There is room for improvement in the pricing model. 

For additional features, maybe Palo Alto could improve their documentation. It would be helpful to have better documentation for configuring and installing the solution. Currently, the documentation is not very comprehensive, and there isn't much information available. Sometimes it's difficult to understand how to use it.

At times in AutoFocus, when you have a homegrown application or you check another threat intelligence feed, it's not malicious but is still categorized as gray. We need to request a change in the verdict, AutoFocus then deals with it and sends us an update that it is benign for us.

It would be better if they used the threat intelligence feeds directly from their side and changing the verdict instead of us requesting it.

I would like the tool to see more integration with Cortex XDR. There is no real reason to keep them separate. 

I would like to have more technical documentation that contains greater detail on the types of threats that are occurring. Examples of things that I would like more technical details about are specific malware and APTs.

This solution seems to run slowly, although I haven't used another similar solution that I can use to compare it.

It must be on-premises as well; it must have a server on-premises. It is a completely cloud-based product at present.