What is your primary use case for Prisma Cloud by Palo Alto Networks?

Our customers' primary use case involves utilizing Prisma for various security purposes, such as application, cloud, and container security. I also employ the solution in different environments, including the European, Middle Eastern, and African regions.

I was working with a partner of Palo Alto Networks until around two months ago. I mainly worked with Prisma Cloud in the delivery line of products for projects for clients. For example, we deployed the tool for lifecycle protection for a client in Colombia. I worked with Cloud Security Posture Management (CSPM), cloud workload protection, and the new data security module. About two years ago, for a banking client, we inserted the cloud-native firewall into Prisma Cloud.

We are mainly using Prisma Cloud for Cloud Security Posture Management (CSPM) and for following the compliance standards as per the industry. Another use case is to get the runtime workload protection. We are using the WAAS, CWP, application security, and CSPM modules. We are not using the DSPM module because it is not available for the India tenant.

I have mostly used the CSPM and CWP side of things. For one of our clients, we used the self-hosted version that we had deployed on IBM Cloud and the SaaS version hosted by Prisma itself. For the CWP side, we used it for securing applications of our clients, doing the runtime checks, and servicing the runtime events and plug-in vulnerabilities. For the CSPM side, the use case was more heavily for compliance on the cloud. We had Google and AWS environments.

I have onboarded AWS environment accounts for some clients and some online hosted repositories on third-party platforms. We currently have four modules. We have Application Security, Runtime Security, and Cloud Security. The latest one is Data Security, but I have only been using the other three modules.

Prisma Cloud is the amalgamation of multiple products. The main component was acquired from Twistlock. The main use case is to perform cloud security posture assessments of your cloud workload. You can connect multiple cloud providers to Prisma Cloud and review the security configurations. The two Prisma modules I use are cloud security posture management and cloud workload protection. The compute part of Prisma Cloud Cloud can also be deployed on-prem. It's mainly for an on-premise environment. You can deploy a standalone host to protect or review the configurations if you have a Kubernetes Docker host.

We use Prisma Cloud to check for vulnerabilities and handle integration with the Azure Cloud.

I primarily use the solution to uncover misconfiguration and for cloud code security. We can find gaps that hackers might access in order to steal data. It can trigger alerts and show you everything.

Currently, we use Prisma Cloud by Palo Alto Networks in my company for our clients who operate in the finance and banking teams and want data, network security, and posture management for the cloud infrastructure.

We wanted to use Prisma Cloud as a CSPM. The company needed a single pane of glass to monitor our AWS and Azure environments and see where we were in terms of configuration drift, vulnerabilities, etc. We're pretty AWS-heavy, so we wanted to see where we stood among all our AWS accounts. We wanted to keep an eye on all that, have a one-stop job, and maybe even offload some of our work. The company wanted to integrate with our Splunk instance to pair our SIEM logs with the CSPM. Most of it was for compliance tracking and vulnerability. We tested everything out. We were building our own standards, but we also needed to adhere to IRS Publication 1075. They had that natively in their tool, but we could custom-build it.

Our enterprise customers tend to use it for compliance.

We are an integrator. We are providing the services to a partner of Palo Alto. We are using Prisma Access, Cortex XDR, and Cortex Data Lake. We are using two kinds of services for security: one is Zscaler and the other one is Prisma Access. For Internet security, we are using Zscaler, and for SaaS applications security, we are using Prisma Access. By implementing Prisma Access, we wanted to secure the traffic for SaaS applications such as Office 365. We had SaaS application traffic that was already bypassed, but because it was UDP traffic, it was still going to the Internet. There were some internal customer applications over the cloud, and we wanted to secure the content of those applications over the cloud. That is why we are using Prisma Access.

Our environment consisted of a cloud-native stack, including Kubernetes, OpenStack, and OpenShift, running alongside additional virtualizations. This hybrid setup required securing both the cloud-native components and the virtualized instances. To address this challenge, we implemented a comprehensive CI/CD pipeline with cloud security in mind. Following vendor code pushes to our environment, we use rigorous scanning and verification procedures to ensure the code's safety before onboarding. Once onboarded, Prisma Cloud provides continuous posture management and security monitoring. Our current Prisma Cloud deployment utilizes the Registry Scan, Runtime Protection, CI/CD Integration, and Vulnerability Management modules. While we have opted for the Complete Edition, it does not include Posture Management, a feature frequently inquired about by our customers. Currently, Posture Management is only available in the SaaS model, and we are utilizing the on-premise edition, also known as the Complete Version. We are a system integrator for the telecom sector. Clients utilizing cloud-native environments often face challenges in scanning and securing their containerized solutions and clusters. Prisma Cloud offers a comprehensive solution, providing end-to-end protection for these clients.

We use it to manage multiple AWS accounts within our platform. Our primary focus is on ensuring compliance across all accounts, aligning with specific standards such as GDPR. We conduct regular certifications of AWS accounts to assess the compliance of services and promptly address any non-compliance issues. In cases where services are found to be non-compliant, we notify the responsible teams and work collaboratively to remediate the identified alerts. In addition to code security, we also use Prisma Cloud to protect our workloads, including serverless functions and containers. This comprehensive approach ensures a robust security posture for our cloud infrastructure and applications. It serves as a comprehensive solution for both proactive vulnerability management and reactive runtime threat detection. We manage this tool through a designated management account, handling all configurations within a limited account. At times, we find it necessary to customize scripts, such as when we encounter challenges with integrating Splunk. In this instance, the events are not being formatted as desired. To address this, we aim to create a script and Lambda functions to ensure the events are in the preferred format. It enhances our ability to respond effectively, allowing us to prioritize and focus on resolving any real or potential issues impacting system performance.

We utilize the entire Prisma Cloud suite for container security, API security, and CASB. Our primary focus is on the financial services industry, including banking and insurance. We implemented Prisma Cloud mostly for compliance to protect against vulnerabilities and weaknesses.

We have deployed Prisma Cloud for one of our client premises. And we are managing it internally. Although we do have support and other stuff for this solution, it has two kinds of modes. One is the detect and protect mode, and one is only for the monitoring purpose. There's different licensing. If you need protection from Prisma Cloud, then you will purchase a firewall kind of module with that. Otherwise, by default, it comes in monitoring mode. It's deployed on all VMs and workloads. With the Prisma Cloud, you can have it on a cloud server or you can deploy it as a stand-alone. That said, the container should be persistent. Otherwise, if you restart the container, you will lose your configuration and everything. We were doing a deployment for a telecom client, and they have two different application pipelines. One was based in India with the Oracle team. They were developing their own application, so we have also incurred it to the Prisma Cloud in their CI/CD pipeline. The second use case was to monitor the OpenShift environment. The solution was basically bare metal. Then on top of that, there was OpenStack. It's an on-prem cloud service. We have deployed the Prisma Cloud solution, so it was on top of an open stack.

My company provides solutions for Cisco customers and helps them secure their cloud environments. Most of our clients are adapting to the cloud, and we're trying to resolve vulnerabilities in their configurations. I use all of the Prisma Cloud modules but have expertise in the CSPM and CWP modules. We work with SMEs but also have some enterprise clients.

We use Prisma Cloud Data Security for security compliance and detection. We implemented Prisma Cloud because it eliminates the need for hardware appliances, thereby reducing our on-premises footprint.

The solution is integrated with cloud environments such as Azure, Alibaba, and Oracle. After integrating, we do check the network logs, including what are the config logs or configuration issues clients are facing. We see what their cloud requirements are. There are email use cases specific to the modules, and we do have visibility over the entire cloud environment. We handle vulnerability management and can block according to the rules and policies. We can manage identities as well, right down to a particular machine.

Prisma Cloud by Palo Alto Networks is a comprehensive cloud security platform that encompasses vulnerability management, container management, Kubernetes management, and serverless management. It utilizes modules, such as Cloud Workload Protection, to provide comprehensive cloud security. Before deploying any applications, Prisma Cloud performs cloud scans to identify and address vulnerabilities, minimizing potential threats. The solution provides visibility into our cloud environment, enabling us to effectively manage and monitor our infrastructure. This capability is particularly valuable in the financial industry, where hybrid multi-cloud environments are prevalent. We use all the modules Prisma Cloud offers.

We use Palo Alto to secure our network. We are using the PA-820 firewall and all of the Prisma Cloud modules. It helps reduce our vulnerability to hacking and any malicious attacks on the network. With that appliance, we can minimize those things and control what goes in and out

We use Prisma Cloud by Palo Alto Networks to scan the Kubernetes cluster. We use Prisma Cloud's threat detection module.

Financial companies want to restrict user access, which means the users need to go through a subnet to access their services. When the user connects to the internet via the Prisma Cloud VPN, they can use different types of IP addresses globally. The changing IP addresses can be pretty complex. It costs a lot for the application site to apply for access. We negotiated with Palo Alto to get 20 servers, and the customers will be added to those 20 subnets. On the Spectrum Access side, we only need a white list of those twenty subnets, and we won't have issues in the future. The solution is managed by Palo Alto. We're using Panorama, a popular management tool, for managing the connection between the physical portal, firewall, and VPN, as well as Prisma Cloud.

We were using it for remediation. I was working on a client's project on behalf of our company, and they had multiple subscriptions. They were using not only Azure but also AWS. Rather than managing remediation and governance separately through different clouds, it was proposed to use Prisma Cloud as a single place for remediation of everything.

We are a Palo Alto Alliance partner and our clients are Fortune 500 companies. We utilize a multi-cloud network architecture, with the primary constraint being the inability to manage everything through a single interface. By implementing uniform guardrails, we address the issue of inconsistent security policies when using native cloud security controls. This is one of the key considerations. Additionally, we employ micro-segmentation using cloud network security modules of Prisma Cloud to minimize the attack surface for various workloads. The primary use case that was lacking was a single pane of glass. Additionally, prior to implementing Prisma Cloud, we used to manually perform these tasks using AWS CloudFormation Templates or Azure Resource Manager Templates. However, Prisma Cloud helped us address this issue by providing a unified administration interface. One of the problems we faced was the inability to view vulnerabilities across different cloud workloads and compare risks across different platforms. These were the challenges we encountered before deploying Prisma Cloud. While we didn't completely solve all of them after implementing Prisma Cloud, we did make significant progress in that regard.

We utilize all the modules of Prisma Cloud by Palo Alto Networks, and it is fully integrated into the host control manager on GitHub. We employ this solution to achieve complete visibility from the moment we write our ISE to the actual management of the cloud environment. This approach offers a clear view of our security posture, and the container security component provides valuable insights to assist us in our architectural process. Our security team is the primary user of the solution, followed by SREs and developers.

We use the solution for three areas, CSPM, CWPP, and Cloud Security. We use Prisma Cloud by Palo Alto Networks mostly for CSPM. CSPM helps us identify and fix misconfigurations in our cloud environment. This can help us prevent security breaches and improve our overall cloud security posture. Prisma Cloud also provides CWPP. CWPP helps us protect our cloud workloads from malware, ransomware, and other threats. This can help us keep our data safe and secure. Prisma's Cloud security is something we are still working on. The solution is deployed as SaaS.

I generally use Prisma Cloud to dive deeper into any security findings generated by Prisma. It's also a good way to get a complete inventory of all our cloud assets spread across different cloud platforms.

When we migrated our workloads from the on-prem to the cloud, we used Prisma Cloud to tell us whether our workloads were PCI compliant.

We use the Bridgecrew, IaC, and CSPM domains.

I use it for testing and visibility.

Our primary use case for this solution is for CWP, CSPM, and scanning for run time. We also use it for monitoring mode and pipeline integration.

We use Prisma Cloud by Palo Alto Networks for our cloud security posture management.

I was managing Prisma Cloud for a client. They were scanning container images for vulnerabilities and remediation.

We use the solution to monitor and manage our various cloud environments, providing complete visibility in a single platform. We also use it for configuration, network, and anomaly monitoring. On the compute side, that's for containers and Kubernetes, so we know when changes are made and whether those changes are approved or within our required security controls. The platform has yet to become part of our CICD pipeline; we mostly use it as a security tool for monitoring and remediation. Regarding modules, we use the CSP and the compute module.

I'm using the main module of Prisma Cloud, which manages security at scale in cloud environments.

We use it for visibility, compliance, and governance. It is the official CSPM solution for our bank. The only module we are using is the compliance module.

We use this solution to detect misconfigurations in the cloud. It's a multi-cloud solution, so if you're running a multi-cloud environment like Azure, AWS, and GCP, you only need to deploy a single solution. It assists with improving the security posture of an organization. I use CSPM and CWPP. The previous organization I worked for used both, but the company I work for now only uses CSPM. I've also worked with code security. We recently acquired this solution, so it has slowly started gaining momentum in my organization.

I work for a monetary provider and handle around five customers. We mostly use Prisma Cloud for CSPN, but we have a banking customer using CWPP. Apart from those two use cases, the other customers are not interested in Prisma Cloud's other functionalities because they're green and already have other solutions with partners that they say are more mature. We have not implemented them in the customers' production environment, but we have toyed around with proofs of concept.

We had Azure, AWS, and a little bit of GCP, so we gave Prisma read access to all those accounts, subscriptions, etc., and monitored the alerts to mitigate risks based on what popped up in the dashboard. While it's not our only tool, Prisma is managing about 80 percent. We still occasionally go into cloud-native tools to ensure certain compliance standards are being met. Sometimes, urgent issues need to be fixed that haven't been reported in Prisma because the native tools will catch them first. As a third-party solution, Prisma might take a little longer to build a report directory. We had around 30 to 40 users who were a mix of cloud and DevOps engineers. There were also members of the security team who made decisions about what kind of security policies we had to follow. We used it extensively within the public cloud across all our Azure, AWS, and GCP subscriptions and projects. There was interest in using it on-premises with our vSphere environment as well. I don't know if that ever happened.

We are a system integrator. My organization has a cloud practice, and we focus on cloud security. Predominantly, Prisma Cloud is used to identify misconfigurations in the cloud. We have been using Prisma Cloud for two specific customers on Azure Cloud. It is quite a new organization, and we currently have two customers, but in my previous organization, we had about eight customers. We predominantly focus only on the cloud. We don't work with hybrid models. MultiCloud is there, but we haven't worked on MultiCloud as of now. This specific region is more into Azure Cloud. Azure has a data center over here. Therefore, the adoption of AWS or Google is not high in this region. For data compliance, customers want to stick to a cloud vendor that has a data center in this region.

We are using the solution to manage vulnerabilities in containers. We use it to detect vulnerabilities and remediate vulnerabilities found in containers running in the public cloud, like AWS. We are using the latest version.

We use it for compliance management and policy detection, especially for hybrid clouds.

We use Prisma Cloud in several ways and there are a lot of use cases. The first way that we use it is for inventory. It keeps a near real-time inventory of virtual compute storage and services. Second, we use it for monitoring and alerting of misconfigurations or other items of security significance. Next is compliance. We use it to monitor compliance with the centers for internet security (CIS) benchmarks.

We primarily use Prisma Cloud as a cloud security posture management (CSPM) module. Prisma Cloud is designed to catch vulnerabilities at the config level and capture everything on a cloud workload, so we mainly use it to identify any posture management issues that we are having in our cloud workloads. We also use it as an enterprise antivirus solution, so it's a kind of endpoint security solution. Our setup is hybrid. We use SaaS also. We mostly work in AWS but we have customers who work with GCP and Azure as well. About 60 percent of our customers use AWS, 30 percent use Azure, and the remaining 10 percent are on GCP. Prisma Cloud covers the full scope. And for XDR, we have an info technology solution that we use for the Gulf cloud. So we have the EDF solution rolled out to approximately around 500 instances right now. Prisma Cloud is used heavily in our all production teams. Some might not be directly using the product since our team is the service owner and we manage Prisma. Our team has around 10 members teams, and they are the primary users. From an engineering aspect, there are another 10 team members who use it basically. Those are the actual people who work hands-on with Prisma Cloud. Aside from that, there are some product teams that use Prisma indirectly. If we detect something wrong with their products, we take care of it, but I don't think they have an active account on Prisma Cloud.

We had an internal debate regarding our firewall solution for the cloud. Initially we had a vendor that suggested we could build a whole environment using the Azure firewall, but we had requirements for Zero Trust architecture. We are essentially like a bank. We were planning to host some PCI services in the cloud and we were planning to create all the zones. When we looked at the feature set of Azure, we were not able to find Layer 7 visibility, which we had on our firewalls, and that is where the debate started. We thought it was better to go with a solution that gives us that level of visibility. Our team was comfortable with Palo Alto as a data center firewall, so we went for Prisma Cloud.

When we did a POC, we realized that this product was able to give us insights into how consumers or services are activated. We could tell if, in certain cases, there was any kind of manual issues such as a misconfiguration. The solution is used to help us to reconfigure items and figure out what reconfiguration needs to be done, et cetera. Our target was to enhance the security portion of our AWS cloud.

When we started using this tool, the name was Twistlock, it was not Prisma Cloud. We had a container team responsible for modernizing our environment and they created an on-prem solution using Red Hat OpenShift. They started using Twistlock as a way to manage the security of this on-prem environment. My team, which was the security team, inherited the ownership of the tool to manage all the security problems that it was raising. When we started using containers on the cloud, our cloud provider was Azure. We also started migrating our security solutions for the cloud, but that was at the end of my time with the company, so I didn't participate much in this cloud process. We were also sending the logs and alerts to Splunk Cloud. We were managing all the alerts generated by policies and vulnerabilities and the threats from the web. That way, we had a pipeline system sending these alerts to a central location where our investigation team would look at them. So we used the system to manage both cloud and on-prem and connect them.

Previously, we were primarily using Amazon Web Services in a product division. We initially deployed RedLock (Prisma Cloud) as a PoC for that product division. Because it is a large organization, we knew that there were Azure and GCP for other cloud workloads. So, we needed a multi-cloud solution. In my current role, we are primarily running GCP, but we do have some presence in Amazon Web Services as well. So, in both those use cases, the multi-cloud functionality was a big requirement. We are on the latest version of Prisma Cloud.

There are three pieces to our use case. For the container piece, which used to be Twistlock, we use static scan to scan our artifact repositories and we use that data to remediate issues and provide it back to developers. We also do runtime monitoring on our orchestrators, which are primarily Kubernetes, but some DC/OS as well. Right now, it's all on-premises, although we'll be moving that to the cloud in the future. And we use what used to be RedLock, before it was incorporated into the solution.

Primarily, we are attempting to secure our public cloud security posture through compliance and vulnerability scanning.

We have a very large public cloud estate. We have nearly 300 public cloud accounts, with almost a million things deployed. It's pretty much impossible to track all of the security and the compliance issues using anything that would remotely be considered homegrown—scripts, or something that isn't fully automated and supported. We don't have the time, or necessarily even the desire, to build these things ourselves. So we use it to track compliance across all of the various accounts and to manage remediation. We also have 393 applications in the cloud, all of which are part of various suites, which means there are at least 393 teams or groups of people who need to be held accountable for what they have deployed and what they wish to do. It's such a large undertaking that automating it is the only option. To bring it all together, we use it to ensure that we can measure and track and identify the remediation of all of our public cloud issues.

Primarily the intent was to have a better understanding of our cloud security posture. My remit is to understand how well our existing estate in cloud marries up to the industry benchmarks, such as CIS or NIST, or even AWS's version of security controls and benchmarks. When a stack is provisioned in a cloud environment, whether in AWS or Azure or Google Cloud, I can get an appreciation of how well the configuration is in alignment with those standards. And if it's out of alignment, I can effectively task those who are accountable for resources in clouds to actually remediate any identifiable vulnerabilities.

Our use case for the solution is monitoring our cloud configurations for security. That use case, itself, is huge. We use the tool to monitor security configuration of our AWS and Azure clouds. Security configurations can include storage, networking, IAM, and monitoring of malicious traffic that it detects. We have about 50 users and most of them use it to review their own resources.

We are using it for monitoring our cloud environment and detecting misconfigurations in our hosted accounts in AWS or Azure.

I was looking for one tool which, as a WAF, could provide me with information regarding applications and with features where I can oversee things. We use the solution's ability to filter alerts by levels of security and it helps our teams understand which situations are the most critical. Based on the priorities that I get for my product, I can filter the notices the team needs to work on, to those that require immediate attention. That means it's easier for me to categorize and understand things exactly, on a single dashboard. I can see, at one point in time, that these are my 20 applications that are running. Out of them, I can see, for example, the five major vulnerabilities that I have — and it shows my risk tolerance — so I know that these five are above my risk tolerance. I know these need immediate attention and I can assign them to the team to be worked on immediately.

In terms of our use cases, we are a telecom firm and we work a lot with telecom firms around the world, and so we have a lot of solutions other than Twistlock. We have applications, we have consumer-based solutions that we run on a daily basis, and heavily regulatory processes as well. We found it's better that we move our core application than our user systems on container because they're quick, they're effective, easy to deploy, and easy to maintain. But because of the sanctions, heavily regulated security is a very core part of the entire environment, and thus we had to go ahead and look for a solution that would help automate that security part and because it was almost impossible to go about doing that manually.

We use cloud solutions generally for client demos of products.

We primarily use the solution to create a cluster or scenario, for runtime management on containers.

The primary use case for this solution was to run the rule set for the CIS 20 framework and HIPAA compliance.

Our primary use case for this solution is for container security and monitoring.