What is Prisma Cloud and what are its top alternatives?
Prisma Cloud is a comprehensive cloud security platform that provides organizations with full visibility and control over their cloud environment. Key features include continuous monitoring and compliance, threat detection and response, data protection, and application security. However, some limitations of Prisma Cloud include the complexity of setup and potential cost implications for smaller organizations.
- AWS Security Hub: AWS Security Hub is a security service that provides a comprehensive view of your high-priority security alerts and compliance status across AWS accounts.
- Azure Security Center: Azure Security Center is a unified security management system that provides advanced threat protection across hybrid cloud workloads.
- Google Cloud Security Command Center: Google Cloud Security Command Center is a security and data risk platform for your Google Cloud environment that helps you prevent, detect, and respond to threats.
- CrowdStrike Falcon: CrowdStrike Falcon is a cloud-native endpoint protection platform that includes anti-malware, endpoint detection and response, and threat intelligence.
- Cisco CloudLock: Cisco CloudLock is a cloud-native CASB and cloud cybersecurity platform that helps organizations secure their cloud environments.
- Palo Alto Networks Prisma Access: Prisma Access by Palo Alto Networks is a secure access service edge (SASE) platform that provides networking and security services from the cloud to the edge.
- Trend Micro Cloud One: Trend Micro Cloud One is a cloud security platform that delivers multiple security capabilities for cloud environments, including workload and file storage security.
- Check Point CloudGuard: Check Point CloudGuard is a comprehensive cloud security platform that provides threat prevention, network security, and compliance automation for cloud environments.
- McAfee MVISION Cloud: McAfee MVISION Cloud is a cloud access security broker (CASB) that provides visibility and control over cloud services, users, and data.
- Symantec CloudSOC: Symantec CloudSOC is a cloud security platform that provides visibility, data governance, and threat protection for cloud applications and services.
Top Alternatives to Prisma Cloud
- Dome9
It delivers full visibility, control and faster time to protection as organizations scale in AWS, Azure and Google Cloud environments. ...
- Azure Security Center
It is a unified infrastructure security management system that strengthens the security posture of your data centers, and provides advanced threat protection across your hybrid workloads in the cloud - whether they're in Azure or not - as well as on premises. ...
- Zscaler
It is a global cloud-based information security company that provides Internet security, web security, firewalls, sandboxing, SSL inspection, antivirus, vulnerability management and granular control of user activity in cloud computing, mobile and Internet of things environments. ...
- AWS Config
AWS Config is a fully managed service that provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. With AWS Config you can discover existing AWS resources, export a complete inventory of your AWS resources with all configuration details, and determine how a resource was configured at any point in time. These capabilities enable compliance auditing, security analysis, resource change tracking, and troubleshooting. ...
- NGINX
nginx [engine x] is an HTTP and reverse proxy server, as well as a mail proxy server, written by Igor Sysoev. According to Netcraft nginx served or proxied 30.46% of the top million busiest sites in Jan 2018. ...
- Apache HTTP Server
The Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Originally designed as a replacement for the NCSA HTTP Server, it has grown to be the most popular web server on the Internet. ...
- Amazon EC2
It is a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers. ...
- Firebase
Firebase is a cloud service designed to power real-time, collaborative applications. Simply add the Firebase library to your application to gain access to a shared data structure; any changes you make to that data are automatically synchronized with the Firebase cloud and with other clients within milliseconds. ...
Prisma Cloud alternatives & related posts
related Dome9 posts
related Azure Security Center posts
related Zscaler posts
AWS Config
- Backed by Amazon4
- One stop solution2
- Not user friendly2
related AWS Config posts
From firebase Crashlytics, everything is simple, we install SDK and configs, and then we can see all the crashes. With AWS, it is not clear to me which service to use for the same purpose as configuring it. Correctly I understand that for automatic sending of all crashes, you need to use AWS Config?
NGINX
- High-performance http server1.4K
- Performance894
- Easy to configure730
- Open source607
- Load balancer530
- Free289
- Scalability288
- Web server226
- Simplicity175
- Easy setup136
- Content caching30
- Web Accelerator21
- Capability15
- Fast14
- High-latency12
- Predictability12
- Reverse Proxy8
- The best of them7
- Supports http/27
- Great Community5
- Lots of Modules5
- Enterprise version5
- High perfomance proxy server4
- Embedded Lua scripting3
- Streaming media delivery3
- Streaming media3
- Reversy Proxy3
- Blash2
- GRPC-Web2
- Lightweight2
- Fast and easy to set up2
- Slim2
- saltstack2
- Virtual hosting1
- Narrow focus. Easy to configure. Fast1
- Along with Redis Cache its the Most superior1
- Ingress controller1
- Advanced features require subscription10
related NGINX posts
Our whole DevOps stack consists of the following tools:
- GitHub (incl. GitHub Pages/Markdown for Documentation, GettingStarted and HowTo's) for collaborative review and code management tool
- Respectively Git as revision control system
- SourceTree as Git GUI
- Visual Studio Code as IDE
- CircleCI for continuous integration (automatize development process)
- Prettier / TSLint / ESLint as code linter
- SonarQube as quality gate
- Docker as container management (incl. Docker Compose for multi-container application management)
- VirtualBox for operating system simulation tests
- Kubernetes as cluster management for docker containers
- Heroku for deploying in test environments
- nginx as web server (preferably used as facade server in production environment)
- SSLMate (using OpenSSL) for certificate management
- Amazon EC2 (incl. Amazon S3) for deploying in stage (production-like) and production environments
- PostgreSQL as preferred database system
- Redis as preferred in-memory database/store (great for caching)
The main reason we have chosen Kubernetes over Docker Swarm is related to the following artifacts:
- Key features: Easy and flexible installation, Clear dashboard, Great scaling operations, Monitoring is an integral part, Great load balancing concepts, Monitors the condition and ensures compensation in the event of failure.
- Applications: An application can be deployed using a combination of pods, deployments, and services (or micro-services).
- Functionality: Kubernetes as a complex installation and setup process, but it not as limited as Docker Swarm.
- Monitoring: It supports multiple versions of logging and monitoring when the services are deployed within the cluster (Elasticsearch/Kibana (ELK), Heapster/Grafana, Sysdig cloud integration).
- Scalability: All-in-one framework for distributed systems.
- Other Benefits: Kubernetes is backed by the Cloud Native Computing Foundation (CNCF), huge community among container orchestration tools, it is an open source and modular tool that works with any OS.
We chose AWS because, at the time, it was really the only cloud provider to choose from.
We tend to use their basic building blocks (EC2, ELB, Amazon S3, Amazon RDS) rather than vendor specific components like databases and queuing. We deliberately decided to do this to ensure we could provide multi-cloud support or potentially move to another cloud provider if the offering was better for our customers.
We’ve utilized c3.large nodes for both the Node.js deployment and then for the .NET Core deployment. Both sit as backends behind an nginx instance and are managed using scaling groups in Amazon EC2 sitting behind a standard AWS Elastic Load Balancing (ELB).
While we’re satisfied with AWS, we do review our decision each year and have looked at Azure and Google Cloud offerings.
#CloudHosting #WebServers #CloudStorage #LoadBalancerReverseProxy
Apache HTTP Server
- Web server479
- Most widely-used web server305
- Virtual hosting217
- Fast148
- Ssl support138
- Since 199644
- Asynchronous28
- Robust5
- Proven over many years4
- Mature2
- Perfomance2
- Perfect Support1
- Many available modules0
- Many available modules0
- Hard to set up4
related Apache HTTP Server posts
When I joined NYT there was already broad dissatisfaction with the LAMP (Linux Apache HTTP Server MySQL PHP) Stack and the front end framework, in particular. So, I wasn't passing judgment on it. I mean, LAMP's fine, you can do good work in LAMP. It's a little dated at this point, but it's not ... I didn't want to rip it out for its own sake, but everyone else was like, "We don't like this, it's really inflexible." And I remember from being outside the company when that was called MIT FIVE when it had launched. And been observing it from the outside, and I was like, you guys took so long to do that and you did it so carefully, and yet you're not happy with your decisions. Why is that? That was more the impetus. If we're going to do this again, how are we going to do it in a way that we're gonna get a better result?
So we're moving quickly away from LAMP, I would say. So, right now, the new front end is React based and using Apollo. And we've been in a long, protracted, gradual rollout of the core experiences.
React is now talking to GraphQL as a primary API. There's a Node.js back end, to the front end, which is mainly for server-side rendering, as well.
Behind there, the main repository for the GraphQL server is a big table repository, that we call Bodega because it's a convenience store. And that reads off of a Kafka pipeline.
We've been happy with nginx as part of our stack. As an open source web application that folks install on-premise, the configuration system for the webserver is pretty important to us. I have a few complaints (e.g. the configuration syntax for conditionals is a pain), but overall we've found it pretty easy to build a configurable set of options (see link) for how to run Zulip on nginx, both directly and with a remote reverse proxy in front of it, with a minimum of code duplication.
Certainly I've been a lot happier with it than I was working with Apache HTTP Server in past projects.
- Quick and reliable cloud servers647
- Scalability515
- Easy management393
- Low cost277
- Auto-scaling271
- Market leader89
- Backed by amazon80
- Reliable79
- Free tier67
- Easy management, scalability58
- Flexible13
- Easy to Start10
- Widely used9
- Web-scale9
- Elastic9
- Node.js API7
- Industry Standard5
- Lots of configuration options4
- GPU instances2
- Simpler to understand and learn1
- Extremely simple to use1
- Amazing for individuals1
- All the Open Source CLI tools you could want.1
- Ui could use a lot of work13
- High learning curve when compared to PaaS6
- Extremely poor CPU performance3
related Amazon EC2 posts
To provide employees with the critical need of interactive querying, we’ve worked with Presto, an open-source distributed SQL query engine, over the years. Operating Presto at Pinterest’s scale has involved resolving quite a few challenges like, supporting deeply nested and huge thrift schemas, slow/ bad worker detection and remediation, auto-scaling cluster, graceful cluster shutdown and impersonation support for ldap authenticator.
Our infrastructure is built on top of Amazon EC2 and we leverage Amazon S3 for storing our data. This separates compute and storage layers, and allows multiple compute clusters to share the S3 data.
We have hundreds of petabytes of data and tens of thousands of Apache Hive tables. Our Presto clusters are comprised of a fleet of 450 r4.8xl EC2 instances. Presto clusters together have over 100 TBs of memory and 14K vcpu cores. Within Pinterest, we have close to more than 1,000 monthly active users (out of total 1,600+ Pinterest employees) using Presto, who run about 400K queries on these clusters per month.
Each query submitted to Presto cluster is logged to a Kafka topic via Singer. Singer is a logging agent built at Pinterest and we talked about it in a previous post. Each query is logged when it is submitted and when it finishes. When a Presto cluster crashes, we will have query submitted events without corresponding query finished events. These events enable us to capture the effect of cluster crashes over time.
Each Presto cluster at Pinterest has workers on a mix of dedicated AWS EC2 instances and Kubernetes pods. Kubernetes platform provides us with the capability to add and remove workers from a Presto cluster very quickly. The best-case latency on bringing up a new worker on Kubernetes is less than a minute. However, when the Kubernetes cluster itself is out of resources and needs to scale up, it can take up to ten minutes. Some other advantages of deploying on Kubernetes platform is that our Presto deployment becomes agnostic of cloud vendor, instance types, OS, etc.
#BigData #AWS #DataScience #DataEngineering
Our whole DevOps stack consists of the following tools:
- GitHub (incl. GitHub Pages/Markdown for Documentation, GettingStarted and HowTo's) for collaborative review and code management tool
- Respectively Git as revision control system
- SourceTree as Git GUI
- Visual Studio Code as IDE
- CircleCI for continuous integration (automatize development process)
- Prettier / TSLint / ESLint as code linter
- SonarQube as quality gate
- Docker as container management (incl. Docker Compose for multi-container application management)
- VirtualBox for operating system simulation tests
- Kubernetes as cluster management for docker containers
- Heroku for deploying in test environments
- nginx as web server (preferably used as facade server in production environment)
- SSLMate (using OpenSSL) for certificate management
- Amazon EC2 (incl. Amazon S3) for deploying in stage (production-like) and production environments
- PostgreSQL as preferred database system
- Redis as preferred in-memory database/store (great for caching)
The main reason we have chosen Kubernetes over Docker Swarm is related to the following artifacts:
- Key features: Easy and flexible installation, Clear dashboard, Great scaling operations, Monitoring is an integral part, Great load balancing concepts, Monitors the condition and ensures compensation in the event of failure.
- Applications: An application can be deployed using a combination of pods, deployments, and services (or micro-services).
- Functionality: Kubernetes as a complex installation and setup process, but it not as limited as Docker Swarm.
- Monitoring: It supports multiple versions of logging and monitoring when the services are deployed within the cluster (Elasticsearch/Kibana (ELK), Heapster/Grafana, Sysdig cloud integration).
- Scalability: All-in-one framework for distributed systems.
- Other Benefits: Kubernetes is backed by the Cloud Native Computing Foundation (CNCF), huge community among container orchestration tools, it is an open source and modular tool that works with any OS.
- Realtime backend made easy371
- Fast and responsive270
- Easy setup242
- Real-time215
- JSON191
- Free134
- Backed by google128
- Angular adaptor83
- Reliable68
- Great customer support36
- Great documentation32
- Real-time synchronization25
- Mobile friendly21
- Rapid prototyping19
- Great security14
- Automatic scaling12
- Freakingly awesome11
- Super fast development8
- Angularfire is an amazing addition!8
- Chat8
- Firebase hosting6
- Built in user auth/oauth6
- Awesome next-gen backend6
- Ios adaptor6
- Speed of light4
- Very easy to use4
- Great3
- It's made development super fast3
- Brilliant for startups3
- Free hosting2
- Cloud functions2
- JS Offline and Sync suport2
- Low battery consumption2
- .net2
- The concurrent updates create a great experience2
- Push notification2
- I can quickly create static web apps with no backend2
- Great all-round functionality2
- Free authentication solution2
- Easy Reactjs integration1
- Google's support1
- Free SSL1
- CDN & cache out of the box1
- Easy to use1
- Large1
- Faster workflow1
- Serverless1
- Good Free Limits1
- Simple and easy1
- Can become expensive31
- No open source, you depend on external company16
- Scalability is not infinite15
- Not Flexible Enough9
- Cant filter queries7
- Very unstable server3
- No Relational Data3
- Too many errors2
- No offline sync2
related Firebase posts
Hi Otensia! I'd definitely recommend using the skills you've already got and building with JavaScript is a smart way to go these days. Most platform services have JavaScript/Node SDKs or NPM packages, many serverless platforms support Node in case you need to write any backend logic, and JavaScript is incredibly popular - meaning it will be easy to hire for, should you ever need to.
My advice would be "don't reinvent the wheel". If you already have a skill set that will work well to solve the problem at hand, and you don't need it for any other projects, don't spend the time jumping into a new language. If you're looking for an excuse to learn something new, it would be better to invest that time in learning a new platform/tool that compliments your knowledge of JavaScript. For this project, I might recommend using Netlify, Vercel, or Google Firebase to quickly and easily deploy your web app. If you need to add user authentication, there are great examples out there for Firebase Authentication, Auth0, or even Magic (a newcomer on the Auth scene, but very user friendly). All of these services work very well with a JavaScript-based application.
For inboxkitten.com, an opensource disposable email service;
We migrated our serverless workload from Cloud Functions for Firebase to CloudFlare workers, taking advantage of the lower cost and faster-performing edge computing of Cloudflare network. Made possible due to our extremely low CPU and RAM overhead of our serverless functions.
If I were to summarize the limitation of Cloudflare (as oppose to firebase/gcp functions), it would be ...
- <5ms CPU time limit
- Incompatible with express.js
- one script limitation per domain
Limitations our workload is able to conform with (YMMV)
For hosting of static files, we migrated from Firebase to CommonsHost
More details on the trade-off in between both serverless providers is in the article