Microsoft Defender for Identity vs. Palo Alto Networks Advanced Threat Prevention

Microsoft Defender for Identity is a great solution for each company that has an Active Directory. It fills in the blanks for Identity related incidents that are being missed in the XDR platform. To get a full view on identity risks it is an essential component

Palo Alto NTP is an appropriate suite of protection for any enterprise environment or anyone that truly needs some serious perimeter protection in a one-stop, all-in-one unit. There are no modules or add-ons or clunky interfaces to deal with it; everything works out of one management plane, licensing, implementation, monitoring. updating, etc. As a network admin, that is immensely valuable to me. Additionally, I get real-time reporting on all the stuff NTP is catching, and it is nothing to shirk at. The real value in NTP comes in only after you begin doing SSL-decryption, however, to truly inspect the traffic. Short of that, you are just seeing a bunch of encrypted data and the NTP suite of tools isn't going to avail you. NTP plus decryption, though, is invaluable!

Incentivized

• detect threats and suspicious activities
• pro-active measurements on possible breaches
• identity security posture

• The threat engine has constant updates for important threats.
• Wildfire helps supplement the Threat engine to help protect against 0 day threats.
• The way the threat engine can be added at different levels to different zones and policies helps to ensure business essential traffic can have policies that are tuned to ensure traffic will flow.

Incentivized

• setup can be complicated, with AD complexity
• Sometimes the load on DCs is pretty high, leading to performance issues
• Better tuning options for preventing false-positive/bening alerts

• Cost is high, but it is a premium product
• Endpoints are still vulnerable.
• TAC engineers aren't always equipped with ATP knowledge

Incentivized

The reason to give ATP this rating is it specialises in detecting command control traffic whose primary role is to identify unusual outbound traffic patterns which blocks the command control communication and notifies to different security team to take necessary actions. ATP Global protect holds the responsibility of inspecting all the inbound and outbound traffic going to and from corporate system regardless of the network they are on. ATP plays a major role to identify the threats that blocks threats that could lead to data breach also it identifies any malicious file enter the system will be blocked proactively

Incentivized

Microsoft Defender for Identity is more specialized on the Identity platform, it is a single solution compared to a multi-solution. The integration is better when using the XDR suite in combination with Sentinel. Microsoft Defender for Identity gives a better overview of the security posture

Having used Palo Alto Firewalls for years, implementing threat protection was the next step in perimeter security. Works much better than the few competitors I have personally used. Frequent content updates occur which may impact some policy rules, but that is normal across most vendors.

Incentivized

• Cost impact was pretty high
• Learning curve, needed time (money) for training
• Greatly improved detections and gives more insights

• After adding PA Threat Protection, we are now getting our network traffic completely inspected.
• We are now applying security checks and scans like AV scan and Anti Spyware checks.
• This is also giving visibility into threat and attack vectors that are using vulnerabilities and exploits to enter our environment.

Incentivized