Anonymous UserDevOps Engineer at a tech services company
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"All of the features are very useful in today's market."
"The reporting against compliance is an important feature that helps you comply with policies and standards within your organization."
"Assets Management as it provide complete visibility of our workload inkling EC2 instance or Serverless"
"It helps us to analyze vulnerabilities way before they get installed in production and the web. It gives us more security in the production environment."
"This product provides a really nice visualization of the infrastructure, including network topology, firewalls, etc."
"On Dome9, you can have reports on compliance, users created, and EAM access to the cloud infrastructure. For example, if some machine is exposed to the Internet, importing and exporting to the Internet when it shouldn't, we get immediate alerts if someone does this type of configuration by mistake. Dome9 is very important because AWS doesn't protect us for this. It is the client's responsibility to make sure that we don't export things to the Internet. This solution helps us ensure that we comply with our security measures."
"The audit feature is the most valuable for compliance reasons. It gives you a full view of the whole environment, no matter how many accounts you have in AWS or Azure. You have it all under one umbrella."
"I love the work involved in maintaining and scaling security services and configurations across multiple public clouds using this solution, versus using native native cloud security controls. It is so much better. The different cloud platforms all have their own way that they handle a lot of the stuff that Dome9 handles. Even within their platform, they are in a lot of disparate places, e.g., in AWS, there are five different tools. You have to jump between them to get the same information that you can just pull in automatically on Dome9, which is just one platform. We are using multiple platforms, so that makes it even more complicated and time consuming if you had to just rely on them to get all of your information. Whereas, it's all just summarized and put together on the Dome9 end."
"Its hands-off security and the fact that we don't have to maintain it are the most valuable features."
"Monitoring is the most valuable feature because we can easily monitor all kinds of stuff coming over the network. We can check the dashboard and work accordingly."
"This solution provides a DLP on the cloud and very few people have a scanning device for data at rest."
"The performance is good."
"The remediation process is easy compared to other platforms."
"It has predefined or preconfigured rules, which are getting periodically updated. They are providing continuous improvements and periodically updating all search queries that they are looking for. That is one thing that helps us to stay vigilant and focused. If we query our AWS account for any breaches or vulnerabilities with any of the cloud tests, and it alerts us based on these predefined rules. It also provides an option to configure our own rules, and based on these rules, it can query the cloud trail logs, pull the information, and trigger alerts in real-time. I haven't explored this feature much because there are multiple accounts, and we don't have enough time to explore this feature. It also provides multiple integrations. When vulnerabilities or breaches are happening, you should be aware of them immediately. It provides integration with tools such as Slack, PagerDuty so that you can get alerted as soon as the high severity stuff comes up. For example, you have a security group that has allowed public traffic on port 22. As TechOps, you should be aware of this immediately. You cannot scan each machine or look into all security groups to identify it. So, Prisma helps us and alerts us when this kind of high-priority stuff comes up. It has different statistics, analytics, and graphs for data. The description of alerts is also pretty good. They describe what are the possible causes for this and what are the solutions. From Prisma Cloud, you can directly go to the AWS account. When you click on an alert, a resource, or a resource ID, it takes you to the AWS console where you need to log in. If you are already logged in, it will take you to that instance directly, and you can fix the issue there. I have found this feature very useful."
"It is easy to use, easy to integrate, and is stable. It's scalable as well."
"Prisma SaaS is very easy to use; it's common sense — it's the best-in-class."
"Dome9 should also support deployments that are on-premises and in a hybrid cloud."
"The price of this solution should be reduced so that it is more affordable to scale."
"It should capture more information in metadata including communication detail. Also, Internal IP addresses should not be tracked as this might be having some compliance issues."
"Automatic remediation requires read/write access. When providing read/write access to third-party applications, this can add risk. It should have some options of triggering API calls to the cloud platform, which in turn, can make the required changes."
"We were demotivated by the lack of native automation modules for the Terraform and Ansible tools."
"The main issue that we found with Dome9 is that we have a default rule set with better recommendations that we want to use. So, you do a clone of that rule set, then you do some tweaks and customizations, but there is a problem. When they activate the default rule set with the recommendations and new security measures, it doesn't apply the new security measures to your clones profile. Therefore, you need to clone the profile again. We are already writing a report to Check Point."
"The accuracy of its remediation is a 7.5 out of 10. Before, I would have given it a ten but now, to handle remediation for fully qualified domain names, it's not working as it did in the past. We're finding some difficulties there."
"The biggest thing is the documentation aspect of Dome9 is a little lacking. They were purchased by Check Point about a year and a half to two years ago. When they integrated into Check Point's support system, a lot of the documentation that they had previously got mangled in the transition, e.g., linking to stuff on the Dome9 website that no longer exists. There are still a lot of spaces with incomplete links and stuff that is not as fully explained as it could be."
"They automatically update and they should give us time to fully understand what they're updating so that we can make sure it doesn't impact production."
"One thing that would help is if we could get a guide. With Cisco, for example, you can just type the problem regarding your Cisco product and you will easily get your solution. In Palo Alto, however, it's not easy to find the solutions."
"I would like to see support for custom applications."
"The price can be reduced to make it more competitive."
"My clients would like to see a more feature-rich product."
"We are using the SaaS offering. We use our applications for microservices. We use Twistlock to scan containers, and it displays these results in Prisma, which is a good feature because we can see vulnerabilities with respect to these containers. We can see everything in a very detailed manner. However, when you have different environments for a single application, such as DEV, QA, PROD, and TEST, all these environments run multiple containers, which can lead to a very high number of containers. In such a scenario, it shows you the alerts for all those containers that have vulnerabilities. If you show the results of all the containers that share the same image, it is not going to add any value. Therefore, they should narrow down the alerts based on a container. It should show information for a single container. Otherwise, the person who is looking at the results gets the impression that he has to fix all these issues. This is something that they can improve."
"When it comes to integration mechanisms, Prisma SaaS does not support reverse proxy type of integrations."
"Lacks a hybrid model which has API plus in-line security."
"It is a very straightforward licensing model that is based on the number of assets you are discovering and managing with the solution."
"The licensing and costs are straightforward, as they have a baseline of 100 workloads (number of instances) within one license with no additional nor hidden charges. If you want to have 200 workloads under Dome9, then you need to take out two licenses for that. Also, it does not have any impact on cloud billing, as data is shared using the API call. This is well within the limit of free API calls provided by the cloud provider."
"I suggest that you pay attention to the product pricing because while there are no tricks, and the licensing model is transparent, the final numbers may surprise you."
"Right now, we have licenses on 500 machines, and they are not cheap."
"The pricing is tremendous and super cheap. It is shockingly cheap for what you get out of it. I am happy with that. I hope that doesn't get reported back and they increase the prices. I love the pricing and the licensing makes sense. It is just assets: The more stuff that you have, the more you pay."
"In the beginning, the price of Dome9 was cheap, whereas now it is not."
"Licensing and costs are straightforward, as they have a baseline of 100 workloads within one license and no additional charges."
"Actually the solution is very expensive. I don't know the particulars since the purchasing team dealt with it."
"The pricing for this solution is on the higher end."
"Compared to other products, the price is slightly high."
"The licensing fees are paid on a yearly basis and for what we get, the price is good."
"Prisma SaaS is more expensive than similar solutions but I think it's worth it."
Check Point CloudGuard provides cloud native security for all your assets and workloads, across multi-clouds, allowing you to automate security everywhere, with unified threat prevention and posture management. The only solution that provides context to secure your cloud with confidence.
Since software as a service is so easy, use of SaaS applications is exploding. Because of that simplicity, though, the security risks of SaaS are also on the rise. Unsanctioned SaaS apps can expose sensitive data and propagate malware, and even sanctioned SaaS adoption can increase the risk of data exposure, breaches and noncompliance. By offering advanced data protection and consistency across applications, Prisma SaaS reins in the risks. It addresses your cloud access security broker needs and provides advanced capabilities in risk discovery, data loss prevention, compliance assurance, data governance, user behavior monitoring and advanced threat prevention. Now you can maintain compliance while preventing data leaks and business disruption through a fully cloud-delivered CASB deployment.
Check Point CloudGuard Posture Management is ranked 2nd in Cloud Workload Security with 13 reviews while Prisma SaaS by Palo Alto Networks is ranked 3rd in Cloud Access Security Brokers (CASB) with 9 reviews. Check Point CloudGuard Posture Management is rated 8.2, while Prisma SaaS by Palo Alto Networks is rated 8.2. The top reviewer of Check Point CloudGuard Posture Management writes "Security visibility accuracy is tremendous, letting us see who is trying to access what". On the other hand, the top reviewer of Prisma SaaS by Palo Alto Networks writes "Useful predefined rules, multiple integrations, descriptive alerts, and great stability". Check Point CloudGuard Posture Management is most compared with Prisma Cloud by Palo Alto Networks, Check Point Harmony Email & Office, Azure Security Center, Qualys VM and Threat Stack Cloud Security Platform, whereas Prisma SaaS by Palo Alto Networks is most compared with Zscaler Internet Access, Cisco Umbrella, Netskope CASB, Microsoft Cloud App Security and McAfee MVISION Cloud.
See our list of .
We monitor all Cloud Workload Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.