Prisma Cloud by Palo Alto Networks Reviews

We are using CSPM, IM Security, and Cloud Workload Protection modules.

There are different use cases for Prisma Cloud. Our use case for the CSPM module is to assess compliance with standards such as HIPAA and GDPR, based on our current cloud CSV vendor and configuration. We need to use a CSPM tool to calculate the risk score associated with our current compliance posture.

Some of the reasons we implemented Prisma Cloud were to find the total number of assets in the compliance asset inventory and use the CSPM to assess our workload security. If we have a container environment, we can secure it using cloud workload protection. Additionally, IM Security can help us to determine if our saved credentials are exposed to the public network.

Prisma Cloud provides security for multi- and hybrid-cloud environments. This is the best use case for supporting multi-cloud vendors because, even if we have different cloud service providers, such as AWS, Azure, or GCP, we can manage and view all data in a single, consolidated screen.

All cloud service providers have limitations when it comes to cloud-native stack visibility. Prisma Cloud integrates with all CSPs, switches and correlates the data, and provides complete configuration details for alerts and incidents.

Prisma Cloud's security automation capabilities are effective, allowing us to specify our audit criteria and key configuration audit parameters to detect and automatically remediate misconfigurations. We also have playbooks to automate remediation.

It helps us take a preventative approach to cloud security. We recently received an incident alert for a resource with a security group that allows all ports, which is not a best practice. We will send a notification to the DevOps team and make a change to only allow the necessary ports. We can also automate this process to automatically remove all port access and only allow specific limited ports. Additionally, we can proactively define security keys for our servers and identify and fix vulnerabilities.

We have improved our organization in many ways. The first benefit is that we have from Prisma Cloud a complete asset inventory of all our cloud resources across all CSP vendors. This includes the number of assets and the number of VM instances currently running. This is a valuable use case, as it provides us with visibility into our entire cloud environment. The second benefit is that Prisma Cloud can help us identify misconfigured assets. This is also a valuable use case, as it helps us to ensure that our cloud resources are configured securely. The third benefit is that Prisma Cloud can help us to identify unusual access to our cloud resources. This can be helpful in identifying and responding to security threats. For example, if a user logs into a cloud instance from India and then two hours later logs into the same instance from the US, this could be a sign that the user's account has been compromised. Prisma Cloud can alert us to this type of activity so that we can investigate and take appropriate action.

The comprehensiveness in securing the entire cloud-native development lifecycle is great. We have integrated this solution with our CI/CD pipeline tools, so it scans and validates code in real-time, only allowing legitimate code to be processed further and executed.

It provides us with the visibility and control we need. At first, we may receive many alerts, but once we fine-tune them to generate genuine alerts only for legitimate traffic, our confidence in our security and compliance posture increases.

It also makes it easy to integrate our security with our existing CI/CD pipeline.

Prisma Cloud provides us with a single tool to protect all of our cloud resources and applications without having to manage and reconcile security tools.

Prisma Cloud provides clear visibility into risks at runtime and across the entire pipeline, showing issues as they are discovered. Our developers are able to correct the issues using just a few tools.

Prisma Cloud has reduced our runtime alerts by 20 percent. It reduced our alert investigation time to ten minutes. It also has saved us between 30 to 40 percent of our costs.

CSPM is the most valuable feature for any organization that runs its workloads in the cloud. CSPM can audit the current cloud configuration, identify misconfigurations, and assess risk.

If a customer is already running their workloads in the cloud and wants to secure them, Defender emails can be used to easily identify potential risks. Additionally, the CI/CD pipeline can be scanned to identify any vulnerabilities in the code that developers have written. When code is uploaded, it will be validated and only legitimate code will be applied to the production application. This means that no vulnerabilities will be present in the code.

CSPM can also be used to scan existing infrastructure for vulnerabilities.

The IM security has room for improvement. I would like more important features added.

I have been using Prisma Cloud by Palo Alto Networks for three years.

Prisma Cloud is stable.

Prisma Cloud is scalable.

The technical support is good.

Positive

The initial deployment was straightforward. All components can be deployed in one day, but the CSPM alone only takes half an hour.

Ten people were required for the deployment.

Prisma Cloud is more expensive than some other solutions, but when we consider all of its use cases, the cost averages out.

I would rate Prisma Cloud by Palo Alto Networks nine out of ten.

In terms of our location, we have different cloud service providers, such as AWS and Azure. The majority are AWS and Azure, where we have integrated Prisma Cloud. In terms of Docker and containers, we have integrated some types of labs and CI/CD parts. Therefore, we currently manage both AWS and Azure, as well as a few GCP parts, within a single console.

We have over 50 users.

Prisma Cloud requires maintenance and the OEM initially notifies us of the priority and schedule for maintenance.

We use it for mobile access, and we probably will also adopt a direct connection to our small branch offices across Europe.

Prisma Cloud has improved the response time and the availability of our applications on-premises and on the cloud for our users in many different countries in Western Europe, Eastern Europe, and the United States.

We use it for our mobile users. Prisma Cloud is a very strong and robust platform that improves endpoint security. The COVID-19 pandemic made us realize that we should be able to permit more or less 50% of our employees to work confidently and securely from home.

Prisma Cloud provides security across multi-cloud and hybrid-cloud environments. We already have developed a direct connection between the Prisma Cloud platform and the Azure Cloud solution. We also have integration with the AWS cloud where most of our servers are now located. It was absolutely a strategic choice for us.

We have decided to adopt almost all the security features that Prisma Cloud offers, such as DNS security, threat prevention, vulnerability analysis, anti-phishing, email, and so on. We did not use Prisma Cloud for security automation capabilities. We have a very specific application for the OTC environment, and we prefer to maintain this environment completely separate from the other world of traditional information technology applications.

Prisma Cloud helps with cloud security, but we are also managing security at many different levels. We have endpoint protection, firewalls, SIEM, and log collectors. We also have dedicated probes that work silently to discover any anomalies, such as zero-day threats, that could be there. We have a Palo Alto firewall, and this cloud solution also has some predefined level of security managed by the cloud provider.

Prisma Cloud provides the visibility and control we need, regardless of how complex or distributed our cloud environments become. We can very quickly and easily analyze the clusters, the connections, and so on. We have very good control over the data flow and any possible security problems. It increases our confidence in our security and compliance postures.

About 50% of our people work from a private network, not inside the company. The protection of the endpoints is more difficult than the protection inside the office. Prisma Cloud can elevate the level of security for people who are working from home or are traveling to another country and so on.

Prisma Cloud provides us with a single tool to protect all of our cloud resources and applications, without having to manage and reconcile disparate security and compliance reports. Prisma Cloud is used by remote users that are working from home, and that is it. It makes our operations easier.

I have daily evidence of any possible new threats that could appear. I get to know how often a threat was blocked and from which client these threats were blocked. We can then very quickly contact the user if there is a compromised endpoint.

Prisma Cloud sends the email and data to the administrative IT staff in case a very severe threat appears. So far, we have not received any alerts related to severe threats.

Prisma Cloud has reduced a lot of our alert investigation time. We have perfect visibility of every single connection from our colleagues who are working from home, a hotel, or any other place. We have activated a mechanism by which the VPN connection is mandatory as soon as the end users switch their computers on. If I have a severe alert, I could investigate the related bad behavior and node in 10 to 15 minutes.

We found it to be easy and flexible. We could easily configure it for our needs, and we could spread the Prisma Cloud platform to 16 countries without encountering any kind of problem.

It can be too expensive for small companies.

In terms of features, I wouldn't add anything specific. They did a major improvement in the field of reporting. It can automatically produce statistics on usage and so on. This aspect was not very well developed at the beginning of the project, but now, there is a very big improvement in this specific field. Reporting is better than the previous versions, so at the moment, for our needs, the solution is good enough. We might need something in the future, but at the moment, we are not asking Palo Alto for any new developments.

We have been using this solution for half a year. We started the project at the beginning of this year, and at the moment, we have about 2,100 people who use this solution.

It is very stable. The platform is quite robust and available. From the time the project was released to other countries, we received one or two tickets for a sporadic problem for some users.

We have 4,000 licenses. We have Prisma Cloud in 16 different countries with a total of about 2,100 people. We do not have a large presence in the Extreme East or Middle East, but we have people connecting from Europe and also from Russia. It works perfectly.

Its usage will increase when there is a new acquisition or there is a new office somewhere in the world. 

The customer support is good and professional. I would rate them a ten out of ten.

Positive

We did not use any similar solution before. We adopted the same VPN technology based on the on-premise firewall that we already had, but there was a very big consumption of bandwidth. It was sometimes a little bit difficult to manage a high number of remote users, and this problem was completely solved by Prisma Cloud.

I was involved in its deployment. It took us about nine months to implement it.

In terms of the implementation strategy, we started with deciding about the site of our company that should be directly connected to Prisma Cloud. We produced an inventory of the applications and identified whether they are located on-premise, on Azure cloud, or on AWS cloud. We then started to configure the server and endpoints inside Prisma Cloud. We established the service connection between the site and Prisma Cloud, and we started to develop the solution for the end users. We selected a subset of users. We selected about 100 people from different departments in different countries to be sure that the solution was working properly in every country and every application environment.

We received very professional and qualified support from both Palo Alto technicians and a platinum partner that normally assists us in developing Palo Alto technologies.

We had two people from Palo Alto for implementation. We had one senior engineer and one junior engineer from Palo Alto. We had two engineers from our partner. We did not have a lot of staff.

In terms of maintenance, Prisma Cloud is subject to periodic updates, and we follow what is required by Palo Alto. For maintenance, we have a colleague of mine and one person from our partner.

It was a good investment because now we can manage so many remote users without any problems.

The platform is not famous for being cheap. It is quite expensive, but we know that we have the protection, so there is enough value for what we pay for. It is worth the money.

It takes more or less nine months to realize its benefits.

This solution is good for a company with at least 400 people that must be connected remotely. For smaller companies, it can be too expensive.

There are no costs in addition to standard licensing. We pay based on the number of users. We have 4,000 user licenses, and we use more or less 60% of our licenses.

We evaluated solutions from Cato Networks and Palo Alto. Because we have quite a large installation of Palo Alto's firewall and in-depth knowledge of this technology, we decided to adopt Prisma Cloud.

I am very satisfied with Prisma Cloud, and we do not have any plans to change to anything else. I am confident that we will retain this solution for a long time.

Overall, I would rate Prisma Cloud a ten out of ten. We have received very positive feedback regarding this solution. I would recommend it to others.

In terms of use cases, we had a single client. This client belonged to the insurance sector here in India, specifically a large insurance chain. We discovered that they had migrated to a cloud environment and had some security controls in place. However, they lacked expertise in understanding the threats associated with the cloud. From a resource and organizational perspective, they didn't possess the necessary skill set to implement a comprehensive governance framework. This client operates within the insurance industry, regulated by the Insurance Regulatory and Development Authority in India, which has revised some pipelines for the current financial year. The IRDA also serves as a regulatory authority for Indian banks. As a result, the client needed to strengthen their controls, particularly those with higher significance.
Their objective was to implement a few security controls to successfully pass an upcoming audit. We recommended that they integrate Prisma into their infrastructure. This would allow them to generate reports promptly whenever required and help fine-tune existing policies or guide the infrastructure development team in implementing new ones. Prisma would scan the entire infrastructure and provide the best recommendations. It was a challenging use case in terms of implementation, as only a few clients were familiar with Prisma's capabilities. Prisma is a cloud service that enables the hosting of applications and infrastructure.

We wanted to address vulnerabilities that we identified from a logging and monitoring perspective, which is why we implemented Prisma Cloud.

If we discuss a multi-cloud environment or a multi-fleet architecture or implement it as a fleet architecture, Prisma Cloud offers comprehensive functionality. It enables us to obtain complete reports or scanning reports from the tool on an enterprise scale. However, this process takes time. Although it is completed within seconds, if we have a larger infrastructure with multiple running instances, the tool will require more time. Nevertheless, the resulting report will be accurate and provide a comprehensive perspective.

In terms of a multi-cloud environment, our observations indicate that if we implement and configure Prisma Cloud with Azure and AWS, the tool performs well. On the other hand, when performing checks on AWS and GCP, the tool exhibits better performance on AWS. It does not meet the same standards on the GCP side, but it remains accurate. Azure is compatible with AWS and shows promising results. Additionally, we are currently conducting tests on the Azure environment.

Regarding the entire infrastructure, whether it follows an SAP model, PaaS model, or a previous model based on infrastructure, our testing has yielded positive results, particularly when using the SaaS model. AWS achieves 100 percent accuracy. From larger clients to smaller ones, even within internal GCP corridors where Prisma is connected, they are effectively protected.

Prisma's security automation capabilities are straightforward. We need to ensure that we have a clear understanding of our intended automation actions before proceeding. I was engaged with a company in the oil and gas sector that utilizes AWS infrastructure. They adopted Prisma Cloud and we implemented some automation. During testing, the alerts were satisfactory. However, in subsequent attempts, vulnerabilities were detected after the automation was executed. I wouldn't describe it as difficult, but rather as tricky.

Prisma Cloud assists us in adopting a proactive approach to cloud security. It provides us with a comprehensive view of areas that require fine-tuning. This perspective encompasses not only governance and threats but also the overall security landscape.

Prisma Cloud helped us reduce manual effort by up to eighty percent. It fine-tuned policies and implemented security controls for the cloud, including threat and vulnerability management. We no longer need to manually review these aspects. However, we still receive recommendations for mitigation. Prisma Cloud suggests actions to take from a governance and security perspective. For example, if we have an open port that is not in use, it advises disabling it. Previously, I or my team would spend around ten to twelve hours a day fine-tuning Azure or AWS services by accessing different dashboards. Now, with Prisma Cloud, we can accomplish all of this through a single console. We simply log on to the Prisma Cloud console and configure the services. Prisma Cloud integrates all the services and provides us with recommendations for remediation. As a result, our effort has been reduced by eighty percent since implementing Prisma. We were able to see all the benefits within a year and a half.

Prisma Cloud provides the 100 percent visibility and control we need regardless of how complex or distributed our cloud environments become. By utilizing Prisma Cloud, we have significantly reduced our manual effort to nearly eighty posts. Having everything consolidated on a single console greatly enhances the efficiency and productivity of our team. Moreover, from both a practical and financial perspective, it is undoubtedly a more advantageous approach.

Prisma Cloud offers risk clarity in real-time throughout our CI/CD pipeline infrastructure.

Prisma Cloud has reduced runtime alerts. I have only seen two alerts.

Prisma Cloud has reduced alert investigation times.

Prisma Cloud has saved our larger clients around $100,000 per month.

Prisma needs to regularly update itself because there are regulatory compliance requirements that have already been published, yet they have not been integrated into Prisma. This poses a challenge as we have to manually address these issues in our use cases.

We have discovered that Prisma is not functioning properly with GCP. I am unsure if this is due to the security policies being implemented by Google. There are restrictions in place, but from a GCP perspective, the security scanning is quite limited.

The deployment is a tricky task as it requires thorough configuration checks. There was a scenario where we discovered that the deployment had already been completed. However, during integration, we encountered a configuration issue. As a result, the logs from the cloud area were transformed into incidents, resembling an actual security breach. This caused concern among my team, and we were under the impression that an attack had occurred.

Palo Alto offers a different product, and they have introduced Prisma Cloud for a specific purpose, particularly for individuals who are new to the technology. The idea is, for example, to provide a single platform for accessing various Over-the-Top platforms for watching web series or movies. Instead of purchasing multiple OTT platforms, the concept is to offer one comprehensive platform. By paying for a single platform, users can obtain a subscription for services like Netflix or Amazon Prime, without having to spend thousands of dollars individually. Prisma Cloud follows a similar approach, which is perfectly acceptable. Consider the scenario where a client, using Microsoft or Azure environment, desires to use a third-party tool instead of investing in Microsoft Defender. In this case, Prisma Cloud comes into play. However, at some point, they may realize the need for Microsoft Defender as well, which would cost them a significant amount of fifty thousand dollars. To avoid such expenses, the idea of offering a complete package to the client arises. 

This complete package enables the client to use a single tool for scanning, obtaining reports and even automating the fine-tuning process. Consequently, the client can invest fifty thousand dollars to obtain the complete package, rather than searching for and purchasing three separate products, which would cost a significant amount of dollars. The complete package offers the same functionalities at half the price. From a product perspective, it is crucial to integrate certain services that assist clients in deciding to invest in Prisma Cloud. In the Indian market, where we have observed our clients, there is a lack of awareness regarding Prisma Cloud and its functionality. Clients are primarily concerned with whether Prisma Cloud can simply scan their products and provide recommendations. They question whether they can perform these tasks manually or use cloud-native services. This perspective influences the clients' decision-making process.

I have been using Prisma Cloud by Palo Alto Networks for two years.

The stability of Prisma Cloud depends on how the infrastructure has been configured specifically for that tool, taking into account the load and architecture of our infrastructure. The tool responds well in small-scale infrastructures, functioning perfectly without any issues. However, in larger environments, I have not encountered any crashing or lagging problems but the time it takes to scan the infrastructure varies depending on its size. 

Prisma Cloud is 100 percent scalable.

I contacted technical support during deployment because we encountered some challenges. The support was excellent, and the conversation went well. It was crucial to address the issues promptly because the entire infrastructure was at stake due to its complexities. We were uncertain about the potential impact of deploying a new tool in the infrastructure. Unfortunately, we faced some issues at one point, but they were resolved within the designated timeframe.

Neutral

As an organization, we possess certain tools, some of which have been developed in-house. However, it is important to note that no tool can be entirely relied upon, as perfection is unattainable. Some abnormalities have arisen and subsequently been addressed. Our main focus in the previous year was on utilizing cloud-native tools. We are now using Prisma Cloud and also looking at Citrix.

The initial setup took some time. It was not straightforward. For a few of the clients we have implemented, it will be straightforward. However, in our organization, it conflicts because we have certain lines of business and restrictions, so it took a bit longer. The deployment took around one month and required 15 people.

In general, Prisma Cloud is much cheaper than cloud-native services.

We are having conversations with Citrix to evaluate their solution.

I rate Prisma Cloud by Palo Alto Networks a nine out of ten.

We are the aligned partner for Prisma. We recommend the same tool to our clients, and the entire team is actively involved in training on the Prisma Cloud. In my interactions with various clients and stakeholders, I have noticed that some of them are not familiar with Prisma. However, they prioritize security and want to secure their cloud infrastructure. While some clients may not have the capability to use cloud-native tools, based on my observations, most of them are gradually transitioning to the cloud infrastructure and showing interest in the Prisma Cloud.

From a cloud security standpoint, and specifically as an organization, we are not bound by any specific domain. Our focus lies in securing the infrastructure from the client's perspective. For instance, consider a client who is new to the cloud and has migrated their infrastructure. If we do not have any governance measures in place for this scenario, our recommendation would be to opt for the comprehensive package offered by Prisma Cloud. This ensures that in the future or upcoming days, the client won't need to explore numerous other modules. However, it is worth noting that some clients may prefer to use separate modules. In general, we tailor our governance, security, and threat detection solutions to meet the specific requirements of each client. Internally, we provide a complete package.

In the current scenario, where my team is performing the migration for Prisma Cloud or the deployment area, we haven't yet tested the tool. We are planning to proceed with that testing. However, based on our discussions with the Prisma partner, they will integrate some functionalities because, in the DevOps environment, we haven't achieved the expected results. I wouldn't claim it's a hundred percent comprehensive, but based on our discussions and experiences so far, it's still a work in progress. We have conducted two tests, but the results haven't met our expectations.

From a DevOps standpoint, the CI/CD pipeline is still undergoing testing. I'm unsure about the time it will take, but initially, we are testing what we have learned from a CI/CD standpoint and a DevOps standpoint. We are currently investigating the best course of action and how we can integrate effectively. In some of our engagements, clients are requesting the integration of Prisma Cloud to optimize their DevOps area when deploying. However, currently, from a KPM perspective, this task is still manual. From a development standpoint, it will require time. It won't be accomplished in a single day or month, but rather, it will take time. This is because the configuration is still in progress. Moreover, from a security perspective, there are certain areas where we are uncertain. For instance, when considering GCP, it presents a gray area where we have been unable to identify any solutions from Prisma's standpoint. However, we need to determine how to effectively integrate the GCP infrastructure within the field.

Prisma Cloud can scan and monitor, depending on how it is configured. It can also trigger alerts, but it cannot stop an attack.

Prisma Cloud is maintained by Palo Alto.

Prisma Cloud will undoubtedly assist organizations in comprehending their infrastructure and identifying areas of uncertainty. The solution will streamline and minimize manual efforts. Users can obtain the comprehensive report with a single click, eliminating the need to access various services to retrieve logs. I highly recommend Prisma Cloud as it is cost-effective, and user-friendly, although its configuration can be a bit challenging.

We use Prisma Cloud by Palo Alto Networks for our cloud security posture management.

Prisma Cloud by Palo Alto Networks has multiple aspects that help protect the full cloud-native stack. We are not concerned with just one cloud at the enterprise level; we are focused on the multiple cloud environments we have. The solution provides us with a comprehensive dashboard and a comprehensive view of our cloud security posture. Furthermore, the solution not only covers the security posture but also informs us of our compliance with leading industry standards.

The solution does have security automation capabilities, but we do not use much of it in this case. We use automation for the alerts; if there are any misconfigurations, the alerts are automated. However, we do not mitigate any specific items using automation, as that is something we have not configured. We prefer to first look at the problem manually, and then take action against it.

There is no single comprehensive cloud security solution. We will need to use multiple tools, such as those offered by Palo Alto Networks and Check Point. Every security firm has a range of products, so if we consider all of them, we can have anti-virus, anti-malware, vulnerability assessment solutions, EDP software, and cloud security posture management. We need to evaluate each tool, and Prisma and Check Point both offer good solutions, including next-generation firewalls.

The solution provides the visibility and control we need, regardless of how complex or distributed our cloud environment becomes.

The solution can enable us to incorporate security into our CI/CD pipeline and add checkpoints to existing DevOps processes. From an automation standpoint, we enabled certain monitoring features. However, the remediation steps are still manual. This can be integrated into our DevOps pipeline, though some of the features are not being used as we prefer to keep it manual.

The solution provides us with a single tool to protect all of our cloud resources and applications, without having to manage and reconcile disparate security and compliance reports.

The solution reduced runtime alerts. We don't need to receive all the runtime alerts every time, as they will overwhelm us with messages. People often neglect this. Depending on the situation, generally, only very important alerts should be sent. I prefer that the solution be configured for when there is a major business impact. For minor alerts and notifications, we can still check the dashboard. Generally, we monitor the dashboards at certain times. We don't need to be alerted for everything, as this will defeat the purpose of this mechanism.

The solution significantly improved the time taken to investigate alerts by 40 percent with the alert monitoring and all its mechanisms, we receive our critical alerts quickly via email. We can even configure the remediation, although we have not done so yet. 

I appreciate the multi-cloud support that this solution provides; I can use it with AWS, Microsoft Azure, and Google Cloud. I find the ability to configure alerts and monitor misconfigurations in the cloud to be particularly useful, and we take advantage of this feature as well.

Prisma Cloud by Palo Alto Networks is an impressive solution. The solution continuously assesses our security posture, making it the ideal preventive measure. If any misconfigurations occur, I am immediately notified of any unnecessary ports that are open in my cloud. This alerting system allows me to take the necessary steps to secure it before any attack can occur, making it the best preventive measure for our cloud.

I now extensively use cloud security posture management. There needs to be a mechanism that allows me to manually configure compliance more easily. Currently, it requires programming knowledge, so if someone without hardware programming knowledge could customize certain features to their requirements, it would be very helpful.

I have been using the solution for five months.

The solution is stable because it is a SaaS offering.

Nowadays, all cloud solutions are scalable; scalability should be a given feature and does not need to be asked for.

A maximum of ten people have administrative-level access, which will be used by 50 to 60 Security Operations Center personnel. This personnel must log in with various role-based access rights. In total, we have around 70 people using the solution.

In my previous project, we had a dedicated team associated with the account, so we did not have to pay for support. This was beneficial because, most of the time, we would go to our account team instead of the technical support, and our issues would be resolved quickly.

Positive

The initial setup is seamless. We only need to integrate our API key and connect it.

The deployment took one hour.

I can see one return on investment due to continuous monitoring. Before, we had a few staff members who monitored our environment, but now the alerting and other processes happen automatically, so there is a good ROI in terms of resources. Additionally, the security posture of the environment is increased and fewer incidents occur, which improves our response time and resource efficiency. There are also indirect ROIs.

The pricing is competitive; for the most part, the security firms have similar prices. Therefore, I believe it is competitive and a good investment. The solution is good quality, so I would not hesitate to invest in Prisma Cloud by Palo Alto Networks.

I give the solution a nine out of ten.

I absolutely recommend Prisma Cloud by Palo Alto Networks at an enterprise level because the solution is an enterprise-grade product.

The main use case was identification of cloud security compliance and detection of misconfigurations (including user and service principal identity and permissions) across multi-cloud environment. Secondary use case was development of custom policies based on internal security requirements of the banking client.

For the Financial Services client, I mainly used the CSPM and Cloud Infrastructure Entitlement Management (CIEM) modules. Code Security module was integrated to a limited extent, as part of CI/CD pipeline to enable Infrastructure as Code scanning before deployment. The primary cloud platforms of this client were AWS and Azure (limited cloud presence).

I also used Prisma Cloud for a PoC for another client of mine who used Azure and Oracle cloud platforms. The evaluation included different capability set as well: in addition to CSPM, CIEM, the Cloud Workload Protection Platform (CWPP) module capabilties were evaluated.

Prisma Cloud provides security spanning multi-cloud environments. I have used the it for securing AWS, Azure, and Oracle Cloud environments.

Main Benefit: 

Increased visibility across multiple cloud platforms is the main benefit. Before implementing Prisma Cloud, cloud-native solutions were available, however they did not show all of the problems that were present. The main benefit of implementing Prisma Cloud was the increased visibility into cloud permissions of users, roles and their usage in AWS. Prisma Cloud enabled that visibility and enabled the teams to see misconfigurations that were present in the cloud environment and start addressing them.

In addition to the identity part, Prisma Cloud provided some foundational visibility into the cloud workload misconfigurations. While a lot of false positives were identified, after the initial alert triage, the result was a lot of valuable insights to various misconfigurations.

Threat Detection: 

In regards to threat detection, for the other client where I carried out the PoC, I have done some testing after onboarding the Cloud Workload Protection module. Malware samples, EICAR files were uploaded to the test environment, and Prisma Cloud detected all of it.

Compliance Monitoring:

During the PoC for one of the clients, I have used cloud compliance monitoring of Prisma Cloud CSPM as well as CWPP modules, and found some discrepancies between the two. Some built-in compliance frameworks are available for the CSPM module, however not available in CWPP module. Cloud compliance monitoring and reporting can be done, however, there were discrepancies on what built-in compliance policies and frameworks are available in different modules. Custom security and compliance policies can be created and were used extensively in the Financial Services customer's project.

Hybrid Environments:

In regards to hybrid environments, I have only used it for Kubernetes deployment during the PoC. Kubernetes can be hosted on-premises or used as a managed service offered by any of the major cloud providers. I suppose that covers the hybrid use case. I have not used agent-based installations on anything other than Azure Kubernetes Service (AKS). In my experience, this part is where Prisma Cloud stands out from the competitors. It demonstrated easy onboarding as well as comprehensive visualisation of Kubernetes workloads running on the cluster, vulnerability and malware detection capabilties.

Features That Require Client's Time Investment:

The initial "alert burndown", as Palo Alto Networks themselves call it. The alert triage and policy tuning phase where the security team goes in, reviews the initial findings, updates the policies and/or creates custom ones, and disables some of the policies that are not relevant so that internal teams are not overloaded. That has required a significant amount of time invested. For the Financial Services customer, Code Security module has also been deployed (Checkov integration into the CI/CD pipeline). It took a lot of time to tune Code Security policies, because it performs static analysis of Infrastructure as Code files. It can produce a lot of false positives, especially in cases where Terraform modules are used in the infrastructure code. 

CIEM module has provided most value for the Financial Services client, it identified the overly-permissive roles and users who can assume these roles. Without CIEM, these misconfigurations would have been difficult to spot.

Prisma Cloud is based on acquisitions, which is both a pro and con. Palo Alto Networks made it fast to the market, however, they are now catching up and trying to integrate their acquired solutions into the Prisma Cloud platform. 

Ability to See the Full Picture of Risk:

The main hurdle from user standpoint for me was the ability to see the full picture without effort. This was still true when I last used it in April 2024. A user has to switch between the modules to get different pieces of information. To see the CWPP data, you need to switch to that module. To see the code security part, you need to switch to the Code Security module. It is the same story with CSPM. At least two competitors of Prisma Cloud offer a better experience when it comes to visualisation of data. They show the full view of a risk (what Prisma Cloud claims to do, but does not do well). The good news - Prisma Cloud is catching up and has slightly improved over time.

The User Interface: 

I simply didn't like the first one, then they changed it and made it even worse. But that might be a matter of preference, not an actual negative. 

Ease of Building Custom Policies:

The RQL and APIs are poorly documented, which significantly complicates building of custom policies. There should be no expectation that someone without a clue on how cloud services are constructed can effectively write custom policies using any of CNAPP offerings available in the market, however, this is especially true for Prisma Cloud. When we compare Prisma Cloud with competitors, for sure, it is much more difficult to create custom policies because the APIs themselves are not that well documented. When discussing this topic with their Professional Services engineer who was assigned to the project, the person admitted that at times it is trial and error path to building custom policies. The JSON preview feature did help to improve it, but you still need to guess which API to pick to get what you want. 

With all that said, Prisma Cloud offers a powerful custom policy building engine, and when a skilled person works on it, they can do advanced queries, joining the results of different APIs for example and using them to futher build the custom policy.

Quality Control Issues:

During the year-long project while working on alert triage, I encountered a number of CIEM policies that were displaying odd results, which were reported to the Customer Success team and were addressed with an update. This was an indicator that these built-in policies have not been tested that much, since the issue that was identified was impacting all users.

I've used Prisma Cloud for over a year. 

I used it for two clients of mine. One client was in Financial Services sector, a bank, and that was where I prepared a solution integration design for Prisma Cloud and later on, supported the integration itself, including the alert review and handover of the operational tasks to the engineering team. For the bank, I started with integration planning (HLD, then LLD) and internal security review process in December 2022, implementation after three months, and finished the project in March 2024. It has been over a year overall of using the solution.

The second use case involved conducting a month-long Proof of Concept (PoC) for another client in the Engineering & Manufacturing sector, focusing on testing of Prisma Cloud CSPM,CIEM and CSWPP capabilities for Azure and Oracle cloud platforms.

It is stable in the sense of being available so that users can log in and use the solution. 

However, a colleague working on the same project in security engineering team has noticed some of Prisma Cloud behaviour using search functionality, which returned different set of results each time same, unmodified query was being executed. This could be a single example of such instability, but it was something odd to observe. This issue has been raised to Prisma Cloud support team, however, I am not aware of the outcome.

Scalability was perfect. We had no issues with it.

I would rate their support a five out of ten. The professional services engineer was excellent. The sales and technical account management team was excellent. The solution architect who supported us also was great. 

However, for the customer success part, we had to replace an engineer who was originally assigned to support us. In many cases, the customer success team struggled to answer questions which we already researched reading available documentation. Most of the time we got answers from the solution architects. After replacing the engineer who was originally assiged to us, the situation improved slightly, but I would still expect a more capable team supporting the product. My understanding was that the customer success team struggled getting the right information as well.

After we escalated some of the problems to the TAM, issues were resolved relatively quickly.

Neutral

Before using Prisma Cloud, I used Checkpoint's Dome9 (in 2020-2021), as well as Microsoft Defender for Cloud. Main reason of selecting Prisma Cloud was multi-cloud capabilities, high number of built-in policies and capability to build custom policies.

If you mainly use AWS, and also use Kubernetes - Prisma Cloud may be a really good option. If you use Azure and Oracle cloud - there might be better alternatives out there.

I would strongly recommend to test it in your own environment, by onboarding a few accounts in Test/Dev and try to work on the findings - this will give you a better understanding of the tool. If you plan enabling your dev team to work on it, involve them in the PoC/PoV testing and get their feedback  (this will likely show how much time security team will need to invest into supporting the dev team as well).

In my opinion, it is very straightforward. A few months back, I deployed Prisma Cloud and two other CNAPP tools in a PoC setting, and I can say that Prisma Cloud was the easiest one to onboard the cloud environments, as well the Kubernetes cluster using their provided Helm chart template. Despite my prior experience with Prisma Cloud, the onboarding documentation is well-written. A small exception can be made for SSO and SAML configuration, for which Prisma Cloud did not have public documentation article available,  however, the Customer Success team has provided an instruction document for the configuration.

The cloud environment onboarding duration depends on whether the person deploying it has all permissions on the cloud side. If all permissions are in available, you can deploy it within 15 minutes. It is so easy. If AWS Organizations are used, after onboarding Prisma Cloud sees all the accounts that are part of that Organization. Same applies for Azure when a Tenant Root Group is onboarded - all subscriptions that belong to it, as well as all resource groups and resources part of it are monitored automatically. Some results show up immediately, while all misconfigurations are visible the next day, because it takes time for the tool to ingest all the cloud wokrloads, build the inventory and produce findings.

If we talk about onboarding Kubernetes clusters, the time it takes depends on the client's environment. Onboarding a single cluster is a matte of minutes. Overall, it can take some time, but is really straightforward using the provided Helm chart template.

Maintenance of the Integration:

Any CNAPP solution requires maintenance. This is because new cloud services are being rolled out by the cloud providers. For a CNAPP solution to be able to read those new resources and their configurations, permissions on the cloud provider's side need to be added to the roles that the CNAPP solution is using. As time passes and new cloud services are rolled out, missing permissions show up in Prisma Cloud, indicating what needs to be updated on the cloud provider's side. 

The other item is the review of new built-in policies. These new policies may produce some false positives. From time to time, this needs to be reviewed by the security team. Some adjustments might be required there. 

Last big item is the new features of Prisma Cloud that are being introduced. If these new features are added and if a client is using a custom and granular RBAC model to access Prisma Cloud, these permissions need to be revised and updated so that users can access and use those new capabilities.

For overall integration I have been working as a consultant (external) for the Financial Services customer. In this project, we had Professional Services consultant provided by Palo Alto Networks as part of the contract, who supported custom policy development. However, most of custom policies were developed by external consultants who were hired for the task.

The project also had Customer Success team support who offered training sessions.

I would rate the Professional Services team very highly. However, the Customer Success team fell short of expectations, to the extent that we requested a replacement for our customer success engineer.

As a cloud security specialst, if I did not have such tool, I would write a bunch of scripts to query the cloud APIs and get the data that I need. Prisma Cloud does that for us. With that said, any CNAPP tool offers such capability.

We have not estimated the actual return on investment in terms of quantifying it. From a security standpoint, with help of Prisma Cloud we found a number of misconfigurations that were not detected previously, however it is difficult to quantify the ROI. We may have prevented a security breach with remediation of the findings, however, any accurate likelihood and impact estimation would also be challenging.

The pricing is on par with the competitors.

A few competitor solutions have been evaluated during the selection for the Financial Services client. However, the selection process was made by former security architects who from whom I took over the project for integration planning and implementation as they departed the client's organisation. 

For the other client, where I tested Prisma Cloud in a PoC in 2024 April on Azure and Oracle cloud use case, unfortunately, Prisma Cloud has not been chosen as CNAPP solution.

Pros:

I would recommend Prisma Cloud to those who are cloud-native. Specifically, Kubernetes is what Prisma Cloud does really well because they acquired Twistlock which was an excellent tool for the task. 

Another big point would be for those with many internal/custom security requirements. Despite the challenge of undocumented APIs, if you have a dedicated cloud security engineering team, they can take advantage of the RQL policies for cloud security posture management and compliance monitoring.

Cons:

If you want full visibility of risk, without needing to proactively look for issue, and need to switch between the contexts within Prisma Cloud, I may not recommend it. If visibility is your priority, there may be better alternatives out there. If the client is a small enterprise and wants to prioritize the tool being used by the developers, there are stronger competitors out there, as to my observation, Prisma Cloud is built for those with dedicated cloud security roles in mind who will spend the time tuning the tool and customising the policies.

Data Protection / GDPR concerns:

The main client where I used Prisma Cloud and worked on the integration is a bank in Europe, and they are very sensitive to data protection and GDPR, which has added some constraints to the whole integration. This would be true for any other CNAPP solution (deployed in a full SaaS mode, not using an "Outpost").

If the vendor is compromised and the permissions that it has in the client's cloud environment are compromised, this could lead to a security breach and this is a risk that must be understood and accepted when deploying a 3rd party CNAPP solution. This is true for all CNAPP vendors, not only Prisma Cloud.

AI Security:

I have not used Prisma Cloud for AI security. I know they have released some AI capabilities, however, I cannot comment on it.

We have a console set up in Prisma that scans all the cloud environments and collects data about platform, infrastructure, and app vulnerabilities.

We are responsible for app vulnerabilities, and 90 percent of the vulnerabilities were detected by other products before Prisma scans. Other scanners also do some of the same things. Prisma's ability to consolidate and identify the uniqueness of the vulnerability is a huge help. Based on the different scans, we can determine duplicate vulnerabilities.

Prisma provides visibility regardless of how complex or distributed my cloud environment becomes. It adds value, especially from the infrastructure and platform side. From an application perspective, there were many other challenges.

I wouldn't say we can protect everything with Prisma. It identifies the issue but doesn't resolve it. Protection is something else that we have to do in the cloud environment. 

We use Prisma to scan for vulnerabilities and place them in a centralized repository where they are assigned a severity. Based on that severity, App Runner will get time to fix it after something is already in production. 

One feature we like is the amount of data Prisma gives us. Some infrastructure and platform vulnerabilities in the cloud are hard to detect, and we were unaware of some of these. It's critical to shed light on these. For example, you create virtual machines and forget about them, but when you revisit them, some vulnerabilities may be detected. 

Prisma allows us to adopt a preventative approach. We can scan some containers before they go into cloud production. The only caveat is identifying the cloud environment in a production or non-production environment.

Prisma could improve the data quality. One challenge is that when an application is deployed on multiple virtual machines, we get an alert for each machine, but the biggest challenge is container flapping. When containers go up and down, we get 100 alerts on one day, but it reports 20 the next day. The numbers keep changing, and the app owners tell us, "You reported a hundred vulnerabilities from my app, and today, you report 20. I haven't made any changes in production, is your data correct or not?"

 Containers can go up and down, so it can't tell whether the container is down for good or if it was only down at the time of the scan. That's one of the biggest issues we had. The second is data deduplication because we get vulnerabilities from multiple sources through Prisma scans. A vulnerability is reported by Prisma scan and software composition analysis, SAS, DAST, or BLAST scans. You've got all these different scans reporting the same vulnerability. 

We have used Prisma Cloud for a year and a half.

Often, we don't get the data for a particular console because it's down. While we're working to fix the issue, we get the previous data and all the other stuff.

At my company, we have many resources, and I haven't had any issues with vulnerability. Prisma can scale vertically or horizontally very well.

I can't say whether Prisma has saved us money because that's not the goal. The objective of Prisma is to identify incidents inside the company. Reputation and data security are the two most important things to a financial institution. We spend money to prevent improper data usage or vulnerability exploitation. I don't know whether it can save money, but it protects our data.

I rate Prisma Cloud seven out of 10. It does do a lot of things, but the data reliability and other issues make our lives more difficult. It presents more challenges than just getting the data and porting over.

We had Azure, AWS, and a little bit of GCP, so we gave Prisma read access to all those accounts, subscriptions, etc., and monitored the alerts to mitigate risks based on what popped up in the dashboard.

While it's not our only tool, Prisma is managing about 80 percent. We still occasionally go into cloud-native tools to ensure certain compliance standards are being met. Sometimes, urgent issues need to be fixed that haven't been reported in Prisma because the native tools will catch them first. As a third-party solution, Prisma might take a little longer to build a report directory.

We had around 30 to 40 users who were a mix of cloud and DevOps engineers. There were also members of the security team who made decisions about what kind of security policies we had to follow. We used it extensively within the public cloud across all our Azure, AWS, and GCP subscriptions and projects. There was interest in using it on-premises with our vSphere environment as well. I don't know if that ever happened.

Prisma enabled us to get up-to-speed on enforcing TLS 1.2. It helped us look at different types of resources, like storage accounts and app services. I'm thinking particularly of Azure because that was my focus. I found all the resources from the Prisma list and remedied those issues so that they were displayed as resolved in Prisma.

It gave us visibility into and control over complex cloud environments, which helped us feel better about our security and secure the environment with the clinical data. Our security team was pleased when we showed them clean Prisma reports. It boosted their confidence and their comfort level that we were being compliant.

Prisma made it much easier to ensure that all of the security pieces are handled. It simplified our security issue resolution. It cut down our investigation time by giving us one place to look. It cleaned up our operations considerably because finding what resources needed to be resolved, mitigated, or updated was easier. It probably saved us several hours every week. It also saved us some money, but I couldn't quantify the savings because other environments also used it.

It helped us develop a preventative approach to security. Nine out of ten times, we could find issues that needed to be fixed ahead of time. We had a monthly meeting where we would review the high-severity alerts on the dashboard and assign people to remedy them. Once we got through the high severity alerts, we looked at mediums and low severity alerts. Prisma enabled us to identify resources we needed to fix, which was quite handy.

We were pleased with Prisma's custom and built-in reports. We could go into the dashboard and see all these notifications telling us which subscriptions didn't have TLS 1.2 enabled. The security controls were the most valuable features. 

Prisma's multi-cloud capabilities were essential. We wouldn't have used it without them. We would have just used the native cloud vendors' security solutions. Its protection of our full cloud-native stack is pretty comprehensive. I would rate it at least an eight out of ten. It stacks up well compared to the security alerts and notifications we got from solutions like Defender.

It sometimes took Prisma a little while to build queries, so new services or features wouldn't appear. It wouldn't get flagged in Prisma for a bit. It would be helpful if they sped up how quickly they got their default notifications, queries, and alerts.

The access controls for our bank roles were not granular enough. We needed specific people to do particular actions, and we often had to give some people way too much access for them to be able to do what they needed in Prisma. They couldn't do their jobs if they didn't have that level of access, so other people had to do that part for them. It would help to have more granular role-based access controls.

We used the solution for about three years at my previous company. 

Prisma seemed highly stable, but I wasn't managing the solution. I was more of a user.

Prisma seemed to scale pretty well. It covered several large environments and didn't seem to struggle when loading information for us. I think it did well.

I rate Palo Alto support a six out of ten. The support was adequate, but I can't say it was great. If we had an issue with a feature or a query, it could take them a little while to get back, especially if it was a feature improvement or a new alert. They were very slow to add new warnings and features.

Neutral

The company never had a public cloud solution before Prisma, but they had something for on-prem. I don't know what it was. They also used cloud-native solutions like Defender for Cloud and the native tool for AWS.

We switched to Prisma because we wanted a single pane of glass that would allow the security team to see security issues across all of the public cloud vendors that we used, so they wouldn't have to jump to each individual cloud vendor's tool.

I was involved in the POC several years ago. It was like a lab test. After we tested that for several months, we rolled out the official one. At that point, I was just helping them test as they tried out the product. I didn't actually install the software.

The setup seemed pretty straightforward. There were clear instructions on how we just needed to create service principles with specific permissions and then grant Prisma the credentials for the service. I think they only had about five people maintaining the Prisma environment, and each was responsible for bits and pieces of it.

I believe the company saw a return using Prisma.

I know that the guys who handled the pricing said Prisma was costly, but I don't know how that compares to other products.

I know the team evaluated other options, but I wasn't involved.

I rate Prisma Cloud an eight out of ten. Having one place to go for all of your security alerts and notifications makes it easier to solve issues than going to each vendor's security tool.

Primarily, we are attempting to secure our public cloud security posture through compliance and vulnerability scanning.

Overall, the solution is effective for helping us take a preventative approach to cloud security. We have managed to remediate thousands of high impact misconfigurations or vulnerabilities that have been detected by the tool.

It is how we are securing access to these public facing resources, i.e., how we are locking down S3 buckets, RDP to EC2 instances, or other administrative access that might otherwise allow easy compromise. The value to the business is simply just securing these cloud assets in alignment with security policies and best practices that we have defined.

The comprehensiveness of the solution is good for securing the entire cloud-native development lifecycle, across build, deploy, and run. We are exclusively an Azure DevOps shop. Thus, we are well-aligned with the capabilities that Prisma offers. Its ability to participate in and integrate with the DevOps lifecycle has been very good for us.

Prisma Cloud has enabled us to integrate security into our CI/CD pipeline and add touchpoints into existing DevOps processes. We are integrated in a handful of CI/CD pipelines at the moment. These touchpoints are fairly seamless in our DevOps processes. We are performing the scan and failing builds automatically without developer involvement, but we use the Visual Studio plugin. Therefore, developers can self-service scan their work prior to the build process. It is both seamless and on-demand for the people who choose to use it.

The integration of security into our CI/CD pipeline has affected collaboration and trust between our DevOps and SecOps teams has improved, though there is some diplomacy that has to occur there. The way that it's improved: We approached vulnerability management and cloud security posture with these teams historically by presenting them a list of findings, like a laundry list of things they need to go fix. These teams aren't staffed for moving backwards and fixing old problems, so we established a process for working with them that starts with securing net new development. We can do that without much of an ask, in terms of their time, by having these integrations into their CI/CD pipeline along with self-service scanning tools. So, we have the capability of securing new development while they are completing the lengthy task of reviewing and remediating existing deployments.

The solution provides risk clarity at runtime and across the entire pipeline, showing issues as they are discovered during the build phases. We are applying the same secure configuration baseline scans in the pipeline that we're doing for the deployed assets. Most of the time, our developers can correct these issues.

The Twistlock vulnerability scanning tool is its most valuable feature. It provides us insight into security vulnerabilities, running inside both on-premise and public cloud-based container platforms. It is filling a gap that we have with traditional vulnerability scanning tools, where we don't have the ability to scan inside containers.

Prisma Cloud provides security spanning multi- and hybrid-cloud environments. This is of critical importance to us because we have workloads in multiple cloud providers as well as having them on-premise.

The solution provides the following in a single pane of glass:

• Cloud Security Posture Management
• Cloud Workload Protection
• Cloud Network Security
• Cloud Infrastructure Entitlement Management.

These are all critical and challenges that we have faced. We have been unable to find solutions using native tools from cloud providers. We use AWS and Azure in production along with GCP in testing.

Prisma Cloud provides us with a single tool to protect all our cloud resources and applications, without having to manage and reconcile disparate security and compliance reports. The Redlock portion of the tool and reporting are better. There are still some gaps in terms of our ability to trend over time periods. However, in terms of point-in-time snapshot reporting, the tool is very good. What we have done is automated the process of compiling these trendline reports on a weekly basis to capture those metrics, then take them offline so we can build our own dashboarding to fill in the tool's gaps.

We are using the solution’s new Prisma Cloud 2.0 Cloud Security Posture Management features. These features give our security teams alerts, with context, to know exactly what are the most critical situations. This is critical because we have insight into new assets that are deployed out of spec, but have otherwise not been enabled for auto remediation. The challenge there has been that we deploy these policies, and if someone's not sitting there watching the console, then they might miss these misconfigurations where time is of the essence. The learning and context are important in order to prioritize how quickly we need to triage these findings.

The new Prisma Cloud 2.0 features provide our security teams with all the data that they need to pinpoint the root cause and prevent the issue from recurring. It is less data requirement gathering that has to happen in the middle of an incident or remediation. If the alerts themselves have all the context you need to address those, then it's just less legwork required to find the problem and fix the misconfiguration.

The alignment of Twistlock Defender agents with image repositories needs improvement. These deployed agents have no way of differentiating between on-premise and cloud-based image repositories. If I deploy a Defender agent to secure an on-premise Kubernetes cluster, that agent also tries to scan my ECR image repositories on AWS. So, we have limited options for aligning those Defenders with the repositories that we want them to scan. It is scanning everything rather than giving us the ability to be real granular in choosing which agents can scan which repositories. This is our biggest pain point.

There are little UI complexities that we work around through the API or exporting.

I have been using it for about nine months.

In general, the stability is very good. As a SaaS tool, we have high expectations for how it performs, and we did have some growing pains in that regard around the console upgrade in October. 

The work that we have ongoing maintenance-wise is from a policy perspective. We have custom policies that we deploy above and beyond the CIS Benchmark policies deployed with the tool. As we deploy new services, start to use new tools, and as the cloud vendors roll out new services, there is policy work which goes along with that. However, the bulk of the work is still in meeting with business units who are responsible for deploying these applications and keeping them on track with their remediation activities.

The scalability is very good. The notable exception is on the Lambda function side. We have had some challenges with its ability to scale up and scan all versions of deployed functions in a timely fashion. Otherwise, in the container space and public cloud space on the RedLock side, it has been very good in terms of scaling up to meet our demands.

25 people use this solution. Seven of those would be people on the cloud SecOps team, and the balance of them would be a mix of developers, DevOps engineers, and incident response.

There are dozens more pipelines for us to integrate with. The bulk of the growth will be organic to new app teams, who are in different business units in the enterprise.

The technical support is pretty good. In most instances, they are responsive. They meet their SLAs. They are eager to engage with R&D or their engineering teams when necessary to escalate issues. 

Prisma Cloud provides the visibility and control that we need, regardless of how complex or distributed our cloud environments become. Our security and compliance postures are significantly improved through the implementation of this tooling, mostly because we had poorly supported open source tooling acting in this capacity previously. We were using the Scout2, because it was free, which was not nearly as fully featured or capable.

I have led this team since the beginning. The initial setup was harder when we did it than it is now. We had to go through individual AWS accounts, configuring IAM permissions and things like that, on an account by account basis. Whereas now, that happens automatically through AWS Organizations integration. While the setup was good then, it is better now.

It took us three months to have all the resources onboarded.

Our implementation strategy varied because there are so many elements of the tooling. We started with RedLock and the public cloud compliance pieces, starting with the sandbox accounts and validating the results and things of that nature. We then moved out to the larger Cloud COE as a whole and started onboarding production accounts. After that, we started meeting with the COE and app teams to socialize the findings and explain the remediation steps and go through all of that.

We broke the Twistlock stuff into a separate project phase. The deployment approach there was similar to the implementation strategy. We started with the sandbox teams and public facing apps, socializing the findings, then going through the vulnerability structure and compliance structure with them. Once we had established a rapport with them and they understood the goals of the program, then we started pushing for integration into the CI/CD pipelines, etc.

We have seen ROI. I feel like it is a good value. I am not going to say for sure that we couldn't have leveraged the same results from one of the competing platforms, but you don't need to prevent many security incidents to realize the value of an investment like this. We have identified and secured many misconfigurations and remediated a lot of vulnerabilities that I feel like we have gotten our value out of the tool.

Prisma Cloud has reduced our runtime alerts by 25 percent through the nature of developers being able to fix their own code by shifting the responsibility of identifying misconfigurations and vulnerabilities. Fewer runtime alerts are making it to runtime because they are fixing security or compliance issues earlier in the process.

Our alert investigation time is much better and has been reduced by 75 percent.

The pricing and licensing are expensive compared to the other offerings that we considered.

We also looked at Aqua Security and Rapid7 DivvyCloud. Capabilities-wise, these commercial solutions have similar offerings. The two primary differentiators with Palo Alto were:

1. It was by far the most mature solution. They had acquired that maturity through getting the most baked startups, then rebranding and rolling them under the Prisma banner. So, they were the most mature platform at the time. 
2. There was an element of wanting to have that single pane of glass management. They had a SaaS solution that we felt would scale to our large cloud environment. 

Have a clear plan for how you will structure your policies, then decide right from the get-go if you will augment the delivered policies with your custom ones to minimize the amount of rework that you need to do. Likewise, make sure that the ticketing application that you are planning to integrate with, if you're going to track remediation activities, is one that is supported. If not, have a plan for getting that integration going quickly.

Biggest lesson learnt: Do better planning for that third-party and downstream integration that you will be doing with your ticketing platform. Right out of the gate, our options were rather limited for integration and ticketing. It seemed to be geared around incident handling or incident response more than compliance management or vulnerability response.

The solution is comprehensive for protecting the full cloud native stack. It covers nearly all of our use cases. The gaps present are more a function of API visibility that we get from Azure, for example. As they roll out or make generally available new services, there is a lag time in the tool's ability to ingest those services. However, I think that is more a function of the cloud platforms than Prisma Cloud.

This solution is a strong eight out of 10.