Prisma Cloud by Palo Alto Networks Reviews

My company provides solutions for Cisco customers and helps them secure their cloud environments. Most of our clients are adapting to the cloud, and we're trying to resolve vulnerabilities in their configurations. I use all of the Prisma Cloud modules but have expertise in the CSPM and CWP modules. We work with SMEs but also have some enterprise clients. 

Using Prisma Cloud has improved customer satisfaction. Our customers are happy with the solution and the level of security we can provide with this. Prisma can secure a cloud-native development cycle. We can configure Prisma to run a scan before we build the images. 

Prisma is known for its visibility and comprehensiveness. It provides insight into our entire inventory of assets and everything happening in our multi-cloud or hybrid environments. We want to know all the services working in our environment and who is accessing them. 

It provides a single tool for protecting all cloud resources without the need to reconcile compliance reports. All of our reports come into Prisma's CSPM module via the APIs. It's easy to get the reports coming into CSPM. We can get the inventory, asset, and alert reports containing all of the alert notifications coming into the CWPP and the reliability and compliance. It has enhanced our overall reporting experience. We can do a deep dive into alerts from various integrated third-party applications and get alerts sent via email or SMS text to keep track of any incidents in our environment.

My favorite feature is the CWPP module. We can define various kinds of rules for vulnerabilities, incidents, or suspicious activities. Prisma Cloud covers various cloud providers, including AWS and GCP. It covers every cloud on the market. 

Many customers in finance, healthcare, and other industries are adopting cloud or hybrid environments. Some of them are using GCP, AWS, and Azure services together, and Prisma is compatible with all of them.

Prisma's ability to protect a fully cloud-native stack is comprehensive. We benefit from Palo Alto's technical knowledge, training sessions, and learning programs to develop robust solutions for our customers. Prisma's automation features are helpful. We can set up automated remediation, messaging, and alerts. The CSPM module can be automated directly, and we can automate runtime rules in the CWP module. We can also automate some code scanning. 

Prisma is integrated into our CI/CD pipeline through the CWP module. We can load the images into Azure DevOps and scan them for vulnerabilities or compliance issues. We can block the vulnerabilities or disable the application so it cannot run with the vulnerabilities in place. 

Runtime alerts are among the best capabilities. In CWP, we have to block malicious or suspicious activities to stop the incoming attacks against our workloads. Using various templates, we can reduce our runtime alerts by 60 to 70 percent. 

I have some challenges customizing and personalizing some of the capabilities in the CSPM in terms of new policies and services. We have to reconfigure and rebuild the CSPM.

I have used Prisma Cloud for around three years. 

I rate Prisma Cloud nine out of 10 for stability. 

I rate Prisma Cloud nine out of 10 for scalability.

I rate Palo Alto support 10 out of 10. They come and help us a lot. 

Positive

Deploying Prisma Cloud is straightforward. We received some training from Palo Alto's technical team. The deployment time varies depending on the client and the modules you deploy. It may take a few weeks or a couple of months. After deployment, Palo Alto handles the maintenance. They notify us by text or email when there will be a scheduled maintenance window. 

I'm not involved on the financial side, but I know that Prisma Cloud isn't cheap. 

I've seen some other solutions with CSPM and CWP capabilities, but they do not have the same coverage of multi-cloud or hybrid environments. That's an area where Prisma stands out from its competitors. 

I rate Prisma Cloud 10 out of 10. 

We use the solution to monitor and manage our various cloud environments, providing complete visibility in a single platform. We also use it for configuration, network, and anomaly monitoring. On the compute side, that's for containers and Kubernetes, so we know when changes are made and whether those changes are approved or within our required security controls. 

The platform has yet to become part of our CICD pipeline; we mostly use it as a security tool for monitoring and remediation. 

Regarding modules, we use the CSP and the compute module. 

Prisma Cloud helps us take a preventative approach to cloud security. It raises awareness of particular threats. Although it's a reactive type platform in that alerts happen on events that have already occurred, it allows us to take a step back and consider our cloud infrastructure more thoroughly. In this sense, the solution enables us to maintain our posture and current programs. 

The product reduced our runtime alerts by approximately 25%.  

Configuration monitoring and alerting is the most valuable feature; it happens at the cloud's speed, allowing our development team to respond quickly. If a configuration goes against our security best practices, we're alerted promptly and can act to resolve the issue. As cloud security staff, we're not staring at the cloud all the time, and we want to let the developers do their jobs so that our company is protected and work is proceeding within our security controls.

The product provides efficient and comprehensive protection for the full cloud-native stack. It presents its findings in layman's terms; alerts are pretty straightforward as to what's going on and why, whether a configuration needs to be changed, and recommendations on how to remediate.  

We used the solution's security automation capabilities, so in the event of an alert, it can be resolved with the click of a button; we click remediate, and the configuration is changed to the recommended status, which is very helpful. However, we use automation sparingly, as we usually have to coordinate changes in the cloud with development teams or through change control. Our typical usage is for completely forbidden scenarios, such as publicly accessible storage containers. We fix that by clicking remediate, then follow up with the team to determine if that was intentional. Sometimes, although accurate, the recommendation may break something else if there is a compensating control in place. So, automation is helpful but not overly used. 

For the most part, the tool provides the visibility and control we need, regardless of how complex and distributed our cloud environments become. Sometimes the platform can be a little kludgy, but we can usually click around and figure it out. Regarding confidence in our security and compliance postures, I don't know how anyone could have a cloud presence without some form of CSP, and I'm delighted with Prisma.   

The solution provides risk clarity at runtime and across the entire pipeline, showing issues as they are discovered during the build phases. However, we still need to utilize this feature to 100%.  

The UI could use some improvement; we usually find the information we're looking for, but what fields can be clicked on and what workflow to follow to get the required information is not always evident. Sometimes we're all over the place, clicking around to drill in and uncover the alert and investigation details we're looking for.

We've been using the solution almost continuously for around five years.

Prisma Cloud is pretty stable; it's a great product, and I'm happy with it.

The platform constantly evolves regarding new features and functions, which can sometimes be a little overwhelming, but it's very scalable. It's just a matter of familiarizing myself with those functions and features. It's the type of tool that is constantly improving, and its scalability suits our environment well.

The customer support is excellent and helped a lot during the deployment process. I rate them nine out of ten. 

Positive

I demoed other solutions but never actually used or implemented one before Prisma.

The initial setup is pretty straightforward, though some of the documentation is convoluted. The support is good, though, so getting someone on the phone or an engineer to respond via email or meeting is easy. The setup was straightforward, and the support was excellent. If I had the permissions to set up the cloud-side integrations, it would have taken a day, but I had to rely on the availability of other staff members, so it took about a week.

The platform is relatively new and expensive, so it's hard to put a number on it. However, the amount of man-hours saved by it easily uncovering some of the flaws in our security posture means it definitely saved us money. 

The product is very expensive, but the cost is a necessary evil; I don't know how we could have any kind of cloud presence without this type of monitoring. The pricing is calculated by module and resource usage. Ultimately, it saves us money in the amount of time we would spend uncovering what it uncovers, and we might not make the required discoveries without it anyway. Prisma offers incredible value, though I wish it were cheaper.

People argue that there are native tools within the various cloud environments, but nothing that streamlines from a timing and comprehension perspective for small security teams. If you don't have a dedicated team of 20 staff, Prisma is the tool you need. I don't know any company that does what they do or how they do it.

Native tools may uncover a misconfiguration, but for a multi-cloud environment, you have to be proficient with multiple different tools, none of which tells the whole story. Prisma pulls in all the data and gives you everything you need to know in one platform. It also pulls in extra data, including network traffic, anomaly traffic, configuration data, and vulnerability data, so you can correlate that information and make an educated decision as to what's going on in the environment, and what needs to be changed or addressed.

I evaluated Lacework, Sysdig Secure, and Illumio Zero Trust Segmentation, though I see them more as Veracode than CSP competitors. I didn't find any products that compare to what Prisma Cloud does.

I rate the product nine out of ten. 

My advice to those before implementing the platform is to do the integration yourself if you have the time, are IT savvy, and have the necessary permissions. It only requires a little time, a few days to a week at most, and there is great value in doing the integration yourself rather than paying for their support to do it. Onboarding the solution will provide an understanding of how it communicates with the cloud environment, how roles are associated and created, and how the remediate feature functions. It's important to go through those steps rather than paying someone else to do it; you'll save money and understand how the tool does what it does, which is essential in utilizing it.

Regarding the solution securing the entire cloud-native development lifecycle across build, deploy, and run, we have yet to use it that way, not to say that we won't. This feature is a relatively new part of Palo Alto's CICD deployment, so we haven't used it yet.

Prisma Cloud provides a single tool to protect all our cloud resources and applications, without managing and reconciling disparate security and compliance reports to about 70%. However, we have yet to utilize the tool to its full capacity.

I am in a services company. My company is also a partner of Palo Alto, so all the Palo Alto products have been tested, researched, and deployed at least three to four times by every engineer in my team.

It is being used for posture management. We have many users coming from many locations. All of them are having the same experience and all are secured. We used to use CASB which is a solution for authentication. This solution is in line with CASB. It helps to ensure that data protection is fine and all the data is coming properly. We can see whether there are any leakages or vulnerabilities. We can check all these aspects of security with this solution. All this is configurable. It is a web-based solution.

Our company is a vendor. If customers want, they can purchase solutions via us. We then take care of the physical box as well as the configuration. We manage the physical as well as the logical. In the case of Palo Alto, it is all logical. We can even code for a customer if the customer wants to upgrade their existing cloud setup, migrate to a cloud setup, or bring in a new setup. It is our bread and butter. We are one of the leading sellers of Palo Alto solutions.

Prisma Cloud helps reduce vulnerabilities. The number of vulnerabilities is less. If you have 1,200 vulnerabilities, after implementing Prisma Cloud, the number is drastically reduced to 500. That is one of the key advantages of using Prisma Cloud. You can see its benefits within a month.

Prisma Cloud helps to identify all the vulnerabilities in modern scenarios. For traditional scenarios, we have enough products, but a solution like Prisma Cloud helps to identify vulnerabilities in containerized environments and modern traffic scenarios. It helps with run-time security and east-west traffic.

Prisma Cloud helps secure the entire cloud-native development lifecycle, across build, deploy, and run. I would rate it an eight out of ten for this.

As an enterprise architect, I seek three capabilities from a solution. It should be preventative. It should be corrective, and it should be detective. Prisma Cloud is good in these aspects. I would rate it an eight out of ten for these capabilities.

Palo Alto DSPM's discovery and data classification processes are comprehensive. I would rate it an eight out of ten for comprehensiveness. For data security, we have a DLP solution. We have a separate solution. We never use Palo Alto for that.

Palo Alto DSPM provides us with insights into the content it has discovered. It also provides automated discovery of new data assets as they onboard and a prioritized list of all the data security posture issues in our environment.

The security provided by Prisma Cloud is important for our customers, especially for our banking and finance customers. We are a service company. We never use any of these products. I am a security architect. I am the one responsible for assessing and finding the right product and then deploying the product with the help of my engineering team.

Prisma Cloud definitely reduces complexity. We can see the issues or vulnerabilities that have been there for a while. We get good clarity on why they have been there and how to resolve them. Palo Alto is very good at this, and they make complex work quick and easy.

Prisma Cloud drastically reduces the number of vulnerabilities in the organization. There can be 60% to 70% reduction. It also depends on the industry again. For the web-based industry, where the company is providing solutions through the internet, such as share market or banking companies, it is very helpful. Production companies rarely use online solutions. 

With the reduction in vulnerabilities, the security cost automatically reduces. There is an indirect impact on an organization's cost.

It is user-friendly. It has a good look and feel and reporting structure. It provides a single pane of glass. These are the things that I like.

There should be some kind of automation, AI incorporation, and bot system. All these would add value. For example, AI should be able to detect all related viruses based on one virus. That will be a great invention. 

I have been using this solution for about five years.

It is stable. I would rate it an eight out of ten for stability.

It is scalable. I would rate it an eight out of ten for scalability.

Their support is very good. I would rate them a nine out of ten.

Positive

I have worked with Trend Micro Deep Security, Singularity, and Lacework. There is a new vendor called Orca Security. They are phenomenal. They can even beat Palo Alto.

Prisma Cloud is better in terms of cost, GUI, and look and feel. There is a single pane of glass and very good reporting.

Its deployment is straightforward for me. It is deployed across multiple geographies and departments. We mainly work with enterprises.

We have some stringent processes for getting the system to a perfect stage and ensuring that it is running properly. It takes at least a month. We do all sorts of testing, and then based on our test outcome, we configure everything in the right way. After that, we consider the data shown in the report as official.

Prisma Cloud is one of the top solutions in the market. When customers ask for alternatives, I recommend Trend Micro Deep Security, Singularity, Lacework, and Orca to them. I provide them with a detailed comparison, and then customers make the decision. I help customers with architecture design, decision-making, vulnerability assessment, and penetration testing. I also help them compare vulnerabilities before and after implementing a solution.

There were some cases where we struggled with some customer requests such as related to zero trust. We were struggling to configure that. They thought that this product also supported zero trust. We then had to tell them to buy the Prisma Cloud CNAAP solution. In many cases, we also moved them from DSPM to CNAAP.

As a security professional, I would not suggest automated remediation. That is because we need to see that automatic remediation does not impact anything else. We have a team. We register all the vulnerabilities and threats, and then at the backend, we do the testing to ensure that remediation or automated remediation will not create any other problems. As soon as we get that assurance, only then we do the fix. This is a requirement from the customer side, especially from the banking and finance organizations. Because everything is crucial, we do not configure automatic resolution for any of the issues.

Overall, I would rate Prisma Cloud an eight out of ten.

Currently, we use Prisma Cloud by Palo Alto Networks in my company for our clients who operate in the finance and banking teams and want data, network security, and posture management for the cloud infrastructure.

The solution has improved our organization, and I believe that it is a continuous process to protect you in any environment. Prisma Cloud gives you an overview of what gaps are in their environment, but how they are going to be solved depends upon the client, especially the security gaps. Prisma Cloud by Palo Alto Networks gives 60 to 70 percent of the overview, which the client ignores in their infrastructures. The tool provides users with a better overview of what is going on in their infrastructure.

The most valuable features of the solution are areas like compliance and asset inventories, along with runtime protection.

The tool's UI is an area with certain shortcomings where improvements are required. With the cloud protection and UI, the tool should have the option to download the data for the vulnerabilities. One should have the option to download detailed data about vulnerabilities in the host. The tool should have a guide or a knowledge base document. The tool should specifically provide a guide about the solution's UI, which can be helpful for clients.

Sometimes, it does provide an error, or I can say that when we integrate our infrastructure cloud with Prisma Cloud, we face some issues. Most of the time, the integration issues are not due to Prisma Cloud but from the client side.

The tool's support team needs to improve.

I have been using Prisma Cloud by Palo Alto Networks for two years. My company has a partnership with Palo Alto Networks.

Stability-wise, I rate the solution a seven out of ten. I rate the stability at a seven, considering the time we needed to get the data from DSPM. Most of the time, when the client requires data, it is not available. At other times, it requires a lot of time to get the data. It also requires time to import data from the cloud as per our requirements.

It is a scalable solution. Scalability-wise, I rate the solution a nine out of ten.

My company's clients are medium and enterprise-sized businesses.

The solution's technical support team doesn't reply on time. There is a gap in communication. The solution's technical support team doesn't have enough engineers to handle the cases. The support team wants us to work as per their time, so it is not according to the clients’ needs and time. I rate the technical support a six out of ten.

Neutral

I got a chance to work with CrowdStrike and SharePoint, but I never got the project since the client did not give me a chance.

The product's initial setup phase is straightforward. For the deployment phase, we just need some minimal data from the cloud to be able to integrate with Prisma Cloud. Just in case of custom issues, there are some points where we faced some issues with the deployment, but it was basically from the client side as they had multiple policies deployed on AWS and Azure Cloud, making it a little difficult for Prisma Cloud to integrate. In general, it is easy to integrate anything on the Prisma Cloud.

For the product's deployment phase, one cloud admin from the client's end and one from my company's side, one person is required. Two to three people are required to take care of the deployment.

The solution can be deployed in a matter of days.

Though the company's clients have multiple tools, they were not able to integrate all of the cloud accounts in a single SIR tool, which is why we had to use Prisma Cloud by Palo Alto Networks to monitor all of our company's clients' cloud accounts.

The solution provides security scanning for multi and hybrid cloud environments, but it does not provide the details about the product that provides the security. Most of the time, it just provides an overview of the security gaps. In real life, I didn't see any of the scenarios where it is protecting our company's infrastructure. Clients are sometimes not ready to use runtime protection for the Prisma Cloud because they don't want to take any risks in the production environment.

The comprehensiveness of Prisma Cloud for protecting the full cloud-native environment involves network protection. The most important thing is network security, and the second is IAM security, which is important for the banking team. I see that the tool has a large number of containers. Deployment and pipeline security are the main areas for the banking sector. Our clients don't use much of Prisma Cloud by Palo Alto Networks because it contains complexity, and the UI is not user-friendly. There have been multiple cases of their client complaining about the UI. From the standpoint of the client, the tool is too complex.

Speaking about the tool's help that allows users to take a preventative approach to cloud security, I would say that based on the asset inventory, we check the details about the assets and the number of assets. Secondly, we go through the alerts, which consist of IAM and the network security rules. Following the severity, like critical, high, or medium, we first resolve those issues and take steps monthly. The alerts that are generated monthly should be resolved only in that month.

After the deployment, it took three to four months to notice the value derived from using the solution, from my point of view and experience.

The discovery is good. The discovery provides details about the assets and the data, along with the data inside the infrastructure and about the infrastructure. There are some issues because if only about the data, it does not give out any issues for the user and instead gives more information about the infrastructure and some within the infrastructure.

Palo Alto DSPM did not discover much data existing outside of our company's official IT systems.

The solution provides insights into the content that has been discovered, along with some detailed information.

I cannot reveal the type of insights into the content that the solution has provided because our client would not want our company to open up about such details.

The insights into the content have affected the data security operations since following the compliance provides and helps clients regulate their security. It also prevents data breaches. The data breaches open up whatever data can be opened, and it helps clients to determine what data they need to secure and how. Speaking about data security posture, our company's clients take steps to resolve any issues because they want to save their reputation, especially in scenarios involving hacking.

It took around two to three months to see the value derived from the use of the product.

The tool provides an automated discovery of new data assets as they get onboarded. It does take one to two days on an average basis to show all the data.

In terms of whether the solution provides a prioritized list of all the data security posture issues in our company's environment, I can say that as soon as the assets are discovered, Prisma Cloud starts scanning and does all of the data security scanning. It does not take much time, and it can be done in four to five hours. If it is a large-scale infrastructure, then it can take an average of eight to ten hours.

I have not used the solution's connectors for the SOC's DDR solution to help automate remediation since the plant where it is used did not integrate Prisma Cloud with the same tools they use, with one of the reasons being that Prisma Cloud overflows the alerts, and they did not want alerts to overflow with their production in an SIMP environment.

The solution provides visibility and control regardless of how complex or distributed the cloud environment becomes, but when it comes to getting the data from the UI shown to the upper management, things do become complex because the tool doesn't have many options to import or export data.

I cannot say that the solution has reduced all the alerts by prioritizing the ones that have the most impact on sensitive data. The alerts that were critical and high, have been resolved by the team, while also taking care of areas involving IAM and networks.

The prioritization of alerts in the tool has affected our company's operations, and from my point of view, right now, I am able to show my CIS and the upper management team what steps we have taken and how the issues that are there as per the alerts have been resolved based on the critical, medium and high severity basis. I can say that 60 percent of the issues have been resolved as per the alerts. It gives me the flexibility to provide details to the management team that we are on track to provide security to our infrastructure. It gives me the flexibility to provide data to management for some time. As the environment grows, it generates a lot of alerts, and it takes time to resolve all of them.

The solution does not require any maintenance, and one just needs to make sure that the tool is up to date.

Based on my experience, I would recommend Prisma Cloud because I have hands-on experience with the solution. The integration is easy. The tool provides visibility in the infrastructure and for the alerts about the security gaps, the tool provides precise details. Talking about the new app in the tool, I would say little improvements are required. The tool is quite informative for me, but from the client side, it does require some improvement.

If someone has a large infrastructure, I won't recommend Prisma Cloud to them. If they have medium and enterprise, then I will recommend Prisma Cloud to such people because it can handle and, as per the working out of the tool, it can change the details about the small-scale, medium-scale, and enterprise businesses, but not for the large scale enterprises.

I rate the tool an eight out of ten.

We use Palo Alto to secure our network.  We are using the PA-820 firewall and all of the Prisma Cloud modules. It helps reduce our vulnerability to hacking and any malicious attacks on the network. With that appliance, we can minimize those things and control what goes in and out 

We have reduced network calls by 80 percent. The benefit of Palo Alto is the ability to create security across multiple levels and protect against hacks and vulnerabilities. You start to see these benefits within one or two days after implementing these devices. 

We are also using a honeypot to detect a target on our site. Once we have the target, we are blacklisting those using the firewall. The solution has reduced our investigation times by about 50 to 75 percent. It minimizes the alerts, so we're seeing fewer.

I like Palo Alto's threat protection and Wi-Fi coverage. It has advanced features like DNS security and sandboxing. The automation capabilities are excellent.

The UI could be improved.

I have been using Palo Alto for almost eight months.

Palo Alto provides good support and doesn't take long to resolve an issue. 

We previously used Cisco ASA. We decided to switch because we wanted to adopt a UTM approach in which all the logs and reports go to a single dashboard. Everything is visible in Panorama, which comes with the Palo Alto appliances. We need to purchase a separate license for Panorama, but it's there. 

There are many competitors, such as FortGate, but Palo Alto is better. FortiGate has some advantages in terms of throughput. You can get better throughput if you enable all the engines in parallel. However, I've heard about Fortinet devices being compromised, but I've never heard of that happening with Palo Alto. 

I rate Palo Alto Prisma Cloud nine out of 10. Everything is neat, clean, and easy to use. However, when you commit changes through the UI, it takes some time to load on every system. 

We have cloud security posture management and CWPP.  We are also using Cortex, another Palo Alto product. We needed another cloud security tool to create an additional security layer on our CSPM solution. It's essential to secure our infrastructure against any zero-day attacks. 

We needed a cloud security tool to identify misconfigurations in our cloud infrastructure. We were using AWS Cloud Cover since we only had one cloud provider. We onboarded the SysTrack and were able to find the most configurations. In a short period of time, we detected the issues and got alerts.

Before we implemented Prisma Cloud, we were unable to detect misconfigurations based on the policies that we set up. Prisma has that capability. You can add custom policies, and the tool can handle the reconfiguration. 

You can also get feedback from the customer's side about custom policies that can be added on Prisma. We can see the custom policies contributed by other organizations, which has upskilled my knowledge. The primary benefit is the layer of security added to our other infrastructure. 

We started seeing the benefits immediately once the solution was fully deployed. After about a month, we could start digesting data into the tool. Then, we started enabling all the features that we secured for other organizations. After around two months, we could use the features and see the things we were unable to detect. We were able to set up remediation on the tool. Other teams like the developers and tech ops were able to get the details over Jira since it was integrated with SysTrack. 

Our development lifecycle was already prebuilt, and Prisma has absorbed it. There's nothing that Prisma doesn't cover or that isn't reported to the organization. The developers are able to see best practices for any type of resource. They secured training from the product team, and Palo Alto's developers attended it. They shared their knowledge base so we could make the right decisions about resources before making any changes to the AWS cloud.

Prisma can provide solid visibility even if your cloud infrastructure is complex. It can divide the infrastructure into different parts to give you visibility into vulnerability management, configurations, or workload protection. It doesn't matter how complex your cloud infrastructure is. Prisma can digest it and provide the right guidance.

Prisma was able to quickly integrate and onboard our account. As a fintech company, we need a cloud security tool with modules that can benefit the organization. It has a feature that gives you recurring reports for a specified period. 

The solution is handy for the team that handles the Jira tickets because it enables them to automate the tickets. We had to add them manually in the past, so Prisma has absorbed a significant chunk of their workload. It helps us to discover risks throughout the pipeline using the CWPP features. You can quickly identify a misconfiguration and resolve it. In addition to the features it adds, Prisma has helped us to solve tickets faster.

It creates an alert in under a minute. The software team receives this and notifies the owner of the resource within five minutes and resolves the issue according to the SLA. It helps us resolve zero-day cases. It would cost us a lot of money. Prisma helps us to resolve those issues promptly. 

I like Prisma's ability to integrate with other tools. We can integrate it with Jira so that when Prisma triggers an alert, it opens a ticket in Jira. That was a big selling point for the product. There's a feature called the guest custom template that allows you to trigger alerts in Jira based on the template. That can also be added as a feature on Jira.  

Prisma can work with multiple cloud types and hybrid environments. We use AWS, but Prisma also offers hybrid or multi-cloud features. You can onboard AWS, Azure, GCP, or any other cloud provider. You can do more with Prisma than basic cloud scanning. It can detect and handle misconfiguration on the local network or the cloud. 

The solution can control access and automate some tasks. For example, if any automation needs to be built on any of the API calls, we can have a consolidated page for any processes that need to use the API. You can use the APA. Once you establish console access, you can build automation and integrate it with Prisma.

The CSPM module has so many features for developing a preventative approach that you don't need to look to any others, but the IAC security module lets you store infrastructure as code securely. You can scan an IAC template from a tool like Terraform and compare it with the CSPM modules. 

I have one example of a threat that Prisma proactively prevented. In 2021, Prisma discovered and resolved a Log4J vulnerability shortly after it was introduced. 

It would be nice if Prisma Cloud merged its modules for CSPM and infrastructure as code. It would simplify the pricing and make it easier for customers to evaluate the solution because there are different modules, and you need to add it to your subscription separately. 

Overall, Prisma is continuously improving. They do feature requests by allowing the users to vote on things. If a recommendation receives enough votes, they will add it to the solution. 

We have used Prisma Cloud for two-and-a-half years

Prisma Cloud is stable. I've never experienced any downtime aside from the scheduled maintenance window. 

Prisma Cloud is scalable. You can add a hundred master accounts more than on the SysTrack Lab.

I rate Palo Alto support nine out of 10. Their product team has been helpful. I just had a conversation with them. They answer all my questions even if it's after hours. When you send them a message, you get a response in a minute or two. 

Positive

We had previously used PingSafe. I feel like switching to Prisma was the right decision. PingSafe lacked multiple features that Prisma has. After we did our PoC with Prisma, we found that these features added value to our cloud infrastructure security. Once we switched, we noticed an improvement at the management level. We also reduced the number of data tickets that we needed to manually create.

In the first phase, we did a PoC, and the initial deployment took around a month. We worked with Palo Alto's customer success and technical teams. We worked closely with them in the first year, but after that, our deployment was highly mature, so we didn't need to bug them so much. All of the implementation steps were provided by email. Two members of our team were involved. 

Prisma is a cloud-based solution, so it requires no maintenance on our side once it's deployed. Maintenance is handled during a scheduled window, and they send us advance notification the day before.  

Prisma costs a little more than our previous solution, but it has more features. Our previous solution lacked the features we expect from a CSPM tool.

We didn't look at anything else once we learned about this product and did a PoC. And once we evaluated Prisma, we discussed it internally with our team and made the decision to book it. 

I rate Prisma Cloud nine out of 10. If you're considering Prisma, I suggest starting with a PoC. Consider all the features and go for the ones that are suitable for your organization and add value. You could adopt the solution blindly, but there are some additional costs for the add-ons. 

We use it for mobile access, and we probably will also adopt a direct connection to our small branch offices across Europe.

Prisma Cloud has improved the response time and the availability of our applications on-premises and on the cloud for our users in many different countries in Western Europe, Eastern Europe, and the United States.

We use it for our mobile users. Prisma Cloud is a very strong and robust platform that improves endpoint security. The COVID-19 pandemic made us realize that we should be able to permit more or less 50% of our employees to work confidently and securely from home.

Prisma Cloud provides security across multi-cloud and hybrid-cloud environments. We already have developed a direct connection between the Prisma Cloud platform and the Azure Cloud solution. We also have integration with the AWS cloud where most of our servers are now located. It was absolutely a strategic choice for us.

We have decided to adopt almost all the security features that Prisma Cloud offers, such as DNS security, threat prevention, vulnerability analysis, anti-phishing, email, and so on. We did not use Prisma Cloud for security automation capabilities. We have a very specific application for the OTC environment, and we prefer to maintain this environment completely separate from the other world of traditional information technology applications.

Prisma Cloud helps with cloud security, but we are also managing security at many different levels. We have endpoint protection, firewalls, SIEM, and log collectors. We also have dedicated probes that work silently to discover any anomalies, such as zero-day threats, that could be there. We have a Palo Alto firewall, and this cloud solution also has some predefined level of security managed by the cloud provider.

Prisma Cloud provides the visibility and control we need, regardless of how complex or distributed our cloud environments become. We can very quickly and easily analyze the clusters, the connections, and so on. We have very good control over the data flow and any possible security problems. It increases our confidence in our security and compliance postures.

About 50% of our people work from a private network, not inside the company. The protection of the endpoints is more difficult than the protection inside the office. Prisma Cloud can elevate the level of security for people who are working from home or are traveling to another country and so on.

Prisma Cloud provides us with a single tool to protect all of our cloud resources and applications, without having to manage and reconcile disparate security and compliance reports. Prisma Cloud is used by remote users that are working from home, and that is it. It makes our operations easier.

I have daily evidence of any possible new threats that could appear. I get to know how often a threat was blocked and from which client these threats were blocked. We can then very quickly contact the user if there is a compromised endpoint.

Prisma Cloud sends the email and data to the administrative IT staff in case a very severe threat appears. So far, we have not received any alerts related to severe threats.

Prisma Cloud has reduced a lot of our alert investigation time. We have perfect visibility of every single connection from our colleagues who are working from home, a hotel, or any other place. We have activated a mechanism by which the VPN connection is mandatory as soon as the end users switch their computers on. If I have a severe alert, I could investigate the related bad behavior and node in 10 to 15 minutes.

We found it to be easy and flexible. We could easily configure it for our needs, and we could spread the Prisma Cloud platform to 16 countries without encountering any kind of problem.

It can be too expensive for small companies.

In terms of features, I wouldn't add anything specific. They did a major improvement in the field of reporting. It can automatically produce statistics on usage and so on. This aspect was not very well developed at the beginning of the project, but now, there is a very big improvement in this specific field. Reporting is better than the previous versions, so at the moment, for our needs, the solution is good enough. We might need something in the future, but at the moment, we are not asking Palo Alto for any new developments.

We have been using this solution for half a year. We started the project at the beginning of this year, and at the moment, we have about 2,100 people who use this solution.

It is very stable. The platform is quite robust and available. From the time the project was released to other countries, we received one or two tickets for a sporadic problem for some users.

We have 4,000 licenses. We have Prisma Cloud in 16 different countries with a total of about 2,100 people. We do not have a large presence in the Extreme East or Middle East, but we have people connecting from Europe and also from Russia. It works perfectly.

Its usage will increase when there is a new acquisition or there is a new office somewhere in the world. 

The customer support is good and professional. I would rate them a ten out of ten.

Positive

We did not use any similar solution before. We adopted the same VPN technology based on the on-premise firewall that we already had, but there was a very big consumption of bandwidth. It was sometimes a little bit difficult to manage a high number of remote users, and this problem was completely solved by Prisma Cloud.

I was involved in its deployment. It took us about nine months to implement it.

In terms of the implementation strategy, we started with deciding about the site of our company that should be directly connected to Prisma Cloud. We produced an inventory of the applications and identified whether they are located on-premise, on Azure cloud, or on AWS cloud. We then started to configure the server and endpoints inside Prisma Cloud. We established the service connection between the site and Prisma Cloud, and we started to develop the solution for the end users. We selected a subset of users. We selected about 100 people from different departments in different countries to be sure that the solution was working properly in every country and every application environment.

We received very professional and qualified support from both Palo Alto technicians and a platinum partner that normally assists us in developing Palo Alto technologies.

We had two people from Palo Alto for implementation. We had one senior engineer and one junior engineer from Palo Alto. We had two engineers from our partner. We did not have a lot of staff.

In terms of maintenance, Prisma Cloud is subject to periodic updates, and we follow what is required by Palo Alto. For maintenance, we have a colleague of mine and one person from our partner.

It was a good investment because now we can manage so many remote users without any problems.

The platform is not famous for being cheap. It is quite expensive, but we know that we have the protection, so there is enough value for what we pay for. It is worth the money.

It takes more or less nine months to realize its benefits.

This solution is good for a company with at least 400 people that must be connected remotely. For smaller companies, it can be too expensive.

There are no costs in addition to standard licensing. We pay based on the number of users. We have 4,000 user licenses, and we use more or less 60% of our licenses.

We evaluated solutions from Cato Networks and Palo Alto. Because we have quite a large installation of Palo Alto's firewall and in-depth knowledge of this technology, we decided to adopt Prisma Cloud.

I am very satisfied with Prisma Cloud, and we do not have any plans to change to anything else. I am confident that we will retain this solution for a long time.

Overall, I would rate Prisma Cloud a ten out of ten. We have received very positive feedback regarding this solution. I would recommend it to others.

We are a Palo Alto Alliance partner and our clients are Fortune 500 companies. We utilize a multi-cloud network architecture, with the primary constraint being the inability to manage everything through a single interface. By implementing uniform guardrails, we address the issue of inconsistent security policies when using native cloud security controls. This is one of the key considerations. Additionally, we employ micro-segmentation using cloud network security modules of Prisma Cloud to minimize the attack surface for various workloads.

The primary use case that was lacking was a single pane of glass. Additionally, prior to implementing Prisma Cloud, we used to manually perform these tasks using AWS CloudFormation Templates or Azure Resource Manager Templates. However, Prisma Cloud helped us address this issue by providing a unified administration interface. One of the problems we faced was the inability to view vulnerabilities across different cloud workloads and compare risks across different platforms. These were the challenges we encountered before deploying Prisma Cloud. While we didn't completely solve all of them after implementing Prisma Cloud, we did make significant progress in that regard.

Prisma Cloud offers security scanning for various cloud environments. In some client environments, there is only a single cloud, so the fact that Prisma Cloud can scan multiple clouds doesn't make a significant difference. These clients have a limited presence in the cloud, with few workloads or resources deployed. Consequently, it doesn't provide substantial value in such cases. However, for large companies, manufacturing companies, or companies with significant IT intellectual property in the cloud, with multiple tenants and a widespread cloud presence across different regions and replication, deploying a solution like Prisma Cloud becomes necessary.

Prisma Cloud enables us to adopt a proactive approach to cloud security. It goes beyond providing visibility and monitoring capabilities by offering a wide range of auto-remediation features. It provides numerous security controls and the ability to enforce commonly configured guardrails, primarily in monitoring mode. It is a comprehensive product that caters not only to detection but also prevention.

Prisma Cloud has helped reduce the number of people required to support or manage these cloud platforms, especially in terms of security. So now, instead of needing three different individuals to manage three different clouds, it may be possible to use just one resource to handle all three clouds, particularly focusing on security. This approach facilitates resource reduction, which is especially beneficial for clients operating within tight budgets. Additionally, there's the advantage of having a single pane of glass, where we can access various informative graphs, charts, and reports. These resources assist in explaining technical matters to non-technical leadership, making it easier to articulate concepts and insights to executives and other non-technical individuals. Personally, this has been helpful for me and our organization. The benefits for clients vary depending on the size of the environment. Personally, when we started using Prisma Cloud as an offering, it took two and a half to three months, which was the rough estimate. However, back then, not all the modules that are available today existed. So those numbers might have changed if all the modules were available at that time.

Prisma Cloud offers the visibility and control we require, regardless of the complexity or distribution of our cloud environments. Since it is built on top of these existing clouds and utilizes many of the services provided by large-scale cloud platforms, there is typically no issue with visibility. Regardless of the complexity of the environment, we always achieve visibility. The way we store and analyze the data, as well as how we visualize information, depends on the operator of the tool. Prisma Cloud is a reliable tool that never fails.

Prisma Cloud enables us to integrate security into our CI/CD pipeline. We primarily use it for the container. We have integrated image scanning and registry scanning into our CI/CD pipelines, specifically Azure DevOps. The DevSecOps team is responsible for managing this process.

Prisma offers us a unified tool that safeguards all our cloud resources and applications, eliminating the need to handle and reconcile separate security and compliance reports, with the exception of billing costs and management. From a security perspective, we haven't encountered any other reports for the majority of our clients. While a few clients may have additional requirements, Prisma Cloud efficiently handles all of those as well.

Prisma has reduced runtime alerts.

Prisma has reduced the time required for alert investigation. We now have a comprehensive understanding of the entire lifecycle of where things went wrong or which part of the runtime or execution for a specific process went wrong, particularly in terms of security.

Prisma Cloud has saved us money by reducing resources. 

Cloud security posture management is the preferred feature among other vendors.

There is room for improvement on the logging and monitoring front because it's still not as holistic as I would want it to be. Especially in the sense that we have different modules within Prisma Cloud, but then the visibility that we get from the output of each of these modules cannot be stitched together. Perhaps we could deploy something like a SIEM or SOAR platform to get this telemetry. As of now, we are lacking that part. So now I'm sure that was not the primary intent for that. It would really make a difference if Palo Alto Networks improves this.

The identity-based micro-segmentation in our cloud-native services requires a significant improvement. It fails to address many of the problems that its predecessor used to solve. Previously, there was identity-based micro-segmentation, but it was phased out, reaching its end-of-life and end-of-support. Now, we have cloud network security, which lacks a crucial feature that IBM used to offer. This is something we strongly desire, as we have had multiple discussions with Palo Alto regarding this matter. I am uncertain if there is a roadmap for implementing this feature, but the cloud network security module requires a substantial upgrade.

I have never encountered any challenges regarding any modules. Occasionally, they do undergo planned maintenance outages, but those are well-communicated in advance. Therefore, I don't consider them to be challenging. Prisma Cloud is reliable, and I would rate its stability at nine out of ten.

I would rate the scalability of Prisma Cloud as an eight out of ten. The only concern lies not with Prisma itself, but rather with the existing client environment. Many clients have flawed infrastructures, making it challenging to achieve the level of optimization required to fully realize the benefits of Prisma Cloud. However, this issue cannot be attributed to Prisma.

We extensively contacted technical support because we used to experience numerous issues. However, our main purpose is to inquire about additional capabilities and make minor tweaks. The tech support provided by Palo Alto is excellent, without a doubt. This could be one of the reasons why Prisma Cloud is relatively expensive. 

We are an advanced partner, rather than an end user, which grants us easier access to technical support compared to clients. However, based on feedback from our clients, their technical support is exceptional.

Positive

The initial setup is straightforward. In the beginning, we used professional services for a couple of clients but now we do it all in-house. 

The implementation is completed in-house.

From a security standpoint, we have significantly enhanced our client's security posture by implementing Prisma Cloud. However, we still need to assess the return on investment. While we have achieved notable resource reduction, it remains uncertain whether it has yielded a better long-term ROI.

Prisma Cloud is remarkably expensive. Not everyone can afford it, without a doubt. Although we don't directly sell the product, we occasionally engage in reselling certain components, and it requires significant effort to make sales. There's no denying that it's expensive.

I evaluated Snyk, which is a competitively priced product. However, I personally am not very familiar with how it works or the benefits gained by the different clients I've worked with, as I haven't had much experience with it. I conducted a couple of use cases and found it to be quite similar to Prisma Cloud in terms of features, although the interface has a different look and feel. I have been informed that Snyk is considerably cheaper compared to Prisma Cloud.

I would rate Prisma Cloud by Palo Alto Networks a seven out of ten, primarily due to the need for improvement in identity-based micro-segmentation and cloud network security. I appreciate the potential it offers for deployment, but the new module has yet to reach a point where we can effectively reduce risks.

All the cloud environments existed before Prisma Cloud came in. I don't believe we can build many things using Prisma Cloud, except for implementing guardrails. For instance, we can secure these workloads, but it will take time for them to be fully developed. The scanners, such as the infrastructure as code scanners that Prisma Cloud can certainly check, are capable of performing static and code analysis, among other tasks. However, I don't think Prisma Cloud is designed specifically for that purpose.

Prisma offers risk clarity from a core security perspective, but it does not cover the entire pipeline. To cover the entire pipeline, we would need to utilize a SaaS or DaaS tool. Prisma Cloud cannot serve as a substitute for those tools.

I used to primarily work with cloud-native services. So, I would leverage cognitive services across all three clouds. That was my main focus initially. However, now I have started using other tools such as Snyk and various reports. Additionally, I have also recently started using CSPM. I'm not entirely familiar with all of them yet, but I have been working on them since the beginning.

No maintenance is required from our end.