We just raised a $30M Series A: Read our story

Palo Alto Networks Threat Prevention OverviewUNIXBusinessApplication

Palo Alto Networks Threat Prevention is the #9 ranked solution in our list of top Intrusion Detection and Prevention Software. It is most often compared to Darktrace: Palo Alto Networks Threat Prevention vs Darktrace

What is Palo Alto Networks Threat Prevention?

Threats do not discriminate between application delivery vectors, requiring an approach that has full visibility into all application traffic, including SSL encrypted content, with full user context. Threat Prevention leverages the visibility of our next-generation firewall to inspect all traffic, automatically preventing known threats, regardless of port, protocol or SSL encryption.

Buyer's Guide

Download the Intrusion Detection and Prevention Software (IDPS) Buyer's Guide including reviews and more. Updated: October 2021

Palo Alto Networks Threat Prevention Customers

University of Arkansas, JBG SMITH, SkiStar AB, TRI-AD, Temple University, Telkom Indonesia

Palo Alto Networks Threat Prevention Video

Archived Palo Alto Networks Threat Prevention Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
SA
Consultant at a tech services company with 201-500 employees
Consultant
A scalable, stable solution that has effective suspicious IP protection

Pros and Cons

  • "With the IP address flag, I was able to see that I was being hacked. The moment there was an interaction between somebody on my network and that IP, the solution was able to flag it, and we were able to protect ourselves."
  • "Sometimes when you want to group a set of ports, and communicate with Palo Alto, you cannot group TCP and UDP ports together. This needs to be adjusted."

How has it helped my organization?

There have been updates to the solution recently that have ramped up protection. Before this, we had a lot of hacks on the network, specifically in the cloud environment. After the proper implementation of that product, we've not had one hack attempt. The last six months have been very good.

What is most valuable?

The solution offers a feature to show which traffic is the highest on the network, and which traffic is the lowest. There's also a feature that scans incoming and outgoing traffic, and one feature that is able to flag a suspicious IP address. These are all valuable features. With the IP address flag, I was able to see that I was being hacked. The moment there was an interaction between somebody on my network and that IP, the solution was able to flag it, and we were able to protect ourselves.

What needs improvement?

The solution needs to improve Reverse DNS functionalities.

Right now, when you check the IP address, it tells all. It assumes that that IP address is locally available on the inside. When the request is going back to me it's supposed to do what we call rights. Instead of giving me the public IP address in my response, it's supposed to give me the private IP address or the local IP address so that I can reach the device locally. That's the challenge right now.

Sometimes when you want to group a set of ports, and communicate with Palo Alto, you cannot group TCP and UDP ports together. This needs to be adjusted.

For how long have I used the solution?

I've been using the solution for five years.

What do I think about the stability of the solution?

The solution is stable.

What do I think about the scalability of the solution?

The solution is quite scalable.

How are customer service and technical support?

Apart from software updates, we've not had any reason to reach out to technical support, so I don't have much experience with them.

Which solution did I use previously and why did I switch?

We've previously used Cisco, Salesforce, and Fortinet. We last used Salesforce, and we mainly switched due to the cost of the solution.

How was the initial setup?

The initial setup is straightforward.

What about the implementation team?

We handled the implementation ourselves.

What other advice do I have?

We use both the cloud and on-premises deployment models.

I'd rate the solution eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
MV
Network Administrator at a healthcare company with 201-500 employees
Real User
Top 5
Easy to install, use, and manage, with extended trial-license options available

Pros and Cons

  • "The most valuable features are the simplicity, transparency, and overall ease of management."
  • "The price of licenses should be lowered to make it less costly to scale our solution."

What is our primary use case?

We use this solution for the security of our organization. It protects the LAN and WAN traffic.

We have two boxes that have this solution for threat prevention. Some of our servers also have Palo Alto agents installed on them. 

We have an on-premises deployment.

What is most valuable?

This solution has more than just the threat prevention by itself. It's also a Firewall and many other components.

The most valuable features are the simplicity, transparency, and overall ease of management.

What needs improvement?

The price of licenses should be lowered to make it less costly to scale our solution.

I would like to see consolidated licensing for on-premises solutions. This would give us all of the features available for the one box.

For how long have I used the solution?

We have been using this solution for ten years.

What do I think about the stability of the solution?

This is a stable solution, and we have not had any issues.

For ten years we have had a high-availability network. There have been outages as the result of power, or our network, but nothing that is a result of this solution.

What do I think about the scalability of the solution?

Scalability is not a problem from a technical standpoint. However, the price of this solution makes it hard to scale.

We have approximately one thousand users.

How was the initial setup?

The initial setup was simple, but it's been ten years since then and we have grown. The migration has also been simple and straightforward.

You can have a network with thousands of machines with only a few security rules to migrate, or you can have a network with only a few machines and thousands of security rules that make it difficult to migrate.

What's my experience with pricing, setup cost, and licensing?

If you want to have all of the good features then you have to pay extra for licensing.

What other advice do I have?

Security in business is an important issue. There is a difference between the quote and the end price of the end product. Some vendors are impressed with the numbers they see on paper, then they start to use it and compare it and assess the ratio between the quote, security, and final price of the end product. It is important to consider the people who will maintain the solution. For example, if you don't have a large team in your organization, then one person is tasked with several duties, as opposed to having several departments with equal responsibilities. These are all things to consider when it comes to security.

Sometimes, when you have more than one security product running, they fight with each other and it can make things difficult. In the case of this solution, things have been very smooth.

So far, there have been no security issues and we are absolutely happy with Palo Alto Networks.

It is easy to test out a trial version, but there is a problem with that. In my experience, after paying for the solution, it takes time to get to know it. There are complex things that may take half a year to understand how they work. In some cases, it is simple testing at the beginning, but over time you might find problems. With Palo Alto, you can ask for extended trial licenses, which is not something that you get from a lot of vendors.

I have spent a lot of time in IT and I know that there is no such thing as an absolutely perfect solution. This one is easy to use and works well in our organization, but it might not be as suited to another organization. This is a product that I recommend, although it depends on the environment. Every product has pros and cons. Good planning and good testing is the best way to choose the product that best suits you.

I would rate this solution a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Find out what your peers are saying about Palo Alto Networks, Darktrace, Trend Micro and others in Intrusion Detection and Prevention Software (IDPS). Updated: October 2021.
543,089 professionals have used our research since 2012.
TS
Managing Director at Teceze
MSP
The malware protection feature saves us a lot of time

Pros and Cons

  • "I find the malware protection very handy."
  • "I think they can use some improvement on FID."

What is most valuable?

I find the malware protection very handy. The solution has many features that save me time. 

What needs improvement?

I think they can use some improvement on FID. There are lots of false positives and those can be eradicated. Sometimes you can't identify a 10-year-old doc, but they can probably update those signatures and false positives, so it would be helpful and save us a lot of time. 

For how long have I used the solution?

I have been using the solution for five years now.

What do I think about the stability of the solution?

I think the stability can improve.

How are customer service and technical support?

We haven't used the technical support yet because we have our own team of experts.

How was the initial setup?

We used an expert to help us with the initial setup and installation.

What's my experience with pricing, setup cost, and licensing?

It is an expensive solution and I would like to see a drop in price.

What other advice do I have?

On a scale of one to ten, I rate this solution a nine. In the next version, I would like to see a drop in price and more stability.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
VG
Network Security Engineer at Mauritius Telecom
Real User
Excellent application control and vulnerability protection but it's a very expensive solution

Pros and Cons

  • "The application control and vulnerability protection are the most valuable features."
  • "The solution needs to improve its local technical support services. There is no premium support offered in our market."

What is our primary use case?

The primary use is for application control and encryption.

What is most valuable?

The application control and vulnerability protection are the most valuable features.

What needs improvement?

The IPS can be improved on the solution.  The itineration, for example. Also, if additional features, like SD Wan, etc. can be added. This would be helpful.

Other additional features that could be added include Individual Traps. In terms of enhancement for overall protection, we would like more Traps or other solutions that are developing within the firewall.

The solution needs to improve its local technical support services. There is no premium support offered in our market.

For how long have I used the solution?

I've been using the solution since 2008.

What do I think about the stability of the solution?

The solution is very stable. We've used it a number of years and never had any problems. However, only just recently, we found a bug on the model 2220. Other than that, the solution is quite stable.

What do I think about the scalability of the solution?

The scalability of the solution is very good. In our company, we have about 2,000 users.

How are customer service and technical support?

Technical support is okay, but we have an issue here in terms of local support and company support. Palo Alto doesn't provide premium support directly. It forces us to use third-party support and local distributors. Sometimes it's difficult for us to communicate and get support.

How was the initial setup?

One of the reasons that our clients choose Palo Alto is because they have complex networks, therefore the setup is typically also complex.

What's my experience with pricing, setup cost, and licensing?

Compared to other security offerings, Palo Alto is very expensive. Palo Alto also doesn't offer many discounts. They may discount as much as 15%. However, in comparison, Cisco can give a discount of up to 85%.

What other advice do I have?

We work with the public and private cloud as well as the on-premises deployment models. Our role is to implement security solutions at our customer's premises. The deployment depends on the infrastructure.

I would rate the solution seven out of ten. As a next-generation IPS, it's a very good firewall. I would recommend it.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
ITCS user
Consultant at a aerospace/defense firm with 501-1,000 employees
Consultant
An excellent firewall with an easy setup and good stability

Pros and Cons

  • "The initial setup was straightforward. It's quite easy. Deployment took one to two weeks."
  • "It's not so easy to set up a test environment, because it's not so easy to get the test license. The vendor only gives you 90 days for a test license; it's a tough license to get."

What is our primary use case?

We primarily use the solution as a firewall.

What needs improvement?

It's not so easy to set up a test environment because it's not so easy to get the test license.

The vendor only gives you 90 days for a test license; it's a tough license to get.

For how long have I used the solution?

I've been using the solution for two to three years.

What do I think about the stability of the solution?

The stability of the solution is quite good.

What do I think about the scalability of the solution?

So far, scalability is okay, but you don't really need too much scalability in a firewall solution.

How are customer service and technical support?

Technical support is good. We do get some support from the reseller.

Which solution did I use previously and why did I switch?

We do have other solutions that we run in parallel, but it isn't like we had one solution and then we switched to Palo Alto.

How was the initial setup?

The initial setup was straightforward. It's quite easy. Deployment took one to two weeks.

What's my experience with pricing, setup cost, and licensing?

The pricing is a bit higher than the competition, but it's okay. The cost seems cheaper than Cisco's Firepower.

What other advice do I have?

We use the on-premises deployment model.

The solution is very good, especially compared to other solutions. I would rate it nine out of ten. It also offers re-instruction detection and prevention software, which we also use in conjunction with the Threat Prevention solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
it_user810594
Information Security Specialist at a comms service provider with 1,001-5,000 employees
Real User
Valuable next generation firewall features

What is our primary use case?

Our primary use case for Palo Alto Threat Prevention is related to the placement of files in a laboratory test environment. We use Palo Alto Threat Prevention for network testing.

How has it helped my organization?

I can't give an example of how Palo Alto has improved our organization because we are using this product in test networks.

What is most valuable?

The most valuable feature of Palo Alto Threat Prevention for our company is the next generation firewall.

What needs improvement?

The organization mail security solutions could be improved. There is no mail security solution available.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

Palo Alto Threat Prevention is…

What is our primary use case?

Our primary use case for Palo Alto Threat Prevention is related to the placement of files in a laboratory test environment. We use Palo Alto Threat Prevention for network testing.

How has it helped my organization?

I can't give an example of how Palo Alto has improved our organization because we are using this product in test networks.

What is most valuable?

The most valuable feature of Palo Alto Threat Prevention for our company is the next generation firewall.

What needs improvement?

The organization mail security solutions could be improved. There is no mail security solution available.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

Palo Alto Threat Prevention is naturally stable in operations.

What do I think about the scalability of the solution?

I don't see a problem with Palo Alto Threat Prevention in scalability. Because it's a testing product for use it only for test alignment.

We have maybe 10 or 12 engineers dedicated to the solution. Only engineers are using this product. For deployment and maintenance, only one staff.

We use Palo Alto Threat Prevention just for testing.

How are customer service and technical support?

Palo Alto's technical support is very good.

How was the initial setup?

The setup of Palo Alto Threat Prevention is very easy and straightforward. From initial configuration to deployment, it took maybe one day.

What about the implementation team?

We did not use an integrator, re-seller, or consultant for the deployment.

What other advice do I have?

I would rate Palo Alto Threat Prevention a nine out of ten overall. I would prefer better mail security features.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
SHAIKAHMED
Head Of Information Security at SAUDI PARAMOUNT COMPUTER SYSTEMS
Real User
Total Solution for Content Filtering & Intelligent Firewalls

Pros and Cons

  • "Most of the features of Palo Alto Threat Prevention are alright. I recommend features like content filtering, IP address, & intelligent firewalls. The reporting feature is very good."
  • "Generally, to deploy it will take some downtime, about a day."

What is our primary use case?

For a total overall solution, Palo Alto Threat Prevention can satisfy most of your needs as a company. Right now, we are implementing Cisco ASA and renewing our Palo Alto license.

How has it helped my organization?

All of the Palo Alto Threat Prevention functions are good. We feel like the product is comfortable to use and is what it should be. 

Palo Alto Threat Prevention is recommended for large enterprise organizations and SMEs. We have good results on our follow up calls with clients using the software.

What is most valuable?

Most of the features of Palo Alto Threat Prevention are alright. I recommend features like content filtering, IP address, & intelligent firewalls. The reporting feature is very good.

What needs improvement?

In most areas, Palo Alto Threat Prevention is a fine choice. The application is very good. The most important feature we find to be the NCR Reader. It is best for application security. I don't know how they could improve it more. The application is already working fine with good results. 

Support is really good with Palo Alto and we are resellers of the software to our customers. They will let us know how they find it valuable after we implement it. Most of our customers have found Palo Alto Threat Prevention very good to use. We have a number of customers in the market. Everybody is happy with the product. Overall, Palo Alto Threat Prevention doesn't need much more. From a general point of view, you get everything. If it is content filtering, it should be no problem.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

The stability of Palo Alto Threat Prevention is very good when compared to Cisco.

Generally, to deploy it will take some downtime, about a day. For customization, it will take you a little more time. For the maintenance, around one week. It depends on the project.

For most projects, I have around three people dedicated to product support and maintenance.

What do I think about the scalability of the solution?

The scalability of Palo Alto Threat Prevention is very good. For most of the requirements, we find it very easy to implement and deploy.

We have about 20,000 users on Level One, 80 agents at Level Two, and around 30 big operations on Level Three.

How are customer service and technical support?

For me, Palo Alto Threat Prevention customer support is very good. I am happy with the technical support from Palo Alto.

How was the initial setup?

We just replaced a firewall, so we didn't find the setup to be complex. We have network rules to convert. For the rules and connections, we use tools from Palo Alto to convert them.

We implement the firewall setup for our customers. It generally takes a little bit of time, i.e. one or two weeks to customize the policy that they use. 

The old rules we can remove with Palo Alto Threat Prevention, which is nice.

What's my experience with pricing, setup cost, and licensing?

We take licensing on a yearly basis. Palo Alto provides a straightforward cost structure on the annual plan.

What other advice do I have?

If you are a first time user, you should be pretty pleased with it. I would rate Palo Alto Threat Prevention a nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Ang Sokroeurn
Information Security Officer at National Bank of Cambodia
Real User
Protects us from cyber attacks and malware

What is our primary use case?

We use the firewall in the network.

How has it helped my organization?

It protects us from cyber attacks.

What is most valuable?

One of the most valuable features is the anti-malware protection.

What needs improvement?

Right now we are focusing on email. If Palo Alto can increase the features related to email filtering and the new malware, it would help us protect our systems.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

I think the stability is better than Fortinet or Check Point

What do I think about the scalability of the solution?

The scalability is there, for an enterprise network or a big company. It's good. It can support many endpoints and servers. We have over…

What is our primary use case?

We use the firewall in the network.

How has it helped my organization?

It protects us from cyber attacks.

What is most valuable?

One of the most valuable features is the anti-malware protection.

What needs improvement?

Right now we are focusing on email. If Palo Alto can increase the features related to email filtering and the new malware, it would help us protect our systems.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

I think the stability is better than Fortinet or Check Point

What do I think about the scalability of the solution?

The scalability is there, for an enterprise network or a big company. It's good. It can support many endpoints and servers. We have over 2,000 users, most of them are end-users.

How are customer service and technical support?

Technical support is good. There are no problems with it.

Which solution did I use previously and why did I switch?

Before, we used Fortinet and Check Point.

How was the initial setup?

The setup is neither complex nor easy. We worked with the vendor and they have more experience than us. For the PoC they did the configuration for us and we were able to learn from them.

Our deployment took about two months.

What's my experience with pricing, setup cost, and licensing?

It's not too expensive. It's a more powerful tool for IT companies that need a next-generation tool.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
JB
General Manager at a tech services company with 11-50 employees
Reseller
Enables us to control the amount of bandwidth an application is allowed to consume and is extremely scalable

Pros and Cons

  • "It's a monster, it's got so many beautiful features. We do deal with other firewalls and we've got a better idea of what other firewalls' capabilities are, any comparison with the Palo Alto I liked the quality of service on the applications that you can control the amount of bandwidth an application is allowed to consume. The best feature is the quality of the application quality of service."
  • "In Africa, the technical support is probably not as good as in Europe and the USA because it's a specific premium support, partner-enabled premium support and all of that. But it's really good, I don't really have any complaints, it's fairly good. I'll give them 80%."

What is our primary use case?

We are resellers of this solution so we facilitate technical services to our clients. We maintain Palo Alto for what we are responsible for maintaining, on the latest version of the software.

What is most valuable?

It's a monster, it's got so many beautiful features. We do deal with other firewalls and we've got a better idea of what other firewalls' capabilities are. In any comparison with the Palo Alto, I liked the quality of service on the applications that you can control the amount of bandwidth an application is allowed to consume. The best feature is the quality of the application quality of service.

What do I think about the stability of the solution?

We haven't had any stability problems. Maybe once or twice the cache was released fairly quickly. There were no stability issues.

What do I think about the scalability of the solution?

There isn't a firewall on earth available at the moment that's more scalable than Palo Alto. It's in the tens of thousands. We are servicing clients and we tally all the users from those clients together and it's in the tens of thousands, maybe hundreds of thousands. We are a reseller, so I can only speak in terms of our clients. We have at least tens of thousands of users. Palo Alto is the most scalable firewall out there by far.

How are customer service and technical support?

In Africa, the technical support is probably not as good as in Europe and the USA because it's a specific premium support, partner-enabled premium support and all of that. But it's really good, I don't really have any complaints, it's fairly good. I'll give them 80%.

How was the initial setup?

One of the reasons we chose the Palo Alto firewall is because it's probably one of the simplest firewalls to set up, it's very intuitive. We've done probably around 50 deployments and depending on the size and scope it takes around five hours but sometimes an implementation could take five months. It's very difficult to say how long it takes, but if you compare it with other firewalls, the implementation cycles of Palo Alto beat them hands down.

What's my experience with pricing, setup cost, and licensing?

The pricing and the licensing are pretty competitive at this stage. As a reseller, I would like to see the price come down a little bit so I can compete better against other firewalls because we do that all the time. Especially on these smaller firewalls and so on, we need to be a bit more competitive. Palo Alto is a company that focuses more on the high endS, high-speed class type of massive organizations and firewalls and so on, which is why they are the most scalable firewall. In Africa, the organizations tend to be smaller than you would get in Europe, the USA, China and those types of places so we tend to sell more of the smaller firewalls. Palo Alto's smallest firewall at this stage is very expensive which makes it difficult, but then again it's just not the area that they're really playing in. It still outperforms any of the other firewalls.

What other advice do I have?

It's a brilliant product, we periodically look at several other firewalls to stay on top of their capabilities and so on, and it's the best bang for your buck that you can get. Some of the other firewalls are starting to catch up. I implemented a baby, which could be regarded as a baby Palo Alto firewall. We pushed through in a single day with everything switched on, all the capabilities switched on, we pushed through 4.3 terabytes of data per day. Which is phenomenal for such a baby, little firewall, with all the capabilities switched on, it's absolutely mind-boggling that it handled that, and it did. It was at a university that we implemented it. 

The advice that I would give is to partner with somebody that has the necessary skills to implement it. Buy from somebody that has proven skills to implement the product because if you don't have a partner to implement the product, that knows the product, and is qualified, it's pretty useless buying the product.

I would rate this solution a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
RA
Module Lead
Real User
A stable product that can alert you quickly to firewall threats

What is most valuable?

Its Wi-Fi feature actually attracted me a lot. Also, sandboxing can be done.

How has it helped my organization?

Basically, on the server side, it alerts me to threats. We are working to begin reporting on this. It affects me a lot. 

What needs improvement?

Some bugs, which will be rectified by Palo Alto in the next update.

For how long have I used the solution?

Almost one year.

What do I think about the stability of the solution?

No issues. I do not have issues with stability.

What do I think about the scalability of the solution?

For my organization, there is more than enough scalability for me. It is good for me. Exactly what I want.

How are customer service and technical support?

Their support is very good. For some features, which I don't know. I used to address these with the technical guys. They support me very well on this. 

Which solution did I use previously and why did I switch?

I used to use ASA, which is now owned by Cisco. I feel Palo Alto is more advanced and has better features than ASA. 

How was the initial setup?

It is not very complex, actually. Firewalls can handle it. 

Which other solutions did I evaluate?

Yeah, I checked out other products, like Fortigate and Firepower. When we compared Palo Alto and FortiGate, the word from the community, which I came to know, was FortiGate was not stable. Though Palo Alto is slower than Fortigate. When we consider the long-term brands, Palo Alto is much more stable than Fortigate. 

What other advice do I have?

It is one of the best services out there. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Intrusion Detection and Prevention Software (IDPS) Report and find out what your peers are saying about Palo Alto Networks, Darktrace, Trend Micro, and more!