I work with various modules, including CSCM, CWP, Code Security, and NS.
We use the solution for day-to-day activities, from onboarding accounts to deploying Defender to creating rules to monitoring incidents. It's used for alerts and monitoring of what happens on the workloads.
Our customers use the solution to try to meet their compliance standards, and for audit purposes. It helps create policies. SmartCloud itself has around 2,000 policies. It can cover compliance standards around banking, for example, around workloads and data. It helps align with governing bodies' compliance standards. We can create custom policies and anyone can create workloads.
There are many modules that have various capabilities. We can look at the misconfiguration of cloud resources, for example. They can help with compliance as well. We get notified and get data alerts and this is automated. However, we can manage items manually as well.
It's good for monitoring your environment for AWS.
For visibility, we can create one service account.
Regarding the assets, regarding the alerts, we get all the data. It's great for our cloud security posture and management.
It's cloud-native and is used in major cloud environments. With it, we can monitor clouds like AWS, DPP, Azure, Alibaba, and Oracle. This is important. Many customers work with various key cloud providers. They often have their resources across different cloud providers and all resources must be protected and monitored. With this product, we can monitor all the things even if they are on different clouds - and it can be done on one platform.
The most valuable aspect of the solution is the computing part.
Prisma Cloud makes it easy to host virtual machines and cluster environments like container Kubernetes. It does this while providing a single dashboard, from which we can monitor all of the workloads and perform vulnerability scanning.
It's very good at helping us take a preventative approach to security. Many bans are using it as a cloud security tool based on the level of prevention they offer.
It supports the multi-cloud environment beautifully. If there is any kind of anomaly, it helps alert you to it. If there are malware or brute force attack attempts, it will report that. We can both monitor and audit the system. They have their own out-of-the-box configurations or we can customize them to create our own monitoring and auditing policies.
The solution provides us with data sessions to help gain visibility of workloads in various regions. For example, if there is a workload created just in the US region, we can see that. It will give an overview also. It supports all kinds of workloads, from host protection to Kubernetes and container environments. It even provides support for the Oracle Kubernetes environment.
It ensures that nothing impacts operations. It will block vulnerabilities or implement fixes.
The solution provides the visibility and control you need regardless of how complex or distributed your cloud environments become. It's very easy to see the entire security posture from every angle - region, data, compliance, et cetera.
We can integrate it into our CI/CD pipelines into existing DevOps processes. We can integrate via APIs or code. When a developer is in the code and integrating, if there's a vulnerability present, or a misconfiguration, it will scan and provide data. With Terraform templates, we can create a lot of instances. With one Terraform code, we can create hundreds of instances.
The solution helps developers go to very specific locations, to exact areas, at which point they can perform fixes.
Overall, it provides us with a single tool to protect all of our cloud resources and applications. It's got the best features for web applications and ETL security. By enabling data, we can monitor whatever is deployed on the cluster or on the IT environment. It provides risk clarity across the entire pipeline. For example, the vulnerability explorer gives you a view of the top critical vulnerabilities. That way, developers can see what the priorities are for what needs fixing.
It reduces runtime alerts. They provide us with a runtime alert console. It's also reduced alert investigation time. By clicking right on the investigation, we get all the data, including the source IP and any kind of suspicious detail in the workload. We can quickly go ahead and block IP as necessary.
We're able to directly integrate alerting to tools like QRadar.
The solution has helped our customers save money. They don't have to go ahead and hire individual experts for different areas like AWS and Azure. Having everything separate can be hectic and expensive. This is centralized. YOu don't need different teams. With its user-friendly interface, you only need one or two resources to monitor the whole cloud environment.
Prisma Cloud introduced some new permissions so we have to go and manually add that permission. It is a little bit hectic. If someone onboards single accounts they have to go through each account in that IIM role, and they have to manually add that permission. It's a manual job that takes time. It would be ideal if there was some sort of automation involved.
In scanning, it does not provide runtime protection.
The licensing could be better. You need to deploy an agent and it would be more convenient if it was agentless, which should be possible. With agents, you are consuming the same amount of credit, yet it does not provide the same amount of features. The automation needs to be improved and included in terms of AWS onboarding. For Azure, it's good, however, with AWS it requires manual intervention.
Sometimes we do get false alerts. That should be improved.
I've used the solution for around one year.
The solution is stable. There is occasionally some downtime.
The solution has been scalable.
Technical support is strong. They have different levels of support, critical, high, medium, and low. For issues rated as a high priority, they provide assistance within one to two hours. Lower priorities may take 24 hours.
I did work with a different product previously. Often, other solutions do not have as much visibility. AWS native services, for example, are not able to monitor the workload or data of Azure. You'd need another product for that. Similarly, Defender will only monitor an Azure environment. I have not worked with something that moved across clouds like this solution does.
I've helped deploy the solution for five to six clients.
In the early stages, it's a bit complex to set up due to the fact that it's new and we need to train. We need to give users a session and a POC or demo. So the complexity comes from the training and onboarding, not necessarily from the product itself.
Typically, we can deploy it in one week, and deploying it to any cloud environment would take one to two hours. After onboarding the new cloud environment, we need to create rules and integrate the ticketing tool. That might take two weeks also. There's a dependency with the cloud team in that sense, since, if you are going to integrate anything you need to schedule a call. If Defender is included, we need to deploy it manually. We'd also decide what is being automated.
The solution does require some maintenance. On the portal, it would show whenever some maintenance is needed or if they are updating their versions. There may be maintenance downtime. The maintenance is provided by Palo Alto itself. We'd notify the customer if they need to be prepared for some downtime.
Customers have witnessed a good ROI based on the ability to create and customize multiple policies. It helps them meet compliance and auditing requirements.
I don't know the exact cost; that's handled by another team. However, my understanding is that the cost is based on consumption.
It takes a little bit of time to create time to value for the solution. A new customer might not have any idea of a cloud's capability. Some people need training and this might be on a quarterly or monthly basis to get the customer up to speed. Once they are more knowledgeable about the solution, they can utilize its capabilities more fully.
I'd recommend the solution. It's comprehensive for securing the entire cloud-native development life cycle across the build, deploy, and run. It not only provides security protection in the runtime environment - it also covers CI/CD. We can integrate Azure DevOps or any kind of solution like Jenkins.
For new customers, I'd recommend they take on a demo or POC. They can get a one-month license and try it out. Customers can coordinate with partners and see how it would work in their environment. If a customer has a multi-cloud environment, this is a good choice.
I'd rate the solution nine out of ten.