We changed our name from IT Central Station: Here's why
Get our free report covering Microsoft, Aqua Security, Check Point, and other competitors of Prisma Cloud by Palo Alto Networks. Updated: January 2022.
564,143 professionals have used our research since 2012.

Read reviews of Prisma Cloud by Palo Alto Networks alternatives and competitors

BasilDange
Sr Manager IT Security at a financial services firm with 10,001+ employees
Real User
Top 20
The IAM role gives us complete control over the cloud environment
Pros and Cons
  • "It helps us to analyze vulnerabilities way before they get installed in production and the web. It gives us more security in the production environment."
  • "Automatic remediation requires read/write access. When providing read/write access to third-party applications, this can add risk. It should have some options of triggering API calls to the cloud platform, which in turn, can make the required changes."

What is our primary use case?

  1. Visibility for cloud workloads, including server, serverless and Kubernetes.
  2. Security configuration review along with automatic remediation.
  3. Posture management and compliance for a complete cloud environment.
  4. Centralize visibility for a complete cloud environment of the workload hosted on multiple cloud platforms (AWS and Azure).
  5. Baseline for security policy as per the workload based on services, such as S3, EC2, etc.
  6. Visibility of an API call within the environment.
  7. IAM management providing access to the cloud network in a controlled manner.
  8. Alerts and notifications for any security breach/changes in the cloud environment.
  9. Flow visibility of traffic to and from the cloud environment.
  10. Real-time alerting for any security incidents.

They provide support for Azure, Amazon, GCP, and Alibaba. However, we just have AWS and Azure.

How has it helped my organization?

  1. Provides complete visibility of the workload hosted on different cloud platforms (AWS and Azure) along with multiple tenants. 
  2. Helps in enhancing security for cloud environments by providing reports, both in terms of security and compliance. 
  3. Provides complete visibility of traffic flowing to/from the cloud platform.
  4. Provides best practice policy that helps to strengthen the security of the workload.
  5. Assets inventory and API calls can happen from the cloud.
  6. Provides control in terms of accessing the cloud workload. As a policy is created, this will block direct access to the cloud environment in case the same is not define or approved in Dome9.

Security visibility with Dome9 is excellent. Normally, without this type of solution, especially if you have some workloads hosted on Azure, they give you minimal tools to be able to analyze the loss. There are different consoles that need to be checked for analyzing any incident. In the case of Dome9, it gives you the loss provided in a report on a centralized console. It gives you complete visibility, including the IP to IP Flow, which is happening from the workloads to the Internet or the Internet to the workloads. Even in case of getting a threat intelligence from Check Point, which we have the integration, if some workflows are communicating any suspicious IPs, then the reports are available on the flow logs. On top of that, it also provides a report where you will be able to find out from which location or country you are getting the traffic to your workloads. Therefore, if you want to block certain geo-locations from communicating with your network, then you can also do that using Dome9.

The workload, which was taking a day's time, now can be turned out within hours. We are able to analyze the logs in real-time. Previously, if we enabled some services, then the email needed to be sent to the security team who would do the scanning, might submit the reports, and post some action to be taken by the developers. Using this solution, we are getting the reports in real-time. The remediation can also be applied automatically. The developer can take the necessary action immediately. It provides us what action needs to be taken.

Unless we did some scanning, we used to not know that there were security flaws within particular services. However, by using Dome9, as it has complete visibility, we are getting those details much faster.

The firewall normally has been managed by security team. Admins can bypass through firewall to create any policy. They can go outside and downloading/uploading anything from their workloads. This solution provides that control as well.

What is most valuable?

  1. The IAM role gives us complete control over the cloud environment. In case someone tries to bypass and create a user or policy locally, which is not allowed or defined in Dome9, changes will be rolled back and a notification will be sent to the concerned team.
  2. It's always ON and available on a mobile device using the app.
  3. There is complete visibility of the traffic flow with threat intelligence provided from Check Point. It even provides communication detail on any suspicious IPs.
  4. Provides detailed information if some workload tries to directly access and bypass any firewall policy.
  5. Provides a granular level of reports along with issues based on compliance standards, which are defined depending upon organizational requirements.
  6. Task delegation as a particular incident can be assigned to a particular individual. The same can also be done manually or automatically.
  7. Customizes queries for detecting any incident.

The solution is pretty straightforward to use, as it is only a SaaS model. You just need to enable the accounts for which Dome9 needs to do validation, and that's it.

Compliance checking capabilities: When you enroll your account, we have multiple accounts. Once you enter that on Dome9, it does a complete scan of your account based on these flow logs. It checks: "What are the security flaws?" So, the compliance depends on the company and what they are using as a benchmark. Normally, for India, we use the CIS as a benchmark, then whatever flow logs are available, those are provided in the reports. Then, we check those compliance reports against the CIS benchmark, and accordingly, take actions. We can then know what are the deviation on the cloud platform and on the account, with respect to the CIS.

There are some use cases where you will not have reports readily available or not get the dashboard for particular outputs. You can create a query on the console for those, e.g., if a particular EXE file started on a workload, we can find out if that is running anywhere in the cloud. While it does not provide details on the process level, it will provide us with which sensor is communicating to which IP addresses as well as if there are any deviations from that pattern.

It has remediation capabilities, and there are two options available:

  1. You can do automatic remediation, where you need to define the policy for which unit that you are doing remediation. 
  2. It can be assigned to a particular team or group of people for its particular vulnerabilities of security flaws. That ticket can then be raised to service quotas be remediated manually.

What needs improvement?

  1. Policy validation should be available before it is deployed in a production environment using a cloud template.
  2. Automatic remediation requires read/write access. When providing read/write access to third-party applications, this can add risk. It should have some options of triggering API calls to the cloud platform, which in turn, can make the required changes.
  3. A number of security rules need to be added in order to identify more issues. 
  4. The reporting should have more options. The reports should be more granular.
  5. It should support all container platforms for visibility of a complete infrastructure single console, such as, PCF.

For how long have I used the solution?

Three months.

What do I think about the stability of the solution?

Until now, we have not faced any issues in term of downtime or outages. It seems to be quite stable.

What do I think about the scalability of the solution?

Scalability is not an issue. There are a number of workload licenses that need to be procured, then it is straightforward.

There are between eight to 10 security admins and auditors who have access to Dome9.

Our complete cloud workload is managed through Dome9.

How are customer service and technical support?

The support is excellent. They regularly review our cloud infrastructure and provide suggestions to help us have a better security posture.

Which solution did I use previously and why did I switch?

Initially, we were using tools provided by the service provider, such as, ScoutSuite, AWS Config Rules, AWS Trusted Advisor, or Amazon GuardDuty for monitoring, and similar tools for Azure as well. Then, we needed to go through a different console to identify any incidents.

Initially, we used submit a report, but there was no remediation nor information provided how to remediate workload issues. In our current scenarios, we are able to get the complete visibility. The complete visibility of the solution has been a key to the increase in our productivity.

How was the initial setup?

The initial setup was straightforward. The only thing that was required from our side was a cloud template, which was provided by Dome9. We need to executed that template in our cloud environment for AWS and Azure. It automatically creates a read-only ID on the AWS platform for Dome9 to connect with. There is some configuration which needs to be done on Dome9 as well as AWS, but the deployment takes around 15 to 30 minutes.

What about the implementation team?

Check Point's team was available, but we implemented it in-house with our support team.

We don't require staff for deployment and maintenance of this solution.

What was our ROI?

As it is a security product, the ROI will not have that much importance because it is enhancing your security and/or providing more security to your infrastructure. If there are any security incidents, then Dome9 is able to protect us.

Initially, once the solution was deployed into production, then the scanning used to happen and we used to see the environment's visibility. In the current situation, as everyone is moving to the DevOps environment and using the CI/CD pipelines, it helps us to analyze vulnerabilities way before they get installed in production and the web. It gives us more security in the production environment.

What's my experience with pricing, setup cost, and licensing?

The licensing and costs are straightforward, as they have a baseline of 100 workloads (number of instances) within one license with no additional nor hidden charges. If you want to have 200 workloads under Dome9, then you need to take out two licenses for that. Also, it does not have any impact on cloud billing, as data is shared using the API call. This is well within the limit of free API calls provided by the cloud provider.

Which other solutions did I evaluate?

We evaluated Prisma Cloud by Palo Alto Networks and Trend Micro Cloud One Conformity.

Normally, the policies are accessible only on the browsers, e.g., if you compile them from Prisma Cloud, they're available as a part of a browser. However, for management users, especially for CIOs and CTOs, it becomes difficult for them to type URLs, then login. In the case of Dome9, they provide an app. With that app, you can directly login with single sign-on. It is much easier to access using the app compared to the browser option.

Most things are the same for all three providers. The major difference between Dome9 and Prisma is the IAM roles. The maturity of IAM roles available in Dome9 are much better than the other two solutions. Currently, our focus is mostly on what is happening and who is making the changes in the environment. Another thing is the visibility that Dome9 provides through its intel is better than the other two solutions.

The other two solutions have system capabilities better than Check Point.

I would recommend Prisma as well as Dome9 because they both have the visibility. In our case, the IAM was a critical piece of our requirements.

What other advice do I have?

The cloud and on-prem environments are completely two different networks.

They should offer the cloud in India. Soon, there will be GDPR and India will have its own data protection laws. This might create some issues in the case of the data residing outside India. Because we are collecting metadata from the internal networks for the cloud environment, this is the reason that I suggest that they should have some plans to have the cloud in India. However, neither Prisma nor Trend Micro have cloud in India.

I would rate this solution as an eight out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Victor Addison
Senior DevSecOps Engineer at a consumer goods company with 11-50 employees
Real User
Top 20
Provides centralized management and helps with regulatory compliance, but getting the best information requires a lot of work
Pros and Cons
  • "With respect to improving our security posture, it helps us to understand where we are in terms of compliance. We can easily know when we are below the standard because of the scores it calculates."
  • "The overview provides you with good information, but if you want more details, there is a lot more customization to do, which requires knowledge of the other supporting solutions."

What is our primary use case?

I use this solution in two different scenarios. The first is for the security and monitoring of Azure accounts. Another is for SIEM integration and the Azure Gateway WAF. Essentially, it's a one-stop solution where you can integrate all of the other Azure security products. This means that instead of maybe going to Firewall Manager, Azure Defender, or WAF, you can have all of them send statistics or logs to Azure Security Center, and you can do your analysis from there.

How has it helped my organization?

This product helps us with regulatory compliance.

With respect to improving our security posture, it helps us to understand where we are in terms of compliance. We can easily know when we are below the standard because of the scores it calculates.

It helps us with alerts. You're able to automatically channel these alerts to emails and get the team readily looking into the issue.

We don't need a distributed team looking at the various security solutions. Instead, they just look into Azure Security Center and then get everything from one place.

It also supports multiple cloud integration, where you can add other clouds like AWS and GCP. However, we don't use that feature. 

What is most valuable?

The most valuable feature is the help with regulatory compliance, as it gives us security scores and the CVE details.

Centralized management is another feature that is key for me.

What needs improvement?

This product has a lot of features but to get the best out of it, it requires a lot of insight into Azure itself. An example of this is customizing Azure Logic Apps to be able to send the right logs to Security Center.

The overview provides you with good information, but if you want more details, there is a lot more customization to do, which requires knowledge of the other supporting solutions. You can get the best out of it, but then you will also need to do a lot of work.

Improvements are needed with respect to how it integrates the subscriptions in various Azure accounts. You can have a lot of accounts, but you don't get detailed information. Specifically, it gives you overall score statistics, although it's not very intuitive, especially when you want to see information from individual subscriptions.

For example, if there are five subscriptions sending traffic to Azure Security Center, it gives you the summary of everything. If you want to narrow it down to one particular subscription and then get deep into the events, you really have to do some work. This is where they could improve.

In terms of narrowing things down, per account, it is not granular enough. In general, it gives you good summaries of what is happening everywhere, with consolidated views. You're able to get this information on your dashboard. But, if you wanted to narrow down per subscription, you don't want to have to jump into the subscriptions and then look at them one by one. Simply, we should be able to get more insights from within Azure Security Center. It's possible, but this is where it requires a lot more customization.

For how long have I used the solution?

I have been using Azure Security Center for approximately two years.

What do I think about the stability of the solution?

In terms of stability and availability, Security Center is very good. It doesn't change. Because it's cloud-based, you don't actually have to manage infrastructure to get it up. If you are using the SIEM portion of it, it's what you are sending to it that will determine what you get out of it.

If you are using a hybrid solution from your own site then you have to make sure that your internet connection to the cloud is reliable. Your VPNs that are pushing data have to be stable, as well. Also, if you are using a third-party solution, you have to manage your keys well. But in terms of it being stable, I would say it's highly available and highly stable.

What do I think about the scalability of the solution?

This solution is very scalable. You can integrate as many subscriptions as possible. They could be Azure subscriptions, AWS accounts, GCP, and other resources. Because it's cloud-based, I have not actually encountered any limits.

I know that with cloud providers when there are limits, you can request an increase, but in terms of how many, I have not seen any limitations so far. As such, I would say it's highly scalable.

We are using it a lot. For Azure, there are 20-plus subscriptions. We don't really use it for AWS accounts. Instead, we prefer to use AWS Security Hub on AWS, so we don't push AWS account data there. But for Azure, we used it for at least 20 subscriptions.

We have a distributed team. I have used it for the past two years in the company, and it's a huge organization. In the whole of the organization, Microsoft Azure is used as the main cloud. AWS was also used, but that was mostly for specific projects. In terms of the number of people using it, I estimate it is between 50 and 100.

How are customer service and technical support?

Microsoft support is very good, although it may depend on the kind of support you have. We have enterprise-level support, so any time we needed assistance, there was a solution architect to work with us.

With the highest support level, we had sessions with Microsoft engineers and they were always ready to help. I don't know the other levels of support, but ours was quite good.

Which solution did I use previously and why did I switch?

We began with the Security Center because it was for projects on Azure.

How was the initial setup?

The initial setup is somewhat straightforward and of medium complexity. Especially when it comes to integrating subscriptions, I would not say that it's complex. At the same time, it is not as simple as just pressing the Next button several times. There are knowledge prerequisites before you can set it up fully and properly.

Setting this solution up was an ongoing project where we kept integrating subscription after subscription. If you know what you're doing, in a couple of days, or even a few minutes, you can get going.

If you need to build the knowledge as you go, it's something you could do in one day. You would integrate one subscription, and then start getting feedback. It's plug and play, in that sense.

What was our ROI?

The company has seen great returns on investment with this solution. In terms of security, you want to match the spending with how effective it is. Top management generally wants more reports. They want statistics and an analysis of what is happening. For example, reports need to say "We had this number of attempts on our systems."

As additional functionality, it's also able to support the business in terms of knowing and reporting the relevant statistics.

What's my experience with pricing, setup cost, and licensing?

This solution is more cost-effective than some competing products. My understanding is that it is based on the number of integrations that you have, so if you have fewer subscriptions then you pay less for the service.

Which other solutions did I evaluate?

We did not evaluate anything else before choosing this product.

For example, we are now considering different products for SEIM integration. One of them is Palo Alto Prisma Cloud. However, the price is too expensive when compared to Azure. It is also a multi-cloud product, although, in the beginning, it didn't support AWS and GCP. It now has support for those cloud providers, as well as additional features that Azure doesn't have.

What other advice do I have?

My advice for anybody who is implementing this product is to start building knowledge about it. Go to the Microsoft documentation and learn about it. As much as they show all of its great functionalities, you really need knowledge of other supporting resources that work with Azure Security Center, because it is just like a hub. It's what you push into it and how you customize it that determines what you get.

This means that if you don't have knowledge of Firewall Manager and you just want to use Security Center, it becomes a problem for you. This is something that you need to know. So, I advise people to get a holistic knowledge of all of the supporting resources that work with Azure Security Center to be able to maximize its value.

If you are looking to build on Azure then I would recommend the Security Center, mainly because of the cost and you will immediately get all of the functionality that you need.

The biggest lesson that I learned from using this product is that you don't get the best value right out of the box. You need further customization and configuration. The capabilities are there but if you don't have a dedicated security team with good technical know-how, such as scripting skills, or being able to work with the Logic App, or maybe the basic functionalities of security, then when you want more in-depth details into your subscriptions, it will become a problem.

I would rate this solution a seven out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Jonathan Jaffe
CISO at Lemonade Inc.
Real User
Top 20
Allows agentless data collection directly from the cloud
Pros and Cons
  • "Orca's dashboard is excellent. My team needs to be able to focus on specific areas for improvement in our cloud environment. And most recently, we've started to get good use out of sonar, the search capabilities, and the alert creation."
  • "I think Orca could give me more alerts. It could give me a dashboard with all the specific types of alerts I want to see for the day. It should just be one click."

What is our primary use case?

We're using Orca Security to identify threats and vulnerabilities, manage our cloud security posture, and alert us to CSPM and threat issues.

How has it helped my organization?

Orca has improved our security by helping us address high-risk threats first. I don't have to spend time determining the risk myself because Orca does that. Now we can resolve issues based on absolute risk, which is a huge relief. 

If we see an SSH key put up onto an externally facing machine by a developer, Orca will notify us, and we can deal with it immediately. Our other products don't tell us about that.

What is most valuable?

Orca's dashboard is excellent. My team needs to be able to focus on specific areas for improvement in our cloud environment. Most recently, we've started to get good use out of sonar, the search capabilities, and the alert creation. We plan on using that to automate notifications and remediations. So we have high hopes for that, but we haven't used much of that yet.

The visibility Orca provides is excellent. Orca allows agentless data collection directly from the cloud, so I assume there is no performance impact. It's important for a product not to get in the way of performance, but it's not my biggest concern. I mainly care about coverage. It was important for us to have a SaaS solution, but it wasn't critical. We prefer not to manage a service ourselves, so it matters.

What needs improvement?

Orca could give me more alerts. It could give me a dashboard with all the specific types of alerts I want to see for the day. It should just be one click. This is one area where I feel Datadog is better. Datadog has something called Security Signals, where they give you a dashboard, and you can structure it by the day or specify a period. It just tells you the different security signals that have occurred with a very obvious risk designation by color. That makes it easier than Orca's current view. So I think Orca could improve its interface.

Another shortcoming of Orca is that it doesn't integrate with our particular non-standard ticketing system. So we have to finish developing an appropriate webhook for it. Other than that, it's integrated well with our identity provider and with our cloud environments.

For how long have I used the solution?

I've been using Orca Security since 2019, but my company has been using it since 2020.

What do I think about the stability of the solution?

We've never had an issue at all with it for as long as I've been running Orca. So I'm confident that it's perfectly stable and can handle the load.

What do I think about the scalability of the solution?

We have not seen any issues with scalability because our scale increases in a nonlinear way. Primarily, Orca is used only for security, so a handful of people—fewer than five—are using it. The roles are mainly cloud security engineers, and some DevOps people sometimes use it.

We use it to monitor all of our cloud environments. So our usage is extensive, and it will monitor all of our cloud environments as we increase our cloud size.

How are customer service and support?

Orca's support is extremely responsive and competent.

Which solution did I use previously and why did I switch?

I used Lacework previously, and Orca is much better. My biggest concern is coverage. With Orca, I feel confident that I have full coverage of all of my resources. When I had Lacework, I found out that wasn't the case. I'm wary of any agent-based service like Lacework because we consistently fail to cover resources when the agents aren't applied correctly. I compared Lacework to Orca by running them side by side for several months. Lacework failed to cover about 23 percent of our resources.

What's more, Lacework required way too much effort to dig through the hundreds — if not thousands — of false positives. In effect, we got zero value out of it. We could never resolve an issue, which means the issue just sat there forever because there were so many false positives. And the way Lacework presents information was very difficult to use. It was a useless product.

How was the initial setup?

Setting up Orca is straightforward. It took almost no effort. It was just a matter of doing the read-only integration for various accounts. That took less than two hours of someone's time. We started seeing results immediately.

The fact that Orca is agentless is a significant reason it was easy to deploy. It didn't require me to test it in different environments by DevOps. All of those things would've added up a couple of weeks to the deployment time. Instead, it only required the security team to do a pretty easy integration with our cloud environments. And because there's no impact, there is no heavy testing required, so we got it done in a couple of hours.

What was our ROI?

We've seen a return on investment insofar as that can be measured for an essential tool. We're not planning on giving Orca up, but it all depends on the price of competitors like Wiz. If their price drops and it's significantly cheaper than Orca, it's easy to switch. Also, the time to value for Orca was immediate — 24 hours — so it's much better than other solutions. With Lacework, it took at least a month before we saw any value, and then the value was extremely low.

What's my experience with pricing, setup cost, and licensing?

While it's competitive with Palo Alto Prisma, I think Orca's list price is very high. I would advise Orca to lower it because, at that price, I might consider alternatives like Wiz, which also offers agentless services. 

Which other solutions did I evaluate?

We weren't using Datadog for security before Orca. We were using Orca. Datadog, of which we're a customer, started offering security in February. We used Datadog as a design partner, and I like aspects of it. But now that they're charging for it, we won't continue to use it. Datadog is overpriced for what it offers, and Orca gives us what we need. Orca tells us about vulnerabilities in a straightforward, manageable way. We haven't had many active threats, but Orca can also tell us about those. Datadog has something they call the workload security component, which is their agent-based component, and we found that to be very immature and inaccurate. We had to turn it off because it gave us so many false positives it was overwhelming us. So that's one area where Orca is superior to Datadog.

Still, Datadog is an excellent product. We didn't start with Datadog security, though. We were using Datadog for application performance monitoring. We added Datadog security when Datadog began to offer it to design partners like us. It has some qualities we like and others we don't. But in the end, we're not going to stay with Datadog. I've also evaluated Palo Alto Prisma multiple times, and I've used and evaluated Lacework. I've also used other services like Threat Stack and Tenable Nessus. Compared to Palo Alto Prisma, I like that I don't have to pick and choose with Orca. I expect all of my products to give me everything for the price and not have to select from a menu.

What other advice do I have?

I rate Orca Security nine out of 10. When I first came across it a couple of years ago, I was skeptical about whether Orca could do everything they say it can do. At first, it was like magic. Now that I'm used to it, it's not magic anymore, but it does do a great job. I would advise anyone to try it. You'll immediately see the value.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Security Solutions Architect at a tech services company with 51-200 employees
Reseller
Developer-friendly and easy to setup

What is our primary use case?

I am a reseller. We provide solutions for our customers.

What is most valuable?

It's a good product. I haven't seen any weakness. Snyk is a developer-friendly product.

What needs improvement?

Compatibility with other products would be great.

How are customer service and technical support?

I have not contacted technical support.

Which solution did I use previously and why did I switch?

Previously, I was working with Micro Focus Fortify.

How was the initial setup?

The initial setup is easy.

Which other solutions did I evaluate?

We have also evaluated Prisma Cloud by Palo Alto.

What other advice do I have?

We tried to partner up with Snyk, but we were not successful in gaining a partnership. We are not authorized Snyk resellers. I…

What is our primary use case?

I am a reseller. We provide solutions for our customers.

What is most valuable?

It's a good product. I haven't seen any weakness.

Snyk is a developer-friendly product.

What needs improvement?

Compatibility with other products would be great.

How are customer service and technical support?

I have not contacted technical support.

Which solution did I use previously and why did I switch?

Previously, I was working with Micro Focus Fortify.

How was the initial setup?

The initial setup is easy.

Which other solutions did I evaluate?

We have also evaluated Prisma Cloud by Palo Alto.

What other advice do I have?

We tried to partner up with Snyk, but we were not successful in gaining a partnership. We are not authorized Snyk resellers.

I would rate Snyk an eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer:
Flag as inappropriate
Get our free report covering Microsoft, Aqua Security, Check Point, and other competitors of Prisma Cloud by Palo Alto Networks. Updated: January 2022.
564,143 professionals have used our research since 2012.