I have onboarded AWS environment accounts for some clients and some online hosted repositories on third-party platforms.

We currently have four modules. We have Application Security, Runtime Security, and Cloud Security. The latest one is Data Security, but I have only been using the other three modules.

I have mostly onboarded accounts. I have not used its other features much. I am aware of the environment dashboard that we get after 24 to 48 hours of scanning. The suggestions that they give are in a curated manner. We can see what steps we can take to minimize risk or remove critical or high-level vulnerabilities. This categorization based on severities helps us to prioritize which risks need to be remediated first.

It helps us to prioritize. We can see what is the scenario at the network level, identity level, or Internet exposure level. On the basis of these categories and on the basis of severity, we get the whole cloud security posture of the environment and also the suggestions.

It has helped save some time. The customer environment can be very vast, and the use cases can vary. A startup environment or beginner-level cloud environment is easy to check manually, but for users who have been using cloud environments for three or four years, manual checks are not efficient. Prisma Cloud saves time and costs. We are able to give a much more informative review of the cloud environment.

Prisma Cloud is a cloud-native application protection platform. That is what we showcase to our potential customers. It has helped us to gain the confidence that we can proactively monitor a cloud environment or a repository. One of my recent use cases was related to the repository. The establishment of trust is there, and the extent of cloud security services has also rapidly increased for our organization. This offering has been a great pillar for our organization.

It not only provides the risks and misconfigurations; it also includes compliance, so the industry-level standards are also monitored.

I started onboarding environments only two or three months ago. After the first scan, I could see the cloud security posture on the dashboard. In some cases, I could see misconfigurations and some package-level vulnerabilities. They were all categorized on the basis of severity. I discovered all these things. Out of them, some issues were commonly found. We are able to resolve them in the easiest manner. Considering the number of issues that it discovered, it would have taken us months to monitor all the events manually. The customer environment keeps changing and the requirements also change, so the cloud security posture also changes. Prisma Cloud scans on a regular basis and saves a lot of time.

The visibility level that it provides is the best. It is not restricted or limited to a few attacks or vulnerabilities. Every day, any type of attack can happen. There can be an attack of any severity. We are able to see all the possible incidents and all the possible issues in the environment. It has made us proactive, so our confidence has also improved.

The dashboard gets updated on a real-time basis. The first time, it takes 24 to 48 hours. After that, the latest scan is always available. It is consolidated. We get a detailed and comprehensive view from Prisma Cloud. It is easily accessible from the command center.

Prisma Cloud has saved us time. It helps us to fulfill our commitments. Without Prisma Cloud, it would take us double time to deliver to our customers what they want.

I believe it covers the containers and host-level security. It does provide information about how many hosts are in the environment and how many containers are deployed on Prisma Cloud. It tells us if any of the containers or hosts are affected and by which vulnerability. A comprehensive view of all that is available. We can see package-level vulnerabilities for PHP packages, Python packages, etc.

Visibility and control are the most utilized features. A dashboard is available to us where we can view different categories. We can see any IAM-related risks, any discovered vulnerabilities, any incidents, or any network-level issues. So, visibility and control are the most utilized parts. We can also view possible remediation or suggestions for each of the issues.

I recently onboarded some of the repositories, and for that, the issues were categorized into four types. The view was not very easy to understand. The Application Security dashboard was not as user-friendly as the Cloud Security dashboard. The Application Security dashboard can be improved in terms of UI. The categories provided should be helpful for the ones who are using it for the first time.

Other than this, I do not have any areas for improvement. I am a new user. I entered the domain of cloud security only six months ago. Before that, I was in a different domain. As of now, I see Prisma Cloud as an excellent tool.

I have been using Prisma Cloud in my current job role for the last six months.

It is stable. I have not had any issues.

I have not faced any limitations.

I have not interacted with their support.

I have not worked with any similar solution previously.

It was already installed when I joined. I only had to ask for some admin access, which was configured by the internal team in the organization, and my account was easily onboarded. 

The client account onboarding was also seamless. So far, we have onboarded five to ten accounts. Regarding the number of users, we provide limited access because it is a matter of cloud security. Overall, there are five to ten users, which also includes customers with view-only access.

It was already here when I joined.

I would absolutely recommend Prisma Cloud for cloud security posture management. It is great for onboarding cloud accounts. It is also good for onboarding repositories to improve application security.

I would rate Prisma Cloud a ten out of ten.

We're using the solution for container monitoring in one project and workload security in another. We've installed the agents on the servers to monitor for threats.

We haven't had an issue with the product for over a year. 

Its threat-hunting capabilities are very good. Security is a major thing for us.

We're using it in a banking setup and are using it only on a private cloud. 

The security automation is very useful.

Compared to AWS, the cost management is very low. The automation ensures we have limited tasks to do. In other security tools that I am using, there is no automation option at all.

We can integrate it very easily.

It's very easy to remotely connect. We can do that within fractions of a second.

We are getting a lot of visibility and control.

We've been able to reduce runtime alerts with Prisma Cloud.

We'd like to have more tools for threat hunting.

Sometimes, on the Azure side, there are issues. Some errors aren't being found on Prisma Cloud.

I've used Prisma Cloud for my past two projects. I've used it for one and a half years. 

We haven't had issues with downtime.

The solution is scalable. 

We've contacted support during some deployments on Windows servers in order to open ports. We had issues when we opened some ports and had no connection. Sometimes, their responses were slow or late.

Positive

The solution was very easy to deploy and integrate. We had a three-member team working on the setup. We only have ten to 20 servers. 

There is no maintenance needed after deployment.

The pricing can be a bit costly. However, it has low cost management.

We're a customer.

I'd rate the solution nine out of ten.

We use Prisma Cloud for container security, serverless function security, and our Cloud Security Posture Management.

We realized the benefits of Prisma Cloud almost immediately. It can comprehensively secure the entire cloud-native development lifecycle, from build to deploy and run. It has that capability. We are using it in the build and run space, but we aren't using it for secure code review.

We are more dependent on another product for visibility. Prisma Cloud does not have a natural feel, so we use another tool. About 75 to 80 percent of our workloads are connected to one solution, but Prisma Cloud has limitations. It doesn't have agents for them, so we use other tools or other native security tools to protect them. 

When we started, many false positives and mismatched rules were not properly created. We created a more mature ruleset and now have a manageable set of alerts. It's not that much and has reduced over time.

We use different tools to achieve the same result, and consolidating that helps us save money. It has saved us, but it is a costly product. We are also saving some money on projects where there is competition. It's much cheaper, and they have the same or similar features.

We have standardized vendor process management, so we want to reduce multiple vendors. Prisma Cloud is part of Palo Alto. We use Palo Alto firewalls and other solutions. Prisma has many features that intelligently cover cloud security. One solution can cover runtime for EC2 systems, containers, and Fargate. We also have EKS/Kubernetes integration. So, whatever the cloud-native solution in Pfizer, we can use one solution to secure that.

The Fargate security microservice that's running doesn't support blocking features, which would be helpful. Another issue is the lifecycle. It isn't easy to upgrade if we have a console in Fargate. 

We have used Prisma Cloud for nearly two years.

We have had some issues, but they were mainly due to the environment. It did not crash as much after we set up the environment, but we had to build the system twice because of environmental issues. It took us a long time, but we have a learning curve on these deployments.

Prisma scales well if we're deploying on Kubernetes, but it doesn't scale that great on Fargate.

I had an opportunity to work with technical support and presales. The technical support was good. They are deep into the technology, but the presales staff wasn't up to the mark.

Positive

We have Aqua Security and many open-source tools. Prisma Cloud suits our needs, so it's good. 

The deployment had a steep learning curve, and the support wasn't trained enough to work on the product. They were trying it out in their own lab. It's a new technology, so it takes time.

We deployed via a CICD integration, which took us around two months. We have two deployments: production and our lower environment. It took time because there were dependencies in the infrastructure. It took two to three months to get a stable working solution. I deployed it alone. 

We deployed in Fargate, so high availability and other things were not an issue. The issue was the upgrade process, which requires us to streamline the upgrade process in the target deployment. That requires maintenance. If there is a major upgrade, it requires a lot of planning and everything. 

Prisma Cloud's pricing is a little higher than its competitors. It should come down. 

I rate Prisma Cloud seven out of 10. 

I am using Prisma Cloud CSPM. It is a business as well as an enterprise license. We have the licenses for data security and host security for particular tenants. We have IAM, Code to Cloud, CI/CD pipelines, and scanning of code. These models are activated.

We are getting alerts and vulnerabilities for cloud asset misconfiguration and identity access management. We are using Prisma Cloud to find out these vulnerabilities and remediate them manually and automatically.

We have a multi-cloud environment. We have on boarded multiple client clouds. The data is on the AWS, Azure, Oracle, and Google clouds. All the organization-level accounts or individual accounts are onboarded into Prisma Cloud. Instead of using cloud-native CSPM solutions such as Security Hub for AWS, Security Command Center for GCP, and Microsoft Defender for Azure, we have integrated all cloud accounts with Prisma Cloud. So, centrally, we can manage and monitor all the vulnerabilities, misconfigurations, and cloud environments. We have all the logs. It may be the audit log. It may be the virtual network log, network flow log, firewall log, or any cloud trail log.

We can monitor all the cloud assets and cloud resources. For example, if a user has wildcard permission or is a power user but only requires read-only access, Prisma Cloud lets us know. It recommends the access that needs to be given to the user. We can create custom policies according to the customer usage over the last 90 days.

If some users and service accounts have access keys that are not rotated in 90 days, Prisma Cloud alerts us that a key has expired or not rotated in 90 days. We then manually rotate the keys and update them in the cloud environment. Prisma Cloud provides best practices for insider threats and external security exposure.

If a VM or S3 bucket is publicly exposed, Prisma Cloud alerts us about it. It also suggests a way to fix the issue. It provides remediation and also provides information about the severity. The recommendations are given based on best practices and ISO standards, and we can then remediate those alerts.

Prisma Cloud provides security spanning multi- and hybrid-cloud environments. They are also launching Prisma for MSPs. It is in progress and not yet officially launched. That will help with the next-generation cloud security.

Prisma Cloud continuously scans the cloud assets we have, such as virtual machines, S3 buckets, IAM configurations, CloudTrail logs, and VPC flow logs. It continuously scans and generates alerts. There is also a feature for the outbound integration with Splunk, Teams, or Slack so that you can get alerts in these solutions.

The remediation team takes action on generated alerts. The recommendations that it gives speed up the remediation. We can remediate issues or threats before they spread in the cloud environment.

It has a lot of features. It has different modules for application security, cloud security, DSP, etc. There are different versions. Prisma Cloud provides overall network security, application data security, and customer data security. If a customer has a Palo Alto firewall installed on their on-premise data centers, its logs can be integrated into Prisma Cloud. From the cloud infrastructure perspective and the network infrastructure perspective, Prisma Cloud helps to improve the overall security posture. It is very helpful.

Because of Prisma Cloud, we have reduced asset misconfiguration within the asset inventory. We have also reduced the risk and improved governance and compliance. We get proper alerts and recommendations to improve the security posture. It also helps from the application security perspective.

Its benefits can be realized very quickly. Once a cloud account or a cloud environment is integrated with Prisma Cloud, it takes seven to eight hours for Prisma Cloud to scan it. After the logs are ingested into Prisma Cloud, it assesses misconfigurations and generates alerts.

From the operations perspective, it is good. The console availability is there. They notify us about any upgrades and maintenance. For any data or logs being ingested, it creates alerts and provides the recommendation.

It categorizes the risks based on their severity. We are confident about our security and compliance postures. We can create our own compliance rules or follow the compliance standards applicable to an industry such as HIPAA, SOC2, etc. It is a good feature.

It is comprehensive. It can scan all cloud assets. It can scan Docker images, so image scanning is there. Infrastructure As Code scanning is there. Agent-based scanning is there. Container security is there. We can scan these and find out the vulnerabilities. Prisma Cloud supports application security and container security.

It reduces the remediation time. The critical alerts that we get also provide the remediation steps. We can remediate an issue in five to ten minutes.

They have data security posture management. We can apply the data loss prevention policies to S3 buckets or the data assets we have in the cloud. It is a good tool for securing our sensitive information.

Prisma Cloud is more cost-effective than cloud-native tools. We can remediate the multi-cloud environment and improve the overall cloud security through this single tool. As compared to the other solutions, Prisma Cloud is good. There is runtime protection, container security, and other things for multi-cloud environments.

With the query language, we can analyze logs and find out which IPs are malicious. It also provides a graphical representation. It provides the overall visibility and how the traffic is flowing. We can see where the malicious IP is and whether it is an insider threat or an outsider threat.

We also have the reports tab. We can easily capture reports for the last month and the type of vulnerabilities and alerts we are having.

From the compliance and governance perspective, we can create custom policies or custom compliance and governance rules as per various industries or compliance standards, such as HIPAA, PCI DSS, and NIST. From the compliance and governance perspective, we can track the cloud environment. It is a good feature.

Some of the clients onboard individual cloud accounts into Prisma Cloud. When any new service comes into the AWS, Azure, or any other cloud, Prisma Cloud generates a warning about the new service and any missing permissions to be able to ingest the logs. We then manually run a Terraform template for Azure or a CFT template for AWS. It is a manual task that we have to do as and when needed. It is a repetitive and manual task. They should find a way to automatically update the role with the CFT or Terraform template. It would be best if this task is automated. When an account is onboarded, if it is missing any permission, it should automatically be updated with the required permissions and policies.

If they can do something from the AI security perspective, it will be helpful. I am not sure if it has any AI capabilities, but it would be helpful to have AI integration for finding out issues and remediating alerts.

I have been working with Prisma Cloud for the last three years.

It is stable. The cloud environment is dynamic, so the tool must be dynamic. We have not had any issues with it.

It is scalable. It scales up properly.

Currently, we have multiple locations. We have about 20 companies with multiple cloud accounts. It is a multi-cloud environment.

The support from the Palo Alto team needs to be improved. Sometimes, we do not get an immediate response. It does not happen regularly, but more interactive support is required for Prisma Cloud.

Neutral

I worked with Wiz in my previous company. Wiz's GUI was better than Prisma Cloud. They provide remediation and recommend which policy needs to be created and how we can create the policy. From the GUI perspective, I like Wiz, but Prisma Cloud is improving. 

Wiz was also better from a cost perspective. I am not sure about the current price, but at the time, the client went to Wiz from a cost perspective. However, for runtime protection and continuous security, Prisma Cloud is good. Wiz did not provide these features.

It is tenant-based. If you have a multi-tenant environment, it is complex.

In terms of the implementation strategy, a customer requests us to onboard an account to Prisma Cloud, and we check with the customer what exactly they want. We first enable VPC Flow Logs and CloudWatch Logs in the AWS environment. We create a tenant with the help of the Palo Alto Networks team. After the tenant is built, we onboard the particular cloud account into Prisma Cloud. The alert rules, user access, and policies are created. This is the way we implement this solution.

It is not difficult to maintain. Only the cleanup process is there. If a user leaves the organization, we need to manually remove the access for the user, so the cleanup process is there. Apart from that, there is no maintenance. When a license expires, we need to renew those licenses.

From a deployment perspective, currently, we have three to four people, depending on the task. If a customer has a multi-regional cloud environment or a multi-cloud environment, it requires more time. Generally, four to five people in coordination with the Palo Alto team can handle those tasks.

The ROI is good from the security perspective for the multi-cloud environment. It is cost-effective. To secure the cloud environment, Prisma Cloud costs less than the cloud service provider's solution. The monthly cost of Security Hub for AWS or Security Command Center for GCP is more than Prisma Cloud. Prisma Cloud is a better solution in my opinion.

Its licensing cost depends on the type of license such as the business license or the enterprise license. The enterprise license is costlier than the business license, but we get more visibility and more modules. 

If you have a multi-cloud environment and subscribe to each cloud's native CSPM tool, it is costly. If you are using a single tool like Prisma Cloud, with a single license, you can monitor all environments, such as Google Cloud, Azure, AWS, and Oracle Cloud. The cost of Prisma Cloud is less than the cost of subscribing to the CSPM tool of each cloud provider. This is where Prisma Cloud can save costs.

If you are looking for cloud security posture management, application security, and container security, Prisma is the one. It is the best solution to track and monitor all the security postures for your cloud environment and the application and code environment. I would recommend using Prisma and its various flavors.

I would rate Prisma Cloud a nine out of ten for its capability.

Prisma Cloud is the amalgamation of multiple products. The main component was acquired from Twistlock. The main use case is to perform cloud security posture assessments of your cloud workload. You can connect multiple cloud providers to Prisma Cloud and review the security configurations.

The two Prisma modules I use are cloud security posture management and cloud workload protection. The compute part of Prisma Cloud Cloud can also be deployed on-prem. It's mainly for an on-premise environment. You can deploy a standalone host to protect or review the configurations if you have a Kubernetes Docker host.

I work for a system integrator, so I deploy these solutions to customers, but I don't typically operate them. Clients are looking for visibility into their multi-cloud environment. When you have an environment distributed across AWS, Azure, etc., controlling all the cloud environments from different consoles is difficult. 

Prisma Cloud gives you one console to see all of your assets, review their configurations, and build your processes. If you have a development team or your organization is developing a product, you can use Prisma Cloud to secure the product development lifecycle. You can integrate Prisma Cloud with your CICD pipelines to scan the containers and ensure they aren't vulnerable to any known CVEs.

It's a single pane of glass that covers all aspects of your cloud environment. It also provides your DevSecOps or DevOps teams with an excellent tool. Prisma Cloud is a collection of acquisitions, so you have multiple products within one tool. 

None of the solutions that promise to reduce alerts have done that, but Prisma Cloud gives you meaningful alerts. In rare cases, I've experienced alert fatigue or some false positives. It identifies guaranteed alerts. I can prioritize alerts based on several factors. If you have a resource on the cloud that has given vulnerability, it will check to see if the resource is exposed to the Internet and prioritize it accordingly. 

Most customers use Prisma Cloud for visibility and compliance. Prisma has so many features, but many organizations do not use them. They primarily use the visibility part to connect all their cloud accounts and hosts for visibility to see if they are missing any security controls or if they have any misconfigurations.

You can connect it to cloud environments such as Azure, AWS, Oracle Cloud, Alibaba, etc., or to an on-prem data center. Prisma Cloud gives you so many options to automate processes related to your daily operations. When it comes to cybersecurity, you can automate things with their existing APIs. They also have out-of-the-box integrations with many solutions.

I have not seen any limitations. Everything is customizable. You can do whatever you want, defining the reporting and custom use cases. They recently updated the UI, so it's much better than before.

These tools have a set of signatures or rules that will alert you whenever something meets the criteria. In the future, they might include some machine learning or AI feature that allows you to ask questions about the context of the alert, and it will provide you answers based on the data that they have. Most vendors are doing it, and I believe they will do it in the future. The reporting bar could also use AI to add context based on the environment.

We have used Prisma Cloud for two and a half years. 

I rate Prisma Cloud nine out of 10 for stability. I haven't seen any incidents with Prisma Cloud aside from the usual false positives you get with any solution. 

There aren't any limits to Prisma Cloud's scalability. I have seen Prisma Cloud working with organizations that have more than 800,000 assets in their cloud environment. 

You must have a large multi-cloud enterprise to realize Prisma Cloud's full value. A mid-sized enterprise with one cloud provider will not benefit from it. However, a mid-sized enterprise with a multi-cloud environment can get something out of it because it's difficult to track the number of assets and spending across all cloud environments. You need a cloud monitoring solution for them.

The quality of Palo Alto support depends on the region. Some regions have a higher priority and better teams to support clients, but others outsource the support to other countries. Generally, it's above average. 

Aqua Security was their main competitor. I have not worked on Aqua Security, but Tenable acquired the company recently, and it became Tenable Cloud Security. It's similar to Prisma Cloud, but it doesn't have the same functionality as Prisma Cloud. It's less comprehensive.

The setup process depends on the customer's environment, but deploying Prisma Cloud is straightforward. SaaS solutions are easy to set up. You don't need to worry about setting up any servers. You just deploy the agents and provide the credentials of your cloud environment.

I'm not sure about the pricing. I have seen some commercials, but the pricing is variable. It isn't expensive compared to the value it will give you. It's like a choice between a 2024 Mercedes or a 2019 Toyota. It's a high-end product, but you get an excellent value. 

I rate Prisma Cloud nine out of 10. A cloud solution for configuration review is essential for any organization with a multi-cloud environment. 

The main use case was identification of cloud security compliance and detection of misconfigurations (including user and service principal identity and permissions) across multi-cloud environment. Secondary use case was development of custom policies based on internal security requirements of the banking client.

For the Financial Services client, I mainly used the CSPM and Cloud Infrastructure Entitlement Management (CIEM) modules. Code Security module was integrated to a limited extent, as part of CI/CD pipeline to enable Infrastructure as Code scanning before deployment. The primary cloud platforms of this client were AWS and Azure (limited cloud presence).

I also used Prisma Cloud for a PoC for another client of mine who used Azure and Oracle cloud platforms. The evaluation included different capability set as well: in addition to CSPM, CIEM, the Cloud Workload Protection Platform (CWPP) module capabilties were evaluated.

Prisma Cloud provides security spanning multi-cloud environments. I have used the it for securing AWS, Azure, and Oracle Cloud environments.

Main Benefit: 

Increased visibility across multiple cloud platforms is the main benefit. Before implementing Prisma Cloud, cloud-native solutions were available, however they did not show all of the problems that were present. The main benefit of implementing Prisma Cloud was the increased visibility into cloud permissions of users, roles and their usage in AWS. Prisma Cloud enabled that visibility and enabled the teams to see misconfigurations that were present in the cloud environment and start addressing them.

In addition to the identity part, Prisma Cloud provided some foundational visibility into the cloud workload misconfigurations. While a lot of false positives were identified, after the initial alert triage, the result was a lot of valuable insights to various misconfigurations.

Threat Detection: 

In regards to threat detection, for the other client where I carried out the PoC, I have done some testing after onboarding the Cloud Workload Protection module. Malware samples, EICAR files were uploaded to the test environment, and Prisma Cloud detected all of it.

Compliance Monitoring:

During the PoC for one of the clients, I have used cloud compliance monitoring of Prisma Cloud CSPM as well as CWPP modules, and found some discrepancies between the two. Some built-in compliance frameworks are available for the CSPM module, however not available in CWPP module. Cloud compliance monitoring and reporting can be done, however, there were discrepancies on what built-in compliance policies and frameworks are available in different modules. Custom security and compliance policies can be created and were used extensively in the Financial Services customer's project.

Hybrid Environments:

In regards to hybrid environments, I have only used it for Kubernetes deployment during the PoC. Kubernetes can be hosted on-premises or used as a managed service offered by any of the major cloud providers. I suppose that covers the hybrid use case. I have not used agent-based installations on anything other than Azure Kubernetes Service (AKS). In my experience, this part is where Prisma Cloud stands out from the competitors. It demonstrated easy onboarding as well as comprehensive visualisation of Kubernetes workloads running on the cluster, vulnerability and malware detection capabilties.

Features That Require Client's Time Investment:

The initial "alert burndown", as Palo Alto Networks themselves call it. The alert triage and policy tuning phase where the security team goes in, reviews the initial findings, updates the policies and/or creates custom ones, and disables some of the policies that are not relevant so that internal teams are not overloaded. That has required a significant amount of time invested. For the Financial Services customer, Code Security module has also been deployed (Checkov integration into the CI/CD pipeline). It took a lot of time to tune Code Security policies, because it performs static analysis of Infrastructure as Code files. It can produce a lot of false positives, especially in cases where Terraform modules are used in the infrastructure code. 

CIEM module has provided most value for the Financial Services client, it identified the overly-permissive roles and users who can assume these roles. Without CIEM, these misconfigurations would have been difficult to spot.

Prisma Cloud is based on acquisitions, which is both a pro and con. Palo Alto Networks made it fast to the market, however, they are now catching up and trying to integrate their acquired solutions into the Prisma Cloud platform. 

Ability to See the Full Picture of Risk:

The main hurdle from user standpoint for me was the ability to see the full picture without effort. This was still true when I last used it in April 2024. A user has to switch between the modules to get different pieces of information. To see the CWPP data, you need to switch to that module. To see the code security part, you need to switch to the Code Security module. It is the same story with CSPM. At least two competitors of Prisma Cloud offer a better experience when it comes to visualisation of data. They show the full view of a risk (what Prisma Cloud claims to do, but does not do well). The good news - Prisma Cloud is catching up and has slightly improved over time.

The User Interface: 

I simply didn't like the first one, then they changed it and made it even worse. But that might be a matter of preference, not an actual negative. 

Ease of Building Custom Policies:

The RQL and APIs are poorly documented, which significantly complicates building of custom policies. There should be no expectation that someone without a clue on how cloud services are constructed can effectively write custom policies using any of CNAPP offerings available in the market, however, this is especially true for Prisma Cloud. When we compare Prisma Cloud with competitors, for sure, it is much more difficult to create custom policies because the APIs themselves are not that well documented. When discussing this topic with their Professional Services engineer who was assigned to the project, the person admitted that at times it is trial and error path to building custom policies. The JSON preview feature did help to improve it, but you still need to guess which API to pick to get what you want. 

With all that said, Prisma Cloud offers a powerful custom policy building engine, and when a skilled person works on it, they can do advanced queries, joining the results of different APIs for example and using them to futher build the custom policy.

Quality Control Issues:

During the year-long project while working on alert triage, I encountered a number of CIEM policies that were displaying odd results, which were reported to the Customer Success team and were addressed with an update. This was an indicator that these built-in policies have not been tested that much, since the issue that was identified was impacting all users.

I've used Prisma Cloud for over a year. 

I used it for two clients of mine. One client was in Financial Services sector, a bank, and that was where I prepared a solution integration design for Prisma Cloud and later on, supported the integration itself, including the alert review and handover of the operational tasks to the engineering team. For the bank, I started with integration planning (HLD, then LLD) and internal security review process in December 2022, implementation after three months, and finished the project in March 2024. It has been over a year overall of using the solution.

The second use case involved conducting a month-long Proof of Concept (PoC) for another client in the Engineering & Manufacturing sector, focusing on testing of Prisma Cloud CSPM,CIEM and CSWPP capabilities for Azure and Oracle cloud platforms.

It is stable in the sense of being available so that users can log in and use the solution. 

However, a colleague working on the same project in security engineering team has noticed some of Prisma Cloud behaviour using search functionality, which returned different set of results each time same, unmodified query was being executed. This could be a single example of such instability, but it was something odd to observe. This issue has been raised to Prisma Cloud support team, however, I am not aware of the outcome.

Scalability was perfect. We had no issues with it.

I would rate their support a five out of ten. The professional services engineer was excellent. The sales and technical account management team was excellent. The solution architect who supported us also was great. 

However, for the customer success part, we had to replace an engineer who was originally assigned to support us. In many cases, the customer success team struggled to answer questions which we already researched reading available documentation. Most of the time we got answers from the solution architects. After replacing the engineer who was originally assiged to us, the situation improved slightly, but I would still expect a more capable team supporting the product. My understanding was that the customer success team struggled getting the right information as well.

After we escalated some of the problems to the TAM, issues were resolved relatively quickly.

Neutral

Before using Prisma Cloud, I used Checkpoint's Dome9 (in 2020-2021), as well as Microsoft Defender for Cloud. Main reason of selecting Prisma Cloud was multi-cloud capabilities, high number of built-in policies and capability to build custom policies.

If you mainly use AWS, and also use Kubernetes - Prisma Cloud may be a really good option. If you use Azure and Oracle cloud - there might be better alternatives out there.

I would strongly recommend to test it in your own environment, by onboarding a few accounts in Test/Dev and try to work on the findings - this will give you a better understanding of the tool. If you plan enabling your dev team to work on it, involve them in the PoC/PoV testing and get their feedback  (this will likely show how much time security team will need to invest into supporting the dev team as well).

In my opinion, it is very straightforward. A few months back, I deployed Prisma Cloud and two other CNAPP tools in a PoC setting, and I can say that Prisma Cloud was the easiest one to onboard the cloud environments, as well the Kubernetes cluster using their provided Helm chart template. Despite my prior experience with Prisma Cloud, the onboarding documentation is well-written. A small exception can be made for SSO and SAML configuration, for which Prisma Cloud did not have public documentation article available,  however, the Customer Success team has provided an instruction document for the configuration.

The cloud environment onboarding duration depends on whether the person deploying it has all permissions on the cloud side. If all permissions are in available, you can deploy it within 15 minutes. It is so easy. If AWS Organizations are used, after onboarding Prisma Cloud sees all the accounts that are part of that Organization. Same applies for Azure when a Tenant Root Group is onboarded - all subscriptions that belong to it, as well as all resource groups and resources part of it are monitored automatically. Some results show up immediately, while all misconfigurations are visible the next day, because it takes time for the tool to ingest all the cloud wokrloads, build the inventory and produce findings.

If we talk about onboarding Kubernetes clusters, the time it takes depends on the client's environment. Onboarding a single cluster is a matte of minutes. Overall, it can take some time, but is really straightforward using the provided Helm chart template.

Maintenance of the Integration:

Any CNAPP solution requires maintenance. This is because new cloud services are being rolled out by the cloud providers. For a CNAPP solution to be able to read those new resources and their configurations, permissions on the cloud provider's side need to be added to the roles that the CNAPP solution is using. As time passes and new cloud services are rolled out, missing permissions show up in Prisma Cloud, indicating what needs to be updated on the cloud provider's side. 

The other item is the review of new built-in policies. These new policies may produce some false positives. From time to time, this needs to be reviewed by the security team. Some adjustments might be required there. 

Last big item is the new features of Prisma Cloud that are being introduced. If these new features are added and if a client is using a custom and granular RBAC model to access Prisma Cloud, these permissions need to be revised and updated so that users can access and use those new capabilities.

For overall integration I have been working as a consultant (external) for the Financial Services customer. In this project, we had Professional Services consultant provided by Palo Alto Networks as part of the contract, who supported custom policy development. However, most of custom policies were developed by external consultants who were hired for the task.

The project also had Customer Success team support who offered training sessions.

I would rate the Professional Services team very highly. However, the Customer Success team fell short of expectations, to the extent that we requested a replacement for our customer success engineer.

As a cloud security specialst, if I did not have such tool, I would write a bunch of scripts to query the cloud APIs and get the data that I need. Prisma Cloud does that for us. With that said, any CNAPP tool offers such capability.

We have not estimated the actual return on investment in terms of quantifying it. From a security standpoint, with help of Prisma Cloud we found a number of misconfigurations that were not detected previously, however it is difficult to quantify the ROI. We may have prevented a security breach with remediation of the findings, however, any accurate likelihood and impact estimation would also be challenging.

The pricing is on par with the competitors.

A few competitor solutions have been evaluated during the selection for the Financial Services client. However, the selection process was made by former security architects who from whom I took over the project for integration planning and implementation as they departed the client's organisation. 

For the other client, where I tested Prisma Cloud in a PoC in 2024 April on Azure and Oracle cloud use case, unfortunately, Prisma Cloud has not been chosen as CNAPP solution.

Pros:

I would recommend Prisma Cloud to those who are cloud-native. Specifically, Kubernetes is what Prisma Cloud does really well because they acquired Twistlock which was an excellent tool for the task. 

Another big point would be for those with many internal/custom security requirements. Despite the challenge of undocumented APIs, if you have a dedicated cloud security engineering team, they can take advantage of the RQL policies for cloud security posture management and compliance monitoring.

Cons:

If you want full visibility of risk, without needing to proactively look for issue, and need to switch between the contexts within Prisma Cloud, I may not recommend it. If visibility is your priority, there may be better alternatives out there. If the client is a small enterprise and wants to prioritize the tool being used by the developers, there are stronger competitors out there, as to my observation, Prisma Cloud is built for those with dedicated cloud security roles in mind who will spend the time tuning the tool and customising the policies.

Data Protection / GDPR concerns:

The main client where I used Prisma Cloud and worked on the integration is a bank in Europe, and they are very sensitive to data protection and GDPR, which has added some constraints to the whole integration. This would be true for any other CNAPP solution (deployed in a full SaaS mode, not using an "Outpost").

If the vendor is compromised and the permissions that it has in the client's cloud environment are compromised, this could lead to a security breach and this is a risk that must be understood and accepted when deploying a 3rd party CNAPP solution. This is true for all CNAPP vendors, not only Prisma Cloud.

AI Security:

I have not used Prisma Cloud for AI security. I know they have released some AI capabilities, however, I cannot comment on it.

We have a console set up in Prisma that scans all the cloud environments and collects data about platform, infrastructure, and app vulnerabilities.

We are responsible for app vulnerabilities, and 90 percent of the vulnerabilities were detected by other products before Prisma scans. Other scanners also do some of the same things. Prisma's ability to consolidate and identify the uniqueness of the vulnerability is a huge help. Based on the different scans, we can determine duplicate vulnerabilities.

Prisma provides visibility regardless of how complex or distributed my cloud environment becomes. It adds value, especially from the infrastructure and platform side. From an application perspective, there were many other challenges.

I wouldn't say we can protect everything with Prisma. It identifies the issue but doesn't resolve it. Protection is something else that we have to do in the cloud environment. 

We use Prisma to scan for vulnerabilities and place them in a centralized repository where they are assigned a severity. Based on that severity, App Runner will get time to fix it after something is already in production. 

One feature we like is the amount of data Prisma gives us. Some infrastructure and platform vulnerabilities in the cloud are hard to detect, and we were unaware of some of these. It's critical to shed light on these. For example, you create virtual machines and forget about them, but when you revisit them, some vulnerabilities may be detected. 

Prisma allows us to adopt a preventative approach. We can scan some containers before they go into cloud production. The only caveat is identifying the cloud environment in a production or non-production environment.

Prisma could improve the data quality. One challenge is that when an application is deployed on multiple virtual machines, we get an alert for each machine, but the biggest challenge is container flapping. When containers go up and down, we get 100 alerts on one day, but it reports 20 the next day. The numbers keep changing, and the app owners tell us, "You reported a hundred vulnerabilities from my app, and today, you report 20. I haven't made any changes in production, is your data correct or not?"

 Containers can go up and down, so it can't tell whether the container is down for good or if it was only down at the time of the scan. That's one of the biggest issues we had. The second is data deduplication because we get vulnerabilities from multiple sources through Prisma scans. A vulnerability is reported by Prisma scan and software composition analysis, SAS, DAST, or BLAST scans. You've got all these different scans reporting the same vulnerability. 

We have used Prisma Cloud for a year and a half.

Often, we don't get the data for a particular console because it's down. While we're working to fix the issue, we get the previous data and all the other stuff.

At my company, we have many resources, and I haven't had any issues with vulnerability. Prisma can scale vertically or horizontally very well.

I can't say whether Prisma has saved us money because that's not the goal. The objective of Prisma is to identify incidents inside the company. Reputation and data security are the two most important things to a financial institution. We spend money to prevent improper data usage or vulnerability exploitation. I don't know whether it can save money, but it protects our data.

I rate Prisma Cloud seven out of 10. It does do a lot of things, but the data reliability and other issues make our lives more difficult. It presents more challenges than just getting the data and porting over.

We specialize in all Palo Alto modules, including visibility, compliance, governance, threat detection, data security, and hub security. Our comprehensive suite of services covers all aspects of these modules. We leverage the SaaS security product for advanced threat detection, and for all-encompassing monitoring, we utilize Cortex XDR from Palo Alto.

Many customers store sensitive data in on-premises data centers and require robust security measures. Prisma Access licenses can protect internal networks, but some customers prefer avoiding internet exposure. To address this, we offer gateways that create a secure environment for internet access. With the rise of remote work, we provide VPN connections, such as GlobalProtect, for secure access to both internal and external resources. Customers can deploy multiple gateways in different regions to meet their needs. Traffic flow typically involves a VPN connection to a gateway, followed by routing through internal service connections and potentially a data center firewall before reaching the desired resource. For external access, traffic is routed directly to the internet through the VPN.

Prisma Cloud offers comprehensive security across multi and hybrid cloud environments. For instance, our ADEM tool, considered industry-leading, requires installation on user machines to enable continuous monitoring of all ADEM-equipped users. This includes detecting anomalous activity outside the corporate network and tracking user online time, providing valuable insights into network usage.

Security automation and EA Ops significantly reduce manual configuration and management tasks compared to previous methods, saving valuable time. Now, we only need to configure a few minor details rather than handling everything. For instance, with service connections and gateways, we don't have to manage multiple VPN gateways; Palo Alto is managed on the backend. Our primary responsibility will be monitoring after initial tunnel creation. We've preconfigured connections to on-premises firewalls, whether third-party or Palo Alto, eliminating manual configuration. Automation is in place, and we'll only need to purchase licenses. The autonomous system further enhances automation for all processes.

Intune security automation has significantly reduced our costs, making us more financially efficient making us more financially efficient. Automation is now highly valued as it eliminates the need for engineers to configure and manage systems manually. With AI-driven automation, we can effectively monitor configurations through a dashboard, providing a complete overview. This automation simplifies tasks like creating BGP connections, which previously required complex CLI commands. Prisma Access Palo Alto's GUI interface automates tenant creation with minimal input. Integrating Prisma MDM and Palo Alto device deployment further streamlines the process, reducing manual intervention. Overall, this automation saves money and frees up engineer resources by eliminating time-consuming configuration tasks.

Palo Alto Networks is a global leader in cybersecurity, providing top-tier protection to its customer base of over 90,000. Traditionally, customers relied on on-premise hardware firewalls, but the shift towards cloud-based solutions has driven a demand for more flexible and cost-effective security options. In response, Palo Alto Networks offers cloud security solutions that leverage its existing global device infrastructure. Customers only need to purchase licenses to activate cloud security features, tailoring protection to their specific needs for internal, external, or network environments. For customers seeking complete independence, Palo Alto Networks also provides interconnect licenses that eliminate the need for a service connection.

Customers do not directly purchase Palo Alto products or deploy them into production. Our professional engineers provide a lab environment for customers to test any desired Palo Alto services, from essential Prisma Access to advanced cybersecurity solutions like SaaS security and Cortex XDR. Once customers are satisfied with the lab environment, they can deploy the chosen products into production. If they encounter any issues during deployment or operation, the support team promptly addresses them.

I have resolved numerous customer issues, closing over 400 or 500 cases globally. While many cases can be resolved within a week, some complex issues may take up to a month. Palo Alto Networks aims to provide timely support for all customer issues, regardless of severity. When a customer encounters a VPN connection problem, they can create a case with varying priority levels. Critical cases are assigned to engineers immediately, with hourly updates provided to the customer. If the issue persists, the case is escalated to senior resources. Prisma, a relatively new platform, is constantly being monitored for bugs. Any issues identified are addressed promptly and communicated to customers. Our goal is to deliver exceptional support services.

Prisma Cloud offers complete visibility across our entire environment, from end users to the data center. We'll have full control and oversight within a single unified portal, eliminating the need to juggle multiple platforms as often required by other solutions. Prisma Cloud provides dedicated applications for various functions, such as SaaS security, threat and vulnerability management, cloud identity engine, and log analysis. These applications work seamlessly together, automatically connecting through APIs once deployed and licensed. For configuration management, the Strata Cloud Manager handles Prisma Access and Prisma SD-WAN. This centralized approach allows us to efficiently manage multiple aspects of our security infrastructure within a single platform.

Prisma Cloud offers SaaS security and data loss prevention as separate features requiring additional licensing. Both can be managed through a single portal. For threat prevention, they provide Cortex XDR, a recent cybersecurity offering from Palo Alto. When combined, we have a single tool to protect all of our cloud resources and applications.

Prisma Cloud helps reduce the number of runtime alerts. Users will only receive live alerts generated when Prisma detects an issue within the environment. For instance, if Prisma Access observes an attack, it will generate a live alert visible in the startup cloud manager's dashboard.

Prisma Cloud effectively reduces the overall number of alerts by prioritizing them into categories: critical, high, medium, low, and informational. Less critical warnings are consolidated into the informational category, minimizing alert fatigue. Critical alerts persist until resolved, and recurring issues can be configured to trigger email notifications for proactive monitoring, ensuring timely attention even when engineers are unavailable.

Prisma Cloud offers significant cost savings for customers. Previously, customers managed multiple firewalls, including internal and external devices. With Prisma Access, this complex management is eliminated, as Palo Alto handles firewall management. Customers configure and purchase a license to access gateways for end-user connections. This eliminates the need to purchase expensive individual firewalls, which can cost billions. While customers retain visibility through a provided portal to monitor traffic, the primary benefit is the streamlined management and cost reduction achieved through Prisma Cloud.

Visibility and control are valuable features. Customers desire complete oversight to monitor resource access, both internal and external, and verify user activity. ADEM, a purchasable license, enhances network visibility by tracking traffic patterns and identifying potential threats through a dashboard. Our Strata Cloud Manager platform unifies Prisma access and cloud management, while also accommodating next-generation firewall administration. The dashboard provides in-depth visibility into threats and vulnerabilities.

Prisma Cloud's most valuable feature is its user identification capabilities. By integrating with Active Directory or LDAP servers, it efficiently manages user access to cloud resources. Previously, determining user access required multiple hops through internal resources, consuming significant bandwidth. Prisma Cloud's Cloud Identity Engine directly connects to identity providers, streamlining user authentication and authorization. This improves performance and security by eliminating the need to constantly query Active Directory. Additionally, Prisma Cloud offers full visibility into network threats and vulnerabilities through a unified dashboard, reducing the need for multiple tools and licenses. This centralized approach enhances threat detection, response, and overall security posture.

The speed at which Palo Alto resolves bugs should be improved to prevent customers from experiencing issues while waiting for resolutions.

Palo Alto Prisma Cloud is relatively new, with only three years of history. While the documentation continually improves, it still has limitations compared to the extensive resources available for older products like hardware firewalls, which have been around for approximately 20 years. Despite these shortcomings, Prisma Cloud's documentation is growing, and knowledge base articles can be helpful for troubleshooting issues.

I have been using Prisma Cloud for two years.

The quality of technical support varies depending on the issue a customer faces. High-priority cases demand immediate attention and daily follow-up to prevent customer frustration. I have resolved hundreds of Palo Alto cases, including critical ones. These cases require engineers to provide half-hourly updates and expedite troubleshooting. A recent critical case involved a customer migrating Panorama configuration and experiencing Prisma Access account verification issues. The initial engineer engaged with Prisma Access but encountered licensing problems. I escalated the case, collaborating with licensing and engineering teams to resolve the API-related issue and restore service. While such cases are time-consuming due to limited resources, a global team of engineers can address troubleshooting needs.

Positive

The initial deployment was smooth due to excellent support from Palo Alto's professional services engineer. They provided a clear overview of our deployment needs, considering the customer's two branches and primarily remote workforce. We determined six VPN gateway connections were required, two in the US, India, and Europe, and two branch office connections. Palo Alto created a lab environment, presented the network topology, and demonstrated traffic flow. Additionally, they introduced the split tunneling feature, allowing specific traffic like Google search to bypass Prisma Access and access the internet directly. Overall, the top-tier engineers at Palo Alto delivered exceptional customer service and ensured a seamless implementation.

I would rate Prisma Cloud nine out of ten. I am deducting a point because of the limited documentation.

We are running multiple VMs on GCP and use Prisma Cloud to monitor the CICD pipeline for any issues. If there are issues, we raise tickets in Jira. 

Prisma Cloud keeps our servers secure in most cases. We get the most value from the alerts when we have security issues. The runtime protection is also a good thing. We're also exploring the possibility of automating the CICD pipeline. 

We realized the benefits immediately after we integrated or connected our account.  We used to get a lot of false positives, but we took steps to fix that. In most cases, we get help with that. It doesn't take much time to identify the problem.

Prisma covers the full development cycle and helps us a lot. We use it in the development phase and get a good value from it. We catch issues before the production stage.

Prisma Cloud's real-time detection and monitoring of our entire system is the most useful. We also value Prisma's runtime protection and security alerts.

We like Prisma's preventative approach to cloud security. It alerts us about security issues before they become a problem. If our cloud system has outages, our clients may switch to another competing platform. With the preventative approach, we can ensure our servers are always up. 

The UX part of Prisma's user interface could be simplified and the metrics tool should be highlighted more.

I have used Prisma Cloud for three months.

Prisma Cloud is stable. We haven't had any downtime, crashes or lag. 

Prisma Cloud is highly scalable. 

It was easy to deploy and integrate Prisma Cloud. We connected to our account and chose the platforms and environments we have. When we first deployed Prisma Cloud, we didn't know much about it, so it took 30 minutes to an hour. Deployment was a one-person job. It doesn't require any maintenance on our end because it's a cloud platform, so we just receive alerts. 

I rate Prisma Cloud 10 out of 10. The first thing a new user should do is check the documentation and the official YouTube videos. You can always contact their technical support if you have any issues. I don't think they will require technical support because the videos are useful and the documentation is also good. You can also easily integrate and see the reports on the UI. 

We use Prisma Cloud's CSPM and container modules to secure our workloads across multiple cloud platforms, including GCP, Azure, and AWS.

Prisma Cloud provides spanning for multi-cloud environments. We are using GCP, AWS, and Azure.

Security automation is beneficial. By hosting applications and containers in the cloud, we can implement policies to automatically detect and shut down unauthorized network access attempts, simultaneously alerting us to the potential threat.

The security automation has saved us around ten percent of our time.

Prisma Cloud has significantly enhanced our cloud security posture. When deploying applications to the cloud, prioritizing robust security is essential, especially within the complex Kubernetes environment. Prisma Cloud's comprehensive toolbox enables us to design and implement robust security systems, including RBAC. This unified platform allows for proactive security measures and rapid response to attacks, eliminating the need for multiple third-party tools. Its consolidated approach to scanning, monitoring, and traffic control proved highly effective during our previous engagement.

I quickly recognized the value of Prisma Cloud after reading about the effectiveness of its CSPM module in securing enterprise environments.

The software development lifecycle was previously handled as a separate task. I was involved in the build process, where developers frequently introduced security vulnerabilities that went unnoticed until Prisma Cloud was integrated into the system. The recognition of Prisma Cloud's value in addressing container security issues on the cloud became apparent. There was no integration between the SDLC scanning, building, deploying, and running and deploying systems. However, a process was being developed to enable full end-to-end monitoring by the development and security teams, including the desktop team, to identify security issues before applications reached the cloud. Prisma Cloud continues to monitor for vulnerabilities and security breaches even after deployment to the cloud.

Prisma Cloud provides visibility and management, allowing us to understand and control our environment. When we identify potential issues, we notify our superiors, who can take further action, such as removing a container. Due to our limited privileges, our role is primarily to report anomalies. Prisma Cloud offers valuable insight into what's happening in our environment, not just in terms of visibility but also in terms of access control. It's a reliable tool that has proven helpful in our work.

Prisma Cloud reduces our costs by consolidating multiple third-party tools into a single platform, eliminating the need for separate contracts with various vendors.

Prisma Cloud significantly reduced runtime alerts.

Prisma Cloud's most valuable asset is its ability to provide detailed visibility into container activity. It offers insights into application networking, container behavior, potential issues, and immediate remediation suggestions.

The training documentation provided for the two-hour boot camps is notoriously poor and disorganized. It might be beneficial to restructure the documentation into a step-by-step format that is more straightforward for beginners to follow.

I have been using Prisma Cloud by Palo Alto Networks for one year.

Prisma Cloud is a stable solution.

Prisma Cloud is designed to be highly scalable due to its cloud-based architecture.

The technical support was good.

Neutral

Some aspects of the deployment were straightforward, while others presented challenges due to the complexity of engineering. The entire process took between one and two months to complete.

Prisma Cloud is a high-end enterprise solution, making it quite expensive. As I am based in Nigeria, I have limited knowledge of its usage here, as it appears to be more widely adopted in North America and Europe.

I would rate Prisma Cloud by Palo Alto Networks eight out of ten. It's a complex, dynamic world with countless security challenges arising daily, and Prisma Cloud is a valuable tool for addressing many of them. While not an omnipotent solution, Prisma Cloud effectively tackles numerous security issues. However, as the threat landscape evolves, we must continually reassess and adapt our security strategies. Despite these challenges, Prisma Cloud remains an excellent tool for now.

Prisma Cloud was deployed in around 15 locations.

I suggest conducting a proof of concept in the desired deployment location for Prisma Cloud. Given that cost is a primary concern, I recommend discussing the matter with a Prisma Cloud solution architect before proceeding to the next stage.