Palo Alto Networks Threat Protection
Palo Alto Networks Threat Protection
We utilize almost all facets of the Threat Protection suite including File blocking, Data Filtering, URL filtering, Anti spyware and …
We are using Palo Alto Networks Next-Generation firewall along with Threat Protection Module. Palo Alto Networks Threat Protection helps …
We use the Palo Alto NTP suite of products at an organizational level, with the vast majority of our network edge traffic to the internet …
Threat Protection is being used on a multitude of levels- first all Internet traffic has active threat policies for protection from …
Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of Palo Alto Networks Threat Protection, and make your voice heard!
Entry-level set up fee?
- No setup fee
- Free Trial
- Free/Freemium Version
- Premium Consulting / Integration Services
Would you like us to let the vendor know that you want pricing?
|Threats do not discriminate between application delivery vectors, requiring an approach that has full visibility into all application traffic, including SSL encrypted content, with full user context. Threat Prevention leverages the visibility of our next-generation firewall to inspect all traffic, automatically preventing known threats, regardless of port, protocol or SSL encryption.|
Companies can't remove reviews or game the system. Here's why
We utilize almost all facets of the Threat Protection suite including File blocking, Data Filtering, URL filtering, Anti spyware and malware. We have adopted several iterations of these policies with exceptions as needed, but overall we encompassed one Security Profile Group that houses all the threat prevention features under 1 easy profile to attach as a default to new Security Policy rules.
- Data filtering.
- URL categorization.
- File blocking.
- Sometimes I struggle to find the deny or specific traffic log for file blocking profile under Unified logs.
- Reporting around Threat Prevention suite could be much better.
- Possibly a specific threat prevention search function that spans across of threat features.
Entire Threat Protection suite works very well together and is relatively easy to set up. Can get somewhat complicated once you have hundreds of Security policy rule and adding exception in the proper top down location. Using the Security Profile group feature is a nice way to group some or all of the threat prevention features under one profile to add to new rules vs. adding them individually.
We are using Palo Alto Networks Next-Generation firewall along with Threat Protection Module. Palo Alto Networks Threat Protection helps users stay protected from external threats, intruders, vulnerability exploits, and also prevents users from accessing or downloading malicious contents and files, enforces traffic inspection with gateway anti-virus, vulnerability protection, and anti-spyware modules.
- Anti virus
- Vulnerability protection
- Anti spyware
- It can ingest feeds from other tools and security solutions
- Threat protection should share it intel data with other vendors
- Users should be able to allow/bypass or create [their] own signatures from intel shared from SOC team
Palo Alto Networks Threat Protections is the most recommended, basic subscription and module one should get during the time of Palo Alto next-generation firewall. Threat Prevention not only protects your inbound traffic that is originating from over the internet but also helps prevent and stop users accessing malicious content, files, data, etc.
We use the Palo Alto NTP suite of products at an organizational level, with the vast majority of our network edge traffic to the internet coming under the scrutiny of the various NTP profiles. It is great because we are able to see very clearly what is being impacted and can tailor the profiles to our policies as needed or completely remove them even without impacting the underlying firewall policy. At a management level, it makes for easy/fast firewall adjustments without sacrificing any of the protection that we need. Adding exceptions are a breeze and the firewalls get their updates on a regular basis without admin intervention.
- Palo Alto NTP allows for a very, very granular approach to protection by the use of profiles. You can tailor as many profiles as you need say for URL Filtering or Malware scanning to accommodate different business needs. Once your profiles are all setup you can choose them to attach to your firewall policies on a policy-by-policy basis. It really couldn't be simpler.
- Very easy to monitor the activity of the profiles in the Monitoring Pane, which makes for agile adjustments or exceptions to be made.
- Some of the deeper features, like making exceptions for virus false-positives can be a little tricky, but I think that is just the nature of the beast. Maybe some guides/tutorials from Palo Alto would help navigate some of that more successfully. Fortunately, we haven't had many of those!
Palo Alto NTP is an appropriate suite of protection for any enterprise environment or anyone that truly needs some serious perimeter protection in a one-stop, all-in-one unit. There are no modules or add-ons or clunky interfaces to deal with it; everything works out of one management plane, licensing, implementation, monitoring. updating, etc. As a network admin, that is immensely valuable to me. Additionally, I get real-time reporting on all the stuff NTP is catching, and it is nothing to shirk at. The real value in NTP comes in only after you begin doing SSL-decryption, however, to truly inspect the traffic. Short of that, you are just seeing a bunch of encrypted data and the NTP suite of tools isn't going to avail you. NTP plus decryption, though, is invaluable!
Threat Protection is being used on a multitude of levels- first all Internet traffic has active threat policies for protection from malicious sites and malware. Other locations utilize threat as a sanity check and second source for other IDS/IPS systems. We are continually tuning and working with Palo Alto to better their threat protection capabilities.
- The threat engine has constant updates for important threats.
- Wildfire helps supplement the Threat engine to help protect against 0 day threats.
- The way the threat engine can be added at different levels to different zones and policies helps to ensure business essential traffic can have policies that are tuned to ensure traffic will flow.
- Visibility into signatures and how they function/what triggers them would be very beneficial.
- Lacking customizability compared to other tools.
- Inability to write custom signatures easily and for traffic with small (less than 8 bit) signatures.
I think threat prevention on a certain level could be used in all Palo Alto deployments (even if just alerting without blocking).