Prisma Cloud by Palo Alto Networks Reviews

We have deployed Prisma Cloud for one of our client premises. And we are managing it internally. Although we do have support and other stuff for this solution, it has two kinds of modes. One is the detect and protect mode, and one is only for the monitoring purpose. There's different licensing. If you need protection from Prisma Cloud, then you will purchase a firewall kind of module with that. Otherwise, by default, it comes in monitoring mode.

It's deployed on all VMs and workloads. With the Prisma Cloud, you can have it on a cloud server or you can deploy it as a stand-alone. That said, the container should be persistent. Otherwise, if you restart the container, you will lose your configuration and everything.

We were doing a deployment for a telecom client, and they have two different application pipelines. One was based in India with the Oracle team. They were developing their own application, so we have also incurred it to the Prisma Cloud in their CI/CD pipeline.

The second use case was to monitor the OpenShift environment. The solution was basically bare metal. Then on top of that, there was OpenStack. It's an on-prem cloud service. We have deployed the Prisma Cloud solution, so it was on top of an open stack.

If there is a large infrastructure involved, you need to run continuous vulnerability assessments. You also need comprehensive reports and complete inventory details. Doing everything manually would cost a lot of human resources. And it can take a long time. This helps automate and control vulnerability scanning that's continuous. It also helps with compliance. If I have to scan something monthly or quarterly, I can do it, and it will run. What Prisma Cloud actually does is that it keeps on doing this activity for you without any required request from the operator side. Its agents are deployed on the infrastructure, on all the components, on all the applications, on all the operating system images, VMs, or the old private cloud environment or your work on nodes. If you spread your agents all over your infrastructure, it'll keep scanning and reporting, and you can see everything from your dashboard. 

We have integrated OpenStack, OpenShift, RH, et cetera. You don't need to integrate every individual part; you only need to integrate the worker node. And once you deploy it on the worker node, all the parts running on that worker node.

Prisma gives you full-fledged posture management. You get detailed insights into all your modules, how they are communicating, and on which ports they are communicating. If there is any unknown port or unknown address, et cetera,  Prisma Cloud can show you the configuration, and the ports. That way, as an architect or product manager, you know through your documentation which application should be communicating on which ports. If there is any deviation from that documentation, Prisma Cloud can see that, and you can get the details for that. 

With respect to virtual protection, it tells you which image, VM, physical server, worker node, or port has what kind of vulnerability. It gives you everything in real time. 

Monitoring mode is great if a company wants to know every single vulnerability and loophole in its infrastructure. It gives you a complete inventory list of VMs and devices within your infrastructure from the dashboard. You can add new policies or elements easily. You just integrate it within Prisma Cloud. That way your inventory automatically gets updated. 

Real-time continuous vulnerability assessment and reporting are key features. It's critical to most large-scale enterprises.

Prisma Cloud provides security scanning for multi and hybrid cloud environments. Sometimes, if we, for example, have some infrastructure on a public cloud, like AWS, then you need to monitor them continuously and you will require the inspector module of AWS. The inspector module is initially free of charge. And after two weeks, they'll start charging you. However, you can just put the credentials or access keys for AWS within the Prisma Cloud and assign the agent to that. It will start monitoring your cloud infrastructure as well with less overhead.

Prisma Cloud provides the needed visibility and control regardless of how complex and distributed the cloud environments become. What you do is you need to open the communication matrix. That communication matrix is the baseline or the product for the Prisma agent or CLIs, to communicate with the Prisma Cloud and share its findings directly. Whatever the agent finds on its local host, it will respond and share it with the Prisma Cloud. 

Prisma Cloud has two types of interfaces. One is towards the Internet to the main Palo Alto cloud environment. The second interface is towards the infrastructure or architecture. Most of the time, the operators focus on the corporate side since their responsibilities are related to that scope. The other side should be automatically updated, similar to how Microsoft. They simply tell you updates have been downloaded and installed, and you need to restart your system. The update processes are transparent. There is nothing manual to worry about.
There are a lot of compliance rules that you can configure. If the product manager knows that there's a new compliance rule, they ensure that the new compliance rule is compatible with their product. Compliance is not an issue, however, rules should be configured. It's just like any other compliance activity. 

Prisma Cloud enabled our customers to integrate security into their CI/CD pipeline. Our client was developing a large-scale application for billing purposes. And Oracle India was involved in that, and there was a DevOps pipeline. We have integrated the Prisma routes to the CLI within their pipeline; it was being handled through Prisma Cloud automatically within different DevOps gateways. It's seamless. Once you integrate it, then it's part of the pipeline, and it's being done automatically just like any other pipeline gate.

Having a single tool to monitor cloud sources has had a positive impact on our customers. Tasks that were headaches have become easier. It's easier to assess vulnerabilities and compliance thanks to automation. 

Prisma Cloud provides risk clarity at runtime and across the entire pipeline showing issues as they are discovered in the build phases. The vulnerability will stay on the dashboard until you fix it as well. It will keep showing you the issue until it is resolved. Vulnerabilities that are identified are documented and stored in the vulnerability management system.

Prisma Cloud has reduced alert investigation times thanks to the comprehensive dashboard. You can directly search for any host you are targeting or go through the entire list and check everything. 

It's helped customers save money in that it's helped them catch vulnerabilities thanks to 24/7 scanning. That helps you fix the issue earlier. If a vulnerability gets through and the company is breached, they can lose their reputation. The same is true if their service goes down - especially in a banking scenario. It can lead to a big financial loss. Having proper security controls and monitors in place mitigates this. 

They have very rich documentation, and everything is very clear with respect to integration and configuration.

It provides a lot of compliance rules. It provides us with around 160 different rules. That way, you can define everything during scanning and the system will keep checking for compliance, which is automated.

One single drawback is that updates are not directly based on push notifications. There is a lot of software that gets updated automatically. Since this is a security product, this product should be automatically updated. Right now, it must be manually updated. I should be able to focus on vulnerabilities and security, not updating.

Delays can be very costly. Even with a minute delay in updating, if an attack is successful, when you have this corrupted million-dollar product, it's useless to you then. That's why updates should be automatically done. 

It doesn't patch your products; it only provides insights into vulnerabilities. It's merely a value-added service for your overall security posture. 

They are missing some compatibility details in their documentation. If I am choosing a product, the first thing I look at before recommending it to my organization, is the documentation, including how it is organized, if their documentation is informative, what information they are providing, et cetera. Prisma Cloud has one issue within its documentation, and that is that it does not provide exact details of every single plugin. I was very concerned about which version of Prisma Cloud was compatible with which version of the solutions we had in our CI/CD pipeline. They need to be more clear. 

The solution is stable and is capable of covering large enterprises. I've never faced issues once I've deployed it. However, if you will be holding the data for the long run, you need to think about storage. That's it.

It's scalable. You can scale horizontally or vertically. 

Their support is not very good.

Negative

I've deployed it from scratch in a containerized environment. I am running a persistent container for Prisma Cloud.

The setup is very straightforward, thanks to their documentation. It's rich and comprehensive. They just don't provide version compatibility.

We deployed the solution in a day.

There is no other complexity in the implementation. It can be anywhere in the VM or any other component of your infrastructure. The agent should be able to ping its Prisma Cloud server. Once that is done, there is no other complexity. You just deploy the agent. The agent will keep updating automatically via the Prisma Cloud, and it will start finding new vulnerabilities. That's it. There are no such complex issues with the Prisma cloud deployment.

The implementation strategy was that we knew for which kind of infrastructure we were going to deploy it. 

There isn't much maintenance needed. The only thing is that sometimes you integrate Prisma Cloud with something that is not supported by Prisma Cloud or documentation does not explain it. In that case, you need to engage their support team. Their support is not very good. 

The solution is very expensive. They must have decided internally not to go after SMEs or startups. They are targeting multi-million or trillion-dollar organizations. Those are the companies that can afford their products. 

We're an MSP; we provide this product to customers. We provide security as a service.

We wouldn't recommend the solution for SMEs or startups. This is for larger corporate enterprises like large banks, fintechs, or telcos. It's good for larger infrastructures that might have legacy controls or devices.

Prisma is not the only solution in the market; there are others as well. It offers good core functionality, and it covers your whole cloud environment. It's a fully-fledged package that can help provide insights into security threats in any kind of development environment, from production to staging.  

I'd rate the solution seven out of ten.

If you are interested in Prisma Cloud, look at your business cases first. If you have a massive, large-scale infrastructure, they should not go into new products blindly.

There are five pillars of Prisma Cloud, including CWPP for workloads and security posture in the basic configuration. We have also been working with application APIs. These are the areas in which I'm working.

Most of our customers are using multi-cloud or hybrid cloud environments, and the problem they were facing was that they didn't have a one-stop shop for managing all the clouds. For example, Azure has something like that capability, but there are some problems and gaps. Every cloud provider says, "This is our territory, and we can only secure our territory." But the whole idea of Prisma Cloud is that it can take any cloud, whether public or private, bring the accounts on board, and after that, everything is managed by Prisma Cloud.

Another problem with Azure is that it has very overwhelming alerts, making it hard to manage them in native Azure. With Prisma Cloud, we have different rules and it is easier and more manageable. It is not overwhelming. We can look at its different modules. If we're talking about identity management, we can go to that module and see the identity. That makes things quite manageable with Prisma Cloud.

When it comes to investigation time, Prisma Cloud has something like 18,000 or 19,000 predefined policies and has remediations as well, so we know what to do or what not to do. It helps reduce investigation time because all those policies are already there. They are the "top" policies, and it provides remediations alongside.

Most of the customers we are tackling have different tools and solutions, like Qualys, Nessus, and vulnerability management assessment solutions. There are plugins for them, and we can integrate Prisma Cloud with them. We can enrich our telemetry with their data and use the predefined correlation rules in Prisma Cloud. That means we have that work done in seconds.

We also like the firewalls.

It also perfectly provides security across multi- and hybrid cloud environments. We use it with multi-cloud environments, and there are five cloud providers supported, including Amazon Web Services, Oracle, GCP, Azure, and Alibaba. Most of the big companies out there are using multi-cloud or hybrid environments, and they share dependencies on different types of cloud.

The basic idea of Prisma Cloud, and what I like the most, is that it is a managed cloud and everything is easy to do. So we can integrate different cloud-native services. We can use solutions like Defender for Cloud, Azure, and Amazon Inspector and enhance our telemetry using these data lakes. Prisma Cloud is the best for integrating with these cloud-native solutions.

The automation is good so far. If we look at the Kubernetes runtime environment, there is good automation for that.

Prisma Cloud is all about a preventative approach, and we can use it for compliance as well.

We can also integrate it into a CI/CD pipeline, and it can scan different images and containers, such as Kubernetes. Also, when we are loading an account, there are some agents that scan as well. There is Lambda for automation, and, in the first phase—the staging environment—we can have our work done. Pipelining is a continuous process, and the scanning takes place in the previous stage only. It runs in a sandbox environment and gives us all the remediations.

Sometimes, credentials are hardcoded. We can use the code security module and correlate with the predefined rules provided by Prisma Cloud. We get alerts, and based on these alerts, we can harden the policies for that code.

And the dashboard provided by Prisma Cloud has capabilities through which we can make alerts visible based on their severity level. We can create a separate dashboard for rules related to medium or high severity. That way, without wasting our time, we get to the medium- and high-level alerts and tackle the things that need attention the most.

The automation capabilities are growing each day, but the problem is that the updates are not that frequent. There are some services on Amazon that have come out with updates, and Azure is also getting up to date. But Prisma takes some time to follow. There's a time gap that Prisma inherits from these clouds. I understand why it takes some time, but that time should be reduced.

I have been using Prisma Cloud by Palo Alto Networks for two years.

The stability is a 10 out of 10.

The scalability is also a 10 out of 10.

We have a team of 25 to 30 people. Our company is based in India, but we have offices in Malaysia, Singapore, and Bangladesh, and we have clients in India and outside of India. Most of them are enterprise-level.

Their technical support comes up with great solutions. Every time we call we definitely get a solution.

Positive

It is onboarding in the cloud. There are a lot of documents, but it is quite easy. I'm into training as well, and it is quite easy for me to train my interns on how to onboard accounts to Prisma Cloud. If we are only onboarding one account, it happens in minutes.

In terms of price, we have to see the value we are getting for the particular penny we are paying. In that context, Prisma Cloud is a value-back cloud-managed solution; cloud-native solutions are quite expensive. That's why a lot of our clients are shifting from cloud-native to Prisma Cloud: because of its effectiveness and because it is budget-friendly as well.

I love Prisma Cloud. It's a one-stop shop for managing cloud security. And it is very easy to use. The dashboard and all the UI are very easy.

From a business perspective, our clients use Prisma Cloud by Palo Alto Networks to meet compliance and get more visibility into the cloud.

When people start their cloud journey, they do it per their business needs, but eventually, they reach a point where many infrastructures are created. Still, there aren't enough governance factors, so they buy Prisma Cloud by Palo Alto Networks for compliance from a government perspective. They also want to know how much infrastructure has been created and their exact locations, including their vulnerabilities against threats, and get more visibility into those threats and vulnerabilities.

We work with all models of Prisma Cloud by Palo Alto Networks, including data, container, and IM security.

Our clients are medium and enterprise clients, as the solution would take too much effort for small-sized businesses or clients.

What I found most valuable in Prisma Cloud by Palo Alto Networks is the VAS, such as the web application and API security, primarily because the solution goes in tandem with Kubernetes or the containers. This is why I feel that VAS adds a lot of value, mainly because it gives visibility through the application layer and threat detection features.

Another valuable feature of Prisma Cloud by Palo Alto Networks is the CSPM, simply because it's essential to understand what threats you'll face when starting your cloud journey or in the middle of your cloud journey.

The VAS and the CSPM are the most valuable features because they work in tandem to provide users with the required visibility.

A third valuable functionality you can get from the solution is the ability to investigate and build the correlation between the network, IAM, and other configurations. I saw a new level of maturity in this aspect from Prisma Cloud by Palo Alto Networks, which I didn't see from other solutions or vendors.

The solution also provides security for multi and hybrid-cloud environments. You can do AWS, Azure, etc., and even on-premises; wherever Kubernetes is supported, Prisma Cloud by Palo Alto Networks could support it.

Prisma Cloud by Palo Alto Networks also has a preventative approach to cloud security because it acts as a defense through prevention and banning.

I also saw that the solution is comprehensive in securing the entire development cycle, such as in building, deployment, and running, because it provides a dedicated CCS (Cloud Core Security) functionality, which is leverage.

Prisma Cloud by Palo Alto Networks has done great at the identity or ID, filter, VAS, and CCS levels.

Many more aspects can be covered in the cloud, but not all of them are addressed by Prisma Cloud, which can be one area for improvement.

For example, Prisma Cloud covers computing, network layer, identity and access management, and configuration management. Still, if you're looking for other aspects, such as ones beyond the cloud, the solution may not cover those. It can cover host containers, serverless and embedded apps, and PaaS, or aspects under computing, network connectivity, and identity and configuration management. Data may also be covered, but there is no data governance here in India. Storage may also be included, such as self-service GCS, but I did see that the solution is not very comprehensive, though you may not need all other aspects. Currently, Prisma Cloud only focuses on compute networking, data governance, and IAM, which could be improved.

As for the security automation capabilities of the solution, it is good, but there's still room for improvement because, at times, the access itself is not very consistent. My company has faced certain issues where it would have been better if the whole process, hub, or tool were more straightforward.

I also mentioned that the data governance functionality is not supported here in India, but Palo Alto Networks did not give an explanation about it.

My company also utilized GCP, and it was simpler. However, it did not have the intelligence of Prisma Cloud by Palo Alto Networks. Though Prisma Cloud by Palo Alto Networks provides excellent security, is a pioneer in this space, and knows what it's doing, from a user perspective, it would have been better if it was a little easier to use. Right now, my rating for the solution based on ease of use would be a four out of five or a nine out of ten.

In terms of Prisma Cloud by Palo Alto Networks providing visibility and control regardless of how complex or distributed cloud environments become, it does for complex and distributed environments in the networking aspect. However, this is not true in the identity aspect. The solution only manages Okta, Azure, and AD, but it does not support the most popular Google Workspace, so that is another downside of Prisma Cloud by Palo Alto Networks.

Prisma Cloud could also be improved by adding Google Workspace as an identity.

I also mentioned previously that the user experience in the solution could be better. It could be easier. For example, Elasticsearch and Chronicle both have SIEMs, and they made it easier for people, both cognitively and intuitively. Prisma Cloud by Palo Alto Networks talks about CWP, CSPM, SIEM, and DNS, for example. Still, if you look at its console, you won't find any of those terms mentioned, so a person who comes from the presentation to the theory to the practical world may not be able to find a correlation. If Prisma Cloud by Palo Alto Networks has some diagram that explains and allows users to understand all these, it becomes easier. Otherwise, it'll be a little steep for somebody to start the journey with this solution. This also means you need some security knowledge before you can even begin using Prisma Cloud by Palo Alto Networks.

The setup process for Defender in the solution also needs improvement as it takes a day or two, but that is not even mentioned in the portal, so many customers think that there is something wrong during the setup, only to eventually realize that it is normal and that it'll be okay in two to three days. Another example is setting up Auto-Defend in Prisma Cloud by Palo Alto Networks, where you'd think your AWS system was malfunctioning when the delay is caused by the logs not being updated faster. There should be documentation that explains the setup process and how many days it usually takes to complete the setup.

It's the same for onboarding, as it could take several days, so if the process could be made easier, that would help the customers. My company has received feedback that customers have generally found it challenging to start using Prisma Cloud by Palo Alto Networks, though it could still depend on the person.

We've worked with and used Prisma Cloud by Palo Alto Networks for over two years.

Prisma Cloud by Palo Alto Networks has mostly been stable. However, there were some instances when it was not as stable, particularly the Defender setup, where it did not work for three days, so my team had to escalate, and then it suddenly worked. The issues usually happen during implementation, but you will not have as many challenges after it is implemented.

Stability-wise, the solution is a six out of ten for me.

Prisma Cloud by Palo Alto Networks is scalable, mainly because it is cloud-based.

My rating for the technical support provided by Prisma Cloud is four out of ten because it takes two to three days before support replies to you, and sometimes, you do not even get a valid or contextual answer. Sometimes, the team does not respond, and you do not even know if you will get a response. The technical support team has not been very friendly.

These are why I cannot give Prisma Cloud support a high rating.

Neutral

The initial deployment process for Prisma Cloud by Palo Alto Networks could be straightforward. Still, it becomes complex because of missing documentation that explains what happens during implementation and onboarding. Not everyone understands what needs to be done, so the process might look complex when it's not very complex.

The process requires you to onboard your account, set up your defenders and applications, and update specs and costs, but the available data could be more intuitive.

Deploying Prisma Cloud could take more than a day because the logs already take one day, plus it also depends on the number of hosts and containers.

My company is a reseller for Palo Alto Networks, so it does the implementation, POC, and setup for customers.

In terms of Prisma Cloud reducing runtime alerts overall for clients, that would be up to the clients or customers. The solution is configured, so if you get a lot of alerts, you have to work towards burning down and making it contextual to your existing setup and what your business requires. From an implementation perspective, my company will set up the defaults, wait, and then work with the customer on how often they want to burn it down and contextualize it to their needs or requirements. Reducing runtime alerts is essentially up to the customers because if the customer gets a lot of alerts and does not spend time to make them contextual, then that customer will continue to get alerts. It is essential to make it contextual to your system if you want to reduce the alerts you receive.

Here is how I would rate Prisma Cloud by Palo Alto Networks: as a pioneer solution, and as it is cloud-based, and considering the security perspective, the solution is an eight out of ten, so the rating is high. However, in terms of setting it up and implementing it from a customer's point of view, Prisma Cloud by Palo Alto Networks becomes a seven out of ten. Not all things often work, and you still have many features you need to explore as a customer. Support for partners or the portal could also be better, where it should give more information, so the rating becomes a five out of ten. Overall, my rating for Prisma Cloud by Palo Alto Networks is a seven out of ten based on experience, but at this point, it could still be the market leader.

My company is a reseller, partner, and implementer of Prisma Cloud by Palo Alto Networks.

We primarily use Prisma Cloud as a cloud security posture management (CSPM) module. Prisma Cloud is designed to catch vulnerabilities at the config level and capture everything on a cloud workload, so we mainly use it to identify any posture management issues that we are having in our cloud workloads. We also use it as an enterprise antivirus solution, so it's a kind of endpoint security solution.

Our setup is hybrid. We use SaaS also. We mostly work in AWS but we have customers who work with GCP and Azure as well. About 60 percent of our customers use AWS, 30 percent use Azure, and the remaining 10 percent are on GCP. Prisma Cloud covers the full scope. And for XDR, we have an info technology solution that we use for the Gulf cloud. So we have the EDF solution rolled out to approximately around 500 instances right now.  

Prisma Cloud is used heavily in our all production teams. Some might not be directly using the product since our team is the service owner and we manage Prisma. Our team has around 10 members teams, and they are the primary users. From an engineering aspect, there are another 10 team members who use it basically. Those are the actual people who work hands-on with Prisma Cloud. Aside from that, there are some product teams that use Prisma indirectly. If we detect something wrong with their products, we take care of it, but I don't think they have an active account on Prisma Cloud.

Prisma Cloud has been helpful from a security operations perspective. When a new product is getting onboarded or we are creating a new product — specifically when we need to create a new peripheral— it's inevitable that there will be a kind of vulnerability due to posture management. Everything we produce goes through via CICD, and it's kind of automated. Still, there are some scenarios where we see some gaps. So we can discover where those gaps exist, like if someone left an open port or an instance got compromised. 

These kinds of situations are really crucial for us,  and Prisma Cloud handles them really well. We know ahead of time if a particular posture is bad and we have several accounts in the same posture. Prisma gives us a deep dive with statistics and metrics, so we know which accounts are doing bad in terms of posture, how many accounts are out of alignment with the policy strategy, how many are not compliant. Also, it helps us identify who might be doing something shady. 

So we get some good functionality overall in that dashboard. Their dashboard is not customizable, however, so that's a feature we'd like to say. At the same time, what they do provide on their dashboard is pretty helpful. It enables us to make the posture management more mature. We're able to protect against or eliminate some potential incidents that could have happened if we didn't have Prisma. 

Prisma Cloud is quite simple to use. The web GUI is powerful. Prisma Cloud scans the overall architecture of the AWS network to identify open ports and other vulnerabilities, then highlights them. It's really good at managing compliance. We get out-of-the-box policies for SOC 2, Fedramp, and other compliance solutions, so we do not need to tune most of the rules because they are quite compliant, useful, and don't get too many false positives. 

And in terms of Prisma Cloud's XDR solution, we do not have anything at scope at present that can give us the same in-depth visibility on the endpoint level. So if something goes bad on the endpoint, Prisma's XDR solutions can really go deep down to identify which process is doing malicious activity, what was the network connection, how many times it has been opened, and who is using that kind of solution or that kind of process. So it's a long chain and its graphical representation is also very good. We feel like we have power in our hands. We have full visibility about what is happening on an endpoint level. 

When it comes to securing new SaaS applications, Prism Cloud is good. If I had to rate it, I would say seven out of 10. It gives us really good visibility. In the cloud, if you do not know what you are working with or you do not have full visibility, you cannot protect it. It's a good solution at least to cover CSPM. We have other tools also like Qualys that take care of the vulnerability management on the A-level staff — in the operating system working staff — but when it comes to the configuration level, Prisma is the best fit for us. 

Prisma Cloud's dashboards should be customizable. That's very important. Other similar solutions are more elastic so you have the power to create customized dashboards. In Prisma Cloud, you cannot do that. Prisma also should allow users to fully automate the workflow of an identified set. Right now, it can give us a hint about what has happened and there is an option to remediate that, but for some reason, that doesn't work. 

Another pain point is integration with ticketing solutions. We need bidirectional integration of Prisma Cloud and our ticketing tool. Currently, we only have one-way integration. When an alert appears in Prisma Cloud, it shows up in our ticketing tool as well. But if someone closes that ticket in our ticketing tool, that alert doesn't resolve in Prisma Cloud. We have to do it manually each time, which is a waste of time. 

 I am not sure how much Prisma Cloud protects against zero-day threats. Those kinds of threats really work in different kinds of patterns, like identify some kind of CBE, that kind of stuff. But considering the way it works for us, I don't think it'll be able to capture a zero-day threat if it is a vulnerability because Prisma Cloud actually doesn't capture vulnerability. It captures errors in posture management. That's a different thing. I don't know if there is any zero-day that Prisma can identify in AWS instantly. Probably, we can ask them to create a custom policy, but that generally takes time. We haven't seen that kind of scenario where we actually have to handle a zero-day threat with Prisma Cloud, because that gets covered mostly by Qualys.

I've been using Prisma Cloud for almost two years now.

Prisma Cloud is quite stable. At times, it goes down, but that's very rare. We have some tickets with them, but when we see some issues, they sort it out in no time. We do not have a lot of unplanned downtime. It happens rarely. So I think in the last year, we haven't seen anything like that.

Prisma Cloud is quite scalable. In our current licensing model, we're able to heavily extend our cloud workload and onboard a lot of customers. It really helps, and it is on par with other solutions.

I think Prisma Cloud's support is quite good. I would rate them seven out of 10 overall. They have changed their teams. The last team was comparatively not as good as the one we have right now. I would rate them five out of 10, but they have improved a lot. The new team is quite helpful. When we have an issue, they take care of it personally if we do not get an answer within the terms of the SLA. We tend to escalate to them and get a prompt answer. The relationship between our management and their team is quite good as well. .

We have a biweekly or weekly call with their tech support team. We are in constant communication about issues and operating problems with them. It's kind of a collab call with their tech support team, and we have, I think, a monthly call with them as well. So whenever we have issues, we have direct access to their support portal. We create tickets and discuss issues on the call weekly.

Transitioning to the new support team was relatively easy. They switched because of the internal structure and the way they work. Most of the engineering folks work out of Dublin and we are in India. The previous team was from the western time zone. That complicated things in terms of scheduling. So I think the current team is right now in Ireland and it's in the UK time zone. That works best for us. 

We have an engineering team that does the implementation for us, and our team specifically handles the operations once that product is set up for us. And then that product is handed over to us for the daily BA stuff accessing the security, the CSPM kind of module. We are not involved directly. When the product gets onboarded, it's handed over to us. We handle the management side, like if you need to create a new rule or you need to find teams for the rule. But the initial implementation is handled by our engineers.

I would rate Prisma Cloud six out 10. I would recommend it if you are using AWS or anything like that. It's quite a tool and I'm impressed with how they have been improving and onboarding new features in the past one and a half years. If you have the proper logging system and can implement it properly within your architecture, it can work really well.

If you are weighing Prisma Cloud versus some CASB solution, I would say that it depends on your use case. CASBs are a different kind of approach. When someone is already using a CASB solution, that's quite a mature setup while CSPM is another side of handling security. So if someone has CASB in place and feels they don't need CSPM, then that might be true for a particular use case at a particular point in time. But also we need to think of the current use case and the level of maturity at a given point in time and consider whether the security is enough.

We are using it for monitoring our cloud environment and detecting misconfigurations in our hosted accounts in AWS or Azure.

As the security operations team, our job is to monitor for misconfigurations and potential incidents in our environment. This solution does a good job of monitoring those for us and of alerting us to misconfigurations before they become potential security incidents or problems.

We've set the tool up so that it provides feedback directly to the teams responsible for their AWS or cloud accounts. It has been really helpful by getting information directly to the teams. They can see what the problem is and they can fix it without us having to go chase them down and tell them that they have a misconfiguration.

The solution secures the entire spectrum of compute options such as hosts and VMs, containers and Containers as a Service. We are not using the container piece as yet, but that is a functionality that we're looking forward to getting to use. Overall, it gives us fantastic visibility into the cloud environment.

Prisma Cloud also provides the data needed to pinpoint root cause and prevent an issue from occurring again. A lot of that has to do with the policies that are built into the solution and the documentation around those policies. The policy will tell the user what the misconfiguration is, as well as give them remediation steps to fix the misconfiguration. It speeds up our remediation efforts. In some of the cases, when my team, the security team, gets involved, we're not necessarily experts in AWS and wouldn't necessarily know how to remediate the issue that was identified. But because the instructions are included as part of the Prisma Cloud product, we can just cut and paste it and provide it to the team. And when the teams are addressing these directly, they also have access to those remediation instructions and can refer them to figure out what they need to do to remediate the issue and to speed up remediation on misconfigurations. 

In some cases, these capabilities could be saving us hours in remediation work. In other cases, it may not really be of value to the team. For example, if an S3 bucket is public facing, they know how to fix that. But on some of the more complex issues or policies, it might otherwise take a lot more work for somebody to figure out what to do to fix the issue that was identified.

In terms of the solution’s ability to show issues as they are discovered during the build phases, I can only speak to post-deployment because we don't have it integrated earlier in the pipeline. But as far as post-deployment goes, we get notified just about immediately when something comes up that is misconfigured. And when that gets remediated, the alert goes away immediately in the tool. That makes it really easy in a shared platform like this, where we have shared responsibility between the team that's involved and my security operations team. It makes it really easy for us to be able to go into the tool and say, "There was an alert but that alert is now gone and that means that the issue has been resolved," and know we don't have to do any further research.

For the developers, it speeds up their ability to fix things. And for my team, it saves us a ton of time in not having to potentially investigate each one of those misconfigurations to see if it is still a misconfiguration or not, because it's closed out automatically once it has been remediated. On an average day, these abilities in the solution save my team two to three hours, due to the fact that Prisma Cloud is constantly updating the alerts and closing out any alerts that are no longer valid.

The policies that come prepackaged in the tool have been very valuable to us. They're accurate and they provide good guidance as to why the policy was created, as well as how to remediate anything that violates the policy. 

The Inventory functionality, enabling us to identify all of the resources deployed into a single account in either AWS or Azure, or into Prisma Cloud as a whole, has been really useful for us.

And the investigate function that allows us to view the connections between different resources in the cloud is also very useful. It allows us to see the relationship traffic between different entities in our cloud environment.

The integration of the Compute function into the cloud monitoring function—because those are two different tools that are being combined together—could use some more work. It still feels a little bit disjointed.

Also, the permissions modeling around the tool is improving, but is still a little bit rough. The concept of having roles that certain users have to switch between, rather than have a single login that gives them visibility into all of the different pieces, is a little bit confusing for my users. It can take some time out of our day to try to explain to them what they need to do to get to the information they need.

I have been using Palo Alto Prisma Cloud for about a year and a half.

We really have had very few issues with the stability. It's been up, it's been working. We've had, maybe, two or three very minor interruptions of the service and our ability to log in to it. In each case there was a half an hour or an hour, at most, during which we were unable to get into it, and then it was resolved. There was usually information on it in the support portal including the reason for it and the expectation around when they would get it back up.

It seems to scale fine for us. We started out with 10 to 15 accounts in there and we're now up to over 200 accounts and, on our end, seemingly nothing has changed. It's as responsive as it's ever been. We just send off our logs. Everything seems to integrate properly with no complaints on our side.

We have nearly 600 users in the system, and they're broken out into two different levels. There are the full system administrators, like myself and my team and the security team that is responsible for our cloud environment as a whole. We have visibility across the entire environment. And then we have the development teams and they are really limited to accessing their specific accounts that are deployed into Prisma Cloud. They have full control over those accounts.

For our cloud environments, the adoption rate is pretty much 100 percent. A lot of that has to do with that automated deployment we created. A new account gets started and it is automatically added to the tool. All of the monitoring is configured and everything else is set up by default. You can't build a new cloud account in our environment without it getting added in. We have full coverage, and we intend to keep it that way.

Tech support has been very responsive. They are quick to respond to tickets and knowledgeable in their responses. Their turnaround time is usually 24 to 48 hours. It's very rare that we would open anything that would be considered a high-priority ticket or incident. Most of the stuff was lower priority and that turnaround was perfectly acceptable to us.

This is our first tool of this sort.

The initial setup was really straightforward. We then started using the provided APIs to do some automated integration between our cloud environment and Prisma Cloud. That has worked really well for us and has streamlined our deployment by a good deal. However, what we found was that the APIs were changing as we were doing our deployment. We started down the path we created with some of those integrations, and then there were undocumented changes to the APIs which broke our integrations. We then had to go back and fix those integrations.

What may have happened were improvements in the API on the backend and those interfered with what we had been doing. It meant that we had to go back and reconfigure that integration to make it work. My understanding from our team that was responsible for that is that the new integration works better than the old integration did. So the changes Palo Alto made were an improvement and made the environment better, but it was something of a surprise to us, without any obvious documentation or heads-up that that was going to change. That caught us a little bit out and broke the integration until we figured out what had changed and fixed it.

There is only a learning curve on the Compute piece, specifically, and understanding how to pivot between that and the rest of the tool, for users who have access to both. There's definitely a learning curve for that because it's not at all obvious when you get into the tool the first time. There is some documentation on that, but we put together our own internal documentation, which we've shared with the teams to give them more step-by-step instructions on what it is that they need to do to get to the information that they're looking for.

The full deployment took us roughly a month, including the initial deployment of rolling everything out, and then the extended deployment of building it to do automated deployments into new environments, so that every new environment gets added automatically.

Our implementation strategy was to pick up all of the accounts that we knew that we had to do manually, while we were working on building out that automation to speed up the onboarding of the new accounts that we were creating.

We did all of that on our own, just following the API documentation that they had provided. We had a technical manager from Palo Alto with whom we were working as we were doing the deployment, but the automated deployment work that we did was all on our own and all done internally.

At this point, we really don't have anybody dedicated to deployment because we've automated that process. That has vastly simplified our deployment. Maintenance-wise, as it is a SaaS platform, we don't really have anybody who works on it on a regular basis. It's really more ad hoc. If something is down, if we try to connect to it and if we can't get into the portal or whatever the case may be, then somebody will open a ticket with support to see what's going on.

We have seen ROI although it's a little hard to measure because we didn't have anything like this before.

The biggest areas of ROI that we've seen with it have been the uptake by the organization, the ease of deploying the tool—especially since we got that full automation piece created and taken care of—as well as the visibility and the speed at which somebody can start using the tool. I generally give employees about an hour or two of training on the tool and then turn them loose on it, and they're capable of working out of it and getting most of the value. There are some things that take more time to get up to speed on, but for the most part, they're able to get up to speed pretty quickly, which is great.

The pricing and the licensing are both very fair.

There aren't any costs in addition to the standard licensing fees, at this time. My understanding is that at the beginning of 2021 they're not necessarily changing the licensing model, but they're changing how some of the new additions to the tool are going to be licensed, and that those would be an additional cost beyond what we're paying now.

The biggest advice I would give in terms of costs would be to try to understand what the growth is going to look like. That's really been our biggest struggle, that we don't have an idea of what our future growth is going to be on the platform. We go from X number of licenses to Y number of licenses without a plan on how we're going to get from A to B, and a lot of that comes as a bit of a surprise. It can make budgeting a real challenge for it. If an organization knows what it has in place, or can get an idea of what its growth is going to look like, that would really help with the budgeting piece.

We had looked at a number of other tools. I can't tell you off the top of my head what we had looked at, but Prisma Cloud was the tool that we had always decided that we wanted to have. This was the one that we felt would give us the best coverage and the best solution, and I feel that we were correct on that.

The big pro with Prisma Cloud was that we felt it gave us better visibility into the environment and into the connections between entities in the cloud. That visualization piece is fantastic in this tool. We felt like that wasn't really there in some of the other tools. 

Some of the other tools had a little bit better or broader policy base, when we were initially looking at them. I have a feeling that at this point, with the rate that Palo Alto is releasing new policies and putting them into production, that it is probably at parity now. But there was a feeling, at the time, among some of the other members of the team that Palo Alto came up short and didn't have as many policies as some of the other tools that we were looking at.

I would highly recommend automating the process of deploying it. That has made just a huge improvement on the uptake of the tool in our environment and in the ease of integration. There's work involved in getting that done, but if we were trying to do this manually, we would never be able to keep up with the rate that we've been growing our environment.

The biggest lesson I've learned in using this solution is that we were absolutely right that we needed a tool like this in our environment to keep track of our AWS environment. It has identified a number of misconfigurations and it has allowed us to answer a lot of questions about those misconfigurations that would have taken significantly more time to answer if we were trying to do so using native AWS tools.

The tool has an auto-remediation functionality that is attractive to us. It is something that we've discussed, but we're not really comfortable in using it. It would be really useful to be able to auto-remediate security misconfigurations. For example, if somebody were to open something up that should be closed, and that violated one of our policies, we could have Prisma Cloud automatically close that. That would give us better control over the environment without having to have anybody manually remediate some of the issues.

Prisma Cloud also secures the entire development lifecycle from build to deploy to run. We could integrate it closer into our CI/CD pipeline. We just haven't gone down that path at this point. We will be doing that with the Compute functionality and some of the teams are already doing that. The functionality is there but we're just not taking advantage of it. The reason we're not doing so is that it's not how we initially built the tool out. Some of the teams have an interest in doing that and other teams do not. It's up to the individual teams as to whether or not it provides them value to do that sort of an integration.

As for the solution's alerts, we have them identified at different severities, but we do not filter them based on that. We use those as a way of prioritizing things for the teams, to let them know that if it's "high" they need to meet the SLA tied to that, and similarly if it's "medium" or "low." We handle it that way rather than using the filtering. The way we do it does help our teams understand what situations are most critical. We went through all of the policies that we have enabled and set our priority levels on them and categorized them in the way that we think that they needed to be categorized. The idea is that the alerts get to the teams at the right priority so that they know what priority they need to assign to remediating any issues that they have in their environment.

I would rate the solution an eight out of 10. The counts against it would be that the Compute integration still seems to need a little bit of work, as though it's working its way through things. And some of the other administrative pieces can be a little bit difficult. But the visibility is great and I'm pretty happy with everything else.

The solution is integrated with cloud environments such as Azure, Alibaba, and Oracle. After integrating, we do check the network logs, including what are the config logs or configuration issues clients are facing. We see what their cloud requirements are. There are email use cases specific to the modules, and we do have visibility over the entire cloud environment. We handle vulnerability management and can block according to the rules and policies. 

We can manage identities as well, right down to a particular machine. 

We've been able to solve various problems. It's helped with cloud security. It problem solves for threat detection and compliance. 

It's helped clients with cloud security. When it comes to the financial aspect, we have clear visibility into what is going on, and we have a clear idea of how we can inspect and prevent issues. 

It offers full visibility.

There is auto-remediation capability with this solution. 

It offers threat detection across multi-cloud environments. Many clients are using hybrid setups and different clouds in India. When it integrates, it's helpful in gaining visibility across the entire environment.

It is comprehensive. It's very easy to define rules and auto-remediation. It's basically one click. It's great for protecting the full cloud-native stack. 

The security automation capabilities are very good. It's played an important role with auto-remediation, which is important to the automation process. We can decide how we want to respond as well. We can arrange logs and alerts. All of this can be automated. 

It allows us to take a preventative approach to security. When I started with Prisma, we had sessions about how we could work with the capabilities. We have a lot of features in Prisma Cloud. The UI has improved and helped us gather information about vulnerabilities and compliance issues.

The build, deploy, and run lifecycle is good. We have particular pipelines, and we have out-of-the-box policies defined. We can see what is going on. We can move faster within the environment with it. 

It provides complete microservices that we can check on a micro level. The solution provides visibility and control regardless of how complex or distributed our cloud environments become.

The solution enabled us to enter our CI/CD pipeline and touchpoints into existing processes. It provides us with a good backbone. 

We are provided with a single tool to protect all of our cloud resources and applications without having to manage and reconcile compliance reports. It can fetch the reports for us. We have APIs and pretty refined plugins to get the reports. We can get it all from the console. We can also schedule reporting. The third-party integrations are very helpful.

The runtime policy is very helpful. We can define runtime rules and go through alerts or blockages. It's one of the best parts of the solution. It's reduced the number of alerts, sometimes by 80% to 90%, depending on the situation.

With the amount of visibility we get, we've been able to reduce alert investigation times. We can investigate if we need to, or we can make custom answers to specific alerts. Depending on your level of expertise in the tool, it barely takes any time at all. If you understand the case, if you already know the type of answer, you can put it in. With Prisma, we've been able to reduce investigation times by 80%.

While, as a cloud security engineer, I can't say how much money it saves, I can see the credit, and it looks like less money is spent.

When there are updates, whether daily, weekly, or monthly, it needs configuration or permission adjustments. There is no automation for that, which is too bad. 

I've been using the solution for two years. 

This is a very stable product. 

Prisma users are increasing day by day. We have a team of around 12 people using the solution. We have a variety of clients coming onto Prisma, and we work to help them become more compliant using the solution. 

It's very scalable and very easy to use. 

We used technical support during deployment, and they were very good. Technical support is awesome. 

Positive

I haven't really worked with other tools. I started with Prisma Cloud.

The initial setup is pretty straightforward. We had good support to help with learning and the capabilities of the solution. 

The training took two to three weeks. The deployment would take around two to three days. 

There isn't too much maintenance. There are updates. There's nothing other than that. 

Prisma's support helped with the deployment. 

We are a Palo Alto partner.

After using the solution for about two years, I would rate it nine out of ten so far. 

We use Prisma Cloud by Palo Alto Networks to scan the Kubernetes cluster.

We use Prisma Cloud's threat detection module.

We implemented Prisma Cloud by Palo Alto Networks to help us address vulnerabilities within our Kubernetes cluster.

Prisma Cloud provides security in multi- and hybrid-cloud environments. It is a security console that is essential to our organization. We have implemented Prisma Cloud on the Kubernetes cluster for threat detection and vulnerability monitoring.

Prisma Cloud's security automation capabilities are good. Once integrated with our Kubernetes cluster, it automatically detects vulnerabilities and provides reports in the dashboard, which we can use to generate CSV formats to help our development team detect vulnerabilities.

Before implementing Prisma Cloud, we had difficulty preventing threats. After implementation, the vulnerabilities were resolved, and we now receive immediate notifications to help us prevent threats.

Prisma Cloud protects both our Azure and AWS cloud environments.

The most valuable features are vulnerability monitoring, serverless access, container runtime features, and Defender.

Prisma Cloud supports generating CSV files, but I would also like it to generate PDF files for reporting. 

I have been using Prisma Cloud by Palo Alto Networks for two years.

Prisma Cloud has a stability rating of 99.99 percent.

The solution has very good performance 

The technical support is dedicated and they respond quickly.

Positive

We previously used Lacework, but we faced some licensing issues in our parent company, so we switched to Prisma Cloud.

The initial setup is straightforward and was completed by my manager and me.

Initially, we implemented it along with the vendor team, they guided us excellently.

Prisma Cloud's pricing is good.

We evaluated other solutions' costs and features.

I would rate Prisma Cloud a ten out of ten.

Twenty-four people monitor Prisma Cloud alerts each day in our organization, and any issues are sent to developers to be addressed.

Maintenance is required to upgrade the dashboard.

We use this solution to detect misconfigurations in the cloud. It's a multi-cloud solution, so if you're running a multi-cloud environment like Azure, AWS, and GCP, you only need to deploy a single solution. It assists with improving the security posture of an organization.

I use CSPM and CWPP. The previous organization I worked for used both, but the company I work for now only uses CSPM. I've also worked with code security.

We recently acquired this solution, so it has slowly started gaining momentum in my organization.

This solution provides us with a single tool to protect all of our cloud resources and applications without having to manage and reconcile different security and compliance reports. It's a single solution for everything in a multi-cloud environment.

It enhances operations, but it's a pretty measurable tool. It provides comprehensive visibility.

It provides risk clarity at runtime across the entire pipeline and shows issues as they are discovered during the build phases. 

The modules in CSPM and CWPP are visibility, compliance governance, threat detection, data security, host security, container security, serverless security, web application, and API security. This is an additional cost, so I don't think any organization uses all of the modules.

I previously worked for a health organization that was using this solution. They were able to get certified in HITRUST using this product.

Our developers are able to correct issues using the tools they use to code.

The CSPM and CWPP functionalities are pretty good. It depends on what kind of data you have in your cloud, your workload, and some other factors. If you're doing a lot of containers, you need CWPP models. If you just do regular cloud contributions, then you can use CSPM.

It provides security spanning multi and hybrid-cloud environments. My current organization's goal is to migrate to the cloud eventually. If that's your organization's goal, you need to have some kind of security mechanism or protection in place to make sure that the resources you're building in the cloud are built for the best security practices and are free of misconfiguration vulnerabilities. 

When we deploy containers in any cloud, the runtime protection is really good. If a container is running any kind of application, it can detect a cryptomining attack. The solution also provides File Integrity Monitoring testing.

It has various models and provides comprehensive visibility. It shows us how our assets are performing in any of our clouds. It gives us a holistic view of our native cloud environment, and we can also fine-tune the policies for our architecture.

The modules help us take a preventative approach to cloud security. Flow Logs provide a real-time assessment of our network.

It recently integrated with another company called Checkov. It checks all the misconfigurations that a developer could make during the build phase. This means that whenever we're building any kind of application or deploying any application, it will detect it right away. We can integrate it into our CI/CD pipeline or with any other Jenkins plugins. I tested those use cases as well. The solution has improved since they integrated the product with Checkov.

It provides good visibility. In terms of controls, it depends on how you want to do it. Sometimes, you need to be specific in terms of controls. With runtime detection, it's going to be more powerful. We're confident that our assets are secure.

The solution is capable of integrating security into our CI/CD pipeline and adding touch points into existing DevOps processes. We don't have the option to leverage it, but I have tested it in my previous organization.

This solution is more AWS and Azure-centric. It needs to be more specific on the GCP side, which they are working on.

I have been using this solution for about two and a half years.

The solution is reliable.

The solution is scalable.

Technical support is very helpful. I would rate them a nine out of ten. We have a weekly cadence.

Positive

The setup was very easy and straightforward. We haven't set up the automation perspective. We're still testing it, so we haven't leveraged it yet.

The setup didn't take very long, but it will be different for every organization. If your cloud architect team is willing to deploy with you, it shouldn't take more than a week. It also depends on how large the organization is and how many subscriptions are in the cloud environment.

We don't need to maintain anything on the console side.

We used an integrator from Palo Alto. They were very good and offered great support.

The solution is pretty expensive. It all depends on the organization's goals and needs.

The cost depends on the pricing model. Compared to other solutions, the cost isn't that bad.

I compared the solution to other security products like Fortinet, Lacework, and Security Command Center.

I would rate this solution as eight out of ten. 

Those who want to use this solution, need to understand the concept behind this product and get to know their own environment first. The solution will give you holistic visibility of your assets, which will show you what needs to be fixed. Security comes with an expense, so it depends on what you want to leverage and where.

I'm still testing the automation capabilities because my organization is specific to one cloud. They were more aggressive on Azure and AWS Prisma Cloud, but now they are considering GCP customers as well.

We're still in POC mode for continuous security that comes under runtime protection. I can't 100% guarantee that it reduces runtime alerts.