Amazon Web Services offers AWS WAF (web application firewall) to protect web applications from malicious behavior that might impede the applications functioning and performance, with customizable rules to prevent known harmful behaviors and an API for creating and deploying web security rules.
$0.60
per 1 million requests
Palo Alto Panorama
ScoreĀ 8.5Ā outĀ ofĀ 10
N/A
According to the information provided by the vendor, Palo
Alto Panorama is a network security management solution that intends to
simplify and enhance cybersecurity processes for businesses. The product's
primary objective is to offer various features, including unified policy
management, centralized visibility, automated threat response, simplified
configuration, unrivaled scalability, and rapid security adoption. It claims to
assist organizations in efficiently managing their firewalls andā¦
$9,500
Pricing
AWS WAF
Palo Alto Panorama
Editions & Modules
Resource Type - Request
$0.60
per 1 million requests
Resource Type - Rule
$1.00
per month (prorated hourly)
Resource Type - Web ACL
$5.00
per month (prorated hourly)
25 Devices
$9,500.00
100 Devices
$23,750.00
1000 Devices
$71,250.00
Offerings
Pricing Offerings
AWS WAF
Palo Alto Panorama
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
ā
ā
More Pricing Information
Community Pulse
AWS WAF
Palo Alto Panorama
Features
AWS WAF
Palo Alto Panorama
Firewall Security Management
Comparison of Firewall Security Management features of Product A and Product B
Well Suited: 1. To prevent DDOS attacks: AWS WAF has a lot of managed rules to prevent DDOS attacks based on traffic origination from a particular IP or IP reputation etc. 2. To rate-limit requests: Well it sounds familiar like preventing DDOS attacks, but it can also be used to rate-limit requests originating from the same IP address. We have used this feature so that we can test multiple failure scenarios for our application. 3. To prevent Data crawling: The BOT control feature allows us to prevent BOTs from crawling data on our websites. Not Suited: 1. To integrate applications outside of AWS Cloud: As I mentioned in my previous comments, this type of integration requires a custom implementation of another AWS resource.
I think Palo Alto Panorama is suited for administrators of all levels because certain things can be locked down to certain permission levels. But there are executive dashboards all the way down to the weeds for the highest of administrators. This truly is a single pane of glass tool because you never have to go into the individual firewalls for anything.
Protect any application against the most common attacks.
Provides better visibility of web traffic.
It allows us to control the traffic in different ways in which it is enabled or blocked through the implementation of security rules developed personally according to our needs.
It is able to block common attacks such as SQL code injection.
It allows defining specific rules for applications, thus increasing web security as they are developed.
If you need to push a setting or config to multiple firewalls Panorama can do that flawlessly.
Panorama has its logging centralized and this makes it easy to locate and reviews logs compared to having to get logs from each device.
I love how the interface matches the interface on the firewall. This makes the learning curve less steep.
Adding new firewalls to Panorama is super easy and not complex. Panorama can push a lot of the config and settings so you don't have to manually do it.
AWS WAF is a bit costly if used for single applications.
they should provide attack-wise protection, like if my certain type of application is vulnerable to DDOS then I should be able to buy WAF, especially for that attack.
The ability to push out OS updates could be improved in Panorama. It has the abilities, but the use is not intuitive, to the point that we generally connect directly to the firewalls to download the OS updates directly.
Scheduling. It would be nice to be able to schedule jobs to run at certain times. Pushing out updates, like OS updates mentioned above, can require significant bandwidth. So being able to schedule that work for hours that would not directly affect the users would be a welcome addition.
The list of devices in the Templates tabs should be sorted the same way that he devices are grouped in the Device Group tab, rather than just alphabetical. If there was a way to chose the order of the devices, maybe by tag, that would work as well.
We have been using AWS WAF for the past 3 years in front of our websites. We find it useful in preventing data crawling, DDOS attacks, etc on our websites, and hence we are going to use it in the future as well. AWS WAF is one of the best Firewalls in business.
Panorama has given us much more than we expected and the support for the product, by Palo Alto Networks has been great. We would like to see some improvements that I mentioned in another review, like scheduling changes, but overall Panorama has provided a very capable product and we are very happy with it.
The product is highly scalable. It is easy to configure the rules and thereby helps us to mitigate many vulnerabilities. The interface and programming of the firewall provisions were easy to setup. Amazon clearly spent a lot of time figuring this out and perfecting it. It allows users to do customized configurations based on their needs. It provides protection against a number of security issues like XSS, SQL injection, etc. I would definitely recommend this for protecting your infra as you scale, since this basically protects and filters all requests hitting your application server.
You can do anything via the GUI without going to the CLI. High real time security as every five minutes, it updates the list of phishing websites. High protection as the firewall communicates with the cloud, a machine running artificial intelligence helps to detect malware or other threats.
If you're intending to use AWS WAF, I would say that you absolutely should sign up for support. AWS Support is excellent and they can help you in a really good way to solve your issues.
Palo Alto has a very nice customer support. People are very nice and were quick to reply, whenever we had an issue with the subscription or the blacklist tool. There is also a great deal of information on their website that covers each and every detail about the uses and the threat signatures. The community keeps on updating their information very frequently. Small issues are easily solved from the documentation, and for other issues, the customer support service is always present. However, on Fridays it becomes a little delayed as per my observation.
Easy of use. Setup and configuration is fairly quick. There are the usual advantages of it being a cloud solution where you can buy into the solution, configure it and set it up and get it up and running. If you are already a subscriber to AWS, having a native service has its advantages.
Palo Alto Panorama and Junos Space Security Director have many similar features but Palo Alto Panorama excels in almost all of them. The monitoring tools in Palo Alto Panorama are easy to use and give more in-depth insight into what is going on in your network. Palo Alto's security is ranked much higher and the Web Application Security is also superior to that of the Junos counterpart.
Implementing this AWS service has been really favorable because when creating custom rules we give more specific protection to our applications against vulnerabilities that cause them to be consuming other resources or running with errors.
It allows us to control the traffic of our business applications, which is really favorable, given that in this way we can decide that you can access them and not.
It is extremely advantageous that we can establish rules in a centralized way since it saves time, as well as it allows us to protect several applications at the same time by reusing the rules established above.
It allows you to save time and money because we only pay for what is used.
At a previous company, I deployed Palo Alto firewalls to a data center, and 12 branch locations. This allowed us to replace MPLS links with IPSec tunnels between the sites. This resulted in significantly more throughput and soft savings of increased productivity. However, the estimated net of $220,000 in hard savings over five years is what is most impressive. I could not have effectively managed all those devices without Palo Alto Panorama.
