Snort vs. Palo Alto Networks Advanced Threat Prevention

If a colleague was looking to tighten down their network I can easily recommend Snort to them. It gives you some more peace of mind knowing that its always scanning traffic for malicious looking code. Even things your major firewalls and security hardware might miss, Snort has picked up. Its an easy recommendation for me.

Incentivized

Palo Alto NTP is an appropriate suite of protection for any enterprise environment or anyone that truly needs some serious perimeter protection in a one-stop, all-in-one unit. There are no modules or add-ons or clunky interfaces to deal with it; everything works out of one management plane, licensing, implementation, monitoring. updating, etc. As a network admin, that is immensely valuable to me. Additionally, I get real-time reporting on all the stuff NTP is catching, and it is nothing to shirk at. The real value in NTP comes in only after you begin doing SSL-decryption, however, to truly inspect the traffic. Short of that, you are just seeing a bunch of encrypted data and the NTP suite of tools isn't going to avail you. NTP plus decryption, though, is invaluable!

Incentivized

• IPS detection.
• DoS detection.
• Packet logging.

Incentivized

• Preventing the data breaches
• Safeguarding Hybrid and cloud environments
• Reducing the false alarms
• Network Perimeter secuirty

Incentivized

• At times can be unstable with Cisco bugs, require frequent upgrading.
• FTD images that are being pushed for ASAs are less efficient from an administration standpoint, no CLI.

Incentivized

• It can ingest feeds from other tools and security solutions
• Threat protection should share it intel data with other vendors
• Users should be able to allow/bypass or create [their] own signatures from intel shared from SOC team

Incentivized

The reason to give ATP this rating is it specialises in detecting command control traffic whose primary role is to identify unusual outbound traffic patterns which blocks the command control communication and notifies to different security team to take necessary actions. ATP Global protect holds the responsibility of inspecting all the inbound and outbound traffic going to and from corporate system regardless of the network they are on. ATP plays a major role to identify the threats that blocks threats that could lead to data breach also it identifies any malicious file enter the system will be blocked proactively

Incentivized

For our organization, the Cisco defense in depth concept works the best. While Cisco can be made to work with other vendors, we have found the best in depth protection by integrating Cisco products for maximum visibility. We had a Barracuda Web Filter, but it was difficult to maintain when you had limited scope on what you could block, so we created a whitelist only setup which required a lot of additional manpower. This wouldn't have covered new threats with DNS spoofing and the like. Sourcefire also integrated with our anti-malware platform (Cisco AMP) for even better visibility on what may be happening on the end users workstation. We are planning on adding in Cisco ISE to complete the approach and possibly stealthwatch to cover our bases in the future. The Palo Alto gear was interesting, but it was priced far out of our range.

Incentivized

Having used Palo Alto Firewalls for years, implementing threat protection was the next step in perimeter security. Works much better than the few competitors I have personally used. Frequent content updates occur which may impact some policy rules, but that is normal across most vendors.

Incentivized

• Being open source, ROI on free is hard to beat for something that works.
• I believe it greatly enhances the security of my network.

• New deployment hasn't been fully calculated yet.
• With the addition of Panorama and central logging, event investigation has become more streamlined.

Incentivized