We just raised a $30M Series A: Read our story
SS
Talent Acquisition Leader at a manufacturing company with 10,001+ employees
Real User
Allows us to generate real-time alerts and does a fairly good job from the data exposure perspective, but could use better reporting

Pros and Cons

  • "As a pure-play CSPM, it is pretty good. From the data exposure perspective, Prisma Cloud does a fairly good job. Purely from the perspective of reading the conflicts, it is able to highlight any data exposures that I might be having."
  • "Currently, custom reports are available, but I feel that those reports are targeting just the L1 or L2 engineers because they are very verbose. So, for every alert, there is a proper description, but as a security posture management portal, Prisma Cloud should give me a dashboard that I can present to my stakeholders, such as CSO, CRO, or CTO. It should be at a little bit higher level. They should definitely put effort into reporting because the reporting does not reflect the requirements of a dashboard for your stakeholders. There are a couple of things that are present on the portal, but we don't have the option to customize dashboards or widgets. There are a limited set of widgets, and those widgets don't add value from the perspective of a security team or any professional who is above L1 or L2 level. Because of this, the reach of Prisma Cloud in an organization or the access to Prisma Cloud will be limited only to L1 and L2 engineers. This is something that their development team should look into."

What is our primary use case?

The main reason why we are using Prisma Cloud is to identify any compliance issues. We have certain compliance requirements across our different resources, such as something should be completely inaccessible, logging should be enabled, and certain features should be enabled. So, we are using it to identify any such gaps in our cloud deployment. Basically, we are using it as a Cloud Security for Posture Management (CSPM) tool.

It is a SaaS solution. 

How has it helped my organization?

One of the things that we have been able to do with Prisma Cloud is that we have been able to generate real-time alerts and share them with our technology team. For certain resources, such as databases, we have certain P1 requirements that need to be fulfilled before our resource goes live. With Prisma, if we identify any such resource, then we just raise an alert directly with the support team, and the support team gets working on it. So, the turnaround time between us identifying a security gap and then closing it has gone down drastically, especially with respect to a few of the resources for which we have been able to put this plan into motion. We have reduced the timeline by 30%. That's because the phase of us identifying the gaps manually and then highlighting them to the team is gone, but the team still needs to remediate them. Of course, there is a provision in Prisma Cloud where I can reduce it further by allowing auto-remediate, but that is not something that we have gone for as an organization.

We are using it to find any gaps, create custom policies, or search in our cloud because even on the cloud portal, you don't get all the details readily available. With Prisma, you have the capability of searching for whatever you're looking for from a cloud perspective. It gives you easy access to all the resources for you to find any attribute or specific values that you're looking for in an attribute. Based on my experience with Azure and Prisma, search becomes much easier via Prisma than via your cloud.

What is most valuable?

As a pure-play CSPM, it is pretty good. From the data exposure perspective, Prisma Cloud does a fairly good job. Purely from the perspective of reading the conflicts, it is able to highlight any data exposures that I might be having.

What needs improvement?

There are two main things that Palo Alto should look into. The first is the reporting piece, and the second one is the support. 

Currently, custom reports are available, but I feel that those reports are targeting just the L1 or L2 engineers because they are very verbose. So, for every alert, there is a proper description, but as a security posture management portal, Prisma Cloud should give me a dashboard that I can present to my stakeholders, such as CSO, CRO, or CTO. It should be at a little bit higher level. They should definitely put effort into reporting because the reporting does not reflect the requirements of a dashboard for your stakeholders. There are a couple of things that are present on the portal, but we don't have the option to customize dashboards or widgets. There are a limited set of widgets, and those widgets don't add value from the perspective of a security team or any professional who is above L1 or L2 level. Because of this, the reach of Prisma Cloud in an organization or the access to Prisma Cloud will be limited only to L1 and L2 engineers. This is something that their development team should look into.

Their support needs to be improved. It is by far one of the worst support that I have seen.

We are using Azure Cloud. With AWS, Prisma is a lot more in-depth, but with Azure, it's still developing. There are certain APIs that Prisma is currently not able to read. Similarly, there were certain APIs that it was not able to read six months ago, but now, it is able to review those APIs, top-up resources, and give us proper security around that. Function apps were one of those things that were not there six months ago, but they are there now. So, it is still improving in terms of Azure. It is much more advance when it comes to AWS, but unfortunately, we are not using AWS. A problem for us is that in terms of protecting data, one of the key concepts is the identification of sensitive data, but this feature is currently not enabled for Azure. This feature is there for AWS, and it is able to read your S3 buckets in the case of AWS, but for Azure, it is currently not able to do any identification of your storage accounts or read data on the storage to give security around that. So, that is one of the weak points right now. So, from a data exfiltration perspective, it needs some improvement.

It is currently lacking in terms of network profiles. It is able to identify new resources, and we do get continuous alerts from Prisma when there is an issue, but there have been a few issues or glitches. I had raised a case with Palo Alto support, but the ticket was not going anywhere, so I just closed the ticket. From a network security group's point of view, we had found certain issues where it was not able to perform its function properly when it comes to the network profile. Apart from that, it has been working seamlessly. 

For how long have I used the solution?

I've been using Prisma Cloud for around six months.

What do I think about the stability of the solution?

It is a stable platform. Especially with it being a SaaS platform, it just has to make API calls to the customers' cloud portals. I haven't found any issues with regard to stability, and I don't foresee any issues with stability based on the architecture that Prisma has.

What do I think about the scalability of the solution?

It is pretty scalable. The only limitation is the licensing. Otherwise, everything is on the cloud, and I don't see any challenges with respect to scalability. I would consider it as a scalable solution.

Currently, there are around eight to 10 people who are working with Prisma, but we are still bringing it up to maturity. So, majorly, I and a couple of my colleagues are working with Prisma. The others have the account, but they are not active with respect to Prisma. Almost all of us are from InfoSec.

How are customer service and support?

The support from Palo Alto needs to be improved a lot. It is by far one of the worst support services that I have seen. It takes a lot of time for them to come back, and nothing conclusive happens on the ticket as well. 

There was a ticket for which I called them for three months, and nothing was happening on that ticket. They were just gathering evidence that I had already shared. They asked for it again and again, and I got frustrated and just closed the ticket because I was just wasting my time. I was not getting any response. There was no progress that I was seeing in getting my issue getting resolved even after three months. This is not just for one ticket. There have been a couple of other tickets where I've faced similar issues with Palo Alto. So, support is definitely something that they should look into. 

Today, I won't recommend Palo Alto Prisma to someone because I'm not confident about their support. Their support is tricky. I would rate them a three or four out of 10. They are polite and have good communication skills, but my requirement from the support team is not getting fulfilled.

Which solution did I use previously and why did I switch?

We haven't used any other product. 

How was the initial setup?

I've been involved with the entire implementation of Prisma Cloud. I've manually done the implementation of Prisma in my current organization in terms of fine-tuning the policies, reviewing the policies, and basically bringing it up to maturity. We have not yet achieved maturity with the product. We have also encountered some problems with the product because of which the implementation has been a bit delayed.

The integration piece is pretty straightforward. In terms of the availability of the documentation, there is no issue. If you reach the right document, your issue gets resolved automatically, and you don't have to go to the support team. That was pretty smooth for me.

The initial integration barely took half a day. You just have to make some changes on your cloud platform, get the keys, and just put the keys manually. We had a lot of subscriptions, and when we were doing the integration, tenant-level integration was not available. So, I had to manually integrate or rather onboard each subscription. That's the reason why it took me half a day. It might have even been just a couple of hours.

What was our ROI?

As of now, we have not seen an ROI because we are not yet mature. We have not yet reached the maturity level that we want to reach.

Which other solutions did I evaluate?

My colleague had reviewed other solutions like Aqua and Cloudvisory. One of the reasons for selecting Prisma was that we have planned a multi-cloud approach, and based on our analysis, we felt that Prisma will be better suited for our feature requirements. The other reason was that we already have quite a few Palo Alto products in our environment, so we just thought that it will be easier for us to do integrations with Prisma. So, these were the two key reasons for that decision.

Currently, there are not many options to choose from across different products. So, from that perspective, Prisma is pretty decent. It works how CSPMs are supposed to work. They have to read up the config, and then throw you an alert if they find any misconfiguration. So, from that perspective, I didn't find it to be that different from other CSPMs. The integration pieces and other things are pretty simple in Prisma Cloud, which is something that we can take into account when comparing it with others.

What other advice do I have?

I would recommend others to consider a CSPM product, whether they go with Prisma or another flavor of CSPM. It also depends on the deployment that the organization has, the use case, and the budget. For an organization similar to mine, I would definitely recommend going for CSPM and Palo Alto Firewall.

I would advise others to not go with the higher level of Prisma support. They should go for third-party professional services because, in my experience, they have a better understanding of the product than the Prisma support team. Currently, we have one of higher levels of support, and we are not getting the return on that support. If we go for a lower tier of support, we save that money and give it to a third-party professional service. That would be a better return on investment.

Prisma Cloud hasn't helped us to identify cloud applications that we were unaware that our employees were using. That has not been the case so far because when we had initially done the deployment, we had done it at the subscription level rather than at the tenant level. So, in our case, it is quite the opposite where there would be subscriptions that the client is not aware of. I think Prisma has come up with a release wherein we can integrate our cloud on a tenant level rather than the subscription level. That is something that we will be doing going forward.

I would rate this solution a seven out of 10.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Douglas Costa Rossi
Software Security Analyst at a energy/utilities company with 10,001+ employees
Real User
Top 20
Enabled us to help an internal team, one that was totally vulnerable, to have a security solution within a couple of weeks

Pros and Cons

  • "The CVEs are valuable because we used to have a tool to scan CVEs, at the language level, for the dependencies that our developers had. What is good about Prisma Cloud is that the CVEs are not only from the software layer, but from all layers: the language, the base image, and you also have CVEs from the host. It covers the full base of security."
  • "They need to make the settings more flexible to fit our internal policies about data. We didn't want developers to see some data, but we wanted them to have access to the console because it was going to help them... It was a pain to have to set up the access to some languages and some data."

What is our primary use case?

When we started using this tool, the name was Twistlock, it was not Prisma Cloud. We had a container team responsible for modernizing our environment and they created an on-prem solution using Red Hat OpenShift. They started using Twistlock as a way to manage the security of this on-prem environment.

My team, which was the security team, inherited the ownership of the tool to manage all the security problems that it was raising.

When we started using containers on the cloud, our cloud provider was Azure. We also started migrating our security solutions for the cloud, but that was at the end of my time with the company, so I didn't participate much in this cloud process.

We were also sending the logs and alerts to Splunk Cloud. We were managing all the alerts generated by policies and vulnerabilities and the threats from the web. That way, we had a pipeline system sending these alerts to a central location where our investigation team would look at them. So we used the system to manage both cloud and on-prem and connect them.

How has it helped my organization?

We had one team that didn't have any security whatsoever. We helped them to add Prisma Cloud to scan their environment. It was a big issue in the company at the time, because they had a huge environment which was not following the security rules of the company. They didn't have any security. Prisma Cloud helped us to start raising alerts and vulnerabilities. That was a successful case because in the timeframe of one to two weeks, we installed the tool and were teaching the team how to manage it, find their vulnerabilities, and how to fix them. We were able to help a team that was totally vulnerable to have a security solution.

Overall, it covered all the stages that we hoped it would cover.

The solution also reduced our runtime alerts. I don't have the exact numbers but I would say it lowered the number of issues by 70 percent. Our strategy was that we started using the tool for some small applications, and then we started using it for other teams. For the small applications, I can't guarantee the reduction was 70 percent because those solutions were managed by the security team which had smart people who were security conscious.

What is most valuable?

We used the policy features to manage users so that they would not have secrets in their containers. We also used the vulnerabilities, the CVEs, that were being raised by the tool.

The CVEs are valuable because we used to have a tool to scan CVEs, at the language level, for the dependencies that our developers had. What is good about Prisma Cloud is that the CVEs are not only from the software layer, but from all layers: the language, the base image, and you also have CVEs from the host. It covers the full base of security.

The compliance is good because it has a deep view of the container. It can find stuff that only administrators would have access to in our container. It can go deep down into the container and find those policy issues.

We also started looking for the WaaS (Web-Application and API Security) solution, but we didn't implement it during the time I was at the company. We tested it. What's good about the WaaS is that it's almost a miracle feature. You can find SQL injection or cross-site scripting and defend against that by setting up Prisma Cloud and turning on the feature.

Prisma Cloud also provided risk clarity at runtime and across the entire pipeline, showing issues as they were discovered during the build phases. It provided a good rating for how to prioritize a threat, but we also had a way to measure risk in our company that was a little bit different. This was the same with other scanning tools that we had: the risk rating was something that we didn't focus too much on because we had our own way to rate risk. Prisma Cloud's rating was helpful sometimes, but we used our risk measurement more than the tool's.

What needs improvement?

One problem was identifying Azure Kubernetes Services. We had many teams creating Kubernetes systems without any security whatsoever. It was hard for us to identify Kubernetes because the Prisma Cloud could not identify them. From what I heard from Palo Alto at the time, they were building a new feature to identify those. It was an issue they were already trying to fix.

In addition, when it comes to access for developers, I would like to have more granular settings. For example, in our company we didn't want to display hosts' vulnerabilities to developers, because the infrastructure or containers team was responsible for host vulnerabilities or the containers. The developers were only responsible for the top application layer. We didn't want to provide that data to the developers because A) we thought it was sensitive data and B) because it was data that didn't belong to developers. We didn't want to share it, but I remember having this problem when it came to the granularity of granting permissions. 

They need to make the settings more flexible to fit our internal policies about data. We didn't want developers to see some data, but we wanted them to have access to the console because it was going to help them. One possibility was to develop our own solution for this, using the API. But that would add complexity. The console was clean and beautiful. It has the radar where you can see all the containers. But we just didn't want to show some data. It was a pain to have to set up the access to some languages and some data.

Another thing that was a pain was that in our on-prem environment there was a tool that sometimes generated a temporary container, to be used just for a build, and Prisma would raise some compliance issues for this container that would die shortly. It was hard to suppress these kinds of alerts because it was hard to find a standard or a rule that would fit this scenario. The tool was able manage the whole CI/CD pipeline, including the build as well—even these containers that were temporary for a build—but sometimes it would raise too much unnecessary data.

Also, one of the things that it's hard to understand sometimes is how to fix an issue. We managed to do so by testing things ourselves because we are developers. But a little bit of explanation about how to fix something would help. It was more showing what the problem was than it did about how to fix it.

For how long have I used the solution?

I used Prisma Cloud by Palo Alto Networks for about a year and a half.

What do I think about the stability of the solution?

It's pretty much stable, as much as containers are stable. It is more about the container solution itself, or how Kubernetes is managed and the state of health of the containers. As Prisma is a container solution itself, it was as good as the Kubernetes environment could make it. 

I don't know about the Prisma Cloud SaaS solution because we didn't use it, but the on-prem solution was as reliable as our Kubernetes system was. It was really reliable.

What do I think about the scalability of the solution?

It's pretty scalable because of the API. I liked how simple the console was and how simple the API was. There was no complexity; it was straightforward. The API documentation was also very good so it was pretty easy to scale. You could automate pretty much everything. You could automate the certificate information, you could automate the access for developers, and a lot of other stuff. It was a pretty modern solution. Using APIs and containers, it was pretty scalable.

How are customer service and technical support?

We used their technical support many times and it was very good. The engineers there helped us a lot. They were engaged and interested in helping, and they were polite and they were fast. When we raised an issue to high priority, they answered faster. I would rate their support at five out of five.

Which solution did I use previously and why did I switch?

Prisma Cloud was the only solution we had for container security. We had other tools such as SAST and DAST tools, as well as open source management tools. Those intersected somewhat with what Prisma does, but Prisma had access to the whole environment, so it's a little bit different.

What other advice do I have?

We used the API from Prisma Cloud. We had a Jenkins pipeline with a lot of scripts to automate the installation of Prisma Cloud and the patching updates as well.

In our company, the security team had about 10 people, but only two were responsible for Prisma Cloud. As I mentioned, we inherited ownership of it from the containers team. In the containers team, we had a guy who was our main contact and who helped us. For example, when we needed to access a certain environment, he had to manage access so that it could have privileged access to do what it needed to do in the container environment. So overall, there were three people involved with it.

We used Prisma Cloud extensively. We used it across the whole on-prem environment and partially on cloud. We were at around 10 or 20 percent of the cloud. I think that nowadays they have probably reached much more than that, because we were just beginning on the cloud at the time.

Smaller companies should probably use the SaaS. I know that Azure and the cloud providers already have different ways to use tools in an easy manner so that you don't need to manage the infrastructure. So smaller companies should look into that. The infrastructure solution would be more for big companies, but I would recommend the solution for big companies. I would also recommend it for small companies. In terms of budget, sometimes it's hard to prioritize what's more important, but Prisma fits into different budget levels, so even if you have a small environment you can use Prisma's SaaS solution.

I was pretty satisfied with it. My impression of Prisma Cloud was pretty good. It's an amazing tool. It gives the whole view of your container environment and connection with multiple platforms, such as Splunk. It is a good solution. If I had my own company and a container environment, I would use it. It can fit a huge container environment with a lot of hosts, but it can also fit a small container environment. Azure also provides built-in solutions to install Prisma in your application. So there are different solutions for various container environments. The company I was in had huge container environments to monitor, on-prem and in the cloud, and the tool fit really well. But the tool also fits small environments.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about Prisma Cloud by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
554,676 professionals have used our research since 2012.
AC
Lead- Information Security Analyst at archan.fiem.it@gmail.com
Real User
Easy to use, provides good visibility but interface isn't customizable

Pros and Cons

  • "Prisma Cloud is quite simple to use. The web GUI is powerful. Prisma Cloud scans the overall architecture of the AWS network to identify open ports and other vulnerabilities, then highlights them."
  • "Prisma Cloud's dashboards should be customizable. That's very important. Other similar solutions are more elastic so you have the power to create customized dashboards. In Prisma Cloud, you cannot do that."

What is our primary use case?

We primarily use Prisma Cloud as a cloud security posture management (CSPM) module. Prisma Cloud is designed to catch vulnerabilities at the config level and capture everything on a cloud workload, so we mainly use it to identify any posture management issues that we are having in our cloud workloads. We also use it as an enterprise antivirus solution, so it's a kind of endpoint security solution.

Our setup is hybrid. We use SaaS also. We mostly work in AWS but we have customers who work with GCP and Azure as well. About 60 percent of our customers use AWS, 30 percent use Azure, and the remaining 10 percent are on GCP. Prisma Cloud covers the full scope. And for XDR, we have an info technology solution that we use for the Gulf cloud. So we have the EDF solution rolled out to approximately around 500 instances right now.  

Prisma Cloud is used heavily in our all production teams. Some might not be directly using the product since our team is the service owner and we manage Prisma. Our team has around 10 members teams, and they are the primary users. From an engineering aspect, there are another 10 team members who use it basically. Those are the actual people who work hands-on with Prisma Cloud. Aside from that, there are some product teams that use Prisma indirectly. If we detect something wrong with their products, we take care of it, but I don't think they have an active account on Prisma Cloud.

How has it helped my organization?

Prisma Cloud has been helpful from a security operations perspective. When a new product is getting onboarded or we are creating a new product — specifically when we need to create a new peripheral— it's inevitable that there will be a kind of vulnerability due to posture management. Everything we produce goes through via CICD, and it's kind of automated. Still, there are some scenarios where we see some gaps. So we can discover where those gaps exist, like if someone left an open port or an instance got compromised. 

These kinds of situations are really crucial for us,  and Prisma Cloud handles them really well. We know ahead of time if a particular posture is bad and we have several accounts in the same posture. Prisma gives us a deep dive with statistics and metrics, so we know which accounts are doing bad in terms of posture, how many accounts are out of alignment with the policy strategy, how many are not compliant. Also, it helps us identify who might be doing something shady. 

So we get some good functionality overall in that dashboard. Their dashboard is not customizable, however, so that's a feature we'd like to say. At the same time, what they do provide on their dashboard is pretty helpful. It enables us to make the posture management more mature. We're able to protect against or eliminate some potential incidents that could have happened if we didn't have Prisma. 

What is most valuable?

Prisma Cloud is quite simple to use. The web GUI is powerful. Prisma Cloud scans the overall architecture of the AWS network to identify open ports and other vulnerabilities, then highlights them. It's really good at managing compliance. We get out-of-the-box policies for SOC 2, Fedramp, and other compliance solutions, so we do not need to tune most of the rules because they are quite compliant, useful, and don't get too many false positives. 

And in terms of Prisma Cloud's XDR solution, we do not have anything at scope at present that can give us the same in-depth visibility on the endpoint level. So if something goes bad on the endpoint, Prisma's XDR solutions can really go deep down to identify which process is doing malicious activity, what was the network connection, how many times it has been opened, and who is using that kind of solution or that kind of process. So it's a long chain and its graphical representation is also very good. We feel like we have power in our hands. We have full visibility about what is happening on an endpoint level. 

When it comes to securing new SaaS applications, Prism Cloud is good. If I had to rate it, I would say seven out of 10. It gives us really good visibility. In the cloud, if you do not know what you are working with or you do not have full visibility, you cannot protect it. It's a good solution at least to cover CSPM. We have other tools also like Qualys that take care of the vulnerability management on the A-level staff — in the operating system working staff — but when it comes to the configuration level, Prisma is the best fit for us. 

What needs improvement?

Prisma Cloud's dashboards should be customizable. That's very important. Other similar solutions are more elastic so you have the power to create customized dashboards. In Prisma Cloud, you cannot do that. Prisma also should allow users to fully automate the workflow of an identified set. Right now, it can give us a hint about what has happened and there is an option to remediate that, but for some reason, that doesn't work. 

Another pain point is integration with ticketing solutions. We need bidirectional integration of Prisma Cloud and our ticketing tool. Currently, we only have one-way integration. When an alert appears in Prisma Cloud, it shows up in our ticketing tool as well. But if someone closes that ticket in our ticketing tool, that alert doesn't resolve in Prisma Cloud. We have to do it manually each time, which is a waste of time. 

 I am not sure how much Prisma Cloud protects against zero-day threats. Those kinds of threats really work in different kinds of patterns, like identify some kind of CBE, that kind of stuff. But considering the way it works for us, I don't think it'll be able to capture a zero-day threat if it is a vulnerability because Prisma Cloud actually doesn't capture vulnerability. It captures errors in posture management. That's a different thing. I don't know if there is any zero-day that Prisma can identify in AWS instantly. Probably, we can ask them to create a custom policy, but that generally takes time. We haven't seen that kind of scenario where we actually have to handle a zero-day threat with Prisma Cloud, because that gets covered mostly by Qualys.

For how long have I used the solution?

I've been using Prisma Cloud for almost two years now.

What do I think about the stability of the solution?

Prisma Cloud is quite stable. At times, it goes down, but that's very rare. We have some tickets with them, but when we see some issues, they sort it out in no time. We do not have a lot of unplanned downtime. It happens rarely. So I think in the last year, we haven't seen anything like that.

What do I think about the scalability of the solution?

Prisma Cloud is quite scalable. In our current licensing model, we're able to heavily extend our cloud workload and onboard a lot of customers. It really helps, and it is on par with other solutions.

How are customer service and support?

I think Prisma Cloud's support is quite good. I would rate them seven out of 10 overall. They have changed their teams. The last team was comparatively not as good as the one we have right now. I would rate them five out of 10, but they have improved a lot. The new team is quite helpful. When we have an issue, they take care of it personally if we do not get an answer within the terms of the SLA. We tend to escalate to them and get a prompt answer. The relationship between our management and their team is quite good as well. .

We have a biweekly or weekly call with their tech support team. We are in constant communication about issues and operating problems with them. It's kind of a collab call with their tech support team, and we have, I think, a monthly call with them as well. So whenever we have issues, we have direct access to their support portal. We create tickets and discuss issues on the call weekly.

Transitioning to the new support team was relatively easy. They switched because of the internal structure and the way they work. Most of the engineering folks work out of Dublin and we are in India. The previous team was from the western time zone. That complicated things in terms of scheduling. So I think the current team is right now in Ireland and it's in the UK time zone. That works best for us. 

How was the initial setup?

We have an engineering team that does the implementation for us, and our team specifically handles the operations once that product is set up for us. And then that product is handed over to us for the daily BA stuff accessing the security, the CSPM kind of module. We are not involved directly. When the product gets onboarded, it's handed over to us. We handle the management side, like if you need to create a new rule or you need to find teams for the rule. But the initial implementation is handled by our engineers.

What other advice do I have?

I would rate Prisma Cloud six out 10. I would recommend it if you are using AWS or anything like that. It's quite a tool and I'm impressed with how they have been improving and onboarding new features in the past one and a half years. If you have the proper logging system and can implement it properly within your architecture, it can work really well.

If you are weighing Prisma Cloud versus some CASB solution, I would say that it depends on your use case. CASBs are a different kind of approach. When someone is already using a CASB solution, that's quite a mature setup while CSPM is another side of handling security. So if someone has CASB in place and feels they don't need CSPM, then that might be true for a particular use case at a particular point in time. But also we need to think of the current use case and the level of maturity at a given point in time and consider whether the security is enough.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
CL
Director of Information Security Architecture at a financial services firm with 5,001-10,000 employees
Real User
Top 20
Provides continuous compliance monitoring, good visibility from a single pane of glass, good support

Pros and Cons

  • "The most valuable feature is the continuous cloud compliance monitoring and alerting."
  • "We would like to have the detections be more contemporaneous. For example, we've seen detections of an overprivileged user or whatever it might be in any of the hundreds of Prisma policies, where there are 50 minutes of latency between the event and the alert."

What is our primary use case?

We use Prisma Cloud in several ways and there are a lot of use cases. The first way that we use it is for inventory. It keeps a near real-time inventory of virtual compute storage and services. Second, we use it for monitoring and alerting of misconfigurations or other items of security significance. Next is compliance. We use it to monitor compliance with the centers for internet security (CIS) benchmarks.

How has it helped my organization?

Prism provides security that spans multi/hybrid-cloud environments. We have it configured to watch for compliance in AWS, the Google Cloud Platform, and very soon, Azure as well. This is important to us because our risk management organization mandated the fact that we would maintain this overwatch capability in any of our clouds that have virtual compute storage or workloads.

Prism's comprehensiveness for protecting the full cloud-native stack is excellent.

The comprehensiveness of the cloud-native development lifecycles is excellent. For us, the deploy functionality is not applicable but the build and run capabilities are. It positively affects our operations and gives us optics that we wouldn't otherwise have, at the speed of the cloud.

Prisma provides the visibility and control that we need, regardless of how complex our environments are. This very much boosts our confidence in our security and compliance postures. It's also been deemed acceptable as a sufficient presence and efficacy of control by our internal auditors and external regulators alike.

This solution has enabled us to integrate security into our CI/CD pipelines and add touchpoints as a control stop in the release chain. The touchpoints are seamless and very natural to our automation.

Prism Cloud is a single tool that we can use to protect all of our cloud resources without having to manage and reconcile several security and compliance reports. It unifies and simplifies the overall operations.

Using this tool provides us with risk clarity across the entire pipeline because we use it as a pre-deployment control, ensuring that the run state is known and the risk posture is known at runtime. Our developers use this information to correct issues using our tools for YAML, JSON, CloudFormation templates, and Terraform.

Prisma does so much pre-screening that it limits the number of runtime alerts we get. This is because those pre-deployment code controls are known before the run state.

The investigations capabilities enhance our process and lower incident response and threat detection time. However, it is an enabler and it is run in parallel with our SIEM, which is Splunk. Most of what we're going to do, investigation-wise, is going to be in Splunk, simply because there's better domain knowledge about the use of that tool in Splunk's query language.

What is most valuable?

The most valuable feature is the continuous cloud compliance monitoring and alerting. The way Prisma works is that it has a tentacle from Palo Alto's AWS presence into ours. That tentacle is an application program interface, an API, a listener. That listener goes in and is entitled to look at all of the Amazon Web Services' logging facilities. It can then do event correlation, and it can tattletale on misconfigurations such as an S3 storage bucket made publicly available. We wouldn't otherwise be aware of that if Prisma didn't watch for it and alert on it.

Prism provides cloud workload protection and cloud network security in a single pane of glass, and these items are very important to us. It also provides cloud infrastructure entitlement management but identity and access management is not something that we use Prisma for. We implemented a PoC but we opted to use another tool for that use case.

The security automation capabilities provided by this product are excellent and industry-leading. Palo Alto bought a company called Twistlock, which makes a pre-deployment code scanner. They added its functionality to the feature set of Prisma in the form of this compute module. Now, we're able to use the Twistlock capability in our automation, which includes our toolchains and pipelines.

This tool provides excellent features for preventative cloud security. We use all of the auto-remediation capabilities that Prisma offers out of the box. That "see something, do something" auto-remediation capability within Prisma keeps our human responders from having to do anything. It's automated, meaning that if it sees something, it will right the wrong because it has the entitlement to do that with its Prisma auto-remediation role. It's great labor savings and also closes off things much quicker than a human could.

Palo just keeps bolting on valuable features. They just show up in the console, and they have their little question mark, down in the lower right-hand corner, that shows what's new, and what's changed for August or September. They just keep pouring value into the tool and not charging us for it. We like that.

What needs improvement?

We would like to have the detections be more contemporaneous. For example, we've seen detections of an overprivileged user or whatever it might be in any of the hundreds of Prisma policies, where there are 50 minutes of latency between the event and the alert. We'd always want that to be as quick as possible, and this is going to be true for every customer.

The billing function, with the credits and the by-workload-licensing and billing, is something that is a little wonky and can be improved.

For how long have I used the solution?

We began using Prisma Cloud in October or November 2018, when it was still known as RedLock.

What do I think about the stability of the solution?

Stability-wise, it has been perfect.

What do I think about the scalability of the solution?

The scalability is excellent. Palo keeps adding cloud support, such as for Alibaba, Oracle, and others.

We have approximately 5,500 employees. Our deployment is all-encompassing overwatch to all of our AWS accounts, of which there are 66. We also have two or three different folders within GCP.

We do have plans to increase our usage. This includes using it for more of its capabilities. For example, there is a workload protection link that we haven't fully embraced. There are also some network security features and some dashboarding and geo-mapping capabilities that we could make better use of.

How are customer service and support?

The technical support is excellent. We have premium support with Palo Alto and I never have any critique for the quality or speed of support.

Which solution did I use previously and why did I switch?

We have used this solution from the outset of our cloud journey. It began with Evident.io, then it became RedLock, and then it became Prisma Cloud.

How was the initial setup?

The initial setup is very straightforward. We did it several times.

The first one was deployed to AWS, which probably took about an hour. Years later, as we adopted the Google Cloud, it was configured in probably half an hour.

Palo provides the necessary setup instructions and you can't go wrong, as long as you have the role entitlement set up for Prisma. The handshake only takes about an hour.

What about the implementation team?

Our deployment was done entirely in-house.

We have three people, full-time, who are responsible for the maintenance. Their roles are policy management, meaning these are the rule sets. It's called RQL, the RedLock query language, the out-of-the-box policies that are ever dynamic. When there's a new policy, we have to go in and rationalize that with our cyber organization.

We have to scrutinize the risk rating that's put on it by Palo. We have to realize when we're going to turn it on and turn it off. Also, we have to consider the resulting incident response procedures associated with the alert happening.

What was our ROI?

One metric that would be meaningful in this regard is that our company has had no cloud-based compromise. 

What's my experience with pricing, setup cost, and licensing?

You can expect a premium price because it is a premium quality product by a leading supplier.

We are a strategic partner with Palo Alto, meaning that we use all of their solutions. For example, we use their NG firewalls, WildFire, Panorama, Prisma, and all of their stuff. Because Prisma was an add-on for us, we get good pricing on it.

There are costs in addition to the standard licensing fees. The credits consumption billing model is new and we're going to be using more of the features. As we embrace further and we start to use these workload security protections, those come at an incremental cost. So, I would say that our utilization, and thus the cost, would trend up as it has in the past.

Which other solutions did I evaluate?

We evaluated several other products such as DivvyCloud, Dome9, and a product by Sophos.

We did a full comparison matrix and rationalization of each of the capabilities. Our sister company was using DivvyCloud at the time and as we do from time to time, we conferred with them about what their likes and dislikes were. They were moderately pleased with it but ultimately, we ended up going with Palo Alto.

What other advice do I have?

My advice for anybody who is considering this product is to give it a good look. Give it a good cost-balance rationalization versus the cost of a compromise or breach, because it's your defense mechanism against exposure.

I would rate this solution a ten out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
PK
Governance Test and Compliance Officer at Thales
MSP
Top 5Leaderboard
We are able to filter alerts by security level so our teams understand which situations are critical

Pros and Cons

  • "I was looking for a vulnerability scanner and I was looking for one place in which I could find everything. This tool not only does vulnerability scanning, but it also gives me an asset management tool."
  • "We would like it to have more features from the risk and compliance perspectives."

What is our primary use case?

I was looking for one tool which, as a WAF, could provide me with information regarding applications  and with features where I can oversee things.

We use the solution's ability to filter alerts by levels of security and it helps our teams understand which situations are the most critical. Based on the priorities that I get for my product, I can filter the notices the team needs to work on, to those that require immediate attention. That means it's easier for me to categorize and understand things exactly, on a single dashboard. I can see, at one point in time, that these are my 20 applications that are running. Out of them, I can see, for example, the five major vulnerabilities that I have — and it shows my risk tolerance — so I know that these five are above my risk tolerance. I know these need immediate attention and I can assign them to the team to be worked on immediately.

How has it helped my organization?

Instead of going for multiple tools, this tool has helped me to have one platform where I can have all the features and information I'm looking for.

The tool is working on the principles of governance, risk, and compliance as well. It even helps me in application-level firewall security. It's not just a single tool. It has helped me find out details about multiple things.

The integration with user tools is pretty easy; it's user-friendly.

In terms of a reduction in alerts, it has helped me out in not putting unnecessary time into a couple of things, which can be figured out at a glance. I would estimate the reduction in alerts at about 40 percent.

What is most valuable?

I was looking for a vulnerability scanner and I was looking for one place in which I could find everything. This tool not only does vulnerability scanning, but it also gives me an asset management tool.

It has been good in my test environment when it comes to scanning my infrastructure.

What needs improvement?

We would like it to have more features from the risk and compliance perspectives.

On the governance side of it, we did want it, but the licensing costs for that are so high. As a result, I have to integrate this solution with a couple of additional tools. For example, suppose I wish to assign something to an organization or to another person. To do that I have to integrate it with something like JIRA or Confluence where I can ask them to provide the pieces of information. If the licensing costs were a little lower, I would have been able to assign it then and there. As it is, though, I need to assign it from one platform to another platform, one where the team of engineering people is working. I still need to go to multiple platforms to check if something was assigned, and I have to keep checking between the two platforms to see whether it's not done or not.

For how long have I used the solution?

We have been using Prisma Cloud by Palo Alto Networks for five months, testing it and evaluating it during that time. We are planning to purchase it.

I have been evaluating this product from the point of view of DevOps. I have not been evaluating it from the security operations point of view.

Prisma Cloud actually has two solutions. One is a cloud-based solution and the other is their on-premise solution. I have had a look at and tested both of these tools.

What do I think about the stability of the solution?

It's a stable product.

What do I think about the scalability of the solution?

It's scalable. We discussed that with them. We also discussed the scenario where I want to move from one cloud environment to another, or if I make some other changes. How flexible is the tool as far as working with different cloud environments goes? And it is perfectly fine in that regard.

If we deploy it, I will be using it quite extensively for my day-to-day vulnerability scans.

How are customer service and technical support?

I would rate their technical support at nine out of 10. They have been very supportive. Every time I have called them they have been there for me.

Which solution did I use previously and why did I switch?

I was using multiple tools from here and there: one tool for vulnerability scans, one for risk management. But this has provided me an answer for not just one tool but for multiple requirements that I have.

How was the initial setup?

The initial setup was easy. I got to help from their technical department and the device is more or less plug-and-play. If you have specifications which are required by the cloud, and your products are running on those specific cases, then it becomes quite easy. You just have to install it and it's good to go in your infra.

Since I did it for my development center only, I just had to install one installer and then the agents were installed automatically after running a script. For the whole environment, it could not have taken more than a day or two.

What's my experience with pricing, setup cost, and licensing?

Security tools are not cheap. This one is a little heavy on the budget, but so are all the other security tools I have evaluated.

There are no additional costs to the standard licensing fees for Prisma Cloud.

Which other solutions did I evaluate?

I looked at Trend Micro Cloud One Workload Security. Both it and Palo Alto Prisma Cloud are good for container-level security and scanning. But the financial part of it and budgeting play an important role.

With Prisma, it's not just one feature. It has also provided me with solutions for a couple more of my requirements. That was not the case with Trend Micro. In addition, Prisma Cloud was easy for me to figure out. The only con I see in Prisma Cloud is that because of its cost, I have to use multiple tools.

What other advice do I have?

It's a good tool. I would tell anybody to give a shot. It's easy, it's user-friendly; it's like a plug-and-play tool.

I am a single point of contact for this solution, right now. I'm working on it with my entire management to review things. I have to coordinate because of the multiple platforms they have. Roles have been assigned at different levels. There is a consultant's role, a reviewer's role, and there is an implementer's role. The latter is supposed to be working with them.

Root cause analysis needs to be done at my own level. The solution does inform me that a predicted vulnerability exists and this is the asset where it could be happening. But the intelligence has to be provided by the security consultant.

If something becomes visible during the build phase, we already have a pretty good area where we can change the product so that it does not impact the production environment.

The solution provides an integrated approach across the full lifecycle to provide visibility and security automation and, although we have not started using that part of it yet, it will definitely enable us to take a preventive approach to cloud security when we do use it.

Overall, it provides all the pieces of information that you require, in one place and time. I think it's going to be good to work with them.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
SV
Sr. Manager IT Operations at a tech vendor with 5,001-10,000 employees
Real User
Top 20
Provides cross-cloud security but it isn't so user-friendly

Pros and Cons

  • "The product is quite good for providing multi-clouds or cross-cloud security from a single-pane -of-glass."
  • "Palo Alto should work on ease-of-use and the user-friendliness to be more competitive with some competing products."

What is our primary use case?

We use cloud solutions generally for client demos of products.  

How has it helped my organization?

It has not been implemented, but Prisma or Dome9 will provide us with better cloud security and less administration time for our cloud instances. 

What is most valuable?

RedLock is quite good for providing multi-clouds or cross-cloud security.  

What needs improvement?

In our testing, we have found the Check Point product CloudGuard Dome9 to be more user-friendly at this point. Palo Alto Prisma's interface was not as user-friendly. Palo Alto should work on this part of its solution to be more competitive with ease-of-use. I do not feel Palo Alto is short of any features, but if we compare the two side-by-side, I think the user interface for Palo Alto needs to be improved to make it at least as good as Dome9.  

For how long have I used the solution?

We just started evaluating it, so we have just been using it for a little more than a month doing some evaluations and proof of concept.  

What do I think about the stability of the solution?

The product is stable.  

What do I think about the scalability of the solution?

We have not tested scalability extensively to this point because our cloud accounts are not being used so much that it warrants scaling it up. We only dedicated a small amount of resources for the product at this point while exploring it.  

There are up to 10 users on RedLock in our company and there are never more than 10 at this point.  

How are customer service and technical support?

We worked with both the Palo Alto and Check Point technical support teams during our evaluations. So we were connected to the technical team at Palo Alto. Their technical support was excellent. The presales team was very proactive and helped us in every aspect we needed to resolve our queries during implementation and they provided knowledge to our team internally. The technical support from both vendors was very good. This was not a problem.  

Which solution did I use previously and why did I switch?

We have been using the native security solutions from each of the clouds or cloud service partners we deal with, but they have limited functionality. That is why we began to look into other options. 

How was the initial setup?

The initial setup was not too easy and yet not too complex. It was pretty good. The deployment took a couple of days. For deployment, it required only one person. For maintenance, it requires a team of engineers. We have a team with different roles and responsibilities. We have someone from the network team, we have someone from the infosec [information security] team, we have someone from the cloud team, and we have someone from our Unix team. So there is one person from each team who has been assigned roles and responsibilities with explorations of Prisma. The team monitors the system on a day-to-day basis and checks for threats and then, according to what they find, then they decide on any necessary course of action.  

What about the implementation team?

Our company did the deployment ourselves with an internal team. We did not use an integrator or consultant.  

Which other solutions did I evaluate?

We did not use any specific or dedicated cloud security product before evaluating the options we chose to review. Currently, we do not have any specific product that we purchased specifically for cloud security. Recently we came across Palo Alto Prisma Cloud Security and Check Point Cloud Guard Dome9 products and we chose to evaluate both and engage in POCs.  

We wanted to find some solution where we could see all our cloud accounts and manage them in one single pane of glass. When we used the native solutions that were in place through our cloud providers, we had to manage several different clouds by going to each individually. These dedicated products have everything for cloud security management in one place and we can monitor all our cloud activity from there. There is also the benefit that the functionality of dedicated products is more robust.  

Currently, we have stopped using RedLock. We are focusing on exploring Dome9 by Check Point. We have found it very easy to use and the interface is quite user-friendly.  

What other advice do I have?

The advice I would give to someone seriously considering these cloud solution products is to be careful with procedures you use while testing them. During the setup phase, there were not many challenges. But while integrating the cloud accounts, I would recommend the users initially provide only read-only access not read-write access, just as a precaution. The users should also be cautious not to expose cloud data to vendors like Dome9 or Palo Alto or whomever the vendor will be.  

On a scale from one to ten where one is the worst and ten is the best, I would rate the Palo Alto product overall as a seven-out-of-ten. Dome9 I would currently rate eight-out-of-ten. Palo Alto's rating could improve with enhancements to ease-of-use.  

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Darshil Sanghvi
Consultant at a tech services company with 501-1,000 employees
Reseller
Top 5Leaderboard
Easy to set up and very user friendly with great reporting capabilities

Pros and Cons

  • "Technical support is quite helpful."
  • "The licensing is a bit confusing."

What is our primary use case?

When we did a POC, we realized that this product was able to give us insights into how consumers or services are activated. We could tell if, in certain cases, there was any kind of manual issues such as a misconfiguration. The solution is used to help us to reconfigure items and figure out what reconfiguration needs to be done, et cetera. Our target was to enhance the security portion of our AWS cloud.

What is most valuable?

The security features are quite good. 

The monitoring part is excellent. It is able to completely monitor our users in order to see what the users are doing at what time and if the users are currently logged in from India, and after five minutes of seeing a user if they are then trying to log in from Singapore, for example. Of course, this would not be possible, and so we would know something was wrong. It can pick up questionable behavior that may have been missed.

The reporting is great.

It's very user-friendly. You can easily make customized dashboards as well. 

We can easily restrict the users if we need to. We can even restrict them from accessing certain applications or services.

If anything tries to come in from a malicious IP, it will block it.

The initial setup is easy. 

We've found the solution to be stable and reliable. 

The solution does offer pretty good integration options.

Technical support is quite helpful.

What needs improvement?

The remediation part could be better. It should be able to automatically remediate on the basis of its artificial intelligence. If there are alerts, it should directly act and surround the malicious threat with a container or something. Instead of waiting on approval, it should immediately act. There should be no need for manual input when there is a threat on hand.

The ability to scale is limited as it is a SAS product. 

The licensing is a bit confusing.

For how long have I used the solution?

We've used the solution for a while. Previously, it was RedLock Solutions and we were using it since it was known as RedLock. That's around let's say two years now. Then, Palo Alto bought it, and we now use it under the new name.

What do I think about the stability of the solution?

The stability and reliability are excellent. There are no bugs or glitches. It does not crash or freeze. it's great.

What do I think about the scalability of the solution?

The scalability isn't infinite. It's limited.

That said, we haven't really tested it as we haven't added any users or anything into the solution yet.

How are customer service and technical support?

We have found the technical support to be helpful and responsive. Originally, when we needed assistance with integrating it into our AWS cloud, we contact them and they helped us immediately. It was a very positive experience. We were very satisfied. 

How was the initial setup?

The initial setup is very easy. It's not overly complex. A company should be able to handle it without any issues. 

What's my experience with pricing, setup cost, and licensing?

We pay a licensing fee on a yearly basis.

It is not costly. However, the way it is priced is based on the number of incentives. The problem is, what is the number of incentives? We don't know. They seem to do it by the number of workloads, however, we're unclear as to what defines a workload. They need to improve on the licensing front. They need to be more clear about the whole thing.

Which other solutions did I evaluate?

I've never evaluated any other services.

What other advice do I have?

We are Palo Alto partners.

I'd advise that companies that get big and have a lot of servers or critical applications in their cloud invest in this solution.

I would rate the solution at a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
GP
Advisor Information Systems Architect at a computer software company with 10,001+ employees
Real User
Gives you at-a-glance compliance security, but microsegmentation still needs improvement

Pros and Cons

  • "Prisma Cloud's monitoring features such as the compute compliance dashboard and the vulnerability dashboard, where we can get a clear visualization of their docker, have also been valuable. We can get layer-by-layer information that helps us see exactly where it's noncompliant. They update the dashboards quite frequently."
  • "They charge seven workloads for monitoring one compute, and that is quite expensive. This makes it difficult to move fully with the compute part because of the workload."

What is our primary use case?

Our primary use case is to certify blueprints. We are helping both on the CSPM and the CWPP parts of it. We monitor the compute infrastructure and certify the project.

CACS for CSPM, we certify against the NIST 800-53 compliance standard.

What is most valuable?

For the compliance part, we have found the pie graph, where we can see all of the compliance standards in one go, to be a valuable feature.

Prisma Cloud's monitoring features such as the compute compliance dashboard and the vulnerability dashboard, where we can get a clear visualization of their docker, have also been valuable. We can get layer-by-layer information that helps us see exactly where it's noncompliant. They update the dashboards quite frequently.

Their data security feature is quite good as well.

Their training modules are good, and my team is okay with them.

What needs improvement?

Microsegmentation still needs improvement.

For data security, they have only specific regions like the US, and they need to move to Asia as well.

The most important thing has to do with the computing, licensing, and costing. They charge seven workloads for monitoring one compute, and that is quite expensive. This makes it difficult to move fully with the compute part because of the workload.

Their training modules need to have more live examples. We need to refer to the YouTube channel or follow Palo Alto to get the reference. If they can refer to the YouTube channel in their training and indicate that it can be referred to for further information, it would be good.

On their portal, they do not have which services are available in each region. While searching, it's very hard to find in which location a service is enabled. So, it would be great to have a list of services for each region.

For how long have I used the solution?

I've been using Prisma Cloud for eight months. It is a SaaS solution.

What do I think about the stability of the solution?

It's stable as of now; it has not been down in the last eight months.

What do I think about the scalability of the solution?

It is scalable as of now. We have 20 VMs.

How are customer service and technical support?

Technical support is good. From what I've observed though, different regions seem to have different SMEs, subject matter experts, and different people have different knowledge. So, there is definitely a gap between the different SMEs.

Which solution did I use previously and why did I switch?

We were using AWS products.

We switched because of twist lock for compute security. The Prisma Cloud dashboard is powerful, and it gives you at-a-glance compliance security against many standards. We can also write our own custom policies if we want to build our own standard. So, there are lots of benefits with Prisma Cloud.

How was the initial setup?

It's a SaaS, so the initial setup is pretty straight forward. We are still onboarding, and most of the customers are in the dev environment as of now and not production. So, it was quite smooth. They have their contributions filed on the portal, the cloud formation templates.

What's my experience with pricing, setup cost, and licensing?

The licensing cost is a bit high on the compute side. We get a corporate discount, which helps reduce overall cost. In some cases, you may need to have two licenses to onboard a project, which would make it expensive.

What other advice do I have?

If your specialization involves blueprint certification against a compliance standard, then you can go with Prisma Cloud. It is very powerful for data loss prevention, and I would rate it at seven on a scale from one to ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Buyer's Guide
Download our free Prisma Cloud by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.