Prisma Cloud by Palo Alto Networks Reviews

We are running multiple VMs on GCP and use Prisma Cloud to monitor the CICD pipeline for any issues. If there are issues, we raise tickets in Jira. 

Prisma Cloud keeps our servers secure in most cases. We get the most value from the alerts when we have security issues. The runtime protection is also a good thing. We're also exploring the possibility of automating the CICD pipeline. 

We realized the benefits immediately after we integrated or connected our account.  We used to get a lot of false positives, but we took steps to fix that. In most cases, we get help with that. It doesn't take much time to identify the problem.

Prisma covers the full development cycle and helps us a lot. We use it in the development phase and get a good value from it. We catch issues before the production stage.

Prisma Cloud's real-time detection and monitoring of our entire system is the most useful. We also value Prisma's runtime protection and security alerts.

We like Prisma's preventative approach to cloud security. It alerts us about security issues before they become a problem. If our cloud system has outages, our clients may switch to another competing platform. With the preventative approach, we can ensure our servers are always up. 

The UX part of Prisma's user interface could be simplified and the metrics tool should be highlighted more.

I have used Prisma Cloud for three months.

Prisma Cloud is stable. We haven't had any downtime, crashes or lag. 

Prisma Cloud is highly scalable. 

It was easy to deploy and integrate Prisma Cloud. We connected to our account and chose the platforms and environments we have. When we first deployed Prisma Cloud, we didn't know much about it, so it took 30 minutes to an hour. Deployment was a one-person job. It doesn't require any maintenance on our end because it's a cloud platform, so we just receive alerts. 

I rate Prisma Cloud 10 out of 10. The first thing a new user should do is check the documentation and the official YouTube videos. You can always contact their technical support if you have any issues. I don't think they will require technical support because the videos are useful and the documentation is also good. You can also easily integrate and see the reports on the UI. 

We use the compliance and vulnerability management modules. We are a bank and have certain controls in place. My business unit is cloud-only, and we need to enforce controls, and for audit purposes, we need to collect evidence of control enforcement. We have a number of controls around cloud resources. We configure Prisma to enforce those controls pretty automatically. Prisma generates evidence of the controls that we can present to auditors when we are audited. If we didn't solve this problem, we could lose our license.

It's hard for me to say how Prisma has improved our organization because it was implemented before I joined. But given the number of security controls that have been automated with Prisma, we have managed to achieve a fair amount of manual cost reduction for our control testers. And the automation and integration capabilities of Prisma have allowed us to save a lot of engineer time on evidence. Without Prisma, we would have to do all these things manually. Overall, it results in a huge FTE reduction.

With the number of controls that need to be tested, we would be talking about a team of around 100 people. With the Australian salaries, Prisma is probably saving us $1,000,000 to $2,000,000 a year.

The framework to configure controls is pretty good; it's pretty sophisticated. We can implement a fair amount of testing for a fair number of controls.

It's vulnerability management is quite good, and its integration functionality is something that we have found to be pretty capable.

We also use Twistlock for container security, which is good.

And Prisma Cloud's security automation capabilities are quite good. We use the periodic scanners, and we feed Prisma filings into our control evidence management system. They tick all the boxes for us.

One thing that is missing is Cloud Run runtime security—serverless. That would be great to have in the tool. It's not that easy to have Cloud Run in specific environments.

We have also found that Google Security Command Center has a little bit better coverage for GCP because it's native. That's why we pay for both tools. But ideally, we should only need one tool. Prisma Cloud's coverage of GCP is okay, but a little better coverage would be better.

Our cloud environment is complex, and Prisma doesn't cover all aspects of it. We don't rely on Prisma for any kind of security discovery. We just rely on it as a control-test and automation tool.

We get a few alerts in Prisma, and it allows us to trace any violations back to the source. It's a pretty straightforward interface.

Another thing that we have found useful with Prisma is its Jira integration. When our integration finds a new alert, it creates a ticket in Jira, so it's fully visible and tracked, appearing in all the dashboards.

I joined this branch of the bank six months ago, and Prisma is my portfolio now.

It's stable enough. I can't remember any outages of Prisma Cloud.

It's a SaaS service and is licensed both for our team and for the enterprise. On our side, there are 1,000-plus user licenses. We have five or six integration points, so in that regard, it's not humongous.

We are growing extremely quickly, and Prisma Cloud provides all the required services without any need for us to do anything to scale. It's pretty elastic. We'll probably grow by 10 times in the next couple of years. So far, I don't have any doubts that Prisma will support us.

I've never dealt with their technical support. Prisma Cloud just works.

Our bank itself is huge and uses all sorts of solutions. My business unit is quite young, it's only three years old, and I don't think there were any solutions in this space.

Deploying it was pretty straightforward compared to other tools. We implemented a fair number of compliance rules pretty quickly. I recently participated in some integration activities, and integration-wise, it was very straightforward.

As for maintenance on our side, there really isn't any. We periodically need to review the controls being tested and the control automation, to make sure that they're aligned with changes in the controls. Other than that, it's pretty maintenance-free.

We have managed to save a fair amount of money and effort in hiring manual testers. That's what automation does for us.

I wouldn't mind if it were cheaper. We are spending a fair amount of money on Prisma Cloud. It's probably okay, but, funnily enough, banks don't have money. Periodically, we have cycles of cost-cutting, so if we could save on Prisma Cloud, that would be great.

We don't use Prisma for build and deploy, we use another set of tools. Right now, we are doing our internal due diligence to figure out if we can replace all of those with a single tool, whether it's Prisma or any other tool. We don't know at the moment.

It's very hard to attribute any kind of runtime alert reduction to Prisma Cloud as we use a whole zoo of tools. Prisma is just one piece of the puzzle. We don't have too many runtime alerts thanks to the joint work between our build tools, deployment prevention security tools, and Prisma.

While it's a good tool, you need to be mindful of serverless because serverless runtime security is tricky and, unfortunately, Prisma doesn't do too much there. Other than that, it's a good tool.

We are using CSPM, IM Security, and Cloud Workload Protection modules.

There are different use cases for Prisma Cloud. Our use case for the CSPM module is to assess compliance with standards such as HIPAA and GDPR, based on our current cloud CSV vendor and configuration. We need to use a CSPM tool to calculate the risk score associated with our current compliance posture.

Some of the reasons we implemented Prisma Cloud were to find the total number of assets in the compliance asset inventory and use the CSPM to assess our workload security. If we have a container environment, we can secure it using cloud workload protection. Additionally, IM Security can help us to determine if our saved credentials are exposed to the public network.

Prisma Cloud provides security for multi- and hybrid-cloud environments. This is the best use case for supporting multi-cloud vendors because, even if we have different cloud service providers, such as AWS, Azure, or GCP, we can manage and view all data in a single, consolidated screen.

All cloud service providers have limitations when it comes to cloud-native stack visibility. Prisma Cloud integrates with all CSPs, switches and correlates the data, and provides complete configuration details for alerts and incidents.

Prisma Cloud's security automation capabilities are effective, allowing us to specify our audit criteria and key configuration audit parameters to detect and automatically remediate misconfigurations. We also have playbooks to automate remediation.

It helps us take a preventative approach to cloud security. We recently received an incident alert for a resource with a security group that allows all ports, which is not a best practice. We will send a notification to the DevOps team and make a change to only allow the necessary ports. We can also automate this process to automatically remove all port access and only allow specific limited ports. Additionally, we can proactively define security keys for our servers and identify and fix vulnerabilities.

We have improved our organization in many ways. The first benefit is that we have from Prisma Cloud a complete asset inventory of all our cloud resources across all CSP vendors. This includes the number of assets and the number of VM instances currently running. This is a valuable use case, as it provides us with visibility into our entire cloud environment. The second benefit is that Prisma Cloud can help us identify misconfigured assets. This is also a valuable use case, as it helps us to ensure that our cloud resources are configured securely. The third benefit is that Prisma Cloud can help us to identify unusual access to our cloud resources. This can be helpful in identifying and responding to security threats. For example, if a user logs into a cloud instance from India and then two hours later logs into the same instance from the US, this could be a sign that the user's account has been compromised. Prisma Cloud can alert us to this type of activity so that we can investigate and take appropriate action.

The comprehensiveness in securing the entire cloud-native development lifecycle is great. We have integrated this solution with our CI/CD pipeline tools, so it scans and validates code in real-time, only allowing legitimate code to be processed further and executed.

It provides us with the visibility and control we need. At first, we may receive many alerts, but once we fine-tune them to generate genuine alerts only for legitimate traffic, our confidence in our security and compliance posture increases.

It also makes it easy to integrate our security with our existing CI/CD pipeline.

Prisma Cloud provides us with a single tool to protect all of our cloud resources and applications without having to manage and reconcile security tools.

Prisma Cloud provides clear visibility into risks at runtime and across the entire pipeline, showing issues as they are discovered. Our developers are able to correct the issues using just a few tools.

Prisma Cloud has reduced our runtime alerts by 20 percent. It reduced our alert investigation time to ten minutes. It also has saved us between 30 to 40 percent of our costs.

CSPM is the most valuable feature for any organization that runs its workloads in the cloud. CSPM can audit the current cloud configuration, identify misconfigurations, and assess risk.

If a customer is already running their workloads in the cloud and wants to secure them, Defender emails can be used to easily identify potential risks. Additionally, the CI/CD pipeline can be scanned to identify any vulnerabilities in the code that developers have written. When code is uploaded, it will be validated and only legitimate code will be applied to the production application. This means that no vulnerabilities will be present in the code.

CSPM can also be used to scan existing infrastructure for vulnerabilities.

The IM security has room for improvement. I would like more important features added.

I have been using Prisma Cloud by Palo Alto Networks for three years.

Prisma Cloud is stable.

Prisma Cloud is scalable.

The technical support is good.

Positive

The initial deployment was straightforward. All components can be deployed in one day, but the CSPM alone only takes half an hour.

Ten people were required for the deployment.

Prisma Cloud is more expensive than some other solutions, but when we consider all of its use cases, the cost averages out.

I would rate Prisma Cloud by Palo Alto Networks nine out of ten.

In terms of our location, we have different cloud service providers, such as AWS and Azure. The majority are AWS and Azure, where we have integrated Prisma Cloud. In terms of Docker and containers, we have integrated some types of labs and CI/CD parts. Therefore, we currently manage both AWS and Azure, as well as a few GCP parts, within a single console.

We have over 50 users.

Prisma Cloud requires maintenance and the OEM initially notifies us of the priority and schedule for maintenance.

We use it for mobile access, and we probably will also adopt a direct connection to our small branch offices across Europe.

Prisma Cloud has improved the response time and the availability of our applications on-premises and on the cloud for our users in many different countries in Western Europe, Eastern Europe, and the United States.

We use it for our mobile users. Prisma Cloud is a very strong and robust platform that improves endpoint security. The COVID-19 pandemic made us realize that we should be able to permit more or less 50% of our employees to work confidently and securely from home.

Prisma Cloud provides security across multi-cloud and hybrid-cloud environments. We already have developed a direct connection between the Prisma Cloud platform and the Azure Cloud solution. We also have integration with the AWS cloud where most of our servers are now located. It was absolutely a strategic choice for us.

We have decided to adopt almost all the security features that Prisma Cloud offers, such as DNS security, threat prevention, vulnerability analysis, anti-phishing, email, and so on. We did not use Prisma Cloud for security automation capabilities. We have a very specific application for the OTC environment, and we prefer to maintain this environment completely separate from the other world of traditional information technology applications.

Prisma Cloud helps with cloud security, but we are also managing security at many different levels. We have endpoint protection, firewalls, SIEM, and log collectors. We also have dedicated probes that work silently to discover any anomalies, such as zero-day threats, that could be there. We have a Palo Alto firewall, and this cloud solution also has some predefined level of security managed by the cloud provider.

Prisma Cloud provides the visibility and control we need, regardless of how complex or distributed our cloud environments become. We can very quickly and easily analyze the clusters, the connections, and so on. We have very good control over the data flow and any possible security problems. It increases our confidence in our security and compliance postures.

About 50% of our people work from a private network, not inside the company. The protection of the endpoints is more difficult than the protection inside the office. Prisma Cloud can elevate the level of security for people who are working from home or are traveling to another country and so on.

Prisma Cloud provides us with a single tool to protect all of our cloud resources and applications, without having to manage and reconcile disparate security and compliance reports. Prisma Cloud is used by remote users that are working from home, and that is it. It makes our operations easier.

I have daily evidence of any possible new threats that could appear. I get to know how often a threat was blocked and from which client these threats were blocked. We can then very quickly contact the user if there is a compromised endpoint.

Prisma Cloud sends the email and data to the administrative IT staff in case a very severe threat appears. So far, we have not received any alerts related to severe threats.

Prisma Cloud has reduced a lot of our alert investigation time. We have perfect visibility of every single connection from our colleagues who are working from home, a hotel, or any other place. We have activated a mechanism by which the VPN connection is mandatory as soon as the end users switch their computers on. If I have a severe alert, I could investigate the related bad behavior and node in 10 to 15 minutes.

We found it to be easy and flexible. We could easily configure it for our needs, and we could spread the Prisma Cloud platform to 16 countries without encountering any kind of problem.

It can be too expensive for small companies.

In terms of features, I wouldn't add anything specific. They did a major improvement in the field of reporting. It can automatically produce statistics on usage and so on. This aspect was not very well developed at the beginning of the project, but now, there is a very big improvement in this specific field. Reporting is better than the previous versions, so at the moment, for our needs, the solution is good enough. We might need something in the future, but at the moment, we are not asking Palo Alto for any new developments.

We have been using this solution for half a year. We started the project at the beginning of this year, and at the moment, we have about 2,100 people who use this solution.

It is very stable. The platform is quite robust and available. From the time the project was released to other countries, we received one or two tickets for a sporadic problem for some users.

We have 4,000 licenses. We have Prisma Cloud in 16 different countries with a total of about 2,100 people. We do not have a large presence in the Extreme East or Middle East, but we have people connecting from Europe and also from Russia. It works perfectly.

Its usage will increase when there is a new acquisition or there is a new office somewhere in the world. 

The customer support is good and professional. I would rate them a ten out of ten.

Positive

We did not use any similar solution before. We adopted the same VPN technology based on the on-premise firewall that we already had, but there was a very big consumption of bandwidth. It was sometimes a little bit difficult to manage a high number of remote users, and this problem was completely solved by Prisma Cloud.

I was involved in its deployment. It took us about nine months to implement it.

In terms of the implementation strategy, we started with deciding about the site of our company that should be directly connected to Prisma Cloud. We produced an inventory of the applications and identified whether they are located on-premise, on Azure cloud, or on AWS cloud. We then started to configure the server and endpoints inside Prisma Cloud. We established the service connection between the site and Prisma Cloud, and we started to develop the solution for the end users. We selected a subset of users. We selected about 100 people from different departments in different countries to be sure that the solution was working properly in every country and every application environment.

We received very professional and qualified support from both Palo Alto technicians and a platinum partner that normally assists us in developing Palo Alto technologies.

We had two people from Palo Alto for implementation. We had one senior engineer and one junior engineer from Palo Alto. We had two engineers from our partner. We did not have a lot of staff.

In terms of maintenance, Prisma Cloud is subject to periodic updates, and we follow what is required by Palo Alto. For maintenance, we have a colleague of mine and one person from our partner.

It was a good investment because now we can manage so many remote users without any problems.

The platform is not famous for being cheap. It is quite expensive, but we know that we have the protection, so there is enough value for what we pay for. It is worth the money.

It takes more or less nine months to realize its benefits.

This solution is good for a company with at least 400 people that must be connected remotely. For smaller companies, it can be too expensive.

There are no costs in addition to standard licensing. We pay based on the number of users. We have 4,000 user licenses, and we use more or less 60% of our licenses.

We evaluated solutions from Cato Networks and Palo Alto. Because we have quite a large installation of Palo Alto's firewall and in-depth knowledge of this technology, we decided to adopt Prisma Cloud.

I am very satisfied with Prisma Cloud, and we do not have any plans to change to anything else. I am confident that we will retain this solution for a long time.

Overall, I would rate Prisma Cloud a ten out of ten. We have received very positive feedback regarding this solution. I would recommend it to others.

In terms of use cases, we had a single client. This client belonged to the insurance sector here in India, specifically a large insurance chain. We discovered that they had migrated to a cloud environment and had some security controls in place. However, they lacked expertise in understanding the threats associated with the cloud. From a resource and organizational perspective, they didn't possess the necessary skill set to implement a comprehensive governance framework. This client operates within the insurance industry, regulated by the Insurance Regulatory and Development Authority in India, which has revised some pipelines for the current financial year. The IRDA also serves as a regulatory authority for Indian banks. As a result, the client needed to strengthen their controls, particularly those with higher significance.
Their objective was to implement a few security controls to successfully pass an upcoming audit. We recommended that they integrate Prisma into their infrastructure. This would allow them to generate reports promptly whenever required and help fine-tune existing policies or guide the infrastructure development team in implementing new ones. Prisma would scan the entire infrastructure and provide the best recommendations. It was a challenging use case in terms of implementation, as only a few clients were familiar with Prisma's capabilities. Prisma is a cloud service that enables the hosting of applications and infrastructure.

We wanted to address vulnerabilities that we identified from a logging and monitoring perspective, which is why we implemented Prisma Cloud.

If we discuss a multi-cloud environment or a multi-fleet architecture or implement it as a fleet architecture, Prisma Cloud offers comprehensive functionality. It enables us to obtain complete reports or scanning reports from the tool on an enterprise scale. However, this process takes time. Although it is completed within seconds, if we have a larger infrastructure with multiple running instances, the tool will require more time. Nevertheless, the resulting report will be accurate and provide a comprehensive perspective.

In terms of a multi-cloud environment, our observations indicate that if we implement and configure Prisma Cloud with Azure and AWS, the tool performs well. On the other hand, when performing checks on AWS and GCP, the tool exhibits better performance on AWS. It does not meet the same standards on the GCP side, but it remains accurate. Azure is compatible with AWS and shows promising results. Additionally, we are currently conducting tests on the Azure environment.

Regarding the entire infrastructure, whether it follows an SAP model, PaaS model, or a previous model based on infrastructure, our testing has yielded positive results, particularly when using the SaaS model. AWS achieves 100 percent accuracy. From larger clients to smaller ones, even within internal GCP corridors where Prisma is connected, they are effectively protected.

Prisma's security automation capabilities are straightforward. We need to ensure that we have a clear understanding of our intended automation actions before proceeding. I was engaged with a company in the oil and gas sector that utilizes AWS infrastructure. They adopted Prisma Cloud and we implemented some automation. During testing, the alerts were satisfactory. However, in subsequent attempts, vulnerabilities were detected after the automation was executed. I wouldn't describe it as difficult, but rather as tricky.

Prisma Cloud assists us in adopting a proactive approach to cloud security. It provides us with a comprehensive view of areas that require fine-tuning. This perspective encompasses not only governance and threats but also the overall security landscape.

Prisma Cloud helped us reduce manual effort by up to eighty percent. It fine-tuned policies and implemented security controls for the cloud, including threat and vulnerability management. We no longer need to manually review these aspects. However, we still receive recommendations for mitigation. Prisma Cloud suggests actions to take from a governance and security perspective. For example, if we have an open port that is not in use, it advises disabling it. Previously, I or my team would spend around ten to twelve hours a day fine-tuning Azure or AWS services by accessing different dashboards. Now, with Prisma Cloud, we can accomplish all of this through a single console. We simply log on to the Prisma Cloud console and configure the services. Prisma Cloud integrates all the services and provides us with recommendations for remediation. As a result, our effort has been reduced by eighty percent since implementing Prisma. We were able to see all the benefits within a year and a half.

Prisma Cloud provides the 100 percent visibility and control we need regardless of how complex or distributed our cloud environments become. By utilizing Prisma Cloud, we have significantly reduced our manual effort to nearly eighty posts. Having everything consolidated on a single console greatly enhances the efficiency and productivity of our team. Moreover, from both a practical and financial perspective, it is undoubtedly a more advantageous approach.

Prisma Cloud offers risk clarity in real-time throughout our CI/CD pipeline infrastructure.

Prisma Cloud has reduced runtime alerts. I have only seen two alerts.

Prisma Cloud has reduced alert investigation times.

Prisma Cloud has saved our larger clients around $100,000 per month.

Prisma needs to regularly update itself because there are regulatory compliance requirements that have already been published, yet they have not been integrated into Prisma. This poses a challenge as we have to manually address these issues in our use cases.

We have discovered that Prisma is not functioning properly with GCP. I am unsure if this is due to the security policies being implemented by Google. There are restrictions in place, but from a GCP perspective, the security scanning is quite limited.

The deployment is a tricky task as it requires thorough configuration checks. There was a scenario where we discovered that the deployment had already been completed. However, during integration, we encountered a configuration issue. As a result, the logs from the cloud area were transformed into incidents, resembling an actual security breach. This caused concern among my team, and we were under the impression that an attack had occurred.

Palo Alto offers a different product, and they have introduced Prisma Cloud for a specific purpose, particularly for individuals who are new to the technology. The idea is, for example, to provide a single platform for accessing various Over-the-Top platforms for watching web series or movies. Instead of purchasing multiple OTT platforms, the concept is to offer one comprehensive platform. By paying for a single platform, users can obtain a subscription for services like Netflix or Amazon Prime, without having to spend thousands of dollars individually. Prisma Cloud follows a similar approach, which is perfectly acceptable. Consider the scenario where a client, using Microsoft or Azure environment, desires to use a third-party tool instead of investing in Microsoft Defender. In this case, Prisma Cloud comes into play. However, at some point, they may realize the need for Microsoft Defender as well, which would cost them a significant amount of fifty thousand dollars. To avoid such expenses, the idea of offering a complete package to the client arises. 

This complete package enables the client to use a single tool for scanning, obtaining reports and even automating the fine-tuning process. Consequently, the client can invest fifty thousand dollars to obtain the complete package, rather than searching for and purchasing three separate products, which would cost a significant amount of dollars. The complete package offers the same functionalities at half the price. From a product perspective, it is crucial to integrate certain services that assist clients in deciding to invest in Prisma Cloud. In the Indian market, where we have observed our clients, there is a lack of awareness regarding Prisma Cloud and its functionality. Clients are primarily concerned with whether Prisma Cloud can simply scan their products and provide recommendations. They question whether they can perform these tasks manually or use cloud-native services. This perspective influences the clients' decision-making process.

I have been using Prisma Cloud by Palo Alto Networks for two years.

The stability of Prisma Cloud depends on how the infrastructure has been configured specifically for that tool, taking into account the load and architecture of our infrastructure. The tool responds well in small-scale infrastructures, functioning perfectly without any issues. However, in larger environments, I have not encountered any crashing or lagging problems but the time it takes to scan the infrastructure varies depending on its size. 

Prisma Cloud is 100 percent scalable.

I contacted technical support during deployment because we encountered some challenges. The support was excellent, and the conversation went well. It was crucial to address the issues promptly because the entire infrastructure was at stake due to its complexities. We were uncertain about the potential impact of deploying a new tool in the infrastructure. Unfortunately, we faced some issues at one point, but they were resolved within the designated timeframe.

Neutral

As an organization, we possess certain tools, some of which have been developed in-house. However, it is important to note that no tool can be entirely relied upon, as perfection is unattainable. Some abnormalities have arisen and subsequently been addressed. Our main focus in the previous year was on utilizing cloud-native tools. We are now using Prisma Cloud and also looking at Citrix.

The initial setup took some time. It was not straightforward. For a few of the clients we have implemented, it will be straightforward. However, in our organization, it conflicts because we have certain lines of business and restrictions, so it took a bit longer. The deployment took around one month and required 15 people.

In general, Prisma Cloud is much cheaper than cloud-native services.

We are having conversations with Citrix to evaluate their solution.

I rate Prisma Cloud by Palo Alto Networks a nine out of ten.

We are the aligned partner for Prisma. We recommend the same tool to our clients, and the entire team is actively involved in training on the Prisma Cloud. In my interactions with various clients and stakeholders, I have noticed that some of them are not familiar with Prisma. However, they prioritize security and want to secure their cloud infrastructure. While some clients may not have the capability to use cloud-native tools, based on my observations, most of them are gradually transitioning to the cloud infrastructure and showing interest in the Prisma Cloud.

From a cloud security standpoint, and specifically as an organization, we are not bound by any specific domain. Our focus lies in securing the infrastructure from the client's perspective. For instance, consider a client who is new to the cloud and has migrated their infrastructure. If we do not have any governance measures in place for this scenario, our recommendation would be to opt for the comprehensive package offered by Prisma Cloud. This ensures that in the future or upcoming days, the client won't need to explore numerous other modules. However, it is worth noting that some clients may prefer to use separate modules. In general, we tailor our governance, security, and threat detection solutions to meet the specific requirements of each client. Internally, we provide a complete package.

In the current scenario, where my team is performing the migration for Prisma Cloud or the deployment area, we haven't yet tested the tool. We are planning to proceed with that testing. However, based on our discussions with the Prisma partner, they will integrate some functionalities because, in the DevOps environment, we haven't achieved the expected results. I wouldn't claim it's a hundred percent comprehensive, but based on our discussions and experiences so far, it's still a work in progress. We have conducted two tests, but the results haven't met our expectations.

From a DevOps standpoint, the CI/CD pipeline is still undergoing testing. I'm unsure about the time it will take, but initially, we are testing what we have learned from a CI/CD standpoint and a DevOps standpoint. We are currently investigating the best course of action and how we can integrate effectively. In some of our engagements, clients are requesting the integration of Prisma Cloud to optimize their DevOps area when deploying. However, currently, from a KPM perspective, this task is still manual. From a development standpoint, it will require time. It won't be accomplished in a single day or month, but rather, it will take time. This is because the configuration is still in progress. Moreover, from a security perspective, there are certain areas where we are uncertain. For instance, when considering GCP, it presents a gray area where we have been unable to identify any solutions from Prisma's standpoint. However, we need to determine how to effectively integrate the GCP infrastructure within the field.

Prisma Cloud can scan and monitor, depending on how it is configured. It can also trigger alerts, but it cannot stop an attack.

Prisma Cloud is maintained by Palo Alto.

Prisma Cloud will undoubtedly assist organizations in comprehending their infrastructure and identifying areas of uncertainty. The solution will streamline and minimize manual efforts. Users can obtain the comprehensive report with a single click, eliminating the need to access various services to retrieve logs. I highly recommend Prisma Cloud as it is cost-effective, and user-friendly, although its configuration can be a bit challenging.

The main use case was identification of cloud security compliance and detection of misconfigurations (including user and service principal identity and permissions) across multi-cloud environment. Secondary use case was development of custom policies based on internal security requirements of the banking client.

For the Financial Services client, I mainly used the CSPM and Cloud Infrastructure Entitlement Management (CIEM) modules. Code Security module was integrated to a limited extent, as part of CI/CD pipeline to enable Infrastructure as Code scanning before deployment. The primary cloud platforms of this client were AWS and Azure (limited cloud presence).

I also used Prisma Cloud for a PoC for another client of mine who used Azure and Oracle cloud platforms. The evaluation included different capability set as well: in addition to CSPM, CIEM, the Cloud Workload Protection Platform (CWPP) module capabilties were evaluated.

Prisma Cloud provides security spanning multi-cloud environments. I have used the it for securing AWS, Azure, and Oracle Cloud environments.

Main Benefit: 

Increased visibility across multiple cloud platforms is the main benefit. Before implementing Prisma Cloud, cloud-native solutions were available, however they did not show all of the problems that were present. The main benefit of implementing Prisma Cloud was the increased visibility into cloud permissions of users, roles and their usage in AWS. Prisma Cloud enabled that visibility and enabled the teams to see misconfigurations that were present in the cloud environment and start addressing them.

In addition to the identity part, Prisma Cloud provided some foundational visibility into the cloud workload misconfigurations. While a lot of false positives were identified, after the initial alert triage, the result was a lot of valuable insights to various misconfigurations.

Threat Detection: 

In regards to threat detection, for the other client where I carried out the PoC, I have done some testing after onboarding the Cloud Workload Protection module. Malware samples, EICAR files were uploaded to the test environment, and Prisma Cloud detected all of it.

Compliance Monitoring:

During the PoC for one of the clients, I have used cloud compliance monitoring of Prisma Cloud CSPM as well as CWPP modules, and found some discrepancies between the two. Some built-in compliance frameworks are available for the CSPM module, however not available in CWPP module. Cloud compliance monitoring and reporting can be done, however, there were discrepancies on what built-in compliance policies and frameworks are available in different modules. Custom security and compliance policies can be created and were used extensively in the Financial Services customer's project.

Hybrid Environments:

In regards to hybrid environments, I have only used it for Kubernetes deployment during the PoC. Kubernetes can be hosted on-premises or used as a managed service offered by any of the major cloud providers. I suppose that covers the hybrid use case. I have not used agent-based installations on anything other than Azure Kubernetes Service (AKS). In my experience, this part is where Prisma Cloud stands out from the competitors. It demonstrated easy onboarding as well as comprehensive visualisation of Kubernetes workloads running on the cluster, vulnerability and malware detection capabilties.

Features That Require Client's Time Investment:

The initial "alert burndown", as Palo Alto Networks themselves call it. The alert triage and policy tuning phase where the security team goes in, reviews the initial findings, updates the policies and/or creates custom ones, and disables some of the policies that are not relevant so that internal teams are not overloaded. That has required a significant amount of time invested. For the Financial Services customer, Code Security module has also been deployed (Checkov integration into the CI/CD pipeline). It took a lot of time to tune Code Security policies, because it performs static analysis of Infrastructure as Code files. It can produce a lot of false positives, especially in cases where Terraform modules are used in the infrastructure code. 

CIEM module has provided most value for the Financial Services client, it identified the overly-permissive roles and users who can assume these roles. Without CIEM, these misconfigurations would have been difficult to spot.

Prisma Cloud is based on acquisitions, which is both a pro and con. Palo Alto Networks made it fast to the market, however, they are now catching up and trying to integrate their acquired solutions into the Prisma Cloud platform. 

Ability to See the Full Picture of Risk:

The main hurdle from user standpoint for me was the ability to see the full picture without effort. This was still true when I last used it in April 2024. A user has to switch between the modules to get different pieces of information. To see the CWPP data, you need to switch to that module. To see the code security part, you need to switch to the Code Security module. It is the same story with CSPM. At least two competitors of Prisma Cloud offer a better experience when it comes to visualisation of data. They show the full view of a risk (what Prisma Cloud claims to do, but does not do well). The good news - Prisma Cloud is catching up and has slightly improved over time.

The User Interface: 

I simply didn't like the first one, then they changed it and made it even worse. But that might be a matter of preference, not an actual negative. 

Ease of Building Custom Policies:

The RQL and APIs are poorly documented, which significantly complicates building of custom policies. There should be no expectation that someone without a clue on how cloud services are constructed can effectively write custom policies using any of CNAPP offerings available in the market, however, this is especially true for Prisma Cloud. When we compare Prisma Cloud with competitors, for sure, it is much more difficult to create custom policies because the APIs themselves are not that well documented. When discussing this topic with their Professional Services engineer who was assigned to the project, the person admitted that at times it is trial and error path to building custom policies. The JSON preview feature did help to improve it, but you still need to guess which API to pick to get what you want. 

With all that said, Prisma Cloud offers a powerful custom policy building engine, and when a skilled person works on it, they can do advanced queries, joining the results of different APIs for example and using them to futher build the custom policy.

Quality Control Issues:

During the year-long project while working on alert triage, I encountered a number of CIEM policies that were displaying odd results, which were reported to the Customer Success team and were addressed with an update. This was an indicator that these built-in policies have not been tested that much, since the issue that was identified was impacting all users.

I've used Prisma Cloud for over a year. 

I used it for two clients of mine. One client was in Financial Services sector, a bank, and that was where I prepared a solution integration design for Prisma Cloud and later on, supported the integration itself, including the alert review and handover of the operational tasks to the engineering team. For the bank, I started with integration planning (HLD, then LLD) and internal security review process in December 2022, implementation after three months, and finished the project in March 2024. It has been over a year overall of using the solution.

The second use case involved conducting a month-long Proof of Concept (PoC) for another client in the Engineering & Manufacturing sector, focusing on testing of Prisma Cloud CSPM,CIEM and CSWPP capabilities for Azure and Oracle cloud platforms.

It is stable in the sense of being available so that users can log in and use the solution. 

However, a colleague working on the same project in security engineering team has noticed some of Prisma Cloud behaviour using search functionality, which returned different set of results each time same, unmodified query was being executed. This could be a single example of such instability, but it was something odd to observe. This issue has been raised to Prisma Cloud support team, however, I am not aware of the outcome.

Scalability was perfect. We had no issues with it.

I would rate their support a five out of ten. The professional services engineer was excellent. The sales and technical account management team was excellent. The solution architect who supported us also was great. 

However, for the customer success part, we had to replace an engineer who was originally assigned to support us. In many cases, the customer success team struggled to answer questions which we already researched reading available documentation. Most of the time we got answers from the solution architects. After replacing the engineer who was originally assiged to us, the situation improved slightly, but I would still expect a more capable team supporting the product. My understanding was that the customer success team struggled getting the right information as well.

After we escalated some of the problems to the TAM, issues were resolved relatively quickly.

Neutral

Before using Prisma Cloud, I used Checkpoint's Dome9 (in 2020-2021), as well as Microsoft Defender for Cloud. Main reason of selecting Prisma Cloud was multi-cloud capabilities, high number of built-in policies and capability to build custom policies.

If you mainly use AWS, and also use Kubernetes - Prisma Cloud may be a really good option. If you use Azure and Oracle cloud - there might be better alternatives out there.

I would strongly recommend to test it in your own environment, by onboarding a few accounts in Test/Dev and try to work on the findings - this will give you a better understanding of the tool. If you plan enabling your dev team to work on it, involve them in the PoC/PoV testing and get their feedback  (this will likely show how much time security team will need to invest into supporting the dev team as well).

In my opinion, it is very straightforward. A few months back, I deployed Prisma Cloud and two other CNAPP tools in a PoC setting, and I can say that Prisma Cloud was the easiest one to onboard the cloud environments, as well the Kubernetes cluster using their provided Helm chart template. Despite my prior experience with Prisma Cloud, the onboarding documentation is well-written. A small exception can be made for SSO and SAML configuration, for which Prisma Cloud did not have public documentation article available,  however, the Customer Success team has provided an instruction document for the configuration.

The cloud environment onboarding duration depends on whether the person deploying it has all permissions on the cloud side. If all permissions are in available, you can deploy it within 15 minutes. It is so easy. If AWS Organizations are used, after onboarding Prisma Cloud sees all the accounts that are part of that Organization. Same applies for Azure when a Tenant Root Group is onboarded - all subscriptions that belong to it, as well as all resource groups and resources part of it are monitored automatically. Some results show up immediately, while all misconfigurations are visible the next day, because it takes time for the tool to ingest all the cloud wokrloads, build the inventory and produce findings.

If we talk about onboarding Kubernetes clusters, the time it takes depends on the client's environment. Onboarding a single cluster is a matte of minutes. Overall, it can take some time, but is really straightforward using the provided Helm chart template.

Maintenance of the Integration:

Any CNAPP solution requires maintenance. This is because new cloud services are being rolled out by the cloud providers. For a CNAPP solution to be able to read those new resources and their configurations, permissions on the cloud provider's side need to be added to the roles that the CNAPP solution is using. As time passes and new cloud services are rolled out, missing permissions show up in Prisma Cloud, indicating what needs to be updated on the cloud provider's side. 

The other item is the review of new built-in policies. These new policies may produce some false positives. From time to time, this needs to be reviewed by the security team. Some adjustments might be required there. 

Last big item is the new features of Prisma Cloud that are being introduced. If these new features are added and if a client is using a custom and granular RBAC model to access Prisma Cloud, these permissions need to be revised and updated so that users can access and use those new capabilities.

For overall integration I have been working as a consultant (external) for the Financial Services customer. In this project, we had Professional Services consultant provided by Palo Alto Networks as part of the contract, who supported custom policy development. However, most of custom policies were developed by external consultants who were hired for the task.

The project also had Customer Success team support who offered training sessions.

I would rate the Professional Services team very highly. However, the Customer Success team fell short of expectations, to the extent that we requested a replacement for our customer success engineer.

As a cloud security specialst, if I did not have such tool, I would write a bunch of scripts to query the cloud APIs and get the data that I need. Prisma Cloud does that for us. With that said, any CNAPP tool offers such capability.

We have not estimated the actual return on investment in terms of quantifying it. From a security standpoint, with help of Prisma Cloud we found a number of misconfigurations that were not detected previously, however it is difficult to quantify the ROI. We may have prevented a security breach with remediation of the findings, however, any accurate likelihood and impact estimation would also be challenging.

The pricing is on par with the competitors.

A few competitor solutions have been evaluated during the selection for the Financial Services client. However, the selection process was made by former security architects who from whom I took over the project for integration planning and implementation as they departed the client's organisation. 

For the other client, where I tested Prisma Cloud in a PoC in 2024 April on Azure and Oracle cloud use case, unfortunately, Prisma Cloud has not been chosen as CNAPP solution.

Pros:

I would recommend Prisma Cloud to those who are cloud-native. Specifically, Kubernetes is what Prisma Cloud does really well because they acquired Twistlock which was an excellent tool for the task. 

Another big point would be for those with many internal/custom security requirements. Despite the challenge of undocumented APIs, if you have a dedicated cloud security engineering team, they can take advantage of the RQL policies for cloud security posture management and compliance monitoring.

Cons:

If you want full visibility of risk, without needing to proactively look for issue, and need to switch between the contexts within Prisma Cloud, I may not recommend it. If visibility is your priority, there may be better alternatives out there. If the client is a small enterprise and wants to prioritize the tool being used by the developers, there are stronger competitors out there, as to my observation, Prisma Cloud is built for those with dedicated cloud security roles in mind who will spend the time tuning the tool and customising the policies.

Data Protection / GDPR concerns:

The main client where I used Prisma Cloud and worked on the integration is a bank in Europe, and they are very sensitive to data protection and GDPR, which has added some constraints to the whole integration. This would be true for any other CNAPP solution (deployed in a full SaaS mode, not using an "Outpost").

If the vendor is compromised and the permissions that it has in the client's cloud environment are compromised, this could lead to a security breach and this is a risk that must be understood and accepted when deploying a 3rd party CNAPP solution. This is true for all CNAPP vendors, not only Prisma Cloud.

AI Security:

I have not used Prisma Cloud for AI security. I know they have released some AI capabilities, however, I cannot comment on it.

We have a console set up in Prisma that scans all the cloud environments and collects data about platform, infrastructure, and app vulnerabilities.

We are responsible for app vulnerabilities, and 90 percent of the vulnerabilities were detected by other products before Prisma scans. Other scanners also do some of the same things. Prisma's ability to consolidate and identify the uniqueness of the vulnerability is a huge help. Based on the different scans, we can determine duplicate vulnerabilities.

Prisma provides visibility regardless of how complex or distributed my cloud environment becomes. It adds value, especially from the infrastructure and platform side. From an application perspective, there were many other challenges.

I wouldn't say we can protect everything with Prisma. It identifies the issue but doesn't resolve it. Protection is something else that we have to do in the cloud environment. 

We use Prisma to scan for vulnerabilities and place them in a centralized repository where they are assigned a severity. Based on that severity, App Runner will get time to fix it after something is already in production. 

One feature we like is the amount of data Prisma gives us. Some infrastructure and platform vulnerabilities in the cloud are hard to detect, and we were unaware of some of these. It's critical to shed light on these. For example, you create virtual machines and forget about them, but when you revisit them, some vulnerabilities may be detected. 

Prisma allows us to adopt a preventative approach. We can scan some containers before they go into cloud production. The only caveat is identifying the cloud environment in a production or non-production environment.

Prisma could improve the data quality. One challenge is that when an application is deployed on multiple virtual machines, we get an alert for each machine, but the biggest challenge is container flapping. When containers go up and down, we get 100 alerts on one day, but it reports 20 the next day. The numbers keep changing, and the app owners tell us, "You reported a hundred vulnerabilities from my app, and today, you report 20. I haven't made any changes in production, is your data correct or not?"

 Containers can go up and down, so it can't tell whether the container is down for good or if it was only down at the time of the scan. That's one of the biggest issues we had. The second is data deduplication because we get vulnerabilities from multiple sources through Prisma scans. A vulnerability is reported by Prisma scan and software composition analysis, SAS, DAST, or BLAST scans. You've got all these different scans reporting the same vulnerability. 

We have used Prisma Cloud for a year and a half.

Often, we don't get the data for a particular console because it's down. While we're working to fix the issue, we get the previous data and all the other stuff.

At my company, we have many resources, and I haven't had any issues with vulnerability. Prisma can scale vertically or horizontally very well.

I can't say whether Prisma has saved us money because that's not the goal. The objective of Prisma is to identify incidents inside the company. Reputation and data security are the two most important things to a financial institution. We spend money to prevent improper data usage or vulnerability exploitation. I don't know whether it can save money, but it protects our data.

I rate Prisma Cloud seven out of 10. It does do a lot of things, but the data reliability and other issues make our lives more difficult. It presents more challenges than just getting the data and porting over.

We had Azure, AWS, and a little bit of GCP, so we gave Prisma read access to all those accounts, subscriptions, etc., and monitored the alerts to mitigate risks based on what popped up in the dashboard.

While it's not our only tool, Prisma is managing about 80 percent. We still occasionally go into cloud-native tools to ensure certain compliance standards are being met. Sometimes, urgent issues need to be fixed that haven't been reported in Prisma because the native tools will catch them first. As a third-party solution, Prisma might take a little longer to build a report directory.

We had around 30 to 40 users who were a mix of cloud and DevOps engineers. There were also members of the security team who made decisions about what kind of security policies we had to follow. We used it extensively within the public cloud across all our Azure, AWS, and GCP subscriptions and projects. There was interest in using it on-premises with our vSphere environment as well. I don't know if that ever happened.

Prisma enabled us to get up-to-speed on enforcing TLS 1.2. It helped us look at different types of resources, like storage accounts and app services. I'm thinking particularly of Azure because that was my focus. I found all the resources from the Prisma list and remedied those issues so that they were displayed as resolved in Prisma.

It gave us visibility into and control over complex cloud environments, which helped us feel better about our security and secure the environment with the clinical data. Our security team was pleased when we showed them clean Prisma reports. It boosted their confidence and their comfort level that we were being compliant.

Prisma made it much easier to ensure that all of the security pieces are handled. It simplified our security issue resolution. It cut down our investigation time by giving us one place to look. It cleaned up our operations considerably because finding what resources needed to be resolved, mitigated, or updated was easier. It probably saved us several hours every week. It also saved us some money, but I couldn't quantify the savings because other environments also used it.

It helped us develop a preventative approach to security. Nine out of ten times, we could find issues that needed to be fixed ahead of time. We had a monthly meeting where we would review the high-severity alerts on the dashboard and assign people to remedy them. Once we got through the high severity alerts, we looked at mediums and low severity alerts. Prisma enabled us to identify resources we needed to fix, which was quite handy.

We were pleased with Prisma's custom and built-in reports. We could go into the dashboard and see all these notifications telling us which subscriptions didn't have TLS 1.2 enabled. The security controls were the most valuable features. 

Prisma's multi-cloud capabilities were essential. We wouldn't have used it without them. We would have just used the native cloud vendors' security solutions. Its protection of our full cloud-native stack is pretty comprehensive. I would rate it at least an eight out of ten. It stacks up well compared to the security alerts and notifications we got from solutions like Defender.

It sometimes took Prisma a little while to build queries, so new services or features wouldn't appear. It wouldn't get flagged in Prisma for a bit. It would be helpful if they sped up how quickly they got their default notifications, queries, and alerts.

The access controls for our bank roles were not granular enough. We needed specific people to do particular actions, and we often had to give some people way too much access for them to be able to do what they needed in Prisma. They couldn't do their jobs if they didn't have that level of access, so other people had to do that part for them. It would help to have more granular role-based access controls.

We used the solution for about three years at my previous company. 

Prisma seemed highly stable, but I wasn't managing the solution. I was more of a user.

Prisma seemed to scale pretty well. It covered several large environments and didn't seem to struggle when loading information for us. I think it did well.

I rate Palo Alto support a six out of ten. The support was adequate, but I can't say it was great. If we had an issue with a feature or a query, it could take them a little while to get back, especially if it was a feature improvement or a new alert. They were very slow to add new warnings and features.

Neutral

The company never had a public cloud solution before Prisma, but they had something for on-prem. I don't know what it was. They also used cloud-native solutions like Defender for Cloud and the native tool for AWS.

We switched to Prisma because we wanted a single pane of glass that would allow the security team to see security issues across all of the public cloud vendors that we used, so they wouldn't have to jump to each individual cloud vendor's tool.

I was involved in the POC several years ago. It was like a lab test. After we tested that for several months, we rolled out the official one. At that point, I was just helping them test as they tried out the product. I didn't actually install the software.

The setup seemed pretty straightforward. There were clear instructions on how we just needed to create service principles with specific permissions and then grant Prisma the credentials for the service. I think they only had about five people maintaining the Prisma environment, and each was responsible for bits and pieces of it.

I believe the company saw a return using Prisma.

I know that the guys who handled the pricing said Prisma was costly, but I don't know how that compares to other products.

I know the team evaluated other options, but I wasn't involved.

I rate Prisma Cloud an eight out of ten. Having one place to go for all of your security alerts and notifications makes it easier to solve issues than going to each vendor's security tool.