?
The price has been good for the ROI during these difficult times for the cruise industry. With Prisma, you need three types of licenses
- Palo Alto support
- Number of Remote Users that are connected to VPN (concurrent connections)
- Total Bandwidth between Remote Sites offices and Prisma. If you have three or fewer DCs then you don't have to purchase additional connections or bandwidth.
There are no hidden costs; what the product offers is what you get.
Which other solutions did I evaluate?
We didn't run any PoC with other vendors. Before we were introduced to Prisma Access we were thinking of moving also our Firewalls to Meraki (as we will do with our switches). I believe no other vendor can offer what Palo Alto with Prisma provides, at least at this moment.
What other advice do I have?
In my experience, Prisma Access is a great platform. However, since SASE is a new fairly new concept, it was a bit confusing to understand all the different components and how all of them work together. On top of that if you are not very familiar with Palo Alto firewalls and especially Palo Alto Panorama, additional training would be recommended. Of course the same concepts of a NGFW from any other vendor are applied.
Once you grasp how Prisma Access works, then it's really a piece of cake to set everything up.
For example, we are a small team of three people, and I'm the senior network engineer. My VPN knowledge was not good because we've mainly had MPLS. Still, it was very easy to set everything up.
You setup everything through the web GUI (Palo Alto Panorama). You don't need to know a lot about CLI. With Cisco devices, you have to be an expert in CLI to set up a few things.
On a scale from one to ten, I would rate Prisma Access by Palo Alto Networks at ten because it's an innovative product. They “invented” the whole concept (SASE), and they're way ahead of other competitors.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Network Architect at a computer software company with 1,001-5,000 employees
Saves costs, helps to identify shadow IT apps, and provides better VPN user experience
Pros and Cons
- "Overall, the cost savings, ease of deployment, and better VPN user experience and performance are valuable."
- "Sometimes, you have these notifications sent out about changes in App-IDs, modifications in App-IDs, or even the introduction of entirely new App-IDs to replace. Sometimes, the recommendations are followed, but even then, when the package is installed on the firewall, it gets messed up. I remember a particular one was with Tableau, and suddenly, people weren't able to use Tableau, which is an analytics tool for business."
How has it helped my organization?
It made VPN easy with the ability to build distributed VPN gateways. The cost of IT deployment is a bit less because you just need a VPN-capable device at the branch, as against the full stack, before leveraging the firewall service feature. There is also better latency for the clients in terms of talking to resources back at the data center.
It's Panorama-managed. Using Panorama makes it easy for me in terms of pulling policies and doing things on the fly.
It's pretty similar to the native physical firewalls. The only difference is that with SaaS security, we're able to get a little more detail about shadow IT SaaS applications and properly categorize them, which is helpful to decide what we need to do with those applications. It affects which applications we would want to see running over the network and which applications we need to restrict from users.
Similarly, in terms of protecting data and preventing zero-day threats, it's the same thing that I get with my physical firewalls. The data is sent to Wildfire. All the features are all pulled from the same intelligence sensors. The only difference is that this is in the cloud.
Prisma SaaS helps to keep pace with SaaS growth in our organization, but it's not a big deal for us. Mostly, we're looking through or sifting through identified SaaS applications, and it's a good thing to have that visibility. That's what we're enjoying right now, and then probably with time, we might be relying on it to make decisions in terms of setting restrictions to some SaaS applications, especially those that are not sanctioned by IT.
What is most valuable?
It's hard for me to pinpoint a certain feature against the other. The product makes more sense as a whole. Overall, the cost savings, ease of deployment, and better VPN user experience and performance are valuable.
What needs improvement?
It helps to identify and control shadow IT apps. In terms of its impact on our organization's security, it has been like a sword with two edges. Sometimes, it has proved to be helpful in securing workloads, and sometimes, especially when there are modifications to App-IDs pushed through the content database, we find some things messed up. We've come to a point where we have our ways of managing these things, but all in all, App-ID has been very helpful, especially in detecting tunneled applications.
At the end of the day, it's simply an operational thing. Sometimes, you have these notifications sent out about changes in App-IDs, modifications in App-IDs, or even the introduction of entirely new App-IDs to replace. Sometimes, the recommendations are followed, but even then, when the package is installed on the firewall, it gets messed up. I remember a particular one was with Tableau, and suddenly, people weren't able to use Tableau, which is an analytics tool for business. So, it can get messed up, but it doesn't happen often.
For how long have I used the solution?
I have been using it for about two years.
What do I think about the stability of the solution?
So far, it has been stable. We get all those notifications around changes. I haven't seen a lot of IT changes that need some kind of manual effort.
What do I think about the scalability of the solution?
Being on the global license package and being able to spin up a VPN gateway just like that has been a huge benefit. If I have new users in Berlin, I can make life better and just spin up something close to Berlin for them to connect to. If there's an office coming up somewhere in Poland and there are some supply chain issues. If I have a router somewhere there, I can just leverage on that easily without worrying about, "Oh, when am I going to get my stack deployed? How soon can I complete a project so that users are able to start working from that office?" Those are the things that I don't need to bother about anymore because I can easily spin up a complete node close to their location, and I can tunnel between them, do my routing, and they're good. They can talk to whatever resources we need them to talk to remotely and connect to the cloud from there for internally protected cloud workloads. Scalability is obviously a huge factor.
What other advice do I have?
The Cloud App-ID technology is something I am still observing. It takes us back to SaaS security. App-ID is a critical and fundamental part of being able to identify SaaS applications. So far, the applications identified have been true positives. It seems to work so far, but with time, we'll see how it's able to help with identifying SaaS applications better.
It helped to identify cloud applications that we were unaware that our employees were using. I don't have the metrics, but we do generate reports from time to time just to see what's going on and how we compare with the industry in terms of application usage. Similarly, for risk identification, I don't have metrics. We are just reviewing and sifting through these applications. We don't, or we haven't, put a risk score on them yet. Until that's done, it's almost impossible for me to say if these are bad actors or not. We have visibility now. The SaaS applications that have been used at the moment are not of concern based on the last review we did. As time goes on, we might start considering some as risky or start categorizing the risks in some of these SaaS applications. Currently, it's all open. We mostly have mobile users, and we have another solution for endpoint security and Internet-based applications that go through their home Internet. There are few who do visit the office. Probably less than 10% of the organization goes into the office, so there's no huge concern at the moment because of those very low numbers.
For the parts and the features that I use, which are mostly remote branch and mobile gateway, I would rate it an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Professional Services Consultant at Infinity Labs India
Eliminates the need for managing and paying for data center resources
Pros and Cons
- "The Autonomous Digital Experience Management (ADEM) offered by Palo Alto is a good reporting tool. It gives insights into how things are going within the network. It takes all the data from the users' endpoints and does an analysis, and it suggests changes as well."
- "The Cloud Management application has room for improvement. There are a lot of things on the roadmap for that application; things are going to happen soon."
What is our primary use case?
The use case for our clients is that they have branch office locations all over the world. Users can connect over the internet and inspection of their traffic will happen on the Prisma infrastructure. Remote users can also connect to the VPN through Prisma infrastructure, and they can connect their data center with the Prisma infrastructure as well.
It's a cloud solution from Palo Alto Networks. Customers just need to establish an IPSec tunnel from their on-prem device with Palo Alto's closest location, which they have all over the world—100-plus locations.
How has it helped my organization?
The benefit of using Prisma Access is that the customer doesn't need to have their own data center. They just need to purchase a Prisma Access license. The customer will save on the labor cost associated with the data center, on the electricity cost, and they will save on the land cost as well. The data center infrastructure is provided by Palo Alto Networks.
Prisma Access is a big change for our customers. Not having to have data centers, and not having to deploy a firewall at each location, makes things simpler.
The solution also enables customers to deliver better applications. It helps them save on costs. It is easy to manage with fewer resources.
What is most valuable?
It's easy to manage. Our customers do not need to worry about what is happening in the data center. With legacy networks, they have to worry about things like the firewall being down and having to go to the data center to replace it. With Prisma Access, they do not need to worry about that. Palo Alto takes care of it. If something goes down in the infrastructure, the Palo Alto team will take care of it.
Prisma Access protects all app traffic, so that users can gain access to all apps. It is important for our clients that all traffic coming through the firewall is inspected. Prisma inspects all the traffic, and if a customer wants to make an exception for certain traffic, that is also possible.
It also inspects both web-based apps and non web-based apps.
In addition, it's really easy to manage. If customers have Panorama they can use it to manage Prisma Access. There is also a cloud application which provides a single console to manage it. Changes can be made on that console and pushed to the customer's environment, which is another way they make it easy to manage. The customer can opt for Panorama or the cloud management application. The latter is free.
Prisma Access provides traffic analysis, threat prevention, URL filtering, and segmentation, as well as vulnerability protection, DLP, anti-spyware, antivirus, URL filtering, and file blocking. It provides everything. This combination is very important. When a customer wants to block certain URL categories, they can block them. If they want to exclude any entertainment websites from their environment, they can block them. What we implement depends totally on the customer's environment and what they need. We can play with it and modify things.
Another benefit is that if any vulnerability is detected, such as a Zero-day attack, Palo Alto provides an update dynamically. The patch is installed so that the network is not exploited.
The Autonomous Digital Experience Management (ADEM) offered by Palo Alto is a good reporting tool. It gives insights into how things are going within the network. It takes all the data from the users' endpoints and does an analysis, and it suggests changes as well. The ADEM analysis of various tests will give the user feedback such as, "Okay, I'm seeing latency here." We or the customer can then improve on that. If something is blocked that shouldn't be, we can make a change in the policy. It's a good tool to have. It makes the user experience better.
What needs improvement?
The Cloud Management application has room for improvement. There are a lot of things on the roadmap for that application; things are going to happen soon.
For how long have I used the solution?
I have been using Palo Alto Networks Prisma Access for around one year, as a consultant. I have deployed the solution for clients all over the world.
What do I think about the stability of the solution?
The availability of Prisma Access is good. I haven't seen any major issues yet.
What do I think about the scalability of the solution?
It is scalable. We scale the solution based on the customer's requirements, after getting their technical design and discussing how they want to deploy it.
How are customer service and support?
I would rate their customer support at nine out of 10. The one point I have deducted is because it is very hard to get support sometimes. There are times when the customer has to wait a long time in the queue. But once they get an engineer, they get the proper support. The Palo Alto engineers are good. It's just that it's very hard to get the engineer on time, sometimes. I believe this is because the solution has expanded a lot. Users are purchasing it but the support is not keeping pace. They are working on that and the support is going to be increased in the future.
How would you rate customer service and support?
Positive
How was the initial setup?
The deployment is simple.
The time it takes for deployment of Prisma Access depends on how big the environment is. One company may have 120 or 130 branch sites, while another company may have just six or seven. It varies on that number of sites or on the number of data centers they have. If there are only five or six branch office locations, then the deployment can be completed in five or six days.
What's my experience with pricing, setup cost, and licensing?
I'm not involved on the financial side, but I believe the solution is costly.
What other advice do I have?
In the same way a customer manages their on-prem firewalls that are not on Prisma Access, they can manage Prisma Access infrastructure through Panorama. That makes it easy for them. The customer is already familiar with how to manage things with Panorama, so there isn't much that is new. There are little changes but that's it. If a customer is already using Palo Alto, we recommend going with Panorama.
Overall, the security provided by Prisma Access is top-notch. It is the same firewall that Palo Alto provides for a local setup. It's the best firewall, per the industry review ratings.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Works
Beneficial single platform delivery, protects application data well, but reports lacking
Pros and Cons
- "The solution has all its capabilities in a single cloud delivery platform which is great and it provides overall good protection."
- "If you compare Prisma SaaS against other products, such as Cloud Log, it's a little bit tricky to understand, but it offers different functionality that other products don't have. From a user usability point of view, you need some training for this product, as an admin, you need a couple of demos."
What is our primary use case?
We are using Prisma SaaS for products. We use many content-based platforms and we were using this product to perform policy detection. If someone is sharing something publicly, externally, from our domain, which is risky. This product allows you to write policies, and those policies will detect content, which captures them in the policy category or in the criteria. You then can add remediation action for protection.
We deploy the solution using their infrastructure and we connected that solution with our applications.
How has it helped my organization?
Prisma SaaS has helped the way our organization has functioned. Before the used the solution, we needed to write API calls for every platform to receive data out of it. It's a tedious task because we have 20 products and you need to write 20 application API calls. Once you receive the API calls, you need to massage and manipulate the data, search, and filter it. We need to write the full-fledged application. However, this product does it all, it gives you everything.
Instead of writing applications, we only need to go into one place, one URL, and we are able to do whatever we need to. In terms of hours, it saved us a lot of time and hours to do similar tasks previously, which we used to do using API calls to the product.
What is most valuable?
This is a one-stop solution. They have multiple features for every product, you don't need to purchase different products for each platform. When you purchase one Prisma SaaS you can connect to 10 different things. You can write different policies, attach different policies, search, and export the data out. There are many capabilities of this solution.
The solution has all its capabilities in a single cloud delivery platform which is great and it provides overall good protection.
What needs improvement?
If you compare Prisma SaaS against other products, such as Cloud Log, it's a little bit tricky to understand, but it offers different functionality that other products don't have. From a user usability point of view, you need some training for this product, as an admin, you need a couple of demos.
The reports and setting the policies could improve, they are important. Their UI is a little bit confusing when you create the policy section. There are times when it looks like you are in one section, but you're technically in another section and you're saving something else. The need to make it more clear in the UI for policy creation and setup.
For how long have I used the solution?
I have been using Prisma SaaS for approximately one year.
What do I think about the stability of the solution?
The stability of the solution is a little bit slow when you do searching. However, I have never seen an error on the application for over one year. It is stable.
What do I think about the scalability of the solution?
The scalability of Prisma SaaS is very good.
We plan to increase the usage of this solution. We are working with the compliance team and we are trying to find more policies and more products where we can use Prisma SaaS. We have recently renewed the solution for three more years.
How are customer service and support?
If we open a private ticket, they're pretty fast. They get back to us in a timely manner and we work with them actively.
I would rate the technical support a seven out of ten.
Which solution did I use previously and why did I switch?
We have two solutions that we use. We also use CloudLock for a specific product. These products are usually application-based, and if you compare BetterCloud and CloudLock, CloudLock is good for Google. Similarly, BetterCloud is good for Dropbox because their EPA's are more integrated. Prisma SaaS is good for receiving data from OneDrive, Office365, and a lot of other products. We have multiple products depending on the use case.
How was the initial setup?
The initial setup is straightforward. It's a SaaS product, we only need to log in and integrate our apps using our administrative rights.
The full deployment takes a couple of weeks. The deployment is easy, but the scanning takes time. If you connect a product and that product is having a terabyte of data, the scanning will take time. However, deployment connecting to the products, it's fairly easy.
We implement the solution in a sandbox environment and a production environment. The sandbox environment is connected to our sandbox applications, and production is connected to production applications. Whenever we are trying to launch a new policy, we used to try a new sandbox first. If it goes well, we send it to a production environment. We upload a sample of corrupted files to see if the policies are acting as they are supposed to.
What about the implementation team?
We used an integrator and we worked with them directly.
We use approximately 40 hours a week for the maintenance of the solution to get everything done.
What's my experience with pricing, setup cost, and licensing?
The pricing can be difficult because it came to us with another agreement, but it can be negotiated. I highly recommend people to compare this product's performance and pricing against BetterCloud, because I feel BetterCloud is better than Prisma SaaS if they're starting from scratch.
What other advice do I have?
The auditing does not protect all application traffic. It's more content-based. For example, if I uploaded a file and that file has sensitive information, Prisma will detect it. It will tell me where that file has been uploaded, how it's shared, whose current external parties were accessed. Anything which is bound to my user base, I will receive the report, but not the audit log. It won't tell me when users log into the platform, or if they log out. However, it will tell me if they upload anything and take any action on that content.
We can connect the solution to AWS F3, which you can be considered not web-based because it has both products. From the F3 bucket, you can access it through different mechanisms. We are using it for some products which are not purely web-based.
We use SaaS products. That means infrastructure is not in our control and if you upload something into those platforms, such as Dropbox, any content that is put into the data system, we need to make sure that our data is protected and not shared outside. This product and its processes allow us to monitor it. We can create a policy, and limit the action. A person does not need to wait and then take action. For example, if someone uploaded something critical, a Saas policy gets triggered, and it automatically brings that operation down. If someone shares a file publicly, the policy triggers and detects the file and removes the public sharing. This is how we are protecting our data within our platform using this product.
I have learned from using this solution we should have more policies created as per compliance and security to utilize the features of this product better. If you have this product and if you're not writing a policy, then this product is useless. Right now we have basic policies, four and five, which I feel we have the potential to increase to 15 or 20.
I rate Prisma SaaS by Palo Alto Networks a seven out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Sr. Security Analyst at Atos
Plenty of features, secure, and simple installation
Pros and Cons
- "There are plenty of features this solution provides and the most valuable would be the complete security protection we are receiving. We are provided with similar security that the Palo Alto AWS solution has. This includes features such as a firewall and machine learning AI."
- "There can be some latency issues with the solution that should be improved."
What is our primary use case?
We use the solution to secure and monitor our traffic to the cloud. We are able to route traffic where we need it to go and It provides us with secure direct connectivity to our cloud application console.
What is most valuable?
There are plenty of features this solution provides and the most valuable would be the complete security protection we are receiving. We are provided with similar security that the Palo Alto AWS solution has. This includes features such as a firewall and machine learning AI. The cloud server provides maximum uptime, controls, and overall strong security.
I have received a lot of good client user experience from the solution.
What needs improvement?
There can be some latency issues with the solution that should be improved.
What do I think about the stability of the solution?
I have found when comparing this solution to others it is very stable.
What do I think about the scalability of the solution?
The solution is scalable. We definitely plan to increase usage, many people are working from home and this solution makes sense being in the cloud. We encourage our organization to utilize the solution to its maximum potential.
How are customer service and technical support?
Whenever we had to use the technical support they have been very knowledgeable about the issue we were facing.
Which solution did I use previously and why did I switch?
I have used other solutions in the past and this solution has better security and conductivity in the cloud environment.
How was the initial setup?
The initial setup is straightforward.
What about the implementation team?
We did the implementation ourselves. The full implementation can take a while, it typically does not take more than a few days. However, the time is dependant on the environment in which the solution is being implemented. It should not take more than 20 days.
Since this is a cloud base solution it does not require a lot of maintenance. The updates are done from the company side.
What's my experience with pricing, setup cost, and licensing?
The solution requires a license and the technical support has extra costs. The licensing model could improve.
What other advice do I have?
I have learned that moving operations to the cloud is a good thing.
I rate Prisma Access by Palo Alto Networks a nine out of ten.
Which deployment model are you using for this solution?
Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Endpoint Security Manager at Catholic Health Initiatives
Stable with good posture checking and relatively easy to set up
Pros and Cons
- "It's great that we can make sure a machine meets the minimum requirements before users are allowed to log in."
- "The solution needs to be more compatible with other solutions. This is specifically a problem for us when it comes to healthcare applications. They have proprietary connection types and things of that nature that make compatibility a challenge sometimes."
What is our primary use case?
We primarily use the solution for mobile users and mainly mobile laptops. In some cases, we use the solution for cloud tenant portals in Azure. We use it to connect those back into the network.
What is most valuable?
Overall, it's a great solution that works quite well.
The solution's most valuable feature is the posture checking.
It's great that we can make sure a machine meets the minimum requirements before users are allowed to log in.
What needs improvement?
The solution needs to be more compatible with other solutions. This is specifically a problem for us when it comes to healthcare applications. They have proprietary connection types and things of that nature that make compatibility a challenge sometimes.
The scaling can be a bit tricky, depending on the setup.
For how long have I used the solution?
I've probably been using the solution for four years at this point.
What do I think about the stability of the solution?
The stability is quite good. We haven't had any issues in that sense. It's reliable. There aren't bugs or glitches. It doesn't fail.
What do I think about the scalability of the solution?
The solution is scalable. However, it's more of kind-of piecemeal scalability. I didn't actually deploy it. I just know a lot about it. It depends on how your network is set up. If you have a single egress, it's easy. If you have 70 egresses, it can be very, very difficult.
You may have those many email egresses because you're geologically spread out and you need people to connect with certain portals based on where they are. Of course, we want users to connect to their closest portal. There's complexity there and the cloud doesn't really solve it because the cloud still has to do load balancing and hand it off to the concentrator.
On average, we have about 8,000 users between IT, finance, HR, and, of course, house and home users.
How are customer service and technical support?
I can't speak to the acceptability of technical support. I've never had to contact them.
Which solution did I use previously and why did I switch?
We were using AnyConnect. It was limited in terms of egresses, so we decided to switch.
How was the initial setup?
For us, the initial setup was not straightforward. It was very complex due to the fact that we're a very large company. That said, I don't mind the complexity.
The deployment was easy. It was just a matter of handling the configuration for different regions and hospitals. We had to figure out what egress they come in on or what device they come in on and things like that and that decide upon what's the most efficient means for them to connect back into the network.
What's my experience with pricing, setup cost, and licensing?
I don't deal with licensing in the company. I'm not sure what the pricing is.
My understanding is that it's a bit more expensive only because it's part of the framework of the Palo Alto solution. It's more sensitive than if we just went and got some free VPN or some ad hoc solution, and so it's a bit more costly.
What other advice do I have?
We're just a customer. We don't have a business relationship with the company.
I'd advise others that the solution is largely based on the complexity of your environment. It's not that deployment's difficult. It's just that you want to put it where it's most efficient. You've got to take the time to figure out where your users are and how they connect and where they're connecting from.
Overall, I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Prisma Access by Palo Alto Networks Report and get advice and tips from experienced pros
sharing their opinions.
Updated: October 2024
Product Categories
Secure Access Service Edge (SASE) Secure Web Gateways (SWG) Cloud Access Security Brokers (CASB) Enterprise Infrastructure VPN ZTNA as a ServicePopular Comparisons
Microsoft Intune
Cisco Umbrella
Fortinet FortiClient
Zscaler Internet Access
Workspace ONE UEM
Zscaler Zero Trust Exchange Platform
OpenVPN Access Server
Microsoft Defender for Cloud Apps
F5 BIG-IP Local Traffic Manager (LTM)
Okta Workforce Identity
Cloudflare SASE & SSE Platform
Cisco Secure Client (including AnyConnect)
Buyer's Guide
Download our free Prisma Access by Palo Alto Networks Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What is the better solution - Prisma Access or Zscaler Private Access?
- How does Prisma SaaS by Palo Alto Networks compare with Zscaler internet access?
- What is the difference between point solutions (SD-WAN, NGFW, SWG, VPN) and SASE?
- What questions do you need to ask when choosing a Secure Access Service Edge (SASE) solution?
- When evaluating Secure Access Service Edge (SASE), what aspect do you think is the most important to look for?
- Has anyone ever heard of secureaccess.com?
- What is the difference between SASE and SD-WAN?
- What is the difference between SASE and CASB?
- What SASE solution does your company use?
- Why is SASE (Secure Access Service Edge) important?