Skip to main content
TrustRadius
Palo Alto Networks Advanced Threat Prevention

Palo Alto Networks Advanced Threat Prevention

Overview

What is Palo Alto Networks Advanced Threat Prevention?

Palo Alto Networks Advanced Threat Prevention is an intrusion prevention system (IPS) used to stop zero-day attacks inline in real-time. In addition to the prevention of known threats, the solution helps to stop never-before-seen exploit attempts and command and control…

Read more
Recent Reviews
Read all reviews
Return to navigation

Product Details

What is Palo Alto Networks Advanced Threat Prevention?

Palo Alto Networks Advanced Threat Prevention is an intrusion prevention system (IPS) used to stop zero-day attacks inline in real-time. In addition to the prevention of known threats, the solution helps to stop never-before-seen exploit attempts and command and control with its inline deep learning engines that aims to provide prevention of zero-day injection attacks and evasive command and control.

Palo Alto Networks Advanced Threat Prevention Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(36)

Reviews

(1-2 of 2)
Companies can't remove reviews or game the system. Here's why
Score 6 out of 10
Vetted Review
Verified User
Incentivized
We utilize almost all facets of the Threat Protection suite including File blocking, Data Filtering, URL filtering, Anti spyware and malware. We have adopted several iterations of these policies with exceptions as needed, but overall we encompassed one Security Profile Group that houses all the threat prevention features under 1 easy profile to attach as a default to new Security Policy rules.
  • Data filtering.
  • URL categorization.
  • File blocking.
  • Sometimes I struggle to find the deny or specific traffic log for file blocking profile under Unified logs.
  • Reporting around Threat Prevention suite could be much better.
  • Possibly a specific threat prevention search function that spans across of threat features.
Entire Threat Protection suite works very well together and is relatively easy to set up. Can get somewhat complicated once you have hundreds of Security policy rule and adding exception in the proper top down location. Using the Security Profile group feature is a nice way to group some or all of the threat prevention features under one profile to add to new rules vs. adding them individually.
  • URL categorization/filtering.
  • File blocking.
  • Data filtering.
  • Threat Protection adds a positive multi layered defense.
  • Reduces time to review and triage unwanted network connections by implementing Geo Blocking.
  • Ease of deploying a single Security Group Profile across multiple existing or new rules reduces management time.
Having used Palo Alto Firewalls for years, implementing threat protection was the next step in perimeter security. Works much better than the few competitors I have personally used. Frequent content updates occur which may impact some policy rules, but that is normal across most vendors.
Alex Waitkus, CISSP-ISSAP, OSCP | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
Threat Protection is being used on a multitude of levels- first all Internet traffic has active threat policies for protection from malicious sites and malware. Other locations utilize threat as a sanity check and second source for other IDS/IPS systems. We are continually tuning and working with Palo Alto to better their threat protection capabilities.
  • The threat engine has constant updates for important threats.
  • Wildfire helps supplement the Threat engine to help protect against 0 day threats.
  • The way the threat engine can be added at different levels to different zones and policies helps to ensure business essential traffic can have policies that are tuned to ensure traffic will flow.
  • Visibility into signatures and how they function/what triggers them would be very beneficial.
  • Lacking customizability compared to other tools.
  • Inability to write custom signatures easily and for traffic with small (less than 8 bit) signatures.
I think threat prevention on a certain level could be used in all Palo Alto deployments (even if just alerting without blocking).
  • New deployment hasn't been fully calculated yet.
  • With the addition of Panorama and central logging, event investigation has become more streamlined.
It is comparable but not as robust as other stand alone IPS/IDS.
Return to navigation