External reviews are not included in the AWS star rating for the product.
I have mostly used the CSPM and CWP side of things.
For one of our clients, we used the self-hosted version that we had deployed on IBM Cloud and the SaaS version hosted by Prisma itself. For the CWP side, we used it for securing applications of our clients, doing the runtime checks, and servicing the runtime events and plug-in vulnerabilities.
For the CSPM side, the use case was more heavily for compliance on the cloud. We had Google and AWS environments.
Its main benefit was that it made it easier to monitor our clients. It just made everything more efficient. There was efficiency.
Prisma Cloud provides security spanning multi-cloud environments. I have not worked with a hybrid cloud environment.
I never did anything with the automated features other than being able to click and have it do the relearn process when it comes to the runtime events. If I see that an application is creating a bunch of false positive runtime events, I can put it in an automatic relearn state. It will relearn what that application does so it is not firing off a bunch of false positives. That is the only automation I have used other than the Helm option provided at the time of deployment. It does some automation when it comes to deployment. That is about it. I am not sure about the savings money-wise, but I know that every time we deploy by Helm, it saves us time. It is hard to judge the time savings because I never deployed it in a manual way.
Prisma Cloud is pretty good for helping us take a preventative approach to cloud security. We can have lock-in controls where a developer cannot deploy vulnerabilities that are critical. We can prevent them from doing it that way. It is excellent in that regard. I also like the preventive controls on the runtime side. If you see a runtime event, you could put options in place to prevent that specific command from running, or you can shut down the console, container pod, etc. It is hard to measure the time savings. However, it can take us an hour if we have to reach out to the proper team to get a pod shut down. It would also depend on how responsive they are. Having something in place to automatically shut something down does save a lot of time.
When we first started deploying it, our team was new. We had done some training, but it did take us a little while to fully grasp all the benefits of Prisma Cloud itself. It could have taken a couple of weeks to a month before we really got a good grasp of everything. I would not say that this is the case with everyone. None of us in the team had done the cloud before, so it took us longer to understand and realize the benefits compared to others.
Prisma Cloud is pretty comprehensive. On the CSPM side of things, the SaaS-hosted version seems to have a lot more capability than the self-hosted version. The SaaS-hosted version is more comprehensive than the self-hosted version.
The visibility and control that Prisma Cloud provides affect confidence in the security and compliance postures. A great thing about it is that we can set up whatever specific compliance needs the clients have. It has a lot of features already built into it. It is a simple toggle action to enable the compliance that they need to follow. It lays out what is failing. It gives you all the information that you need to work with clients to get everything compliant. It also offers some options if you want to make custom policies and things like that. If the compliance policies that clients follow are not available nationally, they can have their own compliance policies. They can put those in. It is great.
Prisma Cloud provides a single tool to protect all of the cloud resources and applications, and then there are other tools that you can download from the console, such as the twistcli tool. It is all in there, but there are different tools that you can use as well.
Prisma Cloud saves a lot of time and probably a lot of money too. That is because you can log in to one specific tool. The CSPM SaaS side of it even has more, so being able to log in on that one tool helps. You do not have to worry about different tools to take care of different security aspects. Everything built into one saves a lot of time.
We were able to reduce runtime alerts as we worked with our clients to get to that security posture maturity. There were some clients that were getting probably 25 or more different alerts a day, and we were able to bring that down by more than half. We were on the way to getting even fewer alerts than that. It was quite a bit of a reduction. It is a slow process of getting the runtime alerts knocked down depending on how big the environment is, but it definitely helps.
When it comes to the vulnerability side of things, it has built-in top ten features or top ten vulnerabilities. We can look at them and say that these vulnerabilities are being ranked by Prisma Cloud as our top ten. These are the ones that we should be focusing on. We can work with our clients to help them determine which things should be knocked out first and so on.
Runtime protection and the ability to set up policies and controls are valuable.
The thing that I like the most is that when it comes to runtime events, whenever we see an event, we are able to look through the logs. It is pretty easy to look back through everything that took place. I also like the Radar screen for seeing how everything is connected.
While you can find everything, sometimes, it is a bit difficult. I have always had a little bit of an issue or struggle using the Resource Query Language that we can use to look through and find different things. I wish it was a little bit easier. It might be just my failings in that regard, but it can be a little bit difficult to find everything. You can find everything, but it is difficult sometimes.
If there is a way for auto Defender upgrades, that would be great. They started to implement it, but I do not know if they have done it yet. Having auto Defender upgrades so that we do not have to upgrade Defender manually would be helpful. If there is a way to push the upgrades from the console, that would be one way to improve it. I had created a couple of other requests for improvements, but I do not remember them at this point in time. I know that was one of them.
I started using it back in 2020 although I did a little bit of training a little bit before that around the end of 2019. It was originally Twistlock. I am not sure if Palo Alto had bought it out when I first started training with it.
I would rate it an eight out of ten for stability. Sometimes, on the SaaS version, the console would not load. It was a glitch on their end that they had to fix. We had issues with the GUI at a couple of points. We had issues whenever we were downloading the vulnerability report. It did not include all the information. Once they got some bugs worked out, it was pretty stable, but there were some issues.
It is very scalable. I would rate it a ten out of ten for scalability.
We had a couple of Fortune 500 clients. I do not know if we had anything that was small. A lot of them were big organizations, but some of the environments were small.
We had a client that had the SaaS version that had hundreds of different endpoints, if not more. Most of our clients were on the self-hosted version. Some of them only had four or eight different endpoints or hosts. One of them had about 50 different hosts, give or take. It was a wide array depending on the client we were working with.
When we started, there were three of us working with Prisma Cloud. There were about six of us by the time I left.
They are pretty good, but sometimes, it does take them a little bit longer to move from level 1 support to a higher-up level when it is a technical issue that they have not dealt with before. Overall, it is pretty good.
Positive
We also used a product called Aqua Security. We were using Aqua Security back when we were using the self-hosted version of Prisma and not the SaaS version of Prisma. We had not worked on the SaaS version yet, so I do not know if it is a completely fair comparison, but I did feel that at that point in time, Aqua Security had more features and a better layout. I do not know how that compares today. It has been a little over a year since I last touched Aqua Security, so I am not sure what updates and changes they have made.
We had a deployment team handling the initial deployments. We worked on the upgrades after the initial deployment, which were pretty straightforward, but I am not sure about the initial deployment. It seems to be pretty straightforward, but I have never done an initial deployment.
In terms of maintenance, it is just doing the upgrades. That is really about it. It seems that they push out a patch pretty close to every month. You can upgrade to the minor versions at the very least or security patches.
I would recommend Prisma Cloud to others. It does take a good bit of work to learn it and fully understand the complexity of it and all the features. There are still features in there that I do not even know about or have not even touched, but it is great for protecting the environment. It is easy to get into and understand some of it, but it requires a lot of learning to understand the whole complexity of it.
Its learning curve depends on what you need to do with it. I had taken a week-long class with it, and then there were other training sessions. It could take weeks, if not months, if you want to try to do all the different training they offer.
With my limited use of other platforms, I would rate Prisma Cloud a ten out of ten. This is the one that I have used the most. It is the best of the ones that I have used.
We use the GlobalProtect module within Prisma Cloud to ensure the security of our mobile users.
Prisma Cloud provides security spanning for multi and hybrid cloud environments.
It includes automation capabilities that we can deploy if the environment is suitable.
Prisma Cloud has enabled us to migrate from multiple vendors, creating a more user-friendly experience for everyone.
Prisma Cloud enhances the security of our cloud-native development lifecycle from start to finish.
One of the advantages of Prisma Cloud's GlobalProtect module is that it provides a centralized tool for monitoring applications, user connections, and latency. Additionally, it allows us to track the percentage of availability.
Prisma Cloud saves the equivalent time of one full-time employee.
The most valuable aspect of Prisma Cloud compared to other VPNs is its security and performance.
In the GlobalProtect module, we can easily guide users experiencing connection issues through the notification column. Within that column, we can submit and escalate notifications on host entries for troubleshooting purposes. Additionally, we can troubleshoot by collecting direct logs during user data connections. On the security front, we have a wide range of SaaS-based items at our disposal. Using Prisma Cloud, we can send internet-based reminders about the option to create a VPN tunnel internally.
Palo Alto needs to add more support staff to improve their response time.
I have been using Prisma Cloud by Palo Alto Networks for two years.
I would rate the stability of Prisma Cloud ten out of ten.
I would rate the scalability of Prisma Cloud ten out of ten.
The support response time is slow, with resolutions sometimes taking up to two days.
Neutral
The initial deployment is straightforward. I have experience with two deployments. In my previous job, the deployment took six months to complete. Currently, we have 15 tenants to deploy and have successfully deployed ten within the first seven months.
The price for Prisma Cloud is reasonable.
I would rate Prisma Cloud by Palo Alto Networks eight out of ten. However, the delay in support time negatively impacts my overall assessment.
We have 90,000 accounts and have already migrated 50,000 users over to GlobalProtect.
Palo Alto does the maintenance.
I recommend Prisma Cloud to others, as long as the solution meets their requirements for cost, support, and number of locations.
I am a cloud security architect. I assess the cloud infrastructure for customers and help implement security control. I use Prisma Cloud for assessment. After we have the visibility, we deploy security controls, such as perimeter firewall control, proxy control, and endpoint security control.
We have purchased the enterprise license that provides all the capabilities such as CSPM, CWP, and DSPM.
Prisma Cloud provides security spanning multi- and hybrid-cloud environments with Azure, GCP, and AWS clouds. It provides comprehensive security for all these CSPs.
By default, Prisma Cloud supports integration with ServiceNow and Remedy. There are a few more default integrations. Cortex is their own native solution, but in terms of overall automation, Prisma Cloud supports a lot of integrations. It is very helpful for organizations to be able to automate these daily tasks. Different organizations use different security tools. A few of them are directly integrated with Prisma Cloud and a few of them are not. However, most organizations use solutions like Remedy and ServiceNow, so these direct integrations are very helpful. They can save about 70% of the time.
Prisma Cloud provides comprehensive visibility into cloud-based resources. Most organizations are shifting their workloads from on-prem to the cloud. Nowadays, everyone is using the cloud infrastructure, and it is a very big challenge for every organization because, without a CNAPP solution, they do not have much visibility into their cloud resources. CNAPP solutions like Prisma Cloud provide visibility into any misconfigurations, threats, or anomalies. They are very good for code-to-cloud visibility.
Prisma Cloud provides code-to-cloud visibility for the application development cycle of an organization. Some organizations use SAST and some organizations use DAST. Prisma Cloud is a combination of both. You can integrate your GitHub or your IDE environment with Prisma Cloud. You can have a view of the vulnerabilities inside your IAC or application code. You also can integrate it with CI/CD. It is very comprehensive. Not many can leverage the complete benefit of Prisma Cloud. In my last organization, we only used it for runtime protection. We did not use it for CI/CD or code and build. In my current organization, we are using it end to end. It is a good tool. We have the complete capability. The first stage is code and build. The second stage is deployment, and the third stage is run time. It provides complete development life cycle protection.
The time to value is usually immediate. At times, the deployment can take some time, but as soon as the deployment is complete, you get the findings.
The visibility and control Prisma Cloud provides completely align with the customers' needs. At times, we have to create some custom policies. It is completely compatible with the needs of the customers.
It provides end-to-end visibility from development to deployment to production. It prevents the development teams from pushing vulnerable code to production. A lot of things can be prioritized and resolved before deployment. By fixing things beforehand, you save a lot of effort or workload later.
Prisma Cloud's findings help us to create policies. In our organization, the vulnerability reports go to the network team or cloud infrastructure team. They analyze the alerts and create organization-level policies. For example, if there is an instance that is using a public IP, based on that incident, they would create a policy at the org level so that in the future, no one assigns any public IP to an instance. It helps them to create better policies.
Different modules are valuable for different customers. We are leveraging CSPM. It is one of the best solutions for comprehensive visibility into cloud resource configurations and compliance. It has a lot of out-of-the-box policies, and the visibility that we are getting is impressive.
The DSPM module is valuable. This is the latest one that Palo Alto procured from Dig Security. No competitor provides this functionality in a single pane of glass. The support for Linux and container security is also very good. That is the beauty of Prisma Cloud. However, in terms of Windows security, Prisma Cloud is lacking because currently, there is no runtime protection available.
The UI is very good. We get all the things within a single UI. It is easy to use. A new user can easily understand it. It is very user-friendly.
It does not provide runtime security or protection for Windows Server. It is currently lacking in terms of Windows environment. They are integrating their Cortex solution with Prisma Cloud. Once they have a unified agent, I am sure that these challenges will go away.
DSPM is a bit limited in terms of data security and storage capabilities. It only supports a few databases or storage accounts. There is still a long list of services that they need to support.
I have been using Prisma Cloud for four years.
I would rate it an eight out of ten for stability.
It is working smoothly. There is no issue. Scalability also depends on the environment. It depends on how much credit you have purchased. If you go beyond that, they notify you. They will not allow you to onboard more accounts. It totally depends upon the credits that you have purchased, so scalability within the credit limit is good. It is 100%.
We have about 40 to 50 people using this solution.
Their support is average. It is not too good and not too bad. For about 50% of the cases, they have to reach out to their engineering team. The engineering team takes a couple of days or weeks to revert. They are usually unable to provide support without the involvement of the engineering team.
Neutral
I have worked with CrowdStrike's CNAPP solution and Aqua Security. Prisma Cloud is the best in my opinion. It is a market leader.
Prisma Cloud has more than 100 compliances built in. It supports almost all the services inside the CSPs, whereas other CNAPP solutions only support a few of the services or most commonly used services such as compute, databases, or networks. Prisma Cloud supports maximum services from the CSP side and more than 100 compliances. It has the capability of RQL, so you can create custom queries and get the required data.
It is very easy if you have an understanding of the solution. If you are new to this field, you can face challenges during implementation. Without proper knowledge of the roles, IAMs, and infrastructure, you will face some challenges during the deployment.
I can deploy it within an hour, but before that, we have to fulfill some prerequisites. We have to create a role for Prisma Cloud. We have to create a service credential. Every organization has its own procedure. They might take a day or a week to create the required service credential and assign necessary permissions to that. Once we have all the prerequisites, within an hour, we can deploy it. After the deployment, it starts providing visibility. It takes approximately 24 hours.
Our environment is hybrid. We are using AWS, Azure, and GCP. We also have an on-prem environment for which we have deployed Defender for CWP capability. Prisma Cloud provides us with cloud-native security and visibility.
They are regularly implementing new features in Prisma Cloud. They are doing regular updates in the backend, and they keep us informed. Mostly, they are performing these kinds of activities at night so that there is minimal impact.
Maintenance-wise, there is not much. Everything runs smoothly. They take the feature requests and notify us when they implement those requests. They are regularly changing and updating it.
I do not have any metrics for cost savings, but it certainly helps with security and compliance. The visibility it provides helps to fix any vulnerabilities. A data or security breach can cost an organization a lot in terms of money and reputation.
Prisma Cloud provides visibility into vulnerabilities, but it is an organization's responsibility to fix those vulnerabilities. Prisma Cloud only provides visibility. It is only an assessment tool. The team has to fix those vulnerabilities. The time taken to fix the vulnerabilities varies because different teams work on it.
I have not explored all CNAPP solutions. Overall, I would rate Prisma Cloud an eight out of ten.
I have onboarded AWS environment accounts for some clients and some online hosted repositories on third-party platforms.
We currently have four modules. We have Application Security, Runtime Security, and Cloud Security. The latest one is Data Security, but I have only been using the other three modules.
I have mostly onboarded accounts. I have not used its other features much. I am aware of the environment dashboard that we get after 24 to 48 hours of scanning. The suggestions that they give are in a curated manner. We can see what steps we can take to minimize risk or remove critical or high-level vulnerabilities. This categorization based on severities helps us to prioritize which risks need to be remediated first.
It helps us to prioritize. We can see what is the scenario at the network level, identity level, or Internet exposure level. On the basis of these categories and on the basis of severity, we get the whole cloud security posture of the environment and also the suggestions.
It has helped save some time. The customer environment can be very vast, and the use cases can vary. A startup environment or beginner-level cloud environment is easy to check manually, but for users who have been using cloud environments for three or four years, manual checks are not efficient. Prisma Cloud saves time and costs. We are able to give a much more informative review of the cloud environment.
Prisma Cloud is a cloud-native application protection platform. That is what we showcase to our potential customers. It has helped us to gain the confidence that we can proactively monitor a cloud environment or a repository. One of my recent use cases was related to the repository. The establishment of trust is there, and the extent of cloud security services has also rapidly increased for our organization. This offering has been a great pillar for our organization.
It not only provides the risks and misconfigurations; it also includes compliance, so the industry-level standards are also monitored.
I started onboarding environments only two or three months ago. After the first scan, I could see the cloud security posture on the dashboard. In some cases, I could see misconfigurations and some package-level vulnerabilities. They were all categorized on the basis of severity. I discovered all these things. Out of them, some issues were commonly found. We are able to resolve them in the easiest manner. Considering the number of issues that it discovered, it would have taken us months to monitor all the events manually. The customer environment keeps changing and the requirements also change, so the cloud security posture also changes. Prisma Cloud scans on a regular basis and saves a lot of time.
The visibility level that it provides is the best. It is not restricted or limited to a few attacks or vulnerabilities. Every day, any type of attack can happen. There can be an attack of any severity. We are able to see all the possible incidents and all the possible issues in the environment. It has made us proactive, so our confidence has also improved.
The dashboard gets updated on a real-time basis. The first time, it takes 24 to 48 hours. After that, the latest scan is always available. It is consolidated. We get a detailed and comprehensive view from Prisma Cloud. It is easily accessible from the command center.
Prisma Cloud has saved us time. It helps us to fulfill our commitments. Without Prisma Cloud, it would take us double time to deliver to our customers what they want.
I believe it covers the containers and host-level security. It does provide information about how many hosts are in the environment and how many containers are deployed on Prisma Cloud. It tells us if any of the containers or hosts are affected and by which vulnerability. A comprehensive view of all that is available. We can see package-level vulnerabilities for PHP packages, Python packages, etc.
Visibility and control are the most utilized features. A dashboard is available to us where we can view different categories. We can see any IAM-related risks, any discovered vulnerabilities, any incidents, or any network-level issues. So, visibility and control are the most utilized parts. We can also view possible remediation or suggestions for each of the issues.
I recently onboarded some of the repositories, and for that, the issues were categorized into four types. The view was not very easy to understand. The Application Security dashboard was not as user-friendly as the Cloud Security dashboard. The Application Security dashboard can be improved in terms of UI. The categories provided should be helpful for the ones who are using it for the first time.
Other than this, I do not have any areas for improvement. I am a new user. I entered the domain of cloud security only six months ago. Before that, I was in a different domain. As of now, I see Prisma Cloud as an excellent tool.
I have been using Prisma Cloud in my current job role for the last six months.
It is stable. I have not had any issues.
I have not faced any limitations.
I have not interacted with their support.
I have not worked with any similar solution previously.
It was already installed when I joined. I only had to ask for some admin access, which was configured by the internal team in the organization, and my account was easily onboarded.
The client account onboarding was also seamless. So far, we have onboarded five to ten accounts. Regarding the number of users, we provide limited access because it is a matter of cloud security. Overall, there are five to ten users, which also includes customers with view-only access.
It was already here when I joined.
I would absolutely recommend Prisma Cloud for cloud security posture management. It is great for onboarding cloud accounts. It is also good for onboarding repositories to improve application security.
I would rate Prisma Cloud a ten out of ten.
We're using the solution for container monitoring in one project and workload security in another. We've installed the agents on the servers to monitor for threats.
We haven't had an issue with the product for over a year.
Its threat-hunting capabilities are very good. Security is a major thing for us.
We're using it in a banking setup and are using it only on a private cloud.
The security automation is very useful.
Compared to AWS, the cost management is very low. The automation ensures we have limited tasks to do. In other security tools that I am using, there is no automation option at all.
We can integrate it very easily.
It's very easy to remotely connect. We can do that within fractions of a second.
We are getting a lot of visibility and control.
We've been able to reduce runtime alerts with Prisma Cloud.
We'd like to have more tools for threat hunting.
Sometimes, on the Azure side, there are issues. Some errors aren't being found on Prisma Cloud.
I've used Prisma Cloud for my past two projects. I've used it for one and a half years.
We haven't had issues with downtime.
The solution is scalable.
We've contacted support during some deployments on Windows servers in order to open ports. We had issues when we opened some ports and had no connection. Sometimes, their responses were slow or late.
Positive
The solution was very easy to deploy and integrate. We had a three-member team working on the setup. We only have ten to 20 servers.
There is no maintenance needed after deployment.
The pricing can be a bit costly. However, it has low cost management.
We're a customer.
I'd rate the solution nine out of ten.
We use Prisma Cloud for container security, serverless function security, and our Cloud Security Posture Management.
We realized the benefits of Prisma Cloud almost immediately. It can comprehensively secure the entire cloud-native development lifecycle, from build to deploy and run. It has that capability. We are using it in the build and run space, but we aren't using it for secure code review.
We are more dependent on another product for visibility. Prisma Cloud does not have a natural feel, so we use another tool. About 75 to 80 percent of our workloads are connected to one solution, but Prisma Cloud has limitations. It doesn't have agents for them, so we use other tools or other native security tools to protect them.
When we started, many false positives and mismatched rules were not properly created. We created a more mature ruleset and now have a manageable set of alerts. It's not that much and has reduced over time.
We use different tools to achieve the same result, and consolidating that helps us save money. It has saved us, but it is a costly product. We are also saving some money on projects where there is competition. It's much cheaper, and they have the same or similar features.
We have standardized vendor process management, so we want to reduce multiple vendors. Prisma Cloud is part of Palo Alto. We use Palo Alto firewalls and other solutions. Prisma has many features that intelligently cover cloud security. One solution can cover runtime for EC2 systems, containers, and Fargate. We also have EKS/Kubernetes integration. So, whatever the cloud-native solution in Pfizer, we can use one solution to secure that.
The Fargate security microservice that's running doesn't support blocking features, which would be helpful. Another issue is the lifecycle. It isn't easy to upgrade if we have a console in Fargate.
We have used Prisma Cloud for nearly two years.
We have had some issues, but they were mainly due to the environment. It did not crash as much after we set up the environment, but we had to build the system twice because of environmental issues. It took us a long time, but we have a learning curve on these deployments.
Prisma scales well if we're deploying on Kubernetes, but it doesn't scale that great on Fargate.
I had an opportunity to work with technical support and presales. The technical support was good. They are deep into the technology, but the presales staff wasn't up to the mark.
Positive
We have Aqua Security and many open-source tools. Prisma Cloud suits our needs, so it's good.
The deployment had a steep learning curve, and the support wasn't trained enough to work on the product. They were trying it out in their own lab. It's a new technology, so it takes time.
We deployed via a CICD integration, which took us around two months. We have two deployments: production and our lower environment. It took time because there were dependencies in the infrastructure. It took two to three months to get a stable working solution. I deployed it alone.
We deployed in Fargate, so high availability and other things were not an issue. The issue was the upgrade process, which requires us to streamline the upgrade process in the target deployment. That requires maintenance. If there is a major upgrade, it requires a lot of planning and everything.
Prisma Cloud's pricing is a little higher than its competitors. It should come down.
I rate Prisma Cloud seven out of 10.
I am using Prisma Cloud CSPM. It is a business as well as an enterprise license. We have the licenses for data security and host security for particular tenants. We have IAM, Code to Cloud, CI/CD pipelines, and scanning of code. These models are activated.
We are getting alerts and vulnerabilities for cloud asset misconfiguration and identity access management. We are using Prisma Cloud to find out these vulnerabilities and remediate them manually and automatically.
We have a multi-cloud environment. We have on boarded multiple client clouds. The data is on the AWS, Azure, Oracle, and Google clouds. All the organization-level accounts or individual accounts are onboarded into Prisma Cloud. Instead of using cloud-native CSPM solutions such as Security Hub for AWS, Security Command Center for GCP, and Microsoft Defender for Azure, we have integrated all cloud accounts with Prisma Cloud. So, centrally, we can manage and monitor all the vulnerabilities, misconfigurations, and cloud environments. We have all the logs. It may be the audit log. It may be the virtual network log, network flow log, firewall log, or any cloud trail log.
We can monitor all the cloud assets and cloud resources. For example, if a user has wildcard permission or is a power user but only requires read-only access, Prisma Cloud lets us know. It recommends the access that needs to be given to the user. We can create custom policies according to the customer usage over the last 90 days.
If some users and service accounts have access keys that are not rotated in 90 days, Prisma Cloud alerts us that a key has expired or not rotated in 90 days. We then manually rotate the keys and update them in the cloud environment. Prisma Cloud provides best practices for insider threats and external security exposure.
If a VM or S3 bucket is publicly exposed, Prisma Cloud alerts us about it. It also suggests a way to fix the issue. It provides remediation and also provides information about the severity. The recommendations are given based on best practices and ISO standards, and we can then remediate those alerts.
Prisma Cloud provides security spanning multi- and hybrid-cloud environments. They are also launching Prisma for MSPs. It is in progress and not yet officially launched. That will help with the next-generation cloud security.
Prisma Cloud continuously scans the cloud assets we have, such as virtual machines, S3 buckets, IAM configurations, CloudTrail logs, and VPC flow logs. It continuously scans and generates alerts. There is also a feature for the outbound integration with Splunk, Teams, or Slack so that you can get alerts in these solutions.
The remediation team takes action on generated alerts. The recommendations that it gives speed up the remediation. We can remediate issues or threats before they spread in the cloud environment.
It has a lot of features. It has different modules for application security, cloud security, DSP, etc. There are different versions. Prisma Cloud provides overall network security, application data security, and customer data security. If a customer has a Palo Alto firewall installed on their on-premise data centers, its logs can be integrated into Prisma Cloud. From the cloud infrastructure perspective and the network infrastructure perspective, Prisma Cloud helps to improve the overall security posture. It is very helpful.
Because of Prisma Cloud, we have reduced asset misconfiguration within the asset inventory. We have also reduced the risk and improved governance and compliance. We get proper alerts and recommendations to improve the security posture. It also helps from the application security perspective.
Its benefits can be realized very quickly. Once a cloud account or a cloud environment is integrated with Prisma Cloud, it takes seven to eight hours for Prisma Cloud to scan it. After the logs are ingested into Prisma Cloud, it assesses misconfigurations and generates alerts.
From the operations perspective, it is good. The console availability is there. They notify us about any upgrades and maintenance. For any data or logs being ingested, it creates alerts and provides the recommendation.
It categorizes the risks based on their severity. We are confident about our security and compliance postures. We can create our own compliance rules or follow the compliance standards applicable to an industry such as HIPAA, SOC2, etc. It is a good feature.
It is comprehensive. It can scan all cloud assets. It can scan Docker images, so image scanning is there. Infrastructure As Code scanning is there. Agent-based scanning is there. Container security is there. We can scan these and find out the vulnerabilities. Prisma Cloud supports application security and container security.
It reduces the remediation time. The critical alerts that we get also provide the remediation steps. We can remediate an issue in five to ten minutes.
They have data security posture management. We can apply the data loss prevention policies to S3 buckets or the data assets we have in the cloud. It is a good tool for securing our sensitive information.
Prisma Cloud is more cost-effective than cloud-native tools. We can remediate the multi-cloud environment and improve the overall cloud security through this single tool. As compared to the other solutions, Prisma Cloud is good. There is runtime protection, container security, and other things for multi-cloud environments.
With the query language, we can analyze logs and find out which IPs are malicious. It also provides a graphical representation. It provides the overall visibility and how the traffic is flowing. We can see where the malicious IP is and whether it is an insider threat or an outsider threat.
We also have the reports tab. We can easily capture reports for the last month and the type of vulnerabilities and alerts we are having.
From the compliance and governance perspective, we can create custom policies or custom compliance and governance rules as per various industries or compliance standards, such as HIPAA, PCI DSS, and NIST. From the compliance and governance perspective, we can track the cloud environment. It is a good feature.
Some of the clients onboard individual cloud accounts into Prisma Cloud. When any new service comes into the AWS, Azure, or any other cloud, Prisma Cloud generates a warning about the new service and any missing permissions to be able to ingest the logs. We then manually run a Terraform template for Azure or a CFT template for AWS. It is a manual task that we have to do as and when needed. It is a repetitive and manual task. They should find a way to automatically update the role with the CFT or Terraform template. It would be best if this task is automated. When an account is onboarded, if it is missing any permission, it should automatically be updated with the required permissions and policies.
If they can do something from the AI security perspective, it will be helpful. I am not sure if it has any AI capabilities, but it would be helpful to have AI integration for finding out issues and remediating alerts.
I have been working with Prisma Cloud for the last three years.
It is stable. The cloud environment is dynamic, so the tool must be dynamic. We have not had any issues with it.
It is scalable. It scales up properly.
Currently, we have multiple locations. We have about 20 companies with multiple cloud accounts. It is a multi-cloud environment.
The support from the Palo Alto team needs to be improved. Sometimes, we do not get an immediate response. It does not happen regularly, but more interactive support is required for Prisma Cloud.
Neutral
I worked with Wiz in my previous company. Wiz's GUI was better than Prisma Cloud. They provide remediation and recommend which policy needs to be created and how we can create the policy. From the GUI perspective, I like Wiz, but Prisma Cloud is improving.
Wiz was also better from a cost perspective. I am not sure about the current price, but at the time, the client went to Wiz from a cost perspective. However, for runtime protection and continuous security, Prisma Cloud is good. Wiz did not provide these features.
It is tenant-based. If you have a multi-tenant environment, it is complex.
In terms of the implementation strategy, a customer requests us to onboard an account to Prisma Cloud, and we check with the customer what exactly they want. We first enable VPC Flow Logs and CloudWatch Logs in the AWS environment. We create a tenant with the help of the Palo Alto Networks team. After the tenant is built, we onboard the particular cloud account into Prisma Cloud. The alert rules, user access, and policies are created. This is the way we implement this solution.
It is not difficult to maintain. Only the cleanup process is there. If a user leaves the organization, we need to manually remove the access for the user, so the cleanup process is there. Apart from that, there is no maintenance. When a license expires, we need to renew those licenses.
From a deployment perspective, currently, we have three to four people, depending on the task. If a customer has a multi-regional cloud environment or a multi-cloud environment, it requires more time. Generally, four to five people in coordination with the Palo Alto team can handle those tasks.
The ROI is good from the security perspective for the multi-cloud environment. It is cost-effective. To secure the cloud environment, Prisma Cloud costs less than the cloud service provider's solution. The monthly cost of Security Hub for AWS or Security Command Center for GCP is more than Prisma Cloud. Prisma Cloud is a better solution in my opinion.
Its licensing cost depends on the type of license such as the business license or the enterprise license. The enterprise license is costlier than the business license, but we get more visibility and more modules.
If you have a multi-cloud environment and subscribe to each cloud's native CSPM tool, it is costly. If you are using a single tool like Prisma Cloud, with a single license, you can monitor all environments, such as Google Cloud, Azure, AWS, and Oracle Cloud. The cost of Prisma Cloud is less than the cost of subscribing to the CSPM tool of each cloud provider. This is where Prisma Cloud can save costs.
If you are looking for cloud security posture management, application security, and container security, Prisma is the one. It is the best solution to track and monitor all the security postures for your cloud environment and the application and code environment. I would recommend using Prisma and its various flavors.
I would rate Prisma Cloud a nine out of ten for its capability.
Prisma Cloud is the amalgamation of multiple products. The main component was acquired from Twistlock. The main use case is to perform cloud security posture assessments of your cloud workload. You can connect multiple cloud providers to Prisma Cloud and review the security configurations.
The two Prisma modules I use are cloud security posture management and cloud workload protection. The compute part of Prisma Cloud Cloud can also be deployed on-prem. It's mainly for an on-premise environment. You can deploy a standalone host to protect or review the configurations if you have a Kubernetes Docker host.
I work for a system integrator, so I deploy these solutions to customers, but I don't typically operate them. Clients are looking for visibility into their multi-cloud environment. When you have an environment distributed across AWS, Azure, etc., controlling all the cloud environments from different consoles is difficult.
Prisma Cloud gives you one console to see all of your assets, review their configurations, and build your processes. If you have a development team or your organization is developing a product, you can use Prisma Cloud to secure the product development lifecycle. You can integrate Prisma Cloud with your CICD pipelines to scan the containers and ensure they aren't vulnerable to any known CVEs.
It's a single pane of glass that covers all aspects of your cloud environment. It also provides your DevSecOps or DevOps teams with an excellent tool. Prisma Cloud is a collection of acquisitions, so you have multiple products within one tool.
None of the solutions that promise to reduce alerts have done that, but Prisma Cloud gives you meaningful alerts. In rare cases, I've experienced alert fatigue or some false positives. It identifies guaranteed alerts. I can prioritize alerts based on several factors. If you have a resource on the cloud that has given vulnerability, it will check to see if the resource is exposed to the Internet and prioritize it accordingly.
Most customers use Prisma Cloud for visibility and compliance. Prisma has so many features, but many organizations do not use them. They primarily use the visibility part to connect all their cloud accounts and hosts for visibility to see if they are missing any security controls or if they have any misconfigurations.
You can connect it to cloud environments such as Azure, AWS, Oracle Cloud, Alibaba, etc., or to an on-prem data center. Prisma Cloud gives you so many options to automate processes related to your daily operations. When it comes to cybersecurity, you can automate things with their existing APIs. They also have out-of-the-box integrations with many solutions.
I have not seen any limitations. Everything is customizable. You can do whatever you want, defining the reporting and custom use cases. They recently updated the UI, so it's much better than before.
These tools have a set of signatures or rules that will alert you whenever something meets the criteria. In the future, they might include some machine learning or AI feature that allows you to ask questions about the context of the alert, and it will provide you answers based on the data that they have. Most vendors are doing it, and I believe they will do it in the future. The reporting bar could also use AI to add context based on the environment.
We have used Prisma Cloud for two and a half years.
I rate Prisma Cloud nine out of 10 for stability. I haven't seen any incidents with Prisma Cloud aside from the usual false positives you get with any solution.
There aren't any limits to Prisma Cloud's scalability. I have seen Prisma Cloud working with organizations that have more than 800,000 assets in their cloud environment.
You must have a large multi-cloud enterprise to realize Prisma Cloud's full value. A mid-sized enterprise with one cloud provider will not benefit from it. However, a mid-sized enterprise with a multi-cloud environment can get something out of it because it's difficult to track the number of assets and spending across all cloud environments. You need a cloud monitoring solution for them.
The quality of Palo Alto support depends on the region. Some regions have a higher priority and better teams to support clients, but others outsource the support to other countries. Generally, it's above average.
Aqua Security was their main competitor. I have not worked on Aqua Security, but Tenable acquired the company recently, and it became Tenable Cloud Security. It's similar to Prisma Cloud, but it doesn't have the same functionality as Prisma Cloud. It's less comprehensive.
The setup process depends on the customer's environment, but deploying Prisma Cloud is straightforward. SaaS solutions are easy to set up. You don't need to worry about setting up any servers. You just deploy the agents and provide the credentials of your cloud environment.
I'm not sure about the pricing. I have seen some commercials, but the pricing is variable. It isn't expensive compared to the value it will give you. It's like a choice between a 2024 Mercedes or a 2019 Toyota. It's a high-end product, but you get an excellent value.
I rate Prisma Cloud nine out of 10. A cloud solution for configuration review is essential for any organization with a multi-cloud environment.
The main use case was identification of cloud security compliance and detection of misconfigurations (including user and service principal identity and permissions) across multi-cloud environment. Secondary use case was development of custom policies based on internal security requirements of the banking client.
For the Financial Services client, I mainly used the CSPM and Cloud Infrastructure Entitlement Management (CIEM) modules. Code Security module was integrated to a limited extent, as part of CI/CD pipeline to enable Infrastructure as Code scanning before deployment. The primary cloud platforms of this client were AWS and Azure (limited cloud presence).
I also used Prisma Cloud for a PoC for another client of mine who used Azure and Oracle cloud platforms. The evaluation included different capability set as well: in addition to CSPM, CIEM, the Cloud Workload Protection Platform (CWPP) module capabilties were evaluated.
Prisma Cloud provides security spanning multi-cloud environments. I have used the it for securing AWS, Azure, and Oracle Cloud environments.
Main Benefit:
Increased visibility across multiple cloud platforms is the main benefit. Before implementing Prisma Cloud, cloud-native solutions were available, however they did not show all of the problems that were present. The main benefit of implementing Prisma Cloud was the increased visibility into cloud permissions of users, roles and their usage in AWS. Prisma Cloud enabled that visibility and enabled the teams to see misconfigurations that were present in the cloud environment and start addressing them.
In addition to the identity part, Prisma Cloud provided some foundational visibility into the cloud workload misconfigurations. While a lot of false positives were identified, after the initial alert triage, the result was a lot of valuable insights to various misconfigurations.
Threat Detection:
In regards to threat detection, for the other client where I carried out the PoC, I have done some testing after onboarding the Cloud Workload Protection module. Malware samples, EICAR files were uploaded to the test environment, and Prisma Cloud detected all of it.
Compliance Monitoring:
During the PoC for one of the clients, I have used cloud compliance monitoring of Prisma Cloud CSPM as well as CWPP modules, and found some discrepancies between the two. Some built-in compliance frameworks are available for the CSPM module, however not available in CWPP module. Cloud compliance monitoring and reporting can be done, however, there were discrepancies on what built-in compliance policies and frameworks are available in different modules. Custom security and compliance policies can be created and were used extensively in the Financial Services customer's project.
Hybrid Environments:
In regards to hybrid environments, I have only used it for Kubernetes deployment during the PoC. Kubernetes can be hosted on-premises or used as a managed service offered by any of the major cloud providers. I suppose that covers the hybrid use case. I have not used agent-based installations on anything other than Azure Kubernetes Service (AKS). In my experience, this part is where Prisma Cloud stands out from the competitors. It demonstrated easy onboarding as well as comprehensive visualisation of Kubernetes workloads running on the cluster, vulnerability and malware detection capabilties.
Features That Require Client's Time Investment:
The initial "alert burndown", as Palo Alto Networks themselves call it. The alert triage and policy tuning phase where the security team goes in, reviews the initial findings, updates the policies and/or creates custom ones, and disables some of the policies that are not relevant so that internal teams are not overloaded. That has required a significant amount of time invested. For the Financial Services customer, Code Security module has also been deployed (Checkov integration into the CI/CD pipeline). It took a lot of time to tune Code Security policies, because it performs static analysis of Infrastructure as Code files. It can produce a lot of false positives, especially in cases where Terraform modules are used in the infrastructure code.
CIEM module has provided most value for the Financial Services client, it identified the overly-permissive roles and users who can assume these roles. Without CIEM, these misconfigurations would have been difficult to spot.
Prisma Cloud is based on acquisitions, which is both a pro and con. Palo Alto Networks made it fast to the market, however, they are now catching up and trying to integrate their acquired solutions into the Prisma Cloud platform.
Ability to See the Full Picture of Risk:
The main hurdle from user standpoint for me was the ability to see the full picture without effort. This was still true when I last used it in April 2024. A user has to switch between the modules to get different pieces of information. To see the CWPP data, you need to switch to that module. To see the code security part, you need to switch to the Code Security module. It is the same story with CSPM. At least two competitors of Prisma Cloud offer a better experience when it comes to visualisation of data. They show the full view of a risk (what Prisma Cloud claims to do, but does not do well). The good news - Prisma Cloud is catching up and has slightly improved over time.
The User Interface:
I simply didn't like the first one, then they changed it and made it even worse. But that might be a matter of preference, not an actual negative.
Ease of Building Custom Policies:
The RQL and APIs are poorly documented, which significantly complicates building of custom policies. There should be no expectation that someone without a clue on how cloud services are constructed can effectively write custom policies using any of CNAPP offerings available in the market, however, this is especially true for Prisma Cloud. When we compare Prisma Cloud with competitors, for sure, it is much more difficult to create custom policies because the APIs themselves are not that well documented. When discussing this topic with their Professional Services engineer who was assigned to the project, the person admitted that at times it is trial and error path to building custom policies. The JSON preview feature did help to improve it, but you still need to guess which API to pick to get what you want.
With all that said, Prisma Cloud offers a powerful custom policy building engine, and when a skilled person works on it, they can do advanced queries, joining the results of different APIs for example and using them to futher build the custom policy.
Quality Control Issues:
During the year-long project while working on alert triage, I encountered a number of CIEM policies that were displaying odd results, which were reported to the Customer Success team and were addressed with an update. This was an indicator that these built-in policies have not been tested that much, since the issue that was identified was impacting all users.
I've used Prisma Cloud for over a year.
I used it for two clients of mine. One client was in Financial Services sector, a bank, and that was where I prepared a solution integration design for Prisma Cloud and later on, supported the integration itself, including the alert review and handover of the operational tasks to the engineering team. For the bank, I started with integration planning (HLD, then LLD) and internal security review process in December 2022, implementation after three months, and finished the project in March 2024. It has been over a year overall of using the solution.
The second use case involved conducting a month-long Proof of Concept (PoC) for another client in the Engineering & Manufacturing sector, focusing on testing of Prisma Cloud CSPM,CIEM and CSWPP capabilities for Azure and Oracle cloud platforms.
It is stable in the sense of being available so that users can log in and use the solution.
However, a colleague working on the same project in security engineering team has noticed some of Prisma Cloud behaviour using search functionality, which returned different set of results each time same, unmodified query was being executed. This could be a single example of such instability, but it was something odd to observe. This issue has been raised to Prisma Cloud support team, however, I am not aware of the outcome.
Scalability was perfect. We had no issues with it.
I would rate their support a five out of ten. The professional services engineer was excellent. The sales and technical account management team was excellent. The solution architect who supported us also was great.
However, for the customer success part, we had to replace an engineer who was originally assigned to support us. In many cases, the customer success team struggled to answer questions which we already researched reading available documentation. Most of the time we got answers from the solution architects. After replacing the engineer who was originally assiged to us, the situation improved slightly, but I would still expect a more capable team supporting the product. My understanding was that the customer success team struggled getting the right information as well.
After we escalated some of the problems to the TAM, issues were resolved relatively quickly.
Neutral
Before using Prisma Cloud, I used Checkpoint's Dome9 (in 2020-2021), as well as Microsoft Defender for Cloud. Main reason of selecting Prisma Cloud was multi-cloud capabilities, high number of built-in policies and capability to build custom policies.
If you mainly use AWS, and also use Kubernetes - Prisma Cloud may be a really good option. If you use Azure and Oracle cloud - there might be better alternatives out there.
I would strongly recommend to test it in your own environment, by onboarding a few accounts in Test/Dev and try to work on the findings - this will give you a better understanding of the tool. If you plan enabling your dev team to work on it, involve them in the PoC/PoV testing and get their feedback (this will likely show how much time security team will need to invest into supporting the dev team as well).
In my opinion, it is very straightforward. A few months back, I deployed Prisma Cloud and two other CNAPP tools in a PoC setting, and I can say that Prisma Cloud was the easiest one to onboard the cloud environments, as well the Kubernetes cluster using their provided Helm chart template. Despite my prior experience with Prisma Cloud, the onboarding documentation is well-written. A small exception can be made for SSO and SAML configuration, for which Prisma Cloud did not have public documentation article available, however, the Customer Success team has provided an instruction document for the configuration.
The cloud environment onboarding duration depends on whether the person deploying it has all permissions on the cloud side. If all permissions are in available, you can deploy it within 15 minutes. It is so easy. If AWS Organizations are used, after onboarding Prisma Cloud sees all the accounts that are part of that Organization. Same applies for Azure when a Tenant Root Group is onboarded - all subscriptions that belong to it, as well as all resource groups and resources part of it are monitored automatically. Some results show up immediately, while all misconfigurations are visible the next day, because it takes time for the tool to ingest all the cloud wokrloads, build the inventory and produce findings.
If we talk about onboarding Kubernetes clusters, the time it takes depends on the client's environment. Onboarding a single cluster is a matte of minutes. Overall, it can take some time, but is really straightforward using the provided Helm chart template.
Maintenance of the Integration:
Any CNAPP solution requires maintenance. This is because new cloud services are being rolled out by the cloud providers. For a CNAPP solution to be able to read those new resources and their configurations, permissions on the cloud provider's side need to be added to the roles that the CNAPP solution is using. As time passes and new cloud services are rolled out, missing permissions show up in Prisma Cloud, indicating what needs to be updated on the cloud provider's side.
The other item is the review of new built-in policies. These new policies may produce some false positives. From time to time, this needs to be reviewed by the security team. Some adjustments might be required there.
Last big item is the new features of Prisma Cloud that are being introduced. If these new features are added and if a client is using a custom and granular RBAC model to access Prisma Cloud, these permissions need to be revised and updated so that users can access and use those new capabilities.
For overall integration I have been working as a consultant (external) for the Financial Services customer. In this project, we had Professional Services consultant provided by Palo Alto Networks as part of the contract, who supported custom policy development. However, most of custom policies were developed by external consultants who were hired for the task.
The project also had Customer Success team support who offered training sessions.
I would rate the Professional Services team very highly. However, the Customer Success team fell short of expectations, to the extent that we requested a replacement for our customer success engineer.
As a cloud security specialst, if I did not have such tool, I would write a bunch of scripts to query the cloud APIs and get the data that I need. Prisma Cloud does that for us. With that said, any CNAPP tool offers such capability.
We have not estimated the actual return on investment in terms of quantifying it. From a security standpoint, with help of Prisma Cloud we found a number of misconfigurations that were not detected previously, however it is difficult to quantify the ROI. We may have prevented a security breach with remediation of the findings, however, any accurate likelihood and impact estimation would also be challenging.
The pricing is on par with the competitors.
A few competitor solutions have been evaluated during the selection for the Financial Services client. However, the selection process was made by former security architects who from whom I took over the project for integration planning and implementation as they departed the client's organisation.
For the other client, where I tested Prisma Cloud in a PoC in 2024 April on Azure and Oracle cloud use case, unfortunately, Prisma Cloud has not been chosen as CNAPP solution.
Pros:
I would recommend Prisma Cloud to those who are cloud-native. Specifically, Kubernetes is what Prisma Cloud does really well because they acquired Twistlock which was an excellent tool for the task.
Another big point would be for those with many internal/custom security requirements. Despite the challenge of undocumented APIs, if you have a dedicated cloud security engineering team, they can take advantage of the RQL policies for cloud security posture management and compliance monitoring.
Cons:
If you want full visibility of risk, without needing to proactively look for issue, and need to switch between the contexts within Prisma Cloud, I may not recommend it. If visibility is your priority, there may be better alternatives out there. If the client is a small enterprise and wants to prioritize the tool being used by the developers, there are stronger competitors out there, as to my observation, Prisma Cloud is built for those with dedicated cloud security roles in mind who will spend the time tuning the tool and customising the policies.
Data Protection / GDPR concerns:
The main client where I used Prisma Cloud and worked on the integration is a bank in Europe, and they are very sensitive to data protection and GDPR, which has added some constraints to the whole integration. This would be true for any other CNAPP solution (deployed in a full SaaS mode, not using an "Outpost").
If the vendor is compromised and the permissions that it has in the client's cloud environment are compromised, this could lead to a security breach and this is a risk that must be understood and accepted when deploying a 3rd party CNAPP solution. This is true for all CNAPP vendors, not only Prisma Cloud.
AI Security:
I have not used Prisma Cloud for AI security. I know they have released some AI capabilities, however, I cannot comment on it.
We have a console set up in Prisma that scans all the cloud environments and collects data about platform, infrastructure, and app vulnerabilities.
We are responsible for app vulnerabilities, and 90 percent of the vulnerabilities were detected by other products before Prisma scans. Other scanners also do some of the same things. Prisma's ability to consolidate and identify the uniqueness of the vulnerability is a huge help. Based on the different scans, we can determine duplicate vulnerabilities.
Prisma provides visibility regardless of how complex or distributed my cloud environment becomes. It adds value, especially from the infrastructure and platform side. From an application perspective, there were many other challenges.
I wouldn't say we can protect everything with Prisma. It identifies the issue but doesn't resolve it. Protection is something else that we have to do in the cloud environment.
We use Prisma to scan for vulnerabilities and place them in a centralized repository where they are assigned a severity. Based on that severity, App Runner will get time to fix it after something is already in production.
One feature we like is the amount of data Prisma gives us. Some infrastructure and platform vulnerabilities in the cloud are hard to detect, and we were unaware of some of these. It's critical to shed light on these. For example, you create virtual machines and forget about them, but when you revisit them, some vulnerabilities may be detected.
Prisma allows us to adopt a preventative approach. We can scan some containers before they go into cloud production. The only caveat is identifying the cloud environment in a production or non-production environment.
Prisma could improve the data quality. One challenge is that when an application is deployed on multiple virtual machines, we get an alert for each machine, but the biggest challenge is container flapping. When containers go up and down, we get 100 alerts on one day, but it reports 20 the next day. The numbers keep changing, and the app owners tell us, "You reported a hundred vulnerabilities from my app, and today, you report 20. I haven't made any changes in production, is your data correct or not?"
Containers can go up and down, so it can't tell whether the container is down for good or if it was only down at the time of the scan. That's one of the biggest issues we had. The second is data deduplication because we get vulnerabilities from multiple sources through Prisma scans. A vulnerability is reported by Prisma scan and software composition analysis, SAS, DAST, or BLAST scans. You've got all these different scans reporting the same vulnerability.
We have used Prisma Cloud for a year and a half.
Often, we don't get the data for a particular console because it's down. While we're working to fix the issue, we get the previous data and all the other stuff.
At my company, we have many resources, and I haven't had any issues with vulnerability. Prisma can scale vertically or horizontally very well.
I can't say whether Prisma has saved us money because that's not the goal. The objective of Prisma is to identify incidents inside the company. Reputation and data security are the two most important things to a financial institution. We spend money to prevent improper data usage or vulnerability exploitation. I don't know whether it can save money, but it protects our data.
I rate Prisma Cloud seven out of 10. It does do a lot of things, but the data reliability and other issues make our lives more difficult. It presents more challenges than just getting the data and porting over.