Prisma Cloud by Palo Alto Networks Reviews

Primarily the intent was to have a better understanding of our cloud security posture. My remit is to understand how well our existing estate in cloud marries up to the industry benchmarks, such as CIS or NIST, or even AWS's version of security controls and benchmarks.

When a stack is provisioned in a cloud environment, whether in AWS or Azure or Google Cloud, I can get an appreciation of how well the configuration is in alignment with those standards. And if it's out of alignment, I can effectively task those who are accountable for resources in clouds to actually remediate any identifiable vulnerabilities.

The solution is really comprehensive. Especially over the past three to four years, I was heavily dependent on AWS-native toolsets and config management. I had to be concerned about whether there were any permissive security groups or scenarios where logging might not have been enabled on S3 buckets, or if we didn't have encryption on EBS volumes. I was quite dependent on some of the native stacks within AWS.

Prisma not only looks at the workloads for an existing cloud service provider, but it looks at multiple cloud service providers outside of the native stack. Although the native tools on offer within AWS and Azure are really good, I don't want to be heavily dependent on them. And with Google, where they don't have a security hub where you can get that visibility, then you're quite dependent on tools like Prisma Cloud to be able to give you that. In the past, that used to be Dome9 or Evident.io. Palo Alto acquired Evident.io, and that became rebranded as this cloud posture management solution. It's proven really useful for me.

It integrates capabilities across both cloud security posture management and cloud workload protection. The cloud security posture management is what it was initially intended for, looking at configuration of cloud service workloads for AWS, Azure, Google, and Alibaba. And you can look at how the configuration of certain workloads align to standards of CIS, NIST, PII, etc.

And that brings our DevOps and SecOps teams closer together. The engineering aspect is accountable for provisioning dedicated accounts for cloud consumers within the organization. There might be just an entity within the business that has a specific use case. You then want to go to ensure that they take accountability for building their services in the cloud, so that it's not just a central function or that engineering is solely responsible. You want something of a handoff so that consumers of cloud within the organization can also have that accountability, so that it's a shared responsibility. Then, if you're in operations, you have visibility into what certain workloads are doing and whether they're matching the standards that have been set by the organization from a risk perspective.

You've also got the software engineering side of the business and they might just be focused on consuming base images. They may be building container environments or even non-container environments or hosting VMs. They also have a level of accountability to ensure that the apps or packages that they build on top of the base image meet a certain level of compliance, depending on what your business risk-appetite is. So it's really useful in that you've got that shared accountability and responsibility. And overall, you can then hand that off to security, vulnerability management, or compliance teams, to have a bird's-eye view of what each of those entities is doing and how well they're marrying up to the expected standards.

Prior to Prisma cloud, you'd have to have point solutions for container runtime scanning and image scanning. They could be coupled together, but even so, if you were running multiple cloud service providers in parallel, you could never really get the whole picture from a governance perspective. You would struggle to actually determine, "Okay, how are we doing against the CIS benchmark for Azure, GCP, and AWS, and where are the gaps that we need to address from a governance and a compliance perspective so as to reduce our risk and the threat landscape?" Now that you've got Prisma Cloud, you can get that holistic view in a single pane of glass, especially if you're running multiple cloud workloads or a number of cloud workloads with one cloud service provider. It gives you the ability to look at private, public, or hybrid offerings. It saves me having to go to market and also run a number of proofs of concepts for point solutions. It's an indication of how the market has matured and how Palo Alto, with Prisma Cloud in particular, understands what their consumers and clients want.

It can certainly help reduce alert investigation times, because you've got the detail that comes with the alert, to help remediate. The level of detail offered up by Prisma Cloud, for a given engineer who might not be that familiar with a specific type of configuration or a specific type of alert, saves the engineer having to delve into runbooks or online resources to learn how to remediate a particular alert. You have to compare it to a SIEM solution where you get an event or an alert is triggered. It's usually based on a log entry and the engineer would have to then start to investigate what that alert might mean. But with Prisma Cloud and Prisma Cloud Compute, you get that level of detail off the back of every event, which is really useful.

It's hard to quantify how much time it might save, but think about the number of events and what it would be like if they didn't have that level of detail on how to remediate, each time an event occurred. Suppose you had a threshold or a setting that was quite conservative, based on a particular cloud workload, and that there were a number of accounts provisioned throughout the day and, for each of those accounts, there were a number of config settings that weren't in alignment with a given standard. For each of those events, unless there was that level of detail, the engineer would have to look at the cloud service provider's configuration runbooks or their own runbooks to understand, "Okay, how do I change something from this to this? What's the polar opposite for me to get this right?" The great thing about Prisma Cloud is that it provides that right out-of-the-box, so you can quickly deduce what needs to be done. For each event, you might be saving five or 10 minutes, because you've got all the information there, served up on a plate.

For me, what was valuable from the outset was the fact that, regardless of what cloud service provider you're with, I could segregate visibility of specific accounts to account owners. For example, at AWS, you might have an estate that's solely managed by yourself, or there might be a number of teams within the organization that do so.

You can also integrate with Amazon Managed Services. You can also get a snapshot in time, whether that's over a 24-hour period, seven days, or a month, to determine what the estate might look like at a certain point in time and generate reports from that for vulnerability management forums. In addition to that, I can get a snapshot of what I deemed were the priority vulnerabilities, whether it was identity access management, key rotation, or secrets management. Whatever you deem to be a priority for mitigating threats for your environment, you can get that as a snapshot.

You can also automate how frequently you want reports to be generated. You can then understand whether there has been any improvement or reduction in vulnerabilities over a certain time period.

The solution also enables you to ingest logs to your preferred SIEM provider so that you've got a better understanding of how things stack up with event correlation and SIEM systems.

If you've got an Azure presence, you might be using Office 365 and you might also have a presence in Google Cloud for the data, specifically. You might also want to look at scenarios where, if you're using tools and capabilities for DevOps, like Slack, you can plug those into Prisma Cloud as well to understand how well they marry up to vulnerabilities. You can also use it for driving out instant vulnerabilities into Slack. That way, you're looking at what your third-party SaaS providers are doing in relation to certain benchmarks. That's really useful as well.

In addition, an engineer may provision something like a shared service, a DNS capability, a sandbox environment, or a proof of concept. The ability to filter alerts by severity helps when reporting on the services that have been provisioned. They'll come back as a high, medium, or low severity and then I ensure that we align with our risk-appetite and prioritize higher and medium vulnerabilities so that they are closed out within a given timeframe.

When it comes to root cause, Prisma Cloud is quite intuitive. If you have an S3 bucket that has been set to public but, realistically, it shouldn't have been, you can look at how to remediate that quite intuitively, based on what the solution offers up as a default setting. It will offer up a way to actually resolve and apply the correct settings, in line with a given standard. There's almost no thinking involved. It's on-point and it's as if it offers up the specific criteria and runbooks to resolve particular vulnerabilities.

That assists security, giving them an immediate way to resolve a given conflict or misalignment. The time-savings are really incomparable. If you were to identify a vulnerability or a risk, you might have to draw up what the remediation activity should look like. However, what Prisma Cloud does is that it actually presents you with a report on how to remediate. Alternatively, you can have dynamic events that are generated and applied to Slack, for example. Those events can then be sent off to a JIRA backlog or the like. The engineers will then look at what that specific event was, at what the criteria are, and it will tell them how to remediate it without their having to set time aside to explain it. The whole path is really intuitive and almost fully automated, once it's set up.

One scenario, in early days, was in trying to get a view on how you could segregate account access for role-based access controls. As a DevSecOps squad, you might have had five or six guys and girls who had access to the overall solution. If you wanted to hand that off to another team, like a software engineering team, or maybe just another cloud engineering team, there were concerns about sharing the whole dashboard, even if it was just read-only. But over the course of time, they've integrated that role-based access control so that users should only be able to view their own accounts and their own workloads, rather than all of the accounts.

Another concern I had was the fact that you couldn't ingest the accounts into Prisma Cloud in an automated sense. You had to manually integrate them or onboard them. They have since driven out new features and capabilities, over the last 12 months, to cater for that. At an organizational level you can now plug that straight into Prisma Cloud, as and when new accounts are provisioned or created. Then, by default, the AWS account or the Azure account will actually be included, so you've got visibility straight away.

The lack of those two features was a limitation as to how far I could actually push it out within the organization for it to be consumed. They've addressed those now, which is really useful. I can't think of anything else that's really causing any shortcomings. It's everything and more at the moment.

I've been using Prisma Cloud for about 12 months now

It's pretty straightforward to run an automated setup, if you want to go down that route. The capabilities are there. But in terms of how we approached it, it was like a plug-and-play into our existing stack. Within AWS, you just have to point Prisma Cloud at your organizational level so that you can inherit all the accounts and then you have the scanning capability and the enforcement capability, all native within Prisma Cloud. There's nothing that we're doing that's over and above, nothing that we would have to automate other than what is actually provided natively within Prisma Cloud. I'm sure if you wanted to do additional automation, for example if you wanted to customize how it reports into Slack or how it reports into Atlassian tools, you could certainly do that, but there's nothing that is that complex, requiring you to do additional automation over and above what it already provides.

I haven't gone about calculating what the ROI might be.

But just looking at it from an operational engineering perspective and the benefits that come with it, and when it comes to the governance and compliance aspects of running AWS cloud workloads, I now put aside half an hour or an hour on a given day of the week, or alternative days of the week. I use that time to look at what the client security posture is, generate a number of reports, and hand them off to a number of engineering teams, all a lot quicker than I used to be able to do so two or three years ago.

In the past, at times I would have had to run Trusted Advisor from AWS, to look at a particular account, or run a number of reports from Trusted Advisor to look at multiple accounts. And with Trusted Advisor, I could never get a collective view on what the overall posture was of workloads within AWS. With Prisma Cloud, I can just select 30 AWS accounts, generate one report, and I've got everything I need to know, out-of-the-box. It gives me all the different services that might be compliant/non-compliant, have passed/failed, and that have high, medium, or low vulnerabilities. It has saved me hours being able to get those snapshots.

I can also step aside by putting an automated report in place and receive that on a weekly basis. I've also got visibility into when new accounts are provisioned, without my having to keep tabs on whether somebody has just provisioned a new account or not. The hours that are saved with it are really quite high.

As it stands now, I think things have moved forward somewhat. Prisma and the suite of tools by Palo Alto, along with the fact that they have integrated Prisma Cloud Compute as a one-stop shop, have really got it nailed. They understand that not all clients are running container workloads. They bring together point solutions, like what used to be Twistlock, into that whole ecosystem, alongside a cloud security posture management system, and they'll license it so that it's favorable for you as a consumer. You can think about how you can have that presence and not then be dependent on multiple third-parties.

Prisma cloud was originally destined for cloud security posture management, to determine how the configuration of cloud services aligns with given standards. Through the evolution of the product, they then integrated a capability they call Prisma Cloud Compute. That is derived from point solutions for container and image scanning. It has the capabilities on offer within a single pane of glass.

Prior to the given scenario with Prisma Cloud, you'd have to either go to Twistlock or Aqua Security for container workloads. If you were going open source, obviously that would be free, but you'd still have to be looking at independent point solutions. And if you were looking at governance and compliance, you'd have to look at the likes of Dome9, Evident.io, and OpenSCAP, in a combination with Trusted Advisor. But the fact that you can just lean into Prisma Cloud and have those capabilities readily available, and have an account manager that is priced based on workloads, makes it a favorable licensing model.

It also makes the whole RFP process a lot more streamlined and simplified. If you've got a purchasing specialist in-house, and then heads-of-functions who might have a vested interest in what the budget allocation is, from either a security perspective or from a DevOps cloud perspective, it's really quite transparent. They work the pricing model in your favor based on how you want to actually integrate with their products. From my exposure so far, they have been really flexible on whatever your current state is, with a view to what the future state might be. There's no hard sell. They "get" the journey that you're on, and they're trying to help you embrace cloud security, governance, and compliance as you go. That works favorably for them as well, because the more clients that they can acquire and onboard, the more they can share the experience, helping both the business and the consumer, overall.

Prior to Prisma cloud, I was looking at Dome9 and Evident.io. Around late 2018 to early 2019, Palo Alto acquired Evident.io and made it part of their Prisma suite of security tools.

At the time, the two that were favorable were Evident.io and Dome9, side-by-side, especially when running multiple AWS accounts in parallel. At the time, it was Dome9 that came out as more cost-effective. But I actually preferred Evident.io. It just happened to be that we were evaluating the Prisma suite and then discovered that Palo Alto had acquired Evident.io. For me that was really useful. As an organization, if we were already exploring the capabilities of Palo Alto and had a commercial presence with them, to then be able to use Prisma Cloud as part of that offering was really good for me as a security specialist in cloud. Prior to that, if as an organization you didn't have a third-party cloud security posture management system for AWS, you were heavily dependent on Trusted Advisor.

My advice is that if you have the opportunity to integrate and utilize Prisma Cloud you should, because it's almost a given that you can't get any other cloud security posture management system like Prisma Cloud. There are competitors that are striving to achieve the same types of things. However, when it comes to the governance element for a head of architecture or a head of compliance or even at the CSO level, without that holistic view, if you use one of them you are potentially flying blind. 

Once you've got a capability running in the cloud and the associated demand that comes through from the business to provision accounts for engineers or technical service owners or business users, the given is that not every team or every user that wants to consume the cloud workload has the required skill set to do so. There's a certain element of expertise that you need to securely run cloud workloads, just as is needed for running applications or infrastructure on-premise. However, unless you have an understanding of what you're opening up to—the risk element to running cloud workloads, such as a potential attacks or compromise of service—from an organizational perspective, it's only a matter of time before something is leaked or something gets compromised and that can be quite expensive to have to manage. There are a lot of unknowns. 

Yes, they do give you capabilities, such as Trusted Advisor, or you might have OpenSCAP or you might be using Forseti for Google Cloud, and there are similar capabilities within Azure. However, the cloud service providers aren't native security vendors. Their workloads are built around infrastructure- or platform-as-a-service. What you have to do is look at how you can complement what they do with security solutions that give you not just the north-south view, but the east-west as well. You shouldn't just be dependent on everything out-of-the-box. I get the fact that a lot of organizations want to be cloud-first and utilize native security capabilities, but sometimes those just don't give you enough. Whether you're looking at business-risk or cyber-risk, for me, Prisma Cloud is definitely out there as a specialist capability to help you mitigate the threat landscape in running cloud workloads.

I've certainly gone from a point where I understood what the risk was in not having something like this, and that's when I was heavily dependent on native tools that are offered up with cloud service providers. 

The first release that came out didn't include the workload management, because what happened, I believe, was that Palo Alto acquired Twistlock. Twistlock was then "framed" into cloud workload management within Prisma Cloud. What that meant was that you had a capability that looks at your container workloads, and that's called Prisma Cloud Compute, which is all available within a single pane of glass, but as a different set of capabilities. That is really useful, especially when you're running container workloads.

In terms of securing the entire development life cycle, if you integrate it within the Jenkins CI/CD pipeline, you can get the level of assurance needed for your golden images or trusted image. And then you can look at how you can enforce certain constraints for images that don't match the level of compliance required. In terms of going from what would be your image repository, when that's consumed you have the capability to look at what runtime scanning looks like from a container perspective. It's not really on par with, or catering to, what other products are looking at in terms of SAST and DAST capabilities. For those, you'd probably go to the market and look at something like Veracode or WhiteHat.

It all depends on the way an organization works, whether it has a distributed or centralized setup. Is there like a central DevOps or engineering function that is a single entity for consuming cloud-based services, or is there a function within the business that has primarily been building capabilities in the cloud for what would otherwise be infrastructure-as-a-service for internal business units? The difficulty there is the handoff. Do you look at running it as a central function, where the responsibility and the accountability is within the DevOps teams, or is that a function for SecOps to manage and run? The scenario is dependent on what the skill sets are of a given team and what the priorities are of that team. 

Let's say you have a security team that knows its area and handles governance, risk, and compliance, but doesn't have an engineering function. The difficulty there is how do you get the capability integrated into CI/CD pipelines if they don't have an engineering capability? You're then heavily relying on your DevOps teams to build out that capability on behalf of security. That would be a scenario for explaining why DevOps starts integrating with what would otherwise be CyberOps, and you get that DevSecOps cycle. They work closer together, to achieve the end result. 

But in terms of how seamless those CI/CD touchpoints are, it's a matter of having security experts that understand that CI/CD pipeline and where the handoffs are. The heads of function need to ensure that there's a particular level of responsibility and accountability amongst all those teams that are consuming cloud workloads. It's not just a point solution for engineering, cloud engineering, operations, or security. It's a whole collaboration effort amongst all those functions. And that can prove to be quite tricky. But once you've got a process, and the technology leaders understand what the ask is, I think it can work quite well.

When it comes to reducing runtime alerts, it depends on the sensitivity of the alerting that is applicable to the thresholds that you set. You can set a "learning mode" or "conservative mode," depending on what your risk-appetite is. You might want it to be configured in a way that is really sensitive, so that you're alerted to events and get insights into something that's out of character. But in terms of reducing the numbers of alerts, it all depends on how you configure it, based on the sensitivity that you want those alerts to be reporting on.

I would rate Prisma Cloud at eight out of 10. It's primarily down to the fact that I've got a third-party tool that gives me a holistic view of cloud security posture. At the click of a button I can determine what the current status is of our threat landscape, in either AWS or Azure, at a conflict level and at a workload level, especially with regards to Prisma Cloud Compute. It's all available within a single pane of glass. That's effectively what I was after about two or three years ago. The fact that it has now come together with a single provider is why I'd rate it an eight.

We are using CSPM, IM Security, and Cloud Workload Protection modules.

There are different use cases for Prisma Cloud. Our use case for the CSPM module is to assess compliance with standards such as HIPAA and GDPR, based on our current cloud CSV vendor and configuration. We need to use a CSPM tool to calculate the risk score associated with our current compliance posture.

Some of the reasons we implemented Prisma Cloud were to find the total number of assets in the compliance asset inventory and use the CSPM to assess our workload security. If we have a container environment, we can secure it using cloud workload protection. Additionally, IM Security can help us to determine if our saved credentials are exposed to the public network.

Prisma Cloud provides security for multi- and hybrid-cloud environments. This is the best use case for supporting multi-cloud vendors because, even if we have different cloud service providers, such as AWS, Azure, or GCP, we can manage and view all data in a single, consolidated screen.

All cloud service providers have limitations when it comes to cloud-native stack visibility. Prisma Cloud integrates with all CSPs, switches and correlates the data, and provides complete configuration details for alerts and incidents.

Prisma Cloud's security automation capabilities are effective, allowing us to specify our audit criteria and key configuration audit parameters to detect and automatically remediate misconfigurations. We also have playbooks to automate remediation.

It helps us take a preventative approach to cloud security. We recently received an incident alert for a resource with a security group that allows all ports, which is not a best practice. We will send a notification to the DevOps team and make a change to only allow the necessary ports. We can also automate this process to automatically remove all port access and only allow specific limited ports. Additionally, we can proactively define security keys for our servers and identify and fix vulnerabilities.

We have improved our organization in many ways. The first benefit is that we have from Prisma Cloud a complete asset inventory of all our cloud resources across all CSP vendors. This includes the number of assets and the number of VM instances currently running. This is a valuable use case, as it provides us with visibility into our entire cloud environment. The second benefit is that Prisma Cloud can help us identify misconfigured assets. This is also a valuable use case, as it helps us to ensure that our cloud resources are configured securely. The third benefit is that Prisma Cloud can help us to identify unusual access to our cloud resources. This can be helpful in identifying and responding to security threats. For example, if a user logs into a cloud instance from India and then two hours later logs into the same instance from the US, this could be a sign that the user's account has been compromised. Prisma Cloud can alert us to this type of activity so that we can investigate and take appropriate action.

The comprehensiveness in securing the entire cloud-native development lifecycle is great. We have integrated this solution with our CI/CD pipeline tools, so it scans and validates code in real-time, only allowing legitimate code to be processed further and executed.

It provides us with the visibility and control we need. At first, we may receive many alerts, but once we fine-tune them to generate genuine alerts only for legitimate traffic, our confidence in our security and compliance posture increases.

It also makes it easy to integrate our security with our existing CI/CD pipeline.

Prisma Cloud provides us with a single tool to protect all of our cloud resources and applications without having to manage and reconcile security tools.

Prisma Cloud provides clear visibility into risks at runtime and across the entire pipeline, showing issues as they are discovered. Our developers are able to correct the issues using just a few tools.

Prisma Cloud has reduced our runtime alerts by 20 percent. It reduced our alert investigation time to ten minutes. It also has saved us between 30 to 40 percent of our costs.

CSPM is the most valuable feature for any organization that runs its workloads in the cloud. CSPM can audit the current cloud configuration, identify misconfigurations, and assess risk.

If a customer is already running their workloads in the cloud and wants to secure them, Defender emails can be used to easily identify potential risks. Additionally, the CI/CD pipeline can be scanned to identify any vulnerabilities in the code that developers have written. When code is uploaded, it will be validated and only legitimate code will be applied to the production application. This means that no vulnerabilities will be present in the code.

CSPM can also be used to scan existing infrastructure for vulnerabilities.

The IM security has room for improvement. I would like more important features added.

I have been using Prisma Cloud by Palo Alto Networks for three years.

Prisma Cloud is stable.

Prisma Cloud is scalable.

The technical support is good.

Positive

The initial deployment was straightforward. All components can be deployed in one day, but the CSPM alone only takes half an hour.

Ten people were required for the deployment.

Prisma Cloud is more expensive than some other solutions, but when we consider all of its use cases, the cost averages out.

I would rate Prisma Cloud by Palo Alto Networks nine out of ten.

In terms of our location, we have different cloud service providers, such as AWS and Azure. The majority are AWS and Azure, where we have integrated Prisma Cloud. In terms of Docker and containers, we have integrated some types of labs and CI/CD parts. Therefore, we currently manage both AWS and Azure, as well as a few GCP parts, within a single console.

We have over 50 users.

Prisma Cloud requires maintenance and the OEM initially notifies us of the priority and schedule for maintenance.

We have cloud security posture management and CWPP.  We are also using Cortex, another Palo Alto product. We needed another cloud security tool to create an additional security layer on our CSPM solution. It's essential to secure our infrastructure against any zero-day attacks. 

We needed a cloud security tool to identify misconfigurations in our cloud infrastructure. We were using AWS Cloud Cover since we only had one cloud provider. We onboarded the SysTrack and were able to find the most configurations. In a short period of time, we detected the issues and got alerts.

Before we implemented Prisma Cloud, we were unable to detect misconfigurations based on the policies that we set up. Prisma has that capability. You can add custom policies, and the tool can handle the reconfiguration. 

You can also get feedback from the customer's side about custom policies that can be added on Prisma. We can see the custom policies contributed by other organizations, which has upskilled my knowledge. The primary benefit is the layer of security added to our other infrastructure. 

We started seeing the benefits immediately once the solution was fully deployed. After about a month, we could start digesting data into the tool. Then, we started enabling all the features that we secured for other organizations. After around two months, we could use the features and see the things we were unable to detect. We were able to set up remediation on the tool. Other teams like the developers and tech ops were able to get the details over Jira since it was integrated with SysTrack. 

Our development lifecycle was already prebuilt, and Prisma has absorbed it. There's nothing that Prisma doesn't cover or that isn't reported to the organization. The developers are able to see best practices for any type of resource. They secured training from the product team, and Palo Alto's developers attended it. They shared their knowledge base so we could make the right decisions about resources before making any changes to the AWS cloud.

Prisma can provide solid visibility even if your cloud infrastructure is complex. It can divide the infrastructure into different parts to give you visibility into vulnerability management, configurations, or workload protection. It doesn't matter how complex your cloud infrastructure is. Prisma can digest it and provide the right guidance.

Prisma was able to quickly integrate and onboard our account. As a fintech company, we need a cloud security tool with modules that can benefit the organization. It has a feature that gives you recurring reports for a specified period. 

The solution is handy for the team that handles the Jira tickets because it enables them to automate the tickets. We had to add them manually in the past, so Prisma has absorbed a significant chunk of their workload. It helps us to discover risks throughout the pipeline using the CWPP features. You can quickly identify a misconfiguration and resolve it. In addition to the features it adds, Prisma has helped us to solve tickets faster.

It creates an alert in under a minute. The software team receives this and notifies the owner of the resource within five minutes and resolves the issue according to the SLA. It helps us resolve zero-day cases. It would cost us a lot of money. Prisma helps us to resolve those issues promptly. 

I like Prisma's ability to integrate with other tools. We can integrate it with Jira so that when Prisma triggers an alert, it opens a ticket in Jira. That was a big selling point for the product. There's a feature called the guest custom template that allows you to trigger alerts in Jira based on the template. That can also be added as a feature on Jira.  

Prisma can work with multiple cloud types and hybrid environments. We use AWS, but Prisma also offers hybrid or multi-cloud features. You can onboard AWS, Azure, GCP, or any other cloud provider. You can do more with Prisma than basic cloud scanning. It can detect and handle misconfiguration on the local network or the cloud. 

The solution can control access and automate some tasks. For example, if any automation needs to be built on any of the API calls, we can have a consolidated page for any processes that need to use the API. You can use the APA. Once you establish console access, you can build automation and integrate it with Prisma.

The CSPM module has so many features for developing a preventative approach that you don't need to look to any others, but the IAC security module lets you store infrastructure as code securely. You can scan an IAC template from a tool like Terraform and compare it with the CSPM modules. 

I have one example of a threat that Prisma proactively prevented. In 2021, Prisma discovered and resolved a Log4J vulnerability shortly after it was introduced. 

It would be nice if Prisma Cloud merged its modules for CSPM and infrastructure as code. It would simplify the pricing and make it easier for customers to evaluate the solution because there are different modules, and you need to add it to your subscription separately. 

Overall, Prisma is continuously improving. They do feature requests by allowing the users to vote on things. If a recommendation receives enough votes, they will add it to the solution. 

We have used Prisma Cloud for two-and-a-half years

Prisma Cloud is stable. I've never experienced any downtime aside from the scheduled maintenance window. 

Prisma Cloud is scalable. You can add a hundred master accounts more than on the SysTrack Lab.

I rate Palo Alto support nine out of 10. Their product team has been helpful. I just had a conversation with them. They answer all my questions even if it's after hours. When you send them a message, you get a response in a minute or two. 

Positive

We had previously used PingSafe. I feel like switching to Prisma was the right decision. PingSafe lacked multiple features that Prisma has. After we did our PoC with Prisma, we found that these features added value to our cloud infrastructure security. Once we switched, we noticed an improvement at the management level. We also reduced the number of data tickets that we needed to manually create.

In the first phase, we did a PoC, and the initial deployment took around a month. We worked with Palo Alto's customer success and technical teams. We worked closely with them in the first year, but after that, our deployment was highly mature, so we didn't need to bug them so much. All of the implementation steps were provided by email. Two members of our team were involved. 

Prisma is a cloud-based solution, so it requires no maintenance on our side once it's deployed. Maintenance is handled during a scheduled window, and they send us advance notification the day before.  

Prisma costs a little more than our previous solution, but it has more features. Our previous solution lacked the features we expect from a CSPM tool.

We didn't look at anything else once we learned about this product and did a PoC. And once we evaluated Prisma, we discussed it internally with our team and made the decision to book it. 

I rate Prisma Cloud nine out of 10. If you're considering Prisma, I suggest starting with a PoC. Consider all the features and go for the ones that are suitable for your organization and add value. You could adopt the solution blindly, but there are some additional costs for the add-ons. 

We are a Palo Alto Alliance partner and our clients are Fortune 500 companies. We utilize a multi-cloud network architecture, with the primary constraint being the inability to manage everything through a single interface. By implementing uniform guardrails, we address the issue of inconsistent security policies when using native cloud security controls. This is one of the key considerations. Additionally, we employ micro-segmentation using cloud network security modules of Prisma Cloud to minimize the attack surface for various workloads.

The primary use case that was lacking was a single pane of glass. Additionally, prior to implementing Prisma Cloud, we used to manually perform these tasks using AWS CloudFormation Templates or Azure Resource Manager Templates. However, Prisma Cloud helped us address this issue by providing a unified administration interface. One of the problems we faced was the inability to view vulnerabilities across different cloud workloads and compare risks across different platforms. These were the challenges we encountered before deploying Prisma Cloud. While we didn't completely solve all of them after implementing Prisma Cloud, we did make significant progress in that regard.

Prisma Cloud offers security scanning for various cloud environments. In some client environments, there is only a single cloud, so the fact that Prisma Cloud can scan multiple clouds doesn't make a significant difference. These clients have a limited presence in the cloud, with few workloads or resources deployed. Consequently, it doesn't provide substantial value in such cases. However, for large companies, manufacturing companies, or companies with significant IT intellectual property in the cloud, with multiple tenants and a widespread cloud presence across different regions and replication, deploying a solution like Prisma Cloud becomes necessary.

Prisma Cloud enables us to adopt a proactive approach to cloud security. It goes beyond providing visibility and monitoring capabilities by offering a wide range of auto-remediation features. It provides numerous security controls and the ability to enforce commonly configured guardrails, primarily in monitoring mode. It is a comprehensive product that caters not only to detection but also prevention.

Prisma Cloud has helped reduce the number of people required to support or manage these cloud platforms, especially in terms of security. So now, instead of needing three different individuals to manage three different clouds, it may be possible to use just one resource to handle all three clouds, particularly focusing on security. This approach facilitates resource reduction, which is especially beneficial for clients operating within tight budgets. Additionally, there's the advantage of having a single pane of glass, where we can access various informative graphs, charts, and reports. These resources assist in explaining technical matters to non-technical leadership, making it easier to articulate concepts and insights to executives and other non-technical individuals. Personally, this has been helpful for me and our organization. The benefits for clients vary depending on the size of the environment. Personally, when we started using Prisma Cloud as an offering, it took two and a half to three months, which was the rough estimate. However, back then, not all the modules that are available today existed. So those numbers might have changed if all the modules were available at that time.

Prisma Cloud offers the visibility and control we require, regardless of the complexity or distribution of our cloud environments. Since it is built on top of these existing clouds and utilizes many of the services provided by large-scale cloud platforms, there is typically no issue with visibility. Regardless of the complexity of the environment, we always achieve visibility. The way we store and analyze the data, as well as how we visualize information, depends on the operator of the tool. Prisma Cloud is a reliable tool that never fails.

Prisma Cloud enables us to integrate security into our CI/CD pipeline. We primarily use it for the container. We have integrated image scanning and registry scanning into our CI/CD pipelines, specifically Azure DevOps. The DevSecOps team is responsible for managing this process.

Prisma offers us a unified tool that safeguards all our cloud resources and applications, eliminating the need to handle and reconcile separate security and compliance reports, with the exception of billing costs and management. From a security perspective, we haven't encountered any other reports for the majority of our clients. While a few clients may have additional requirements, Prisma Cloud efficiently handles all of those as well.

Prisma has reduced runtime alerts.

Prisma has reduced the time required for alert investigation. We now have a comprehensive understanding of the entire lifecycle of where things went wrong or which part of the runtime or execution for a specific process went wrong, particularly in terms of security.

Prisma Cloud has saved us money by reducing resources. 

Cloud security posture management is the preferred feature among other vendors.

There is room for improvement on the logging and monitoring front because it's still not as holistic as I would want it to be. Especially in the sense that we have different modules within Prisma Cloud, but then the visibility that we get from the output of each of these modules cannot be stitched together. Perhaps we could deploy something like a SIEM or SOAR platform to get this telemetry. As of now, we are lacking that part. So now I'm sure that was not the primary intent for that. It would really make a difference if Palo Alto Networks improves this.

The identity-based micro-segmentation in our cloud-native services requires a significant improvement. It fails to address many of the problems that its predecessor used to solve. Previously, there was identity-based micro-segmentation, but it was phased out, reaching its end-of-life and end-of-support. Now, we have cloud network security, which lacks a crucial feature that IBM used to offer. This is something we strongly desire, as we have had multiple discussions with Palo Alto regarding this matter. I am uncertain if there is a roadmap for implementing this feature, but the cloud network security module requires a substantial upgrade.

I have never encountered any challenges regarding any modules. Occasionally, they do undergo planned maintenance outages, but those are well-communicated in advance. Therefore, I don't consider them to be challenging. Prisma Cloud is reliable, and I would rate its stability at nine out of ten.

I would rate the scalability of Prisma Cloud as an eight out of ten. The only concern lies not with Prisma itself, but rather with the existing client environment. Many clients have flawed infrastructures, making it challenging to achieve the level of optimization required to fully realize the benefits of Prisma Cloud. However, this issue cannot be attributed to Prisma.

We extensively contacted technical support because we used to experience numerous issues. However, our main purpose is to inquire about additional capabilities and make minor tweaks. The tech support provided by Palo Alto is excellent, without a doubt. This could be one of the reasons why Prisma Cloud is relatively expensive. 

We are an advanced partner, rather than an end user, which grants us easier access to technical support compared to clients. However, based on feedback from our clients, their technical support is exceptional.

Positive

The initial setup is straightforward. In the beginning, we used professional services for a couple of clients but now we do it all in-house. 

The implementation is completed in-house.

From a security standpoint, we have significantly enhanced our client's security posture by implementing Prisma Cloud. However, we still need to assess the return on investment. While we have achieved notable resource reduction, it remains uncertain whether it has yielded a better long-term ROI.

Prisma Cloud is remarkably expensive. Not everyone can afford it, without a doubt. Although we don't directly sell the product, we occasionally engage in reselling certain components, and it requires significant effort to make sales. There's no denying that it's expensive.

I evaluated Snyk, which is a competitively priced product. However, I personally am not very familiar with how it works or the benefits gained by the different clients I've worked with, as I haven't had much experience with it. I conducted a couple of use cases and found it to be quite similar to Prisma Cloud in terms of features, although the interface has a different look and feel. I have been informed that Snyk is considerably cheaper compared to Prisma Cloud.

I would rate Prisma Cloud by Palo Alto Networks a seven out of ten, primarily due to the need for improvement in identity-based micro-segmentation and cloud network security. I appreciate the potential it offers for deployment, but the new module has yet to reach a point where we can effectively reduce risks.

All the cloud environments existed before Prisma Cloud came in. I don't believe we can build many things using Prisma Cloud, except for implementing guardrails. For instance, we can secure these workloads, but it will take time for them to be fully developed. The scanners, such as the infrastructure as code scanners that Prisma Cloud can certainly check, are capable of performing static and code analysis, among other tasks. However, I don't think Prisma Cloud is designed specifically for that purpose.

Prisma offers risk clarity from a core security perspective, but it does not cover the entire pipeline. To cover the entire pipeline, we would need to utilize a SaaS or DaaS tool. Prisma Cloud cannot serve as a substitute for those tools.

I used to primarily work with cloud-native services. So, I would leverage cognitive services across all three clouds. That was my main focus initially. However, now I have started using other tools such as Snyk and various reports. Additionally, I have also recently started using CSPM. I'm not entirely familiar with all of them yet, but I have been working on them since the beginning.

No maintenance is required from our end.

In terms of use cases, we had a single client. This client belonged to the insurance sector here in India, specifically a large insurance chain. We discovered that they had migrated to a cloud environment and had some security controls in place. However, they lacked expertise in understanding the threats associated with the cloud. From a resource and organizational perspective, they didn't possess the necessary skill set to implement a comprehensive governance framework. This client operates within the insurance industry, regulated by the Insurance Regulatory and Development Authority in India, which has revised some pipelines for the current financial year. The IRDA also serves as a regulatory authority for Indian banks. As a result, the client needed to strengthen their controls, particularly those with higher significance.
Their objective was to implement a few security controls to successfully pass an upcoming audit. We recommended that they integrate Prisma into their infrastructure. This would allow them to generate reports promptly whenever required and help fine-tune existing policies or guide the infrastructure development team in implementing new ones. Prisma would scan the entire infrastructure and provide the best recommendations. It was a challenging use case in terms of implementation, as only a few clients were familiar with Prisma's capabilities. Prisma is a cloud service that enables the hosting of applications and infrastructure.

We wanted to address vulnerabilities that we identified from a logging and monitoring perspective, which is why we implemented Prisma Cloud.

If we discuss a multi-cloud environment or a multi-fleet architecture or implement it as a fleet architecture, Prisma Cloud offers comprehensive functionality. It enables us to obtain complete reports or scanning reports from the tool on an enterprise scale. However, this process takes time. Although it is completed within seconds, if we have a larger infrastructure with multiple running instances, the tool will require more time. Nevertheless, the resulting report will be accurate and provide a comprehensive perspective.

In terms of a multi-cloud environment, our observations indicate that if we implement and configure Prisma Cloud with Azure and AWS, the tool performs well. On the other hand, when performing checks on AWS and GCP, the tool exhibits better performance on AWS. It does not meet the same standards on the GCP side, but it remains accurate. Azure is compatible with AWS and shows promising results. Additionally, we are currently conducting tests on the Azure environment.

Regarding the entire infrastructure, whether it follows an SAP model, PaaS model, or a previous model based on infrastructure, our testing has yielded positive results, particularly when using the SaaS model. AWS achieves 100 percent accuracy. From larger clients to smaller ones, even within internal GCP corridors where Prisma is connected, they are effectively protected.

Prisma's security automation capabilities are straightforward. We need to ensure that we have a clear understanding of our intended automation actions before proceeding. I was engaged with a company in the oil and gas sector that utilizes AWS infrastructure. They adopted Prisma Cloud and we implemented some automation. During testing, the alerts were satisfactory. However, in subsequent attempts, vulnerabilities were detected after the automation was executed. I wouldn't describe it as difficult, but rather as tricky.

Prisma Cloud assists us in adopting a proactive approach to cloud security. It provides us with a comprehensive view of areas that require fine-tuning. This perspective encompasses not only governance and threats but also the overall security landscape.

Prisma Cloud helped us reduce manual effort by up to eighty percent. It fine-tuned policies and implemented security controls for the cloud, including threat and vulnerability management. We no longer need to manually review these aspects. However, we still receive recommendations for mitigation. Prisma Cloud suggests actions to take from a governance and security perspective. For example, if we have an open port that is not in use, it advises disabling it. Previously, I or my team would spend around ten to twelve hours a day fine-tuning Azure or AWS services by accessing different dashboards. Now, with Prisma Cloud, we can accomplish all of this through a single console. We simply log on to the Prisma Cloud console and configure the services. Prisma Cloud integrates all the services and provides us with recommendations for remediation. As a result, our effort has been reduced by eighty percent since implementing Prisma. We were able to see all the benefits within a year and a half.

Prisma Cloud provides the 100 percent visibility and control we need regardless of how complex or distributed our cloud environments become. By utilizing Prisma Cloud, we have significantly reduced our manual effort to nearly eighty posts. Having everything consolidated on a single console greatly enhances the efficiency and productivity of our team. Moreover, from both a practical and financial perspective, it is undoubtedly a more advantageous approach.

Prisma Cloud offers risk clarity in real-time throughout our CI/CD pipeline infrastructure.

Prisma Cloud has reduced runtime alerts. I have only seen two alerts.

Prisma Cloud has reduced alert investigation times.

Prisma Cloud has saved our larger clients around $100,000 per month.

Prisma needs to regularly update itself because there are regulatory compliance requirements that have already been published, yet they have not been integrated into Prisma. This poses a challenge as we have to manually address these issues in our use cases.

We have discovered that Prisma is not functioning properly with GCP. I am unsure if this is due to the security policies being implemented by Google. There are restrictions in place, but from a GCP perspective, the security scanning is quite limited.

The deployment is a tricky task as it requires thorough configuration checks. There was a scenario where we discovered that the deployment had already been completed. However, during integration, we encountered a configuration issue. As a result, the logs from the cloud area were transformed into incidents, resembling an actual security breach. This caused concern among my team, and we were under the impression that an attack had occurred.

Palo Alto offers a different product, and they have introduced Prisma Cloud for a specific purpose, particularly for individuals who are new to the technology. The idea is, for example, to provide a single platform for accessing various Over-the-Top platforms for watching web series or movies. Instead of purchasing multiple OTT platforms, the concept is to offer one comprehensive platform. By paying for a single platform, users can obtain a subscription for services like Netflix or Amazon Prime, without having to spend thousands of dollars individually. Prisma Cloud follows a similar approach, which is perfectly acceptable. Consider the scenario where a client, using Microsoft or Azure environment, desires to use a third-party tool instead of investing in Microsoft Defender. In this case, Prisma Cloud comes into play. However, at some point, they may realize the need for Microsoft Defender as well, which would cost them a significant amount of fifty thousand dollars. To avoid such expenses, the idea of offering a complete package to the client arises. 

This complete package enables the client to use a single tool for scanning, obtaining reports and even automating the fine-tuning process. Consequently, the client can invest fifty thousand dollars to obtain the complete package, rather than searching for and purchasing three separate products, which would cost a significant amount of dollars. The complete package offers the same functionalities at half the price. From a product perspective, it is crucial to integrate certain services that assist clients in deciding to invest in Prisma Cloud. In the Indian market, where we have observed our clients, there is a lack of awareness regarding Prisma Cloud and its functionality. Clients are primarily concerned with whether Prisma Cloud can simply scan their products and provide recommendations. They question whether they can perform these tasks manually or use cloud-native services. This perspective influences the clients' decision-making process.

I have been using Prisma Cloud by Palo Alto Networks for two years.

The stability of Prisma Cloud depends on how the infrastructure has been configured specifically for that tool, taking into account the load and architecture of our infrastructure. The tool responds well in small-scale infrastructures, functioning perfectly without any issues. However, in larger environments, I have not encountered any crashing or lagging problems but the time it takes to scan the infrastructure varies depending on its size. 

Prisma Cloud is 100 percent scalable.

I contacted technical support during deployment because we encountered some challenges. The support was excellent, and the conversation went well. It was crucial to address the issues promptly because the entire infrastructure was at stake due to its complexities. We were uncertain about the potential impact of deploying a new tool in the infrastructure. Unfortunately, we faced some issues at one point, but they were resolved within the designated timeframe.

Neutral

As an organization, we possess certain tools, some of which have been developed in-house. However, it is important to note that no tool can be entirely relied upon, as perfection is unattainable. Some abnormalities have arisen and subsequently been addressed. Our main focus in the previous year was on utilizing cloud-native tools. We are now using Prisma Cloud and also looking at Citrix.

The initial setup took some time. It was not straightforward. For a few of the clients we have implemented, it will be straightforward. However, in our organization, it conflicts because we have certain lines of business and restrictions, so it took a bit longer. The deployment took around one month and required 15 people.

In general, Prisma Cloud is much cheaper than cloud-native services.

We are having conversations with Citrix to evaluate their solution.

I rate Prisma Cloud by Palo Alto Networks a nine out of ten.

We are the aligned partner for Prisma. We recommend the same tool to our clients, and the entire team is actively involved in training on the Prisma Cloud. In my interactions with various clients and stakeholders, I have noticed that some of them are not familiar with Prisma. However, they prioritize security and want to secure their cloud infrastructure. While some clients may not have the capability to use cloud-native tools, based on my observations, most of them are gradually transitioning to the cloud infrastructure and showing interest in the Prisma Cloud.

From a cloud security standpoint, and specifically as an organization, we are not bound by any specific domain. Our focus lies in securing the infrastructure from the client's perspective. For instance, consider a client who is new to the cloud and has migrated their infrastructure. If we do not have any governance measures in place for this scenario, our recommendation would be to opt for the comprehensive package offered by Prisma Cloud. This ensures that in the future or upcoming days, the client won't need to explore numerous other modules. However, it is worth noting that some clients may prefer to use separate modules. In general, we tailor our governance, security, and threat detection solutions to meet the specific requirements of each client. Internally, we provide a complete package.

In the current scenario, where my team is performing the migration for Prisma Cloud or the deployment area, we haven't yet tested the tool. We are planning to proceed with that testing. However, based on our discussions with the Prisma partner, they will integrate some functionalities because, in the DevOps environment, we haven't achieved the expected results. I wouldn't claim it's a hundred percent comprehensive, but based on our discussions and experiences so far, it's still a work in progress. We have conducted two tests, but the results haven't met our expectations.

From a DevOps standpoint, the CI/CD pipeline is still undergoing testing. I'm unsure about the time it will take, but initially, we are testing what we have learned from a CI/CD standpoint and a DevOps standpoint. We are currently investigating the best course of action and how we can integrate effectively. In some of our engagements, clients are requesting the integration of Prisma Cloud to optimize their DevOps area when deploying. However, currently, from a KPM perspective, this task is still manual. From a development standpoint, it will require time. It won't be accomplished in a single day or month, but rather, it will take time. This is because the configuration is still in progress. Moreover, from a security perspective, there are certain areas where we are uncertain. For instance, when considering GCP, it presents a gray area where we have been unable to identify any solutions from Prisma's standpoint. However, we need to determine how to effectively integrate the GCP infrastructure within the field.

Prisma Cloud can scan and monitor, depending on how it is configured. It can also trigger alerts, but it cannot stop an attack.

Prisma Cloud is maintained by Palo Alto.

Prisma Cloud will undoubtedly assist organizations in comprehending their infrastructure and identifying areas of uncertainty. The solution will streamline and minimize manual efforts. Users can obtain the comprehensive report with a single click, eliminating the need to access various services to retrieve logs. I highly recommend Prisma Cloud as it is cost-effective, and user-friendly, although its configuration can be a bit challenging.

We specialize in all Palo Alto modules, including visibility, compliance, governance, threat detection, data security, and hub security. Our comprehensive suite of services covers all aspects of these modules. We leverage the SaaS security product for advanced threat detection, and for all-encompassing monitoring, we utilize Cortex XDR from Palo Alto.

Many customers store sensitive data in on-premises data centers and require robust security measures. Prisma Access licenses can protect internal networks, but some customers prefer avoiding internet exposure. To address this, we offer gateways that create a secure environment for internet access. With the rise of remote work, we provide VPN connections, such as GlobalProtect, for secure access to both internal and external resources. Customers can deploy multiple gateways in different regions to meet their needs. Traffic flow typically involves a VPN connection to a gateway, followed by routing through internal service connections and potentially a data center firewall before reaching the desired resource. For external access, traffic is routed directly to the internet through the VPN.

Prisma Cloud offers comprehensive security across multi and hybrid cloud environments. For instance, our ADEM tool, considered industry-leading, requires installation on user machines to enable continuous monitoring of all ADEM-equipped users. This includes detecting anomalous activity outside the corporate network and tracking user online time, providing valuable insights into network usage.

Security automation and EA Ops significantly reduce manual configuration and management tasks compared to previous methods, saving valuable time. Now, we only need to configure a few minor details rather than handling everything. For instance, with service connections and gateways, we don't have to manage multiple VPN gateways; Palo Alto is managed on the backend. Our primary responsibility will be monitoring after initial tunnel creation. We've preconfigured connections to on-premises firewalls, whether third-party or Palo Alto, eliminating manual configuration. Automation is in place, and we'll only need to purchase licenses. The autonomous system further enhances automation for all processes.

Intune security automation has significantly reduced our costs, making us more financially efficient making us more financially efficient. Automation is now highly valued as it eliminates the need for engineers to configure and manage systems manually. With AI-driven automation, we can effectively monitor configurations through a dashboard, providing a complete overview. This automation simplifies tasks like creating BGP connections, which previously required complex CLI commands. Prisma Access Palo Alto's GUI interface automates tenant creation with minimal input. Integrating Prisma MDM and Palo Alto device deployment further streamlines the process, reducing manual intervention. Overall, this automation saves money and frees up engineer resources by eliminating time-consuming configuration tasks.

Palo Alto Networks is a global leader in cybersecurity, providing top-tier protection to its customer base of over 90,000. Traditionally, customers relied on on-premise hardware firewalls, but the shift towards cloud-based solutions has driven a demand for more flexible and cost-effective security options. In response, Palo Alto Networks offers cloud security solutions that leverage its existing global device infrastructure. Customers only need to purchase licenses to activate cloud security features, tailoring protection to their specific needs for internal, external, or network environments. For customers seeking complete independence, Palo Alto Networks also provides interconnect licenses that eliminate the need for a service connection.

Customers do not directly purchase Palo Alto products or deploy them into production. Our professional engineers provide a lab environment for customers to test any desired Palo Alto services, from essential Prisma Access to advanced cybersecurity solutions like SaaS security and Cortex XDR. Once customers are satisfied with the lab environment, they can deploy the chosen products into production. If they encounter any issues during deployment or operation, the support team promptly addresses them.

I have resolved numerous customer issues, closing over 400 or 500 cases globally. While many cases can be resolved within a week, some complex issues may take up to a month. Palo Alto Networks aims to provide timely support for all customer issues, regardless of severity. When a customer encounters a VPN connection problem, they can create a case with varying priority levels. Critical cases are assigned to engineers immediately, with hourly updates provided to the customer. If the issue persists, the case is escalated to senior resources. Prisma, a relatively new platform, is constantly being monitored for bugs. Any issues identified are addressed promptly and communicated to customers. Our goal is to deliver exceptional support services.

Prisma Cloud offers complete visibility across our entire environment, from end users to the data center. We'll have full control and oversight within a single unified portal, eliminating the need to juggle multiple platforms as often required by other solutions. Prisma Cloud provides dedicated applications for various functions, such as SaaS security, threat and vulnerability management, cloud identity engine, and log analysis. These applications work seamlessly together, automatically connecting through APIs once deployed and licensed. For configuration management, the Strata Cloud Manager handles Prisma Access and Prisma SD-WAN. This centralized approach allows us to efficiently manage multiple aspects of our security infrastructure within a single platform.

Prisma Cloud offers SaaS security and data loss prevention as separate features requiring additional licensing. Both can be managed through a single portal. For threat prevention, they provide Cortex XDR, a recent cybersecurity offering from Palo Alto. When combined, we have a single tool to protect all of our cloud resources and applications.

Prisma Cloud helps reduce the number of runtime alerts. Users will only receive live alerts generated when Prisma detects an issue within the environment. For instance, if Prisma Access observes an attack, it will generate a live alert visible in the startup cloud manager's dashboard.

Prisma Cloud effectively reduces the overall number of alerts by prioritizing them into categories: critical, high, medium, low, and informational. Less critical warnings are consolidated into the informational category, minimizing alert fatigue. Critical alerts persist until resolved, and recurring issues can be configured to trigger email notifications for proactive monitoring, ensuring timely attention even when engineers are unavailable.

Prisma Cloud offers significant cost savings for customers. Previously, customers managed multiple firewalls, including internal and external devices. With Prisma Access, this complex management is eliminated, as Palo Alto handles firewall management. Customers configure and purchase a license to access gateways for end-user connections. This eliminates the need to purchase expensive individual firewalls, which can cost billions. While customers retain visibility through a provided portal to monitor traffic, the primary benefit is the streamlined management and cost reduction achieved through Prisma Cloud.

Visibility and control are valuable features. Customers desire complete oversight to monitor resource access, both internal and external, and verify user activity. ADEM, a purchasable license, enhances network visibility by tracking traffic patterns and identifying potential threats through a dashboard. Our Strata Cloud Manager platform unifies Prisma access and cloud management, while also accommodating next-generation firewall administration. The dashboard provides in-depth visibility into threats and vulnerabilities.

Prisma Cloud's most valuable feature is its user identification capabilities. By integrating with Active Directory or LDAP servers, it efficiently manages user access to cloud resources. Previously, determining user access required multiple hops through internal resources, consuming significant bandwidth. Prisma Cloud's Cloud Identity Engine directly connects to identity providers, streamlining user authentication and authorization. This improves performance and security by eliminating the need to constantly query Active Directory. Additionally, Prisma Cloud offers full visibility into network threats and vulnerabilities through a unified dashboard, reducing the need for multiple tools and licenses. This centralized approach enhances threat detection, response, and overall security posture.

The speed at which Palo Alto resolves bugs should be improved to prevent customers from experiencing issues while waiting for resolutions.

Palo Alto Prisma Cloud is relatively new, with only three years of history. While the documentation continually improves, it still has limitations compared to the extensive resources available for older products like hardware firewalls, which have been around for approximately 20 years. Despite these shortcomings, Prisma Cloud's documentation is growing, and knowledge base articles can be helpful for troubleshooting issues.

I have been using Prisma Cloud for two years.

The quality of technical support varies depending on the issue a customer faces. High-priority cases demand immediate attention and daily follow-up to prevent customer frustration. I have resolved hundreds of Palo Alto cases, including critical ones. These cases require engineers to provide half-hourly updates and expedite troubleshooting. A recent critical case involved a customer migrating Panorama configuration and experiencing Prisma Access account verification issues. The initial engineer engaged with Prisma Access but encountered licensing problems. I escalated the case, collaborating with licensing and engineering teams to resolve the API-related issue and restore service. While such cases are time-consuming due to limited resources, a global team of engineers can address troubleshooting needs.

Positive

The initial deployment was smooth due to excellent support from Palo Alto's professional services engineer. They provided a clear overview of our deployment needs, considering the customer's two branches and primarily remote workforce. We determined six VPN gateway connections were required, two in the US, India, and Europe, and two branch office connections. Palo Alto created a lab environment, presented the network topology, and demonstrated traffic flow. Additionally, they introduced the split tunneling feature, allowing specific traffic like Google search to bypass Prisma Access and access the internet directly. Overall, the top-tier engineers at Palo Alto delivered exceptional customer service and ensured a seamless implementation.

I would rate Prisma Cloud nine out of ten. I am deducting a point because of the limited documentation.

I work for a monetary provider and handle around five customers. We mostly use Prisma Cloud for CSPN, but we have a banking customer using CWPP. 

Apart from those two use cases, the other customers are not interested in Prisma Cloud's other functionalities because they're green and already have other solutions with partners that they say are more mature. We have not implemented them in the customers' production environment, but we have toyed around with proofs of concept.

My organization is not primarily a customer. We don't use it a lot because we're a security company that mainly provides customers with solutions using this. That said, visibility is the most significant benefit for our clients because some are so large that they're unaware of what they have. 

They don't have adequate governance over expenses, security, and the parts of the network that are communicating. Prisma Cloud gives them reports that will provide instant insight into what's there. A new feature creates a visual map of networks and communications in the discovery part. It's excellent because you can instantly visualize everything. That's one feature that all the customers appreciate.

It performs well in complicated cloud environments. You only need to add your cloud account credentials. Most of the time, Palo Alto recommends using a full admin account for a service account accessing the tool. The tool works just as well, regardless of the company size. That's one of Prisma's biggest strengths. No matter how big you are, the tool can see everything.

Prisma Cloud can scan any cloud provider. We currently use Prisma on GCP, Amazon, Azure, and Alibaba. We also have Oracle, but I haven't used it for Oracle yet. This is crucial because some customers aren't proficient in managing multiple cloud environments. They only need to go to Prisma Cloud and see what they have because the team managing security is not the same one developing the solutions. 

Prisma offers a single pane of glass that lets you do most of what you want in one place. It's not only configurations but also knowing what you have, and your assets are doing. That's the main selling point of Prisma Cloud. It provides you with visualized reports, whether it's in the cloud, live serverless, containers, etc. 

I haven't toyed with CAB personally, but I think you can do that because you can scan images and deployments. I wouldn't say it gives you a lot of value in that regard because most of the CI/CD issues are application-level problems that Prisma Cloud or any other tool wouldn't help you with. Regarding security, you can deploy agents during the integration deployment and gain complete visibility with total memorability that you might introduce in the pipeline. Still, I think it will be a tiny part of the pipeline.

You will not see the problem if you're running an OGs application. While the developers can pinpoint the issue with the information provided, it will never relate to a piece of code and solve it. No tool can tell you exactly which part of the application is the problem, but a tool can identify which process has a vulnerability. Apart from that, many developers have issues finding the root cause of the vulnerability. When it's a library-related vulnerability, the TVD tells you to use another library or play the library. When your own code has the vulnerability, it's hard to pinpoint that.

Prisma provides a lot of information. You can see real-time alerts and forward them to JIRA or whatever tool you use with API or TVD. It also offers anomaly detection. If an administrator is logging in at weird times and doing strange functions, this tool can notify you about them. The anomaly detection is a correlation engine. You seldom get false positives. When it is a false positive, it's something you would expect. The only times I got a false positive were when the administrator forgot the password and tried logging in 50 times. At that point, they just need to contact support and change the password. 

Prisma has massively reduced our alert investigation times. It's 50 times quicker. Without this tool, we must dig up AWS logs, and the format isn't too accessible. The difference between using this tool to investigate an issue compared to a cloud-native solution is two hours versus two minutes. Digging up two logs using Ctrl-left is not the best approach, and it's the only approach cloud providers give you. 

The solution saved us because it helps us turn off idle machines. Most are machines we have turned on, and we didn't know what they do, but we didn't want to turn them off. Prisma Cloud lets you see the communication flows and the asset's actions on the communication map. If you see a device not communicating, it's easier to investigate what it's doing. Sometimes, it's a device generating reports at a particular time. You can schedule it to turn off when it's not active to save money. You also save money by spending less time solving your issues.

Doing cloud compliance without this tool would be impossible because cloud solutions are huge and highly complex. SOS compliance requires that you provide reports in under 24 hours. That's not possible without an automated tool like Prisma Cloud and the CSPN module. You would need to purchase Prisma or a competitor. It helps a lot because some customers have weird compliance requirements, and you can do it all on Prisma Cloud.

You can create custom compliance configurations according to your customer's needs and set Prisma up to provide the reports every 24 hours. In fact, you can do reports in 10-minute intervals or in real time. The client can access the dashboard and see if they're compliant. C-level executives in any company love that. 

The most valuable features are the alerts and auto-remediation because it allows us a lot of flexibility to customize and do functions the Palo Alto team never intended. We faced some challenges with certificates because we also have next-gen firewalls. We would like to equip all the traffic because there have been many cases in which the developers have made mistakes. Deploying certificates on virtual machines can be complex in a development environment, but we managed to do that with Prisma Cloud.

Prisma performs well in a fully cloud-native stack if you run several layers and Kubernetes. It's not so smooth if you migrate VMs into the cloud. Some customers try to do that with Prisma Cloud, but it's not compatible with Windows Server. However, you can deploy serverless containers without issue. You must deploy personal cloud agents into the virtual machines. The agents are called defenders. That module is excellent because you can see communications and vulnerabilities across your environment. It can also scan for malware. It tries to do many tasks at once, say the value it provides is the ability to see communications between devices.

The agent can block the traffic trying to exploit the vulnerability, but it can't fix the problem. That's on the application level. Most of the time, you give the application development team the vulnerability report, and they fix the issue, but Prisma protects you in the meantime. You can sleep well knowing that the agent is blocking the malicious traffic.

They recently added a module called Code Security that enables you to scan repositories or infrastructure as code. You can see concept errors like CSPN problems before the deployment. In tab use cases, it's excellent because you can see if there are misconfigurations in Terraform without having to deploy the instance or whatever you are deploying. That can save you money because sometimes people are deploying machines with problems that are easily fixable. It also improves security because you can fix a vulnerability before you have it with Cloud Security, but that's a rather new solution.

The IMD feature could be improved, but Palo Alto is working on that. It's a relatively new module that attempts to identify unnecessary permissions. Prisma Cloud is a platform that adds new modules whenever Palo Alto acquires a company or develops a new solution. The development team is trying to add new features. It also has Click Code Security for infrastructure security, but it doesn't add much value unless your DevOps team is really junior.

While Prisma provides a lot of visibility, it also creates a ton of work. Most customers that implement Prisma Cloud have thousands of alerts that are urgent. It creates a high workload initially. Apart from that, it solves the problems you have. Palo Alto says that 99 percent of breaches come from misconfiguration. I have seen that first hand. I think the fewest alerts a customer had was around 100 still, but they used another tool for that, so that saves a lot.

I have been working with Prisma Cloud for about 15 months.

Prisma's stability is close to 100 percent because it's just a dashboard that connects to your public cloud. It's essentially a website that never goes down, and you could also host it locally if your security requires it. Most of the customers use the Prisma Cloud platform. If it goes down for any reason, the security agents work independently of Prisma Cloud. You send logs to Prisma Cloud and update the configurations via the cloud. However, if the platform goes offline, you still have top-notch security.

As long as you purchase credits, Prisma Cloud is easy to scale.

I have never contacted Palo Alto support because our team is highly proficient in the solution and the platform is easy to use. You deploy the agents, and it just works. 

It's straightforward to deploy the solution because it's cloud-based, so you just set up an account, username, and password. If you think about it, the Prisma Cloud tool does not do much, but what it does is valuable. It does something simple on a scale that human beings could not do. 

Based on my own experience, I would I rate Prisma Cloud a ten out of ten. However, I haven't compared it with other solutions, so maybe other solutions have more features that Prisma is lacking. My advice is to implement Prisma if it has the features you want but also shop around because I'm sure other solutions are just as good as this one.

We use the compliance and vulnerability management modules. We are a bank and have certain controls in place. My business unit is cloud-only, and we need to enforce controls, and for audit purposes, we need to collect evidence of control enforcement. We have a number of controls around cloud resources. We configure Prisma to enforce those controls pretty automatically. Prisma generates evidence of the controls that we can present to auditors when we are audited. If we didn't solve this problem, we could lose our license.

It's hard for me to say how Prisma has improved our organization because it was implemented before I joined. But given the number of security controls that have been automated with Prisma, we have managed to achieve a fair amount of manual cost reduction for our control testers. And the automation and integration capabilities of Prisma have allowed us to save a lot of engineer time on evidence. Without Prisma, we would have to do all these things manually. Overall, it results in a huge FTE reduction.

With the number of controls that need to be tested, we would be talking about a team of around 100 people. With the Australian salaries, Prisma is probably saving us $1,000,000 to $2,000,000 a year.

The framework to configure controls is pretty good; it's pretty sophisticated. We can implement a fair amount of testing for a fair number of controls.

It's vulnerability management is quite good, and its integration functionality is something that we have found to be pretty capable.

We also use Twistlock for container security, which is good.

And Prisma Cloud's security automation capabilities are quite good. We use the periodic scanners, and we feed Prisma filings into our control evidence management system. They tick all the boxes for us.

One thing that is missing is Cloud Run runtime security—serverless. That would be great to have in the tool. It's not that easy to have Cloud Run in specific environments.

We have also found that Google Security Command Center has a little bit better coverage for GCP because it's native. That's why we pay for both tools. But ideally, we should only need one tool. Prisma Cloud's coverage of GCP is okay, but a little better coverage would be better.

Our cloud environment is complex, and Prisma doesn't cover all aspects of it. We don't rely on Prisma for any kind of security discovery. We just rely on it as a control-test and automation tool.

We get a few alerts in Prisma, and it allows us to trace any violations back to the source. It's a pretty straightforward interface.

Another thing that we have found useful with Prisma is its Jira integration. When our integration finds a new alert, it creates a ticket in Jira, so it's fully visible and tracked, appearing in all the dashboards.

I joined this branch of the bank six months ago, and Prisma is my portfolio now.

It's stable enough. I can't remember any outages of Prisma Cloud.

It's a SaaS service and is licensed both for our team and for the enterprise. On our side, there are 1,000-plus user licenses. We have five or six integration points, so in that regard, it's not humongous.

We are growing extremely quickly, and Prisma Cloud provides all the required services without any need for us to do anything to scale. It's pretty elastic. We'll probably grow by 10 times in the next couple of years. So far, I don't have any doubts that Prisma will support us.

I've never dealt with their technical support. Prisma Cloud just works.

Our bank itself is huge and uses all sorts of solutions. My business unit is quite young, it's only three years old, and I don't think there were any solutions in this space.

Deploying it was pretty straightforward compared to other tools. We implemented a fair number of compliance rules pretty quickly. I recently participated in some integration activities, and integration-wise, it was very straightforward.

As for maintenance on our side, there really isn't any. We periodically need to review the controls being tested and the control automation, to make sure that they're aligned with changes in the controls. Other than that, it's pretty maintenance-free.

We have managed to save a fair amount of money and effort in hiring manual testers. That's what automation does for us.

I wouldn't mind if it were cheaper. We are spending a fair amount of money on Prisma Cloud. It's probably okay, but, funnily enough, banks don't have money. Periodically, we have cycles of cost-cutting, so if we could save on Prisma Cloud, that would be great.

We don't use Prisma for build and deploy, we use another set of tools. Right now, we are doing our internal due diligence to figure out if we can replace all of those with a single tool, whether it's Prisma or any other tool. We don't know at the moment.

It's very hard to attribute any kind of runtime alert reduction to Prisma Cloud as we use a whole zoo of tools. Prisma is just one piece of the puzzle. We don't have too many runtime alerts thanks to the joint work between our build tools, deployment prevention security tools, and Prisma.

While it's a good tool, you need to be mindful of serverless because serverless runtime security is tricky and, unfortunately, Prisma doesn't do too much there. Other than that, it's a good tool.