Palo Alto Networks Enterprise Data Loss Prevention Reviews

The primary use case is a part of a complete package for Government of Canada. It helps in comparing data loss prevention against Fortinet, making it a cost-effective solution. It is used in the context of data exfiltration and protecting sensitive data.

The most valuable feature of Palo Alto Networks Enterprise Data Loss Prevention is its comprehensive end-to-end solution in Cloud Delivery Security Services, which includes URL, data loss prevention, and advanced threat prevention as features that can be enabled just by clicking a checkbox. Compared to competitors, these are often additional add-ons, whereas Palo Alto Networks provides a complete solution. The artificial intelligence integration in the product also helps immensely by classifying data, identifying data, and monitoring user access and behavior, thus improving data security strategies.

The product is still overly complicated compared to other vendors such as Check Point, which could be improved. Simplifying the initial setup procedure could also be beneficial as it currently requires professional services.

I have had experience with Palo Alto Networks solutions for about one to two years.

When it comes to customer service and support, connecting with the correct person or level can be hit or miss. Level one support may not always be satisfactory, but once escalated to Level two, it is much better.

I was actually comparing Palo Alto Networks with Illumio and Forcepoint at one point. Palo Alto Networks complements both products in terms of offering complete solutions.

The initial setup can be complicated. It almost requires professional services for the best outcome.

We let Palo Alto Networks do the deployment.

The ROI priority in Government of Canada is in preventing data exfiltration. The data loss prevention allows the discovery and protection of sensitive data, making it a priority one for the government.

Palo Alto Networks' pricing can be complex. Their catalog is extensive. They have a licensing model based on credits for virtual machine firewalls or containers, which simplifies the process, while the hardware firewall pricing is more complicated.

I evaluated Illumio and Forcepoint as alternative solutions.

I would recommend Palo Alto Networks because they provide a complete package where you can enable features as per requirement. I would rate it an eight out of ten. The overall product rating is eight.

I primarily use the solution for three main purposes: one is for fire calling purposes, another is for digital DLP purposes, and the third is for VPN.

The security aspect in finance is crucial for controlling from a DLP perspective and ensuring protection. There is no unauthorized access to the finance network. Data classification is considered and used alongside DNP and role-based access.

There are a lot of problems reported, which get sorted out. I really cannot remember what those problems are. It's mostly performance issues. Performance issues might be based on the pricing, and perhaps the customer has not properly sized the requirement. I have not personally seen this, but maybe I need to check with my committee.

I have used the solution for more than five years.

Everything is fine with stability; that is not an issue. Performance problems might be based on pricing, and perhaps the customer has not properly sized the requirement.

To my knowledge, it is scalable. Up till now, I have not faced any challenges from a scalability perspective.

I have received a mixed reception. Some customers have said it is good, and some expect it to get better than what they are currently experiencing.

Neutral

We need more people, maybe one to three, based on the design. The number needed is based on the volumetric and complexity of what we are implementing.

Pricing is expensive.

I am working with Palo Alto, and all our customers. We provide consulting services, so many of our customers are also working on Alto.  I would rate it between seven out of ten, mainly due to performance issues and pricing.

We use Panorama to push configurations from Panorama to multiple firewalls simultaneously or sequentially, especially if we have a loss of a firewall. This includes protocol, source, and destination specifications for configuring flows from inside to outside.

The primary feature is managing firewalls through Panorama, especially when handling multiple firewalls across different sites like headquarters and remote sites. 

Additionally, the security modules like Data Loss Prevention and antivirus are vital as they integrate into the firewall to protect endpoints. These features are automated via cloud connections to Palo Alto Networks, ensuring up-to-date security signatures.

The configuration for Palo Alto Networks firewalls requires specifying many details, such as protocols and services. It is not the most complicated, but it is time-consuming. Additionally, updating the operating system of the firewall must be done manually.

I can say I have worked with it for one or two years.

Palo Alto Networks is very stable and satisfactory.

I have tested Data Loss Prevention on both Palo Alto Networks and FortiGate firewalls. The primary difference in their databases is that Palo Alto Networks uses its database, while FortiGate uses its own.

The initial setup involves manually configuring the firewall modules. When upgrading older firewall models, the chassis may need replacement, which requires purchasing a new firewall with a license and migrating legacy configurations.

With all necessary models to protect the endpoint, we can save 20% to 30% of the price by not needing another solution.

Palo Alto Networks is very expensive, being the first expensive firewall according to the Gartner program.

I would rate the overall solution eight out of ten.

Our clients primarily deploy Palo Alto Networks Enterprise DLP to control the flow of information in and out of their networks. The main use cases include monitoring and managing sensitive data such as credit card information and personally identifiable information. 

The solution needs improvement in stability. There has been feedback regarding the accuracy of file categorization. 

I have been working with the product for six months. 

The product's technical support is very good. 

Positive

Palo Alto Network products are easy to deploy. You need two to three engineers to deploy it. 

Palo Alto Networks Enterprise Data Loss Prevention is expensive, and licensing costs are monthly. 

I rate the solution a seven out of ten. 

Our primary use case is for blocking credit card numbers. We are PCI-compliant and we use this solution as a secondary control to make sure that credit card information is not coming through our network.

It's deployed on all of our firewalls. We do have some virtual Palo Altos, but this product, in particular, is on-premises.

It's helped us with our compliance requirements.

Also, Enterprise DLP ensures unified data protection policies across our environment, as policies are created once and automatically synchronized everywhere. It requires fewer people to manage it and that is very important because we have a small team for managing security compliance. Having this technology, which makes it easy to manage with administration done centrally, is super helpful. I'm sure it's saving a week's worth of work per month. If we had to manage every single firewall manually, that would be problematic. We would need another person on the team.

It's extremely important to us, for compliance reasons, that the solution discovers, monitors, and protects sensitive data across our cloud apps, networks, and remote workforce. Security compliance is paramount.

Another important feature is that the solution doesn't require any additional infrastructure to implement. It's a software license that is compatible with our existing hardware. We were able to install and configure the product seamlessly and effortlessly.

In addition, the real-time, cloud-delivered updates are very important. We need to keep our products up-to-date and secure.

There is room for improvement in the documentation around the maintenance of the product, how the automatic updates work, and pushing out new policies. A little more detail and context in that area would be helpful.

I've been using Palo Alto products for eight years, and the Networks Enterprise Data Loss Prevention for almost a year.

It's a solid product. We haven't run into any issues.

It seems very scalable. We've added new sites and new companies through acquisitions and we haven't had any issues.

Today, it's only being used for PCI data in our company, but it has a lot of other capabilities, like PII data. We will more than likely expand on its use as we continue to grow our organization and our security compliance needs.

Palo Alto had stellar support, but it's been slipping a little bit recently. Still, their technical support is very easy to engage, and I like the fact that they're based in the U.S. The U.S. support is of a higher caliber. They know the product really well, and they're able to provide great support.

Positive

We used Proofpoint DLP.

The initial setup was pretty straightforward. The pre-configured rules were very helpful, meaning we were able to deploy this solution fairly quickly, and it did not create any issues as it was deployed. In a lot of cases, with this type of product, you get false alarms or false situations but we did not encounter that with Palo Alto Enterprise DLP.

Our implementation strategy was to test it first, before we put it in blocking mode, just to make sure we weren't going to run into any false positives. We have a lot of part numbers that we send through email or through secure channels. We wanted to make sure that we weren't going to run into a lot of issues because a 16-digit credit card can sometimes look like a part number.

There is one person, a security analyst, managing the solution today. The maintenance required on it is nominal.

ROI is hard to measure because it's wrapped around security compliance. ROI would come into play if there were any type of litigation that came up.

The total cost of ownership is good. One of our sister companies does not use Palo Alto, they use a lower-end competitor's product and they were unable to support DLP on their firewall. The actual Palo Alto firewall is like a "Swiss Army knife" because you can bolt-on solutions like this as well as SD-WAN, for example. It's very versatile.

The licensing model is very fair-minded and it's a good value. It scales well. From a licensing-administration perspective, it's very easy for IT to acquire new licensing. Its licensing model is more streamlined when compared to other DLP solutions.

It is licensed per application and per user.

Proofpoint offered a similar solution on their edge, cloud email gateway. It required a lot more care and feeding to get it working and to maintain it, and we encountered a lot more false positives with it.

We also looked at Symantec DLP.

Both those products required a lot more time to deploy, tune, and maintain, compared to Palo Alto. A lot more resources were involved in setting up the other solutions.

Consider this solution. Keep it on your list, do a point of concept, and keep an open mind.

The biggest lesson I've learned from using this solution is that there are easy, cost-effective, cloud-enabled solutions that can solve problems. Palo Alto, as a whole, is an excellent solution. This is just one use case for it. There are many.

I have been using Palo Alto Networks Enterprise Data Loss Prevention to backup all our logs, access, and so on. We also backup every configuration and blocklist as well.

We have about 200 users that go for the device everyday. As a result, we have thousands of logs that we need to check everyday.

It is a stable solution with good support.

You need to have an external solution to backup everything. For example, you need to have Syslog installed on your server as well so that you can back it up to another place.

There is no in-built solution for backup such as the cloud, where we can backup with a license that we can obtain when we re-buy the device.

It is a stable solution.

The technical support is good and interactive.

The initial setup is not really easy. You need to get used to it first. There are some courses from Palo Alto that you need to take first and obtain certification in order to understand every configuration of Palo Alto.

Setup can be done in 30 minutes depending on how much backup is needed.

If you have the Palo Alto support license, you can easily ask questions and get help.

It's expensive. That's why many companies don't like to invest in it.

If you don't have the money, you can use an open source solution that you can easily secure with an open source firewall.

I would rate this solution at eight on a scale from one to ten.

The use case is very simple. So, the DLP platform can target the call center since it also is an application-based solution for the user who can use the privilege of checking traffic. It is possible to manage the object as it changes since each one of these objects is kind of tagged, so it's able to block. This is a big packaging spectrum at the end or part of Palo Alto because this is a typical scenario. I'm talking about my applications that Palo Alto blocks in case of some issues.

For the moment, my customers say that the DLP of Palo Alto is a solution that relies on a third-party agency because DLP is something on which we get the platforms or the platforms to be used in general. DLP is so well integrated into an environment.

I would like the tool to have more support than the other products in the market.

I have experience with Palo Alto Networks Enterprise Data Loss Prevention.

It is a stable product because, in the end, it's a simple feature inside Palo Alto Networks Enterprise Data Loss Prevention.

Its scalability is not on par with the features of others. So, it's a completely different approach compared to others. I don't see any scalability in Palo Alto.

At the moment, we complain because most of the solutions by Palo Alto are managed either by our country or Europe. So, level one, level two, and level three of the support are already supported by us in Europe. So we escalated some issues to the backup by Palo Alto only a few times.

The setup is very easy as we just need to switch on and switch off.

Regarding cost, I would say that it's a single feature on the platform. So it's a license-based solution. It's not a platform. The pricing of the solution depends on the buyers. But, from my point of view, it is in line with the rest of the products and the price list of Palo Alto. With the things that Palo Alto has put in the solution, they have created a bundle. So at the moment,this approach is not the most preferred, especially in South Africa anymore. Because when I sell it, then all the features altogether could be free. I don't have the price of DLP only. I have the cost of the bundle. In the past, the prices were higher than others. But at the moment, it's in line with the other vendors. And it's even cheaper than other vendors. When we consider Palo Alto Networks, we get all the advantages of an enterprise solution. So at the moment, I had cases when I tried to bid against other vendors, I was able to offer much lesser prices than the other vendors.

DLP by Proofpoint is a very, very interesting, and complete solution. So, we could use the DLP by Proofpoint by integrating Palo Alto's platform. In general, the most common integration we have right now.

DLP means the integration of DLP and use internally on platforms or products is a fair enough approach. Considering from a security point of view, I would say security is one aspect that doesn't exist in the solution. 

Automation is already possible in the solution because of machine learning. Automation is one of the strongest points of the solution. Its features cover all the possible areas of intervention.

I rate the overall solution a nine out of ten.