Cloud Security Engineer (Team lead) at a tech services company with 201-500 employees
Real User
Top 20
2024-09-23T12:00:00Z
Sep 23, 2024
For Prisma Cloud, I have already raised some requests, which are in progress. I am hoping they will be implemented soon. One of the requests is that Prisma Defender for the ECS solution is only supported for Linux. It does not support Windows. For a runtime incident, it only has the option to archive. After validating the incident, the team members should have the option to add some comments and then archive. We should be able to add comments saying, "It is a false positive." or "This is the action we have taken." We have requested a few more improvements. The Palo Alto team is working on them.
Cloud Native Application Protection Platform Specialist at Proton Technologies
Real User
Top 20
2024-09-23T11:58:00Z
Sep 23, 2024
While you can find everything, sometimes, it is a bit difficult. I have always had a little bit of an issue or struggle using the Resource Query Language that we can use to look through and find different things. I wish it was a little bit easier. It might be just my failings in that regard, but it can be a little bit difficult to find everything. You can find everything, but it is difficult sometimes. If there is a way for auto Defender upgrades, that would be great. They started to implement it, but I do not know if they have done it yet. Having auto Defender upgrades so that we do not have to upgrade Defender manually would be helpful. If there is a way to push the upgrades from the console, that would be one way to improve it. I had created a couple of other requests for improvements, but I do not remember them at this point in time. I know that was one of them.
Technical Engineer at a tech services company with 1,001-5,000 employees
Real User
Top 20
2024-09-04T15:41:00Z
Sep 4, 2024
I recently onboarded some of the repositories, and for that, the issues were categorized into four types. The view was not very easy to understand. The Application Security dashboard was not as user-friendly as the Cloud Security dashboard. The Application Security dashboard can be improved in terms of UI. The categories provided should be helpful for the ones who are using it for the first time. Other than this, I do not have any areas for improvement. I am a new user. I entered the domain of cloud security only six months ago. Before that, I was in a different domain. As of now, I see Prisma Cloud as an excellent tool.
These tools have a set of signatures or rules that will alert you whenever something meets the criteria. In the future, they might include some machine learning or AI feature that allows you to ask questions about the context of the alert, and it will provide you answers based on the data that they have. Most vendors are doing it, and I believe they will do it in the future. The reporting bar could also use AI to add context based on the environment.
Admin / Engineer at a tech services company with 51-200 employees
MSP
Top 20
2024-07-30T10:05:00Z
Jul 30, 2024
The cloud integration is too complex. It should be simple to integrate Prisma Cloud with any cloud environment. Policy management could also be simpler.
We only use the solution for misconfigurations. There may be other features that are lacking, however, we don't use the full scope of the product. Technical support could use some improvement.
Learn what your peers think about Prisma Cloud by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
Technology Specialist - Cloud Security at a tech services company with 11-50 employees
Real User
Top 10
2024-06-26T08:17:00Z
Jun 26, 2024
The tool's UI is an area with certain shortcomings where improvements are required. With the cloud protection and UI, the tool should have the option to download the data for the vulnerabilities. One should have the option to download detailed data about vulnerabilities in the host. The tool should have a guide or a knowledge base document. The tool should specifically provide a guide about the solution's UI, which can be helpful for clients. Sometimes, it does provide an error, or I can say that when we integrate our infrastructure cloud with Prisma Cloud, we face some issues. Most of the time, the integration issues are not due to Prisma Cloud but from the client side. The tool's support team needs to improve.
Runecast gave us more visibility into VMware's private cloud. We have more environments there, but Prisma's lack of visibility into the private cloud was a downside—there weren't many.
Network and Security Engineer at a security firm with 11-50 employees
Real User
Top 5
2024-04-03T06:53:00Z
Apr 3, 2024
Prisma Access is good. Its security is good. Everything is good, but the way the dashboard responds can be improved. It takes time to implement a policy. If you change only 2 or 3 lines and push the policy to make the change work, it takes 20 to 30 minutes even for a small change. That is something very irritating from the implementation perspective. The response time of the dashboard for configuring things needs to be improved. It should be quick. Its implementation is also a bit complex.
Principal Consultant at a computer software company with 1,001-5,000 employees
Consultant
Top 20
2024-02-02T13:33:00Z
Feb 2, 2024
Prisma Cloud's Complete edition is not a complete suit. Only the SaaS version includes posture management and IDE integration. The visibility on the SIEM needs to be streamlined so we can get the data without any issues.
While the code security feature has undergone recent enhancements, there is room for improvement in terms of its cost module. Presently, the pricing structure poses a challenge in convincing our customers to adopt this tool, especially since code security is a critical area of interest for many. At times, we find certain features missing. In these instances, we engage with our support team, requesting them to submit feature requests on our behalf. Our clients have expressed a need for scanning application vulnerabilities on Windows servers, a feature currently available only for Linux.
The regional cost of Prisma Cloud in South Africa is high and could be improved. Since it is marketed based on a dollar base, it is primarily an enterprise product and may not be affordable for smaller organizations. As a software development company looking to secure our cloud-hosted APIs before publishing them, we believe that Palo Alto might overstate its capabilities. We have identified competitive products in the market that offer better protection throughout the software development lifecycle. From a developer's perspective, especially for organizations like banks developing their applications, ensuring API security before deploying them to the cloud is crucial. While Palo Alto claims to excel in this area, we believe that other specialized products may offer a more comprehensive solution.
Security consultant at a computer software company with 1,001-5,000 employees
Real User
Top 20
2023-11-28T12:21:00Z
Nov 28, 2023
One single drawback is that updates are not directly based on push notifications. There is a lot of software that gets updated automatically. Since this is a security product, this product should be automatically updated. Right now, it must be manually updated. I should be able to focus on vulnerabilities and security, not updating. Delays can be very costly. Even with a minute delay in updating, if an attack is successful, when you have this corrupted million-dollar product, it's useless to you then. That's why updates should be automatically done. It doesn't patch your products; it only provides insights into vulnerabilities. It's merely a value-added service for your overall security posture. They are missing some compatibility details in their documentation. If I am choosing a product, the first thing I look at before recommending it to my organization, is the documentation, including how it is organized, if their documentation is informative, what information they are providing, et cetera. Prisma Cloud has one issue within its documentation, and that is that it does not provide exact details of every single plugin. I was very concerned about which version of Prisma Cloud was compatible with which version of the solutions we had in our CI/CD pipeline. They need to be more clear.
I have some challenges customizing and personalizing some of the capabilities in the CSPM in terms of new policies and services. We have to reconfigure and rebuild the CSPM.
Cloud Security Engineer at eSec Forte® Technologies
Real User
Top 20
2023-11-03T10:58:00Z
Nov 3, 2023
When there are updates, whether daily, weekly, or monthly, it needs configuration or permission adjustments. There is no automation for that, which is too bad.
Cloud Security Engineer at eSec Forte® Technologies
Real User
Top 20
2023-10-30T17:01:00Z
Oct 30, 2023
We are encountering issues with the new permissions required for AWS integration with Prisma. Specifically, we need a mechanism to automatically identify and integrate the missing configuration permissions that are introduced on a biweekly or monthly basis. We have requested the Palo Alto team to develop this automation, and we are eagerly awaiting its implementation. We appreciate the efforts of the engineering team for their contributions.
During deployment, we created a tunnel from the cloud to our gateway in the data center because the users need some way to connect with the resources there, but all other traffic goes directly to the Palo Alto cloud. When the traffic goes to the Internet, sometimes it will come up with different IPs, causing some financial websites to be blocked. We needed to work with Palo Alto closely to solve this problem. Sometimes, when you assign subnets to regions, the IP address will jump from one location to another because it will automatically change substantially. Then, we need to add those IP subnets to our firewall for existing access. The need to update those subnets potentially causes maintenance or access issues. So far, we can only provide bigger customers with six subnets, and a small company may not be able to access those services.
Technical Architect at a tech services company with 1,001-5,000 employees
Real User
Top 20
2023-07-14T17:20:00Z
Jul 14, 2023
The first time I looked at Prisma Cloud, it took me a while to understand how to implement the integration and how to enable features by using the interface for integration. That portion can probably be improved. I have not looked at the latest version. I used the version that was available three months back. It is portal-based, and they might have changed it in the last three months, but at that time, integration was a bit tricky. Even though documentation was available, it took a while for a new person to understand what integration meant, what will be achieved after the integration, or how the integration needed to be done on the Azure or AWS side. That was a bit challenging initially.
Sr. Cloud Security Architect at tejain@deloitte.com
Real User
Top 5
2023-06-29T17:48:00Z
Jun 29, 2023
There is room for improvement on the logging and monitoring front because it's still not as holistic as I would want it to be. Especially in the sense that we have different modules within Prisma Cloud, but then the visibility that we get from the output of each of these modules cannot be stitched together. Perhaps we could deploy something like a SIEM or SOAR platform to get this telemetry. As of now, we are lacking that part. So now I'm sure that was not the primary intent for that. It would really make a difference if Palo Alto Networks improves this. The identity-based micro-segmentation in our cloud-native services requires a significant improvement. It fails to address many of the problems that its predecessor used to solve. Previously, there was identity-based micro-segmentation, but it was phased out, reaching its end-of-life and end-of-support. Now, we have cloud network security, which lacks a crucial feature that IBM used to offer. This is something we strongly desire, as we have had multiple discussions with Palo Alto regarding this matter. I am uncertain if there is a roadmap for implementing this feature, but the cloud network security module requires a substantial upgrade.
Security Specialist at a tech services company with 11-50 employees
Real User
Top 20
2023-05-25T13:13:00Z
May 25, 2023
The data container component can be improved since it lacks intuitiveness. Therefore, we need to thoroughly comprehend the tool in order to utilize it effectively. The number of cloud providers in terms of data security needs improvement. The solution does not currently support servers for GCP.
Network Security Consultant at a manufacturing company with 10,001+ employees
Real User
Top 10
2023-05-11T06:10:00Z
May 11, 2023
Prisma covers all the CNCF areas. However, they are not the best in all of them. For example, their identity controls are not the best. They have modules for identity controls, but they are not the best in the market. The same is valid for data security. AWS and Azure have better native data security than Prisma. Individual modules, other than CSPM and CWPP, could be improved. The security automation capabilities are average. They have a semi-automated remediation policy, but many tools on the market can automatically remediate based on the resource and desired outcome we need. Therefore, I think the automation of alerts could be improved. The visibility of the reporting data for CI/CD can be improved in our console to make the output visible to management and developers.
Solutions Architect at a tech services company with 501-1,000 employees
MSP
Top 20
2023-05-01T13:19:00Z
May 1, 2023
The information presented in the UI sometimes doesn't look intuitive enough. For instance, if I want to look at all the resources that are affected by a certain finding, sometimes it's not easy to locate how to look at all those resources in one place. But that's just a UI quirk. However, API-wise, Prisma Cloud is pretty good for locating what you're looking to find.
Consultant at a manufacturing company with 10,001+ employees
Consultant
Top 20
2023-02-17T22:31:00Z
Feb 17, 2023
I now extensively use cloud security posture management. There needs to be a mechanism that allows me to manually configure compliance more easily. Currently, it requires programming knowledge, so if someone without hardware programming knowledge could customize certain features to their requirements, it would be very helpful.
Senior Engineer at a tech services company with 11-50 employees
Real User
Top 20
2023-01-16T18:59:00Z
Jan 16, 2023
Prisma is good about compliance, and their support is excellent, but they struggle with automation and integration. They need to stay on top of the newest types of connectors. How can you connect other applications and other tools in order for this to work cohesively? That's a challenge.
Senior Security Engineer at a manufacturing company with 501-1,000 employees
Real User
Top 20
2023-01-16T17:25:00Z
Jan 16, 2023
The UI could use some improvement; we usually find the information we're looking for, but what fields can be clicked on and what workflow to follow to get the required information is not always evident. Sometimes we're all over the place, clicking around to drill in and uncover the alert and investigation details we're looking for.
Cloud Security Consultant at a retailer with 10,001+ employees
Real User
Top 20
2023-01-10T00:00:00Z
Jan 10, 2023
There are a couple of things that can be enhanced. The first is the coverage that Prisma offers. Today, there are hundreds of built-in policies for AWS and Azure, but GCP and Oracle are not covered as much as AWS. There is a lot of work to do on that part. There is, obviously, a tiny bit of favoritism towards AWS because it has the most market share. It's logical, but the other cloud providers are not as well covered as AWS. The second issue is the alerting process. Today, it does monitor the resources—and I'm only speaking on the CSPM side of things. Prisma Cloud scans the environment and checks if there are misconfigurations, but it lacks context. There is a real lack when it comes to taking into consideration how the application was designed. For example, you can have an application that is deployed with an open S3 bucket, which is one of the most basic services in AWS. Prisma will tell you that there is a high-severity alert because, with that bucket, there is a possibility of having your data extracted. But sometimes, the data inside those buckets is actually public. So, the process lacks some intelligence.
Cloud Security Engineer at a financial services firm with 501-1,000 employees
MSP
Top 20
2022-11-30T00:09:00Z
Nov 30, 2022
One definite area for improvement is the auto-remediation or the CWP area. The second one is the RQL language. It is still not very flexible and does not cover a lot of use cases. The RQL language could be dramatically improved to add more options. The cloud is adding more and more complexity in terms of number of services or the number of options for each service, especially when it comes to security options like encryption at rest and encryption in transit. And there is the issue of the interlinking of these services. One cloud service uses another cloud service, like CloudFront in front of a load balancer. These interactions are creating numerous new combinations and the RQL language really needs enhancement to handle those queries. We ourselves have put in a lot of enhancement requests to Palo Alto, looking at these corner cases, so they can look into those and improve them.
Software Security Analyst at a energy/utilities company with 10,001+ employees
Real User
2021-03-15T20:48:00Z
Mar 15, 2021
One problem was identifying Azure Kubernetes Services. We had many teams creating Kubernetes systems without any security whatsoever. It was hard for us to identify Kubernetes because the Prisma Cloud could not identify them. From what I heard from Palo Alto at the time, they were building a new feature to identify those. It was an issue they were already trying to fix. In addition, when it comes to access for developers, I would like to have more granular settings. For example, in our company we didn't want to display hosts' vulnerabilities to developers, because the infrastructure or containers team was responsible for host vulnerabilities or the containers. The developers were only responsible for the top application layer. We didn't want to provide that data to the developers because A) we thought it was sensitive data and B) because it was data that didn't belong to developers. We didn't want to share it, but I remember having this problem when it came to the granularity of granting permissions. They need to make the settings more flexible to fit our internal policies about data. We didn't want developers to see some data, but we wanted them to have access to the console because it was going to help them. One possibility was to develop our own solution for this, using the API. But that would add complexity. The console was clean and beautiful. It has the radar where you can see all the containers. But we just didn't want to show some data. It was a pain to have to set up the access to some languages and some data. Another thing that was a pain was that in our on-prem environment there was a tool that sometimes generated a temporary container, to be used just for a build, and Prisma would raise some compliance issues for this container that would die shortly. It was hard to suppress these kinds of alerts because it was hard to find a standard or a rule that would fit this scenario. The tool was able manage the whole CI/CD pipeline, including the build as well—even these containers that were temporary for a build—but sometimes it would raise too much unnecessary data. Also, one of the things that it's hard to understand sometimes is how to fix an issue. We managed to do so by testing things ourselves because we are developers. But a little bit of explanation about how to fix something would help. It was more showing what the problem was than it did about how to fix it.
Some of the usability within the Compute functionality needs improvement. I think when Palo Alto added on the Twistlock functionality, they added a Compute tab on the left side of the navigation. Some of the navigation is just a little dense. There is a lot of navigation where there is a tab and dropdowns. So, just improving some of the navigation where there is just a very dense amount of buttons and drop-down menus, that is probably the only thing, which comes from having a lot of features. Because there are a lot of buttons, just navigating around the platform can be a little challenging for new users. They could improve a little bit of the navigation, where I have to kind of look through a lot of the different menus and dropdowns. Part of this just comes from it having so many awesome features. However, the navigation can sometimes be a little bit like, "I can't remember where the tab was," so I have to click and search around. This is not a big negative point, but it is definitely an area for improvement.
The IMD feature could be improved, but Palo Alto is working on that. It's a relatively new module that attempts to identify unnecessary permissions. Prisma Cloud is a platform that adds new modules whenever Palo Alto acquires a company or develops a new solution. The development team is trying to add new features. It also has Click Code Security for infrastructure security, but it doesn't add much value unless your DevOps team is really junior. While Prisma provides a lot of visibility, it also creates a ton of work. Most customers that implement Prisma Cloud have thousands of alerts that are urgent. It creates a high workload initially. Apart from that, it solves the problems you have. Palo Alto says that 99 percent of breaches come from misconfiguration. I have seen that first hand. I think the fewest alerts a customer had was around 100 still, but they used another tool for that, so that saves a lot.
Cloud DevOps Engineer at a tech services company with 51-200 employees
Real User
2022-08-18T23:39:00Z
Aug 18, 2022
It sometimes took Prisma a little while to build queries, so new services or features wouldn't appear. It wouldn't get flagged in Prisma for a bit. It would be helpful if they sped up how quickly they got their default notifications, queries, and alerts. The access controls for our bank roles were not granular enough. We needed specific people to do particular actions, and we often had to give some people way too much access for them to be able to do what they needed in Prisma. They couldn't do their jobs if they didn't have that level of access, so other people had to do that part for them. It would help to have more granular role-based access controls.
Cloud Presales & Solution Architect at a tech services company with 51-200 employees
MSP
2022-07-31T16:41:00Z
Jul 31, 2022
We identified two things that we felt would be great to have, but they are under NDA. So, I can't disclose them. Other than those two things, we identified a generic bug in the secret key management service on AWS that needs to be fixed. We reported it to them, and we want them to fix it. It is very good with predominant cloud vendors, such as AWS, Azure, and GCP, but I am not sure about its efficiency when it comes to other cloud vendors. They should expand its coverage to other cloud vendors such as Alibaba Cloud and Oracle Cloud, which are quite common in this region. I am not sure if they have a full-fledged Oracle Cloud controls evaluation. If they can improve it in terms of the MultiCloud aspect for the organization, it will be helpful, especially in this region.
Areas like the deployment of their defenders and their central control need manual intervention. They should focus more on automation. They have a very generic case for small companies. However, for bigger companies to work, we have to do a lot of changes to our system to accommodate it. Therefore, they should change their system or deployment models so it can be easy to integrate into existing architectures. Prisma Cloud has enabled us to integrate security into our CI/CD pipeline and add touchpoints into existing DevOps processes. It is not 100 percent seamless since we still need to do some manual interventions. Because the way that we have designed our CI/CD for Prisma Cloud, the integration was neither smooth nor was it 100 percent seamless.
Senior Principal Consultant Cloud/DevOps/ML/Kubernetes at Opticca
Real User
2021-12-29T19:39:00Z
Dec 29, 2021
There is some work to be done on preventive security policies. I would give the existing preventive approach a seven out of 10. I'm sure they will be doing something in this area. In terms of securing cloud-native development at build time, a lot of improvement is needed. Currently, it's more a runtime solution than a build-time solution. For runtime, I would rate it at seven out of 10, but for build-time there is a lot of work to be done. Another area for improvement is support for OPA (Open Policy Agent) rather than the proprietary language. Nowadays, people mix things, but you don't want to write a policy in different languages.
Director of Information Security Architecture at a financial services firm with 5,001-10,000 employees
Real User
2021-10-01T07:34:00Z
Oct 1, 2021
We would like to have the detections be more contemporaneous. For example, we've seen detections of an overprivileged user or whatever it might be in any of the hundreds of Prisma policies, where there are 50 minutes of latency between the event and the alert. We'd always want that to be as quick as possible, and this is going to be true for every customer. The billing function, with the credits and the by-workload-licensing and billing, is something that is a little wonky and can be improved.
Lead- Information Security Analyst at archan.fiem.it@gmail.com
Real User
2021-09-27T08:57:00Z
Sep 27, 2021
Prisma Cloud's dashboards should be customizable. That's very important. Other similar solutions are more elastic so you have the power to create customized dashboards. In Prisma Cloud, you cannot do that. Prisma also should allow users to fully automate the workflow of an identified set. Right now, it can give us a hint about what has happened and there is an option to remediate that, but for some reason, that doesn't work. Another pain point is integration with ticketing solutions. We need bidirectional integration of Prisma Cloud and our ticketing tool. Currently, we only have one-way integration. When an alert appears in Prisma Cloud, it shows up in our ticketing tool as well. But if someone closes that ticket in our ticketing tool, that alert doesn't resolve in Prisma Cloud. We have to do it manually each time, which is a waste of time. I am not sure how much Prisma Cloud protects against zero-day threats. Those kinds of threats really work in different kinds of patterns, like identify some kind of CBE, that kind of stuff. But considering the way it works for us, I don't think it'll be able to capture a zero-day threat if it is a vulnerability because Prisma Cloud actually doesn't capture vulnerability. It captures errors in posture management. That's a different thing. I don't know if there is any zero-day that Prisma can identify in AWS instantly. Probably, we can ask them to create a custom policy, but that generally takes time. We haven't seen that kind of scenario where we actually have to handle a zero-day threat with Prisma Cloud, because that gets covered mostly by Qualys.
Security Architect at a educational organization with 201-500 employees
Real User
2021-09-03T08:53:00Z
Sep 3, 2021
The only part that is actually tough for us is that we have a professional services resource from Palo Alto working with us on customization. One of the things that we are thinking about is that if we have similar requirements in the future, how can we get his capability in-house? The professional services person is a developer and he takes our requirements and writes the code for the APIs or whatever he needs to access. We will likely be looking for a resource for the Demisto platform. The automation also took us time, more than we thought it would take. We had some challenges because Demisto was a third-party product. Initially, the engineer who is with us thought that everything was possible, but later on, when he tried to do everything, he was not able to do some things. We had to change the strategy multiple times. But we have now reached a point where we are in a comfort zone and we have been able to achieve what we wanted to do. Also, getting new guys trained on using the solution requires some thought. If someone is already trained on Palo Alto then he's able to adapt quickly. But, if someone is coming from another platform such as Fortinet, or maybe he's from the system side, that is where we need some help. We need to find out if there is an online track or training that they can go to. Related to training is the fact that changes made in the solution are reflected directly in the production environment. As of now, we are not aware of any method for creating a demo environment where we can train new people. These are the challenges we have.
Consultant at a tech services company with 501-1,000 employees
Reseller
2021-06-05T11:18:37Z
Jun 5, 2021
The remediation part could be better. It should be able to automatically remediate on the basis of its artificial intelligence. If there are alerts, it should directly act and surround the malicious threat with a container or something. Instead of waiting on approval, it should immediately act. There should be no need for manual input when there is a threat on hand. The ability to scale is limited as it is a SAS product. The licensing is a bit confusing.
When it comes to protecting the full cloud-native stack, it has the right breadth. They're covering all the topics I would care about, like container, cloud configuration, and serverless. There's one gap. There could be a better set of features around identity management—native AWS—IAM roles, and service account management. The depth in each of those areas varies a little bit. While they may have the breadth, I think there's still work to do in flushing out each of those feature sets. My understanding of Palo Alto's offerings is that they have a solution that is IAM-focused. It's called Prisma Access. We have not looked at it, but I believe it's a separately-licensed offering that handles those IAM cases. I don't know whether they intend to include any IAM-type of functionality in the Prisma Cloud feature set or whether they will just say, "Go purchase this separate solution and then use them next to each other." Also, I don't think their SaaS offering is adoptable by large enterprises like ours, in every case. There are some limitations on having multiple consoles and on our ability to configure that SaaS offering. We would like to go SaaS, but it's not something we can do today. We have some capability to do network functions inside of Prisma Cloud. Being able to integrate that into the non-cloud pieces of the Palo Alto stack would be beneficial. The solution's security automation capabilities are mixed. We've done some API development and it's good that they have APIs, that's beneficial. But there is still a little disconnect between some of the legacy Twistlock APIs versus some of the RedLock APIs. In some cases the API functionality is not fully flushed out. An example of that is that we were looking at integrating Prisma Cloud scans into our GitHub. The goal was to scan GitHub repositories for CloudFormation and Terraform templates and send those to Prisma Cloud to assess for vulnerabilities and configuration. The APIs are a little bit on the beta-quality side. It sounds like newer versions that some of that is handled, but I think there's some room to grow. Also, our team did run into some discrepancies between what's available, API-wise, that you have to use SaaS to get to, versus the on-premise version. There isn't necessarily feature parity there, and that can be confusing.
Cloud Security Manager at a manufacturing company with 10,001+ employees
Real User
2020-12-10T05:29:00Z
Dec 10, 2020
The alignment of Twistlock Defender agents with image repositories needs improvement. These deployed agents have no way of differentiating between on-premise and cloud-based image repositories. If I deploy a Defender agent to secure an on-premise Kubernetes cluster, that agent also tries to scan my ECR image repositories on AWS. So, we have limited options for aligning those Defenders with the repositories that we want them to scan. It is scanning everything rather than giving us the ability to be real granular in choosing which agents can scan which repositories. This is our biggest pain point. There are little UI complexities that we work around through the API or exporting.
Based on my experience, the customization—especially the interface and some of the product identification components—is not as customizable as it could be. But it makes up for that with the fact that we can access the API and then build our own systems to read the data and then process and parse it and hand it to our teams. At that point, we realized, "Okay, we're not never going to have it fully customizable," because no team can expect a product, off-the-shelf, to fit itself to the needs of any organization. That's just impossible. So customization from our perspective comes through the API, and that's the best we can do because there is no other sensible way of doing it. The customization is exactly evident inside the API, because that's what you end up using. In terms of the product having room for improvement, I don't see any product being perfect, so I'm not worried about that aspect. The RedLock team is very responsive to our requirements when we do point out issues, and when we do point out stuff that we would like to see fixed, but the product direction itself is not a big concern for us.
Cloud Security Specialist at a financial services firm with 501-1,000 employees
Real User
2020-11-03T07:14:00Z
Nov 3, 2020
One scenario, in early days, was in trying to get a view on how you could segregate account access for role-based access controls. As a DevSecOps squad, you might have had five or six guys and girls who had access to the overall solution. If you wanted to hand that off to another team, like a software engineering team, or maybe just another cloud engineering team, there were concerns about sharing the whole dashboard, even if it was just read-only. But over the course of time, they've integrated that role-based access control so that users should only be able to view their own accounts and their own workloads, rather than all of the accounts. Another concern I had was the fact that you couldn't ingest the accounts into Prisma Cloud in an automated sense. You had to manually integrate them or onboard them. They have since driven out new features and capabilities, over the last 12 months, to cater for that. At an organizational level you can now plug that straight into Prisma Cloud, as and when new accounts are provisioned or created. Then, by default, the AWS account or the Azure account will actually be included, so you've got visibility straight away. The lack of those two features was a limitation as to how far I could actually push it out within the organization for it to be consumed. They've addressed those now, which is really useful. I can't think of anything else that's really causing any shortcomings. It's everything and more at the moment.
Sr. Security Operations Manager at a healthcare company with 5,001-10,000 employees
Real User
2020-10-26T09:04:00Z
Oct 26, 2020
The integration of the Compute function into the cloud monitoring function—because those are two different tools that are being combined together—could use some more work. It still feels a little bit disjointed. Also, the permissions modeling around the tool is improving, but is still a little bit rough. The concept of having roles that certain users have to switch between, rather than have a single login that gives them visibility into all of the different pieces, is a little bit confusing for my users. It can take some time out of our day to try to explain to them what they need to do to get to the information they need.
Sr. Information Security Manager at a healthcare company with 1,001-5,000 employees
Real User
2020-10-26T09:04:00Z
Oct 26, 2020
The challenge that Palo Alto and Prisma have is that, at times, the instructions in an event are a little bit dated and they're not usable. That doesn't apply to all the instructions, but there are times where, for example, the Microsoft or the Amazon side has made some changes and Palo Alto or Prisma was not aware of them. So as we try to remediate an alert in such a case, the instructions absolutely do not work. Then we open up a ticket and they'll reply, "Oh yeah, the API for so-and-so vendor changed and we'll have to work with them on that." That area could be done a little better. One additional feature I'd like to see is more of a focus on API security. API security is an area that is definitely growing, because almost every web application has tons of APIs connecting to other web applications with tons of APIs. That's a huge area and I'd love to see a little bit more growth in that area. For example, when it comes to the monitoring of APIs within the clouded environment, who has access to the APIs? How old are the APIs' keys? How often are those APIs accessed? That would be good to know because they could be APIs that are never really accessed and maybe we should get rid of them. Also, what roles are attached to those APIs? And where are they connected to which resources? An audit and inventory of the use of APIs would be helpful.
We would like it to have more features from the risk and compliance perspectives. On the governance side of it, we did want it, but the licensing costs for that are so high. As a result, I have to integrate this solution with a couple of additional tools. For example, suppose I wish to assign something to an organization or to another person. To do that I have to integrate it with something like JIRA or Confluence where I can ask them to provide the pieces of information. If the licensing costs were a little lower, I would have been able to assign it then and there. As it is, though, I need to assign it from one platform to another platform, one where the team of engineering people is working. I still need to go to multiple platforms to check if something was assigned, and I have to keep checking between the two platforms to see whether it's not done or not.
Senior Manager at a computer software company with 501-1,000 employees
Real User
2020-04-08T06:37:00Z
Apr 8, 2020
The feedback that we have given to the Palo Alto Networks team is that the UI can be improved. When you press the "back" button on your browser from the Investigate tab, the query that you're working on just disappears. It won't keep the query on the "back" button. Also, the way the policies are structured and the alerts are created could be better. It requires a lot of manual work to search through the policies when creating an alert. These are minute nuances. They are not major issues and are more about convenience than they are product bugs.
Manager - cybersecurity at a comms service provider with 10,001+ employees
Real User
2020-01-30T11:44:00Z
Jan 30, 2020
In terms of improvement, there are some small things like hardening and making sure the Linux resources are deployed well but that's more at an operational level. Day-to-day, we do find a lot of issues but having a tool to help us with them is what we want because manually, it's not feasible for us. Other than that, we not really looking for any other add-ons or plug-ins because that was our core problem.
Sr. Manager IT Operations at a tech vendor with 5,001-10,000 employees
Real User
2020-01-12T12:03:00Z
Jan 12, 2020
In our testing, we have found the Check Point product CloudGuard Dome9 to be more user-friendly at this point. Palo Alto Prisma's interface was not as user-friendly. Palo Alto should work on this part of its solution to be more competitive with ease-of-use. I do not feel Palo Alto is short of any features, but if we compare the two side-by-side, I think the user interface for Palo Alto needs to be improved to make it at least as good as Dome9.
DevOps Solutions Lead at SoftwareONE Deutschland GmbH
Consultant
2019-12-15T05:59:00Z
Dec 15, 2019
I'm not sure about areas for improvement on the solution, however, I do think the compliance and dashboarding could be better. The innovation side of the solution could be more efficient and more detailed.
Prisma Cloud by Palo Alto Networks is used for managing cloud security posture, container security, and compliance monitoring in multi-cloud environments.Prisma Cloud by Palo Alto Networks provides tools for vulnerability management, misconfiguration detection, and compliance with standards like HIPAA and CIS. It offers near real-time inventory and alerting, enhancing cloud configuration audits and security across AWS, Azure, and GCP. Its automated security features offer real-time protection...
For Prisma Cloud, I have already raised some requests, which are in progress. I am hoping they will be implemented soon. One of the requests is that Prisma Defender for the ECS solution is only supported for Linux. It does not support Windows. For a runtime incident, it only has the option to archive. After validating the incident, the team members should have the option to add some comments and then archive. We should be able to add comments saying, "It is a false positive." or "This is the action we have taken." We have requested a few more improvements. The Palo Alto team is working on them.
While you can find everything, sometimes, it is a bit difficult. I have always had a little bit of an issue or struggle using the Resource Query Language that we can use to look through and find different things. I wish it was a little bit easier. It might be just my failings in that regard, but it can be a little bit difficult to find everything. You can find everything, but it is difficult sometimes. If there is a way for auto Defender upgrades, that would be great. They started to implement it, but I do not know if they have done it yet. Having auto Defender upgrades so that we do not have to upgrade Defender manually would be helpful. If there is a way to push the upgrades from the console, that would be one way to improve it. I had created a couple of other requests for improvements, but I do not remember them at this point in time. I know that was one of them.
I recently onboarded some of the repositories, and for that, the issues were categorized into four types. The view was not very easy to understand. The Application Security dashboard was not as user-friendly as the Cloud Security dashboard. The Application Security dashboard can be improved in terms of UI. The categories provided should be helpful for the ones who are using it for the first time. Other than this, I do not have any areas for improvement. I am a new user. I entered the domain of cloud security only six months ago. Before that, I was in a different domain. As of now, I see Prisma Cloud as an excellent tool.
These tools have a set of signatures or rules that will alert you whenever something meets the criteria. In the future, they might include some machine learning or AI feature that allows you to ask questions about the context of the alert, and it will provide you answers based on the data that they have. Most vendors are doing it, and I believe they will do it in the future. The reporting bar could also use AI to add context based on the environment.
The cloud integration is too complex. It should be simple to integrate Prisma Cloud with any cloud environment. Policy management could also be simpler.
We only use the solution for misconfigurations. There may be other features that are lacking, however, we don't use the full scope of the product. Technical support could use some improvement.
The tool's UI is an area with certain shortcomings where improvements are required. With the cloud protection and UI, the tool should have the option to download the data for the vulnerabilities. One should have the option to download detailed data about vulnerabilities in the host. The tool should have a guide or a knowledge base document. The tool should specifically provide a guide about the solution's UI, which can be helpful for clients. Sometimes, it does provide an error, or I can say that when we integrate our infrastructure cloud with Prisma Cloud, we face some issues. Most of the time, the integration issues are not due to Prisma Cloud but from the client side. The tool's support team needs to improve.
Runecast gave us more visibility into VMware's private cloud. We have more environments there, but Prisma's lack of visibility into the private cloud was a downside—there weren't many.
They can improve the integrations into the SDLC lifecycle.
Prisma Access is good. Its security is good. Everything is good, but the way the dashboard responds can be improved. It takes time to implement a policy. If you change only 2 or 3 lines and push the policy to make the change work, it takes 20 to 30 minutes even for a small change. That is something very irritating from the implementation perspective. The response time of the dashboard for configuring things needs to be improved. It should be quick. Its implementation is also a bit complex.
Prisma Cloud's Complete edition is not a complete suit. Only the SaaS version includes posture management and IDE integration. The visibility on the SIEM needs to be streamlined so we can get the data without any issues.
While the code security feature has undergone recent enhancements, there is room for improvement in terms of its cost module. Presently, the pricing structure poses a challenge in convincing our customers to adopt this tool, especially since code security is a critical area of interest for many. At times, we find certain features missing. In these instances, we engage with our support team, requesting them to submit feature requests on our behalf. Our clients have expressed a need for scanning application vulnerabilities on Windows servers, a feature currently available only for Linux.
The regional cost of Prisma Cloud in South Africa is high and could be improved. Since it is marketed based on a dollar base, it is primarily an enterprise product and may not be affordable for smaller organizations. As a software development company looking to secure our cloud-hosted APIs before publishing them, we believe that Palo Alto might overstate its capabilities. We have identified competitive products in the market that offer better protection throughout the software development lifecycle. From a developer's perspective, especially for organizations like banks developing their applications, ensuring API security before deploying them to the cloud is crucial. While Palo Alto claims to excel in this area, we believe that other specialized products may offer a more comprehensive solution.
One single drawback is that updates are not directly based on push notifications. There is a lot of software that gets updated automatically. Since this is a security product, this product should be automatically updated. Right now, it must be manually updated. I should be able to focus on vulnerabilities and security, not updating. Delays can be very costly. Even with a minute delay in updating, if an attack is successful, when you have this corrupted million-dollar product, it's useless to you then. That's why updates should be automatically done. It doesn't patch your products; it only provides insights into vulnerabilities. It's merely a value-added service for your overall security posture. They are missing some compatibility details in their documentation. If I am choosing a product, the first thing I look at before recommending it to my organization, is the documentation, including how it is organized, if their documentation is informative, what information they are providing, et cetera. Prisma Cloud has one issue within its documentation, and that is that it does not provide exact details of every single plugin. I was very concerned about which version of Prisma Cloud was compatible with which version of the solutions we had in our CI/CD pipeline. They need to be more clear.
I have some challenges customizing and personalizing some of the capabilities in the CSPM in terms of new policies and services. We have to reconfigure and rebuild the CSPM.
The Palo Alto support needs to improve. Their response time is not good.
When there are updates, whether daily, weekly, or monthly, it needs configuration or permission adjustments. There is no automation for that, which is too bad.
We are encountering issues with the new permissions required for AWS integration with Prisma. Specifically, we need a mechanism to automatically identify and integrate the missing configuration permissions that are introduced on a biweekly or monthly basis. We have requested the Palo Alto team to develop this automation, and we are eagerly awaiting its implementation. We appreciate the efforts of the engineering team for their contributions.
The UI could be improved.
Prisma Cloud supports generating CSV files, but I would also like it to generate PDF files for reporting.
During deployment, we created a tunnel from the cloud to our gateway in the data center because the users need some way to connect with the resources there, but all other traffic goes directly to the Palo Alto cloud. When the traffic goes to the Internet, sometimes it will come up with different IPs, causing some financial websites to be blocked. We needed to work with Palo Alto closely to solve this problem. Sometimes, when you assign subnets to regions, the IP address will jump from one location to another because it will automatically change substantially. Then, we need to add those IP subnets to our firewall for existing access. The need to update those subnets potentially causes maintenance or access issues. So far, we can only provide bigger customers with six subnets, and a small company may not be able to access those services.
The first time I looked at Prisma Cloud, it took me a while to understand how to implement the integration and how to enable features by using the interface for integration. That portion can probably be improved. I have not looked at the latest version. I used the version that was available three months back. It is portal-based, and they might have changed it in the last three months, but at that time, integration was a bit tricky. Even though documentation was available, it took a while for a new person to understand what integration meant, what will be achieved after the integration, or how the integration needed to be done on the Azure or AWS side. That was a bit challenging initially.
There is room for improvement on the logging and monitoring front because it's still not as holistic as I would want it to be. Especially in the sense that we have different modules within Prisma Cloud, but then the visibility that we get from the output of each of these modules cannot be stitched together. Perhaps we could deploy something like a SIEM or SOAR platform to get this telemetry. As of now, we are lacking that part. So now I'm sure that was not the primary intent for that. It would really make a difference if Palo Alto Networks improves this. The identity-based micro-segmentation in our cloud-native services requires a significant improvement. It fails to address many of the problems that its predecessor used to solve. Previously, there was identity-based micro-segmentation, but it was phased out, reaching its end-of-life and end-of-support. Now, we have cloud network security, which lacks a crucial feature that IBM used to offer. This is something we strongly desire, as we have had multiple discussions with Palo Alto regarding this matter. I am uncertain if there is a roadmap for implementing this feature, but the cloud network security module requires a substantial upgrade.
The data container component can be improved since it lacks intuitiveness. Therefore, we need to thoroughly comprehend the tool in order to utilize it effectively. The number of cloud providers in terms of data security needs improvement. The solution does not currently support servers for GCP.
Prisma covers all the CNCF areas. However, they are not the best in all of them. For example, their identity controls are not the best. They have modules for identity controls, but they are not the best in the market. The same is valid for data security. AWS and Azure have better native data security than Prisma. Individual modules, other than CSPM and CWPP, could be improved. The security automation capabilities are average. They have a semi-automated remediation policy, but many tools on the market can automatically remediate based on the resource and desired outcome we need. Therefore, I think the automation of alerts could be improved. The visibility of the reporting data for CI/CD can be improved in our console to make the output visible to management and developers.
The information presented in the UI sometimes doesn't look intuitive enough. For instance, if I want to look at all the resources that are affected by a certain finding, sometimes it's not easy to locate how to look at all those resources in one place. But that's just a UI quirk. However, API-wise, Prisma Cloud is pretty good for locating what you're looking to find.
The user interface should be improved and made easier.
The reporting should be much more refined. They need to improve the API gateway.
They should improve user experience. It is complicated to integrate the solution with the public cloud provider.
I think Prisma Cloud could improve its preventive governance policy and CWP run time modules.
I now extensively use cloud security posture management. There needs to be a mechanism that allows me to manually configure compliance more easily. Currently, it requires programming knowledge, so if someone without hardware programming knowledge could customize certain features to their requirements, it would be very helpful.
Prisma is good about compliance, and their support is excellent, but they struggle with automation and integration. They need to stay on top of the newest types of connectors. How can you connect other applications and other tools in order for this to work cohesively? That's a challenge.
The UI could use some improvement; we usually find the information we're looking for, but what fields can be clicked on and what workflow to follow to get the required information is not always evident. Sometimes we're all over the place, clicking around to drill in and uncover the alert and investigation details we're looking for.
There are a couple of things that can be enhanced. The first is the coverage that Prisma offers. Today, there are hundreds of built-in policies for AWS and Azure, but GCP and Oracle are not covered as much as AWS. There is a lot of work to do on that part. There is, obviously, a tiny bit of favoritism towards AWS because it has the most market share. It's logical, but the other cloud providers are not as well covered as AWS. The second issue is the alerting process. Today, it does monitor the resources—and I'm only speaking on the CSPM side of things. Prisma Cloud scans the environment and checks if there are misconfigurations, but it lacks context. There is a real lack when it comes to taking into consideration how the application was designed. For example, you can have an application that is deployed with an open S3 bucket, which is one of the most basic services in AWS. Prisma will tell you that there is a high-severity alert because, with that bucket, there is a possibility of having your data extracted. But sometimes, the data inside those buckets is actually public. So, the process lacks some intelligence.
One definite area for improvement is the auto-remediation or the CWP area. The second one is the RQL language. It is still not very flexible and does not cover a lot of use cases. The RQL language could be dramatically improved to add more options. The cloud is adding more and more complexity in terms of number of services or the number of options for each service, especially when it comes to security options like encryption at rest and encryption in transit. And there is the issue of the interlinking of these services. One cloud service uses another cloud service, like CloudFront in front of a load balancer. These interactions are creating numerous new combinations and the RQL language really needs enhancement to handle those queries. We ourselves have put in a lot of enhancement requests to Palo Alto, looking at these corner cases, so they can look into those and improve them.
One problem was identifying Azure Kubernetes Services. We had many teams creating Kubernetes systems without any security whatsoever. It was hard for us to identify Kubernetes because the Prisma Cloud could not identify them. From what I heard from Palo Alto at the time, they were building a new feature to identify those. It was an issue they were already trying to fix. In addition, when it comes to access for developers, I would like to have more granular settings. For example, in our company we didn't want to display hosts' vulnerabilities to developers, because the infrastructure or containers team was responsible for host vulnerabilities or the containers. The developers were only responsible for the top application layer. We didn't want to provide that data to the developers because A) we thought it was sensitive data and B) because it was data that didn't belong to developers. We didn't want to share it, but I remember having this problem when it came to the granularity of granting permissions. They need to make the settings more flexible to fit our internal policies about data. We didn't want developers to see some data, but we wanted them to have access to the console because it was going to help them. One possibility was to develop our own solution for this, using the API. But that would add complexity. The console was clean and beautiful. It has the radar where you can see all the containers. But we just didn't want to show some data. It was a pain to have to set up the access to some languages and some data. Another thing that was a pain was that in our on-prem environment there was a tool that sometimes generated a temporary container, to be used just for a build, and Prisma would raise some compliance issues for this container that would die shortly. It was hard to suppress these kinds of alerts because it was hard to find a standard or a rule that would fit this scenario. The tool was able manage the whole CI/CD pipeline, including the build as well—even these containers that were temporary for a build—but sometimes it would raise too much unnecessary data. Also, one of the things that it's hard to understand sometimes is how to fix an issue. We managed to do so by testing things ourselves because we are developers. But a little bit of explanation about how to fix something would help. It was more showing what the problem was than it did about how to fix it.
Some of the usability within the Compute functionality needs improvement. I think when Palo Alto added on the Twistlock functionality, they added a Compute tab on the left side of the navigation. Some of the navigation is just a little dense. There is a lot of navigation where there is a tab and dropdowns. So, just improving some of the navigation where there is just a very dense amount of buttons and drop-down menus, that is probably the only thing, which comes from having a lot of features. Because there are a lot of buttons, just navigating around the platform can be a little challenging for new users. They could improve a little bit of the navigation, where I have to kind of look through a lot of the different menus and dropdowns. Part of this just comes from it having so many awesome features. However, the navigation can sometimes be a little bit like, "I can't remember where the tab was," so I have to click and search around. This is not a big negative point, but it is definitely an area for improvement.
This solution is more AWS and Azure-centric. It needs to be more specific on the GCP side, which they are working on.
The IMD feature could be improved, but Palo Alto is working on that. It's a relatively new module that attempts to identify unnecessary permissions. Prisma Cloud is a platform that adds new modules whenever Palo Alto acquires a company or develops a new solution. The development team is trying to add new features. It also has Click Code Security for infrastructure security, but it doesn't add much value unless your DevOps team is really junior. While Prisma provides a lot of visibility, it also creates a ton of work. Most customers that implement Prisma Cloud have thousands of alerts that are urgent. It creates a high workload initially. Apart from that, it solves the problems you have. Palo Alto says that 99 percent of breaches come from misconfiguration. I have seen that first hand. I think the fewest alerts a customer had was around 100 still, but they used another tool for that, so that saves a lot.
It sometimes took Prisma a little while to build queries, so new services or features wouldn't appear. It wouldn't get flagged in Prisma for a bit. It would be helpful if they sped up how quickly they got their default notifications, queries, and alerts. The access controls for our bank roles were not granular enough. We needed specific people to do particular actions, and we often had to give some people way too much access for them to be able to do what they needed in Prisma. They couldn't do their jobs if they didn't have that level of access, so other people had to do that part for them. It would help to have more granular role-based access controls.
We identified two things that we felt would be great to have, but they are under NDA. So, I can't disclose them. Other than those two things, we identified a generic bug in the secret key management service on AWS that needs to be fixed. We reported it to them, and we want them to fix it. It is very good with predominant cloud vendors, such as AWS, Azure, and GCP, but I am not sure about its efficiency when it comes to other cloud vendors. They should expand its coverage to other cloud vendors such as Alibaba Cloud and Oracle Cloud, which are quite common in this region. I am not sure if they have a full-fledged Oracle Cloud controls evaluation. If they can improve it in terms of the MultiCloud aspect for the organization, it will be helpful, especially in this region.
Areas like the deployment of their defenders and their central control need manual intervention. They should focus more on automation. They have a very generic case for small companies. However, for bigger companies to work, we have to do a lot of changes to our system to accommodate it. Therefore, they should change their system or deployment models so it can be easy to integrate into existing architectures. Prisma Cloud has enabled us to integrate security into our CI/CD pipeline and add touchpoints into existing DevOps processes. It is not 100 percent seamless since we still need to do some manual interventions. Because the way that we have designed our CI/CD for Prisma Cloud, the integration was neither smooth nor was it 100 percent seamless.
There is some work to be done on preventive security policies. I would give the existing preventive approach a seven out of 10. I'm sure they will be doing something in this area. In terms of securing cloud-native development at build time, a lot of improvement is needed. Currently, it's more a runtime solution than a build-time solution. For runtime, I would rate it at seven out of 10, but for build-time there is a lot of work to be done. Another area for improvement is support for OPA (Open Policy Agent) rather than the proprietary language. Nowadays, people mix things, but you don't want to write a policy in different languages.
We would like to have the detections be more contemporaneous. For example, we've seen detections of an overprivileged user or whatever it might be in any of the hundreds of Prisma policies, where there are 50 minutes of latency between the event and the alert. We'd always want that to be as quick as possible, and this is going to be true for every customer. The billing function, with the credits and the by-workload-licensing and billing, is something that is a little wonky and can be improved.
Prisma Cloud's dashboards should be customizable. That's very important. Other similar solutions are more elastic so you have the power to create customized dashboards. In Prisma Cloud, you cannot do that. Prisma also should allow users to fully automate the workflow of an identified set. Right now, it can give us a hint about what has happened and there is an option to remediate that, but for some reason, that doesn't work. Another pain point is integration with ticketing solutions. We need bidirectional integration of Prisma Cloud and our ticketing tool. Currently, we only have one-way integration. When an alert appears in Prisma Cloud, it shows up in our ticketing tool as well. But if someone closes that ticket in our ticketing tool, that alert doesn't resolve in Prisma Cloud. We have to do it manually each time, which is a waste of time. I am not sure how much Prisma Cloud protects against zero-day threats. Those kinds of threats really work in different kinds of patterns, like identify some kind of CBE, that kind of stuff. But considering the way it works for us, I don't think it'll be able to capture a zero-day threat if it is a vulnerability because Prisma Cloud actually doesn't capture vulnerability. It captures errors in posture management. That's a different thing. I don't know if there is any zero-day that Prisma can identify in AWS instantly. Probably, we can ask them to create a custom policy, but that generally takes time. We haven't seen that kind of scenario where we actually have to handle a zero-day threat with Prisma Cloud, because that gets covered mostly by Qualys.
The only part that is actually tough for us is that we have a professional services resource from Palo Alto working with us on customization. One of the things that we are thinking about is that if we have similar requirements in the future, how can we get his capability in-house? The professional services person is a developer and he takes our requirements and writes the code for the APIs or whatever he needs to access. We will likely be looking for a resource for the Demisto platform. The automation also took us time, more than we thought it would take. We had some challenges because Demisto was a third-party product. Initially, the engineer who is with us thought that everything was possible, but later on, when he tried to do everything, he was not able to do some things. We had to change the strategy multiple times. But we have now reached a point where we are in a comfort zone and we have been able to achieve what we wanted to do. Also, getting new guys trained on using the solution requires some thought. If someone is already trained on Palo Alto then he's able to adapt quickly. But, if someone is coming from another platform such as Fortinet, or maybe he's from the system side, that is where we need some help. We need to find out if there is an online track or training that they can go to. Related to training is the fact that changes made in the solution are reflected directly in the production environment. As of now, we are not aware of any method for creating a demo environment where we can train new people. These are the challenges we have.
The remediation part could be better. It should be able to automatically remediate on the basis of its artificial intelligence. If there are alerts, it should directly act and surround the malicious threat with a container or something. Instead of waiting on approval, it should immediately act. There should be no need for manual input when there is a threat on hand. The ability to scale is limited as it is a SAS product. The licensing is a bit confusing.
IAM role management need to be improved like the day dome9 provides we can provide access to cloud resource on need basis along with time limit
When it comes to protecting the full cloud-native stack, it has the right breadth. They're covering all the topics I would care about, like container, cloud configuration, and serverless. There's one gap. There could be a better set of features around identity management—native AWS—IAM roles, and service account management. The depth in each of those areas varies a little bit. While they may have the breadth, I think there's still work to do in flushing out each of those feature sets. My understanding of Palo Alto's offerings is that they have a solution that is IAM-focused. It's called Prisma Access. We have not looked at it, but I believe it's a separately-licensed offering that handles those IAM cases. I don't know whether they intend to include any IAM-type of functionality in the Prisma Cloud feature set or whether they will just say, "Go purchase this separate solution and then use them next to each other." Also, I don't think their SaaS offering is adoptable by large enterprises like ours, in every case. There are some limitations on having multiple consoles and on our ability to configure that SaaS offering. We would like to go SaaS, but it's not something we can do today. We have some capability to do network functions inside of Prisma Cloud. Being able to integrate that into the non-cloud pieces of the Palo Alto stack would be beneficial. The solution's security automation capabilities are mixed. We've done some API development and it's good that they have APIs, that's beneficial. But there is still a little disconnect between some of the legacy Twistlock APIs versus some of the RedLock APIs. In some cases the API functionality is not fully flushed out. An example of that is that we were looking at integrating Prisma Cloud scans into our GitHub. The goal was to scan GitHub repositories for CloudFormation and Terraform templates and send those to Prisma Cloud to assess for vulnerabilities and configuration. The APIs are a little bit on the beta-quality side. It sounds like newer versions that some of that is handled, but I think there's some room to grow. Also, our team did run into some discrepancies between what's available, API-wise, that you have to use SaaS to get to, versus the on-premise version. There isn't necessarily feature parity there, and that can be confusing.
The alignment of Twistlock Defender agents with image repositories needs improvement. These deployed agents have no way of differentiating between on-premise and cloud-based image repositories. If I deploy a Defender agent to secure an on-premise Kubernetes cluster, that agent also tries to scan my ECR image repositories on AWS. So, we have limited options for aligning those Defenders with the repositories that we want them to scan. It is scanning everything rather than giving us the ability to be real granular in choosing which agents can scan which repositories. This is our biggest pain point. There are little UI complexities that we work around through the API or exporting.
Based on my experience, the customization—especially the interface and some of the product identification components—is not as customizable as it could be. But it makes up for that with the fact that we can access the API and then build our own systems to read the data and then process and parse it and hand it to our teams. At that point, we realized, "Okay, we're not never going to have it fully customizable," because no team can expect a product, off-the-shelf, to fit itself to the needs of any organization. That's just impossible. So customization from our perspective comes through the API, and that's the best we can do because there is no other sensible way of doing it. The customization is exactly evident inside the API, because that's what you end up using. In terms of the product having room for improvement, I don't see any product being perfect, so I'm not worried about that aspect. The RedLock team is very responsive to our requirements when we do point out issues, and when we do point out stuff that we would like to see fixed, but the product direction itself is not a big concern for us.
One scenario, in early days, was in trying to get a view on how you could segregate account access for role-based access controls. As a DevSecOps squad, you might have had five or six guys and girls who had access to the overall solution. If you wanted to hand that off to another team, like a software engineering team, or maybe just another cloud engineering team, there were concerns about sharing the whole dashboard, even if it was just read-only. But over the course of time, they've integrated that role-based access control so that users should only be able to view their own accounts and their own workloads, rather than all of the accounts. Another concern I had was the fact that you couldn't ingest the accounts into Prisma Cloud in an automated sense. You had to manually integrate them or onboard them. They have since driven out new features and capabilities, over the last 12 months, to cater for that. At an organizational level you can now plug that straight into Prisma Cloud, as and when new accounts are provisioned or created. Then, by default, the AWS account or the Azure account will actually be included, so you've got visibility straight away. The lack of those two features was a limitation as to how far I could actually push it out within the organization for it to be consumed. They've addressed those now, which is really useful. I can't think of anything else that's really causing any shortcomings. It's everything and more at the moment.
The integration of the Compute function into the cloud monitoring function—because those are two different tools that are being combined together—could use some more work. It still feels a little bit disjointed. Also, the permissions modeling around the tool is improving, but is still a little bit rough. The concept of having roles that certain users have to switch between, rather than have a single login that gives them visibility into all of the different pieces, is a little bit confusing for my users. It can take some time out of our day to try to explain to them what they need to do to get to the information they need.
The challenge that Palo Alto and Prisma have is that, at times, the instructions in an event are a little bit dated and they're not usable. That doesn't apply to all the instructions, but there are times where, for example, the Microsoft or the Amazon side has made some changes and Palo Alto or Prisma was not aware of them. So as we try to remediate an alert in such a case, the instructions absolutely do not work. Then we open up a ticket and they'll reply, "Oh yeah, the API for so-and-so vendor changed and we'll have to work with them on that." That area could be done a little better. One additional feature I'd like to see is more of a focus on API security. API security is an area that is definitely growing, because almost every web application has tons of APIs connecting to other web applications with tons of APIs. That's a huge area and I'd love to see a little bit more growth in that area. For example, when it comes to the monitoring of APIs within the clouded environment, who has access to the APIs? How old are the APIs' keys? How often are those APIs accessed? That would be good to know because they could be APIs that are never really accessed and maybe we should get rid of them. Also, what roles are attached to those APIs? And where are they connected to which resources? An audit and inventory of the use of APIs would be helpful.
We would like it to have more features from the risk and compliance perspectives. On the governance side of it, we did want it, but the licensing costs for that are so high. As a result, I have to integrate this solution with a couple of additional tools. For example, suppose I wish to assign something to an organization or to another person. To do that I have to integrate it with something like JIRA or Confluence where I can ask them to provide the pieces of information. If the licensing costs were a little lower, I would have been able to assign it then and there. As it is, though, I need to assign it from one platform to another platform, one where the team of engineering people is working. I still need to go to multiple platforms to check if something was assigned, and I have to keep checking between the two platforms to see whether it's not done or not.
The feedback that we have given to the Palo Alto Networks team is that the UI can be improved. When you press the "back" button on your browser from the Investigate tab, the query that you're working on just disappears. It won't keep the query on the "back" button. Also, the way the policies are structured and the alerts are created could be better. It requires a lot of manual work to search through the policies when creating an alert. These are minute nuances. They are not major issues and are more about convenience than they are product bugs.
In terms of improvement, there are some small things like hardening and making sure the Linux resources are deployed well but that's more at an operational level. Day-to-day, we do find a lot of issues but having a tool to help us with them is what we want because manually, it's not feasible for us. Other than that, we not really looking for any other add-ons or plug-ins because that was our core problem.
In our testing, we have found the Check Point product CloudGuard Dome9 to be more user-friendly at this point. Palo Alto Prisma's interface was not as user-friendly. Palo Alto should work on this part of its solution to be more competitive with ease-of-use. I do not feel Palo Alto is short of any features, but if we compare the two side-by-side, I think the user interface for Palo Alto needs to be improved to make it at least as good as Dome9.
I'm not sure about areas for improvement on the solution, however, I do think the compliance and dashboarding could be better. The innovation side of the solution could be more efficient and more detailed.
The pricing for the solution needs improvement.
I would like to see the inclusion of automated counter-attack, although this is probably illegal.