What is our primary use case?
I was looking for one tool which, as a WAF, could provide me with information regarding applications and with features where I can oversee things.
We use the solution's ability to filter alerts by levels of security and it helps our teams understand which situations are the most critical. Based on the priorities that I get for my product, I can filter the notices the team needs to work on, to those that require immediate attention. That means it's easier for me to categorize and understand things exactly, on a single dashboard. I can see, at one point in time, that these are my 20 applications that are running. Out of them, I can see, for example, the five major vulnerabilities that I have — and it shows my risk tolerance — so I know that these five are above my risk tolerance. I know these need immediate attention and I can assign them to the team to be worked on immediately.
How has it helped my organization?
Instead of going for multiple tools, this tool has helped me to have one platform where I can have all the features and information I'm looking for.
The tool is working on the principles of governance, risk, and compliance as well. It even helps me in application-level firewall security. It's not just a single tool. It has helped me find out details about multiple things.
The integration with user tools is pretty easy; it's user-friendly.
In terms of a reduction in alerts, it has helped me out in not putting unnecessary time into a couple of things, which can be figured out at a glance. I would estimate the reduction in alerts at about 40 percent.
What is most valuable?
I was looking for a vulnerability scanner and I was looking for one place in which I could find everything. This tool not only does vulnerability scanning, but it also gives me an asset management tool.
It has been good in my test environment when it comes to scanning my infrastructure.
What needs improvement?
We would like it to have more features from the risk and compliance perspectives.
On the governance side of it, we did want it, but the licensing costs for that are so high. As a result, I have to integrate this solution with a couple of additional tools. For example, suppose I wish to assign something to an organization or to another person. To do that I have to integrate it with something like JIRA or Confluence where I can ask them to provide the pieces of information. If the licensing costs were a little lower, I would have been able to assign it then and there. As it is, though, I need to assign it from one platform to another platform, one where the team of engineering people is working. I still need to go to multiple platforms to check if something was assigned, and I have to keep checking between the two platforms to see whether it's not done or not.
For how long have I used the solution?
We have been using Prisma Cloud by Palo Alto Networks for five months, testing it and evaluating it during that time. We are planning to purchase it.
I have been evaluating this product from the point of view of DevOps. I have not been evaluating it from the security operations point of view.
Prisma Cloud actually has two solutions. One is a cloud-based solution and the other is their on-premise solution. I have had a look at and tested both of these tools.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
It's scalable. We discussed that with them. We also discussed the scenario where I want to move from one cloud environment to another, or if I make some other changes. How flexible is the tool as far as working with different cloud environments goes? And it is perfectly fine in that regard.
If we deploy it, I will be using it quite extensively for my day-to-day vulnerability scans.
How are customer service and technical support?
I would rate their technical support at nine out of 10. They have been very supportive. Every time I have called them they have been there for me.
Which solution did I use previously and why did I switch?
I was using multiple tools from here and there: one tool for vulnerability scans, one for risk management. But this has provided me an answer for not just one tool but for multiple requirements that I have.
How was the initial setup?
The initial setup was easy. I got to help from their technical department and the device is more or less plug-and-play. If you have specifications which are required by the cloud, and your products are running on those specific cases, then it becomes quite easy. You just have to install it and it's good to go in your infra.
Since I did it for my development center only, I just had to install one installer and then the agents were installed automatically after running a script. For the whole environment, it could not have taken more than a day or two.
What's my experience with pricing, setup cost, and licensing?
Security tools are not cheap. This one is a little heavy on the budget, but so are all the other security tools I have evaluated.
There are no additional costs to the standard licensing fees for Prisma Cloud.
Which other solutions did I evaluate?
I looked at Trend Micro Cloud One Workload Security. Both it and Palo Alto Prisma Cloud are good for container-level security and scanning. But the financial part of it and budgeting play an important role.
With Prisma, it's not just one feature. It has also provided me with solutions for a couple more of my requirements. That was not the case with Trend Micro. In addition, Prisma Cloud was easy for me to figure out. The only con I see in Prisma Cloud is that because of its cost, I have to use multiple tools.
What other advice do I have?
It's a good tool. I would tell anybody to give a shot. It's easy, it's user-friendly; it's like a plug-and-play tool.
I am a single point of contact for this solution, right now. I'm working on it with my entire management to review things. I have to coordinate because of the multiple platforms they have. Roles have been assigned at different levels. There is a consultant's role, a reviewer's role, and there is an implementer's role. The latter is supposed to be working with them.
Root cause analysis needs to be done at my own level. The solution does inform me that a predicted vulnerability exists and this is the asset where it could be happening. But the intelligence has to be provided by the security consultant.
If something becomes visible during the build phase, we already have a pretty good area where we can change the product so that it does not impact the production environment.
The solution provides an integrated approach across the full lifecycle to provide visibility and security automation and, although we have not started using that part of it yet, it will definitely enable us to take a preventive approach to cloud security when we do use it.
Overall, it provides all the pieces of information that you require, in one place and time. I think it's going to be good to work with them.
Which deployment model are you using for this solution?