Palo Alto Networks AutoFocus delivers valuable threat intelligence with features like simplified search and alerting, seamless integration into Palo Alto platforms, and advanced threat detection, supporting network security efforts.
| Product | Mindshare (%) |
|---|---|
| Palo Alto Networks AutoFocus | 1.3% |
| Recorded Future | 6.7% |
| CrowdStrike Falcon | 4.5% |
| Other | 87.5% |
Palo Alto Networks AutoFocus provides a threat intelligence service with flexible pricing options tailored for enterprises. Users report that pricing varies based on the scale and specific requirements of the deployment. Basic packages cover essential features, while advanced tiers offer enhanced capabilities and integrations, leading to higher costs. Potential buyers should prepare for costs that align with their network size and security needs.
AutoFocus is recognized for its user-friendly dashboard, facilitating efficient threat detection and intelligence through features like reputation scoring and behavioral analytics. Integration with other Palo Alto Networks tools enhances threat management capabilities. Users highlight a need for more detailed technical documentation and direct integration of threat intelligence feeds. Enhancements in integration with Cortex XDR and zero-day vulnerability coverage are also suggested. Offering managed detection and response features and revising the pricing model can enhance its market position.
What are the key features of Palo Alto Networks AutoFocus?Enterprises in industries such as finance and healthcare often utilize Palo Alto Networks AutoFocus for robust network security. The tool aids in identifying and correlating threats, leveraging integration with Palo Alto products for enhanced monitoring. Unit 42's proprietary intelligence further supports threat analysis, bolstering network security frameworks through efficient data correlation and integration with security playbooks.
Palo Alto Networks AutoFocus was previously known as Palo Alto Threat Intelligence Management.
Telkom Indonesia
| Author info | Rating | Review Summary |
|---|---|---|
| Technical Manager at PSR | 3.0 | I use Palo Alto Networks AutoFocus mainly for threat monitoring and integration with other Palo Alto products, finding it useful and stable, though lacking MDR features and with moderate support; overall, I rate it a six out of ten. |
| Principle Cloud Architect at a tech services company with 11-50 employees | 5.0 | I use Palo Alto Networks AutoFocus for threat intelligence, benefiting from its seamless integration and automatic threat intelligence feeds. Its strong analytics and reputation scoring are valuable, though I prefer an additional intelligence source for zero-day vulnerability coverage. |
| Enterprise Architect at a tech services company with 5,001-10,000 employees | 4.0 | I find Palo Alto Networks AutoFocus valuable for its integration with other Palo Alto products, enhancing security. However, better integration with Cortex XDR is needed. In high-risk environments, the investment is justified despite lacking previous comparisons or specific deployment details. |
| Internship Cybersecurity Engineer at ATOS | 3.5 | I find Palo Alto Networks AutoFocus impressive, especially its advanced persistent threat detection. However, the pricing model and documentation need improvement. Better instructions for configuration and installation would help as the current documentation lacks comprehensive guidance. |
| Consultant at a media company with 51-200 employees | 4.0 | I find Palo Alto Networks AutoFocus valuable for threat intelligence correlation, easily identifying malicious activity using its tags. It's stable and integrates well, though I wish it offered an on-premises version. My setup was straightforward. |
| Senior Staff Security Engineer at a renewables & environment company with 1,001-5,000 employees | 4.0 | I use AutoFocus daily for valuable threat alerts and playbook integration. It's stable, scalable, and support is good. My main improvement wish is for it to automatically handle verdict changes for 'gray' items. |
| Pre-sales Engineer at VFM Systems And Services | 4.0 | I find AutoFocus a stable, scalable threat detection tool with an excellent dashboard and easy setup. However, I desire more detailed technical documentation and it seems to run slowly. Overall, I rate it an 8/10. |
I use Palo Alto Networks AutoFocus for threat monitoring, and it is provided by the OEM itself.
I use the threat data correlation feature, which correlates with Cortex.
We can use it for data correlation, but we are mostly using a third-party solution for correlation.
Palo Alto Networks AutoFocus has had a positive impact on my company as we can reduce the cost for the SOC investment, and we can also get good feedback on how to strengthen our network from the expertise people available.
Without a dedicated SOC team, I find that most of the advantages come from the OEM itself.
For integrations with other Palo Alto products including Next-Generation Firewall and Cortex XDR, the integrations are easy and satisfactory.
Regarding integration, I don't have any issues with user-friendliness.
Some customers require the tagging and custom export features because troubleshooting is very easy for tagging. Different colors for tagging everything are a useful feature.
The search capabilities are satisfactory, and we are getting detailed reports from the search, which is fine compared to other firewalls.
The search for granular investigations works effectively.
I feel that Palo Alto Networks AutoFocus can improve, especially since most of the OEMs are implementing MDR, Managed Service feature, which is still not available with Palo Alto.
The MDR feature is the only aspect that bothers me today, as other OEMs such as Sophos are analyzing Palo Alto and providing recommendations on strengthening that part. Additionally, the earlier complimentary BPA practice assessment has now become chargeable, which means we cannot assess the posturing of our firewall.
They are providing a solution, but a separate license is required for the BPA.
I have been dealing with products for about 11 years, and for the last five years I have specifically worked with Palo Alto Networks AutoFocus.
The flexibility of deploying Palo Alto Networks AutoFocus in both cloud and on-prem environments is not an issue; we can deploy it without any problems.
The solution is both scalable and stable.
It is scalable.
I would rate technical support for Palo Alto Networks AutoFocus five out of ten. This is primarily due to the response time, which is the main problem.
Neutral
I haven't worked with similar products from Cisco or Fortinet. Palo Alto Networks AutoFocus is the only product for this use case that I've been dealing with.
For ROI, I can give a rating of seven or eight. We can say there is about a 25% saving.
Palo Alto Networks AutoFocus is not affordable.
Other OEMs provide similar functionality, but those are handled by a separate team.
As a partner with Palo Alto Networks, my email is Sarvajit at bsrgroup.in. My job title is Technical Manager.
I confirm that we will publish these reviews on peerspot.com in written or audio format, which can be available to other people, but I can stay anonymous if I wish, and I will get notifications, while the use of the review is subject to PeerSpot's terms of use, accessible at peerspot.com/tos.
If Palo Alto has questions or comments about my reviews, they can reach me via email to confirm something. I am interested in being a reference for Palo Alto.
The solution is also for enterprise customers only.
I see some AI capabilities, such as machine learning, integrated into Palo Alto Networks AutoFocus. ML is present along with behavior analysis, and that is common among all the OEMs nowadays.
On a scale from one to ten, I rate this solution a six.
Positive
The tool along with other suite of products provides us with threat and alert information.
The solution has provided us with a centralized dashboard for reporting threats and anomalies.
I am impressed with the tool's integration of Palo Alto products which serves as a platform for security.
I would like the tool to see more integration with Cortex XDR. There is no real reason to keep them separate.
I have been using the product for six years.
I would rate the tool's stability a ten out of ten.
The solution is a cloud service hence pretty scalable. I would rate its scalability a ten out of ten.
The tool's tech support is not bad.
Positive
The product's initial setup was straightforward.
The solution is worth its money in a high risk environment.
The solution is reasonably priced.
I would rate the product an eight out of ten.
I use the Firewall version. I create and correct rules, and configure networks. I also handle logs.
We have rules, monitoring capabilities, and the ability to add devices. These devices are our own equipment or appliances. The solution helps us show logs and provide firewall functionality.
The logs are particularly useful. The feature helps block traffic from the Internet.
I find its performance to be very impressive. Palo Alto is a leader in security, and we have the most technology in cybersecurity. We have advanced persistent threat detection (APC) and various other features that are highly beneficial.
There is room for improvement in the pricing model.
For additional features, maybe Palo Alto could improve their documentation. It would be helpful to have better documentation for configuring and installing the solution. Currently, the documentation is not very comprehensive, and there isn't much information available. Sometimes it's difficult to understand how to use it.
I have been working with it for four months.
I would rate the stability an eight out of ten.
I would rate the scalability an eight out of ten. In my organization, there are a lot of customers who use this solution on their network. We use it extensively in our organization. Moreover, we plan on increasing further usage.
The initial setup is good. Installation wasn't difficult, but it's challenging to have a truly enjoyable experience. For instance, there is no free trial available for testing purposes.
I would rate it a five out of ten. It took only one day to deploy the solution.
The deployment was solely done in my lab environment. Our team took care of the process. I believe that configuring the network for internet access and establishing necessary security measures are the most crucial steps. We need to configure everything, such as IPSec and firewall rules.
Now, it's only me who handles both the deployment and maintenance.
It is expensive. I would rate it a seven out of ten, where one is a low price, and ten is a high price. There are no additional costs.
Overall, I would rate the solution a seven out of ten. It is a good product and has all the necessary functionalities.
We have our sorting in-house. If any kind of alert has been identified, they will cross-check with the feed in AutoFocus. They will do the correlation, manual correlation, in the case of a known feed or known intelligence. So, they will identify whether any malicious activity is going on through the AutoFocus portal.
I've found the correlation itself to be valuable, not the filter or data feed from the Palo Alto firewall or Palo Alto Networks products, which has a feed or intel from Windows, which has feeds from Symantec and many other security products.
They have their own Unix team who do the research, and they list and give us a specific tag. For example, let's say there is a ransomware attack that's still happening in India, and the source country is or the source attackers are from Russia. They will create a specific hashtag, and we can search for the hashtag. So, it is very easy and playful to sort, identify, and search for the tags.
We have had no issues with stability.
It must be on-premises as well; it must have a server on-premises. It is a completely cloud-based product at present.
I've been using Palo Alto Networks AutoFocus for more than 12 months.
It is stable, and we have never faced any downtime or issues with stability.
We have around six users who access Palo Alto Networks AutoFocus.
The initial setup was straightforward.
It integrates well with other solutions and provides good threat intelligence in terms of external threats. I would rate Palo Alto Networks AutoFocus at eight on a scale from one to ten.
We are using AutoFocus with my playbooks. We use it on a daily basis.
We receive alerts on the Playbook. We receive alerts for threat intelligence, malware alerts, and virus alerts.
We use Autofocus to check if the verdict is benign malware.
All playbooks are on AutoFocus. We don't log in, it gives us access.
The most valuable feature is alerting. If you have had an incident, it tells you if it is malware.
It's easy to use and it implements well.
At times in AutoFocus, when you have a homegrown application or you check another threat intelligence feed, it's not malicious but is still categorized as gray. We need to request a change in the verdict, AutoFocus then deals with it and sends us an update that it is benign for us.
It would be better if they used the threat intelligence feeds directly from their side and changing the verdict instead of us requesting it.
I have been using this solution for a couple of years.
We are using the most up-to-date version.
The stability is good.
It's a scalable solution. It integrates well with Playbooks.
We always deal with Tech support. Their technical support is good. They are knowledgeable and responsive.
The initial setup was done and in place before I started.
We have a team of six security engineers to maintain this solution.
It's a very good solution. it identifies critical attacks and alerts you. If it's malicious, it tells you, or if it's in a gray area, if it's in the malware category or if it's benign.
If it's benign then you don't have to worry. If it's malware then it's worrisome for the security team and we need to run checks and take action immediately.
I would rate Palo Alto Networks AutoFocus an eight out of ten.
We are a solution provider and this is one of the products that we implement for our clients. It makes up part of their network security, helping them to detect threats.
autofocus help our customer to prioritize and identify related IOC of a threat or malicious content
The feature that I like best is the dashboard. The interface is good.
I would like to have more technical documentation that contains greater detail on the types of threats that are occurring. Examples of things that I would like more technical details about are specific malware and APTs.
This solution seems to run slowly, although I haven't used another similar solution that I can use to compare it.
I have been using AutoFocus for almost a year and a half.
This is a stable solution.
Scalability has not been an issue for us. I have two customers using this solution and there are perhaps ten people using it. These are enterprise-level businesses.
I am satisfied with the technical support.
Prior to Palo Alto AutoFocus, I did not use another solution.
It is very easy to install and set up AutoFocus. Deploying it, including the licensing, may take an hour or two.
As its a saas model implementation/integration is very easy.
My advice to anybody who is considering this solution is to look at a demonstration of its use. I don't think that a proof of concept is necessary because there are not many things to evaluate. Rather, a demo should be sufficient to see if it meets the requirements.
I would rate this solution an eight out of ten.
