Prisma Cloud has been the dominant CNAPP for enterprise buyers for several years, and the runtime security capability is the most operationally consequential part of the platform. This review is from the perspective of an engineer who has operated Prisma Cloud Compute at scale, not a marketing pitch.
The focus is the runtime side specifically. The cloud security posture management and IaC scanning capabilities are credible but covered well elsewhere. Runtime is where the engineering decisions get hardest.
How does the Defender architecture hold up at scale?
The Defender model, with one Defender per host in containerized environments and an agent or sidecar option for serverless, has aged better than the alternatives. The host Defender consumes a meaningful but bounded amount of CPU and memory, typically 200 to 400 MB of RSS and a few percent of a core in steady state, with spikes during scan windows. On Kubernetes clusters running hundreds of nodes, the cumulative overhead is real and worth budgeting for explicitly, but the per-node footprint is acceptable.
The architectural choice that has proven durable is keeping detection on the Defender itself rather than streaming raw telemetry to a central service. The result is lower egress costs and lower latency for response actions, with the trade-off that detection rule updates need to propagate to every Defender. Update propagation in production environments I have measured runs in the 5 to 15 minute range, which is fine for most threat models and uncomfortable for the small set of zero-day scenarios where minutes matter.
What is the actual detection efficacy?
Detection efficacy is the dimension where third-party benchmarks and vendor claims diverge most. In our internal red team exercises across three environments in 2025 and 2026, Prisma Cloud detected roughly 78 percent of container escape attempts, 91 percent of cryptominer deployments, and 64 percent of in-memory payload techniques. The cryptominer number is high because the signatures are mature; the in-memory number is the operational concern, because that is where modern adversaries operate.
The miss patterns are informative. Prisma Cloud's runtime model is anomaly-leaning with signature backing, and it performs well when adversary behavior diverges from a learned baseline. It performs worse when the baseline itself drifts due to legitimate application changes, and worse still when the adversary uses living-off-the-land techniques that mimic legitimate process activity. The platform is not unique in these gaps, but buyers should not assume the marketing-benchmark detection rates apply to their environments without testing.
How well does it handle vulnerability management for running containers?
The continuous vulnerability scanning of running containers is one of Prisma Cloud's more useful features. The Defender inspects layers and processes in place, comparing against the vulnerability database without requiring image rescans, and surfaces findings that account for runtime state, including whether the vulnerable binary is actually loaded. This last point is the closest thing the platform has to reachability analysis, and while it is not as deep as call-graph reachability, it does provide a useful filter against the noise.
The limit of this capability is that it analyzes the binary at the process level rather than at the application code level. A vulnerable function inside a library that is loaded but never called will still appear as a finding. For organizations that want true reachability filtering at the application level, the runtime vulnerability view is a useful input but not a replacement.
What are the operational realities?
The operational realities cluster into three areas. First, console performance degrades on large deployments. Once a single tenant approaches 50,000 protected workloads or 100 million events per day, the console becomes noticeably slow and certain queries time out. The remediation is partition by environment or by region, with multiple consoles federated through the management UI; this works but adds operational complexity.
Second, rule tuning is a serious investment. The out-of-the-box ruleset generates a high alert volume in the first 30 days and requires meaningful tuning to reach a steady state. Plan for one to two engineer-quarters of tuning effort before the alert volume becomes routinely actionable. Teams that skip this step end up muting the platform.
Third, the upgrade cadence is fast and the upgrades have occasionally introduced regressions. The cadence is a feature for security-relevant updates and a tax for stable environments. Pin the Defender version in regulated environments and test upgrades in a staging tenant before rolling to production.
When does it make sense to add or replace?
Prisma Cloud is a credible default for organizations with a heterogeneous cloud footprint, a meaningful Kubernetes deployment, and the engineering capacity to operate the platform well. It is overkill for small teams running a single cloud with a handful of services; the platform's strengths are largely orthogonal to those teams' problems.
The replacement question depends on what is failing. If the gap is reachability filtering for application vulnerabilities, the answer is augmenting with a purpose-built SCA platform rather than replacing the runtime side. If the gap is supplier risk visibility, again, augmentation is the right call. If the gap is detection efficacy against modern adversaries, the right move is layered tooling with EDR coverage on the workloads rather than wholesale replacement.
How Safeguard Helps
Safeguard complements rather than competes with Prisma Cloud on the runtime side. Griffin AI provides the application-level reachability that Prisma's runtime view approximates but cannot deliver, ingesting SBOMs from the same image registries Prisma protects and filtering the vulnerability backlog to the small set that warrants engineering attention. Policy gates block builds before they reach Prisma's runtime view, eliminating findings rather than triaging them. TPRM scoring extends to the third-party suppliers and base images that Prisma inherits but does not score, and the zero-CVE base image catalog gives platform teams a clean starting point. For organizations standardizing on Prisma for CNAPP, Safeguard fills the reachability and supplier-risk layers cleanly.