Palo Alto Networks Advanced Threat Prevention vs. Security Onion

Palo Alto NTP is an appropriate suite of protection for any enterprise environment or anyone that truly needs some serious perimeter protection in a one-stop, all-in-one unit. There are no modules or add-ons or clunky interfaces to deal with it; everything works out of one management plane, licensing, implementation, monitoring. updating, etc. As a network admin, that is immensely valuable to me. Additionally, I get real-time reporting on all the stuff NTP is catching, and it is nothing to shirk at. The real value in NTP comes in only after you begin doing SSL-decryption, however, to truly inspect the traffic. Short of that, you are just seeing a bunch of encrypted data and the NTP suite of tools isn't going to avail you. NTP plus decryption, though, is invaluable!

Incentivized

Security Onion works well for setting up within a Linux environment. This brings a new platform to run and maintain though. The application its self has helped to keep track of logs and vulnerabilities in the environment. Alert triage and case creation is simple to start and follow through to the end.

• The threat engine has constant updates for important threats.
• Wildfire helps supplement the Threat engine to help protect against 0 day threats.
• The way the threat engine can be added at different levels to different zones and policies helps to ensure business essential traffic can have policies that are tuned to ensure traffic will flow.

Incentivized

• GUI
• Support
• Easy of use

• Cost is high, but it is a premium product
• Endpoints are still vulnerable.
• TAC engineers aren't always equipped with ATP knowledge

Incentivized

• Requires Linux
• Training

The reason to give ATP this rating is it specialises in detecting command control traffic whose primary role is to identify unusual outbound traffic patterns which blocks the command control communication and notifies to different security team to take necessary actions. ATP Global protect holds the responsibility of inspecting all the inbound and outbound traffic going to and from corporate system regardless of the network they are on. ATP plays a major role to identify the threats that blocks threats that could lead to data breach also it identifies any malicious file enter the system will be blocked proactively

Incentivized

Having used Palo Alto Firewalls for years, implementing threat protection was the next step in perimeter security. Works much better than the few competitors I have personally used. Frequent content updates occur which may impact some policy rules, but that is normal across most vendors.

Incentivized

Other vendors may have a more robust solution but for our needs, Security Onion was the one to move forward with. We have tested some of the others but the cost of those platforms makes the ROI not as desirable. There is a learning curve with Security Onion but it is worth it for the value provided.

• After adding PA Threat Protection, we are now getting our network traffic completely inspected.
• We are now applying security checks and scans like AV scan and Anti Spyware checks.
• This is also giving visibility into threat and attack vectors that are using vulnerabilities and exploits to enter our environment.

Incentivized

• Makes Alert Triage easier to handle
• Analysis of threats simple