We performed a comparison between JFrog Xray and Prisma Cloud by Palo Alto Networks based on real PeerSpot user reviews.
Find out in this report how the two Container Security solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
"It is pretty easy to integrate with this platform. When properly integrated, it monitors end-to-end."
"The cloud misconfiguration is the most valuable feature."
"Atlas security graph is pretty cool. It maps out relationships between components on AWS, like load balancers and servers. This helps visualize potential attack paths and even suggests attack paths a malicious actor might take."
"It's positively affected the communication between cloud security, application developers, and AppSec teams."
"The management console is the most valuable feature."
"We like the platform and its response time. We also like that its console is user-friendly as well as modern and sleek."
"Cloud Native Security's best feature is its ability to identify hard-coded secrets during pull request reviews."
"PingSafe's most valuable feature is its unified console."
"JFrog Xray's reporting feature has a lot of options in it, including scanning."
"I would say that this solution has helped our organization by allowing us to automate a lot of the processes."
"The most valuable feature of JFrog Xray is the display of the entire internal dependencies hierarchy."
"The solution is stable and reliable."
"If multiple dependencies and vulnerabilities are found in a project, JFrog Xray is intelligent enough to tell you which vulnerability to target first."
"Good reporting functionalities."
"JFrog Xray shows us a list of vulnerabilities that can impact our code."
"Prisma scans things and shows all the vulnerabilities and packages that are vulnerable, and which layers, by default, have vulnerabilities. So developers can easily go into the package or a particular layer and make changes to their code. It's very transparent."
"It also provides us with a single tool to manage our entire cloud architecture. In fact, we are using a multi-account strategy with our AWS organization. We use Prisma as a single source of truth to identify high- or medium-severity threats inside our organization."
"The two most valuable features are container security and the capability to discover workloads."
"I like Prisma's ability to integrate with other tools. We can integrate it with Jira so that when Prisma triggers an alert, it opens a ticket in Jira. That was a big selling point for the product. There's a feature called the guest custom template that allows you to trigger alerts in Jira based on the template. That can also be added as a feature on Jira."
"The product provides very good network security."
"Prisma Cloud's most important feature is its auto-remediation."
"Most of the customers we are tackling have different tools and solutions, like Qualys, Nessus, and vulnerability management assessment solutions. There are plugins for them, and we can integrate Prisma Cloud with them. We can enrich our telemetry with their data and use the predefined correlation rules in Prisma Cloud. That means we have that work done in seconds."
"I like Palo Alto's threat protection and Wi-Fi coverage. It has advanced features like DNS security and sandboxing. The automation capabilities are excellent."
"It does not bring much threat intel from the outside world. All it does is scan. If it can also correlate things, it will be better."
"Sometimes the Storyline ID is a bit wacky."
"For vulnerabilities, they are showing CVE ID. The naming convention should be better so that it indicates the container where a vulnerability is present. Currently, they are only showing CVE ID, but the same CVE ID might be present in multiple containers. We would like to have the container name so that we can easily fix the issue."
"I'd like to see better onboarding documentation."
"We've found a lot of false positives."
"The Automation tab is an add-on that doesn’t work properly. They provide a list of scripts that don’t work and I have asked support to assist but they won’t help. When running on various endpoints the script doesn’t work and if it does, it’s only a couple. There are a lot of useful scripts that would be beneficial to run forensics, event logs, and process lists running on the endpoint."
"We use PingSafe and also SentinelOne. If PingSafe integrated some of the endpoint security features of SentinelOne, it would be the perfect one-stop solution for everything. We wouldn't need to switch between the products. At my organization, I am responsible for endpoint security and vulnerability management. Integrating both functions into one application would be ideal because I could see all the alerts, heat maps, and reports in one console."
"The categorization of the results from the vulnerability assessment could be improved."
"The speed of JFrog Xray should improve. Other solutions have better performance."
"Reporting is crucial, but it is lacking in the current tool. Every organization seeks specific data points rather than general information. Therefore, we require customized reports from the Xray tool."
"JFrog Xray does not have a dashboard."
"Since we have been using the solution via APIs, there are some limitations in the APIs."
"I think that the user interface should be expanded to provide customers with a better dashboard for reviewing their feedback regarding their images and the vulnerabilities that are associated with the images."
"Lacks deeper reporting, the ability to compare things."
"JFrog Xray's documentation and error logging could be improved."
"Currently, custom reports are available, but I feel that those reports are targeting just the L1 or L2 engineers because they are very verbose. So, for every alert, there is a proper description, but as a security posture management portal, Prisma Cloud should give me a dashboard that I can present to my stakeholders, such as CSO, CRO, or CTO. It should be at a little bit higher level. They should definitely put effort into reporting because the reporting does not reflect the requirements of a dashboard for your stakeholders. There are a couple of things that are present on the portal, but we don't have the option to customize dashboards or widgets. There are a limited set of widgets, and those widgets don't add value from the perspective of a security team or any professional who is above L1 or L2 level. Because of this, the reach of Prisma Cloud in an organization or the access to Prisma Cloud will be limited only to L1 and L2 engineers. This is something that their development team should look into."
"Prisma Cloud supports generating CSV files, but I would also like it to generate PDF files for reporting."
"The area for improvement is less about the product and more about the upsell. If we've already agreed that we'd like your product x, y, or z, don't try to add fries to my burger. I don't need it."
"The solution does not currently support servers for GCP."
"While Prisma provides a lot of visibility, it also creates a ton of work. Most customers that implement Prisma Cloud have thousands of alerts that are urgent."
"Sometimes we do get false alerts. That should be improved."
"We would like to have the detections be more contemporaneous. For example, we've seen detections of an overprivileged user or whatever it might be in any of the hundreds of Prisma policies, where there are 50 minutes of latency between the event and the alert."
"The innovation side of the solution could be more efficient and more detailed."
More SentinelOne Singularity Cloud Security Pricing and Cost Advice →
More Prisma Cloud by Palo Alto Networks Pricing and Cost Advice →
JFrog Xray is ranked 18th in Container Security with 7 reviews while Prisma Cloud by Palo Alto Networks is ranked 1st in Container Security with 82 reviews. JFrog Xray is rated 8.2, while Prisma Cloud by Palo Alto Networks is rated 8.4. The top reviewer of JFrog Xray writes "An intelligent solution that prioritizes which vulnerability to target first in your project". On the other hand, the top reviewer of Prisma Cloud by Palo Alto Networks writes "The dashboard is very user-friendly and can be used to generate custom RQL based on user requirements". JFrog Xray is most compared with Black Duck, Snyk, Mend.io, Veracode and Sonatype Lifecycle, whereas Prisma Cloud by Palo Alto Networks is most compared with Wiz, Microsoft Defender for Cloud, Aqua Cloud Security Platform, AWS Security Hub and CrowdStrike Falcon Cloud Security. See our JFrog Xray vs. Prisma Cloud by Palo Alto Networks report.
See our list of best Container Security vendors.
We monitor all Container Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
