Skip to Content
logo

Docs

  • Home
  • Quick start
    • FAQ
      • Billing
      • Integrations
      • Platform
      • Scanner
      • Ask our pentesters to explain a vulnerability
      • Fix code with gen AI from the IDE
      • See safe dependency versions
      • Import repositories to test
      • Invite team members to sign up
      • Billing for the Advanced plan
      • Continuous Hacking free trial, plans and pricing
      • Continuous Hacking methodology
      • Continuous Hacking PoV
      • CVSSF metric
      • Glossary
      • Main website
      • Platform demo
      • Tutorial videos
      • What is DAST?
      • What is SAST?
      • What is SCA?
      • Assign vulnerability remediation to a team member
      • See details of the reported security vulnerabilities
    • Sign up to Fluid Attacks
      • Break the build
      • Install CI Gate to break the build
      • Verify whether a fix was successful
  • Find and fix
    • Use the platform
        • Sign-up and login
        • Interface and sections
        • Groups section
        • Group configuration
        • Create and delete groups
        • Create another organization
        • Portfolios
        • ToE and SBOM
        • Register payment method
        • Members
        • Understand roles
        • Group authors
        • Organization authors
        • Repositories
        • Import them with OAuth
        • Repositories out of scope
        • Credentials
        • Environments
        • Resolve events
        • Analyze your supply chain security
        • Assign treatments
        • Correlate your threat model to vulnerabilities
        • CVSS score adjustment
        • Examine the evidence of exploitability
        • Find reachable dependency vulnerabilities
        • Request a vulnerability be dismissed as Zero Risk
        • See vulnerabilities assigned to you
        • See where vulnerabilities are and more details
        • Verify fixes with reattacks
        • Vulnerability signature update
      • Help options
        • AI Agent
        • Live chat
        • Email
        • Comments
        • Talk to a Pentester
        • Tutorial videos or demo
        • Vulnerability reporting
        • Standard compliance
        • ZTNA logs
        • Recent downloads
        • Common analytics
        • Organization analytics
        • Group analytics
        • Portfolio analytics
        • Chart options
        • CI Gate configuration
        • CI Gate executions
        • Security gates
        • Vulnerability acceptance
        • Prioritization attributes
        • Explore the user menu
        • Enable and disable notifications
        • Subscribe to News
        • Leave a group
      • See vulnerabilities
        • Fluid Attacks' scanners
        • OWASP Benchmark results
        • Your feedback
      • Use the scanners
        • Local run
        • CI/CD integration
        • Understanding outputs
        • Findings exclusion
      • Use a configuration file
        • SAST scanner
        • SCA scanner
        • DAST scanner
        • APK scanner
      • Automatic remediation
      • Custom remediation guides
      • Introduction to Sorts
      • Sorts user guide
      • Connection mechanisms
      • Cloud connection
      • Egress connection
      • Connector connection
      • Types of authentication
      • AWS CodeCommit
    • Service-level agreement
      • Availability SLA
      • Response SLA
      • Accuracy SLA
      • False negatives
      • False positives
      • Scope
    • Support information
      • Changelog
        • 2023
        • 2024
        • 2025
        • 2026
      • Roadmap
      • AI functions
      • Attack surfaces
      • Binaries
      • Browsers
      • CI/CD
      • Clouds
      • CVEs for reachability
      • Evidence formats
      • Frameworks
      • IDE functionalities
      • Languages
      • Languages for fixes
      • Package managers
      • Remediation
      • SCM systems
      • Secrets
      • Standards
      • Ticketing systems
      • Documentation sections
  • Integrations
      • Bug-tracking systems
      • Tools and integrations
      • Access Talk to a Pentester and help from Jira issues
      • Automate Jira issue creation
      • Create Jira issues for vulnerabilities
      • Go to vulnerability evidence and more from Jira issues
      • Install the Fluid Attacks app for Jira Cloud
      • Link vulnerabilities to Jira issues or unlink them
      • Request reattacks from Jira issues
      • Set up the Jira integration
      • Set up the Azure DevOps integration
      • Set up the GitLab integration
    • VS Code
      • Functions
      • Troubleshooting
      • Identify and address vulnerabilities from IntelliJ
      • Install the IntelliJ plugin
      • Identify and address vulnerabilities from Cursor
      • Install the Cursor extension
      • AWS Marketplace integration
    • MCP server
      • Installation
      • Capabilities and use cases
      • Docker installation
    • PR/MR scanner
      • For GitLab
      • For Azure DevOps
      • Troubleshooting
      • File exclusion
    • API
      • Learn the basics
    • Webhooks
  • Stack
      • Bash
      • Python
      • Terraform
      • TypeScript
      • Ariadne
      • Commitlint
      • D3
      • Docker
      • ESLint
      • GraphQL
      • Hypercorn
      • Kubernetes
      • Labels
      • Mypy
      • Nix Flakes
      • Platform audit logs
      • Platform authentication
      • Platform authorization
      • Pydantic
      • Pydantic AI
      • React
      • Ruff
      • Sops
      • Starlette
      • Tree-sitter
      • Visual Studio Code
      • AWS
      • Batch
      • Bedrock
      • BigCodeBench
      • BugSnag
      • Checkly
      • Claude 3.5 Sonnet
      • Cloudflare
      • CloudWatch
      • Cost Management
      • Datadog
      • dbt
      • DynamoDB
      • EBS
      • EC2
      • EKS
      • ELB
      • Engineering metrics
      • ePayco
      • EventBridge
      • GitLab
      • GitLab CI
      • Google Workspace
      • IAM
      • Jamf
      • KMS
      • Lambda
      • LogRocket
      • Okta
      • OpenAI
      • OpenSearch
      • Organizations
      • QuickSight
      • S3
      • SageMaker
      • Snowflake
      • Statuspage
      • Step Functions
      • Stripe
      • Treli
      • Ubiquiti
      • Vanta
      • Voyage AI
      • VPC
      • VPN
      • Zoho One
      • Zoho Sign
    • Pentesting tools
  • Compliance
    • Authentication
      • Clients
      • Password policies
      • Staff
    • Authorization
      • Access revocation
      • Clients
      • Employee termination
      • Endpoints
      • Secret rotation
      • Sessions
      • Staff
    • Availability
      • Distributed apps
      • Distributed firewall
      • Everything backed up
      • Multiple zones
      • Recovery objective
    • Confidentiality
      • Device (re)enrolling
      • Direct hiring
      • Encryption at rest
      • Encryption in transit
      • No personal gain
      • Personnel NDA
      • Secure deletion
    • Integrity
      • Applicant evaluation
      • Awareness
      • Certification Hub
      • Certified cloud provider
      • Certified security analysts
      • Comprehensive reporting
      • Developing for integrity
      • Monitoring
      • Production data isolation
      • Secure emails
      • SLSA compliance
      • Standard timezone
      • Static website
      • Training plan
    • Non-repudiation
      • Everything as code
      • Extensive logs
    • Privacy
      • Data privacy policy
      • Data retention policy
      • Data use policy
      • Email obfuscation
      • Time tracking
      • Manual for the NDR
      • Subprocessor OpenAI
      • OTR messaging
      • Polygraph tests
      • Project pseudonymization
      • Data transmission
      • Unsubscribe email
      • Use of cookies
    • Resilience
      • Continuity and recovery
      • Equipment and telecommuting
      • Everything is decentralized
      • Redundant roles
    • Transparency
      • Complaint management
      • Data leakage policy
      • Ethics hotline
      • Help channel
      • Incident management
      • Information security responsibility
      • Open source
      • Quality policy
      • Status page
      • Testing our technology
      • Vulnerability releasing
  • Compare
    • 42Crunch
    • 7 Way Security
    • Aikido
    • Anvil Secure
    • Apiiro
    • AppCheck
    • Appdome
    • Appknox
    • Aqua
    • Armorcode
    • Arnica
    • Astra
    • Backslash
    • Base4
    • Bishop Fox
    • Black Duck
    • Black Hills
    • Breachlock
    • Bright Security
    • Burp Suite
    • Checkmarx
    • CloudGuard
    • Cobalt
    • Codacy
    • Conviso
    • Cure53
    • Cycode
    • Cyscope
    • Cyver
    • Data Theorem
    • DataDog
    • DeepSource
    • DefectDojo
    • Detectify
    • Devel
    • Dynatrace
    • Edgescan
    • Endor Labs
    • Escape
    • Evolve Security
    • Faraday Security
    • FortiDevSec
    • Fortify
    • GitHub Advanced Security (GHAS)
    • Ghost Security
    • GitLab Ultimate
    • GuardRails
    • HackerOne
    • Hackmetrix
    • Hadrian
    • HCL AppScan
    • Heeler
    • Hopper Security
    • ImmuniWeb
    • Inspectiv
    • Intigriti
    • Intruder
    • Invicti
    • JFrog
    • Jit
    • Kiuwan
    • Legit Security
    • Mandiant
    • Mend
    • Mindgard
    • Moderne
    • NetSPI
    • NowSecure
    • Nucleus Security
    • Oligo Security
    • Orca Security
    • Oversecured
    • OX Security
    • Phoenix Security
    • PlexTrac
    • Praetorian
    • Prancer
    • Prisma Cloud
    • Probely
    • Prowler
    • ReversingLabs
    • RunSybil
    • Safety
    • Securitum
    • Seemplicity
    • Semgrep
    • Snyk
    • Socket
    • SonarQube
    • Sonatype Lifecycle
    • SOOS
    • StackHawk
    • Strike
    • Synacktiv
    • Tenable Nessus
    • ThreatModeler
    • Veracode
    • White Jaguars
    • Wiz
    • Xygeni
    • ZAP
    • ZeroPath
  • Log in to the platform 
  • Home
  • Quick start
    • FAQ
      • Billing
      • Integrations
      • Platform
      • Scanner
      • Ask our pentesters to explain a vulnerability
      • Fix code with gen AI from the IDE
      • See safe dependency versions
      • Import repositories to test
      • Invite team members to sign up
      • Billing for the Advanced plan
      • Continuous Hacking free trial, plans and pricing
      • Continuous Hacking methodology
      • Continuous Hacking PoV
      • CVSSF metric
      • Glossary
      • Main website
      • Platform demo
      • Tutorial videos
      • What is DAST?
      • What is SAST?
      • What is SCA?
      • Assign vulnerability remediation to a team member
      • See details of the reported security vulnerabilities
    • Sign up to Fluid Attacks
      • Break the build
      • Install CI Gate to break the build
      • Verify whether a fix was successful
  • Find and fix
    • Use the platform
        • Sign-up and login
        • Interface and sections
        • Groups section
        • Group configuration
        • Create and delete groups
        • Create another organization
        • Portfolios
        • ToE and SBOM
        • Register payment method
        • Members
        • Understand roles
        • Group authors
        • Organization authors
        • Repositories
        • Import them with OAuth
        • Repositories out of scope
        • Credentials
        • Environments
        • Resolve events
        • Analyze your supply chain security
        • Assign treatments
        • Correlate your threat model to vulnerabilities
        • CVSS score adjustment
        • Examine the evidence of exploitability
        • Find reachable dependency vulnerabilities
        • Request a vulnerability be dismissed as Zero Risk
        • See vulnerabilities assigned to you
        • See where vulnerabilities are and more details
        • Verify fixes with reattacks
        • Vulnerability signature update
      • Help options
        • AI Agent
        • Live chat
        • Email
        • Comments
        • Talk to a Pentester
        • Tutorial videos or demo
        • Vulnerability reporting
        • Standard compliance
        • ZTNA logs
        • Recent downloads
        • Common analytics
        • Organization analytics
        • Group analytics
        • Portfolio analytics
        • Chart options
        • CI Gate configuration
        • CI Gate executions
        • Security gates
        • Vulnerability acceptance
        • Prioritization attributes
        • Explore the user menu
        • Enable and disable notifications
        • Subscribe to News
        • Leave a group
      • See vulnerabilities
        • Fluid Attacks' scanners
        • OWASP Benchmark results
        • Your feedback
      • Use the scanners
        • Local run
        • CI/CD integration
        • Understanding outputs
        • Findings exclusion
      • Use a configuration file
        • SAST scanner
        • SCA scanner
        • DAST scanner
        • APK scanner
      • Automatic remediation
      • Custom remediation guides
      • Introduction to Sorts
      • Sorts user guide
      • Connection mechanisms
      • Cloud connection
      • Egress connection
      • Connector connection
      • Types of authentication
      • AWS CodeCommit
    • Service-level agreement
      • Availability SLA
      • Response SLA
      • Accuracy SLA
      • False negatives
      • False positives
      • Scope
    • Support information
      • Changelog
        • 2023
        • 2024
        • 2025
        • 2026
      • Roadmap
      • AI functions
      • Attack surfaces
      • Binaries
      • Browsers
      • CI/CD
      • Clouds
      • CVEs for reachability
      • Evidence formats
      • Frameworks
      • IDE functionalities
      • Languages
      • Languages for fixes
      • Package managers
      • Remediation
      • SCM systems
      • Secrets
      • Standards
      • Ticketing systems
      • Documentation sections
  • Integrations
      • Bug-tracking systems
      • Tools and integrations
      • Access Talk to a Pentester and help from Jira issues
      • Automate Jira issue creation
      • Create Jira issues for vulnerabilities
      • Go to vulnerability evidence and more from Jira issues
      • Install the Fluid Attacks app for Jira Cloud
      • Link vulnerabilities to Jira issues or unlink them
      • Request reattacks from Jira issues
      • Set up the Jira integration
      • Set up the Azure DevOps integration
      • Set up the GitLab integration
    • VS Code
      • Functions
      • Troubleshooting
      • Identify and address vulnerabilities from IntelliJ
      • Install the IntelliJ plugin
      • Identify and address vulnerabilities from Cursor
      • Install the Cursor extension
      • AWS Marketplace integration
    • MCP server
      • Installation
      • Capabilities and use cases
      • Docker installation
    • PR/MR scanner
      • For GitLab
      • For Azure DevOps
      • Troubleshooting
      • File exclusion
    • API
      • Learn the basics
    • Webhooks
  • Stack
      • Bash
      • Python
      • Terraform
      • TypeScript
      • Ariadne
      • Commitlint
      • D3
      • Docker
      • ESLint
      • GraphQL
      • Hypercorn
      • Kubernetes
      • Labels
      • Mypy
      • Nix Flakes
      • Platform audit logs
      • Platform authentication
      • Platform authorization
      • Pydantic
      • Pydantic AI
      • React
      • Ruff
      • Sops
      • Starlette
      • Tree-sitter
      • Visual Studio Code
      • AWS
      • Batch
      • Bedrock
      • BigCodeBench
      • BugSnag
      • Checkly
      • Claude 3.5 Sonnet
      • Cloudflare
      • CloudWatch
      • Cost Management
      • Datadog
      • dbt
      • DynamoDB
      • EBS
      • EC2
      • EKS
      • ELB
      • Engineering metrics
      • ePayco
      • EventBridge
      • GitLab
      • GitLab CI
      • Google Workspace
      • IAM
      • Jamf
      • KMS
      • Lambda
      • LogRocket
      • Okta
      • OpenAI
      • OpenSearch
      • Organizations
      • QuickSight
      • S3
      • SageMaker
      • Snowflake
      • Statuspage
      • Step Functions
      • Stripe
      • Treli
      • Ubiquiti
      • Vanta
      • Voyage AI
      • VPC
      • VPN
      • Zoho One
      • Zoho Sign
    • Pentesting tools
  • Compliance
    • Authentication
      • Clients
      • Password policies
      • Staff
    • Authorization
      • Access revocation
      • Clients
      • Employee termination
      • Endpoints
      • Secret rotation
      • Sessions
      • Staff
    • Availability
      • Distributed apps
      • Distributed firewall
      • Everything backed up
      • Multiple zones
      • Recovery objective
    • Confidentiality
      • Device (re)enrolling
      • Direct hiring
      • Encryption at rest
      • Encryption in transit
      • No personal gain
      • Personnel NDA
      • Secure deletion
    • Integrity
      • Applicant evaluation
      • Awareness
      • Certification Hub
      • Certified cloud provider
      • Certified security analysts
      • Comprehensive reporting
      • Developing for integrity
      • Monitoring
      • Production data isolation
      • Secure emails
      • SLSA compliance
      • Standard timezone
      • Static website
      • Training plan
    • Non-repudiation
      • Everything as code
      • Extensive logs
    • Privacy
      • Data privacy policy
      • Data retention policy
      • Data use policy
      • Email obfuscation
      • Time tracking
      • Manual for the NDR
      • Subprocessor OpenAI
      • OTR messaging
      • Polygraph tests
      • Project pseudonymization
      • Data transmission
      • Unsubscribe email
      • Use of cookies
    • Resilience
      • Continuity and recovery
      • Equipment and telecommuting
      • Everything is decentralized
      • Redundant roles
    • Transparency
      • Complaint management
      • Data leakage policy
      • Ethics hotline
      • Help channel
      • Incident management
      • Information security responsibility
      • Open source
      • Quality policy
      • Status page
      • Testing our technology
      • Vulnerability releasing
  • Compare
    • 42Crunch
    • 7 Way Security
    • Aikido
    • Anvil Secure
    • Apiiro
    • AppCheck
    • Appdome
    • Appknox
    • Aqua
    • Armorcode
    • Arnica
    • Astra
    • Backslash
    • Base4
    • Bishop Fox
    • Black Duck
    • Black Hills
    • Breachlock
    • Bright Security
    • Burp Suite
    • Checkmarx
    • CloudGuard
    • Cobalt
    • Codacy
    • Conviso
    • Cure53
    • Cycode
    • Cyscope
    • Cyver
    • Data Theorem
    • DataDog
    • DeepSource
    • DefectDojo
    • Detectify
    • Devel
    • Dynatrace
    • Edgescan
    • Endor Labs
    • Escape
    • Evolve Security
    • Faraday Security
    • FortiDevSec
    • Fortify
    • GitHub Advanced Security (GHAS)
    • Ghost Security
    • GitLab Ultimate
    • GuardRails
    • HackerOne
    • Hackmetrix
    • Hadrian
    • HCL AppScan
    • Heeler
    • Hopper Security
    • ImmuniWeb
    • Inspectiv
    • Intigriti
    • Intruder
    • Invicti
    • JFrog
    • Jit
    • Kiuwan
    • Legit Security
    • Mandiant
    • Mend
    • Mindgard
    • Moderne
    • NetSPI
    • NowSecure
    • Nucleus Security
    • Oligo Security
    • Orca Security
    • Oversecured
    • OX Security
    • Phoenix Security
    • PlexTrac
    • Praetorian
    • Prancer
    • Prisma Cloud
    • Probely
    • Prowler
    • ReversingLabs
    • RunSybil
    • Safety
    • Securitum
    • Seemplicity
    • Semgrep
    • Snyk
    • Socket
    • SonarQube
    • Sonatype Lifecycle
    • SOOS
    • StackHawk
    • Strike
    • Synacktiv
    • Tenable Nessus
    • ThreatModeler
    • Veracode
    • White Jaguars
    • Wiz
    • Xygeni
    • ZAP
    • ZeroPath
  • Log in to the platform 

On This Page

  • How does Fluid Attacks’ solution compare to Prisma Cloud’s?
  • Organization
  • Service
  • Product
  • Integrations
  • More like Prisma Cloud
ComparePrisma Cloud

Prisma Cloud

Last updated: Mar 5, 2026

How does Fluid Attacks’ solution compare to Prisma Cloud’s?

The following comparison table enables you to discern the performance of both providers across various attributes essential for meeting your company’s cybersecurity needs. To better understand each attribute, read their descriptions in the dedicated page .

This comparison focuses exclusively on the product itself, even though it belongs to a larger parent company. All information collected is based on the product’s technical, functional, and theoretical capabilities, not on attributes of the parent company.

Organization
AttributeEssentialAdvancedPrisma Cloud
FocusNative ASPM  with in-house scanners AI-powered PTaaS  on top of native ASPM  with in-house scanners Cloud Native Application Product Platform (CNAPP)
ExtrasNoneNoneAI Security Posture Management (AI-SPM), Cloud Discovery and Exposure Management, Cloud Infrastructure Entitlement Management (CIEM), Cloud Security Posture Management (CSPM), Cloud Workload Protection, Data Security Posture Management (DSPM) and Web Application & API Security
Headcount157 Same Indeterminable (no information for this product alone)
Headcount distributionEngineering 40% , IT 14%, sales 15%, marketing 2%, operations 4% and others 25%Same Indeterminable (no information for this product alone)
Headcount growth+14% , +15%, -1%Same Indeterminable (no information for this product alone)
HeadquartersCO  and USSame Indeterminable (no information for this product alone)
CountriesAR , BO, CA, CL, CO, DO, MX, PA, PE and USSame Indeterminable (no information for this product alone)
Reputation9.76 from 228 reviews over 8 years on Gartner  and Clutch Same7.34 from 232 reviews over 7 years on Capterra, G2, PeerSpot and TrustRadius
Followers22K based on the following: Facebook , Instagram , LinkedIn , X  and YouTube SameIndeterminable (no information for this product alone)
Research firmsNoneNone451 Research, Forrester , Frost & Sullivan, Info-Tech Research Group and Omdia
Founded2001 Same  2019
FundingBootstrappedSameIndeterminable (no information for this product alone)
AcquisitionsNoneNoneIndeterminable (no information for this product alone)
Revenue10M  to 15MSame Indeterminable (no information for this product alone)
CVEs as CNA Researcher289 CVEs reported  to MITRE , ranked in the top 10 CVE labs worldwide Same 336 CVEs reported to MITRE by Palo Alto Networks
ComplianceSOC 2 Type II  and SOC 3 Same CSA STAR Level 2, FedRAMP Authorized, IRAP, ISMAP, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27032, ISO/IEC 27701, ISO/IEC 22301 and StateRAMP Authorized
Bug bountyYes Yes Yes
Visits27K  per month. Top 3: 34% PE, 33% CO, 6% CL. Others 27%Same Indeterminable (no information for this product alone)
Authority31 out of 100 Same Indeterminable (no information for this product alone)
Public vulnerability DBDiscovered  and third-partySame Palo Alto Networks - Third-party
ContentBlog , documentation , e-books , glossary , reports, success stories , videos , webinars and white papersSameAnalysis report, documentation, guides, reports and webinars
Comprehensive documentation13 documentation sections , 7 in common and 6 additionalSame 8 documentation sections, 7 in common and 1 additional
CommunityForum Same Forum by Palo Alto Networks
Sync training1 workshop Same No
Async training3 product use courses , all freeSame Security education platform by Palo Alto Networks (subscription-based)
DistributionDirect  or with any of its 14 partners SameDirect or with any of its 18 partners
MarketplacesAWS Same AWS, Azure, GCP and GitHub
FreemiumNoNoNo
Free trial21-day free trial PoV 30-days free trial and PoV
DemoYes Yes Yes
Open demoNoNoNo
PricingContact sales  and marketplace Contact sales Contact sales and marketplaces
Pricing tiers1 plan 1 plan 2 plans (Business, enterprise). All transparent
Minimum termMonthly Monthly Monthly
Minimum payment periodMonthly Monthly Monthly
Minimum capabilitiesASPM , binary SAST, DAST, IaC, SAST, SCA and secretsSame plus: AI SAST , API security testing, PTaaS, RE and SCRNo information available
Minimum scope1 author Same 100 credits
Pricing driversAuthors Same Credits
Free implementationYes Yes No information available
Free supportYes Yes Yes
Service
AttributeEssentialAdvancedPrisma Cloud
PTaaSNoYes No
Reverse engineeringNoYes No
Secure code reviewNoYes No
PivotingNoYes No
ExploitationNoYes No
Manual reattacksNot applicableUnlimited reattacks Not applicable
Zero-day vulnerabilitiesNoneContinuous zero-day  vulnerability researchContinuous zero-day vulnerability research by Palo Alto Networks
SLAAvailability Accuracy , availability  and response Availability
Minimum availability99.95%  per yearSame 99.9% per month
After-sale guaranteesNoYesYes
AccreditationsCNA  and Penetration Testing by CREST Same AWS Outposts Ready Product, AWS Security Incident Response Ready, Containers ISV Competency, DevOps ISV Competency, Migration and Modernization ISV Competency, Networking ISV Competency, Security ISV Competency and CNA (as Palo Alto Networks)
Hacker certificationsNot applicable202 from 59 different types Not applicable
Type of contractEmployeeSameEmployee
Endpoint controlNoTotal Not applicable
Channel controlNoTotalNot applicable
StandardsSome requirements from 67 standards , 17 in common and 50 additionalAll requirements from the same standards 40 standards, 17 in common and 23 additional
Detection methodAutomated tools Automated tools , AI  and human intelligenceAutomated tools and AI
Remediation5 , 3 in common and 2 additionalSame, plus 1 3, all in common
Output5 , 3 in common and 2 additionalSame, plus 2 4, 3 in common and 1 additional
Product
AttributeEssentialAdvancedPrisma Cloud
ASPMYes Yes No
APIGraphQL with JSON Same REST with JSON
IDE5 functionalities , 3 in common and 2 additionalSame , plus 1 functionality3 functionalities, all in common
CLIYes Yes Yes
CI/CDBreaks the build Same Breaks the build
Vulnerability sources4 sources , 1 in common and 3 additionalSame No information available
Threat model alignmentYes Yes No
Priority criteriaCVSS v4.0 , CVSSF , EPSS  and KEVSame CVSS v3.1, EPSS and KEV
Custom prioritizationPriority score Same No
Scanner originIn-house In-house In-house
SCA19 package managers , 9 in common and 10 additionalSame 10 package managers, 9 in common and 1 additional
AI securityNoYes Yes
Reachability12 languages Same No
Reachability typeDeterministic Same Not applicable
SBOM22 package managers , 9 in common and 13 additionalSame 10 package managers, 9 in common and 1 additional
Malware detectionYesYesYes
Autofix on componentsNoNoNo
Source SAST (languages)12 , 4 in common and 8 additionalSame 4, all in common
Source SAST (frameworks)22 , 10 in common and 12 additionalSame No information available
Custom rulesNoNoRuntime
IaC6 , 4 in common and 2 additional4 , 2 in common and 2 additional6, all in common
Binary SAST1 type of binary Same , plus 2 types of binaries1 type of binary
DAST7 attack surface types , 2 in common and 5 additionalSame No
API security testingNo4 types of APIs , 3 in common and 1 additional3 types of APIs, all in common
IASTNoNoNo
ASMNoNoNo
Secrets15 secrets types , 4 in common and 11 additionalSame , plus verify other attack vectors and secrets exploitability13 secrets types, 4 in common and 9 additional
AI3 functions , 2 in common and 1 additionalSame 3 functions, 2 in common and 1 additional
MCPYes Yes Yes, by Palo alto Networks
Open-sourceMPL-2 license , totally equivalent  to the paid version Not applicableNo
Provisioning as codeYes Yes No
DeploymentSaaS (multi-tenant) Same SaaS (multi-tenant) + on-premises (single-tenant)
RegionsUS Same AU, CA, CN, EU, FR, ID, IN, JP, SG, UK and US
StatusYes Yes Yes
Incidents3 per year Same 27.9 per year
Integrations
AttributeEssentialAdvancedPrisma Cloud
SCM6 , 4 in common and 2 additionalSame 4, all in common
Binary repositoriesNoneNoneNone
Ticketing3 , 1 in common and 2 additionalSame 1 in common
ChatOpsNoneNone2
IDE3 , 2 in common and 1 additionalSame 15, 2 in common and 14 additional
CI/CD21 , 6 in common and 15 additionalSame 6, all in common
SCANative Same Native and 1 integration
SASTNative Same Native
DASTNative Same None
IASTNoneNoneNone
SecretsNative Same Native
RemediationNoneNoneNative and 1 integration
Bug bountyNoneNoneNone
Vulnerability managementNoneNoneNative
ComplianceNoneNoneNone

The latest update to this comparison was on Feb 19, 2026. The primary sources of information were paloaltonetworks.com and docs.prismacloud.io, which were supplemented by specialized information-gathering sites, social media, and other sources.

More like Prisma Cloud

  • Aqua 
  • Orca Security 
  • Wiz 

Free trial — Search for vulnerabilities in your apps for free with Fluid Attacks’ automated security testing! Start your 21-day free trial  and discover the benefits of the Continuous Hacking  Essential plan . If you prefer the Advanced plan, which includes the expertise of Fluid Attacks’ hacking team, fill out this contact form .

Tags

aisecurityapibinarybountycompareiacmalwaresastsbomscasecrets
PrancerProbely
Fluid Attacks 2026. All rights reserved.