We performed a comparison between Prisma Cloud by Palo Alto Networks and AWS GuardDuty based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Prisma Cloud stands out as a more powerful and comprehensive solution for cloud security and compliance management compared to AWS Guard Duty. Prisma Cloud offers excellent visibility, and it's a robust solution for managing hybrid-cloud environments without the hassle of mapping and cross-referencing work.
"They're responsive to feature requests. If I suggest a feature for Prisma, I will need to wait until the next release on their roadmap. Cloud Native Security will add it right away."
"It is pretty easy to integrate with this platform. When properly integrated, it monitors end-to-end."
"The management console is highly intuitive to comprehend and operate."
"PingSafe offers comprehensive security posture management."
"PingSafe's most valuable feature is its unified console."
"Cloud Native Security has helped us with our risk posture and securing our agenda. It has been tremendous in terms of supporting growth."
"The most valuable feature of PingSafe is its integration with most of our technology stack, specifically all of our cloud platforms and ticketing software."
"The offensive security feature is valuable because it publicly detects the offensive and vulnerable things present in our domain or applications. It checks any applications with public access. Some of the applications give public access to certain files or are present over a particular domain. It detects and lets us know with evidence. That is quite good. It is protecting our infrastructure quite well."
"We use the tool for threat detection. AWS includes AI features as well. AWS GuardDuty gives us reports."
"Deployment is great, and we didn't face any big challenges."
"It kinda just gives us another layer of security. So it does provide some sort of comfort that we do have something that is monitoring for abnormal behavior."
"The solution provides AWS GuardDuty S3 protection, EKS runtime protection, and malware protection."
"What we found most valuable in Amazon GuardDuty is its threat detection feature, especially because we were monitoring a huge number of AWS accounts, so we needed a solution that would monitor for any kind of malicious activity. The monitoring aspect of the solution was great because it gave us timely notifications if and when anything happened, and Amazon GuardDuty helped keep us on our toes to make sure we took action right away."
"What I like most about Amazon GuardDuty is that you can monitor your AWS accounts across, but you don't have to pay the additional cost. You can get all your CloudTrail VPC flow logs and DNS logs all in one, and then you get the monitoring with that. A lot of times, if you had a separate tool on-premise, you would have to set up your DNS logs, so usually, Amazon GuardDuty helps with all your additional networking requirements, so I utilize it for continuous monitoring because you can't detect anything if you're not monitoring, and the solution fills that gap. If you don't do anything else first, you can deploy your firewall, and then you've got your Route 53 DNS and DNSSEC, but then Amazon GuardDuty fills that, and then you have audit requirements in AU that says, "Hey, what are your additional logs?", so you can just say, "Hey, we utilize Amazon GuardDuty." You're getting your CloudTrail, your VPC flow logs, and all your DNS logs, and those are your additional logs right there, so the solution meets a lot of requirements. Now, everything comes with a cost, but I also like that the solution also provides threat response and remediation. It's a pretty good product. I've just used it more for log analysis and that's where the value is at, the niche value. Once you do threat detection, it goes into a lot of other integrations you need to implement, so threat detection is only good as the integration, as the user that knows the tools itself, and the architecture and how it's all set up and the rules that you set within that."
"We have over 1,000 employees, and we monitor their activity through AWS GuardDuty."
"It helps us detect brute-force attacks based on machine learning."
"Prisma Cloud provides the needed visibility and control regardless of how complex and distributed the cloud environments become."
"The product provides very good network security."
"It has improved the overall collaboration between SecOps and DevOps. Now, instead of asking people to do something, it is a default offering in the CI/CD. There is less manual intervention and more seamless integration. It is why we don't have many dependencies across many teams, which is definitely a better state."
"Configuration monitoring and alerting is the most valuable feature; it happens at the cloud's speed, allowing our development team to respond quickly. If a configuration goes against our security best practices, we're alerted promptly and can act to resolve the issue. As cloud security staff, we're not staring at the cloud all the time, and we want to let the developers do their jobs so that our company is protected and work is proceeding within our security controls."
"Prisma Cloud is quite simple to use. The web GUI is powerful. Prisma Cloud scans the overall architecture of the AWS network to identify open ports and other vulnerabilities, then highlights them."
"The most valuable feature is the continuous cloud compliance monitoring and alerting."
"It scans our containers in real time. Also, as they're built, it's looking into the container repository where the images are built, telling us ahead of time, "You have vulnerabilities here, and you should update this code before you deploy." And once it's deployed, it's scanning for vulnerabilities that are in production as the container is running."
"The solution gives us a lot of visibility across all of our cloud solutions."
"PingSafe takes four to five hours to detect and highlight an issue, and that time should be reduced."
"The Kubernetes scanning on the Oracle Cloud needs to be improved. It's on the roadmap. AWS has this capability, but it's unavailable for Oracle Cloud."
"When we get a new finding from PingSafe, I wish we could get an alert in the console, so we can work on it before we see it in the report. It would be very useful for the team that is actively working on the PingSafe platform, so we can close the issue the same day before it appears in the daily report."
"There is a bit of a learning curve for new users."
"The integration with Oracle has room for improvement."
"The categorization of the results from the vulnerability assessment could be improved."
"They need more experienced support personnel."
"I export CSV. I cannot export graphs. Restricting it to the CSV format has its own disadvantages. These are all machine IP addresses and information. I cannot change it to the JSON format. The export functionality can be improved."
"Improvement-wise, Amazon GuardDuty should have an overall dashboard analytics function so we could see what's in the current environment, and then in addition to that, provide best practices and recommendations, particularly to provide some type of observability, and then figure out the login side of it, based on our current environment, in terms of what we're not monitoring and what we should monitor. The solution should also give us a sample code configuration to implement that added feature or feature request. What I'd like to see in the next release of Amazon GuardDuty are more security analytics, reporting, and monitoring. They should provide recommendations and additional options that answer questions such as "Hey, what can we see in our environment?", "What should we implement within the environment?", What's recommended?" We know that cost will always be associated with that, but Amazon GuardDuty should show us the increased costs or decreased costs if we implement it or don't implement it, and that would be a good feature request, particularly with all products within AWS, just for cloud products in general because there are times features are implemented, but once they're deployed, they don't tell you about costs that would be generated along with those features. After features are deployed, there should a summary of the costs that would be generated, and projected based on current usage, so they would give us the option to figure out how long we're going to use those features and the option to keep those on or turn those off. If more services were like that, a lot more people would use those on the cloud."
"We currently find Lacework to be much better at detecting vulnerabilities than AWS GuardDuty. The engines of AWS GuardDuty have to be improved."
"Because it's a threat detection service, they need to keep up with the various threat factors because new threat factors and attack factors come up all the time."
"The product needs to improve its cost-efficiency since it is expensive."
"AWS GuardDuty sometimes shows false positives and should have better detection accuracy."
"The solution's user interface could be improved because it will help users to understand multiple options."
"Cost changes. It's very expensive. If you turn on every feature, it's more than most commercial vendors. For smaller orgs, that doesn't make sense."
"For the next release, they could provide IPS features as well."
"The feedback that we have given to the Palo Alto team is that the UI can be improved. When you press the "back" button on your browser from the Investigate tab, the query that you're working on just disappears. It won't keep the query on the "back" button."
"The IM security has room for improvement."
"One major observation is that it is not possible to implement Prisma Cloud on-premises. This is the limitation. Prisma Cloud itself is on a cloud. It is sitting on AWS and Google Cloud. It is a SaaS solution, but some of my clients have a local regulatory requirement, and they want to install it locally on their premises. That capability is not there, but government entities and ministries want to have Prisma Cloud installed locally."
"When there are updates, whether daily, weekly, or monthly, it needs configuration or permission adjustments. There is no automation for that, which is too bad."
"We would like it to have more features from the risk and compliance perspectives."
"The dashboard can be created at the user level instead of the cloud account level, which will help save time."
"The user interface should be improved and made easier."
"The access controls for our bank roles were not granular enough. We needed specific people to do particular actions, and we often had to give some people way too much access for them to be able to do what they needed in Prisma. They couldn't do their jobs if they didn't have that level of access, so other people had to do that part for them. It would help to have more granular role-based access controls."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
More Prisma Cloud by Palo Alto Networks Pricing and Cost Advice →
AWS GuardDuty is ranked 4th in Cloud Workload Protection Platforms (CWPP) with 20 reviews while Prisma Cloud by Palo Alto Networks is ranked 1st in Cloud Workload Protection Platforms (CWPP) with 82 reviews. AWS GuardDuty is rated 8.2, while Prisma Cloud by Palo Alto Networks is rated 8.4. The top reviewer of AWS GuardDuty writes "A stellar threat-detection service that has helped bolster security against malicious threats". On the other hand, the top reviewer of Prisma Cloud by Palo Alto Networks writes "The dashboard is very user-friendly and can be used to generate custom RQL based on user requirements". AWS GuardDuty is most compared with Microsoft Defender for Cloud, CrowdStrike Falcon Cloud Security, Wiz, Check Point CloudGuard CNAPP and Akamai Guardicore Segmentation, whereas Prisma Cloud by Palo Alto Networks is most compared with Wiz, Microsoft Defender for Cloud, Aqua Cloud Security Platform, AWS Security Hub and Check Point CloudGuard CNAPP. See our AWS GuardDuty vs. Prisma Cloud by Palo Alto Networks report.
See our list of best Cloud Workload Protection Platforms (CWPP) vendors.
We monitor all Cloud Workload Protection Platforms (CWPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.