Prisma Cloud by Palo Alto Networks Overview
Prisma Cloud by Palo Alto Networks is the #1 ranked solution in our list of Container Security Solutions. It is most often compared to Aqua Security: Prisma Cloud by Palo Alto Networks vs Aqua Security
What is Prisma Cloud by Palo Alto Networks?
The move to the cloud has changed all aspects of the application development lifecycle – security being foremost among them. Security and DevOps teams face a growing number of entities to secure as organizations adopt cloud native approaches. Ever-changing environments challenge developers to build and deploy at a frantic pace, while security teams remain responsible for the protection and compliance of the entire lifecycle. Prisma™ Cloud by Palo Alto Networks delivers complete security across the development lifecycle on any cloud, enabling you to develop cloud native applications with confidence.
Prisma Cloud by Palo Alto Networks is also known as Palo Alto Networks Prisma Cloud, Prisma Public Cloud, RedLock Cloud 360, RedLock, Twistlock, Aporeto.
Prisma Cloud by Palo Alto Networks Buyer's Guide
Download the Prisma Cloud by Palo Alto Networks Buyer's Guide including reviews and more. Updated: February 2021
Prisma Cloud by Palo Alto Networks Customers
Amgen, Genpact, Western Asset, Zipongo, Proofpoint, NerdWallet, Axfood, 21st Century Fox, Veeva Systems, Reinsurance Group of America
Prisma Cloud by Palo Alto Networks Video
Pricing Advice
What users are saying about Prisma Cloud by Palo Alto Networks pricing:
- "From my exposure so far, they have been really flexible on whatever your current state is, with a view to what the future state might be. There's no hard sell. They "get" the journey that you're on, and they're trying to help you embrace cloud security, governance, and compliance as you go."
- "I don't know a better way to do it, but their licensing is a little confusing. That's due to the breadth of different types of technologies they are trying to cover. The way you license depends on where you're securing. When they were Twistlock it was a simple licensing scheme and you could tell what you were doing. Now that they've changed that scheme with Palo Alto, it is quite confusing. It's very difficult to predict what your costs are going to be as you try to expand coverage."
- "The pricing and the licensing are both very fair... The biggest advice I would give in terms of costs would be to try to understand what the growth is going to look like. That's really been our biggest struggle, that we don't have an idea of what our future growth is going to be on the platform. We go from X number of licenses to Y number of licenses without a plan on how we're going to get from A to B, and a lot of that comes as a bit of a surprise. It can make budgeting a real challenge for it."
- "One thing we're very pleased about is how the licensing model for Prisma is based on work resources. You buy a certain amount of work resources and then, as they enable new capabilities within Prisma, it just takes those work resource units and applies them to new features. This enables us to test and use the new features without having to go back and ask for and procure a whole new product, which could require going through weeks, and maybe months, of a procurement process."
- "If a competitor came along and said, "We'll give you half the price," that doesn't necessarily mean that's the right answer, at all. We wouldn't necessarily entertain it that way. Does it do what we need it to do? Does it work with the things that we want it to work with? That is the important part for us. Pricing wasn't the big consideration it might be in some organizations. We spend millions on public cloud. In that context, it would not make sense to worry about the small price differences that you get between the products."
Show more
Prisma Cloud by Palo Alto Networks Reviews
Filter by:
Loading...
Filter Unavailable
Loading...
Filter Unavailable
Loading...
Filter Unavailable
Loading...
Filter Unavailable
Loading...
Filter Unavailable
Order by:
Loading...
Search:
LukeLynch
Cloud Security Specialist at a financial services firm with 501-1,000 employees
Gives me a holistic view of cloud security across multiple clouds or multiple cloud workloads within one cloud provider
What is our primary use case?
Primarily the intent was to have a better understanding of our cloud security posture. My remit is to understand how well our existing estate in cloud marries up to the industry benchmarks, such as CIS or NIST, or even AWS's version of security controls and benchmarks. When a stack is provisioned in a cloud environment, whether in AWS or Azure or Google Cloud, I can get an appreciation of how well the configuration is in alignment with those standards. And if it's out of alignment, I can effectively task those who are accountable for resources in clouds to actually remediate any identifiable… more »Pros and Cons
- "You can also integrate with Amazon Managed Services. You can also get a snapshot in time, whether that's over a 24-hour period, seven days, or a month, to determine what the estate might look like at a certain point in time and generate reports from that for vulnerability management forums."
- "In addition to that, I can get a snapshot of what I deemed were the priority vulnerabilities, whether it was identity access management, key rotation, or secrets management. Whatever you deem to be a priority for mitigating threats for your environment, you can get that as a snapshot."
- "It's not really on par with, or catering to, what other products are looking at in terms of SAST and DAST capabilities. For those, you'd probably go to the market and look at something like Veracode or WhiteHat."
What other advice do I have?
My advice is that if you have the opportunity to integrate and utilize Prisma Cloud you should, because it's almost a given that you can't get any other cloud security posture management system like Prisma Cloud. There are competitors that are striving to achieve the same types of things. However, when it comes to the governance element for a head of architecture or a head of compliance or even at the CSO level, without that holistic view, if you use one of them you are potentially flying blind. Once you've got a capability running in the cloud and the associated demand that comes through from…
reviewer1472745
Director, Cloud Engineering at a pharma/biotech company with 10,001+ employees
Gives us security control gates and automated notifications in container orchestrator, but deploy is API-driven, not a built-in integration
What is our primary use case?
There are three pieces to our use case. For the container piece, which used to be Twistlock, we use static scan to scan our artifact repositories and we use that data to remediate issues and provide it back to developers. We also do runtime monitoring on our orchestrators, which are primarily Kubernetes, but some DC/OS as well. Right now, it's all on-premises, although we'll be moving that to the cloud in the future. And we use what used to be RedLock, before it was incorporated into the solution.Pros and Cons
- "The ability to monitor the artifact repository is one of the most valuable features because we have a disparate set of development processes, but everything tends to land in a common set of artifact repositories. The solution gives us a single point where we can apply security control for monitoring. That's really helpful."
- "I've been really pleasantly surprised with how Prisma Cloud is, over time, covering more and more of the topics I care about, and listening to customer feedback and growing the product in the right directions."
- "When it comes to protecting the full cloud-native stack, it has the right breadth. They're covering all the topics I would care about, like container, cloud configuration, and serverless. There's one gap. There could be a better set of features around identity management—native AWS—IAM roles, and service account management. The depth in each of those areas varies a little bit. While they may have the breadth, I think there's still work to do in flushing out each of those feature sets."
What other advice do I have?
My advice would be not to look at it like you're implementing a tool. Look at it like you're changing your processes. You need to plan for the impact of the data for the various teams across Dev and Security and Ops. Think very holistically, because a lot of this cloud container stuff spans many teams. If you only look at it as "I'm going to plug a tool in and I'm going to get some benefit," I think you'll fail. Prisma Cloud covers both cloud and container, or could cover either/or, depending on your needs. But in both of those cases, there's often confusion about who owns what, especially as…
Learn what your peers think about Prisma Cloud by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: February 2021.
465,623 professionals have used our research since 2012.
Devin Charters
Sr. Security Operations Manager at a healthcare company with 5,001-10,000 employees
Provides feedback directly to teams responsible for AWS or cloud accounts, enabling them to fix issues independently
What is our primary use case?
We are using it for monitoring our cloud environment and detecting misconfigurations in our hosted accounts in AWS or Azure.Pros and Cons
- "The policies that come prepackaged in the tool have been very valuable to us. They're accurate and they provide good guidance as to why the policy was created, as well as how to remediate anything that violates the policy."
- "The integration of the Compute function into the cloud monitoring function—because those are two different tools that are being combined together—could use some more work. It still feels a little bit disjointed."
What other advice do I have?
I would highly recommend automating the process of deploying it. That has made just a huge improvement on the uptake of the tool in our environment and in the ease of integration. There's work involved in getting that done, but if we were trying to do this manually, we would never be able to keep up with the rate that we've been growing our environment. The biggest lesson I've learned in using this solution is that we were absolutely right that we needed a tool like this in our environment to keep track of our AWS environment. It has identified a number of misconfigurations and it has allowed…reviewer1442412
Sr. Information Security Manager at a healthcare company with 201-500 employees
Integrates into our CI/CD pipeline giving devs near real-time alerting on whether a configuration is good or bad
What is our primary use case?
Our use case for the solution is monitoring our cloud configurations for security. That use case, itself, is huge. We use the tool to monitor security configuration of our AWS and Azure clouds. Security configurations can include storage, networking, IAM, and monitoring of malicious traffic that it detects. We have about 50 users and most of them use it to review their own resources.Pros and Cons
- "It scans our containers in real time. Also, as they're built, it's looking into the container repository where the images are built, telling us ahead of time, "You have vulnerabilities here, and you should update this code before you deploy." And once it's deployed, it's scanning for vulnerabilities that are in production as the container is running."
- "The challenge that Palo Alto and Prisma have is that, at times, the instructions in an event are a little bit dated and they're not usable. That doesn't apply to all the instructions, but there are times where, for example, the Microsoft or the Amazon side has made some changes and Palo Alto or Prisma was not aware of them. So as we try to remediate an alert in such a case, the instructions absolutely do not work. Then we open up a ticket and they'll reply, "Oh yeah, the API for so-and-so vendor changed and we'll have to work with them on that." That area could be done a little better."
What other advice do I have?
The biggest lesson I have learned while using the solution is that you need to tune it well. The Prisma tool offers a lot of functionality and a lot of configuration. It's a very powerful tool with a lot of features. For people who want to use this product, I would say it's definitely a good product to use. But please be aware also, that because it's so feature rich, to do it right and to use all the functionality, you need somebody with a dedicated amount of time to manage it. It's not complicated, but it will certainly take time for dedicated resources to fully utilize all that Prisma has to…reviewer1456956
Security Architect at a computer software company with 11-50 employees
Looks across our various cloud estates and provides information about what's going on, where it is going on, and when it happened
What is our primary use case?
We have a very large public cloud estate. We have nearly 300 public cloud accounts, with almost a million things deployed. It's pretty much impossible to track all of the security and the compliance issues using anything that would remotely be considered homegrown—scripts, or something that isn't fully automated and supported. We don't have the time, or necessarily even the desire, to build these things ourselves. So we use it to track compliance across all of the various accounts and to manage remediation. We also have 393 applications in the cloud, all of which are part of various suites… more »Pros and Cons
- "One of the main reasons we like Prisma Cloud so much is that they also provide an API. You can't expect to give someone an account on Prisma Cloud, or on any tool for that matter, and say, "Go find your things and fix them." It doesn't work like that... We pull down the information from the API that Prisma Cloud provides, which is multi-cloud, multi-account—hundreds and hundreds of different types of alerts graded by severity—and then we can clearly identify that these alerts belong to these people, and they're the people who must remediate them."
- "Based on my experience, the customization—especially the interface and some of the product identification components—is not as customizable as it could be. But it makes up for that with the fact that we can access the API and then build our own systems to read the data and then process and parse it and hand it to our teams."
What other advice do I have?
You need to identify how you'll be using it and what your use cases are. If you don't have a mature enough organizational posture, you're not going to use it to actually fix the issues because you won't have the teams ready to consume its information. You need to build that and that needs to be built into the thinking around that product. There's no point having information if you're not going to act on it. So understand who is going to act on it, and how, and then you've got a much better path to understanding your use for this. There's no point in buying a product for the sake of the…reviewer1469655
Cloud Security Manager at a manufacturing company with 10,001+ employees
We have identified and secured many misconfigurations and remediated a lot of vulnerabilities
What is our primary use case?
Primarily, we are attempting to secure our public cloud security posture through compliance and vulnerability scanning.Pros and Cons
- "The Twistlock vulnerability scanning tool is its most valuable feature. It provides us insight into security vulnerabilities, running inside both on-premise and public cloud-based container platforms. It is filling a gap that we have with traditional vulnerability scanning tools, where we don't have the ability to scan inside containers."
- "The alignment of Twistlock Defender agents with image repositories needs improvement. These deployed agents have no way of differentiating between on-premise and cloud-based image repositories. If I deploy a Defender agent to secure an on-premise Kubernetes cluster, that agent also tries to scan my ECR image repositories on AWS. So, we have limited options for aligning those Defenders with the repositories that we want them to scan. It is scanning everything rather than giving us the ability to be real granular in choosing which agents can scan which repositories."
What other advice do I have?
Have a clear plan for how you will structure your policies, then decide right from the get-go if you will augment the delivered policies with your custom ones to minimize the amount of rework that you need to do. Likewise, make sure that the ticketing application that you are planning to integrate with, if you're going to track remediation activities, is one that is supported. If not, have a plan for getting that integration going quickly. Biggest lesson learnt: Do better planning for that third-party and downstream integration that you will be doing with your ticketing platform. Right out of…Prerna Kapoor
Governance Test and Compliance Officer at Thales
We are able to filter alerts by security level so our teams understand which situations are critical
What is our primary use case?
I was looking for one tool which, as a WAF, could provide me with information regarding applications and with features where I can oversee things. We use the solution's ability to filter alerts by levels of security and it helps our teams understand which situations are the most critical. Based on the priorities that I get for my product, I can filter the notices the team needs to work on, to those that require immediate attention. That means it's easier for me to categorize and understand things exactly, on a single dashboard. I can see, at one point in time, that these are my 20 applications… more »Pros and Cons
- "I was looking for a vulnerability scanner and I was looking for one place in which I could find everything. This tool not only does vulnerability scanning, but it also gives me an asset management tool."
- "We would like it to have more features from the risk and compliance perspectives."
What other advice do I have?
It's a good tool. I would tell anybody to give a shot. It's easy, it's user-friendly; it's like a plug-and-play tool. I am a single point of contact for this solution, right now. I'm working on it with my entire management to review things. I have to coordinate because of the multiple platforms they have. Roles have been assigned at different levels. There is a consultant's role, a reviewer's role, and there is an implementer's role. The latter is supposed to be working with them. Root cause analysis needs to be done at my own level. The solution does inform me that a predicted vulnerability…reviewer1206177
Sr. Manager IT Operations at a tech vendor with 5,001-10,000 employees
Provides cross-cloud security but it isn't so user-friendly
What is our primary use case?
We use cloud solutions generally for client demos of products.Pros and Cons
- "The product is quite good for providing multi-clouds or cross-cloud security from a single-pane -of-glass."
- "Palo Alto should work on ease-of-use and the user-friendliness to be more competitive with some competing products."
What other advice do I have?
The advice I would give to someone seriously considering these cloud solution products is to be careful with procedures you use while testing them. During the setup phase, there were not many challenges. But while integrating the cloud accounts, I would recommend the users initially provide only read-only access not read-write access, just as a precaution. The users should also be cautious not to expose cloud data to vendors like Dome9 or Palo Alto or whomever the vendor will be. On a scale from one to ten where one is the worst and ten is the best, I would rate the Palo Alto product overall…See 5 more Prisma Cloud by Palo Alto Networks Reviews
Popular Comparisons
Aqua Security
Check Point CloudGuard SaaS
Azure Security Center
Tenable.io Container Security
Amazon GuardDuty
Cisco Secure Workload
Sysdig Secure
Qualys Container Security
Guardicore Centra
Trend Micro Deep Security
Threat Stack Cloud Security Platform
Buyer's Guide
Download our free Prisma Cloud by Palo Alto Networks Report and get advice and tips from experienced pros
sharing their opinions.