Prisma Cloud by Palo Alto Networks Reviews

My company provides solutions for Cisco customers and helps them secure their cloud environments. Most of our clients are adapting to the cloud, and we're trying to resolve vulnerabilities in their configurations. I use all of the Prisma Cloud modules but have expertise in the CSPM and CWP modules. We work with SMEs but also have some enterprise clients. 

Using Prisma Cloud has improved customer satisfaction. Our customers are happy with the solution and the level of security we can provide with this. Prisma can secure a cloud-native development cycle. We can configure Prisma to run a scan before we build the images. 

Prisma is known for its visibility and comprehensiveness. It provides insight into our entire inventory of assets and everything happening in our multi-cloud or hybrid environments. We want to know all the services working in our environment and who is accessing them. 

It provides a single tool for protecting all cloud resources without the need to reconcile compliance reports. All of our reports come into Prisma's CSPM module via the APIs. It's easy to get the reports coming into CSPM. We can get the inventory, asset, and alert reports containing all of the alert notifications coming into the CWPP and the reliability and compliance. It has enhanced our overall reporting experience. We can do a deep dive into alerts from various integrated third-party applications and get alerts sent via email or SMS text to keep track of any incidents in our environment.

My favorite feature is the CWPP module. We can define various kinds of rules for vulnerabilities, incidents, or suspicious activities. Prisma Cloud covers various cloud providers, including AWS and GCP. It covers every cloud on the market. 

Many customers in finance, healthcare, and other industries are adopting cloud or hybrid environments. Some of them are using GCP, AWS, and Azure services together, and Prisma is compatible with all of them.

Prisma's ability to protect a fully cloud-native stack is comprehensive. We benefit from Palo Alto's technical knowledge, training sessions, and learning programs to develop robust solutions for our customers. Prisma's automation features are helpful. We can set up automated remediation, messaging, and alerts. The CSPM module can be automated directly, and we can automate runtime rules in the CWP module. We can also automate some code scanning. 

Prisma is integrated into our CI/CD pipeline through the CWP module. We can load the images into Azure DevOps and scan them for vulnerabilities or compliance issues. We can block the vulnerabilities or disable the application so it cannot run with the vulnerabilities in place. 

Runtime alerts are among the best capabilities. In CWP, we have to block malicious or suspicious activities to stop the incoming attacks against our workloads. Using various templates, we can reduce our runtime alerts by 60 to 70 percent. 

I have some challenges customizing and personalizing some of the capabilities in the CSPM in terms of new policies and services. We have to reconfigure and rebuild the CSPM.

I have used Prisma Cloud for around three years. 

I rate Prisma Cloud nine out of 10 for stability. 

I rate Prisma Cloud nine out of 10 for scalability.

I rate Palo Alto support 10 out of 10. They come and help us a lot. 

Positive

Deploying Prisma Cloud is straightforward. We received some training from Palo Alto's technical team. The deployment time varies depending on the client and the modules you deploy. It may take a few weeks or a couple of months. After deployment, Palo Alto handles the maintenance. They notify us by text or email when there will be a scheduled maintenance window. 

I'm not involved on the financial side, but I know that Prisma Cloud isn't cheap. 

I've seen some other solutions with CSPM and CWP capabilities, but they do not have the same coverage of multi-cloud or hybrid environments. That's an area where Prisma stands out from its competitors. 

I rate Prisma Cloud 10 out of 10. 

We used a couple of modules, mostly WAFs. We use it for detection. 

We use it for our modern infrastructure, mostly run on the cloud. We use it to measure the security of cloud-native infrastructure and to calculate the risk of the applications we use and APIs we interact with. We also use it to meet compliance requirements. We have plenty of use cases for this product.

We really wanted to capture all of the information. To make something in-house would be too much engineering work for us. We don't have to bui;d something from scratch; this allows us to use something that is highly accurate.

We're a fintech company and we deal with a bank. Doing certain tasks manually, like logging every node, server, and container, can take six to nine months. However, if you can automate the process, you achieve the same results in a short time span to help ensure product security.

We were using common CBE for general identities.

I personally used the web application API security, WAF for in-line controls. It helps with implementing an additional layer of security to block the attacks and get alerts on vulnerabilities. I am just focusing on that side.

The support is excellent. They'll call us personally and keep us updated. It's some of the best support I've dealt with.

It's great for protecting the full cloud-native stack. Being a security engineer, I have the visibility of the solution on the infrastructure. The tool is doing a good job of automating this process and making it less time-consuming for me. I don't need to handle as many manual tasks.

There are various cloud configurations that can help you gain insights. If a threat is on the portal, it will give you insight into the cloud infrastructure to help you improve the configuration to make it more secure. In terms of threat detection, you can see different kinds of payloads coming to the API. It helps you consider fixes, like adding more validation.

It is very easy for us to generate reports and download the findings while working with the team to resolve issues.

It's good for build, deploy, and run, however, we still need to figure out how to better integrate it. We're still in the early stages of exploring this for CI/CD. 

The solution does provide the visibility and control we need regardless of how complex or distributed your cloud environment becomes. When we were using our core infrastructure previously, we didn't have the visibility, for example, on which APIs we had or were using. Now, there's a better understanding. It's helped us become more confident in our security and compliance posture. If someone comes tomorrow to audit, we can do a fast report and we can pass that over to show to compliance. It would show the risk factors and what we are monitoring. It's the first thing we would go to during an audit, to provide transparency. 

The solution provides a single tool to protect all of our cloud resources and applications without having to manage and reconcile disparate security and compliance details. It's mandatory to have a tool like this to run a fintech in India as we need to have an audit trail in order to be able to submit reports. Operationally, it's helping us stay compliant. 

We are able to enable alerts. We are using it more manually. We can see alerts on Slack. We can configure alerts as we like.

The UI is good, however, they could improve the experience. The animations on the dashboard could be better. They may already be working on an update to improve this.

We'd like to understand better how to automate between the pipeline and CI/CD. There's a bridge needed between DevOps and security. We need to understand the alerts. There seems to be a gap in DevOps that we need to reconcile. 

I've been using the solution for more than six months. 

While running the solution, we have no issues at all. 

We have Prisma installed on Google Cloud, across multiple accounts and environments. We also have data recovery in another region. I'm not sure if that is covered by Prisma. 

It's scalable. It's not difficult. In fact, it's easy. You just need to add agents to the nodes you want. 

Technical support is great. There are two teams. One is always available. Another is creating tickets and looking into issues. Both are quite good. They are eager to support the customer. 

Positive

We were using another product previously. It was called Lacework. The virtual business aspect was a reason we switched. We also wanted to have more functionality and more insight and control into APIs. The visibility was also better with Prisma. 

The deployment was handled by the DevOps team, not the security team, which is the team I am a part of. There was a requirement to install it on every node of the infrastructure. However, my understanding is it did not take too much time. My understanding is that it was easy to install and it was done within 30 minutes to an hour. It was deployed in a very short amount of time. One person was able to deploy it; we didn't need a team. 

There may be some maintenance required. 

I'm not sure of the licensing terms or the exact pricing. 

We did evaluate multiple tools. We knew what we needed the tools to do and we were comparing them all together. We realized that Prisma did a better job and decided to go with them. 

I am a customer and end-user. 

I'm not sure if the product is useful in a multi-cloud environment. I hope it is. We just have the one cloud environment we use it in. That said, we are using it in multiple staging environments. 

We have not enabled the Code Security module. We still need to integrate in that sense with Prisma. We did do the integration with cloud infrastructure. 

For any product you choose, it's good to consider security. I'd recommend Prisma as it offers good security. 

I'd rate the solution eight out of ten. There isn't really anything missing in the product. However, there's always scope for improvement. 

In my organization, we use Prisma Cloud to Protect the cloud environment to identify misconfigurations and send the reports to the cloud account owners. We can use Prisma Cloud based on location or based on cloud accounts. 

The policies that we are using in our organization help us to work more effectively to identify misconfigurations based on severity and the dashboard is very user-friendly to work with. 

I am very happy to use this product and find it to be highly impressive.

Prisma improved our cloud environment. It helps to identify the misconfigurations by monitoring regularly which helps to secure the organization's cloud environment. 

This product helps our organization in various ways, including identifying account-level misconfigurations. It will protect the environment in many ways. With this, we can avoid data leakage and avoid/identify public and internal cloud-level misconfigurations will be identified.

Identifying misconfigurations and vulnerabilities from the cloud account level as well as the development and operational level helps to secure everything effectively. 

Vulnerabilities can be identified before deployment - which helps our DevOps team to minimize or reduce time in an effective way. 

Identifying misconfigurations and vulnerabilities at the first stage itself will help the organization save time and money - which is highly appreciated. 

For some custom policies, we need more features. For example, at the investigation tab level, while adding columns for required fields, you can't have more than three or four custom fields. New cloud policies can be added in the next release to address severity changes for the cloned policies. It would be nice to have alerts at the dashboard level. For example, if five members are working with 50 different policies, based on the user name, policies should be assigned with alerts that can be displayed either in a graphical or listed way.

I've used the solution for three years.

I'd rate the stability 4.5 out of five. 

I am highly impressed with the product's scalability. Whenever I have issues with the solution, I will get an immediate response from the product team. They will try to close the issue as soon as possible - which is highly impressive.

I am very happy with the customer service. Whenever I have issues with the solution, I will get an immediate response from the product team and they will try to close the issue as soon as possible. This level of service is highly impressive.

Positive

This is my first solution. I did not previously use anything else. 

The product team helped us when the Initial setup happened.

We implemented through a vendor team and I'd rate the service five out of five. 

When compared to other products, Prisma Cloud is high in pricing and licensing. However, when there is high security it can be expensive. Smaller organizations can't afford Prisma Cloud.

As this is my first solution, I didn't choose any other product other than Prisma Cloud.

There are three pieces to our use case. For the container piece, which used to be Twistlock, we use static scan to scan our artifact repositories and we use that data to remediate issues and provide it back to developers. We also do runtime monitoring on our orchestrators, which are primarily Kubernetes, but some DC/OS as well. Right now, it's all on-premises, although we'll be moving that to the cloud in the future. 

And we use what used to be RedLock, before it was incorporated into the solution.

Prisma Cloud has definitely enabled us to integrate security into our CI/CD pipeline and add touchpoints into existing DevOps processes for container. In the container those touchpoints are pretty seamless. We've been able to implement security control gates and automate notifications back to teams of vulnerabilities in the container orchestrator. It all works pretty smoothly, but it required a fair amount of work on our part to make that happen. But we did not run into limitations of the tool. It enabled us pretty well. The one part where we have a little bit of a gap that most of those are at deployment time. We haven't shifted all those controls back to the team level at build time yet. And we haven't really tackled the cloud space in the same way yet. 

I'm not sure we have SecOps in the container space exactly in the same way we do in other DevOps. We shifted a lot of the security responsibility into the development teams and into the Ops teams themselves. There's less of a separation. But overall, the solution has increased collaboration because of data visibility.

It also does pretty well at providing risk clarity at runtime, and across the entire pipeline, showing issues as they are discovered during the build phases. It does a good job in terms of the speed of detection, and you can look at it in terms of CVSS score or an arbitrary term for severity level. Our developers are able to correct the issues.

We are clearly better off in that we have visibility, where there was a gap before. We know where our container vulnerabilities and misconfigurations are, and even on the cloud side, where cloud misconfigurations are happening. That visibility is a huge benefit. 

The other part is actually using that data to reduce risk and that's happened really well on the container side. On the cloud side, there's still room to grow, but that's not an issue with Prisma Cloud itself. These tools are only a part of the equation. It takes a lot of organizational work and culture and prioritization to address the output of these tools, and that takes time.

The ability to monitor the artifact repository is one of the most valuable features because we have a disparate set of development processes, but everything tends to land in a common set of artifact repositories. The solution gives us a single point where we can apply security control for monitoring. That's really helpful.

Another valuable feature is the ability to do continuous monitoring at runtime. We can feed that data back to developers so they can get intelligence on what's actually deployed, and at what level, versus just what's in the artifact repository, because those are different.

In the security space, most security solutions typically do either development-side security, or they do runtime operational security, but not both. One of the relatively unique characteristics of this solution in the marketplace—and it may be that more and more of the container security solutions do both sides—is that this particular solution actually spans both. We try to leverage that.

And for the development side, we utilize both the vulnerability results from the static vulnerability scanning as well as the certain amount of configuration compliance information that you can gather from the static pre-deployment scans. We use both of those and we pay attention to both sides of that. Because this solution can be implemented both on the development side and on the runtime operational side, we look at the same types of insights on the operational runtime side to keep up with new threats and vulnerabilities. We feed that information back to developers as well, so they can proactively keep up.

We have multiple public clouds and multiple internal clouds. Some of it is OpenStack-based and some of it is more traditional VM-based. Prisma Cloud provides security spanning across these environments, in terms of the static analysis. When we're looking at the artifact repository, the solutions we're using Prisma Cloud to scan and secure will deploy to both public cloud and internal cloud. Moving into 2021, we'll start to do more runtime monitoring in public cloud, particularly in AWS. We're starting to see more EKS deployment and that's going to be a future focus area for us. It's extremely important to us that Prisma Cloud provides security across these environments. If Prisma didn't do that, that would be a deal-breaker, if there were a competitor that did. 

Public cloud is strategically very important to our company, as it probably is for many companies now, so we have to have security solutions in that space. That's why we say the security there is extremely important. We have regulatory compliance requirements. We have some contractual obligations where we have to provide certain security practices. We would do that anyway because they are security best practices, but there are multiple drivers.

Applying some of their controls outside of the traditional container space, for example, as we're doing hybrid cloud or container development, is helpful. Those things get their tentacles out to other areas of the infrastructure. An example would be that we look at vulnerabilities and dependencies as we develop software, and we use Prisma Cloud to do that for containers. We use other tools outside of the container space. They're starting to move into that other space so we can point Prisma Cloud at something like a GitHub and do that same scanning outside of the container context. That gives us the ability to treat security control with one solution.

When it comes to protecting the full cloud-native stack, it has the right breadth. They're covering all the topics I would care about, like container, cloud configuration, and serverless. There's one gap. There could be a better set of features around identity management—native AWS—IAM roles, and service account management. The depth in each of those areas varies a little bit. While they may have the breadth, I think there's still work to do in  flushing out each of those feature sets.

My understanding of Palo Alto's offerings is that they have a solution that is IAM-focused. It's called Prisma Access. We have not looked at it, but I believe it's a separately-licensed offering that handles those IAM cases. I don't know whether they intend to include any IAM-type of functionality in the Prisma Cloud feature set or whether they will just say, "Go purchase this separate solution and then use them next to each other."

Also, I don't think their SaaS offering is adoptable by large enterprises like ours, in every case. There are some limitations on having multiple consoles and on our ability to configure that SaaS offering. We would like to go SaaS, but it's not something we can do today.

We have some capability to do network functions inside of Prisma Cloud. Being able to integrate that into the non-cloud pieces of the Palo Alto stack would be beneficial.

The solution's security automation capabilities are mixed. We've done some API development and it's good that they have APIs, that's beneficial. But there is still a little disconnect between some of the legacy Twistlock APIs versus some of the RedLock APIs. In some cases the API functionality is not fully flushed out. 

An example of that is that we were looking at integrating Prisma Cloud scans into our GitHub. The goal was to scan GitHub repositories for CloudFormation and Terraform templates and send those to Prisma Cloud to assess for vulnerabilities and configuration. The APIs are a little bit on the beta-quality side. It sounds like newer versions that some of that is handled, but I think there's some room to grow. 

Also, our team did run into some discrepancies between what's available, API-wise, that you have to use SaaS to get to, versus the on-premise version. There isn't necessarily feature parity there, and that can be confusing.

We've been using Prisma Cloud by Palo Alto for about two-and-a-half years.

The stability has been excellent. The solution simply runs. It very seldom breaks and, typically, when it does, it's easy to troubleshoot and get back on track.

The scalability has been good for our use cases.

When we first adopted it, a single console could cover 1,000 hosts that were running container workloads. That was more than enough for us, and to date it has been more than enough for us, because we have multiple network environments that need to stay separated, from a connectivity standpoint. We've needed to put up multiple consoles, one to serve each of those network environments. Within each of those network environments, we have not needed to scale up to 1,000 yet.

There's wide adoption across our organizations, but at the same time there is tremendous room to grow with those organizations. Many organizations are using it somewhat, but we are probably at 20 to 25 percent of where we need to be.

It's safe to say we have several hundred people working with the solution, but it's not 1,000 yet. They are primarily developers. There are some operational folks who use it as well. To me, that speaks to the ease of deployment and administration of this solution. You really don't need a large operational group to deploy. When it comes to security, incident response, and the continuous monitoring aspects that a continual security team does, I don't have insight because I don't work in that area of the company, but I see that as expanding down the road. It's another area of growth for us.

Their technical support has been very good. Everyone that I've been involved with has been very responsive and helpful. They have remained engaged to drive resolution of issues that we have found.

We did not have a previous solution.

Standing up an instance is quite simple, for an enterprise solution. It has been excellent in that regard.

It's hard to gauge how long our deployment took. We have multiple consoles and multiple network contexts, and a couple of those have different sets of rules and different operational groups to work with. It took us several months across all those network environments that we needed to cover, but that's not counting the actual amount of time it took to execute steps to install a console and deploy it. The actual steps to deploy a console and the Defenders is a very small amount of time. That's the easiest part.

Our implementation strategy for Prisma Cloud was that we wanted to provide visibility across the SDLC: static scan, post-build, as things go to the artifact repository. Our goal was to provide runtime monitoring at our development, test, and production platforms.

We did it ourselves.

I don't know a better way to do it, but their licensing is a little confusing. That's due to the breadth of different types of technologies they are trying to cover. The way you license depends on where you're securing. When they were Twistlock it was a simple licensing scheme and you could tell what you were doing. Now that they've changed that scheme with Palo Alto, it is quite confusing. It's very difficult to predict what your costs are going to be as you try to expand coverage.

At the time we looked at our incumbent vendors and others that were container-specific. We were trying to avoid a new vendor relationship, if possible. We looked at Rapid7 and Tenable. Both were starting to get into the container space at the time. They weren't there yet. We did our evaluation and they were more along the lines of a future thought process than an implementable solution.

We looked at Twistlock, which was a start-up at the time, and Aqua because they were in the space, and we looked at a couple of cloud solutions, but they were in cloud and working their way to container. We did the same exercise with Evident.io and RedLock, before they were purchased by Palo Alto. They were the only vendors that covered our requirements. In the case of Twistlock, their contributions in the NIST 800-190 standards, around container security, helped influence our decision a little bit, as did the completeness of their vision and implementation, versus their competitors.

My advice would be not to look at it like you're implementing a tool. Look at it like you're changing your processes. You need to plan for the impact of the data for the various teams across Dev and Security and Ops. Think very holistically, because a lot of this cloud container stuff spans many teams. If you only look at it as "I'm going to plug a tool in and I'm going to get some benefit," I think you'll fail.

Prisma Cloud covers both cloud and container, or could cover either/or, depending on your needs. But in both of those cases, there's often confusion about who owns what, especially as you're creating new teams with the transition to DevOps and DevSecOps. Successful implementation has a lot to do with working out lines of ownership in these various areas and changing processes and even the mindset of people. You have to make strides there to really maximize the effectiveness of the solution.

The solution provides Cloud Security Posture Management in a single pane of glass if you're using the SaaS solution, but we do not. Our use case does not make it feasible for us to use the SaaS solution. But with the Prisma Cloud features and compute features in the self-hosted deployment, you have to go to multiple panes to see all the information.

When it comes to the solution helping us take a preventative approach to cloud security, it's a seven or eight out of 10. The detective side is a little higher. We are using the detective controls extensively. We're getting the visibility and seeing those things. There is a lot of hesitance to use preventative controls here, both on the development side—the continuous integration stuff—and particularly in the runtime, continuous monitoring protection, because you are just generally afraid. This mirrors years and years ago when intrusion prevention first came out at the network level. A lot of people wanted to do detection, but it took quite a few years for enterprises to get the courage to start actively blocking. We're in that same growth period with container security.

When it comes to securing the entire cloud-native development lifecycle, across build, deploy, and run, it covers things pretty well. When I think about it in terms of build, there are integrations with IDEs and development tools and GitHub, etc. Deploy is a little shakier to me. I know we have Jenkins integration. And run is good. In terms of continuous monitoring, it feels build and run are a little stronger than deploy. If we could see better integration with other tools, that might help. If I'm doing that deploy via Terraform or Spinnaker, I don't know how all that plays with the Jenkins integrations and some of the other integrations that Palo Alto has produced.

Overall, it feels like a pretty good breadth of integrations, as far as what they claim. They certainly support some things that we don't use here at build and deploy and runtime. But a lot of what they rely on, in terms of deploy, is API-driven, so it's not an easy-to-configure, built-in integration. It's more like, "We have an API, and if you want to write custom software to use that API, you can." They claim support in that way, but it's not at the same level as just configuring a couple of items and then you can scan a registry.

In the container space, we have absolutely seen benefit from the solution for securing the cloud-native development lifecycle. At the same time, it has required some development on our part to get the integration. Some of that is because we predated some of the integrations they offer. But in the container space, there has definitely been a huge impact. The impact has been less so in cloud configuration, because there are so many competing offerings that can do that with Terraform and Azure Security Center and Amazon native tools. I don't feel like we've made quite the same inroads there.

In terms of it providing a single tool to protect all of our cloud resources and applications, I don't think it does. Maybe that's because of our implementation, but it just doesn't operate at every level. I don't think we'd ever go down that path. We have on-premise tools that have been here a long time. We've built processes around reporting. Vulnerability scanning is an example. We run Nessus on-premise, and we wouldn't displace Nessus with, say, a Twistlock Defender to do host-level scanning in the cloud, because we'd have a disparate tool set for cloud versus on-premise for no reason. I don't ever see Prisma Cloud being the single solution for all these security features, even if they can support them.

It's important that it integrate with other tools. We talked earlier about a single dashboard. A lot of those dashboards are aggregating data from other tools. One thing that has been important to us is feeding data to Splunk. We have a SIEM solution. So I would always envision Prisma Cloud as being a participant in an ecosystem.

In summary, I actually hate most security products because they're very siloed and you have mixed-vendor experiences. I don't think they take a big-picture view. I've been really pleasantly surprised with how Prisma Cloud is, over time, covering more and more of the topics I care about, and listening to customer feedback and growing the product in the right directions. For the most part, it does what they say it will do. The vendor support has also been good. I would definitely give the vendor an eight out of 10 because they've been great in understanding and providing solutions in the space, and because of the reliability and the responsiveness. They've been very open to our input as customers. They take it very seriously and we've taken advantage of that and developed a good relationship with them.

When it comes to the solution itself, I would give the compute solution an eight. But I don't think I would give the Prisma Cloud piece an eight. So overall, I would rate the solution as a seven because the compute is stronger than the other piece, what used to be RedLock.

I would also emphasize that what I think is a strong roadmap for the product and that Palo Alto is really interested in customer feedback. They do seem to incorporate it. That may be our unique experience because our use cases just happen to align with what Palo wants to do, but I think they're heading in the right direction.

Early on in a solution's life cycle or problem space, it's more important to have that responsiveness than it is even to have the fullest of solutions. The fact that we came across this vendor, one that not only mostly covered what we needed when we were first looking for it three years ago, but that has also been as responsive as they have to grow the solution, has been really positive.

My main experience with Prisma Cloud is with AWS. We have a huge AWS environment, and we are trying to manage its security with Prisma Cloud. 

We have about 7,000 assets of different customers. We are managing the security posture. Prisma Cloud is the product that we have to manage the security posture for different companies. They are e-commerce companies that do online shopping, payment companies, banks, and even online bakeries and cloth stores. Prisma Cloud is a very good product. We have never seen a breach. I have never come across a situation where Prisma Cloud caused data leakage.

We mainly use AWS, but we also have some of our workloads in Azure. Prisma Cloud is a multi-cloud solution. So far, I have not seen any other solution capable of doing all the jobs that we do in Prisma Cloud.

With respect to the AWS cloud, we can achieve whatever we want in terms of automation most of the time. I have not come across a scenario where I am not able to automate any security-related feature for AWS with Prisma Cloud.

Prisma Cloud helps to take a preventative approach to cloud security. It is about 97% there. It is very good for cloud security posture management. It is also good in terms of prevention.

Prisma Cloud was deployed before I joined the company, but within six months, I was able to see the ability of Prisma Cloud. Compared to the old solution that I was using in my previous company, it has more capabilities and more features. It has less than 1% false positives. It is a very nice product.

As it was already implemented when I joined, I only tried to use all of its features or enhance the features wherever I could. I have never come across a breach situation, but if there is a breach, it will provide immediate remediation or at least give us the information. If you have configured it properly, it alerts you that this breach is happening, and this could be a possible cause and a possible solution. In my experience so far, it has been quite comprehensive.

Palo Alto DSPM is one of the best features because we have customers across different domains. For data classification, it is a very nice product. It also has some customization capabilities where you can define your categories and categorize the data according to that. It is one of the top-rated solutions.

Palo Alto DSPM can help discover data that exists outside of your official IT systems, but I do not have experience with that. Based on the documentation and what people discuss on different forums, it is capable.

Palo Alto DSPM provides automated discovery of new data assets as they onboard. When we onboard a new customer or their new AWS environment, it helps a lot in discovering. This automated process is very nice. We are able to discover them as soon as possible. It is quite easy to discover and classify. We are more comfortable now.

Palo Alto DSPM provides us with a prioritized list of all the data security posture issues in our environment. We can categorize and prioritize what needs to be done. We can see what kind of alerts should be prioritized and what data we can prioritize to monitor. 

Prisma Cloud has good insights. You can have graphs and very good statistics. To present the statistics, it has very good reports. The representation within the reports is very nice. It takes you to the core of the things. You can get the statistics at a very granular level.

Prisma Cloud is one of the best products. We renew annually because it seems that we cannot survive without it.

We have integrated Prisma Cloud with our SOC operations. It is a Cloud Security Posture solution that can be integrated with multiple SOC standards or SOC solutions or products.

Prisma Cloud provides the visibility and control we need, regardless of how complex or distributed our cloud environments become. Otherwise, we would not continue with the solution. Our chief security officer and others find it to be one of the best solutions.

It is not very easy to deploy, but once you learn it and deploy it properly, it provides a very granular level view of your entire security environment. You can do a lot of customization. You can monitor. You can remediate. You can automate a lot of processes.

Prisma Cloud has reduced a lot of our manual work and a lot of our time from having to go into different environments and looking into them. We do not have to use different products for different purposes. That is why Palo Alto Prisma Cloud is one of the best solutions. We can have everything within one solution. It has helped us with cloud security posture management. We mostly work with AWS. We have time savings, and we have productivity improvements. We have moved towards a rapid remediation or an automation of remediation. We have moved towards more effective alerts related to any kind of vulnerability. That has helped a lot. We can report them to our management and our teams, and we can also communicate the same to our customers. That is where Prisma Cloud has an edge.

Prisma Cloud has saved us money. Previously, we were using multiple products. We were using one product to check the encryption and multiple products to maintain a security posture and capture vulnerabilities or issues with our CI/CD pipelines. The company was using four or five products. We are now able to get all those functionalities in Prisma Cloud, so the license cost of the products we were using previously is gone. Prisma Cloud initially seemed expensive to us, but when we started utilizing it, we were able to save the cost of other products that were giving us just a slice of the pizza but not the entire pizza. Prisma Cloud has helped us reduce costs, and there is also efficiency. The cost management team knows exactly how much we have saved, but as per the 2023 report, we have had about 37% savings from not having to spend on multiple products. We were able to achieve the same things with Prisma Cloud.

Through Prisma Cloud, we can write Lambda functions, configure policies to check the security posture, and get reports. We can do a lot more. That is my main expertise, and that is one of the advantages of Prisma Cloud. For example, we have almost 7,000 AWS assets. If I want to check how many of my S3s have encryption, I can write a Lambda function in Prisma Cloud and get that report. Things like this are helpful in understanding where we lack security and where we can improve it.

Prisma Cloud is very comprehensive, but there should be better support for the customization of the reports. If Palo Alto can have more customized reports available or give an option to the users to customize the reports, that would be great.

As Palo Alto is developing Prisma Cloud, they can provide more graphical visibility. That would help organizations like ours where we have to generate multiple reports and share them not only with the technical people but also with the management of customers. The reports should be as per the requirement of non-technical people.

I have been using Palo Alto Prisma Cloud for almost four years.

We are renewing its license because we are getting a lot out of it.

It supports multi-cloud environments. It is already scalable. It has very good features such as discovery.

We are a multinational company spread across the globe. I am in the UAE. Some people are connecting from the US, and some are connecting from the UK. All of them are working within their domain. The cost optimization team is within the US. In the technical team, eight members are from the UAE. A couple of them are from India and the US as well. Our customer base is mostly in the US, UK, and some of the European regions. We have very few from the UAE.

Their support is very good. If we have anything to discuss or want to learn something that has been added, we engage the support.

I would rate them a nine out of ten because whenever there are issues, they are able to resolve them within the timelines and SLAs.

Positive

Prisma Cloud was already deployed when I got into this company.

In my previous company, we were using a Cloud Security Posture Management solution from a smaller US company. I do not know if they are still using that or not. I do not remember the name, but we were getting a lot of false positives and things like that. We even gave this feedback to them.

I was not involved in its deployment. It was already deployed when I got here.

It does not require any maintenance from our side.

Prisma Cloud is no doubt one of the best solutions in the market. Among cloud security or cloud-based posture solutions, Prisma Cloud is one of the best.

We are getting what we want, so I would rate Prisma Cloud a nine out of ten.

I work with various modules, including CSCM, CWP, Code Security, and NS.

We use the solution for day-to-day activities, from onboarding accounts to deploying Defender to creating rules to monitoring incidents. It's used for alerts and monitoring of what happens on the workloads. 

Our customers use the solution to try to meet their compliance standards, and for audit purposes. It helps create policies. SmartCloud itself has around 2,000 policies. It can cover compliance standards around banking, for example, around workloads and data. It helps align with governing bodies' compliance standards. We can create custom policies and anyone can create workloads.

There are many modules that have various capabilities. We can look at the misconfiguration of cloud resources, for example. They can help with compliance as well. We get notified and get data alerts and this is automated. However, we can manage items manually as well. 

It's good for monitoring your environment for AWS.

For visibility, we can create one service account.

Regarding the assets, regarding the alerts, we get all the data. It's great for our cloud security posture and management.

It's cloud-native and is used in major cloud environments. With it, we can monitor clouds like AWS, DPP, Azure, Alibaba, and Oracle. This is important. Many customers work with various key cloud providers. They often have their resources across different cloud providers and all resources must be protected and monitored. With this product, we can monitor all the things even if they are on different clouds - and it can be done on one platform. 

The most valuable aspect of the solution is the computing part.

Prisma Cloud makes it easy to host virtual machines and cluster environments like container Kubernetes. It does this while providing a single dashboard, from which we can monitor all of the workloads and perform vulnerability scanning.

It's very good at helping us take a preventative approach to security. Many bans are using it as a cloud security tool based on the level of prevention they offer. 

It supports the multi-cloud environment beautifully. If there is any kind of anomaly, it helps alert you to it. If there are malware or brute force attack attempts, it will report that. We can both monitor and audit the system. They have their own out-of-the-box configurations or we can customize them to create our own monitoring and auditing policies. 

The solution provides us with data sessions to help gain visibility of workloads in various regions. For example, if there is a workload created just in the US region, we can see that. It will give an overview also. It supports all kinds of workloads, from host protection to Kubernetes and container environments. It even provides support for the Oracle Kubernetes environment.

It ensures that nothing impacts operations. It will block vulnerabilities or implement fixes. 

The solution provides the visibility and control you need regardless of how complex or distributed your cloud environments become. It's very easy to see the entire security posture from every angle - region, data, compliance, et cetera.

We can integrate it into our CI/CD pipelines into existing DevOps processes. We can integrate via APIs or code. When a developer is in the code and integrating, if there's a vulnerability present, or a misconfiguration, it will scan and provide data. With Terraform templates, we can create a lot of instances. With one Terraform code, we can create hundreds of instances. 

The solution helps developers go to very specific locations, to exact areas, at which point they can perform fixes. 

Overall, it provides us with a single tool to protect all of our cloud resources and applications. It's got the best features for web applications and ETL security.  By enabling data, we can monitor whatever is deployed on the cluster or on the IT environment. It provides risk clarity across the entire pipeline. For example, the vulnerability explorer gives you a view of the top critical vulnerabilities. That way, developers can see what the priorities are for what needs fixing. 

It reduces runtime alerts. They provide us with a runtime alert console. It's also reduced alert investigation time. By clicking right on the investigation, we get all the data, including the source IP and any kind of suspicious detail in the workload. We can quickly go ahead and block IP as necessary.

We're able to directly integrate alerting to tools like QRadar.

The solution has helped our customers save money. They don't have to go ahead and hire individual experts for different areas like AWS and Azure. Having everything separate can be hectic and expensive. This is centralized. YOu don't need different teams. With its user-friendly interface, you only need one or two resources to monitor the whole cloud environment.  

Prisma Cloud introduced some new permissions so we have to go and manually add that permission. It is a little bit hectic. If someone onboards single accounts they have to go through each account in that IIM role, and they have to manually add that permission. It's a manual job that takes time. It would be ideal if there was some sort of automation involved.

In scanning, it does not provide runtime protection. 

The licensing could be better. You need to deploy an agent and it would be more convenient if it was agentless, which should be possible. With agents, you are consuming the same amount of credit, yet it does not provide the same amount of features. The automation needs to be improved and included in terms of AWS onboarding. For Azure, it's good, however, with AWS it requires manual intervention. 

Sometimes we do get false alerts. That should be improved. 

I've used the solution for around one year.

The solution is stable. There is occasionally some downtime.

The solution has been scalable. 

Technical support is strong. They have different levels of support, critical, high, medium, and low. For issues rated as a high priority, they provide assistance within one to two hours. Lower priorities may take 24 hours. 

Positive

I did work with a different product previously. Often, other solutions do not have as much visibility. AWS native services, for example, are not able to monitor the workload or data of Azure. You'd need another product for that. Similarly, Defender will only monitor an Azure environment. I have not worked with something that moved across clouds like this solution does. 

I've helped deploy the solution for five to six clients. 

In the early stages, it's a bit complex to set up due to the fact that it's new and we need to train. We need to give users a session and a POC or demo. So the complexity comes from the training and onboarding, not necessarily from the product itself.

Typically, we can deploy it in one week, and deploying it to any cloud environment would take one to two hours. After onboarding the new cloud environment, we need to create rules and integrate the ticketing tool. That might take two weeks also. There's a dependency with the cloud team in that sense, since, if you are going to integrate anything you need to schedule a call. If Defender is included, we need to deploy it manually. We'd also decide what is being automated. 

The solution does require some maintenance. On the portal, it would show whenever some maintenance is needed or if they are updating their versions. There may be maintenance downtime. The maintenance is provided by Palo Alto itself. We'd notify the customer if they need to be prepared for some downtime. 

Customers have witnessed a good ROI based on the ability to create and customize multiple policies. It helps them meet compliance and auditing requirements. 

I don't know the exact cost; that's handled by another team. However, my understanding is that the cost is based on consumption. 

It takes a little bit of time to create time to value for the solution. A new customer might not have any idea of a cloud's capability. Some people need training and this might be on a quarterly or monthly basis to get the customer up to speed. Once they are more knowledgeable about the solution, they can utilize its capabilities more fully.

I'd recommend the solution. It's comprehensive for securing the entire cloud-native development life cycle across the build, deploy, and run. It not only provides security protection in the runtime environment - it also covers CI/CD. We can integrate Azure DevOps or any kind of solution like Jenkins. 

For new customers, I'd recommend they take on a demo or POC. They can get a one-month license and try it out. Customers can coordinate with partners and see how it would work in their environment. If a customer has a multi-cloud environment, this is a good choice. 

I'd rate the solution nine out of ten. 

We use Prisma Cloud by Palo Alto Networks for architecture and design.

We found Prisma Cloud by Palo Alto Networks very important in solving architecture and design problems within the company, and it improved our company because it showed us different ways of doing things and gave us a better understanding of an architectural entity.

Prisma Cloud by Palo Alto Networks has helped our company progress.

From the time of deployment, it took a few months for our company to realize the benefits of the solution.

Prisma Cloud by Palo Alto Networks is a valuable solution. It is useful as it provides some security on multi and hybrid cloud environments, which is very important to my company.

Prisma Cloud by Palo Alto Networks is also a comprehensive solution that helps protect the full cloud-native stack and helps us secure the entire cloud-native development, which is another reason it is useful for the company.

The solution also has good security automation capabilities and is useful for helping my company take a preventive approach to cloud security.

It provides the visibility and control we need, and it helps a lot in giving us confidence in our security and compliance postures.

Prisma Cloud by Palo Alto Networks also enabled the company to integrate security into our (CI/CD) pipeline.

We also found how seamless Prisma Cloud by Palo Alto Networks touchpoints are to our DevOps processes, and we find them very helpful.

The solution even serves as a single tool to protect my company's cloud resources. It does not affect our operations.

Prisma Cloud by Palo Alto Networks provides risk clarity at the runtime and across the entire pipeline. It shows us the issues, and the developers can correct them without affecting our operations.

The solution also helped in reducing runtime alerts very quickly. It also reduced our alert investigation time because it's all automated.

We had some teething issues with Prisma Cloud by Palo Alto Networks, but overall, it did what we expected. It has some areas for improvement, but I cannot remember exactly off the top of my head.

I've worked with Prisma Cloud by Palo Alto Networks for four years.

I found Prisma Cloud by Palo Alto Networks stable. I'm impressed by its stability. I cannot recall any downtime with the solution. I rate it as eight out of ten, stability-wise.

I found Prisma Cloud by Palo Alto Networks scalable, and it's an eight out of ten for me, scalability-wise.

The technical support for Prisma Cloud by Palo Alto Networks was very good. I would rate its technical support eight out of ten.

Positive

Prisma Cloud by Palo Alto Networks is what my company has. It's the solution my company wants to use.

I was involved in the deployment of Prisma Cloud by Palo Alto Networks, and I found its initial setup straightforward. It took a few months to deploy the solution.

Our team deployed the solution.

Prisma Cloud by Palo Alto Networks has helped the company save some money. Cost-wise, it's okay.

I advise others who may want to implement Prisma Cloud by Palo Alto Networks to check it in a test environment first to ensure it does what they expect.

My rating for Prisma Cloud by Palo Alto Networks, overall, is eight out of ten.

Previously, we were primarily using Amazon Web Services in a product division. We initially deployed RedLock (Prisma Cloud) as a PoC for that product division. Because it is a large organization, we knew that there were Azure and GCP for other cloud workloads. So, we needed a multi-cloud solution. In my current role, we are primarily running GCP, but we do have some presence in Amazon Web Services as well. So, in both those use cases, the multi-cloud functionality was a big requirement.

We are on the latest version of Prisma Cloud.

It is very important that Prisma Cloud provides security spanning multi-cloud environments, where you have Amazon, Azure, and GCP multiple cloud environments. Being able to centralize all those assets, have visibility, and set some policies and rules within one dashboard when you have multiple cloud accounts is a big advantage.

The comprehensiveness of Prisma Cloud for securing the entire cloud-native development lifecycle was shown when Palo Alto bought Twistlock and integrated in some of the container security pieces, particularly for containers, Docker, and Kubernetes, and building in the Prismic Cloud Compute tab. Having that functionality from Twistlock more focused on Docker and containers filled in some of the space where the original Prisma RedLock piece was a little more focused on just the API, e.g., passive scanning. The integration of Twistlock into Prisma Cloud Compute definitely expanded this functionality into the container and Docker space, which is a big growth area in the cloud as well.

Prisma Cloud has enabled us to take a very strong preventive approach to cloud security. One of the hardest things with cloud is getting visibility into workloads. With Prisma Cloud, you can go in and get that visibility, then set up policies to alert on risky behavior, e.g., if there are security groups or firewall ports open up. So, it is very helpful in preventing configuration errors in the cloud by having visibility. If there are issues, then you can find them and fix them. 

Educates and trains cloud operators on how to better design their different cloud and infrastructure deployments. Prisma Cloud has very good remediation steps built in. So, if you do find an issue, they will give you steps on, "Here is how you go into the Console and make this change to close out this issue, preventing this in the future." So, it is a strong tool for the prevention and protection of the cloud, in general.

We have gone in and done some tuning to remove alerts that were false positives. That reduced some of the alerts. Then, as our team has gone in and fixed issues, we have seen from the metrics and tracking of Prisma Cloud that alerts have been reduced.

The compliance tabs were helpful just to have visibility into the assets as well as the asset management tabs. In the cloud, everything is very dynamic and ephemeral. So, being able to see dynamic asset inventory for what we have in cloud environments was a huge plus. Just to have that visibility in a dashboard instead of having to dump things into a spreadsheet, e.g., you are trying to do asset inventory and spreadsheets, then five minutes later it changes cause the cloud is dynamic. So, the asset inventory and compliance tabs are strong. 

When the cloud team makes a change that may introduce some risk, then we get alerts.

We pretty heavily used the Resource Query Language (RQL) and the investigate tab to find what instances and cloud resources are externally facing and might be higher risk, looking for particular patterns in the resources. 

Prisma Cloud provides the following in a single pane of glass within a dashboard: Cloud Security Posture Management, Cloud Workload Protection, Cloud Network Security, and Cloud Infrastructure Entitlement Management. It is particularly challenging, especially in a multi-cloud environment, where you would have to log into your Google Cloud, then look for your infrastructure and alerting within Google. In addition, you have to switch over to Amazon and log into an AWS Console to do some work with Amazon. Having that central visibility across multiple cloud environments is definitely important when you have different sources and different dashboards for the cloud, which will still be separate, but you still have some centralization within that dashboard.

The solution’s security automation capabilities are definitely good. We use some of the automation within the alerting, where if Prisma Cloud detected a change and there was a certain threshold, e.g., if it was above a medium or a high risk issue, then we would send off an alert that would go to our infrastructure team/Slack channel, creating a Jira ticket. The automation with Slack and Jira have been very good feature points. 

The Prisma Cloud tool identifies for the security team the resource in the cloud that is the offender, such as, the context, the resource in the cloud, what is the cloud account, and the cloud environment that the resource is in. Then, there is always very good context on remediation, e.g., how do we go in and fix that issue? Do we either go through automation or log into the Cloud Console to do some remediation? The alerts include the context that is needed as well as the risk ranking and severity, whether it is a high, medium, or low issue.

The Prisma Cloud Console always has good remediation steps, whether it is going into the Console, updating a Cloud Formation, or Terraform scripts. The remediation guidance is always very helpful from Prisma Cloud.

Some of the usability within the Compute functionality needs improvement. I think when Palo Alto added on the Twistlock functionality, they added a Compute tab on the left side of the navigation. Some of the navigation is just a little dense. There is a lot of navigation where there is a tab and dropdowns. So, just improving some of the navigation where there is just a very dense amount of buttons and drop-down menus, that is probably the only thing, which comes from having a lot of features. Because there are a lot of buttons, just navigating around the platform can be a little challenging for new users.

They could improve a little bit of the navigation, where I have to kind of look through a lot of the different menus and dropdowns. Part of this just comes from it having so many awesome features. However, the navigation can sometimes be a little bit like, "I can't remember where the tab was," so I have to click and search around. This is not a big negative point, but it is definitely an area for improvement.

I started using this solution when it was still called RedLock. Before Palo Alto bought RedLock, I used RedLock for about a year and then for another year or two once Palo Alto bought them, rebranding them as Prisma Cloud. So, I have been using it for about three or four years.

It is very stable and solid. We haven't really had any issues with the dashboard. The availability is there. The ability to log in and get near real-time data on our cloud environment is very good. Overall, the stability and accessibility has been good.

We use it pretty much daily, several days a week. We are licensed for 200 workloads in Prisma Cloud.

We are definitely still working on maturing some of our operations. We have a pretty small infrastructure team; just two engineers who are focused on infrastructure. We are trying to automate as much as we can, and Prisma Cloud supports most of that. There are still some cases where you have to log into the Console and do some clicking around. However, for the most part, we are trying to automate as much as we can to scale those operations with a very small infrastructure and security team.

Their customer and technical support is very good. They helped us on scoping, getting an estimate for how many workloads and resources that we had. Their support team helped us through some issues on the configuration in the API on the Defender side. We had a couple questions that came up and the customer success and support engineers were very responsive and helpful. 

The sales team was really good. We leveraged some of our relationships, working extensively with some of the leadership at Palo Alto in Unit 42 on their threat team. The sales team gave us a pretty good deal right before the end of the year, last year. So, we were able to get a good discount, so we were able to get the purchase done. Overall, it was a good experience.

This was a new implementation for our company.

Deploying the baseline for Prisma Cloud, its API configuration, was straightforward. To set up the API roles and hook in the API connectivity, we were able to do that within a couple of hours. The Prisma Cloud piece at the API level was very quick. The Defender agents were a bit more complicated because we had to deploy the Compute Defender agents into our containers, Docker, and Kubernetes. That was a little more complex, because we were deploying, not just connecting an API. We were deploying agents within our environment. So, the API side was very simple and fast. The Defender side was a bit more complicated.

We are still working on expanding and deploying some more Defender agents. The API piece was deployed within about a week, which was very fast. On the Defender side, with the infrastructure team's input, it took us several weeks to get the Defender agents deployed.

When we deployed Prisma Cloud, we established some baselines for security and our infrastructure team for what was running in the cloud. They were using some automation and scripting. They thought everything was okay with the script: We just run a script and it deploys this server and infrastructure in the cloud. What we found was that there were some misconfigurations. They had a default script that was opening up some ports that were not needed. So, we worked with the infrastructure team, went back, and said, "Okay, these ports were uncovered with our Prisma Cloud scanning. Is there a business use? Is there any valid reason for these ports to be open?" The team said, "No we don't really need these ports." It was just a default that we need to deploy in Google or AWS. It was just a default that was added in. So, we worked with them to go back and change some of their defaults, then change some of their scripts. Now, in future cases, when they deploy the Terraform script, it would make sure that those ports are automatically closed.

We purchased directly from Palo Alto. We didn't use a system integrator. We purchased directly from them and went through their support team. I have a good relationship with the sales and customer success team at Palo Alto just from past relationships. So, we did a direct purchase.

We will eventually see return on investment just out of the automation and the ability to scale the platform up.

We have reduced alert investigation times by approximately a couple hours a week.

The pricing is good. They gave us some good discounts right at the end of the year based on the value that it brings, visibility, and the ability to build in cloud, compliance, and security within one dashboard. 

We did look at a couple other vendors who do similar cloud workload protections. Based on the relationships that we have with Palo Alto, we knew that Palo Alto was kind of the leader in this space. We had hands-on experience with the tool and Palo Alto was also a customer of ours. So, we had some strong relationships and Palo Alto was the leader. 

We did some demos with different tools that were not as comprehensive. We had some tools that we looked at which just focused more on the container side and some that focused more on the cloud API layer. Since Prisma Cloud has unified some of these different pieces into one platform, we ultimately decided that Prisma Cloud was going to be the best solution for us.

It is a good tool. Work with your stakeholders and cloud teams to implement Prisma Cloud within as many environments as you can to get that rich amount of data, then come up with a strong strategy for integrations and alerting. Prisma Cloud has a lot of integrations out-of-the-box, like ServiceNow, Jira, and Slack. Understand what your business teams need as well as what your engineering and developers need. Try to work on the integrations that allow for the maximum amount of integration and automation within a cloud environment. So, work with your business teams to come up with a plan for how to implement it in your cloud, then how to best integrate the tooling and alerting.

While Prisma Cloud does have the ability to do auto-remediation, which is a part of their automation, we didn't turn any of that on now because those features have a tendency to sometimes break things. For example, it will automatically shut down a security group or server that can sometimes have an impact into availability. So, we don't use any of the auto-remediation features, but we do have automation setup with Jira and Slack to create tickets and events for our ticketing and infrastructure teams/Slack channels.

We definitely want to continue to explore and build-in some of the Shift Left principles, getting the tool into our dev cycles earlier. We do have some plans to expand more on the dev side. I am hiring an AppSec engineer who will be focused more on the development and AppSec side. That is something that is in our roadmap. It has just been something that we have been trying to work on and get into our backlog of a lot of projects.

I would rate this solution as a nine out of 10.