Palo Alto Networks WildFire vs. Splunk User Behavior Analytics (UBA)

Palo Alto Networks Wildfire is well suited for pretty much anywhere that you need the latest and greatest network security. It is extremely good at protecting you from the latest malware threats that might pose a potential problem for your network/endpoints. We've been very please since we installed it and I would say cost of the Palo Altos is the only drawback. If money were no object I'd go with a Palo Alto with Wildfire every time. But unfortunately in some smaller branches it just doesn't make financial sense.

Incentivized

Splunk User Behavior Analytics application is necessary when any company wants to capture the threat based on user behavior instead of just counting the number of occurrences of particular event. With Splunk UBA, we can analyse number of anomalies captured and which in turn creating threats which are nearly true positive.

Incentivized

• This is could base and easily manageable for our collocation. While working within the could can review in live time potential treats that it has reported from other devices.
• Worked very well with existing Palo Alto devices.
• Another huge plus is the simplicity of managing and ease of scalability.
• Its cost is competitive with similar/like products available.

Incentivized

• Monitor and troubleshoot for any system errors.
• Get the insights on application data sets and do some predictive analysis.

Incentivized

• WildFire, like other sandboxes, has to stay up with malware sandbox evasion techniques, which necessitates larger file size limits.
• More file formats should be able to be submitted and scanned by WildFire, which needs improved initial administration and setup.
• It's quite pricey, and there's no warning choice for performance on the cloud.

Incentivized

• Performance-wise, it can be improved. Queries take a long time.
• Dataset exploration - More data visualization charts can be added.

Incentivized

It works very well and takes care of protecting us from threats new and well-known. It's been a game changer in terms of threat detection & prevention.

Incentivized

Easy to use and works well. For the most part it's set it and forget it, but there's also some flexibility for high security environments and those with extra privacy concerns.

Incentivized

PAN support is very good. You can get the reasonable and timely support on any conditions. When the product is already integrated with the PAN firewalls, you can choose the severity levels based on the effect. The customer service/TAC is very helpful, they even have additional recommendations of advises for product usability. Local partners are also assisting the cases and give their expertise.

Incentivized

We wanted a single device to handle numerous jobs, such as antivirus, antimalware, vulnerability detection, url filtering, etc. Palo Alto provides this, while TippingPoint IPS is a more dedicated product. Caveat: I used TippingPoint over 5 years ago, so things may have changed.

Incentivized

Easier we were using Splunk Enterprise on heavy forwarder on which all the add-on were installed and were using Splunk Cloud with respect to search head and indexers stack. And with Splunk Enterprise Security premium app, we were relying on correlation rules which were throwing more number of false positive but after implementing Splunk UBA, we are now getting real-time true positive threat or incidents.

Incentivized

• As we all know the product of Palo Alto is little bit expensive but its performance is far better than any of its competitors. So as I previously mentioned, Palo Alto should not sell WildFire Licence seperately.
• If the firewall is internet facing then only we should buy WildFire Licence.
• WildFire Licence is not necessary for internal firewall. If you are planning to buy a firewall for internal network where your traffic is not going towards internet so no need to buy WildFire Licence.

• Fewer team members to work on real threats.
• Less time required to deal with real incidents.
• Easy to implement across the network.

Incentivized