Palo Alto Networks Advanced Threat Prevention Reviews

Our current use case for Palo Alto Networks Advanced Threat Prevention includes everything such as command and control, traffic block, and anti-spyware modules. We are using vulnerability protections. Anything that has to do with the IDS/IPS engine, which can protect against bad actors, we're using that.

Palo Alto Networks Advanced Threat Prevention provides protections against both known and unknown threats quickly, and they have great Cyber Threat Alliance integration, which allows anything that is even unknown to get to our systems quickly in terms of being patched.

The ML classifiers and everything are part of Threat Protection from Palo Alto Networks Advanced Threat Prevention, and it is used by default. We are not doing anything extra on that.

Real-time threat migration is part of Palo Alto Networks Advanced Threat Prevention and is enabled by default, so we are getting protections through that.

We are satisfied with the analytic capabilities of Palo Alto Networks Advanced Threat Prevention, especially the reporting features available in the Palo Alto portal in terms of their application visibility interface, which is very good for us to get visibility on all critical applications and the associated users, as well as the risks associated with every category of traffic.

Palo Alto Networks can improve Advanced Threat Prevention by catering to the growing adoption of AI and agentic tooling. The Threat Protection modules should have the necessary intelligence to protect against those types of threats, as AI will be there to do a human job; this is an evolving area.

From an Advanced Threat Protection perspective, the technology associated with Palo Alto Networks, such as their sandboxing environment, is quite good. However, Palo Alto needs to focus on how to bring that technology to end users and how easy it is to use, especially in a hybrid environment where users work from various locations. While Palo Alto excels in certain setups, they need to improve the user experience in distributed working conditions.

We have been working with Palo Alto Networks Advanced Threat Prevention for three years, since it was available, and for Threat Prevention, we have been using it for the last 10 years.

The initial setup process for Palo Alto Networks Advanced Threat Prevention is quite good. It is probably the simplest way to define things across all traffic patterns. They have built-in profiles, which get added to your security groups, and those groups get added to the firewall rules, resulting in a very granular set of modules, which is really nice.

I would rate the stability of Palo Alto Networks Advanced Threat Prevention as nine out of ten.

In terms of scalability, I would rate Palo Alto Networks Advanced Threat Prevention eight out of ten.

Overall, I find the technical support from Palo Alto Networks quite good, although getting a hold of the TAC can be challenging and sometimes requires long phone calls. While the TAC is responsive and knowledgeable, outsourcing some support may not be beneficial for the company's health.

Positive

Key competitors for Palo Alto Networks Advanced Threat Prevention include Zscaler and Netscope, as these companies are featured in the Gartner Magic Quadrant regularly from the last three to four years in the SSE and SASE segment.

We are currently looking at product evaluations for the Prisma product from Palo Alto Networks. DNS functionality remains available, but we are looking holistically at a different platform and we're currently in the evaluation mode to encompass the entire requirement for secure access service edge.

We don't use Cortex as a solution from Palo Alto Networks. We are using Firewalls from Palo Alto Networks but not Cortex. We are using some of the VM-series, specifically VM100 and VM300, and also the physical hardware devices, which include the 400 series and the 1400 series, but not the CN series.

SD-WAN is not a requirement for us from Palo Alto Networks, as we do not have a requirement around LAN-to-LAN connectivity or internal connectivity. Most of the connections are through to the north-south bound requirement, which is internet.

We have integration with DNS and Palo Alto Networks Advanced Threat Prevention. We are using Advanced Threat Prevention and URL Filtering in other devices. We do not use Threat Forensics that much.

We are confident in the Palo Alto Networks product as whatever is available gets patched quickly, even if it is zero-day, and they provide security advisories on a timely basis every month, so we can upgrade to the latest versions.

In terms of pricing for Palo Alto Networks products, it is generally high, at an eight out of ten on a scale where low is better. They might need to work on pricing to be more competitive, as many customers are offered cheaper alternatives.

Overall, I would rate Palo Alto Networks Advanced Threat Prevention eight out of ten, and I believe they are already working on improving their protection against AI threats, which will be essential in the next two to three years.

A strong point of Palo Alto Networks Advanced Threat Prevention is their product called GlobalProtect VPN. There is a service called HTAP. If you enable this service, there is no other firewall available for this security profile because when you go outside of the computer network, you must connect to the Palo Alto VPN before accessing the internet. This means there will be complete security visibility. That feature is very good in Palo Alto.

If any company is using Palo Alto Networks Advanced Threat Prevention for firewall purposes, GlobalProtect VPN is available. When employees go outside the network from abroad or another country, we can block that computer through the Palo Alto firewall. This is a very good feature because if an employee has left, we can put the laptop in quarantine mode to protect company data.

If you have good knowledge of networking concepts, it is very easy to deploy Palo Alto Networks Advanced Threat Prevention.

If you have Panorama or Palo Alto itself, there is a monitor tab available. If you go to the monitor tab and have good storage on your device, you can see each and every activity.

For government entities, they are not allowing configuration changes. For non-government users, there is a support portal to get the configuration file and upload it to the portal. We can identify misconfigurations and where the loop is very big, so we can get the report and establish it.

In Saudi Arabia specifically, the support service needs improvement. When customers have incidents with Palo Alto Networks Advanced Threat Prevention and want to open a case with the Palo Alto team, the available number in Saudi Arabia leads to a long procedure. They're not able to answer within one or two hours. This needs to be implemented. They may need to open offices in Dubai or other places for Arabic-speaking people to access TAC support.

Neutral

The implementation time depends on the security level for Palo Alto Networks Advanced Threat Prevention. For basic configuration, it takes one to two hours. If you enable security profiles, DNAT services, NATing services, creating loop policy, blocking websites, blocking ports, and enabling TCP ports services, it takes three to four working days.

This depends on the pre-sales skills for Palo Alto Networks Advanced Threat Prevention. If you have good knowledge about the Palo Alto product, we can convince customers about the security level and features.

I handle updates for Palo Alto Networks Advanced Threat Prevention, including content updates, signature updates, and content filtering. I update everything as per Palo Alto recommendations.

I am a Presales Engineer at Saudi Paramount Computer Systems.

My overall rating for Palo Alto Networks Advanced Threat Prevention is 3 out of 10.

Positive

Our company uses the solution for IDS and IPS functionality in the signature phase that includes vulnerability and antivirus plus file blocking in the DLP to some extent. 

The signature feed is sent to the firewall based on a schedule we configure. Intervals can go up to every five minutes where the firewall goes to the cloud to get the latest signature feeds. At the same time, there are mission learning capabilities on the firewall that categorize certain non-threats on ports and protocols as malicious traffic before creating the signature. 

We have 30 to 50 resources that use the solution throughout our company. 

The sandboxing tool offers great prevention for cloud feeds.

The solution is granular and able to recognize more applications with respect to firewall inspection.

The new, advanced URL filtering capability has cloud integration that runs analysis and fetches the latest signature categorization.

The solution is very easy to operate. 

The granularity of the signature could be improved. 

Mission learning techniques on firewalls are good but should continue to expand and detect unknown threats on the fly. The capability seems to be a bit limited on certain types of traffic. 

The solution should include a checkbox to select or bypass the profile on a firewall or policy. 

The option to customize signature fields or allow feeds from other tools or environments would be interesting.

I have been using the solution for five years. 

The solution is stable but could improve. It seems to be how the solution generates signatures because there are sometimes false positives. Signature updates sometimes cause breaks in production traffic. 

The solution is a cloud feed so is scalable. Continued expansion with integrations will allow even more scalability. 

I speak with technical support every day. Support is good with troubleshooting and identifying problems in comparison to other vendors. 

It sometimes takes a lot of time for support to address issues. There is no structure for identifying major issues from more routine issues or taking proper accountability for them. 

I often provide feedback about what can be done better or what features I need. Turnaround for new features takes a lot of time. 

The solution has a one-time setup that is easy. The granularity during cloud setup is very good. 

Custom signatures might require a bit of engineering work but are doable. 

Firewalls automatically get the feed from clouds and dump it to the firewall at intervals ranging from five minutes to 24 hours.

The pricing depends on the hardware or license purchased but is expensive. 

There is an initial investment but the return is good because the solution has many features, is stable, and scales without having to change anything on an existing deployment. 

When considering the value obtained, I rate pricing a nine out of ten. 

The solution's granularity with web URL categorizations and its ability to recognize more firewall applications are better than Zscaler. Threat prevention has very recently been introduced in Zscaler but has a way to go before matching the solution's capabilities. 

CrowdStrike provides more signature granularity than the solution. 

The solution is great and continues to improve so I rate it a nine out of ten. 

Advanced Threat Prevention is used for detecting and preventing mostly unknown attacks. It utilizes machine learning to detect malware in 90% of cases without assistance from the cloud. 

It acts as inline security, stopping malware quickly by utilizing machine learning and other tools from Palo Alto Networks like virus definitions and behavior analysis of applications or files.

Usually, advanced threat prevention is used for detecting and preventing mostly unknown attacks since it uses machine learning, it can, in 90% of cases, detect malware without asking for help from the cloud. It's considered inline security as the malware can be stopped very quickly.

The most valuable feature is its use of machine learning to detect potentially unknown threats. Using various techniques, the system can conclude if there is a malware threat in network traffic. 

It offers inline security, stopping malware quickly without relying on cloud support. Advanced Threat Prevention integrates other tools from Palo Alto like virus definitions and application behavior checking.

All the subscriptions come in bundles, therefore, it is difficult to pinpoint specific areas for improvement. However, there is a potential drawback to the lack of support for the ICAP protocol. Integration using this protocol could make the device work seamlessly with some other solutions.

I have been dealing with Advanced Threat Prevention since it has existed, so I think it is already some two years.

If you are on the recommended version of PanOS, it is stable. However, if you immediately go for a new version or use an older one, instability can occur. It's crucial to follow the recommended versions on Palo Alto Networks' site.

If more throughput is needed or additional users require features like decryption and the current device is insufficient, transitioning to a bigger model is suggested. Palo Alto Networks addresses scalability by offering a range of device models that fit varying business sizes.

The support from Palo Alto is very good. If you run into issues, you just need to follow the rules, and usually, customers don't care about this, leading to potential problems.

Positive

The installation is straightforward. You activate it on a customer support portal by entering the license code. After activation, security rules need to be prepared, and profiles included in the security policies.

The return on investment is significant, with campaigns providing bigger discounts. Customers are happy with the solution and tend to stay with Palo Alto, saving time and money.

The pricing is competitive, and with current campaigns and discounts, it provides an excellent device for a reasonable price.

Overall, I would give the solution a rating of nine out of ten.

The solution could benefit from improved AI analytics to predict potential attacks before they occur, similar to NDR systems. Behavioral analytics and a more intuitive engine could also enhance it further.

While it is a powerful tool, it may have a steep learning curve for new users due to its advanced features and configurations. 

I have worked with Palo Alto Networks Advanced Threat Prevention for about five years.

I rate the platform's stability a ten out of ten. 

I rate the platform's scalability a ten out of ten. 

The initial setup process usually takes a couple of weeks to complete in learning mode, followed by a few days to configure the policies, so the total time could be around two to three weeks.

We provide services as a system integrator.

Despite the platform's high cost, it provides good value for the money due to its comprehensive security features and effectiveness.

Palo Alto Networks Advanced Threat Prevention is quite competitive, offering extensive threat detection and prevention capabilities, though it is priced higher than some alternatives. I would rate the pricing at five.

The platform requires a level of technical proficiency. Initially, we must deploy it in learning mode to understand the environment's workflow and build a baseline. Based on this baseline, we can configure policies to protect the network.

It is an important component for protecting against network attacks. It is a mandatory solution that can be deployed as a license on firewalls, protecting organizations from various threats.

It effectively prevents malware, ransomware, and other attacks. The Advanced Threat Prevention feature has a comprehensive database of attacks and is useful in identifying recent and new threats.

It integrates with firewalls and other network security controls, enriching their capabilities and helping to protect the network by identifying and preventing attacks before they happen.

While the product offers a rich security solution, there is potential for Palo Alto Networks to explore alternative pricing models to make it more cost-effective.

I recommend it to others, especially those seeking a robust security solution.
Overall, I rate it an eight out of ten. 

We use Palo Alto Networks Threat Prevention to check the traffic pattern.

We must analyze the payload's content. We use security policies to inspect the traffic further passing through the firewalls.

We did implement a security policy, but not with Palo Alto; instead, we used Cisco.

And we created the rules with a single credit fund from us. To overcome that data pack, include this in the inclusion policy.

We are currently using the URL filtering feature, which is the most popular. 

We are not implementing the value of service professionals. This is something I intend to propose to use to better implement threat prevention. 

As previously stated, we are not using those advanced features. However, I need to present some use cases to the company in order to convince them that we need to add another layer of security.

We can either enhance the service to match the same level of performance or implement new policies to effectively manage the traffic.

I need to present the use of those use cases. 

Most of the threat defense, and URL filtering that I have used I used in Cisco firewall.

But they are pretty much similar. They use both in city, state, state, and Palo Alto. They use similar architectures.

We are attempting to improve the use of URL filtering beyond threat protection.

I'm not sure what the remaining threat protection features are off the top of my head. But beyond that, we use URL filtering.

We have three approved cases for using external dynamic lists that are stored in a bucket repository. Then, for each URL site that needs to be whitelisted, we add it to the external dynamic list in order to gain access to this email.

I would like Wildfire to be implemented.

We use the equivalent in Cisco is the integration policies. We have the Wildfire but we are not currently implementing it.

We don't have the license to use it, but we are not currently implementing it until we present the use cases that the company gives some value to and they approve the use of it.

I have been using  I will propose the use of that in order to add another layer of security to our network. for five years.

I would rate the stability of Palo Alto Networks Threat Prevention a ten out of ten.

I would rate the scalability of Palo Alto Networks Threat Prevention a ten out of ten.

I would recommend this solution to others who are interested in using it.

I would rate the technical support an eight out of ten. With everything, there is always room for improvement.

I am familiar with Cisco. I have also worked with several Palo Alto solutions, including the 5000, 8000, and firewalls managed by Panorama 6520 and 80.

Palo Alto Wildfire is not yet ready for implementation. We do not have the required license. With the current policy, we will not be implementing Wildfire.

I will propose the use of that in order to add another layer of security to our network.

The initial setup is straightforward. I have experience working with similar technologies, such as Palo Alto, Firepower, and Panorama

The usage of the technology is extremely high at 99.95%. The firepower management center also shares 99% similarity with Palo Alto and Panorama.

Palo Alto is very fast. I have not implemented encryption, so I haven't evaluated that. But it is similar to other technologies, and other vendors. It's a protection feature that would be nice to have and an opportunity to improve.

From one to ten, with one being the most expensive, I would rate the pricing of Palo Alto Networks Threat Prevention a one out of ten. 

It is my understanding that Palo Alto Networks Threat Prevention is the most expensive one.

I would rate Palo Alto Networks Threat Prevention an eight out of ten.

We use the product to protect servers.

Palo Alto Networks Threat Prevention is among the leaders in the Gartner. It is stable and doesn’t have many bugs.

The application’s pricing and dashboard need improvement. It could be user-friendly.

It is a stable product. I rate its stability a nine out of ten.

I rate the application’s scalability an eight out of ten.

The technical support services need improvement in terms of communication. It takes a long time to contact them as we can’t open a case directly; we have to contact our supplier.

We have used Fortinet and Cisco before.

The initial setup is complex compared to FortiGate. Deploying the product on a VM is more complicated than other vendors. It takes three to four days to complete the process and requires eight network security engineers to execute it.

We have installed it in a lab test environment. After this stage, we will propose the solution to our customers. We provide local support and preventive maintenance, including BPA and firmware updates.

The product’s pricing is expensive for small companies.

We have Palo Alto Networks Threat Prevention customers from the corporate, hospitality, banking, and finance sectors. I rate it an eight out of ten because it is complex to integrate with Microsoft AD.

The solution can be deployed on the cloud or on-premise.

Palo Alto Networks Threat Prevention is the market leader as far as security gateways and endpoint protection. Additionally, the threat database that is used is one of the best.

Palo Alto Networks Threat Prevention could improve the commercial offing. Other solutions, such as Fortinet provide better commercial features.

I have been using Palo Alto Networks Threat Prevention for approximately six years.

The solution is highly stable. It is one of the most stable out of the competition.

Palo Alto Networks Threat Prevention is suitable for small to large-sized companies. It scales well.

We have three to four clients using this solution.

The initial setup of Palo Alto Networks Threat Prevention is not as straightforward as its competitors, such as Fortinet and Cisco. It takes more time and skills to implement Palo Alto Networks Threat Prevention.

The time it takes varies on the company and the environment. For example, for a bank or other large institution, the time will increase.

An engineer has to implement Palo Alto Networks Threat Prevention, a Fortinet engineer might not be able to implement this solution.

The price of the solution is higher than others on the market. A price reduction would be beneficial if it does not impact their database quality.

I rate Palo Alto Networks Threat Prevention an eight out of ten.

The tool is a next-generation firewall. We use it to teach students about firewalls.

The user interface is a bit more professional than some free products. Palo Alto also provides virtual machines that support the technology.

The installation was complicated.

I have been using the solution for two to three years.

I rate the tool’s stability a ten out of ten.

I rate the tool’s scalability a seven out of ten.

I have also used pfSense.

The time taken for deployment depends on the complexity of the process.

I use the learning materials that are free of charge.

I am a Palo Alto instructor. I run the firewalls for twenty minutes and then tear them down again. There are other people in the organization who deal with the firewalls 24/7. I don't have enough exposure to give a high score to the product. Overall, I rate the product an eight out of ten.