Palo Alto Networks Threat Prevention Competitors and Alternatives

Get our free report covering Darktrace, Cisco, Forcepoint, and other competitors of Palo Alto Networks Threat Prevention. Updated: February 2021.
464,655 professionals have used our research since 2012.

Read reviews of Palo Alto Networks Threat Prevention competitors and alternatives

TonyMoore
CEO at Virtual Tech Computers Solutions
Real User
Top 20
Sep 27, 2020
Prevent unauthorized use of network resources and integrate branch offices with reliability

What is our primary use case?

Some of our uses for this product are on-premise-based and then some are cloud-based. Mostly, we are cloud-based right now because we are getting away from physical architecture moving forward into the cloud as is Cisco. It allows going from considering CapEx (Capital Expenditure) to OpEx (Operating Expense, Operating Expenditure). That is one of the important things that it allows us to do. It is easier to have solutions cloud-based when it makes sense. All the updates and maintenance get taken care of on their side which is a benefit. On the cloud, we have both public and private services… more »

Pros and Cons

  • "Completely integrates branch offices with perimeter security."
  • "The capabilities for scalability with this product are huge"
  • "Cisco is head-and-shoulders above all of the competition when it comes to technical support."
  • "The pricing is the only con for this product."

What other advice do I have?

My advice to people and companies considering this solution is to just do the research. Do compatibility research to compare with the other solutions that are out there. Definitely make sure that the firewall you choose is designed for your network architecture, application-layer attacks, and virus and worm protection. If that coverage is what you are looking for and you have an analog phone system. You might not be ready to go to VoIP (Voice over Internet Protocol) yet because you do not want to lose the phones that you have got. Some people add to that base as they scale. We can use…
AHmadMhedat
Senior Network Security Engineer with 201-500 employees
Real User
Top 20
Dec 15, 2019
Attack analysis shows who tries to exploit my vulnerabilities

What is our primary use case?

I look at the attack analysis, which shows me which attackers try to exploit my vulnerabilities. I can check the ticket to see if it's blocked or whether it's a false positive. Whatever the case, if it already exists, I will block it. McAfee IPS has a benign engine, so this may not be a target in your environment. If you just prevent attackers from using it, they will try another vulnerability. I have physical routers, but they try to make some novel vulnerabilities. This is not applicable to my environment, so when I see this alert I know it's a false positive not related to my environment… more »

Pros and Cons

  • "The feature I found most valuable is the network threat analyzer in the security platform. It also integrates with GTI, or Global Threat Intelligence. Otherwise, I just use the basic features."
  • "Integration with Global Thereat Intelligence could be better. Also, I think management solutions are end of life now at McAfee. Network threat analyzer may be used for endpoint quarantines. Integration between these sides, as well as endpoint APO, will help you quarantine the risky endpoints."

What other advice do I have?

Don't be afraid to deploy this solution. It is very simple and easy to deploy. I think there is no issue. I tested on the McAfee Network Security Platform. You just need to thinking carefully about attacks to decide if it's a sole attacker or two specific attacks. Use that information to create a decision about what action to take against the attack. Consider whether you want to lock off or block the action. Maybe I can improve myself in some of my web analysis. I read articles to improve my knowledge in this area. This is what I do to improve my experience. I would rate this solution as nine…
GoumouFerdinand
Security Engineer at Socitech SA
Real User
Top 5Leaderboard
Nov 27, 2019
Good functionality and has the possibility to have one manager for other firewalls but stability needs to improve

What is our primary use case?

I work directly with clients, such as financial companies like banks, for example. Most of the time they want they're product to be on their premises, only in their local area.

Pros and Cons

  • "In general, the features are all great. However, if I need to take hardware for ASA, because they need to upgrade to Firepower, we want to create rules. For that, most of the time we go to the command line. Right now Firepower is working really hard on the grid. You can apply all those rules to the grid. Even if you want to monitor the logs, for example, the activity will tell you which particular user has been blocked because of that rule. Firepower's monitoring interface is very good, because you can see each and every piece. ASA also had it, but there you needed to type the command and be under the server to see all that stuff. In Firepower you have the possibility to go directly to the firewall. The way the monitoring is displayed is also very nice. The feature I appreciate most in Firepower is actually the grid. The grid has worked very well."
  • "To be frank, the product is not really stable, although they're working on that. Whenever I go to the technical community with an issue, they will usually say that it is not there yet, but the technical team are working on it. The issues are not insolvable. I think they should just keep working on the product to make sure that the product can become very stable. The technical support is great. I appreciate that. We have a lot of communities supporting Firepower now, so you can find help for whatever issue you have."

What other advice do I have?

I would recommend this solution and give it a rating of seven out of ten. That is mainly because of the expense. I don't know the exact amount, but most of the time when I go to a company with a proposition, they will say, "This thing that you are selling is good, but it's expensive. Why don't you propose something like FortiGate, Check Point, or Palo Alto?" Cisco devices are expensive compared to other devices. If not for that, I would rate it as nine out of ten. Because of the expense, I prefer to give it seven. Most of the time when I lose an offer from this product, it's only because of…
reviewer1083318
Network Infrastructure Program Manager at a non-profit with 1,001-5,000 employees
Real User
Top 5Leaderboard
Jul 14, 2019
Offers valuable SSL decryption, URL filtering, and ITSM inspection features

Pros and Cons

  • "Cisco is number one in the technical support. It's good technical support and this is actually a problem when we do the recruitment for some other products. Other products you are on hold forever and the support might be not the best compared to Cisco."
  • "The file trajectory, the trace in contamination files, could be improved."

What other advice do I have?

The solution is extensively used. We have a policy, from a permission security perspective, that you need to have diversity in the vendors and diversity in the products. We have some areas which are using these products and other areas which is using different products. It's a really good product, but you need to give it some time to form a sort of baseline, before enabling all the features. You need to study the product well because the product will decrease to around 35-40% of the actual product when you start to enable features. Like the application and inspection, the SSL decryption, the…
reviewer1355757
Lead Network Solution Developer at a comms service provider with 1,001-5,000 employees
Real User
Oct 5, 2020
A good and stable product with IPS and URL filtering features

What is our primary use case?

We manage all the IT for airports and airlines. We have some data centers for providing different services, such as tickets, to customers. We use Fortinet FortiGate IPS to secure the environment.

Pros and Cons

  • "It is a good product. It does what we want it to do so. I didn't find many false-positives or things like that. We mainly use the IPS and URL filtering features, and they are pretty good."
  • "They can probably improve the reporting feature. Reporting and report alerting are the main key features of this solution. They can always find ways to improve these."

What other advice do I have?

I'm a part of the team that is testing the Palo Alto solution. We are only responsible for testing to ensure that it matches what we want, but we are not responsible for making the actual decision. Another team will decide which solution to go for based on the contract in terms of money and other things. Technically, either FortiGate or Palo Alto will be able to provide what we want. I would rate Fortinet FortiGate IPS an eight out of ten. It is a good product.
Get our free report covering Darktrace, Cisco, Forcepoint, and other competitors of Palo Alto Networks Threat Prevention. Updated: February 2021.
464,655 professionals have used our research since 2012.