We compared Duo Security and Prisma Access by Palo Alto Networks across several parameters based on our users' reviews. After reading the collected data, you can find our conclusion below:
Comparison Results: Duo Security is praised for its easy setup, user-friendly interface, and detailed documentation. It excels in providing two-factor authentication and integration capabilities. However, it needs improvement in terms of compatibility, user-specific permissions, and technical support. On the other hand, Prisma Access is highly valued for its accessibility, strong security features, and global performance. It offers protection for all app traffic and integrates well with other Palo Alto platforms. However, it can be challenging to configure and has mixed reviews regarding customer support. Duo Security is considered competitively priced, while Prisma Access is seen as more expensive but worth it for its quality.
"The integration with Azure Active Directory and the AWS cloud is amazing, as most products nowadays require the creation of a customized integration. With Duo Security, it was more like native integration, and it took me five minutes to register."
"The most valuable feature is the ability for users to connect securely to the office using the VPN."
"The most valuable aspect is the authentication and the SSO."
"The push notifications and the integrations they offer are valuable. Their mobile app is very useful. It is very easy to use."
"The single pane of glass management is very important and it is part of the reason we went with Duo. Anything we can do to save time for our administrators, help desk staff, and engineers, is valuable to us."
"It is a good solution for hybrid environments and VPN."
"The ability for users to authenticate via phone, from any random phone number, has been very helpful for managing a distributed workforce. Using it across a distributed network for securing access to our applications is big for us."
"I love Duo Security's push notifications. It's simple, fast, and secure. From the user's perspective, the solution is seamless. The security aspect is great."
"The users can securely access any cloud data centers or cloud platforms. In terms of the features, it has all the features that Palo Alto Next-Generation Firewall has. It is also very stable and scalable."
"The solution's most valuable features were the model's reduced complexity on the client side and its capability to provide security."
"Security is absolutely spot-on, really top-notch. It's the result of all the components that come together, such as the HIP [Host Information Profile] and components like Forcepoint, providing end-user content inspection, and antivirus. It incorporates DLP features and that's fantastic because Prisma Access makes sure that all of the essential prerequisites are in place before a user can log in or can be tunneled into."
"It has predefined or preconfigured rules, which are getting periodically updated. They are providing continuous improvements and periodically updating all search queries that they are looking for. That is one thing that helps us to stay vigilant and focused. If we query our AWS account for any breaches or vulnerabilities with any of the cloud tests, and it alerts us based on these predefined rules. It also provides an option to configure our own rules, and based on these rules, it can query the cloud trail logs, pull the information, and trigger alerts in real-time. I haven't explored this feature much because there are multiple accounts, and we don't have enough time to explore this feature. It also provides multiple integrations. When vulnerabilities or breaches are happening, you should be aware of them immediately. It provides integration with tools such as Slack, PagerDuty so that you can get alerted as soon as the high severity stuff comes up. For example, you have a security group that has allowed public traffic on port 22. As TechOps, you should be aware of this immediately. You cannot scan each machine or look into all security groups to identify it. So, Prisma helps us and alerts us when this kind of high-priority stuff comes up. It has different statistics, analytics, and graphs for data. The description of alerts is also pretty good. They describe what are the possible causes for this and what are the solutions. From Prisma Cloud, you can directly go to the AWS account. When you click on an alert, a resource, or a resource ID, it takes you to the AWS console where you need to log in. If you are already logged in, it will take you to that instance directly, and you can fix the issue there. I have found this feature very useful."
"The remediation process is easy compared to other platforms."
"It's great that we can make sure a machine meets the minimum requirements before users are allowed to log in."
"The scalability of the solution is excellent."
"Prisma integrates well with Cortex XDR and Cortex Data Lake. My company has been also using Prisma Access in-house for nearly a year, and it integrates seamlessly."
"Removing the need for a password would be a positive change as well as the ability to cover all the different enterprise applications. They don't have coverage for everything."
"The only thing I can think of to improve for tech support is to have a dedicated engineer but then I would get an engineer that has priorities in one area or another and maybe not the scope I need."
"Duo Security should better organize its tile feature to organize applications better."
"Duo Security should have more customized use cases. For example, if a client needs to have more customization, it would be better to connect directly with Duo's R&D to try to discuss the issues together in order to add customizations."
"Reducing or eliminating the "telephony credits" system used by Duo would be great."
"For the back-end, there could be a few more security features applied."
"It could be a little bit more intuitive when it comes to the sign-up process. I know they send out an email, but sometimes our users get a little confused. It could be an end-user problem, but Cisco could work on that a little."
"They can make authentication easier. It should be done in a shorter time. Sometimes, it can take a bit more time to get the answer on your phone. You have to wait a bit longer to get the SMS code and other things. There can be some internet or connection issues. They should make it faster because sometimes, it's urgent, and you need to access something as soon as possible."
"It would be nice to manage Prisma Access through the cloud instead of through Panorama. You can use the cloud version to monitor Prisma Access, but it doesn't have all the features yet, and it's not 100% done."
"It is a managed firewall. When you run into issues and have to troubleshoot, there is a fair amount of restriction. You run into a couple of restrictions where you don't have any visibility on what is happening on the Palo Alto managed infrastructure, and you need to get on a call to get technical assistance from Palo Alto's technical support. You have to get them to work with you to fix the problem. I would definitely like them to work on the visibility into what happens inside Palo Alto's infrastructure. It is not about getting our hands onto their infrastructure to do troubleshooting or fixing problems; it is just about getting more visibility. This will help us in guiding technical support folks to the area where they need to work."
"The solution needs to be more compatible with other solutions. This is specifically a problem for us when it comes to healthcare applications. They have proprietary connection types and things of that nature that make compatibility a challenge sometimes."
"The price can be reduced to make it more competitive."
"The documentation is generally good, but they could provide a more detailed description of all the configuration steps. I have to search for information or call support. Palo Alto could add more knowledge base articles about configuration with screenshots and walkthroughs. That would be helpful. When configuring a product, you want to see examples of how it is done."
"The tools' scalability is subject to some limitations when done on-premise due to the need for additional licenses. However, in other scenarios, increasing scalability involves expanding infrastructure to accommodate more third-party VPN access. It is scalable as long as you pay the money. Also, it needs to improve security."
"I would like to see support for custom applications."
"Sometimes, you have these notifications sent out about changes in App-IDs, modifications in App-IDs, or even the introduction of entirely new App-IDs to replace. Sometimes, the recommendations are followed, but even then, when the package is installed on the firewall, it gets messed up. I remember a particular one was with Tableau, and suddenly, people weren't able to use Tableau, which is an analytics tool for business."
More Prisma Access by Palo Alto Networks Pricing and Cost Advice →
Cisco Duo is ranked 3rd in ZTNA as a Service with 55 reviews while Prisma Access by Palo Alto Networks is ranked 2nd in ZTNA as a Service with 57 reviews. Cisco Duo is rated 8.8, while Prisma Access by Palo Alto Networks is rated 8.2. The top reviewer of Cisco Duo writes "Helps reduce the risk of a breach and is easy to deploy and onboard". On the other hand, the top reviewer of Prisma Access by Palo Alto Networks writes "Integration with Palo Alto platforms such as Cortex Data Lake and Autofocus gives us visibility into our attack surface". Cisco Duo is most compared with Microsoft Entra ID, Fortinet FortiAuthenticator, Fortinet FortiToken, Yubico YubiKey and UserLock, whereas Prisma Access by Palo Alto Networks is most compared with Zscaler Zero Trust Exchange, Netskope , Cisco Umbrella, Zscaler Internet Access and Prisma SD-WAN. See our Cisco Duo vs. Prisma Access by Palo Alto Networks report.
See our list of best ZTNA as a Service vendors.
We monitor all ZTNA as a Service reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.