We initially wanted something to protect our infrastructure. We acquired Prisma Cloud, so at least our containers are secure because we already installed agents in the containers. Our infrastructure is being monitored by Prisma Cloud. Then, we started with the WAF (web application firewall) service to enable API discovery and to understand what our APs are doing.

We can protect our APIs in case of a DDoS attack. We are currently working on CI/CD integration so that we can enable Slack CLI in our pipelines. Whenever there is a vulnerability, it will automatically be produced into the Prisma cloud.

The most valuable feature of Prisma Cloud is WAF. AWS also provides web application security, but it is outside the VPC. Since the agent is already installed in the container, we can protect it directly from the application side. We have a UI-based view of the request.

If I want to know how many SQL injection attacks happened in a day, I can just make a filter. Instead of typing, I can select the filter and get the details. It's much faster, and it is very easy to find out attacks and discovery from the user's perspective.

A couple of exporting functionalities should be more user-friendly because if I want to export something, I can get a lot of data visible to that particular CSV. There is no filter for what kind of data I want to export. That is something that I have missed as someone from the management side. When we see any CVE issues, proper information, including the path, should be mentioned.

For example, in the case of vulnerable packages or images, whether a base image is vulnerable or the package under the base image is vulnerable should be mentioned. That visibility is sometimes missing there, although not every time. It took me some time to figure out what kind of issue it was trying to resolve.

For example, one issue was that an image should be run with a non-route user. Only the discussion was there, but how to validate and fix that was not there.

I used Prisma Cloud by Palo Alto Networks for around one month in my previous company. I've been using it for the past four months in my current company.

Prisma Cloud is a stable solution.

It is a scalable solution. We have more than 20 people using Prisma Cloud in our organization.

I rate the solution's one-on-one technical support session a six out of ten. The support team usually provides only a half an hour session, which sometimes is very little for us when the issues are big. However, their support through email is good. The solution's one-on-one support session should be extended by at least half an hour. Since their one-on-one sessions are based on their availability, I don't get instant assistance when I need it.

I have previously worked on different tools like PingSafe. PingSafe is only into cloud security posture management, but Prisma Cloud has everything enabled in it. As a cloud security posture management tool, both the tools have their own advantages and disadvantages.

I can compare only one functionality, which is the CSPM module. For the CSPM module, Prisma Cloud's finding is good because it has access inside a containerized agent. PingSafe was more into the basic CIS benchmark things where we were able to identify the issues. PingSafe was also good, but Prisma Cloud has more advantages and configurations enabled.

The solution's initial setup was pretty straightforward. It's a bit complex for a new person, and some guidance will be required. However, the documentation is quite enough to reduce those things. The initial setup is neither too hard nor too easy.

The DevOps team does the solution's deployment. I was not a part of the deployment process. When I discussed it with them, they told me they had some script or documentation. They started that, and the deployment was completed in a day or two.

We are using cloud protection, virtual protection, and the CI/CD modules of Prisma Cloud by Palo Alto Networks.

The comprehensiveness of the solution for protecting the full cloud-native stack is pretty good. We need to monitor those things. We initially did all the configuration from the container or API side. Now, our work is only to monitor periodically. It has a report functionality on a mail and download basis.

Periodically, we'll receive a mail asking us if we want to work on the weekly summary of our findings. There is a rescan functionality that I can use to rescan and confirm if someone has fixed a vulnerability so that it will not be shown in the results the next time. Prisma Cloud provides comprehensiveness that covers most of the areas.

When we didn't have this tool initially, we had to run around for different open-source tools because there was no one-stop solution. We had to go for different open-source tools for different functions. Prisma Cloud is a one-stop solution that covers multiple things like API security, container security, infrastructure security, AWS cloud security, and CI/CD security. So, it's a complete package for us to look around and figure out the issues in every area.

We did not immediately realize the solution's benefits from the time of deployment. It took an initial one month to understand the functionalities and their uses. After one and a half months, we were able to identify the benefits of using these services.

The solution provides the visibility and control we need. Initially, we did some access analysis to know what kind of permissions these particular agents are running. Then, we got to know and understand the agent's particular privileges.

The solution has reduced runtime alerts by around 15 to 20%. As soon as we use any image, we decide to run the scan and get the finding immediately. We have a time window to figure out the issue.

In case of an incident, Prisma Cloud requires some maintenance. If something happens because of the tool, we have to stop those agents, rerun them, and then check the logs. Sometimes, the services are disrupted when we enable something amid permission issues. So, that part definitely requires some maintenance.

I would recommend Prisma Cloud by Palo Alto Networks to other users. Prisma Cloud is a one-stop solution where you get multiple tools within one tool. That is a great thing because you don't have to run around for different kinds of tools.

Overall, I rate Prisma Cloud by Palo Alto Networks an eight out of ten.

We use the CSPM (Cloud Security Posture Management) module that provides good visibility across workloads. The solution in general provides visibility, compliance, and governance across all of our workloads.

Prevention along with Prisma Cloud's detection capabilities can be leveraged by deploying Defender on your workloads. Additionally, out-of-the-box rules, like compliance rules, runtime rules, or vulnerability rules can be further created to secure any cloud-native workload.

You can identify any access details and over-privileged permissions using the CIEM (Cloud Identity and Entitlement Management) module by running IAM queries.

You can ingest your Flow Logs to Prisma Cloud and further analyze them using the network queries. You get a detailed view of network flow, configuration details of each resource, mapping of how resources are connected to each other, etc.

The cloud identity security and cloud network security capabilities are very helpful.

Prisma Cloud helps you identify vulnerabilities and misconfigurations in your code by integrating with your VCS (Version Control System) for example GitHub repository. You will get an overview page as well as a detailed view based on the type like vulnerabilities, IAC misconfigurations, secrets, licenses, etc. There are different options available. If you want full visibility, you can also go to the supply chain graph and see these details. It helps in identifying these risks. It also shows the package dependencies that need to be mapped. In a case where a package is dependent on something, both are provided so that you can see the vulnerabilities. That's a good feature. You can further integrate security into our CI/CD pipeline like Jenkins.

Prisma Cloud provides security that spans multi and hybrid cloud environments. It provides security across AWS, GCP, Azure, Oracle, and Alibaba. We usually engage with customers with workloads across multiple clouds and Prisma Cloud is a good fit for these environments.

The comprehensiveness of Prisma Cloud for protecting the full cloud-native stack is great. It's a single tool that does everything. When Prisma started off, it was more of a CSPM and CW tool. Now, they have also expanded towards Code Security, which is also increasing. It covers a lot of features in terms of its CNAPP (Cloud-Native Application Protection Platform) capabilities and yet the ease of use is exemplary. It offers great automation as well. It's not just about security, it is also about automating these procedures as much as possible. For example, if you want to deploy Defender, you get auto-defend rules.

It supports taking a more proactive approach to Cloud Security. We can modify existing policies or create policies if required and get alerted if there are any security violations. It can be further integrated into third-party solutions, by alerting channels like Slack.

Prisma Cloud provides the visibility and control you need regardless of how complex or distributed your cloud environments become. With it, you can view all of your assets on your cloud account. You can even filter. There are different filters based on the cloud providers, and from there you can filter based on the service that you are looking at. Those are grouped in a particular order so that you can go to those resources. For example, if I want to check for an AWS EC2 instance, once I go there, I can select that instance name and get the config details as well. There is an audit trail if I want to see any changes that have been detected in these resources. It gives me complete visibility to the most granular level.

Prisma Cloud provides us with a single tool that protects all of our cloud resources and applications without having to manage and reconcile these other security and compliance reports. There is a compliance section. You can even have compliance available out of the box. You can filter the alerts based on the compliance rules. You can further generate a report for a compliance standard by creating an alert rule. You can add your email address and you can get your weekly report sent to you. All of those things are available and customizable. You can do a deep dive for your workloads, as in your VMs, your container, serverless, etc.

Prisma Cloud provides risk clarity at runtime and across the entire pipeline showing issues as they are discovered during the build phases. If it's colored in red, it indicates there are serious alerts. If it's green, it means it's all good. That's a high-level overview of visibility. However, it also indicates all the risks and categorizes those.

Prisma Cloud helped to reduce runtime alerts. You can even create runtime rules. If you want to apply it globally, you can have it for all of your workloads. Once you create these, you will also get alerts for all those runtime rules that you have created for your workloads.

So far, we've reduced investigation times. The visibility on alerts helps you investigate more easily and see details faster. It helps you investigate similar alerts and take action accordingly.

It is one solution that has multiple capabilities. It's not just a CSPM (Cloud Security Posture Management); it has CWP (Cloud Workload Protection), CCS (Cloud Code Security), CNS (Cloud Network Security), and CIEM (Cloud Identity and Entitlement Management) capabilities. Since it's all under one product, we don't have to buy multiple solutions. In that sense, we have saved money.

We could not use the data security module. It's not available to our Indian customers.

The automation must continue to become much smoother. There are automation capabilities, however, there are certain challenges with that as well. The approach we generally take is we have to raise a support ticket and have multiple calls with the support engineers. That takes some amount of time. If it's a POC, proof of concept, or something like that is still fine. However, if it is the customer's production workloads that we are testing, that delays that entire implementation. Errors need to be resolved or there has to be faster support for these aspects.

At one point, one of our customers was looking for a compliance standard, which is not available out of the box on Prisma Cloud. Maybe not all standards are covered at this point.

When we face challenges and need to raise a support ticket, it takes time for them to get back to us and investigate the issue. We'd like the process to happen faster. We'd also like to have a dedicated source of support. If you have five or six consecutive issues, you have to follow up across five or six separate tickets. It would be easier if we just had one touchpoint that could manage multiple requests.

I've been working with the solution for close to two years.

I've dealt with technical support, They are good, however, the turnaround time is slow. When you are working on a POC, it's fine, however, when you begin to deal with production workloads, issues need to be resolved faster.

We're an implementation partner.

It took me some time, first of all, to understand the product. However, that is important. You need to understand the product, and then get the value. There are different aspects of the product that have different scanning times. Once you onboard, it takes a certain time to get all the details. Also, there will be certain alerts that might not be default alerts. After a certain amount of time, you might have to funnel them. Or, you might want to narrow down to those alerts which are important to you. After that, you'll begin to see the actual value added and to get there, it will definitely take a certain amount of time.

I'd rate the solution nine out of ten.

We are using CSPM, IM Security, and Cloud Workload Protection modules.

There are different use cases for Prisma Cloud. Our use case for the CSPM module is to assess compliance with standards such as HIPAA and GDPR, based on our current cloud CSV vendor and configuration. We need to use a CSPM tool to calculate the risk score associated with our current compliance posture.

Some of the reasons we implemented Prisma Cloud were to find the total number of assets in the compliance asset inventory and use the CSPM to assess our workload security. If we have a container environment, we can secure it using cloud workload protection. Additionally, IM Security can help us to determine if our saved credentials are exposed to the public network.

Prisma Cloud provides security for multi- and hybrid-cloud environments. This is the best use case for supporting multi-cloud vendors because, even if we have different cloud service providers, such as AWS, Azure, or GCP, we can manage and view all data in a single, consolidated screen.

All cloud service providers have limitations when it comes to cloud-native stack visibility. Prisma Cloud integrates with all CSPs, switches and correlates the data, and provides complete configuration details for alerts and incidents.

Prisma Cloud's security automation capabilities are effective, allowing us to specify our audit criteria and key configuration audit parameters to detect and automatically remediate misconfigurations. We also have playbooks to automate remediation.

It helps us take a preventative approach to cloud security. We recently received an incident alert for a resource with a security group that allows all ports, which is not a best practice. We will send a notification to the DevOps team and make a change to only allow the necessary ports. We can also automate this process to automatically remove all port access and only allow specific limited ports. Additionally, we can proactively define security keys for our servers and identify and fix vulnerabilities.

We have improved our organization in many ways. The first benefit is that we have from Prisma Cloud a complete asset inventory of all our cloud resources across all CSP vendors. This includes the number of assets and the number of VM instances currently running. This is a valuable use case, as it provides us with visibility into our entire cloud environment. The second benefit is that Prisma Cloud can help us identify misconfigured assets. This is also a valuable use case, as it helps us to ensure that our cloud resources are configured securely. The third benefit is that Prisma Cloud can help us to identify unusual access to our cloud resources. This can be helpful in identifying and responding to security threats. For example, if a user logs into a cloud instance from India and then two hours later logs into the same instance from the US, this could be a sign that the user's account has been compromised. Prisma Cloud can alert us to this type of activity so that we can investigate and take appropriate action.

The comprehensiveness in securing the entire cloud-native development lifecycle is great. We have integrated this solution with our CI/CD pipeline tools, so it scans and validates code in real-time, only allowing legitimate code to be processed further and executed.

It provides us with the visibility and control we need. At first, we may receive many alerts, but once we fine-tune them to generate genuine alerts only for legitimate traffic, our confidence in our security and compliance posture increases.

It also makes it easy to integrate our security with our existing CI/CD pipeline.

Prisma Cloud provides us with a single tool to protect all of our cloud resources and applications without having to manage and reconcile security tools.

Prisma Cloud provides clear visibility into risks at runtime and across the entire pipeline, showing issues as they are discovered. Our developers are able to correct the issues using just a few tools.

Prisma Cloud has reduced our runtime alerts by 20 percent. It reduced our alert investigation time to ten minutes. It also has saved us between 30 to 40 percent of our costs.

CSPM is the most valuable feature for any organization that runs its workloads in the cloud. CSPM can audit the current cloud configuration, identify misconfigurations, and assess risk.

If a customer is already running their workloads in the cloud and wants to secure them, Defender emails can be used to easily identify potential risks. Additionally, the CI/CD pipeline can be scanned to identify any vulnerabilities in the code that developers have written. When code is uploaded, it will be validated and only legitimate code will be applied to the production application. This means that no vulnerabilities will be present in the code.

CSPM can also be used to scan existing infrastructure for vulnerabilities.

The IM security has room for improvement. I would like more important features added.

I have been using Prisma Cloud by Palo Alto Networks for three years.

Prisma Cloud is stable.

Prisma Cloud is scalable.

The technical support is good.

The initial deployment was straightforward. All components can be deployed in one day, but the CSPM alone only takes half an hour.

Ten people were required for the deployment.

Prisma Cloud is more expensive than some other solutions, but when we consider all of its use cases, the cost averages out.

I would rate Prisma Cloud by Palo Alto Networks nine out of ten.

In terms of our location, we have different cloud service providers, such as AWS and Azure. The majority are AWS and Azure, where we have integrated Prisma Cloud. In terms of Docker and containers, we have integrated some types of labs and CI/CD parts. Therefore, we currently manage both AWS and Azure, as well as a few GCP parts, within a single console.

We have over 50 users.

Prisma Cloud requires maintenance and the OEM initially notifies us of the priority and schedule for maintenance.

We use the CSPM (cloud security portion management) product from Palo Alto Networks for our day-to-day activities. We use this product every day, almost 24/7. I am a cloud security engineer in my organization, and I use this product to identify misconfigurations from the account level. We use AWS accounts in our organization. We have more than 150 accounts in our organization, and we get support from this product to identify the misconfiguration among all those cloud accounts.

Along with misconfiguration, we use it to generate custom RQL based on our requirements in our day-to-day activities. We use the solution for user access and onboarding Defender into our product to identify the vulnerabilities in our cloud environments. We see if the instances are publicly enabled or encrypted.

It also helps us to check if some changes have to be done on load balancers ELB 1 or ELB 2 in our environment.

Almost from the product level, with all the cloud accounts, 1,600 global policies and 1,200 AWS-related policies are provided. We used to customize based on compliance and integrate it with Jira. Using Jira, we inform the end users about the misconfigurations in day-to-day activities. Finally, we'll try to get the solution for the alerts generated by the tool.

The solution's dashboard looks very user-friendly. The misconfigurations alert tab also looks good. The solution has both positives and negatives, but this product is the best compared to other solutions. According to our requirements, we can very easily identify the solutions based on cloud accounts, single accounts, or multiple accounts. The graphical way JSON was recently launched is very good to get the proper exact RQL based on the requirement.

We have a suggestions team, and we used to write our thoughts on the dashboard or website. The website is reviewed by users working with the product team. Recently, we discussed a new thought with the product team that the misconfiguration or the work done by the user should be at the user level. The dashboard can be created at the user level instead of the cloud account level, which will help save time.

They can create a folder for their work, directly go to that folder, and work with it on day-to-day activities. It's a new idea we suggested to the product team. When 1,000 members are working on the product, the product team cannot implement all the 1,000 thoughts invented by everyone. We used to submit our thoughts on our product website bi-weekly or bi-monthly.

I have been working with Prisma Cloud by Palo Alto Networks for more than two and a half years.

Prisma Cloud is a scalable solution. More than 250 users are using Prisma Cloud in our organization.

Prisma Cloud's technical support team used to resolve all our issues within no time.

I previously used PingSafe, which is more cost-efficient than Prisma Cloud. When I started working with PingSafe, I thought it could be a good product. However, when I changed to Prisma Cloud, I thought it might be more efficient when compared to other products.

We have seen a return on investment with Prisma Cloud, and our organization is completely satisfied with the solution.

Prisma Cloud is a highly expensive solution.

If 50,000 employees work in a single organization or an MNC company, the company should use a high-level product, not a low-level product. It's based on the company, and it's based on the product. For my organization, I completely agree with Prisma Cloud's licensing part. I cannot discuss whether it's efficient, but I completely agree with the product features.

We are using the compliance module of the solution.

We use the solution to secure the cloud accounts in our organization that we maintain. We launched this tool for our security. We used to choose the products in the market based on the budget. Prisma Cloud was already launched and onboarded before I came to this organization. We used to onboard other tools, like Defender Cloud or Prisma Cloud.

CSPM is different from Prisma Cloud; they are two parts in a single product. For day-to-day activities, we use CSPM almost 100% and Prisma Cloud for almost 30% to 40%. CSPM identifies the alerts and misconfigurations from the account level for day-to-day activities. We inform the DevOps team to close the alert by getting the solutions from their account-level site.

We chose this product to identify the misconfigurations based on the severity level. For critical, it should be done within one or two days; for high, it should be done in three to five days. Based on the time period, we used to get these solutions in time. Sometimes, users may face many exceptions for the solution or alerts.

For example, there will be some internal ELBs (elastic load balancers) from the account level. Internal ELBs cannot be published because they'll be used internally to share the data. The policy may identify the alert from the internal ELBS also. So, we need some exceptions so that the internal load balancer can be accepted but not generate an alert from the Prisma side.

We used to change our RQL query based on the requirement. Otherwise, we approached the product or support teams to get the solution from them. They'll provide the RQL with the changes based on the requirement, and we'll get the solutions as quickly as possible. Most of the time, when there is a problem, there will also be a solution.

Maintaining an organization with multiple million dollars is not an easy thing at the market level. So, it's important to have a product that effectively identifies the issues. Nowadays, hackers send a simple link to an unknown user. When users click the link, their bank account gets hacked, and the amount gets deducted from the customer side.

When a single user gets this type of attack, an organization should be equipped to effectively identify these attacks. This product works very effectively to identify such attackers. The solution can not only help identify present attackers' thinking, but we can think about the future and customize the queries based on the attackers' mindset. We can identify the attackers' way not to get marketed in the banking sector.

Prisma Cloud is a monitoring tool that continuously monitors 24/7. It's not about getting the solution but identifying the misconfiguration. When it continuously monitors the cloud accounts, the product identifies the issues, and we get the solution.

Getting the solutions is in our hands, but identifying the issues is the product behavior. The product behavior to identify the issues is highly appreciable. Then, we get the solution based on the requirement.

Whatever automation Prisma Cloud provides to the policies is a good way to get this solution, but automating the complete tool has its positives and negatives. It's a debatable question because Prisma is not a testing tool. The tool identifies misconfigurations

The solution can't provide 100% security at the market or organization levels. If we secure a product by 99%, there is still a chance of a one percent attack. So, there should be some monitoring as well as automation. However, going for only automation or monitoring is a debated question.

We continue using Prisma Cloud because we are 100% satisfied with it, not only from my side but also at my organization level. In my organization, we started a gap analysis. We are maintaining more than 150 AWS cloud accounts. So, there are a lot of alerts for misconfiguration from the product level.

Since January, we have started one requirement to reduce the alert. We collect all the alerts in an Excel sheet, and we used to share with the DevOps HOD that these are the misconfigurations for your account. Then, the HOD used to share the sheet with the team members.

I can proudly say that we started with more than 8,600 alerts for all the cloud accounts in the month of January. Now, the count is reduced to almost 2,400 alerts for more than 40 sensitive policies. We identified almost 60% to 70% alert reduction. We are using Prisma Cloud effectively to identify misconfigurations and implement many more features to secure the cloud accounts in our organization.

We use 100% of CSPM and only 30% to 40% of the CI/CD pipeline, like Prisma Cloud. For CSPM, I'll rate it a ten out of ten. Otherwise, nine and a half out of ten because no product will satisfy a customer 100%. So, nine and a half out of ten for CSPM to secure the cloud accounts internally or prevent getting attacked by attackers. I would definitely recommend this product.

We will launch CI/CD like Prisma Cloud in the future, and the organization should also consider the budget. Prisma Cloud is a little high-budget affair. Prisma Cloud is a mandatory tool to identify the CI/CD level vulnerabilities while doing email scanning only. Our time will not be wasted by using this tool.

If we do not scan an image for vulnerabilities while deploying a code into it, it's a waste of time deploying a code that any attacker can handle. This product identifies the vulnerabilities by email scanning only, which helps to have more time for the DevOps team to get more deployment.

We used to suggest new thoughts on how it can be more user-friendly. There is an API with which we can share our thoughts. It should be selected by other users and business organizations using the product. If more people suggest that option after we launch that thought into the API, the Prisma product will think about that thought. If it is valuable, they should definitely get this solution.

Currently, we can identify the misconfigurations based on the list of policies. Suppose five to ten members work with Prisma in an organization. In that case, they cannot go daily to the dashboard and identify all the misconfigurations singly or as a group.

We suggested a new feature: a list of misconfigurations should be identified based on the user, either a single user or a group. If three members work with a particular cloud account, then those three members should create a group, and that account should be added there. This will also reduce the time of a customer working on the product.

Whatever DevOps requirement was not presented in the product, they used to discuss it with our team. If it is a requirement we need in our organization, then we will go to the product team and tell them it is a requirement from our organization level for the DevOps team. If it is a proper requirement, the engineering team will work based on it. The product team comes up with new ideas. Since the recent launch is a better version for the product team, we also used to launch the better version from the product team.

it works both ways. Whatever new features the DevOps team suggests, we discuss them with the product team. When the product team suggests new features to help the organization, the same can be discussed with our internal team. Our manager will discuss it with the HODs of the DevOps team. If it is a genuine requirement, we will try to convince the DevOps team, and based on their approval, we will launch that feature.

It's highly recommended since the dashboard is very user-friendly. The Prisma Cloud tool is integrated with Jira. Whenever any alert is generated, it will automatically trigger Jira based on compliance. It will work based on the compliance we onboarded to Jira. We used to create compliance for Jira and day-to-day activities, like generating reports based on the accounts.

Prisma Cloud is a user-friendly solution. When managing more than 50 cloud accounts, we can get the issues and misconfigurations from the single account level, the group account level, or the total account level. We can get everything based on our requirements. The solution will secure all the cloud accounts, a single cloud account when there are multiple cloud accounts, or a group of cloud accounts based on complete requirements.

Whenever we have some issues, we approach the product team to get this solution. Recently, we faced some issues with the policies tab, which we use to create policies, and the investigation tab, which we use to create a new RQL. Whatever RQL query is implemented, there is no point in creating all the RQL queries to a policy. We get the data by creating an RQL query, and we create a policy to monitor the product. The count should match when there is a single RQL query from the investigation type and the policies tab or alert tab.

Recently, we faced an issue with a mismatch between the alert tab count and the investigation tab count. We approached the product team, and they suggested the solution within a very short time. There were some issues with the pipeline, but they fixed that bug within no time, and we got a 100% solution from them.

Three to four teams are working with a single product. The security, SOC, and DevOps teams are working with the product team to identify the misconfigurations in their environment. It's not just a single person who identifies the issues from service or product levels.

The DevOps or SOC team may identify an issue and inform our security team. Also, we may find some issues and inform the product team. A combination of all groups will work to identify issues and ensure that the product will work effectively. So, all the things will happen in a single process.

We have to close cases within a specific period based on the severity. Critical cases should be closed within one to three business working days, high-severity cases within three to five working days, medium-severity cases within five to eight working days, and low-severity cases within eight to fifteen working days.

We use some budget for the product based on the agreement. Besides that, we save a lot of money compared to the security level. I'm not talking about the product level. Product-level money is different based on the agreement. In the last one and a half years that I started working with this product, only one time without a product level or service level, we entered some credits by enabling some policies. If we have some knowledge of the product, almost 95%, there is no waste of money.

Prisma Cloud is a completely user-friendly product. The product is highly recommended for the cloud environment level. Whatever requirements we have, we can get by creating a new RQL based on our requirements. It is not only related to work. Whoever works with cloud security in an organization is greatly noticed.

If someone identifies an issue in your work, you'll remember that person. In the same way, when I notified some issues from the cloud account level, I used to interact with the entire DevOps team, not only a single person. The product helps you get more recognition.

Previously, we used the solution globally. However, because there may be a chance of data being made publicly accessible, we are currently onboarding only on the internet from the Prisma site. This secures the data and prevents it from being made publicly accessible.

I would recommend Prisma Cloud to other users or organizations looking to secure their organization in any cloud environment without budget constraints. I'm only talking about AWS because we have an AWS environment, but the solution can secure any cloud account effectively.

Overall, I rate Prisma Cloud a nine out of ten.

We use Prisma Cloud by Palo Alto Networks for architecture and design.

We found Prisma Cloud by Palo Alto Networks very important in solving architecture and design problems within the company, and it improved our company because it showed us different ways of doing things and gave us a better understanding of an architectural entity.

Prisma Cloud by Palo Alto Networks has helped our company progress.

From the time of deployment, it took a few months for our company to realize the benefits of the solution.

Prisma Cloud by Palo Alto Networks is a valuable solution. It is useful as it provides some security on multi and hybrid cloud environments, which is very important to my company.

Prisma Cloud by Palo Alto Networks is also a comprehensive solution that helps protect the full cloud-native stack and helps us secure the entire cloud-native development, which is another reason it is useful for the company.

The solution also has good security automation capabilities and is useful for helping my company take a preventive approach to cloud security.

It provides the visibility and control we need, and it helps a lot in giving us confidence in our security and compliance postures.

Prisma Cloud by Palo Alto Networks also enabled the company to integrate security into our (CI/CD) pipeline.

We also found how seamless Prisma Cloud by Palo Alto Networks touchpoints are to our DevOps processes, and we find them very helpful.

The solution even serves as a single tool to protect my company's cloud resources. It does not affect our operations.

Prisma Cloud by Palo Alto Networks provides risk clarity at the runtime and across the entire pipeline. It shows us the issues, and the developers can correct them without affecting our operations.

The solution also helped in reducing runtime alerts very quickly. It also reduced our alert investigation time because it's all automated.

We had some teething issues with Prisma Cloud by Palo Alto Networks, but overall, it did what we expected. It has some areas for improvement, but I cannot remember exactly off the top of my head.

I've worked with Prisma Cloud by Palo Alto Networks for four years.

I found Prisma Cloud by Palo Alto Networks stable. I'm impressed by its stability. I cannot recall any downtime with the solution. I rate it as eight out of ten, stability-wise.

I found Prisma Cloud by Palo Alto Networks scalable, and it's an eight out of ten for me, scalability-wise.

The technical support for Prisma Cloud by Palo Alto Networks was very good. I would rate its technical support eight out of ten.

Prisma Cloud by Palo Alto Networks is what my company has. It's the solution my company wants to use.

I was involved in the deployment of Prisma Cloud by Palo Alto Networks, and I found its initial setup straightforward. It took a few months to deploy the solution.

Our team deployed the solution.

Prisma Cloud by Palo Alto Networks has helped the company save some money. Cost-wise, it's okay.

I advise others who may want to implement Prisma Cloud by Palo Alto Networks to check it in a test environment first to ensure it does what they expect.

My rating for Prisma Cloud by Palo Alto Networks, overall, is eight out of ten.

Financial companies want to restrict user access, which means the users need to go through a subnet to access their services. When the user connects to the internet via the Prisma Cloud VPN, they can use different types of IP addresses globally. The changing IP addresses can be pretty complex. It costs a lot for the application site to apply for access.

We negotiated with Palo Alto to get 20 servers, and the customers will be added to those 20 subnets. On the Spectrum Access side, we only need a white list of those twenty subnets, and we won't have issues in the future.

The solution is managed by Palo Alto. We're using Panorama, a popular management tool, for managing the connection between the physical portal, firewall, and VPN, as well as Prisma Cloud.

The user experience is better than our previous solution. It gives us visibility into all the traffic.

The most valuable feature is the closed VPN connection, which provides better performance than traditional VPN boxes. For example, let's say a user in New York State normally connects in the East, but if they travel to the UK, they can connect to the same portal, which automatically redirects to any VPN gateway. We can control traffic based on Active Directory groups instead of the user's IP. That means a user in New York can access his application based on his user ID and AD group access when he travels to the UK or anywhere else.

Prisma Cloud can provide decent security across cloud environments, depending on how each company sets security policies. Prisma Cloud makes adding new users and managing access more flexible.

I like Palo Alto's automated tool for migrating user data from other systems. We previously did this manually most of the time, but now we can update twice hourly automatically.

During deployment, we created a tunnel from the cloud to our gateway in the data center because the users need some way to connect with the resources there, but all other traffic goes directly to the Palo Alto cloud. When the traffic goes to the Internet, sometimes it will come up with different IPs, causing some financial websites to be blocked. We needed to work with Palo Alto closely to solve this problem.

Sometimes, when you assign subnets to regions, the IP address will jump from one location to another because it will automatically change substantially. Then, we need to add those IP subnets to our firewall for existing access. The need to update those subnets potentially causes maintenance or access issues. So far, we can only provide bigger customers with six subnets, and a small company may not be able to access those services.

I rate Palo Alto customer service 10 out of 10.

The migration takes time because we're typically not starting from scratch. We need to migrate everything from the existing VPN. I've used Prisma Cloud for a large financial enterprise with a complex infrastructure, and we worked on that for almost two years. It's less complicated for a mid-sized company, but the migration might take six to nine months.

It's hard to tell if there is an ROI in the short term. It may take a long time before you realize a return because there is a substantial initial investment. You can see a significant improvement in performance, but it may not necessarily save money. However, you'll ultimately improve service.

I rate Prisma Cloud nine out of 10. We would recommend it to any large global enterprise because it improves performance and offers a better user experience. It also gives you application-level control instead of regular IP address control. The latest version has many new features. So they can use the in-app Application ID and point to MAC applications instead of regular TCP/IP ports.

I do not personally use it in my organization. I am a consultant, and I support my clients. I understand the environment, and based on that, I suggest they implement Prisma Cloud. My job is to do a technical evaluation of the product and recommend it to my clients. I give my recommendation to the client as an advisor. I tell them about the features and capabilities of Prisma Cloud and how they can utilize it. I also do a price or cost-effectiveness comparison of different products, but in the end, my clients decide whether they want to choose the technology over the cost or vice versa.

There have been multiple use cases of Prisma Cloud. The use cases vary based on a client's requirements. It is not necessary to implement all the features and capabilities of Prisma Cloud, but generally, it is for continuous compliance monitoring. The Cloud Security Posture Management (CSPM) feature identifies vulnerabilities within your IT organization or ITOps environment. The main part is to ensure compliance with industry standards such as GDPR and CIS Benchmarks.

Vulnerability scanning has been a major problem for clients. Nowadays, clients do not have just one cloud. They are not using just AWS or Azure. They have multiple clouds. For example, the primary site is on Oracle, the disaster recovery site is sitting on AWS, and some of their applications are on Azure, so there are three hybrid cloud environments. We try to identify the best solution that can seamlessly integrate with all three cloud providers. Our clients want a centralized Cloud Security Posture Management solution for monitoring vulnerabilities and threats. This is one of the major use cases for which we recommend the Prisma Cloud CSPM solution to our clients.

Prisma Cloud can seamlessly integrate with all clouds. When you go into a cloud, there are multiple landscapes. Some are Windows machines, and some are Linux machines. There are different APIs, different databases, and different types of environments with microservices, Kubernetes, etc. Prisma Cloud has the capability to integrate with all these. That is the beauty. This seamless integration is very critical in every product.

There are multiple CSPM products in the market. The key feature of Prisma Cloud is seamless integration. They have thousands of in-built APIs. You do not need to do much customization. It can seamlessly integrate with multiple clouds. It can integrate seamlessly with Azure, AWS, Oracle, Alibaba Cloud, etc. This is the main feature and the key selling point of Prisma Cloud. For example, today, the client is using only Azure Cloud, but tomorrow, the requirement might come for AWS or Oracle Cloud. It does not mean that they are going to buy a new product for CSPM. That is the beauty of Prisma Cloud, and this is where Prisma Cloud scores. It integrates seamlessly. It does not mean that other products cannot integrate. They can integrate, but they might not seamlessly integrate, or they might integrate only with AWS and Azure but not with Oracle or Alibaba Cloud. All of my client base is in the GCC region. I have clients in UAE, Saudi Arabia, Qatar, Kuwait, and Oman. Oman has Google Cloud. Saudi Arabia has Alibaba Cloud and Oracle Cloud. UAE has AWS Cloud and Azure Cloud. In Saudi Arabia, there are even private clouds. Prisma Cloud can even integrate with your private cloud. You can integrate your on-premise cloud.

Prisma Cloud can protect the full cloud-native stack. It is great, and it can solve your needs from a security point of view. The whole purpose of Prisma Cloud is to scan vulnerabilities.

Prisma Cloud's security automation capabilities are good. For example, you can define a policy for virtual machines. The policy hits an API and scans all your virtual machines. It can identify a virtual machine that is not supposed to have access to the Internet, but its ports are open. If you have set the rules, it can also remove the access of the port or the VM to access the Internet. This capability is definitely there, but it is based on the defined rules and policies and how you do the configuration.

Prisma Cloud provides good visibility. The dashboard or UI is user-friendly. You get a holistic view of your entire infrastructure.

Prisma Cloud integrates security into our CI/CD pipeline at the resource, component, and infrastructure levels, but at the application level, it is limited. For application-level security, you need to do something else. You need to have an additional capability or additional security solution.

It provides a single tool to protect all of our cloud resources and applications, without having to manage and reconcile disparate security and compliance reports.

It provides risk clarity at runtime and across the entire pipeline, showing issues as they are discovered during the build phases. It discovers issues at the scanning level. It also has the capability to rescan. For example, if you have discovered an issue or vulnerability, after resolving it, you can rescan the same resource to identify whether it has been mitigated or not.

Prisma Cloud has reduced runtime alerts by 60% to 70%. It has also reduced alert investigation time by 60% to 70%. With these time savings, you also save money. By preventing any vulnerabilities or threats, you also save your organization's reputation.

It has a feature for customized security policy. I implement it in banking, health insurance, and other sectors, and every organization has its own customized policies and procedures. In Prisma Cloud, you can customize policies, and based on that, you can do monitoring.

It has multiple capabilities, such as threat detection and remediation. You can even orchestrate. For example, you can set a rule that a specific set of users need to have XYZ access. If any user is identified as having an additional level of privilege, which he or she is not supposed to have, Prisma Cloud can scan and identify it. If you have set the policy, it can also do mitigation. It can remove the access accordingly.

One major observation is that it is not possible to implement Prisma Cloud on-premises. This is the limitation. Prisma Cloud itself is on a cloud. It is sitting on AWS and Google Cloud. It is a SaaS solution, but some of my clients have a local regulatory requirement, and they want to install it locally on their premises. That capability is not there, but government entities and ministries want to have Prisma Cloud installed locally.

It is stable. It is a leading product.

It is a SaaS-based application, so we need not to worry about scalability. It is their responsibility. They have to ensure its scalability and high availability.

From what I know, their support is good enough. They meet the SLAs. They have been good so far. That could be because they are new in the GCC market, and someone from Europe or the UK might have different feedback.

I did not use any similar solution previously.

We provide consultancy. We do the implementation but with the support of the vendor. It is not just about buying the product. It is about how you design and configure it. We ensure that the implementation is done as per the defined design.

The key point for a successful product implementation is how you configure it and what is your use case. Every client has different requirements and different use cases. It depends on how you drive it. You need to define the use cases, the policies, and the procedures, and you need to ensure they are aligned with your business objective. You may have the best product in the world, but if you do not know how to configure it based on your use cases and your environment, it will not work for you. You will have vulnerabilities in your environment even after you have invested millions.

The vendor takes care of the implementation, and we validate and guide them with the implementation.

In terms of maintenance, it is not a set-it-and-forget-it solution. It is based on your IT environment. Generally, small organizations do not use a CSPM solution. It is used by mid to large organizations. In such organizations, there are multiple changes in the IT resources. The environment is agile. Every day you add something or change something, and you need to ensure that it is integrated with Prisma Cloud. It is an ongoing operational activity.

We evaluated multiple products. Zscaler was one of them.

My clients are quite happy with this solution. Some of my clients are also based in the UK and Europe. So far, it has been good. It met their expectations. Their use cases are met, and they are able to monitor all their infrastructure. It has been good so far, and it worked for all the generic or standard use cases. That does not mean that it is going to solve all the use cases for all customers. If you want to go for a CSPM solution, you need to do a technical evaluation.

If you are looking into implementing a CSPM solution, I would advise first understanding your existing cloud landscape or your on-premise landscape. Understand your local regulatory requirements and local laws. After that, define the use cases. Define what exactly you are looking for and then go to market and evaluate different products. You can check whether there is an integration with AWS, Oracle, Alibaba, or any other cloud. If your regulatory requirements are that you cannot host your solution outside your country or you need to have it on-premises in your data center, not someone else's data center, you have to choose accordingly. You cannot go for Prisma Cloud. If you do not have any such regulatory requirements, you can go with Prisma Cloud or any other solution.

You should also understand your future landscape in terms of:

• Over the next five or ten years, how do you want to grow?
• What is your current IT strategy?
• How are you evolving?
• What would be your technology?
• Would there be any major digital transformation?
• How seamlessly can it integrate?

You need to consider multiple parameters. It is also about money. It should also meet your financial budget.

Overall, I would rate Prisma Cloud a seven out of ten.

We were using it for remediation. I was working on a client's project on behalf of our company, and they had multiple subscriptions. They were using not only Azure but also AWS. Rather than managing remediation and governance separately through different clouds, it was proposed to use Prisma Cloud as a single place for remediation of everything.

Prisma Cloud provided a single window for all security issues, irrespective of the subscription, account, or service provider I was trying to see. The information was totally transparent with Prisma Cloud. Otherwise, it was a daunting task for us to manage everything within AWS itself because each region's or subaccount's data needed to be moved over to another account to see a full picture, and a similar approach was required in Azure as well. The data from a different subscription needed to be copied, which required a batch process to do this job on a daily basis. By integrating AWS and Azure subscriptions with Prisma Cloud, the same task became easier. It was as simple as adding a new account and a credential. That was it. Prisma Cloud took care of the rest of the functions

Prisma Cloud provided security spanning multi-cloud and hybrid-cloud environments. We integrated it with AWS and Azure with multiple subscriptions for each.

With both AWS and Azure, the presentation of the native cloud data was not good. We were more comfortable looking at the same data in Prisma Cloud.

Automation is possible with Prisma Cloud, and that is why we liked it. Automation is still not that good in the native clouds, and Prisma Cloud definitely has an edge compared to the facility that AWS or Azure provides. Although it is an additional cost for IT, overall, there are cost savings. I am not aware of the features provided by GCP. I did not integrate it with Prisma Cloud, but at least with AWS and Azure, Prisma Cloud works much better.

Prisma Cloud provides an agent that can scan container images or Docker images. Otherwise, for Docker images and accounts, AWS provides its own tool and its own format for the report. Similarly, Azure provides its own format to scan those images. We used the agent provided by Prisma Cloud. It unified the approach. Irrespective of the provider, the format of the output and reports was similar. It was easy to compare apples to apples rather than comparing apples to oranges, which definitely is a challenge when we use different cloud providers. Prisma Cloud solved that problem for us.

The level of abstraction is sufficient enough. The complexity is hidden. Only the information that is relevant is displayed, which is better from a developer's perspective because developers do not need to handle that complexity. If architects, like me, need to understand those complexities, they can go into a respective subscription and get the details. The level of abstraction was good enough with Prisma Cloud.

Prisma Cloud provides a single tool to protect all of our cloud resources and applications, without having to manage and reconcile disparate security and compliance reports.

Prisma Cloud reduced the alert investigation time because now, we have a single window. It is quite easy for anyone. A single resource can work on the alerts and memorize similar issues in the past and work on the current issues faster. It has improved productivity.

Prisma Cloud reduced costs. With the different service providers and different subscription models that we had previously, we divided the subscriptions between the analysts. They were responsible for the issues related to the subscription. We had a team of six people previously. After the implementation of Prisma Cloud, all the issues got consolidated, and our team size got reduced to two. The productivity increased because the same analyst could see past issues, revisit those issues, learn quickly, and fix similar issues. They got an idea of how to fix a similar issue, so the overall productivity increased, which reduced the cost.

When we work on, for example, AWS, we need to consolidate the data from different regions, which is an exercise in itself. The same exercise or similar exercise can easily be done in Prisma Cloud. It is as easy as registering a new subscription to AWS, and you start seeing all that data. For example, it is very easy to do analysis of the Defender data, which can include warnings, errors, etc. Although it is natively AWS data, the presentation is not easy for a developer. Prisma Cloud makes it a bit easier.

The first time I looked at Prisma Cloud, it took me a while to understand how to implement the integration and how to enable features by using the interface for integration. That portion can probably be improved. I have not looked at the latest version. I used the version that was available three months back. It is portal-based, and they might have changed it in the last three months, but at that time, integration was a bit tricky. Even though documentation was available, it took a while for a new person to understand what integration meant, what will be achieved after the integration, or how the integration needed to be done on the Azure or AWS side. That was a bit challenging initially.

I used it for eight or nine months. I last used it about three months ago.

It is stable.

The client's team interacted with the customer support team. We used to highlight the issue to them, and they used to contact Palo Alto's support. We required their support two or three times, but I or my team was not directly involved with their customer support for help.

I have not used a similar solution before.

I was involved in the implementation. It was all cloud-based. There is a bit of a learning curve when trying to understand how to integrate it. Although some good documentation is available for Prisma Cloud, it was still a bit difficult to understand the product initially. However, the UI that analysts use to work on issues and remediation is quite good. It is not complex. After you have done one or two integrations with your AWS or Azure account or subscription, it becomes a routine activity. It is easy to integrate more subscriptions, but the initial one or two subscriptions of the AWS or Azure account will take some time because some features need to be enabled on the respective cloud as well. It is not only the configuration on the Prisma Cloud side. Some configuration is required on the AWS or Azure side as well.

It is a website, so deployment is not a challenge. It is as simple as registering an account and making the payment, which the IT team already did before they created an account for us, so, as such, there is no deployment. If we want to use an agent, then certainly some deployments are required on the machines, but that is the agent deployment. The product itself does not require any deployment.

From a maintenance perspective, not much maintenance is required. It is a one-time integration. It will then be set for a few years unless you want to remove some of the subscriptions or something changes in Azure or AWS. There is a limitation on the Azure or AWS side but not on the Prisma side, so maintenance is there, but it is low.

There was a cost reduction. That was the benefit that we had visualized while evaluating Prisma Cloud as one of the possible solutions. The complexity of IT operations had also reduced, and the team size had also reduced after implementing Prisma Cloud.

We used the enterprise edition. A standard edition is also there. I am aware of these two editions. I know that there is some cost, but I do not have the exact figures with me. The cost was not on the higher side. Overall, the cost gets recovered with its implementation.

I have not compared it with other tools, but overall, I found it to be pretty good when resolving the challenges that we were facing early on. I did not get a chance to look at the Gartner report in terms of where it stands, but based on my experience with this solution, I was quite satisfied.

It is a good solution. Each team should utilize it. Every good organization is now moving towards or trying to be provider agnostic, so if you are using multiple providers, you should at least give Prisma Cloud a try.

Prisma Cloud enables you to integrate security into your CI/CD pipeline and add touchpoints into existing DevOps processes. I know it is possible, but we were already using some other tools, so we did not try this feature. We already had a good process utilizing other scanning tools, so we did not try that feature, but I know that they have this feature.

Prisma Cloud provides risk clarity at runtime and across the entire pipeline, showing issues as they are discovered during the build phases, but this is linked to the CI/CD pipeline, which we did not implement. We looked at the risk level of the infrastructure deployed. We also looked at which cloud platform is having issues. The risk-level clarity was certainly there. It was possible to see the risk level and prioritize the activities or other items with a higher risk, but we never tried CI/CD pipelines.

Overall, I would rate Prisma Cloud a nine out of ten.