We changed our name from IT Central Station: Here's why

Prisma Cloud by Palo Alto Networks Valuable Features

Cloud Security Specialist at a financial services firm with 501-1,000 employees

For me, what was valuable from the outset was the fact that, regardless of what cloud service provider you're with, I could segregate visibility of specific accounts to account owners. For example, at AWS, you might have an estate that's solely managed by yourself, or there might be a number of teams within the organization that do so.

You can also integrate with Amazon Managed Services. You can also get a snapshot in time, whether that's over a 24-hour period, seven days, or a month, to determine what the estate might look like at a certain point in time and generate reports from that for vulnerability management forums. In addition to that, I can get a snapshot of what I deemed were the priority vulnerabilities, whether it was identity access management, key rotation, or secrets management. Whatever you deem to be a priority for mitigating threats for your environment, you can get that as a snapshot.

You can also automate how frequently you want reports to be generated. You can then understand whether there has been any improvement or reduction in vulnerabilities over a certain time period.

The solution also enables you to ingest logs to your preferred SIEM provider so that you've got a better understanding of how things stack up with event correlation and SIEM systems.

If you've got an Azure presence, you might be using Office 365 and you might also have a presence in Google Cloud for the data, specifically. You might also want to look at scenarios where, if you're using tools and capabilities for DevOps, like Slack, you can plug those into Prisma Cloud as well to understand how well they marry up to vulnerabilities. You can also use it for driving out instant vulnerabilities into Slack. That way, you're looking at what your third-party SaaS providers are doing in relation to certain benchmarks. That's really useful as well.

In addition, an engineer may provision something like a shared service, a DNS capability, a sandbox environment, or a proof of concept. The ability to filter alerts by severity helps when reporting on the services that have been provisioned. They'll come back as a high, medium, or low severity and then I ensure that we align with our risk-appetite and prioritize higher and medium vulnerabilities so that they are closed out within a given timeframe.

When it comes to root cause, Prisma Cloud is quite intuitive. If you have an S3 bucket that has been set to public but, realistically, it shouldn't have been, you can look at how to remediate that quite intuitively, based on what the solution offers up as a default setting. It will offer up a way to actually resolve and apply the correct settings, in line with a given standard. There's almost no thinking involved. It's on-point and it's as if it offers up the specific criteria and runbooks to resolve particular vulnerabilities.

That assists security, giving them an immediate way to resolve a given conflict or misalignment. The time-savings are really incomparable. If you were to identify a vulnerability or a risk, you might have to draw up what the remediation activity should look like. However, what Prisma Cloud does is that it actually presents you with a report on how to remediate. Alternatively, you can have dynamic events that are generated and applied to Slack, for example. Those events can then be sent off to a JIRA backlog or the like. The engineers will then look at what that specific event was, at what the criteria are, and it will tell them how to remediate it without their having to set time aside to explain it. The whole path is really intuitive and almost fully automated, once it's set up.

View full review »
RM
Director, Cloud Engineering at a pharma/biotech company with 10,001+ employees

The ability to monitor the artifact repository is one of the most valuable features because we have a disparate set of development processes, but everything tends to land in a common set of artifact repositories. The solution gives us a single point where we can apply security control for monitoring. That's really helpful.

Another valuable feature is the ability to do continuous monitoring at runtime. We can feed that data back to developers so they can get intelligence on what's actually deployed, and at what level, versus just what's in the artifact repository, because those are different.

In the security space, most security solutions typically do either development-side security, or they do runtime operational security, but not both. One of the relatively unique characteristics of this solution in the marketplace—and it may be that more and more of the container security solutions do both sides—is that this particular solution actually spans both. We try to leverage that.

And for the development side, we utilize both the vulnerability results from the static vulnerability scanning as well as the certain amount of configuration compliance information that you can gather from the static pre-deployment scans. We use both of those and we pay attention to both sides of that. Because this solution can be implemented both on the development side and on the runtime operational side, we look at the same types of insights on the operational runtime side to keep up with new threats and vulnerabilities. We feed that information back to developers as well, so they can proactively keep up.

We have multiple public clouds and multiple internal clouds. Some of it is OpenStack-based and some of it is more traditional VM-based. Prisma Cloud provides security spanning across these environments, in terms of the static analysis. When we're looking at the artifact repository, the solutions we're using Prisma Cloud to scan and secure will deploy to both public cloud and internal cloud. Moving into 2021, we'll start to do more runtime monitoring in public cloud, particularly in AWS. We're starting to see more EKS deployment and that's going to be a future focus area for us. It's extremely important to us that Prisma Cloud provides security across these environments. If Prisma didn't do that, that would be a deal-breaker, if there were a competitor that did. 

Public cloud is strategically very important to our company, as it probably is for many companies now, so we have to have security solutions in that space. That's why we say the security there is extremely important. We have regulatory compliance requirements. We have some contractual obligations where we have to provide certain security practices. We would do that anyway because they are security best practices, but there are multiple drivers.

Applying some of their controls outside of the traditional container space, for example, as we're doing hybrid cloud or container development, is helpful. Those things get their tentacles out to other areas of the infrastructure. An example would be that we look at vulnerabilities and dependencies as we develop software, and we use Prisma Cloud to do that for containers. We use other tools outside of the container space. They're starting to move into that other space so we can point Prisma Cloud at something like a GitHub and do that same scanning outside of the container context. That gives us the ability to treat security control with one solution.

View full review »
AM
Security Architect at a educational organization with 201-500 employees

The main feature is the management console which gives us a single place to manage all our requirements. We have multiple zones and, using UDR [user-defined routing] we are sending the traffic back to Palo Alto. From there we are defining the rules for each application. What we like about it is the ease of use and the visibility.

The application visibility is amazing. For example, sometimes we don't know what a particular custom port is for and what is running on it. The visibility enables us to identify applications, what the protocol is, and what service is behind it. Within Azure, it is doing a great job of providing visibility. We know exactly what is passing through our network. If there is an issue of any sort we are able to quickly detect it and fix the problem.

The solution provides Cloud Security Posture Management, Cloud Workload Protection, Cloud Network Security, and Cloud Infrastructure Entitlement Management in a single pane of glass. When it comes to anomaly detection, because we have Layer 7 visibility, if there is something suspicious, even though it is allowed, we are able to identify it using the anomaly detection feature. We also wanted something where we could go back in time, in terms of visibility. Suppose something happened two hours back. Because of the console, we are able to search things like that, two hours back, easily, and see what happened, what change might have happened, and where the traffic was coming from. These features are very good for us in terms of investigation.

In addition, there are some forensic features we are utilizing within the solution, plus data security features. For example, if we have something related to financial information, we can scan it using Prisma Cloud. We are using a mixture of everything it offers, including network traffic analysis, user activity, and vulnerability detection. All these things are in one place, which is something we really like.

Also, if we are not aware of what the port requirements are for an application, which is a huge issue for us, we can put it into learning mode and use the solution to detect what the exact port requirements are. We can then meet to discuss which ones we'll allow and which ones are probably not required.

View full review »
Learn what your peers think about Prisma Cloud by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,143 professionals have used our research since 2012.
Sr. Security Operations Manager at a healthcare company with 5,001-10,000 employees

The policies that come prepackaged in the tool have been very valuable to us. They're accurate and they provide good guidance as to why the policy was created, as well as how to remediate anything that violates the policy. 

The Inventory functionality, enabling us to identify all of the resources deployed into a single account in either AWS or Azure, or into Prisma Cloud as a whole, has been really useful for us.

And the investigate function that allows us to view the connections between different resources in the cloud is also very useful. It allows us to see the relationship traffic between different entities in our cloud environment.

View full review »
Information Security Manager at Cobalt.io

The compliance tabs were helpful just to have visibility into the assets as well as the asset management tabs. In the cloud, everything is very dynamic and ephemeral. So, being able to see dynamic asset inventory for what we have in cloud environments was a huge plus. Just to have that visibility in a dashboard instead of having to dump things into a spreadsheet, e.g., you are trying to do asset inventory and spreadsheets, then five minutes later it changes cause the cloud is dynamic. So, the asset inventory and compliance tabs are strong. 

When the cloud team makes a change that may introduce some risk, then we get alerts.

We pretty heavily used the Resource Query Language (RQL) and the investigate tab to find what instances and cloud resources are externally facing and might be higher risk, looking for particular patterns in the resources. 

Prisma Cloud provides the following in a single pane of glass within a dashboard: Cloud Security Posture Management, Cloud Workload Protection, Cloud Network Security, and Cloud Infrastructure Entitlement Management. It is particularly challenging, especially in a multi-cloud environment, where you would have to log into your Google Cloud, then look for your infrastructure and alerting within Google. In addition, you have to switch over to Amazon and log into an AWS Console to do some work with Amazon. Having that central visibility across multiple cloud environments is definitely important when you have different sources and different dashboards for the cloud, which will still be separate, but you still have some centralization within that dashboard.

The solution’s security automation capabilities are definitely good. We use some of the automation within the alerting, where if Prisma Cloud detected a change and there was a certain threshold, e.g., if it was above a medium or a high risk issue, then we would send off an alert that would go to our infrastructure team/Slack channel, creating a Jira ticket. The automation with Slack and Jira have been very good feature points. 

The Prisma Cloud tool identifies for the security team the resource in the cloud that is the offender, such as, the context, the resource in the cloud, what is the cloud account, and the cloud environment that the resource is in. Then, there is always very good context on remediation, e.g., how do we go in and fix that issue? Do we either go through automation or log into the Cloud Console to do some remediation? The alerts include the context that is needed as well as the risk ranking and severity, whether it is a high, medium, or low issue.

The Prisma Cloud Console always has good remediation steps, whether it is going into the Console, updating a Cloud Formation, or Terraform scripts. The remediation guidance is always very helpful from Prisma Cloud.

View full review »
RW
Sr. Information Security Manager at a healthcare company with 201-500 employees

One of the most valuable features is monitoring of configurations for our cloud, because cloud configurations can be done in hundreds of ways. We use this tool to ensure that those configurations do not present a security risk by providing overly excessive rights or that they punch a hole that we're not aware of into the internet.

One of the strengths of this tool is because we, as a security team, are not configuring everything. We have a decentralized DevOps model, so we depend on individual groups to configure their environments for their development and product needs. That means we're not aware of exactly what they're doing because we're not there all the time. However, we are alerted to things such as if they open up a connection to the internet that's bringing traffic in. We can then ask questions, like, "Why do you need that? Did you secure it properly?" We have found it to be highly beneficial for monitoring those configurations across teams and our DevOps environment.

We're not only using the configuration, but also the containers, the container security, and the serverless function. Prisma will look to see that a configuration is done in a particular, secure pattern. When it's not done in that particular pattern, it gives us an alert that is either high, medium, or low. Based on those alerts, we then contact the owners of those environments and work with them on remediating the alerts. We also advise them on their weaker-than-desirable configuration and they fix it. We have people who are monitoring this on a regular basis and who reach out to the different DevOps groups.

It scans our containers in real time. Also, as they're built, it's looking into the container repository where the images are built, telling us ahead of time, "You have vulnerabilities here, and you should update this code before you deploy." And once it's deployed, it's scanning for vulnerabilities that are in production as the container is running. And we're also moving into serverless, where it runs off of codes, like Azure Functions and AWS Lambdas, which is a strip line of code. We're using Prisma for monitoring that too, making sure that the serverless is also configured correctly and that we don't have commands and functions in there that are overly permissive.

View full review »
DJ
Security Architect at a computer software company with 11-50 employees

The entire concept is the right thing for us. It's what we need. The application is the feature, so to speak it. What it does is what we want it for: looking across the various cloud estates and providing us with information about what's going on in our cloud, where it is, when it happened. The product is the most valuable feature. It's not a do-all and end-all product. That doesn't exist. But it's a product with a very specific purpose. And we bought it for that very specific purpose.

When it comes to protecting the full cloud native stack—the pure cloud component of the stack—it is very good.

One of the main reasons we like Prisma Cloud so much is that they also provide an API. You can't expect to give someone an account on Prisma Cloud, or on any tool for that matter, and say, "Go find your things and fix them." It doesn't work like that. We've got to be able to clearly identify who owns what in our organization so that we can say, "Here's a report for your things and this is what you must go and fix." We pull down the information from the API that Prisma Cloud provides, which is multi-cloud, multi-account—hundreds and hundreds of different types of alerts graded by severity—and then we can clearly identify that these alerts belong to these people, and they're the people who must remediate them. That's our most important use case, because if you can't identify users, you can't remediate. No user is going to sit there going through over a million deployed things in the public cloud and say, "That one's mine, that one's not, that's mine, that's not." It's both the technology that Prisma Cloud provides and the ability to identify things distinctly, that comprise our use case.

It also provides the visibility and control we need, regardless of how complex or distributed our cloud environments become. It doesn't care about the complexity of our environment. It gives us the visibility we need to have confidence in our compliance. Without it, we would have no confidence at all.

It is also part of our DevOps processes and we have integrated security into our CI/CD pipeline. To be honest, those touchpoints are not as seamless as they could be because our processes do rely on multiple tools and multiple teams. But it is one of the key requirements in our DevOps life cycle for the compliance component to be monitored by this. It's a 100 percent requirement. The teams must use it all the time and be compliant before they move on to the next stage in each release. It is a bit manual for us, but that's because of our environment. It's given our SecOps teams the visibility they need to do their jobs. There's absolutely no chance that those teams would have any visibility, on a normal, day-to-day basis, simply because the SecOps teams are very small, and having to deal with hundreds of other development teams would be impossible for them on a normal basis.

View full review »
MB
Cloud Security Manager at a manufacturing company with 10,001+ employees

The Twistlock vulnerability scanning tool is its most valuable feature. It provides us insight into security vulnerabilities, running inside both on-premise and public cloud-based container platforms. It is filling a gap that we have with traditional vulnerability scanning tools, where we don't have the ability to scan inside containers.

Prisma Cloud provides security spanning multi- and hybrid-cloud environments. This is of critical importance to us because we have workloads in multiple cloud providers as well as having them on-premise.

The solution provides the following in a single pane of glass:

  • Cloud Security Posture Management
  • Cloud Workload Protection
  • Cloud Network Security
  • Cloud Infrastructure Entitlement Management.

These are all critical and challenges that we have faced. We have been unable to find solutions using native tools from cloud providers. We use AWS and Azure in production along with GCP in testing.

Prisma Cloud provides us with a single tool to protect all our cloud resources and applications, without having to manage and reconcile disparate security and compliance reports. The Redlock portion of the tool and reporting are better. There are still some gaps in terms of our ability to trend over time periods. However, in terms of point-in-time snapshot reporting, the tool is very good. What we have done is automated the process of compiling these trendline reports on a weekly basis to capture those metrics, then take them offline so we can build our own dashboarding to fill in the tool's gaps.

We are using the solution’s new Prisma Cloud 2.0 Cloud Security Posture Management features. These features give our security teams alerts, with context, to know exactly what are the most critical situations. This is critical because we have insight into new assets that are deployed out of spec, but have otherwise not been enabled for auto remediation. The challenge there has been that we deploy these policies, and if someone's not sitting there watching the console, then they might miss these misconfigurations where time is of the essence. The learning and context are important in order to prioritize how quickly we need to triage these findings.

The new Prisma Cloud 2.0 features provide our security teams with all the data that they need to pinpoint the root cause and prevent the issue from recurring. It is less data requirement gathering that has to happen in the middle of an incident or remediation. If the alerts themselves have all the context you need to address those, then it's just less legwork required to find the problem and fix the misconfiguration.

View full review »
SS
Talent Acquisition Leader at a manufacturing company with 10,001+ employees

As a pure-play CSPM, it is pretty good. From the data exposure perspective, Prisma Cloud does a fairly good job. Purely from the perspective of reading the conflicts, it is able to highlight any data exposures that I might be having.

View full review »
Software Security Analyst at a energy/utilities company with 10,001+ employees

We used the policy features to manage users so that they would not have secrets in their containers. We also used the vulnerabilities, the CVEs, that were being raised by the tool.

The CVEs are valuable because we used to have a tool to scan CVEs, at the language level, for the dependencies that our developers had. What is good about Prisma Cloud is that the CVEs are not only from the software layer, but from all layers: the language, the base image, and you also have CVEs from the host. It covers the full base of security.

The compliance is good because it has a deep view of the container. It can find stuff that only administrators would have access to in our container. It can go deep down into the container and find those policy issues.

We also started looking for the WaaS (Web-Application and API Security) solution, but we didn't implement it during the time I was at the company. We tested it. What's good about the WaaS is that it's almost a miracle feature. You can find SQL injection or cross-site scripting and defend against that by setting up Prisma Cloud and turning on the feature.

Prisma Cloud also provided risk clarity at runtime and across the entire pipeline, showing issues as they were discovered during the build phases. It provided a good rating for how to prioritize a threat, but we also had a way to measure risk in our company that was a little bit different. This was the same with other scanning tools that we had: the risk rating was something that we didn't focus too much on because we had our own way to rate risk. Prisma Cloud's rating was helpful sometimes, but we used our risk measurement more than the tool's.

View full review »
AC
Lead- Information Security Analyst at archan.fiem.it@gmail.com

Prisma Cloud is quite simple to use. The web GUI is powerful. Prisma Cloud scans the overall architecture of the AWS network to identify open ports and other vulnerabilities, then highlights them. It's really good at managing compliance. We get out-of-the-box policies for SOC 2, Fedramp, and other compliance solutions, so we do not need to tune most of the rules because they are quite compliant, useful, and don't get too many false positives. 

And in terms of Prisma Cloud's XDR solution, we do not have anything at scope at present that can give us the same in-depth visibility on the endpoint level. So if something goes bad on the endpoint, Prisma's XDR solutions can really go deep down to identify which process is doing malicious activity, what was the network connection, how many times it has been opened, and who is using that kind of solution or that kind of process. So it's a long chain and its graphical representation is also very good. We feel like we have power in our hands. We have full visibility about what is happening on an endpoint level. 

When it comes to securing new SaaS applications, Prism Cloud is good. If I had to rate it, I would say seven out of 10. It gives us really good visibility. In the cloud, if you do not know what you are working with or you do not have full visibility, you cannot protect it. It's a good solution at least to cover CSPM. We have other tools also like Qualys that take care of the vulnerability management on the A-level staff — in the operating system working staff — but when it comes to the configuration level, Prisma is the best fit for us. 

View full review »
CL
Director of Information Security Architecture at a financial services firm with 5,001-10,000 employees

The most valuable feature is the continuous cloud compliance monitoring and alerting. The way Prisma works is that it has a tentacle from Palo Alto's AWS presence into ours. That tentacle is an application program interface, an API, a listener. That listener goes in and is entitled to look at all of the Amazon Web Services' logging facilities. It can then do event correlation, and it can tattletale on misconfigurations such as an S3 storage bucket made publicly available. We wouldn't otherwise be aware of that if Prisma didn't watch for it and alert on it.

Prism provides cloud workload protection and cloud network security in a single pane of glass, and these items are very important to us. It also provides cloud infrastructure entitlement management but identity and access management is not something that we use Prisma for. We implemented a PoC but we opted to use another tool for that use case.

The security automation capabilities provided by this product are excellent and industry-leading. Palo Alto bought a company called Twistlock, which makes a pre-deployment code scanner. They added its functionality to the feature set of Prisma in the form of this compute module. Now, we're able to use the Twistlock capability in our automation, which includes our toolchains and pipelines.

This tool provides excellent features for preventative cloud security. We use all of the auto-remediation capabilities that Prisma offers out of the box. That "see something, do something" auto-remediation capability within Prisma keeps our human responders from having to do anything. It's automated, meaning that if it sees something, it will right the wrong because it has the entitlement to do that with its Prisma auto-remediation role. It's great labor savings and also closes off things much quicker than a human could.

Palo just keeps bolting on valuable features. They just show up in the console, and they have their little question mark, down in the lower right-hand corner, that shows what's new, and what's changed for August or September. They just keep pouring value into the tool and not charging us for it. We like that.

View full review »
VC
Senior Principal Consultant Cloud/DevOps/ML/Kubernetes at Opticca

Prisma Cloud provides security spanning multi- and hybrid-cloud environments. That is very important when you have a multi-cloud environment because it gives you a single pane of glass for all of them.

In that single pane of glass it gives you Cloud Security Posture Management, Cloud Workload Protection, and Cloud Infrastructure Entitlement Management, and the vast majority of Cloud Network Security. Without this kind of tool, you would have to go through the three cloud providers and do the mappings for each one. It would be a huge amount of mapping and cross-referencing work, but that work is already done with this solution. Not just the referencing work is done, but it also does the monitoring and scheduling. And a given workload that needs to be compliant with the requirements of a certain country or with your business will be compliant, based on the regionality. Visibility and monitoring are things that are required and Prisma Cloud provides them.

It provides mapping for all compliances so that you do not have to do it. Mapping policies to different compliances can be tricky but it's also a good thing. And you can reuse it as-is. You do not have to do anything. It also provides mapping to the compliance history.

And when it comes to detection, it allows you to write policies that are not just based on compliance but also on your cloud security controls. It allows you to write customizations. It is also the sort of tool in which customization of alerts, notifications, and cloud posture management is possible.

In addition, Prisma Cloud gives you visibility over all of your policies. I know that it can do auto-collection, but I have not seen that implemented by anyone because auto-collection requires organizational maturity, but that lack of implementation is not due to tool immaturity.

And it is a perfect tool, in terms of security policy detection, when it comes to the comprehensiveness of the solution for protecting the full, cloud-native stack. It's very effective.

Another great feature of Prisma Cloud is its integration with Jira and ServiceNow. With those integrations, you do not have to manually intervene. If you do an integration, alerts can be assigned to the respective group, using Jira and ServiceNow. That definitely helps in reducing a good amount of work.

It also provides integration with Agile tools, and that is a great thing. It integrates security into the CI/CD pipeline for container workloads. (We have not used it for non-container workloads, but that's not an issue with the tool). The touchpoints in our DevOps processes are just API calls, making the integration very easy and very smooth.

Developers are able to correct issues using the tools they use to code. The way we have it set up, it's a process of reverse engineering. When an alert comes up it is used to see what was detected and how that can be converted into a preventive policy. That feedback loop is manual, but that input helps to turn the policy into a preventive one. Prisma Cloud has helped to reduce runtime alerts by about 30 percent because we are converting everything into preventive policies. And because it gives you an idea of what needs to be done, it has reduced alert investigation times by 30 to 40 percent.

View full review »
PK
Governance Test and Compliance Officer at Thales

I was looking for a vulnerability scanner and I was looking for one place in which I could find everything. This tool not only does vulnerability scanning, but it also gives me an asset management tool.

It has been good in my test environment when it comes to scanning my infrastructure.

View full review »
Consultant at a tech services company with 501-1,000 employees

The security features are quite good. 

The monitoring part is excellent. It is able to completely monitor our users in order to see what the users are doing at what time and if the users are currently logged in from India, and after five minutes of seeing a user if they are then trying to log in from Singapore, for example. Of course, this would not be possible, and so we would know something was wrong. It can pick up questionable behavior that may have been missed.

The reporting is great.

It's very user-friendly. You can easily make customized dashboards as well. 

We can easily restrict the users if we need to. We can even restrict them from accessing certain applications or services.

If anything tries to come in from a malicious IP, it will block it.

The initial setup is easy. 

We've found the solution to be stable and reliable. 

The solution does offer pretty good integration options.

Technical support is quite helpful.

View full review »
GP
Advisor Information Systems Architect at a computer software company with 10,001+ employees

For the compliance part, we have found the pie graph, where we can see all of the compliance standards in one go, to be a valuable feature.

Prisma Cloud's monitoring features such as the compute compliance dashboard and the vulnerability dashboard, where we can get a clear visualization of their docker, have also been valuable. We can get layer-by-layer information that helps us see exactly where it's noncompliant. They update the dashboards quite frequently.

Their data security feature is quite good as well.

Their training modules are good, and my team is okay with them.

View full review »
SV
Senior Manager at a computer software company with 501-1,000 employees

Prisma Cloud has multiple components. We are already using RedLock, and it has Twistlock included in it. It also has PureSec, which should be pretty useful for our cloud security.

One of the most valuable features is the compliance of RedLock, which we are using for any issues with security. It flags them and that's the primary objective of that feature. We are still working on implementing the other features that were integrated into Prisma Cloud from Twistlock and PureSec.

View full review »
Learn what your peers think about Prisma Cloud by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,143 professionals have used our research since 2012.