"The policies that come prepackaged in the tool have been very valuable to us. They're accurate and they provide good guidance as to why the policy was created, as well as how to remediate anything that violates the policy."
"It scans our containers in real time. Also, as they're built, it's looking into the container repository where the images are built, telling us ahead of time, "You have vulnerabilities here, and you should update this code before you deploy." And once it's deployed, it's scanning for vulnerabilities that are in production as the container is running."
"I was looking for a vulnerability scanner and I was looking for one place in which I could find everything. This tool not only does vulnerability scanning, but it also gives me an asset management tool."
"Prisma Cloud's monitoring features such as the compute compliance dashboard and the vulnerability dashboard, where we can get a clear visualization of their docker, have also been valuable. We can get layer-by-layer information that helps us see exactly where it's noncompliant. They update the dashboards quite frequently."
"I've been really pleasantly surprised with how Prisma Cloud is, over time, covering more and more of the topics I care about, and listening to customer feedback and growing the product in the right directions."
"One of the most valuable features is the compliance of RedLock, which we are using for any issues with security. It flags them and that's the primary objective of that feature."
"Prisma Cloud is quite simple to use. The web GUI is powerful. Prisma Cloud scans the overall architecture of the AWS network to identify open ports and other vulnerabilities, then highlights them."
"The CVEs are valuable because we used to have a tool to scan CVEs, at the language level, for the dependencies that our developers had. What is good about Prisma Cloud is that the CVEs are not only from the software layer, but from all layers: the language, the base image, and you also have CVEs from the host. It covers the full base of security."
"I like the deployment and management of this solution."
"The features I have found most valuable are its capability to check on the firewall and the routers. Afterwards it checks out all the configs, checks the vulnerabilities, checks the risks - it checks everything that may end up causing our router to be compromised. At the end it recommendations what we should do."
"The most valuable feature is the compliance check and the recommendations that it makes."
"The integration of the Compute function into the cloud monitoring function—because those are two different tools that are being combined together—could use some more work. It still feels a little bit disjointed."
"In terms of securing cloud-native development at build time, a lot of improvement is needed. Currently, it's more a runtime solution than a build-time solution. For runtime, I would rate it at seven out of 10, but for build-time there is a lot of work to be done."
"The alignment of Twistlock Defender agents with image repositories needs improvement. These deployed agents have no way of differentiating between on-premise and cloud-based image repositories. If I deploy a Defender agent to secure an on-premise Kubernetes cluster, that agent also tries to scan my ECR image repositories on AWS. So, we have limited options for aligning those Defenders with the repositories that we want them to scan. It is scanning everything rather than giving us the ability to be real granular in choosing which agents can scan which repositories."
"The challenge that Palo Alto and Prisma have is that, at times, the instructions in an event are a little bit dated and they're not usable. That doesn't apply to all the instructions, but there are times where, for example, the Microsoft or the Amazon side has made some changes and Palo Alto or Prisma was not aware of them. So as we try to remediate an alert in such a case, the instructions absolutely do not work. Then we open up a ticket and they'll reply, "Oh yeah, the API for so-and-so vendor changed and we'll have to work with them on that." That area could be done a little better."
"We would like to have the detections be more contemporaneous. For example, we've seen detections of an overprivileged user or whatever it might be in any of the hundreds of Prisma policies, where there are 50 minutes of latency between the event and the alert."
"Some of the usability within the Compute functionality needs improvement. I think when Palo Alto added on the Twistlock functionality, they added a Compute tab on the left side of the navigation. Some of the navigation is just a little dense. There is a lot of navigation where there is a tab and dropdowns. So, just improving some of the navigation where there is just a very dense amount of buttons and drop-down menus, that is probably the only thing, which comes from having a lot of features. Because there are a lot of buttons, just navigating around the platform can be a little challenging for new users."
"The feedback that we have given to the Palo Alto team is that the UI can be improved. When you press the "back" button on your browser from the Investigate tab, the query that you're working on just disappears. It won't keep the query on the "back" button."
"They charge seven workloads for monitoring one compute, and that is quite expensive. This makes it difficult to move fully with the compute part because of the workload."
"In the next release I would like to see better migration in the Cloud because that will allow more visibility in the network."
"My worry with Tufin is that it cannot connect to Fortinet, which is what I want to do."
"The two main negative points with Tufin Orca are the absence of full support and that accommodation of files and tools is not provided in a good way."
Earn 20 points
The move to the cloud has changed all aspects of the application development lifecycle – security being foremost among them. Security and DevOps teams face a growing number of entities to secure as organizations adopt cloud native approaches. Ever-changing environments challenge developers to build and deploy at a frantic pace, while security teams remain responsible for the protection and compliance of the entire lifecycle. Prisma™ Cloud by Palo Alto Networks delivers complete security across the development lifecycle on any cloud, enabling you to develop cloud native applications with confidence.
Tufin SecureCloud revolutionizes cloud security. Companies no longer need to compromise agility for security. Leverage SecureCloud’s policy-centric automation-based approach to secure your journey to the cloud. Gain confidence knowing your cloud-native, hybrid cloud, and Kubernetes applications are properly configured and secure.
Prisma Cloud by Palo Alto Networks is ranked 1st in Container Security with 18 reviews while Tufin SecureCloud is ranked 9th in Container Security with 3 reviews. Prisma Cloud by Palo Alto Networks is rated 8.0, while Tufin SecureCloud is rated 6.0. The top reviewer of Prisma Cloud by Palo Alto Networks writes "Gives me a holistic view of cloud security across multiple clouds or multiple cloud workloads within one cloud provider". On the other hand, the top reviewer of Tufin SecureCloud writes "Offers good recommendations on how to improve security but its support is lacking". Prisma Cloud by Palo Alto Networks is most compared with Microsoft Defender for Cloud, Aqua Security, Check Point CloudGuard Posture Management, Snyk and Lacework, whereas Tufin SecureCloud is most compared with Illumio Adaptive Security Platform, Tigera, BMC Helix Cloud Security, Aqua Security and Trend Micro Deep Security. See our Prisma Cloud by Palo Alto Networks vs. Tufin SecureCloud report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.