Please share with the community what you think needs improvement with Prisma SaaS by Palo Alto Networks.
What are its weaknesses? What would you like to see changed in a future version?
I would like to see a hybrid model which has API plus in-line security, where the user's data is controlled via an API call and also controlled in-line.
We are using the SaaS offering. We use our applications for microservices. We use Twistlock to scan containers, and it displays these results in Prisma, which is a good feature because we can see vulnerabilities with respect to these containers. We can see everything in a very detailed manner. However, when you have different environments for a single application, such as DEV, QA, PROD, and TEST, all these environments run multiple containers, which can lead to a very high number of containers. In such a scenario, it shows you the alerts for all those containers that have vulnerabilities. If you show the results of all the containers that share the same image, it is not going to add any value. Therefore, they should narrow down the alerts based on a container. It should show information for a single container. Otherwise, the person who is looking at the results gets the impression that he has to fix all these issues. This is something that they can improve.
My clients would like to see a more feature-rich product.
The price can be reduced to make it more competitive.
Overall it is actually very good. I haven't yet had any issue at all. One thing that would help is if we could get a guide. With Cisco, for example, you can just type the problem regarding your Cisco product and you will easily get your solution. In Palo Alto, however, it's not easy to find the solutions.
They automatically update and they should give us time to fully understand what they're updating so that we can make sure it doesn't impact production.
There are a lot of cloud-based applications that are supported, such as Box, Skype, Google Drive, and SharePoint, but there are many more than have not been totally integrated. They cannot use in-house apps because they are not generic services. I would like to see support for custom applications. There are also certain storage services that are not integrated, like AWS S3. If the services are created by the customer then it would be very nice to have those protected too. Right now, this is a data at rest CASB, but it would be nice if it included features such as forward proxy or reverse proxy. It would be able to provide the OTP to those gateways and anyone who can integrate with Aperture can send the data to have it authenticated, via Aperture to the cloud, rather than just scanned. Essentially, if it can be made to act as an auth server, to automatically handle the forward proxy CASB, it would be good.
What do you like most about Prisma SaaS by Palo Alto Networks?
Thanks for sharing your thoughts with the community!