If you were talking to someone whose organization is considering Prisma Access by Palo Alto Networks, what would you say?
How would you rate it and why? Any other tips or advice?
If you are planning on using the SASE model for your organization, I would recommend Palo Alto Prisma Access. It works well, based on my experience. I have come across many firewalls and I have hands-on experience with various devices, but Palo Alto is the best for everything. It is the best device for infra security. It not only has security, but it works well when it comes to routing and switching. Overall I would rate Prisma Access at 8 out of 10. It gives us centralized management and reliability, scalability, and ease of configuration.
In the same way a customer manages their on-prem firewalls that are not on Prisma Access, they can manage Prisma Access infrastructure through Panorama. That makes it easy for them. The customer is already familiar with how to manage things with Panorama, so there isn't much that is new. There are little changes but that's it. If a customer is already using Palo Alto, we recommend going with Panorama. Overall, the security provided by Prisma Access is top-notch. It is the same firewall that Palo Alto provides for a local setup. It's the best firewall, per the industry review ratings.
If it is a natural transition from a purely on-premises model to a hybrid model where you have a significant number of sites or you are moving towards Zero Trust Network Access for providing a decentralized VPN solution, you should definitely go for it. It provides the entire security stack, so you don't have to keep on adding different solutions and then try permutations to make them work together. Prisma Access does everything beautifully. You don't need a lot of training or develop a lot of skills to manage the solution because it has evolved from Palo Alto Next-Gen firewalls. For DLP, we are not using Prisma Access because it is a network DLP. Being a semiconductor company, we needed a couple of controls to ensure that the entire flow of the communication is very well defined. Therefore, we are using different tools that auto-discover, and then we put controls. For example, we have endpoint DLP, network DLP, and email DLP. We don't want to rely on Prisma Access because it sits outside of our perimeter. We want to have as much close control over the source as we can. It didn't enable us to deliver better applications because this implementation was done in a silo. This project was not done very sequentially. It has been quite sporadic. The way the solution was built, applications were not at the center. We built it with a top-down approach. It was our first cloud-deployment model, and we haven't faced any problems with any of the standard applications. All the custom apps that we are bringing from the original plan are working the way they're supposed to. So, we never faced any challenges with regards to the performance or the security after deploying these applications. The entire setup is fairly agnostic to the types of applications that we already have, and a couple of them are not standard applications like Office 365, Workday, etc. They are fairly custom apps that you use in your lab environment or manufacturing utilities, and it works with them. I would rate it a nine out of 10. Except for the visibility part, it is great. I am taking a few other client projects that are for Fortune 100 companies, and I am doing a lot of refreshes for them. Prisma Access is definitely going to be at the top of my list. It is not because I know this product inside out; it is because of the experience that our clients are getting with it, the security it provides, and the proactive updates that Palo Alto is pushing for Prisma Access.
I rate Prisma Access nine out of 10. It has been constantly changing since it was released. Palo Alto is the leader in all these technologies on the Gartner Magic Quadrant. I would advise anyone considering Prisma to look at their endpoint protection and evaluate how it fits in the overall enterprise solution, including integration with operational technology.
There are some encrypted traffic flows that you're not supposed to decrypt and intercept, but even for those we have constructs that give us at least some level of inspection. Once tunnels are established, we have policies to inspect them to a certain extent. We try to make sure that pretty much everything that needs to be inspected is inspected. All of this comes down to accountability and to protecting our users. Organizations with a worldwide footprint and distributed-services architecture require best-in-class security. Health organizations and pharmaceutical companies also do, because they are dealing with highly sensitive patient data or customer data. Organizations like these that have public, internet-facing web applications, need top-of-the-line security. Prisma Access, from an interoperability standpoint, addresses the big question of how well their web-facing applications are protected from potential malicious attacks. And the answer is that it is all integrative, all a part of a fabric with interrelated components. It protects the users who are accessing the corporate network and the corporate network from any potential risk from those users. Prisma Access gives us the ability to design architectural artifacts, like zones and segments, that really make for effective protection for web-facing components and internal applications. In terms of Prisma Access providing all its capabilities in a single, cloud-delivered platform, not everything gets on the cloud. You cannot take a mainframe and put it on the cloud. You have to understand the difference between Prisma Access and Prisma Cloud. Prisma Access is all about user accessibility to enterprise networks in the most secure way possible. Prisma Cloud is the platform to integrate various cloud environments into a unified fabric. As for Prisma Access providing millions of security updates per day, I don't know if there are millions, but it is important. We take advantage of some of the automated features that Palo Alto has provided us. We try not to get into the granular level too much because it increases the administrative overhead. We don't have the time or the manpower to drill into millions of updates.
I have learned that moving operations to the cloud is a good thing. I rate Prisma Access by Palo Alto Networks a nine out of ten.
We're just customers and end-users. We are using a SaaS version of the solution. I will definitely recommend implementing this product as it has a very good scalable solution. Considering this work from home scenario in COVID, it is one of the best solutions one can implement. However, my advice would be to make sure you have enough internet bandwidth while implementing and also make sure there is site-level redundancy at your end. If you are a client then you won't implement it. Make sure there are two separate IP set terminals published from the client to your end. That way, if something goes wrong, your internet goes down or something, the VPN will be accessible. One good lesson I have learned is that earlier in my thought process related to VPN was very narrow. I never thought that you can put it across multiple continental gateways and allow users to access it so fast. I'd rate the solution nine out of ten.
I would recommend this solution to others. I would rate Prisma Access a nine out of ten.
We're just a customer. We don't have a business relationship with the company. I'd advise others that the solution is largely based on the complexity of your environment. It's not that deployment's difficult. It's just that you want to put it where it's most efficient. You've got to take the time to figure out where your users are and how they connect and where they're connecting from. Overall, I'd rate the solution eight out of ten.
We have to pitch it to smaller customers. When it comes to medium-sized organizations, they are almost dedicated to a VPN solution. This is a good solution and I can recommend it, although it would be improved with better MDM integration. I would rate this solution a seven out of ten.
Anyone who is considering working with Prisma Access should go ahead and implement it. This is a product that I recommend. I would rate this solution a nine out of ten.
I will give this solution an eight out of ten rating because theoretically, I looked at a lot of other products but Palo Alto seems to be covering all aspects and I'm sure the competitors like to tell everybody they have more features, but I've not experienced it yet.
I would recommend the solution. The solution really depends on your budget, of course. If you have a really low budget it's not a low budget solution, so it can really depend on the budget you have. But if you have a budget for enterprise or best of firewalls I think you should take this solution into consideration. I would rate this solution at 8.5 or 9 out of 10. No product, of course, is totally perfect and a ten is something that I don't think that exists. I think maybe it needs a bit more ease of how applications and dependencies run. Because sometimes you push a firewall rule and you get lots of dependencies so that could be a more manageable thing. Extra guidance in using applications and things like that would be helpful.
We had a very good experience with their solutions, especially with their endpoint protections and the next-generation firewalls. We are a local distributor in Palo Alto here in Egypt. So we propose this technology to our customers and our partners here in Egypt. Palo Alto offers very good technology and hardware. Its very good in this category of solution. You have options of providing or proposing to a customer a small box, or sometimes a mid range. It depends on the model and the deployment. I would rate this solution 8 out of 10.