Our environment consisted of a cloud-native stack, including Kubernetes, OpenStack, and OpenShift, running alongside additional virtualizations. This hybrid setup required securing both the cloud-native components and the virtualized instances. To address this challenge, we implemented a comprehensive CI/CD pipeline with cloud security in mind. Following vendor code pushes to our environment, we use rigorous scanning and verification procedures to ensure the code's safety before onboarding. Once onboarded, Prisma Cloud provides continuous posture management and security monitoring.

Our current Prisma Cloud deployment utilizes the Registry Scan, Runtime Protection, CI/CD Integration, and Vulnerability Management modules. While we have opted for the Complete Edition, it does not include Posture Management, a feature frequently inquired about by our customers. Currently, Posture Management is only available in the SaaS model, and we are utilizing the on-premise edition, also known as the Complete Version.

We are a system integrator for the telecom sector.

Clients utilizing cloud-native environments often face challenges in scanning and securing their containerized solutions and clusters. Prisma Cloud offers a comprehensive solution, providing end-to-end protection for these clients. 

Prisma Cloud is a crucial component of our clients' security, particularly for their billing environments.

It offers comprehensive security across multi-cloud and hybrid cloud environments. This is particularly valuable for hybrid environments because it unifies all security needs under one platform, simplifying management and providing a more consistent approach.

It helps us take a preventative approach to cloud security. It is a comprehensive solution with a lot of features.

We have improved our clients' organizations by offering unified monitoring that directly connects their SIEM, SOAR, EDR, and XDR within their environment. The benefits are usually seen within six to eight months.

The Prisma Cloud SaaS version's comprehensiveness secures the entire cloud-native development life cycle.

Prisma Cloud delivers comprehensive visibility and control over our client's cloud environment, regardless of complexity or distribution. It provides a complete map of the environment, visualizing traffic flow for enhanced understanding.

The touchpoints in the DevOps process are seamless. We can integrate them with our registry and the CD platform, so there are no challenges during automation.

Integrating with a CI/CD pipeline and incorporating a vulnerability assessment process are highly effective features, especially when combined with runtime protection. This synergy provides a comprehensive view of how our application is performing while it's running, which is immensely valuable.

Prisma Cloud's Complete edition is not a complete suit. Only the SaaS version includes posture management and IDE integration.

The visibility on the SIEM needs to be streamlined so we can get the data without any issues. 

I have been using Prisma Cloud by Palo Alto Networks for two years.

Prisma Cloud is stable.

Prisma Cloud scales well. In addition to our main site, we recently added Prisma Cloud to our disaster recovery site.

We acquired the services of their technical support several times which was helpful.

Positive

I have experience with Trend Micro Cloud One as well. The pricing is what differentiates Trend Micro Cloud One from Prisma Cloud. 

Initially, we deployed Prisma Cloud quickly, focusing solely on the containerized environment. The remaining deployment across the entire environment took two months to complete. From the solution's perspective, the deployment is straightforward. Some customers have complex environments but that has nothing to do with the solution itself.

Three people were required for the deployment.

Prisma Cloud licensing works on credits.

I would rate Prisma Cloud by Palo Alto Networks a seven out of ten.

Maintaining Prisma Cloud is generally straightforward.

We have Prisma Cloud deployed in a single department used for the billing system in our hybrid cloud environment. We have eight users.

While Prisma Cloud Complete offers runtime protection, organizations seeking a comprehensive cloud security solution should implement Prisma Cloud SaaS. 

I primarily use the solution for vulnerability management, compliance management, and sometimes defense and access control. It has a sandbox. We can scan and manage CI pipeline security. 

The cloud solution as one platform can provide us with a lot of features and cover most of what customers care about. 

I have some clients that are moving from computing to a container environment. For cloud sets, customers need to increase the power of security over the DevOps environment. It doesn't create any bottlenecks when launching new products. From a business perspective, it's very helpful and supportive. It expedites go-to-market.

The runtime defense and API security are very good. It offers very good application security.

It's very comprehensive. It can cover the full cloud-native stack. There is a wide range of integrations, and the compatibility with various cloud providers is very useful.

It's perfect in terms of the security automation. We can do everything from the portal and choose a variety of policies. It can cover medium to large customers. 

We can take a preventative approach to cloud security. It's helpful.

They are constantly updating and adding new features and offering support for each of the updates. 

It is very comprehensive. It covers all aspects of the customer's cloud.

It provides good visibility and control regardless of the complexity. 

We can integrate into CI/CD pipelines. It's very efficient. They can integrate with whatever CI tools the customer uses, including Windows, Linux, and so forth. 

Modules can be added to cover additional items from the customer's side.

It reduced runtime alerts. We've saved more than 50% to 60% of our time.

We've reduced alert investigation times. With any incident that happens, we can do an investigation and correlate and normalize the incident quickly. We've saved more than 70% of the time typically taken.

They could improve more features for the enterprise version of the solution. They need to also have more features for on-premises versions for companies that cannot access the cloud version. 

I've been using the solution for around two years. 

The solution is stable. I'd rate the solution eight out of ten. 

We use the solution for one location. 

It's a scalable solution. I'd rate it nine out of ten. 

I was not involved in the deployment of the solution. 

There is maintenance, however, it is very minor. You just need one to two people to manage it. 

The ROI users get from the tool is very high. 

The pricing is a little bit high. It is not a cheap product. 

I'm a partner and reseller.

I'd rate the solution nine out of ten. 

I'd recommend the solution to others. The cloud-based version is very good. Users can rely on the product.

We use it to manage multiple AWS accounts within our platform. Our primary focus is on ensuring compliance across all accounts, aligning with specific standards such as GDPR. We conduct regular certifications of AWS accounts to assess the compliance of services and promptly address any non-compliance issues. In cases where services are found to be non-compliant, we notify the responsible teams and work collaboratively to remediate the identified alerts. In addition to code security, we also use Prisma Cloud to protect our workloads, including serverless functions and containers. This comprehensive approach ensures a robust security posture for our cloud infrastructure and applications.

It serves as a comprehensive solution for both proactive vulnerability management and reactive runtime threat detection.

We manage this tool through a designated management account, handling all configurations within a limited account. At times, we find it necessary to customize scripts, such as when we encounter challenges with integrating Splunk. In this instance, the events are not being formatted as desired. To address this, we aim to create a script and Lambda functions to ensure the events are in the preferred format. It enhances our ability to respond effectively, allowing us to prioritize and focus on resolving any real or potential issues impacting system performance.

It offers security scanning capabilities for multi and hybrid-cloud environments. Currently, we support two clients, each with multiple sub-clients. Within these clients, we manage two DNS instances—one in the US region and the other in the UK region.

The comprehensiveness of the security features in Prisma Cloud is highly commendable. Occasionally, like any product, we encounter issues, and during such instances, we receive prompt and quality support from AWS. The collaborative nature of addressing and resolving issues enhances the overall convenience and effectiveness of using Prisma Cloud for our cloud production environment.

To proactively address cloud security, this tool has been instrumental. We've designed it as an offering for our sales department, enhancing our ability to cater to customer needs. Currently, our focus is primarily on container security, encompassing AWS, GCP, and Azure. This tool effectively identifies and manages vulnerabilities and compliance issues related to containers.

It offers the visibility and control we require, adapting seamlessly to the complexity and distribution of our cloud environment. With the Access Controller system, we can define multiple roles, granting specific access to workload environments, vulnerabilities, and compliance information. Leveraging these features, we efficiently manage access across our teams. This includes utilizing group connections to organize and simplify access, reducing the complexity associated with console and account access in our cloud environment.

It provided a strong confidence in the overall security and compliance posture of our workload.

It has empowered us to seamlessly integrate security into our CI/CD pipeline and align it with existing DevOps processes. Within our Jenkins pipeline, we leverage Checkmarx integration to conduct scans on our code repositories and jobs running through the pipeline. The introduction of numerous features with Prisma Cloud has significantly enhanced our security measures. While we haven't fully explored these features in the US region, as they are still in progress, we look forward to utilizing them once they go live in our pipeline.

It provides clear insights into runtime risks throughout the entire pipeline, presenting issues as they are uncovered during the build phase. This dual functionality includes both fixing and addressing runtime concerns. Within our categorized runtime alerts, we receive numerous notifications, acknowledging that some may be false positives. However, this abundance of alerts serves as a proactive measure to identify and investigate any suspicious activities occurring at runtime. We analyze each alert to determine its relevance and, if necessary, proceed with incident response actions. It ensures that legitimate issues are addressed promptly, while also minimizing the risk of overlooking potential threats.

To minimize runtime alerts, we have the flexibility to create custom rules, allowing us to bypass specific alerts that we are confident are expected and should not appear in our console. This customization is crucial for maintaining a streamlined team environment and ensuring our business operations are not unnecessarily disrupted.

It has significantly reduced the time spent on alert investigations, thanks to its built-in investigate feature. It allows us to efficiently query only the relevant alerts, enabling us to filter based on our release criteria. This streamlined approach has resulted in a notable reduction of about twenty to thirty percent in investigation times.

I find the code security feature in Prisma Cloud particularly valuable. It provides insights into potential vulnerabilities in our code, helping us identify and rectify issues before they can be exploited. Additionally, the emphasis on container security is notable, making it a key focal point within Prisma Cloud.

The security automation capabilities of the solution are quite effective. With numerous automated features, such as investigation acquisition, we can utilize queries to analyze our environment and review past activities. The overall automated functionality is impressive—we no longer need to create templates from scratch, as they are already available. It streamlines our processes, making it a notable and beneficial aspect of the product, particularly when a substantial portion of tasks are automated.

The solution's comprehensiveness in securing cloud-native development throughout the entire lifecycle—from build and deploy to run—is noteworthy. Specifically, we leverage the core security features, integrating them with Checkbox, a tool mandated by Prisma Cloud. The integration facilitates Software Composition Analysis scans and checks for license violations.

The standout feature of this tool is its ability to consolidate all the features we typically access from various sources, including AWS. While AWS and other services may require the use of multiple tools, Prisma Cloud excels by offering a comprehensive solution within a single dashboard. This unified approach addresses all our requirements, making it the most advantageous aspect of this tool.

While the code security feature has undergone recent enhancements, there is room for improvement in terms of its cost module. Presently, the pricing structure poses a challenge in convincing our customers to adopt this tool, especially since code security is a critical area of interest for many.

At times, we find certain features missing. In these instances, we engage with our support team, requesting them to submit feature requests on our behalf. Our clients have expressed a need for scanning application vulnerabilities on Windows servers, a feature currently available only for Linux.

We have been working with it for two years.

It provides excellent stability capabilities. I would rate it nine out of ten.

Scalability is a strong aspect; we have never experienced issues with it. It consistently remains highly available. Our clients are large enterprises.

Support is not just good; it's excellent. I find their assistance highly commendable, and I would rate it nine out of ten.

Positive

We previously relied on RapidFile and another tool for vulnerability detection, including analyzing subscription behavior. However, since adopting Prisma Cloud, with its advanced intelligence and machine learning capabilities, we've experienced a significant improvement. It not only efficiently detects vulnerabilities but also provides deep insights into our environment. This proactive understanding of our environment, including its nature, vulnerabilities, and potential threats, has proven to be a valuable aspect of using Prisma Cloud.

We previously used Qualys, a tool known for its diverse features. While Qualys encompassed various functionalities, including container security, I noticed a discrepancy in the vulnerabilities detected by Prisma compared to Qualys. Although Prisma exhibited robust features, there were instances where certain vulnerabilities highlighted by Qualys were not identified by Prisma.

The initial setup was a straightforward process. The team was efficient, accommodating our requests and providing a trial without any cost. The entire process, from requesting the trial to obtaining our tenant, was completed smoothly within a month.

We have a team of around six people in charge of the deployment process. Maintenance is essential. Occasionally, we observe issues with the UI, usually scheduled during weekends. Notifications are provided about the main areas affected, and the tool is temporarily unavailable during this period. Following the maintenance, the tool resumes normal operation.

I find the pricing to be expensive. I would rate it eight out of ten.

I highly recommend this solution, and I suggest anyone interested in it to explore a trial first. Once they see the benefits, they can proceed with full implementation. It enables you to consolidate everything under one control, making it a definite recommendation from my side. Overall, I would rate it nine out of ten.

We utilize the entire Prisma Cloud suite for container security, API security, and CASB. Our primary focus is on the financial services industry, including banking and insurance.

We implemented Prisma Cloud mostly for compliance to protect against vulnerabilities and weaknesses.

Prisma Cloud's compliance is extremely important to our customers.

Prisma Cloud offers comprehensive security across multi-cloud environments. This is crucial due to the increasing trend of cloud adoption and digital migration. However, some clients still maintain a hybrid footprint across various platforms like Azure, AWS, and Google Cloud. To address this, Prisma Cloud's technology extends to secure hybrid environments effectively. Its coverage goes beyond traditional one-size-fits-all solutions and encompasses both public and private cloud infrastructures.

It offers approximately 80 percent coverage for securing the entire cloud-native stack. While they boast a robust "shift left" component through their API, other products in this space are equally competitive. However, if seeking a single solution that addresses the majority of our needs, Prisma Cloud presents a strong option, especially considering the diverse technologies within our cloud footprint. Additionally, if we choose to standardize Palo Alto across our entire infrastructure, Prisma Cloud integrates seamlessly with other modules within their ecosystem. While not claiming to be the best-of-breed solution in every aspect, Prisma Cloud consistently ranks highly in Gartner reports for most of its functionalities, providing a solid foundation for technology consolidation.

It is a leading full automation product. Their SOAR technologies offer a vast array of integrations, all well-designed and ready to use out of the box. This suggests their overall automation capabilities are indeed top-notch.

Prisma Cloud excels in its field. I believe their solution covers detection and prevention in a world-leading manner. They largely deliver on their promises, demonstrating reliable performance. Additionally, they offer excellent support resources, including comprehensive online documentation, training programs, and a robust learning management system. Their onboarding and development programs are also commendable, providing users with the resources and support they need to succeed.

Our customers' organizations are enhanced because Prisma Cloud improves their compliance posture, particularly for those with SOC teams. It provides valuable insights and seamless integration, offering peace of mind that all security bases are covered.

Although the benefits of Prisma Cloud can be observed within three to six months after deployment, this timeframe may be extended for mature clients who prioritize rapid deployment. It is during the post-deployment phase, which typically lasts three to six months, that the full range of benefits becomes apparent.

Prisma Cloud does a good enough job of consolidating technology for our customers.

It integrates seamlessly with other Palo Alto products and provides one tool to protect all cloud resources.

Prisma Cloud helps provide clarity across our entire pipeline.

Prisma Cloud helps reduce runtime alerts by 50 percent and reduces investigation time for our customers by 40 to 50 percent. There is much less lifting for the operations team.  

The two most valuable features are container security and the capability to discover workloads. Many organizations struggle to track workloads that spin up and down frequently. This solution enables real-time evaluation and scanning of workloads as they come online and shut down.

The regional cost of Prisma Cloud in South Africa is high and could be improved. Since it is marketed based on a dollar base, it is primarily an enterprise product and may not be affordable for smaller organizations.

As a software development company looking to secure our cloud-hosted APIs before publishing them, we believe that Palo Alto might overstate its capabilities. We have identified competitive products in the market that offer better protection throughout the software development lifecycle. From a developer's perspective, especially for organizations like banks developing their applications, ensuring API security before deploying them to the cloud is crucial. While Palo Alto claims to excel in this area, we believe that other specialized products may offer a more comprehensive solution.

I have been using Prisma Cloud by Palo Alto Networks for three years.

Prisma Cloud has excellent stability. From a product perspective, they strive to stay ahead of the curve regarding vulnerabilities and other issues. I receive regular email updates, approximately four times a week, informing me of any discovered vulnerabilities. Additionally, they provide articles on new releases or micro releases for patching these vulnerabilities.

I would rate the scalability of Prisma Cloud nine out of ten.

The technical support team has a well-developed portal with consistently updated online documentation. The forum articles are also well-maintained and provide a massive footprint of information. Additionally, the testing forum exhibits a high level of activity, further demonstrating the abundance of available resources.

Positive

While the product itself is not complex, its implementation can be challenging due to factors such as the customer's existing environment, security posture, and understanding of their network and ecosystem. This lack of awareness can lead to unforeseen complexities during the scoping and planning stages. However, a more mature client who is well-versed in their environment will typically experience a smoother deployment.

The deployment time varies depending on the organization's size, but it typically takes one to three months from planning to launch. While further optimization is still required after launch, the initial setup is relatively quick.

We have a well-defined philosophy that is not complex. The first phase is the planning and design stage, where we uncover all the requirements and details of the project landscape. From there, we develop a comprehensive scope of work that includes the project architecture, deployment strategy, roles and responsibilities, and a risk assessment. The client then enters the site preparation phase, where they address any necessary repairs to their infrastructure. We then conduct a site readiness assessment to ensure that everything is prepared for deployment. The fourth step is the deployment phase, which we implement in phases depending on the specific project. We typically deploy, conduct a testing cycle, and obtain sign-off. In some cases, depending on the environment, a pilot phase may be necessary. After a successful pilot, the project goes to full deployment, followed by final testing and documentation. We also offer online training to the client during the deployment phase. Additionally, we provide ongoing knowledge transfer throughout the project and beyond. Finally, we close out the project with comprehensive documentation.

Our typical deployment team includes a subject matter expert or architect, a senior engineer, and a project manager. The subject matter expert or architect may be a cloud engineer or a network engineer, depending on the specific project requirements.

We are encountering some resistance in the African market regarding the cost of Prisma Cloud. The lack of a regional pricing model contributes to this concern, and we believe the current cost is slightly too high for the market.

It depends on our reseller or preferred solution provider. The deployment and support costs are also factors to consider. Additionally, they offer professional services for the SKUs we purchase, which includes assistance with planning, design, technology onboarding, and scoping. So, the cost goes beyond just the license fee. Typically, the additional cost for professional services to help with implementation ranges from 15 to 20 percent of the license cost.

Prisma Cloud by Palo Alto Networks earns a solid eight out of ten from me. The licensing models are well-designed and the technology scales effectively. While the pricing makes it an enterprise-level solution, its capabilities are technically suitable for organizations of all sizes. However, the high cost may not be financially justifiable for small businesses. Despite this, the product's technical capabilities allow it to seamlessly scale down to cater to small footprints while remaining robust enough for large enterprises.

We find that some of our customers may stick some technologies together to build their confidence as a compromise.

Our customer environments vary from 500 users and a couple of hundred workloads to 32,000 users and 2,000 workloads across multiple clouds. We typically run Prisma Cloud at an enterprise scale because of the affordability.

There are two types of support: operational and product. Product support is dependent on the supplies provided by our license. However, we also offer solution support, which sometimes involves interpreting reports and explaining what customers see. The amount of maintenance required depends on the customer's maturity, but it generally only takes a couple of hours per week. Two cybersecurity engineers are required for maintenance.

In our region, we have seen some management changes, and we find that the pricing remains extremely high and aggressive. Specifically in South Africa, Check Point has lost significant market share to Palo Alto. However, this rapid growth phase is now decelerating. The market in South Africa is limited in size, encompassing only a finite number of banks, insurance companies, and large enterprises. Many of these players have already switched to Palo Alto, leaving fewer attractive targets for Check Point. This decreased market potential will likely force Palo Alto to re-evaluate its pricing models. From a business perspective, there is often a pressure to continually outperform the previous year. This, combined with the high operating costs associated with their teams, has arguably led to a level of greed within the company, driving the pursuit of ever-increasing profits. However, the limited market size in South Africa poses a challenge to this approach. While Palo Alto enjoyed easy market penetration and rapid growth over the past four to five years, the landscape is now changing. Their previous strategies are becoming less effective, forcing them to adapt and evolve their approach to gain a foothold.

I recommend confidently reviewing Prisma Cloud, understanding your environment, and ensuring it is properly configured. Additionally, budget allocation should be confirmed.

We use the compliance and vulnerability management modules. We are a bank and have certain controls in place. My business unit is cloud-only, and we need to enforce controls, and for audit purposes, we need to collect evidence of control enforcement. We have a number of controls around cloud resources. We configure Prisma to enforce those controls pretty automatically. Prisma generates evidence of the controls that we can present to auditors when we are audited. If we didn't solve this problem, we could lose our license.

It's hard for me to say how Prisma has improved our organization because it was implemented before I joined. But given the number of security controls that have been automated with Prisma, we have managed to achieve a fair amount of manual cost reduction for our control testers. And the automation and integration capabilities of Prisma have allowed us to save a lot of engineer time on evidence. Without Prisma, we would have to do all these things manually. Overall, it results in a huge FTE reduction.

With the number of controls that need to be tested, we would be talking about a team of around 100 people. With the Australian salaries, Prisma is probably saving us $1,000,000 to $2,000,000 a year.

The framework to configure controls is pretty good; it's pretty sophisticated. We can implement a fair amount of testing for a fair number of controls.

It's vulnerability management is quite good, and its integration functionality is something that we have found to be pretty capable.

We also use Twistlock for container security, which is good.

And Prisma Cloud's security automation capabilities are quite good. We use the periodic scanners, and we feed Prisma filings into our control evidence management system. They tick all the boxes for us.

One thing that is missing is Cloud Run runtime security—serverless. That would be great to have in the tool. It's not that easy to have Cloud Run in specific environments.

We have also found that Google Security Command Center has a little bit better coverage for GCP because it's native. That's why we pay for both tools. But ideally, we should only need one tool. Prisma Cloud's coverage of GCP is okay, but a little better coverage would be better.

Our cloud environment is complex, and Prisma doesn't cover all aspects of it. We don't rely on Prisma for any kind of security discovery. We just rely on it as a control-test and automation tool.

We get a few alerts in Prisma, and it allows us to trace any violations back to the source. It's a pretty straightforward interface.

Another thing that we have found useful with Prisma is its Jira integration. When our integration finds a new alert, it creates a ticket in Jira, so it's fully visible and tracked, appearing in all the dashboards.

I joined this branch of the bank six months ago, and Prisma is my portfolio now.

It's stable enough. I can't remember any outages of Prisma Cloud.

It's a SaaS service and is licensed both for our team and for the enterprise. On our side, there are 1,000-plus user licenses. We have five or six integration points, so in that regard, it's not humongous.

We are growing extremely quickly, and Prisma Cloud provides all the required services without any need for us to do anything to scale. It's pretty elastic. We'll probably grow by 10 times in the next couple of years. So far, I don't have any doubts that Prisma will support us.

I've never dealt with their technical support. Prisma Cloud just works.

Our bank itself is huge and uses all sorts of solutions. My business unit is quite young, it's only three years old, and I don't think there were any solutions in this space.

Deploying it was pretty straightforward compared to other tools. We implemented a fair number of compliance rules pretty quickly. I recently participated in some integration activities, and integration-wise, it was very straightforward.

As for maintenance on our side, there really isn't any. We periodically need to review the controls being tested and the control automation, to make sure that they're aligned with changes in the controls. Other than that, it's pretty maintenance-free.

We have managed to save a fair amount of money and effort in hiring manual testers. That's what automation does for us.

I wouldn't mind if it were cheaper. We are spending a fair amount of money on Prisma Cloud. It's probably okay, but, funnily enough, banks don't have money. Periodically, we have cycles of cost-cutting, so if we could save on Prisma Cloud, that would be great.

We don't use Prisma for build and deploy, we use another set of tools. Right now, we are doing our internal due diligence to figure out if we can replace all of those with a single tool, whether it's Prisma or any other tool. We don't know at the moment.

It's very hard to attribute any kind of runtime alert reduction to Prisma Cloud as we use a whole zoo of tools. Prisma is just one piece of the puzzle. We don't have too many runtime alerts thanks to the joint work between our build tools, deployment prevention security tools, and Prisma.

While it's a good tool, you need to be mindful of serverless because serverless runtime security is tricky and, unfortunately, Prisma doesn't do too much there. Other than that, it's a good tool.

We primarily use the solution to ensure coverage of compliance. It's also used for security. It covers my workload, infrastructure, and applications.

It's improved the organization by providing vulnerability assessments. Having those assessment capabilities helps us assess the security vulnerabilities in cloud environments. Automation also helps us identify and remediate security weaknesses.

We have been using the solution to improve out posture management and network security, as well as identity security. This is important for us as these are the main pillars of our enterprise. It's ensuring everything we do remains seamless.

The product provides very good network security.

The support has been very prompt.

It provides security across multi-cloud and hybrid environments. The offering is very comprehensive. I'm able to have a strong security posture and it helps me take care of and protect my workloads. The network security is strong. It gives me complete traceability.

The automation depends on the technological stack, however, it helps with identifying vulnerabilities. If there is a violation happening, I can see it - plus it helps put in preventative measures. It helps me to identify issues in cloud deployments and also gives a prioritized list to help me maintain my operational efficiency. I can scan and assess weaknesses and have continuous monitoring and fixing with automation of remediation. We were able to realize benefits on day one using Prisma since we were able to see results immediately in terms of operational efficiency.

Prisma offers robust security features and seamless integration with AWS. It has complete capabilities, so I don't have to run my automated cloud resources while ensuring a proxy approach to cloud security.

The agent provides us with more security options. We can also easily integrate seamlessly with our CI/CD pipeline. It's simple. It's plug-and-play.  

Prisma offers a single tool to protect all of our cloud resources and applications without having to manage and reconcile security and compliance reports. It's complete. We have everything under one single entity while fulfilling our compliance needs. 

The solution provides risk clarity at runtime and across the entire pipeline, showing you issues as they are discovered. It can block according to our complex requirements.

With the increased operational efficiency, I am facing less downtime. It's reduced runtime alerts by two to three hours. It's also reduced alert investigation time. 

We've been able to save money. We're getting a good return on investment. We're saving about 20 hours of work a week.

It would be ideal if they could somehow reduce the deployment time. It also required a skilled person to implement. 

I've been using the solution for three years.

We've had no issues with the stability. 

We only use the solution in one location. About 400 people use it right now. 

We haven't had any issues with scaling. 

Support is prompt. We are pleased with the level of service. 

Positive

We did not use a different solution. 

It takes a while to deploy. It took us a week to deploy the solution.

Our goal was to ensure the minimum amount of downtime during the process. Two people were involved in the setup process. 

Maintenance is required on a monthly basis.

We had a consultant help us with the implementation.

We have witnessed an ROI with work savings of about 20 hours. 

I'm not sure of the exact cost of the solution. 

We have looked at other options on the market. We did look at Microsoft Defender and Sentinel One. They both lacked the features we needed. 

We're Prisma Cloud customers. 

I'd rate the solution eight out of ten. 

It's a very good product if you look at the market right now. It offers all types of features, including cloud security, workflow protection, etc. It's all bundled together for convenience. 

We have deployed Prisma Cloud for one of our client premises. And we are managing it internally. Although we do have support and other stuff for this solution, it has two kinds of modes. One is the detect and protect mode, and one is only for the monitoring purpose. There's different licensing. If you need protection from Prisma Cloud, then you will purchase a firewall kind of module with that. Otherwise, by default, it comes in monitoring mode.

It's deployed on all VMs and workloads. With the Prisma Cloud, you can have it on a cloud server or you can deploy it as a stand-alone. That said, the container should be persistent. Otherwise, if you restart the container, you will lose your configuration and everything.

We were doing a deployment for a telecom client, and they have two different application pipelines. One was based in India with the Oracle team. They were developing their own application, so we have also incurred it to the Prisma Cloud in their CI/CD pipeline.

The second use case was to monitor the OpenShift environment. The solution was basically bare metal. Then on top of that, there was OpenStack. It's an on-prem cloud service. We have deployed the Prisma Cloud solution, so it was on top of an open stack.

If there is a large infrastructure involved, you need to run continuous vulnerability assessments. You also need comprehensive reports and complete inventory details. Doing everything manually would cost a lot of human resources. And it can take a long time. This helps automate and control vulnerability scanning that's continuous. It also helps with compliance. If I have to scan something monthly or quarterly, I can do it, and it will run. What Prisma Cloud actually does is that it keeps on doing this activity for you without any required request from the operator side. Its agents are deployed on the infrastructure, on all the components, on all the applications, on all the operating system images, VMs, or the old private cloud environment or your work on nodes. If you spread your agents all over your infrastructure, it'll keep scanning and reporting, and you can see everything from your dashboard. 

We have integrated OpenStack, OpenShift, RH, et cetera. You don't need to integrate every individual part; you only need to integrate the worker node. And once you deploy it on the worker node, all the parts running on that worker node.

Prisma gives you full-fledged posture management. You get detailed insights into all your modules, how they are communicating, and on which ports they are communicating. If there is any unknown port or unknown address, et cetera,  Prisma Cloud can show you the configuration, and the ports. That way, as an architect or product manager, you know through your documentation which application should be communicating on which ports. If there is any deviation from that documentation, Prisma Cloud can see that, and you can get the details for that. 

With respect to virtual protection, it tells you which image, VM, physical server, worker node, or port has what kind of vulnerability. It gives you everything in real time. 

Monitoring mode is great if a company wants to know every single vulnerability and loophole in its infrastructure. It gives you a complete inventory list of VMs and devices within your infrastructure from the dashboard. You can add new policies or elements easily. You just integrate it within Prisma Cloud. That way your inventory automatically gets updated. 

Real-time continuous vulnerability assessment and reporting are key features. It's critical to most large-scale enterprises.

Prisma Cloud provides security scanning for multi and hybrid cloud environments. Sometimes, if we, for example, have some infrastructure on a public cloud, like AWS, then you need to monitor them continuously and you will require the inspector module of AWS. The inspector module is initially free of charge. And after two weeks, they'll start charging you. However, you can just put the credentials or access keys for AWS within the Prisma Cloud and assign the agent to that. It will start monitoring your cloud infrastructure as well with less overhead.

Prisma Cloud provides the needed visibility and control regardless of how complex and distributed the cloud environments become. What you do is you need to open the communication matrix. That communication matrix is the baseline or the product for the Prisma agent or CLIs, to communicate with the Prisma Cloud and share its findings directly. Whatever the agent finds on its local host, it will respond and share it with the Prisma Cloud. 

Prisma Cloud has two types of interfaces. One is towards the Internet to the main Palo Alto cloud environment. The second interface is towards the infrastructure or architecture. Most of the time, the operators focus on the corporate side since their responsibilities are related to that scope. The other side should be automatically updated, similar to how Microsoft. They simply tell you updates have been downloaded and installed, and you need to restart your system. The update processes are transparent. There is nothing manual to worry about.
There are a lot of compliance rules that you can configure. If the product manager knows that there's a new compliance rule, they ensure that the new compliance rule is compatible with their product. Compliance is not an issue, however, rules should be configured. It's just like any other compliance activity. 

Prisma Cloud enabled our customers to integrate security into their CI/CD pipeline. Our client was developing a large-scale application for billing purposes. And Oracle India was involved in that, and there was a DevOps pipeline. We have integrated the Prisma routes to the CLI within their pipeline; it was being handled through Prisma Cloud automatically within different DevOps gateways. It's seamless. Once you integrate it, then it's part of the pipeline, and it's being done automatically just like any other pipeline gate.

Having a single tool to monitor cloud sources has had a positive impact on our customers. Tasks that were headaches have become easier. It's easier to assess vulnerabilities and compliance thanks to automation. 

Prisma Cloud provides risk clarity at runtime and across the entire pipeline showing issues as they are discovered in the build phases. The vulnerability will stay on the dashboard until you fix it as well. It will keep showing you the issue until it is resolved. Vulnerabilities that are identified are documented and stored in the vulnerability management system.

Prisma Cloud has reduced alert investigation times thanks to the comprehensive dashboard. You can directly search for any host you are targeting or go through the entire list and check everything. 

It's helped customers save money in that it's helped them catch vulnerabilities thanks to 24/7 scanning. That helps you fix the issue earlier. If a vulnerability gets through and the company is breached, they can lose their reputation. The same is true if their service goes down - especially in a banking scenario. It can lead to a big financial loss. Having proper security controls and monitors in place mitigates this. 

They have very rich documentation, and everything is very clear with respect to integration and configuration.

It provides a lot of compliance rules. It provides us with around 160 different rules. That way, you can define everything during scanning and the system will keep checking for compliance, which is automated.

One single drawback is that updates are not directly based on push notifications. There is a lot of software that gets updated automatically. Since this is a security product, this product should be automatically updated. Right now, it must be manually updated. I should be able to focus on vulnerabilities and security, not updating.

Delays can be very costly. Even with a minute delay in updating, if an attack is successful, when you have this corrupted million-dollar product, it's useless to you then. That's why updates should be automatically done. 

It doesn't patch your products; it only provides insights into vulnerabilities. It's merely a value-added service for your overall security posture. 

They are missing some compatibility details in their documentation. If I am choosing a product, the first thing I look at before recommending it to my organization, is the documentation, including how it is organized, if their documentation is informative, what information they are providing, et cetera. Prisma Cloud has one issue within its documentation, and that is that it does not provide exact details of every single plugin. I was very concerned about which version of Prisma Cloud was compatible with which version of the solutions we had in our CI/CD pipeline. They need to be more clear. 

The solution is stable and is capable of covering large enterprises. I've never faced issues once I've deployed it. However, if you will be holding the data for the long run, you need to think about storage. That's it.

It's scalable. You can scale horizontally or vertically. 

Their support is not very good.

Negative

I've deployed it from scratch in a containerized environment. I am running a persistent container for Prisma Cloud.

The setup is very straightforward, thanks to their documentation. It's rich and comprehensive. They just don't provide version compatibility.

We deployed the solution in a day.

There is no other complexity in the implementation. It can be anywhere in the VM or any other component of your infrastructure. The agent should be able to ping its Prisma Cloud server. Once that is done, there is no other complexity. You just deploy the agent. The agent will keep updating automatically via the Prisma Cloud, and it will start finding new vulnerabilities. That's it. There are no such complex issues with the Prisma cloud deployment.

The implementation strategy was that we knew for which kind of infrastructure we were going to deploy it. 

There isn't much maintenance needed. The only thing is that sometimes you integrate Prisma Cloud with something that is not supported by Prisma Cloud or documentation does not explain it. In that case, you need to engage their support team. Their support is not very good. 

The solution is very expensive. They must have decided internally not to go after SMEs or startups. They are targeting multi-million or trillion-dollar organizations. Those are the companies that can afford their products. 

We're an MSP; we provide this product to customers. We provide security as a service.

We wouldn't recommend the solution for SMEs or startups. This is for larger corporate enterprises like large banks, fintechs, or telcos. It's good for larger infrastructures that might have legacy controls or devices.

Prisma is not the only solution in the market; there are others as well. It offers good core functionality, and it covers your whole cloud environment. It's a fully-fledged package that can help provide insights into security threats in any kind of development environment, from production to staging.  

I'd rate the solution seven out of ten.

If you are interested in Prisma Cloud, look at your business cases first. If you have a massive, large-scale infrastructure, they should not go into new products blindly.

There are five pillars of Prisma Cloud, including CWPP for workloads and security posture in the basic configuration. We have also been working with application APIs. These are the areas in which I'm working.

Most of our customers are using multi-cloud or hybrid cloud environments, and the problem they were facing was that they didn't have a one-stop shop for managing all the clouds. For example, Azure has something like that capability, but there are some problems and gaps. Every cloud provider says, "This is our territory, and we can only secure our territory." But the whole idea of Prisma Cloud is that it can take any cloud, whether public or private, bring the accounts on board, and after that, everything is managed by Prisma Cloud.

Another problem with Azure is that it has very overwhelming alerts, making it hard to manage them in native Azure. With Prisma Cloud, we have different rules and it is easier and more manageable. It is not overwhelming. We can look at its different modules. If we're talking about identity management, we can go to that module and see the identity. That makes things quite manageable with Prisma Cloud.

When it comes to investigation time, Prisma Cloud has something like 18,000 or 19,000 predefined policies and has remediations as well, so we know what to do or what not to do. It helps reduce investigation time because all those policies are already there. They are the "top" policies, and it provides remediations alongside.

Most of the customers we are tackling have different tools and solutions, like Qualys, Nessus, and vulnerability management assessment solutions. There are plugins for them, and we can integrate Prisma Cloud with them. We can enrich our telemetry with their data and use the predefined correlation rules in Prisma Cloud. That means we have that work done in seconds.

We also like the firewalls.

It also perfectly provides security across multi- and hybrid cloud environments. We use it with multi-cloud environments, and there are five cloud providers supported, including Amazon Web Services, Oracle, GCP, Azure, and Alibaba. Most of the big companies out there are using multi-cloud or hybrid environments, and they share dependencies on different types of cloud.

The basic idea of Prisma Cloud, and what I like the most, is that it is a managed cloud and everything is easy to do. So we can integrate different cloud-native services. We can use solutions like Defender for Cloud, Azure, and Amazon Inspector and enhance our telemetry using these data lakes. Prisma Cloud is the best for integrating with these cloud-native solutions.

The automation is good so far. If we look at the Kubernetes runtime environment, there is good automation for that.

Prisma Cloud is all about a preventative approach, and we can use it for compliance as well.

We can also integrate it into a CI/CD pipeline, and it can scan different images and containers, such as Kubernetes. Also, when we are loading an account, there are some agents that scan as well. There is Lambda for automation, and, in the first phase—the staging environment—we can have our work done. Pipelining is a continuous process, and the scanning takes place in the previous stage only. It runs in a sandbox environment and gives us all the remediations.

Sometimes, credentials are hardcoded. We can use the code security module and correlate with the predefined rules provided by Prisma Cloud. We get alerts, and based on these alerts, we can harden the policies for that code.

And the dashboard provided by Prisma Cloud has capabilities through which we can make alerts visible based on their severity level. We can create a separate dashboard for rules related to medium or high severity. That way, without wasting our time, we get to the medium- and high-level alerts and tackle the things that need attention the most.

The automation capabilities are growing each day, but the problem is that the updates are not that frequent. There are some services on Amazon that have come out with updates, and Azure is also getting up to date. But Prisma takes some time to follow. There's a time gap that Prisma inherits from these clouds. I understand why it takes some time, but that time should be reduced.

I have been using Prisma Cloud by Palo Alto Networks for two years.

The stability is a 10 out of 10.

The scalability is also a 10 out of 10.

We have a team of 25 to 30 people. Our company is based in India, but we have offices in Malaysia, Singapore, and Bangladesh, and we have clients in India and outside of India. Most of them are enterprise-level.

Their technical support comes up with great solutions. Every time we call we definitely get a solution.

Positive

It is onboarding in the cloud. There are a lot of documents, but it is quite easy. I'm into training as well, and it is quite easy for me to train my interns on how to onboard accounts to Prisma Cloud. If we are only onboarding one account, it happens in minutes.

In terms of price, we have to see the value we are getting for the particular penny we are paying. In that context, Prisma Cloud is a value-back cloud-managed solution; cloud-native solutions are quite expensive. That's why a lot of our clients are shifting from cloud-native to Prisma Cloud: because of its effectiveness and because it is budget-friendly as well.

I love Prisma Cloud. It's a one-stop shop for managing cloud security. And it is very easy to use. The dashboard and all the UI are very easy.

I am using five modules of Prisma Cloud, and I have expertise in CSPM. The use cases are related to securing our host container environment and multi-cloud environment.

We were looking to resolve issues related to host and container security in the Kubernetes environment, vulnerability management, and compliance management.

One of the benefits of using Prisma Cloud is that we can easily make our cloud environment compliant. We can make it vulnerability-free, helping coders or application users bring their applications to production without vulnerabilities or malicious packages.

We have gotten good reviews from our customers, saying that they have improved their security with Prisma Cloud for their cloud environments. That includes customers in finance and in the medical field. And the reporting we get from Prisma is excellent.

It has helped us reduce runtime alerts by 70 to 80 percent.

And because it's very transparent, we can directly investigate things. It has reduced investigation time by 100 percent. We can easily go to the dashboard and check what's happening when investigating. We have to be experts with our tools to investigate and do a deep dive into an incident.

The best feature of Prisma Cloud is that the various modules have different features. With the CSPM, we have compliance management, and we also have an auto-remediation module. In CWP, we can go with runtime, where one of the great features is blocking vulnerabilities or malicious activities from the pipelines or CI. All five modules are taking a preventative approach to the security of the cloud environment, from the network to the cloud, posture management and workload protection.

In CI/CD, we have the option to add a Prisma scan, which helps us remove the vulnerabilities and malicious parts of packages used to create an application. This option enables us to scan the images before running or building them and to get a vulnerability report.

Prisma scans things and shows all the vulnerabilities and packages that are vulnerable, and which layers, by default, have vulnerabilities. So developers can easily go into the package or a particular layer and make changes to their code. It's very transparent.

Reporting from Prisma Cloud is very straightforward. We can export reports in CSV format, or we can use the APIs in Prisma to fetch reports. Reporting is very easy and customizable.

It is also compatible with multi-cloud and hybrid environments. It gives the option to onboard with five clouds: AWS, Azure, Alibaba, Oracle, and GCP. Most of the companies we deal with use parts of various services from different clouds. To provide them with solutions, we need Prisma Cloud, as it helps manage multi-cloud environments.

A lot of automation capabilities are coming out with the updates, and they are growing day by day. The basic automation covers remediation of alerts, and in live applications we can block malicious activities in the files where the vulnerabilities come across.

In terms of cloud-native application comprehensiveness, we can integrate various cloud-native applications with Prisma Cloud. We can use Defender to protect workloads or Kubernetes in any native cloud like AWS EKS.

The CSPM provides the whole asset inventory, where we can see all the services in our cloud environment and how they are working, as well as how the assets are connected to each other and which network is connected. We can see the configuration.

We face some GUI issues related to new permissions for AWS. So far, we don't have any automation to complete them through the GUI. We have to manually update the permissions. Our customers have faced some issues with that.

I have been using Prisma Cloud by Palo Alto Networks for more than four years.

The stability is a nine out of 10.

The scalability is a nine out of 10. We just need some of the automations to come around in Prisma.

With all the capabilities it has and how comprehensive it is, with CSPM, CWPP, and more, we get help from the technical team at Palo Alto. They help us to get into what Prisma Cloud is and all the capabilities it has.

Their technical support comes up with good solutions for every difficulty we face.

Positive

The initial deployment is very straightforward, with the help of the technical team and tech support. It's very easy to get into Prisma Cloud. It takes time, one to two weeks, to complete the deployment. Most of our customers are enterprise-level, although we also have small clients.

The maintenance is mostly handled by Palo Alto teams. The updates are scheduled so that we know at what time they will update and what the new features are. They are good when it comes to updates.

I'm on the technical side and not into sales, but Prisma Cloud is better than the native applications when it comes to pricing.

I suggest that my customers adopt Prisma for every module. It's the best security platform, where we can provide security for multiple clients without using the native security approach.

I highly recommend this solution.