We are using the compliance module of the solution.

We use the solution to secure the cloud accounts in our organization that we maintain. We launched this tool for our security. We used to choose the products in the market based on the budget. Prisma Cloud was already launched and onboarded before I came to this organization. We used to onboard other tools, like Defender Cloud or Prisma Cloud.

CSPM is different from Prisma Cloud; they are two parts in a single product. For day-to-day activities, we use CSPM almost 100% and Prisma Cloud for almost 30% to 40%. CSPM identifies the alerts and misconfigurations from the account level for day-to-day activities. We inform the DevOps team to close the alert by getting the solutions from their account-level site.

We chose this product to identify the misconfigurations based on the severity level. For critical, it should be done within one or two days; for high, it should be done in three to five days. Based on the time period, we used to get these solutions in time. Sometimes, users may face many exceptions for the solution or alerts.

For example, there will be some internal ELBs (elastic load balancers) from the account level. Internal ELBs cannot be published because they'll be used internally to share the data. The policy may identify the alert from the internal ELBS also. So, we need some exceptions so that the internal load balancer can be accepted but not generate an alert from the Prisma side.

We used to change our RQL query based on the requirement. Otherwise, we approached the product or support teams to get the solution from them. They'll provide the RQL with the changes based on the requirement, and we'll get the solutions as quickly as possible. Most of the time, when there is a problem, there will also be a solution.

Maintaining an organization with multiple million dollars is not an easy thing at the market level. So, it's important to have a product that effectively identifies the issues. Nowadays, hackers send a simple link to an unknown user. When users click the link, their bank account gets hacked, and the amount gets deducted from the customer side.

When a single user gets this type of attack, an organization should be equipped to effectively identify these attacks. This product works very effectively to identify such attackers. The solution can not only help identify present attackers' thinking, but we can think about the future and customize the queries based on the attackers' mindset. We can identify the attackers' way not to get marketed in the banking sector.

Prisma Cloud is a monitoring tool that continuously monitors 24/7. It's not about getting the solution but identifying the misconfiguration. When it continuously monitors the cloud accounts, the product identifies the issues, and we get the solution.

Getting the solutions is in our hands, but identifying the issues is the product behavior. The product behavior to identify the issues is highly appreciable. Then, we get the solution based on the requirement.

Whatever automation Prisma Cloud provides to the policies is a good way to get this solution, but automating the complete tool has its positives and negatives. It's a debatable question because Prisma is not a testing tool. The tool identifies misconfigurations

The solution can't provide 100% security at the market or organization levels. If we secure a product by 99%, there is still a chance of a one percent attack. So, there should be some monitoring as well as automation. However, going for only automation or monitoring is a debated question.

We continue using Prisma Cloud because we are 100% satisfied with it, not only from my side but also at my organization level. In my organization, we started a gap analysis. We are maintaining more than 150 AWS cloud accounts. So, there are a lot of alerts for misconfiguration from the product level.

Since January, we have started one requirement to reduce the alert. We collect all the alerts in an Excel sheet, and we used to share with the DevOps HOD that these are the misconfigurations for your account. Then, the HOD used to share the sheet with the team members.

I can proudly say that we started with more than 8,600 alerts for all the cloud accounts in the month of January. Now, the count is reduced to almost 2,400 alerts for more than 40 sensitive policies. We identified almost 60% to 70% alert reduction. We are using Prisma Cloud effectively to identify misconfigurations and implement many more features to secure the cloud accounts in our organization.

We use 100% of CSPM and only 30% to 40% of the CI/CD pipeline, like Prisma Cloud. For CSPM, I'll rate it a ten out of ten. Otherwise, nine and a half out of ten because no product will satisfy a customer 100%. So, nine and a half out of ten for CSPM to secure the cloud accounts internally or prevent getting attacked by attackers. I would definitely recommend this product.

We will launch CI/CD like Prisma Cloud in the future, and the organization should also consider the budget. Prisma Cloud is a little high-budget affair. Prisma Cloud is a mandatory tool to identify the CI/CD level vulnerabilities while doing email scanning only. Our time will not be wasted by using this tool.

If we do not scan an image for vulnerabilities while deploying a code into it, it's a waste of time deploying a code that any attacker can handle. This product identifies the vulnerabilities by email scanning only, which helps to have more time for the DevOps team to get more deployment.

We used to suggest new thoughts on how it can be more user-friendly. There is an API with which we can share our thoughts. It should be selected by other users and business organizations using the product. If more people suggest that option after we launch that thought into the API, the Prisma product will think about that thought. If it is valuable, they should definitely get this solution.

Currently, we can identify the misconfigurations based on the list of policies. Suppose five to ten members work with Prisma in an organization. In that case, they cannot go daily to the dashboard and identify all the misconfigurations singly or as a group.

We suggested a new feature: a list of misconfigurations should be identified based on the user, either a single user or a group. If three members work with a particular cloud account, then those three members should create a group, and that account should be added there. This will also reduce the time of a customer working on the product.

Whatever DevOps requirement was not presented in the product, they used to discuss it with our team. If it is a requirement we need in our organization, then we will go to the product team and tell them it is a requirement from our organization level for the DevOps team. If it is a proper requirement, the engineering team will work based on it. The product team comes up with new ideas. Since the recent launch is a better version for the product team, we also used to launch the better version from the product team.

it works both ways. Whatever new features the DevOps team suggests, we discuss them with the product team. When the product team suggests new features to help the organization, the same can be discussed with our internal team. Our manager will discuss it with the HODs of the DevOps team. If it is a genuine requirement, we will try to convince the DevOps team, and based on their approval, we will launch that feature.

It's highly recommended since the dashboard is very user-friendly. The Prisma Cloud tool is integrated with Jira. Whenever any alert is generated, it will automatically trigger Jira based on compliance. It will work based on the compliance we onboarded to Jira. We used to create compliance for Jira and day-to-day activities, like generating reports based on the accounts.

Prisma Cloud is a user-friendly solution. When managing more than 50 cloud accounts, we can get the issues and misconfigurations from the single account level, the group account level, or the total account level. We can get everything based on our requirements. The solution will secure all the cloud accounts, a single cloud account when there are multiple cloud accounts, or a group of cloud accounts based on complete requirements.

Whenever we have some issues, we approach the product team to get this solution. Recently, we faced some issues with the policies tab, which we use to create policies, and the investigation tab, which we use to create a new RQL. Whatever RQL query is implemented, there is no point in creating all the RQL queries to a policy. We get the data by creating an RQL query, and we create a policy to monitor the product. The count should match when there is a single RQL query from the investigation type and the policies tab or alert tab.

Recently, we faced an issue with a mismatch between the alert tab count and the investigation tab count. We approached the product team, and they suggested the solution within a very short time. There were some issues with the pipeline, but they fixed that bug within no time, and we got a 100% solution from them.

Three to four teams are working with a single product. The security, SOC, and DevOps teams are working with the product team to identify the misconfigurations in their environment. It's not just a single person who identifies the issues from service or product levels.

The DevOps or SOC team may identify an issue and inform our security team. Also, we may find some issues and inform the product team. A combination of all groups will work to identify issues and ensure that the product will work effectively. So, all the things will happen in a single process.

We have to close cases within a specific period based on the severity. Critical cases should be closed within one to three business working days, high-severity cases within three to five working days, medium-severity cases within five to eight working days, and low-severity cases within eight to fifteen working days.

We use some budget for the product based on the agreement. Besides that, we save a lot of money compared to the security level. I'm not talking about the product level. Product-level money is different based on the agreement. In the last one and a half years that I started working with this product, only one time without a product level or service level, we entered some credits by enabling some policies. If we have some knowledge of the product, almost 95%, there is no waste of money.

Prisma Cloud is a completely user-friendly product. The product is highly recommended for the cloud environment level. Whatever requirements we have, we can get by creating a new RQL based on our requirements. It is not only related to work. Whoever works with cloud security in an organization is greatly noticed.

If someone identifies an issue in your work, you'll remember that person. In the same way, when I notified some issues from the cloud account level, I used to interact with the entire DevOps team, not only a single person. The product helps you get more recognition.

Previously, we used the solution globally. However, because there may be a chance of data being made publicly accessible, we are currently onboarding only on the internet from the Prisma site. This secures the data and prevents it from being made publicly accessible.

I would recommend Prisma Cloud to other users or organizations looking to secure their organization in any cloud environment without budget constraints. I'm only talking about AWS because we have an AWS environment, but the solution can secure any cloud account effectively.

Overall, I rate Prisma Cloud a nine out of ten.

I would rate Prisma Cloud by Palo Alto Networks a seven out of ten, primarily due to the need for improvement in identity-based micro-segmentation and cloud network security. I appreciate the potential it offers for deployment, but the new module has yet to reach a point where we can effectively reduce risks.

All the cloud environments existed before Prisma Cloud came in. I don't believe we can build many things using Prisma Cloud, except for implementing guardrails. For instance, we can secure these workloads, but it will take time for them to be fully developed. The scanners, such as the infrastructure as code scanners that Prisma Cloud can certainly check, are capable of performing static and code analysis, among other tasks. However, I don't think Prisma Cloud is designed specifically for that purpose.

Prisma offers risk clarity from a core security perspective, but it does not cover the entire pipeline. To cover the entire pipeline, we would need to utilize a SaaS or DaaS tool. Prisma Cloud cannot serve as a substitute for those tools.

I used to primarily work with cloud-native services. So, I would leverage cognitive services across all three clouds. That was my main focus initially. However, now I have started using other tools such as Snyk and various reports. Additionally, I have also recently started using CSPM. I'm not entirely familiar with all of them yet, but I have been working on them since the beginning.

No maintenance is required from our end.

My clients are quite happy with this solution. Some of my clients are also based in the UK and Europe. So far, it has been good. It met their expectations. Their use cases are met, and they are able to monitor all their infrastructure. It has been good so far, and it worked for all the generic or standard use cases. That does not mean that it is going to solve all the use cases for all customers. If you want to go for a CSPM solution, you need to do a technical evaluation.

If you are looking into implementing a CSPM solution, I would advise first understanding your existing cloud landscape or your on-premise landscape. Understand your local regulatory requirements and local laws. After that, define the use cases. Define what exactly you are looking for and then go to market and evaluate different products. You can check whether there is an integration with AWS, Oracle, Alibaba, or any other cloud. If your regulatory requirements are that you cannot host your solution outside your country or you need to have it on-premises in your data center, not someone else's data center, you have to choose accordingly. You cannot go for Prisma Cloud. If you do not have any such regulatory requirements, you can go with Prisma Cloud or any other solution. 

You should also understand your future landscape in terms of:

• Over the next five or ten years, how do you want to grow? 
• What is your current IT strategy? 
• How are you evolving? 
• What would be your technology? 
• Would there be any major digital transformation? 
• How seamlessly can it integrate? 

You need to consider multiple parameters. It is also about money. It should also meet your financial budget.

Overall, I would rate Prisma Cloud a seven out of ten.

I rate the product nine out of ten. 

My advice to those before implementing the platform is to do the integration yourself if you have the time, are IT savvy, and have the necessary permissions. It only requires a little time, a few days to a week at most, and there is great value in doing the integration yourself rather than paying for their support to do it. Onboarding the solution will provide an understanding of how it communicates with the cloud environment, how roles are associated and created, and how the remediate feature functions. It's important to go through those steps rather than paying someone else to do it; you'll save money and understand how the tool does what it does, which is essential in utilizing it.

Regarding the solution securing the entire cloud-native development lifecycle across build, deploy, and run, we have yet to use it that way, not to say that we won't. This feature is a relatively new part of Palo Alto's CICD deployment, so we haven't used it yet.

Prisma Cloud provides a single tool to protect all our cloud resources and applications, without managing and reconciling disparate security and compliance reports to about 70%. However, we have yet to utilize the tool to its full capacity.

I give Prisma Cloud by Palo Alto Networks an eight out of ten.

If you are new to the cloud and you are not sure where to start, I would recommend using Prisma Cloud. It will give you a comprehensive view of your cloud security posture and help you to identify any areas where you may be vulnerable. You can also use Prisma Cloud to test and evaluate different security controls before you deploy them in your production environment.

Our entire company uses Prisma Cloud. Anything we deploy in the cloud is protected by the solution.

Prisma Cloud does not require maintenance from our end.

If someone is new to the cloud and looking for cloud security, I think the best place to start is Prisma Cloud. Prisma Cloud offers a comprehensive set of security capabilities, including CSPM, workload security, and cloud security. We can start by using the CSPM module to assess our cloud security posture and identify any potential vulnerabilities. Once we have addressed any critical vulnerabilities, we can then move on to the other modules.

Everything is a lesson because we started with no knowledge. We did not know that there would be many risks and offenses involved in our cloud security environment. We need to know all of the risks, and we can overcome them with Prisma Cloud.

I rate Prisma Cloud an eight out of ten. I deduct a couple of points because I would still like to see all the products in the platform correlated. They should also do away with the need to install multiple agents for various functionalities or burn it all down into a single agent that takes care of it.

My advice is to start early if you are moving from on-premises to a hybrid or cloud environment. Implement Prisma Cloud as soon as possible, especially for greenfield deployments. This isn't a problem with Prisma Access, but it's usually a challenge. You need time to customize your rules and tailor them to your setup. 

The second recommendation I have is for Prisma Cloud Compute, the cloud workload protection piece. It's available in self-managed and cloud versions. You should opt for the cloud-managed version because you can get two single-cloud platforms. 

I would rate Prisma Cloud by Palo Alto Networks a nine out of ten for its compatibility, easy upgrades, user-friendliness, and UI.

Regarding maintenance, we have deployed the application on a Kubernetes environment. We will have one EBS value for the console pod and one persistent volume for the application data. We are taking a snapshot of the PV because we can take a backup of the PV in the Prisma Cloud console UI, but this backup is stored on the same PV where the application is running. If the application crashes completely, we will not be able to restore the backup from the UI, and Prisma Cloud has suggested that we maintain a separate cluster for disaster recovery. However, this is too expensive for us. Therefore, we are taking a snapshot of the PV. If the application crashes, we can simply deploy the console on a new cluster and restore the data from the snapshot.

I would rate Prisma Cloud by Palo Alto Networks nine out of ten.

In terms of our location, we have different cloud service providers, such as AWS and Azure. The majority are AWS and Azure, where we have integrated Prisma Cloud. In terms of Docker and containers, we have integrated some types of labs and CI/CD parts. Therefore, we currently manage both AWS and Azure, as well as a few GCP parts, within a single console.

We have over 50 users.

Prisma Cloud requires maintenance and the OEM initially notifies us of the priority and schedule for maintenance.

I rate Prisma Cloud nine out of 10. We would recommend it to any large global enterprise because it improves performance and offers a better user experience. It also gives you application-level control instead of regular IP address control. The latest version has many new features. So they can use the in-app Application ID and point to MAC applications instead of regular TCP/IP ports.

I am very satisfied with Prisma Cloud, and we do not have any plans to change to anything else. I am confident that we will retain this solution for a long time.

Overall, I would rate Prisma Cloud a ten out of ten. We have received very positive feedback regarding this solution. I would recommend it to others.

I rate Prisma Cloud by Palo Alto Networks a nine out of ten.

We are the aligned partner for Prisma. We recommend the same tool to our clients, and the entire team is actively involved in training on the Prisma Cloud. In my interactions with various clients and stakeholders, I have noticed that some of them are not familiar with Prisma. However, they prioritize security and want to secure their cloud infrastructure. While some clients may not have the capability to use cloud-native tools, based on my observations, most of them are gradually transitioning to the cloud infrastructure and showing interest in the Prisma Cloud.

From a cloud security standpoint, and specifically as an organization, we are not bound by any specific domain. Our focus lies in securing the infrastructure from the client's perspective. For instance, consider a client who is new to the cloud and has migrated their infrastructure. If we do not have any governance measures in place for this scenario, our recommendation would be to opt for the comprehensive package offered by Prisma Cloud. This ensures that in the future or upcoming days, the client won't need to explore numerous other modules. However, it is worth noting that some clients may prefer to use separate modules. In general, we tailor our governance, security, and threat detection solutions to meet the specific requirements of each client. Internally, we provide a complete package.

In the current scenario, where my team is performing the migration for Prisma Cloud or the deployment area, we haven't yet tested the tool. We are planning to proceed with that testing. However, based on our discussions with the Prisma partner, they will integrate some functionalities because, in the DevOps environment, we haven't achieved the expected results. I wouldn't claim it's a hundred percent comprehensive, but based on our discussions and experiences so far, it's still a work in progress. We have conducted two tests, but the results haven't met our expectations.

From a DevOps standpoint, the CI/CD pipeline is still undergoing testing. I'm unsure about the time it will take, but initially, we are testing what we have learned from a CI/CD standpoint and a DevOps standpoint. We are currently investigating the best course of action and how we can integrate effectively. In some of our engagements, clients are requesting the integration of Prisma Cloud to optimize their DevOps area when deploying. However, currently, from a KPM perspective, this task is still manual. From a development standpoint, it will require time. It won't be accomplished in a single day or month, but rather, it will take time. This is because the configuration is still in progress. Moreover, from a security perspective, there are certain areas where we are uncertain. For instance, when considering GCP, it presents a gray area where we have been unable to identify any solutions from Prisma's standpoint. However, we need to determine how to effectively integrate the GCP infrastructure within the field.

Prisma Cloud can scan and monitor, depending on how it is configured. It can also trigger alerts, but it cannot stop an attack.

Prisma Cloud is maintained by Palo Alto.

Prisma Cloud will undoubtedly assist organizations in comprehending their infrastructure and identifying areas of uncertainty. The solution will streamline and minimize manual efforts. Users can obtain the comprehensive report with a single click, eliminating the need to access various services to retrieve logs. I highly recommend Prisma Cloud as it is cost-effective, and user-friendly, although its configuration can be a bit challenging.

I give the solution a nine out of ten.

I absolutely recommend Prisma Cloud by Palo Alto Networks at an enterprise level because the solution is an enterprise-grade product.

I highly recommend this solution, and I suggest anyone interested in it to explore a trial first. Once they see the benefits, they can proceed with full implementation. It enables you to consolidate everything under one control, making it a definite recommendation from my side. Overall, I would rate it nine out of ten.

I rate Prisma Cloud an eight out of ten. Having one place to go for all of your security alerts and notifications makes it easier to solve issues than going to each vendor's security tool.

Prisma Cloud by Palo Alto Networks earns a solid eight out of ten from me. The licensing models are well-designed and the technology scales effectively. While the pricing makes it an enterprise-level solution, its capabilities are technically suitable for organizations of all sizes. However, the high cost may not be financially justifiable for small businesses. Despite this, the product's technical capabilities allow it to seamlessly scale down to cater to small footprints while remaining robust enough for large enterprises.

We find that some of our customers may stick some technologies together to build their confidence as a compromise.

Our customer environments vary from 500 users and a couple of hundred workloads to 32,000 users and 2,000 workloads across multiple clouds. We typically run Prisma Cloud at an enterprise scale because of the affordability.

There are two types of support: operational and product. Product support is dependent on the supplies provided by our license. However, we also offer solution support, which sometimes involves interpreting reports and explaining what customers see. The amount of maintenance required depends on the customer's maturity, but it generally only takes a couple of hours per week. Two cybersecurity engineers are required for maintenance.

In our region, we have seen some management changes, and we find that the pricing remains extremely high and aggressive. Specifically in South Africa, Check Point has lost significant market share to Palo Alto. However, this rapid growth phase is now decelerating. The market in South Africa is limited in size, encompassing only a finite number of banks, insurance companies, and large enterprises. Many of these players have already switched to Palo Alto, leaving fewer attractive targets for Check Point. This decreased market potential will likely force Palo Alto to re-evaluate its pricing models. From a business perspective, there is often a pressure to continually outperform the previous year. This, combined with the high operating costs associated with their teams, has arguably led to a level of greed within the company, driving the pursuit of ever-increasing profits. However, the limited market size in South Africa poses a challenge to this approach. While Palo Alto enjoyed easy market penetration and rapid growth over the past four to five years, the landscape is now changing. Their previous strategies are becoming less effective, forcing them to adapt and evolve their approach to gain a foothold.

I recommend confidently reviewing Prisma Cloud, understanding your environment, and ensuring it is properly configured. Additionally, budget allocation should be confirmed.

I would rate Prisma Cloud by Palo Alto Networks nine out of ten.

Prisma Cloud necessitates maintenance for both weekly and monthly updates.

My advice to new users and researchers is to delve into Prisma Cloud's capabilities and potential. Understanding the full scope of what it can do is crucial for new users. It's not just about visibility or the GUI; it's about the underlying work that engineers do, such as runtime protection, virus detection, and code security. New users should have a clear understanding of these capabilities. They should participate in sessions, practices, and labs to gain hands-on experience.

Based on my own experience, I would I rate Prisma Cloud a ten out of ten. However, I haven't compared it with other solutions, so maybe other solutions have more features that Prisma is lacking. My advice is to implement Prisma if it has the features you want but also shop around because I'm sure other solutions are just as good as this one.

We are using cloud protection, virtual protection, and the CI/CD modules of Prisma Cloud by Palo Alto Networks.

The comprehensiveness of the solution for protecting the full cloud-native stack is pretty good. We need to monitor those things. We initially did all the configuration from the container or API side. Now, our work is only to monitor periodically. It has a report functionality on a mail and download basis.

Periodically, we'll receive a mail asking us if we want to work on the weekly summary of our findings. There is a rescan functionality that I can use to rescan and confirm if someone has fixed a vulnerability so that it will not be shown in the results the next time. Prisma Cloud provides comprehensiveness that covers most of the areas.

When we didn't have this tool initially, we had to run around for different open-source tools because there was no one-stop solution. We had to go for different open-source tools for different functions. Prisma Cloud is a one-stop solution that covers multiple things like API security, container security, infrastructure security, AWS cloud security, and CI/CD security. So, it's a complete package for us to look around and figure out the issues in every area.

We did not immediately realize the solution's benefits from the time of deployment. It took an initial one month to understand the functionalities and their uses. After one and a half months, we were able to identify the benefits of using these services.

The solution provides the visibility and control we need. Initially, we did some access analysis to know what kind of permissions these particular agents are running. Then, we got to know and understand the agent's particular privileges.

The solution has reduced runtime alerts by around 15 to 20%. As soon as we use any image, we decide to run the scan and get the finding immediately. We have a time window to figure out the issue.

In case of an incident, Prisma Cloud requires some maintenance. If something happens because of the tool, we have to stop those agents, rerun them, and then check the logs. Sometimes, the services are disrupted when we enable something amid permission issues. So, that part definitely requires some maintenance.

I would recommend Prisma Cloud by Palo Alto Networks to other users. Prisma Cloud is a one-stop solution where you get multiple tools within one tool. That is a great thing because you don't have to run around for different kinds of tools.

Overall, I rate Prisma Cloud by Palo Alto Networks an eight out of ten.

I would say that this solution provides security spending in multi and hybrid cloud environments.

Regarding the comprehensiveness of this solution for protecting the full cloud-native stack, I would say that CSPM is suitable for postal security management, but other than that, there are a lot of pros and cons. We cannot say for 100% that this works for everything on the cloud.

Regarding Prisma Cloud, I would say it has helped us take a preventive approach to cloud security and that it works quite well.

Prisma Cloud provides the visibility and control that we need in the network overall, but the levels of visibility and control vary depending on the module. We need to have the solution integrated with the different tolls, which is quite complex. Our confidence in security and compliance postures is good overall in terms of complaints.

Prisma Cloud has enabled us to integrate security into our Ci/CD pipeline and as touch points into existing DevOps processes. When it comes to the seamlessness of the dash points in our DevOps and touchpoints, there are pros and cons, but a lot of the things have to do with the vendor itself and that's where the challenge is. The integrations are critical because we need to have a lot of talks with Prisma to sort out all those issues.

When it comes to this solution providing us with a single tool to protect our cloud resources and applications without having to manage our security and the compliance report, I would say it's fine with the organization. We plan to move in the future when we move the workloads into the cloud more and more, and we will think about it when we see how it will behave with more workloads and that's when we will discuss it all.

Prisma Cloud provides risk clarity at runtime across the entire pipeline showing issues as they are discovered during the billing basis. But other tools have more capability than Prisma for governance policies. Our developers can correct Prism's governance policies using the tools they use to code and only once they have indicated the safety pipeline, they will get the others to make it a bit more visible and fix vulnerabilities before moving to production.

We are currently using almost all modules of this solution.

I would say that Prisma Cloud has helped us reduce runtime alerts.

I would say that Prisma Cloud has helped us save money because it allows us to have information on the threat before it happens.

I would rate this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.

My advice is to take your time before going the CSPM route. Look at your environments and inventory everything in it. There is, obviously, no shadow IT in the cloud. It's very easy to get an inventory of the resources you are running on. Get an overview and see if having a powerful CSPM at your side is really a need. There are a lot of open-source solutions that can do the job for smaller environments.

From what I understand, Palo Alto is trying to push Prisma Cloud to become more than a simple CSP tool, since it offers the ability to cover the global environment of cloud applications, such as doing scanning and infrastructure-as-code, and managing IAM, rather than doing it directly in the cloud provider. They are trying to centralize things.

It can also be used to manage containerized applications. It can do runtime security in container-based managed services of cloud providers, such as EKS (Elastic Kubernetes Service) which is a service managed by AWS. You can rely on Prisma to put an agent in such environments to monitor and supervise the security. You can also use it to scan the container images that are stored in repositories, whether they are on-premises or in the cloud. I've heard that Palo Alto is doing a lot of things like this, but as of today, I'm only using the CSPM part.

And in terms of security automation capabilities, I've used Checkov, which is the tool they are using for scanning specialized code like Terraform. In its origins, Checkov is an open-source tool and I've been using it with my clients by deploying it in CI/CD chains to scan, automatically, the code that is pushed inside repos and deployed in the cloud. But I have never used the Chekhov that is built into Prisma Cloud.

Similarly, I know Prisma offers the possibility of auto-remediation, but I have not enabled this option. It could be a bit dangerous because there is the context and a lot of things to take into consideration before blocking something, before deployment or after deployment. So, I have not used its preventive actions.

The solution provides visibility into complex or distributed cloud environments, but I can think of a couple of scenarios where clients might not think the same. It supports the top five clouds, but if you are using another cloud provider, you won't be able to use Prisma Cloud for that instance. You would be able to use the Compute module, but it would be very hard to use the CSPM capabilities on such a cloud provider since their APIs are not working with Prisma. But if you are using the most commonly used clouds, Prisma Cloud is a very valuable asset.

Prisma Cloud is a very powerful tool and it can be used in various scenarios, but it doesn't cover everything. You might choose a cloud provider that is not supported or prioritized by Prisma. If you are using Oracle Cloud or Alibaba, you might want to get another solution, maybe one that comes with better policies and a better investment in those technologies.

Aside from that, Prisma Cloud is a good solution if you are using a mainstream cloud provider. Prisma Cloud can help enhance your security posture. Because it's a Palo Alto product, you can be sure that there is a lot of maintenance behind it. The product will be able to keep up with the market. They will keep the features coming and it will continue to be a better product over time.

My advice for anybody who is considering this product is to give it a good look. Give it a good cost-balance rationalization versus the cost of a compromise or breach, because it's your defense mechanism against exposure.

I would rate this solution a ten out of ten.

We're Prisma Cloud customers. 

I'd rate the solution eight out of ten. 

It's a very good product if you look at the market right now. It offers all types of features, including cloud security, workflow protection, etc. It's all bundled together for convenience. 

We don't use Prisma for build and deploy, we use another set of tools. Right now, we are doing our internal due diligence to figure out if we can replace all of those with a single tool, whether it's Prisma or any other tool. We don't know at the moment.

It's very hard to attribute any kind of runtime alert reduction to Prisma Cloud as we use a whole zoo of tools. Prisma is just one piece of the puzzle. We don't have too many runtime alerts thanks to the joint work between our build tools, deployment prevention security tools, and Prisma.

While it's a good tool, you need to be mindful of serverless because serverless runtime security is tricky and, unfortunately, Prisma doesn't do too much there. Other than that, it's a good tool.

I rate Prisma Cloud seven out of ten. Before you implement Prisma or any other solution, you need to ensure you have all the tools you need in place and know if it will fit into your current environment.

If you have compliance requirements such as PCI or ISO, going with Palo Alto would be a good option. It will make your life much easier. If you do not have Layer 7 visibility requirements and you do not have auditing and related requirements, then you could probably survive by going with a traditional firewall. But if you are a midsize or enterprise company, you will need something that has the capabilities of Prisma Cloud. Otherwise, you will have issues. It is very difficult to work with the typical solution where there is no log and you don't know exactly what happened and there is too much trial and error.

Instead of allowing everything and then trying to limit things from there, if you go with a proper solution, you will know exactly what is blocked, where it is blocked, and what to allow and what not to allow. In terms of visibility, Prisma Cloud is very good.

One thing to be aware of is that we have a debate in our environment wherein some engineers from the cloud division say that if we had an Azure-based product, the same engineer who is handling the cloud, who is the global administrator, would have visibility into where a problem is and could handle that part. But because we are using Palo Alto, which has its own administrators, we still have this discussion going on.

Prisma Cloud also provides security spanning multi- and hybrid-cloud environments, which is very good for us. We do not have hybrid cloud as of now, but we are planning, in the future , to be hosting infrastructure on different cloud providers. As of now we only have Azure.

Because Zero Trust is something new for us, we have actually seen a significant increase in alerts. Previously, we only had intra-zone traffic. Now we have inter-zone traffic. Zero Trust deployments are very different from traditional deployments. It's something we have to work on. However, because of the increased security, we know that a given computer tried to scan something during office hours, or who was trying to make certain changes. So alerts have increased because of the features that we have turned on.

I rate Prisma Cloud nine out of 10. If you're considering Prisma, I suggest starting with a PoC. Consider all the features and go for the ones that are suitable for your organization and add value. You could adopt the solution blindly, but there are some additional costs for the add-ons. 

Have a clear plan for how you will structure your policies, then decide right from the get-go if you will augment the delivered policies with your custom ones to minimize the amount of rework that you need to do. Likewise, make sure that the ticketing application that you are planning to integrate with, if you're going to track remediation activities, is one that is supported. If not, have a plan for getting that integration going quickly.

Biggest lesson learnt: Do better planning for that third-party and downstream integration that you will be doing with your ticketing platform. Right out of the gate, our options were rather limited for integration and ticketing. It seemed to be geared around incident handling or incident response more than compliance management or vulnerability response.

The solution is comprehensive for protecting the full cloud native stack. It covers nearly all of our use cases. The gaps present are more a function of API visibility that we get from Azure, for example. As they roll out or make generally available new services, there is a lag time in the tool's ability to ingest those services. However, I think that is more a function of the cloud platforms than Prisma Cloud.

This solution is a strong eight out of 10.

I would rate Prisma Cloud by Palo Alto Networks nine out of ten. Its architecture is well-designed, more reliable, and more secure.

We have Prisma Cloud deployed in multiple locations across the globe.

The maintenance is done on the cloud.

I recommend Prisma Cloud to others.

When we started using Prima Cloud a year ago, we had 7,000-plus alerts. We went through many of the policies that resulted in numerous false positives and we went through the RQL (Resource Query Language) queries that were not applicable to our environment and that created false positives from their side. We reported them with the details via their case submission. They checked on them and they modified some of the alerts as a result of our request. They are progressing with their changes. We have reduced to 500-plus alerts in the past eight months and we are in good shape in terms of security posture.

Overall, I would rate Prisma Cloud at seven out of 10. It has the scalability and easy onboarding where we can onboard an organization with a few clicks and the integration part will take care of the rest. I appreciate that. But the log retention and integration with third-party solutions need improvement.

I would rate Prisma Cloud six out 10. I would recommend it if you are using AWS or anything like that. It's quite a tool and I'm impressed with how they have been improving and onboarding new features in the past one and a half years. If you have the proper logging system and can implement it properly within your architecture, it can work really well.

If you are weighing Prisma Cloud versus some CASB solution, I would say that it depends on your use case. CASBs are a different kind of approach. When someone is already using a CASB solution, that's quite a mature setup while CSPM is another side of handling security. So if someone has CASB in place and feels they don't need CSPM, then that might be true for a particular use case at a particular point in time. But also we need to think of the current use case and the level of maturity at a given point in time and consider whether the security is enough.

You need to identify how you'll be using it and what your use cases are. If you don't have a mature enough organizational posture, you're not going to use it to actually fix the issues because you won't have the teams ready to consume its information. You need to build that and that needs to be built into the thinking around that product. There's no point having information if you're not going to act on it. So understand who is going to act on it, and how, and then you've got a much better path to understanding your use for this. There's no point in buying a product for the sake of the product. You need the processes and the workflows that go with it and you need to build those. It's not good enough to just hope that they will happen.

The solution doesn't secure the entire spectrum of compute options because there are other Palo Alto products that secure containers, for example. This is very specifically focused on the configuration of the public cloud instances. It doesn't look inside those instances. You would need something else for that. You don't want to be using other products to do this. You don't want to mistake this for something that does everything. It doesn't. It is a very specific product and it is amazingly good at what it does.

We do integrate it with our workflow as part of the process of getting an application onto the internet. It does integrate with our workflow, giving us a posture as part of the workflow. But it is not a workflow tool.

It definitely does multi-cloud. It does the three major ones plus Alibaba Cloud. It doesn't reach into hybrid cloud, in the sense that it doesn't understand anything non-cloud. We don't use it to provide security, although it is very good for that. We already have an advanced security provision posture, because we are a very large organization. We just use it to inform us of security issues that are outside our other controls.

Prisma Cloud doesn't provide us with a single tool to protect all of our cloud resources and applications in terms of security and compliance reports because we have non-cloud-related tools being folded into the reports as well. Even though it works on the cloud, and is excellent at what it does, we integrate it with our Qualys reports, for example, which is the scanning on our hosts. Those hosts are in the cloud, but this doesn't touch them. There's no such thing as a single security tool, frankly. It's basically part of our portfolio and it's part of what every organization needs, in my opinion, to be able to manage their cloud security postures. Otherwise, it would just never work.

I would rate Prisma Cloud a ten out of ten.

Twenty-four people monitor Prisma Cloud alerts each day in our organization, and any issues are sent to developers to be addressed.

Maintenance is required to upgrade the dashboard.

I am a customer and end-user. 

I'm not sure if the product is useful in a multi-cloud environment. I hope it is. We just have the one cloud environment we use it in. That said, we are using it in multiple staging environments. 

We have not enabled the Code Security module. We still need to integrate in that sense with Prisma. We did do the integration with cloud infrastructure. 

For any product you choose, it's good to consider security. I'd recommend Prisma as it offers good security. 

I'd rate the solution eight out of ten. There isn't really anything missing in the product. However, there's always scope for improvement. 

It makes sense for a smaller company to use the native cloud tools, but for a large organization it makes sense to have a tool like Prisma Cloud with centralized information, especially for security.

I would rate Prisma Cloud by Palo Alto Networks a seven out of ten.

Maintaining Prisma Cloud is generally straightforward.

We have Prisma Cloud deployed in a single department used for the billing system in our hybrid cloud environment. We have eight users.

While Prisma Cloud Complete offers runtime protection, organizations seeking a comprehensive cloud security solution should implement Prisma Cloud SaaS. 

It takes a little bit of time to create time to value for the solution. A new customer might not have any idea of a cloud's capability. Some people need training and this might be on a quarterly or monthly basis to get the customer up to speed. Once they are more knowledgeable about the solution, they can utilize its capabilities more fully.

I'd recommend the solution. It's comprehensive for securing the entire cloud-native development life cycle across the build, deploy, and run. It not only provides security protection in the runtime environment - it also covers CI/CD. We can integrate Azure DevOps or any kind of solution like Jenkins. 

For new customers, I'd recommend they take on a demo or POC. They can get a one-month license and try it out. Customers can coordinate with partners and see how it would work in their environment. If a customer has a multi-cloud environment, this is a good choice. 

I'd rate the solution nine out of ten. 

I advise others who may want to implement Prisma Cloud by Palo Alto Networks to check it in a test environment first to ensure it does what they expect.

My rating for Prisma Cloud by Palo Alto Networks, overall, is eight out of ten.

I'm a partner and reseller.

I'd rate the solution nine out of ten. 

I'd recommend the solution to others. The cloud-based version is very good. Users can rely on the product.

I suggest that my customers adopt Prisma for every module. It's the best security platform, where we can provide security for multiple clients without using the native security approach.

I highly recommend this solution.

It is a good tool. Work with your stakeholders and cloud teams to implement Prisma Cloud within as many environments as you can to get that rich amount of data, then come up with a strong strategy for integrations and alerting. Prisma Cloud has a lot of integrations out-of-the-box, like ServiceNow, Jira, and Slack. Understand what your business teams need as well as what your engineering and developers need. Try to work on the integrations that allow for the maximum amount of integration and automation within a cloud environment. So, work with your business teams to come up with a plan for how to implement it in your cloud, then how to best integrate the tooling and alerting.

While Prisma Cloud does have the ability to do auto-remediation, which is a part of their automation, we didn't turn any of that on now because those features have a tendency to sometimes break things. For example, it will automatically shut down a security group or server that can sometimes have an impact into availability. So, we don't use any of the auto-remediation features, but we do have automation setup with Jira and Slack to create tickets and events for our ticketing and infrastructure teams/Slack channels.

We definitely want to continue to explore and build-in some of the Shift Left principles, getting the tool into our dev cycles earlier. We do have some plans to expand more on the dev side. I am hiring an AppSec engineer who will be focused more on the development and AppSec side. That is something that is in our roadmap. It has just been something that we have been trying to work on and get into our backlog of a lot of projects.

I would rate this solution as a nine out of 10.

We're an MSP; we provide this product to customers. We provide security as a service.

We wouldn't recommend the solution for SMEs or startups. This is for larger corporate enterprises like large banks, fintechs, or telcos. It's good for larger infrastructures that might have legacy controls or devices.

Prisma is not the only solution in the market; there are others as well. It offers good core functionality, and it covers your whole cloud environment. It's a fully-fledged package that can help provide insights into security threats in any kind of development environment, from production to staging.  

I'd rate the solution seven out of ten.

If you are interested in Prisma Cloud, look at your business cases first. If you have a massive, large-scale infrastructure, they should not go into new products blindly.

I love Prisma Cloud. It's a one-stop shop for managing cloud security. And it is very easy to use. The dashboard and all the UI are very easy.

My company is a reseller for Palo Alto Networks, so it does the implementation, POC, and setup for customers.

In terms of Prisma Cloud reducing runtime alerts overall for clients, that would be up to the clients or customers. The solution is configured, so if you get a lot of alerts, you have to work towards burning down and making it contextual to your existing setup and what your business requires. From an implementation perspective, my company will set up the defaults, wait, and then work with the customer on how often they want to burn it down and contextualize it to their needs or requirements. Reducing runtime alerts is essentially up to the customers because if the customer gets a lot of alerts and does not spend time to make them contextual, then that customer will continue to get alerts. It is essential to make it contextual to your system if you want to reduce the alerts you receive.

Here is how I would rate Prisma Cloud by Palo Alto Networks: as a pioneer solution, and as it is cloud-based, and considering the security perspective, the solution is an eight out of ten, so the rating is high. However, in terms of setting it up and implementing it from a customer's point of view, Prisma Cloud by Palo Alto Networks becomes a seven out of ten. Not all things often work, and you still have many features you need to explore as a customer. Support for partners or the portal could also be better, where it should give more information, so the rating becomes a five out of ten. Overall, my rating for Prisma Cloud by Palo Alto Networks is a seven out of ten based on experience, but at this point, it could still be the market leader.

My company is a reseller, partner, and implementer of Prisma Cloud by Palo Alto Networks.

I rate Prisma Cloud a nine out of ten. Before implementing Prisma, research the different features and look at your current tools to identify the gaps. What is not meeting your compliance needs? What policies do you have, and how can Prisma align with the strategy?

I would highly recommend automating the process of deploying it. That has made just a huge improvement on the uptake of the tool in our environment and in the ease of integration. There's work involved in getting that done, but if we were trying to do this manually, we would never be able to keep up with the rate that we've been growing our environment.

The biggest lesson I've learned in using this solution is that we were absolutely right that we needed a tool like this in our environment to keep track of our AWS environment. It has identified a number of misconfigurations and it has allowed us to answer a lot of questions about those misconfigurations that would have taken significantly more time to answer if we were trying to do so using native AWS tools.

The tool has an auto-remediation functionality that is attractive to us. It is something that we've discussed, but we're not really comfortable in using it. It would be really useful to be able to auto-remediate security misconfigurations. For example, if somebody were to open something up that should be closed, and that violated one of our policies, we could have Prisma Cloud automatically close that. That would give us better control over the environment without having to have anybody manually remediate some of the issues.

Prisma Cloud also secures the entire development lifecycle from build to deploy to run. We could integrate it closer into our CI/CD pipeline. We just haven't gone down that path at this point. We will be doing that with the Compute functionality and some of the teams are already doing that. The functionality is there but we're just not taking advantage of it. The reason we're not doing so is that it's not how we initially built the tool out. Some of the teams have an interest in doing that and other teams do not. It's up to the individual teams as to whether or not it provides them value to do that sort of an integration.

As for the solution's alerts, we have them identified at different severities, but we do not filter them based on that. We use those as a way of prioritizing things for the teams, to let them know that if it's "high" they need to meet the SLA tied to that, and similarly if it's "medium" or "low." We handle it that way rather than using the filtering. The way we do it does help our teams understand what situations are most critical. We went through all of the policies that we have enabled and set our priority levels on them and categorized them in the way that we think that they needed to be categorized. The idea is that the alerts get to the teams at the right priority so that they know what priority they need to assign to remediating any issues that they have in their environment.

I would rate the solution an eight out of 10. The counts against it would be that the Compute integration still seems to need a little bit of work, as though it's working its way through things. And some of the other administrative pieces can be a little bit difficult. But the visibility is great and I'm pretty happy with everything else.

We are a Palo Alto partner.

After using the solution for about two years, I would rate it nine out of ten so far. 

I rate Palo Alto Prisma Cloud nine out of 10. Everything is neat, clean, and easy to use. However, when you commit changes through the UI, it takes some time to load on every system. 

I would rate this solution as eight out of ten. 

Those who want to use this solution, need to understand the concept behind this product and get to know their own environment first. The solution will give you holistic visibility of your assets, which will show you what needs to be fixed. Security comes with an expense, so it depends on what you want to leverage and where.

I'm still testing the automation capabilities because my organization is specific to one cloud. They were more aggressive on Azure and AWS Prisma Cloud, but now they are considering GCP customers as well.

We're still in POC mode for continuous security that comes under runtime protection. I can't 100% guarantee that it reduces runtime alerts.

I rate Prisma Cloud 10 out of 10. 

I'd rate the solution an eight out of ten. 

I give Prisma Cloud by Palo Alto Networks an eight out of ten.

Based on an organization's basic requirements for auditing and detection, I would recommend Prisma Cloud.

The best thing I have learned about Prisma Cloud is that it is a single platform, like SIEM. This is beneficial for network engineers because it reduces the complexity of finding the cause of an issue. With Prisma Cloud, everything can be found in one place.

To a colleague at another company who says, “We are just looking for the cheapest and fastest firewall," I would say that it's never the cheapest and the fastest. You always need to lay down what your needs are and then go after who has the right level of capabilities, competencies, and price point.

Palo Alto embeds machine learning in the core of the firewall to provide inline, real-time attack prevention. Every vendor needs to be considering how they're going to appropriately integrate both generative AI and machine learning. As we move forward, it's going to be table stakes.

In terms of the value I receive from attending an RSA Conference, I have two hats. I'm working for an organization. It's federally funded research and development. Attending an RSA Conference helps me keep a finger on the pulse of that, but I also am a security blogger, so I make sure that I'm keeping up to date. Talking to people is another important part of this conference. The one thing that's missing from the conference is that there's so much focus on reaction instead of protection up front and thinking about things up front, but it's a very valuable conference overall. 

Overall, I'd rate them an eight out of ten. They are well known in this field, and they do have good products that are niche to what they're doing.

We used the API from Prisma Cloud. We had a Jenkins pipeline with a lot of scripts to automate the installation of Prisma Cloud and the patching updates as well.

In our company, the security team had about 10 people, but only two were responsible for Prisma Cloud. As I mentioned, we inherited ownership of it from the containers team. In the containers team, we had a guy who was our main contact and who helped us. For example, when we needed to access a certain environment, he had to manage access so that it could have privileged access to do what it needed to do in the container environment. So overall, there were three people involved with it.

We used Prisma Cloud extensively. We used it across the whole on-prem environment and partially on cloud. We were at around 10 or 20 percent of the cloud. I think that nowadays they have probably reached much more than that, because we were just beginning on the cloud at the time.

Smaller companies should probably use the SaaS. I know that Azure and the cloud providers already have different ways to use tools in an easy manner so that you don't need to manage the infrastructure. So smaller companies should look into that. The infrastructure solution would be more for big companies, but I would recommend the solution for big companies. I would also recommend it for small companies. In terms of budget, sometimes it's hard to prioritize what's more important, but Prisma fits into different budget levels, so even if you have a small environment you can use Prisma's SaaS solution.

I was pretty satisfied with it. My impression of Prisma Cloud was pretty good. It's an amazing tool. It gives the whole view of your container environment and connection with multiple platforms, such as Splunk. It is a good solution. If I had my own company and a container environment, I would use it. It can fit a huge container environment with a lot of hosts, but it can also fit a small container environment. Azure also provides built-in solutions to install Prisma in your application. So there are different solutions for various container environments. The company I was in had huge container environments to monitor, on-prem and in the cloud, and the tool fit really well. But the tool also fits small environments.

My advice would be not to look at it like you're implementing a tool. Look at it like you're changing your processes. You need to plan for the impact of the data for the various teams across Dev and Security and Ops. Think very holistically, because a lot of this cloud container stuff spans many teams. If you only look at it as "I'm going to plug a tool in and I'm going to get some benefit," I think you'll fail.

Prisma Cloud covers both cloud and container, or could cover either/or, depending on your needs. But in both of those cases, there's often confusion about who owns what, especially as you're creating new teams with the transition to DevOps and DevSecOps. Successful implementation has a lot to do with working out lines of ownership in these various areas and changing processes and even the mindset of people. You have to make strides there to really maximize the effectiveness of the solution.

The solution provides Cloud Security Posture Management in a single pane of glass if you're using the SaaS solution, but we do not. Our use case does not make it feasible for us to use the SaaS solution. But with the Prisma Cloud features and compute features in the self-hosted deployment, you have to go to multiple panes to see all the information.

When it comes to the solution helping us take a preventative approach to cloud security, it's a seven or eight out of 10. The detective side is a little higher. We are using the detective controls extensively. We're getting the visibility and seeing those things. There is a lot of hesitance to use preventative controls here, both on the development side—the continuous integration stuff—and particularly in the runtime, continuous monitoring protection, because you are just generally afraid. This mirrors years and years ago when intrusion prevention first came out at the network level. A lot of people wanted to do detection, but it took quite a few years for enterprises to get the courage to start actively blocking. We're in that same growth period with container security.

When it comes to securing the entire cloud-native development lifecycle, across build, deploy, and run, it covers things pretty well. When I think about it in terms of build, there are integrations with IDEs and development tools and GitHub, etc. Deploy is a little shakier to me. I know we have Jenkins integration. And run is good. In terms of continuous monitoring, it feels build and run are a little stronger than deploy. If we could see better integration with other tools, that might help. If I'm doing that deploy via Terraform or Spinnaker, I don't know how all that plays with the Jenkins integrations and some of the other integrations that Palo Alto has produced.

Overall, it feels like a pretty good breadth of integrations, as far as what they claim. They certainly support some things that we don't use here at build and deploy and runtime. But a lot of what they rely on, in terms of deploy, is API-driven, so it's not an easy-to-configure, built-in integration. It's more like, "We have an API, and if you want to write custom software to use that API, you can." They claim support in that way, but it's not at the same level as just configuring a couple of items and then you can scan a registry.

In the container space, we have absolutely seen benefit from the solution for securing the cloud-native development lifecycle. At the same time, it has required some development on our part to get the integration. Some of that is because we predated some of the integrations they offer. But in the container space, there has definitely been a huge impact. The impact has been less so in cloud configuration, because there are so many competing offerings that can do that with Terraform and Azure Security Center and Amazon native tools. I don't feel like we've made quite the same inroads there.

In terms of it providing a single tool to protect all of our cloud resources and applications, I don't think it does. Maybe that's because of our implementation, but it just doesn't operate at every level. I don't think we'd ever go down that path. We have on-premise tools that have been here a long time. We've built processes around reporting. Vulnerability scanning is an example. We run Nessus on-premise, and we wouldn't displace Nessus with, say, a Twistlock Defender to do host-level scanning in the cloud, because we'd have a disparate tool set for cloud versus on-premise for no reason. I don't ever see Prisma Cloud being the single solution for all these security features, even if they can support them.

It's important that it integrate with other tools. We talked earlier about a single dashboard. A lot of those dashboards are aggregating data from other tools. One thing that has been important to us is feeding data to Splunk. We have a SIEM solution. So I would always envision Prisma Cloud as being a participant in an ecosystem.

In summary, I actually hate most security products because they're very siloed and you have mixed-vendor experiences. I don't think they take a big-picture view. I've been really pleasantly surprised with how Prisma Cloud is, over time, covering more and more of the topics I care about, and listening to customer feedback and growing the product in the right directions. For the most part, it does what they say it will do. The vendor support has also been good. I would definitely give the vendor an eight out of 10 because they've been great in understanding and providing solutions in the space, and because of the reliability and the responsiveness. They've been very open to our input as customers. They take it very seriously and we've taken advantage of that and developed a good relationship with them.

When it comes to the solution itself, I would give the compute solution an eight. But I don't think I would give the Prisma Cloud piece an eight. So overall, I would rate the solution as a seven because the compute is stronger than the other piece, what used to be RedLock.

I would also emphasize that what I think is a strong roadmap for the product and that Palo Alto is really interested in customer feedback. They do seem to incorporate it. That may be our unique experience because our use cases just happen to align with what Palo wants to do, but I think they're heading in the right direction.

Early on in a solution's life cycle or problem space, it's more important to have that responsiveness than it is even to have the fullest of solutions. The fact that we came across this vendor, one that not only mostly covered what we needed when we were first looking for it three years ago, but that has also been as responsive as they have to grow the solution, has been really positive.

I have not compared it with other tools, but overall, I found it to be pretty good when resolving the challenges that we were facing early on. I did not get a chance to look at the Gartner report in terms of where it stands, but based on my experience with this solution, I was quite satisfied.

It is a good solution. Each team should utilize it. Every good organization is now moving towards or trying to be provider agnostic, so if you are using multiple providers, you should at least give Prisma Cloud a try.

Prisma Cloud enables you to integrate security into your CI/CD pipeline and add touchpoints into existing DevOps processes. I know it is possible, but we were already using some other tools, so we did not try this feature. We already had a good process utilizing other scanning tools, so we did not try that feature, but I know that they have this feature.

Prisma Cloud provides risk clarity at runtime and across the entire pipeline, showing issues as they are discovered during the build phases, but this is linked to the CI/CD pipeline, which we did not implement. We looked at the risk level of the infrastructure deployed. We also looked at which cloud platform is having issues. The risk-level clarity was certainly there. It was possible to see the risk level and prioritize the activities or other items with a higher risk, but we never tried CI/CD pipelines.

Overall, I would rate Prisma Cloud a nine out of ten.

I give Prisma Cloud by Palo Alto Networks a nine out of ten for its ease of use, value, and support.

One Prisma engineer or security person with training is able to maintain the solution. For our mature organization, we utilize all of Prisma Cloud by Palo Alto Networks tools.

I recommend Prisma Cloud by Palo Alto Networks. The solution is easy to use and intuitive for the most part. The licensing is comprehensive and straightforward, and the modules can be easily integrated to improve our development.

In Africa, many people do not typically associate the cloud with security due to the prevalence of on-premises security solutions. However, upon utilizing Prisma Cloud by Palo Alto Networks, we have come to realize that it is an excellent and secure tool.

When it comes to its security automation capabilities, currently, not every customer prefers to automate. We have been trying to implement automation, and when the right access was given, we did a certain amount of automation to immediately block the firewall rules or revoke access when any privileged access has been given. We have been doing a little bit of automation, and it has been good. We are able to achieve our goals. Out of two customers in this company and eight customers in my previous company, only three customers preferred to do automation to a certain extent. The rest of them wanted the alerts to be sent to the incident response team of their SOC. They wanted their team to act upon them. They only allowed us to automate high severity ones or highly critical ones. For example, they only allowed us to automate things like immediately blocking access to specific ports or IPs, but we haven't tried the automation to a full extent.

It enables you to integrate security into your CI/CD pipeline and add touchpoints into existing DevOps processes. We implemented it for just one use case. Before that, we were using Qualys Container Security in the CI/CD pipeline. After switching to Prisma Cloud, I did not have an opportunity to evaluate it completely because I moved to another organization. In my previous organization, we had expertise in DevOps. We had a dedicated DevOps team with almost six years of experience in automating the entire deployment of servers infrastructure, as well as applications. It was pretty easy for them to implement or integrate any security tool into the CI/CD pipeline. In my current organization, we don't have an expert team, and we struggle a bit in implementing things because there are multiple CI/CD deployments from Jenkins to Amazon's native one and Git. So, we take support from Palo Alto to get things deployed during the PoCs. In my previous organization, it was also easier for us to implement because the training provided from the Palo Alto side was quite good, and we had a lot of training materials in the partner portal. We utilized them. We got in touch with the technical team, and we implemented things quite faster, but here, there is a bit of lag because we don't have expertise in DevOps for implementations or integrations.

It can provide risk clarity at runtime and across the entire pipeline, showing issues as they are discovered during the build phases. Shifting your security to the left cuts down the entire life cycle of application deployment, and it does help to fix the security issues at the beginning of the development life cycle itself. We have not seen a large amount of time being cut down. That's because, typically, teams deploy the code, and then initiate a security scan. By integrating these things into the early development cycle, the time can be cut down to three weeks from about one and half months.

I would rate this solution a seven out of ten.

If your specialization involves blueprint certification against a compliance standard, then you can go with Prisma Cloud. It is very powerful for data loss prevention, and I would rate it at seven on a scale from one to ten.

Focus on operationalizing the service. Don't just keep focusing on features, but also how you will deploy the solution and how it will be part of your entire CI/CD pipeline, then how will you manage all the features and the long-term running of this service. This is where you should start your focus. You can only use the features if you are doing a seamless integration, so focus your requirements on running, maintaining, and continuous use of it.

The comprehensiveness of the solution is good for securing the entire cloud-native development lifecycle, across build, deploy, and run. There is room for improvement, but it is better than other solutions. It is somewhere between seven to eight out of 10, in terms of its comprehensiveness. It doesn't affect our operations that much because we have some long-term goals and we are hoping that this solution will also deliver in that time. For the long term future, we made some changes to our design to accommodate these things.

I would rate the solution as eight out of 10.

My advice is that if you have the opportunity to integrate and utilize Prisma Cloud you should, because it's almost a given that you can't get any other cloud security posture management system like Prisma Cloud. There are competitors that are striving to achieve the same types of things. However, when it comes to the governance element for a head of architecture or a head of compliance or even at the CSO level, without that holistic view, if you use one of them you are potentially flying blind. 

Once you've got a capability running in the cloud and the associated demand that comes through from the business to provision accounts for engineers or technical service owners or business users, the given is that not every team or every user that wants to consume the cloud workload has the required skill set to do so. There's a certain element of expertise that you need to securely run cloud workloads, just as is needed for running applications or infrastructure on-premise. However, unless you have an understanding of what you're opening up to—the risk element to running cloud workloads, such as a potential attacks or compromise of service—from an organizational perspective, it's only a matter of time before something is leaked or something gets compromised and that can be quite expensive to have to manage. There are a lot of unknowns. 

Yes, they do give you capabilities, such as Trusted Advisor, or you might have OpenSCAP or you might be using Forseti for Google Cloud, and there are similar capabilities within Azure. However, the cloud service providers aren't native security vendors. Their workloads are built around infrastructure- or platform-as-a-service. What you have to do is look at how you can complement what they do with security solutions that give you not just the north-south view, but the east-west as well. You shouldn't just be dependent on everything out-of-the-box. I get the fact that a lot of organizations want to be cloud-first and utilize native security capabilities, but sometimes those just don't give you enough. Whether you're looking at business-risk or cyber-risk, for me, Prisma Cloud is definitely out there as a specialist capability to help you mitigate the threat landscape in running cloud workloads.

I've certainly gone from a point where I understood what the risk was in not having something like this, and that's when I was heavily dependent on native tools that are offered up with cloud service providers. 

The first release that came out didn't include the workload management, because what happened, I believe, was that Palo Alto acquired Twistlock. Twistlock was then "framed" into cloud workload management within Prisma Cloud. What that meant was that you had a capability that looks at your container workloads, and that's called Prisma Cloud Compute, which is all available within a single pane of glass, but as a different set of capabilities. That is really useful, especially when you're running container workloads.

In terms of securing the entire development life cycle, if you integrate it within the Jenkins CI/CD pipeline, you can get the level of assurance needed for your golden images or trusted image. And then you can look at how you can enforce certain constraints for images that don't match the level of compliance required. In terms of going from what would be your image repository, when that's consumed you have the capability to look at what runtime scanning looks like from a container perspective. It's not really on par with, or catering to, what other products are looking at in terms of SAST and DAST capabilities. For those, you'd probably go to the market and look at something like Veracode or WhiteHat.

It all depends on the way an organization works, whether it has a distributed or centralized setup. Is there like a central DevOps or engineering function that is a single entity for consuming cloud-based services, or is there a function within the business that has primarily been building capabilities in the cloud for what would otherwise be infrastructure-as-a-service for internal business units? The difficulty there is the handoff. Do you look at running it as a central function, where the responsibility and the accountability is within the DevOps teams, or is that a function for SecOps to manage and run? The scenario is dependent on what the skill sets are of a given team and what the priorities are of that team. 

Let's say you have a security team that knows its area and handles governance, risk, and compliance, but doesn't have an engineering function. The difficulty there is how do you get the capability integrated into CI/CD pipelines if they don't have an engineering capability? You're then heavily relying on your DevOps teams to build out that capability on behalf of security. That would be a scenario for explaining why DevOps starts integrating with what would otherwise be CyberOps, and you get that DevSecOps cycle. They work closer together, to achieve the end result. 

But in terms of how seamless those CI/CD touchpoints are, it's a matter of having security experts that understand that CI/CD pipeline and where the handoffs are. The heads of function need to ensure that there's a particular level of responsibility and accountability amongst all those teams that are consuming cloud workloads. It's not just a point solution for engineering, cloud engineering, operations, or security. It's a whole collaboration effort amongst all those functions. And that can prove to be quite tricky. But once you've got a process, and the technology leaders understand what the ask is, I think it can work quite well.

When it comes to reducing runtime alerts, it depends on the sensitivity of the alerting that is applicable to the thresholds that you set. You can set a "learning mode" or "conservative mode," depending on what your risk-appetite is. You might want it to be configured in a way that is really sensitive, so that you're alerted to events and get insights into something that's out of character. But in terms of reducing the numbers of alerts, it all depends on how you configure it, based on the sensitivity that you want those alerts to be reporting on.

I would rate Prisma Cloud at eight out of 10. It's primarily down to the fact that I've got a third-party tool that gives me a holistic view of cloud security posture. At the click of a button I can determine what the current status is of our threat landscape, in either AWS or Azure, at a conflict level and at a workload level, especially with regards to Prisma Cloud Compute. It's all available within a single pane of glass. That's effectively what I was after about two or three years ago. The fact that it has now come together with a single provider is why I'd rate it an eight.

We're an implementation partner. 

It took me some time, first of all, to understand the product. However, that is important. You need to understand the product, and then get the value. There are different aspects of the product that have different scanning times. Once you onboard, it takes a certain time to get all the details. Also, there will be certain alerts that might not be default alerts. After a certain amount of time, you might have to funnel them. Or, you might want to narrow down to those alerts which are important to you. After that, you'll begin to see the actual value added and to get there, it will definitely take a certain amount of time. 

I'd rate the solution nine out of ten. 

I attend the RSA conference to close gaps. Attending the conference impacts our cybersecurity purchases because it helps us build a roadmap for future evolution. Overall, I rate the solution a seven out of ten.

This is a product for which I had a very specific need, and my security partner recommended it. This product is one of the leaders. I would, however, suggest that you do a POC before implementing this solution.

It has very good support in all of the cloud environments. I think that they offer a lot of functionality in supporting that space. I don't think that this product is perfect, but it fits my needs perfectly.

I would rate this solution a nine out of ten.

The biggest lesson I have learned while using the solution is that you need to tune it well.

The Prisma tool offers a lot of functionality and a lot of configuration. It's a very powerful tool with a lot of features. For people who want to use this product, I would say it's definitely a good product to use. But please be aware also, that because it's so feature rich, to do it right and to use all the functionality, you need somebody with a dedicated amount of time to manage it. It's not complicated, but it will certainly take time for dedicated resources to fully utilize all that Prisma has to offer. Ideally, you should be prepared to assign someone as an SME to learn it and have that person teach others on the team.

I would rate Prisma Cloud at nine out of 10, compared to what's out there.

It's a good tool. I would tell anybody to give a shot. It's easy, it's user-friendly; it's like a plug-and-play tool.

I am a single point of contact for this solution, right now. I'm working on it with my entire management to review things. I have to coordinate because of the multiple platforms they have. Roles have been assigned at different levels. There is a consultant's role, a reviewer's role, and there is an implementer's role. The latter is supposed to be working with them.

Root cause analysis needs to be done at my own level. The solution does inform me that a predicted vulnerability exists and this is the asset where it could be happening. But the intelligence has to be provided by the security consultant.

If something becomes visible during the build phase, we already have a pretty good area where we can change the product so that it does not impact the production environment.

The solution provides an integrated approach across the full lifecycle to provide visibility and security automation and, although we have not started using that part of it yet, it will definitely enable us to take a preventive approach to cloud security when we do use it.

Overall, it provides all the pieces of information that you require, in one place and time. I think it's going to be good to work with them.

I would say Twistlock is a fairly sophisticated tool. It's not the most user-friendly so if somebody wants to use it for their deployment, their firm, they need to have the right people on your team to know how to use it because it's not a plug and play kind of software, like Aqua Security which is a little more plug and play. I think it's easier, more user-friendly, and has a more flexible kind of deployment. If you can configure it well, Twistlock is a lot better in providing you real-time statistics than Aqua Security.

I would rate it an eight out of ten. 

I recommend two months of POC in this. It's fairly new but until now it's been pretty good.

I rate Prisma Cloud an eight on a scale of one to ten for ease of use. It is pretty intuitive, except for not being able to locate resources affected by a certain finding individually.

Prisma Cloud has helped free up staff to work on other projects. Previously, we used to do ad hoc scripting to find different resources affected by a certain finding. However, we no longer have to do that because everything is automated.

At least ten hours each week were freed up because of the Prisma Cloud.

Meeting with all the industry professionals at the RSA conference is a great feeling. We get to learn about the latest trends in cybersecurity, all the new products that are coming up to tackle all the challenges, and especially the role of AI and machine learning in cybersecurity.

We've been looking at improving our hybrid connectivity solutions and making them more secure. We explored a few solutions at the RSA conference, which will come into play when we decide.

Overall, I rate Prisma Cloud an eight out of ten.

From the security automation point of view, it's a fairly good tool, but it still needs some enhancements. Sometimes, it becomes somewhat complex to implement everything.

Overall, Prisma Cloud is a pretty good tool. The only part that stands out for improvement is the reporting.

I would rate Prisma Cloud by Palo Alto Networks a seven out of ten.

The advice I would give to someone seriously considering these cloud solution products is to be careful with procedures you use while testing them. During the setup phase, there were not many challenges. But while integrating the cloud accounts, I would recommend the users initially provide only read-only access not read-write access, just as a precaution. The users should also be cautious not to expose cloud data to vendors like Dome9 or Palo Alto or whomever the vendor will be.  

On a scale from one to ten where one is the worst and ten is the best, I would rate the Palo Alto product overall as a seven-out-of-ten. Dome9 I would currently rate eight-out-of-ten. Palo Alto's rating could improve with enhancements to ease-of-use.  

I rate Prisma Cloud by Palo Alto Networks an eight out of ten.

The solution has a moderate level of ease of use. Prisma Cloud has helped free 50% of our staff's time to work on other projects. Many tasks were done manually before, but now things are faster with Prisma Cloud.

We are trying to learn about new cybersecurity issues and what other solutions are available to combat them.

Overall, I rate Prisma Cloud an eight out of ten.

I would recommend others to consider a CSPM product, whether they go with Prisma or another flavor of CSPM. It also depends on the deployment that the organization has, the use case, and the budget. For an organization similar to mine, I would definitely recommend going for CSPM and Palo Alto Firewall.

I would advise others to not go with the higher level of Prisma support. They should go for third-party professional services because, in my experience, they have a better understanding of the product than the Prisma support team. Currently, we have one of higher levels of support, and we are not getting the return on that support. If we go for a lower tier of support, we save that money and give it to a third-party professional service. That would be a better return on investment.

Prisma Cloud hasn't helped us to identify cloud applications that we were unaware that our employees were using. That has not been the case so far because when we had initially done the deployment, we had done it at the subscription level rather than at the tenant level. So, in our case, it is quite the opposite where there would be subscriptions that the client is not aware of. I think Prisma has come up with a release wherein we can integrate our cloud on a tenant level rather than the subscription level. That is something that we will be doing going forward.

I would rate this solution a seven out of 10.

We have started using some of the modules for securing the entire cloud-native development cycle across build, deploy, and run, but we have not really operationalized them. They're in the initial phases. It's not the maturity of Prisma Cloud that's in question, it's about the maturity of our company as a whole. Our company was not really tuned to CI/CD, secure DevOps, and the like, so we are slowly starting to integrate that. We haven't seen the results yet, but I would say it's very promising on that front at this time.

My advice would be to compare other products and understand what you want to do before you purchase or implement it.

It's definitely a good product. If a company is heavily into the public cloud environment, they must look to use a product like this to gain good visibility into their security. It will also help with the compliance of how they are doing things in the cloud. It's definitely a good, must-have tool.

The solution is good. It is easy to use, but Prisma keeps on releasing new features. So the console becomes a little bit typical. Auto-remediation is time-efficient.

The RSA conference is valuable to my organization. The conference has an impact on our organization's cybersecurity purchases sometimes. Overall, I would rate Prisma Cloud an eight out of ten.

I would rate it as a nine out of ten, due to its cloud-facing features which fit in nicely with the whole cloud ecosystem.

We are Palo Alto partners.

I'd advise that companies that get big and have a lot of servers or critical applications in their cloud invest in this solution.

I would rate the solution at a nine out of ten.

We use the cloud deployment model.

I'd rate the solution nine out of ten.