Best value for the money
December 23, 2021
Best value for the money
Supervisor in Information TechnologyBanking Company, 10,001+ employees
Score 9 out of 10
Overall Satisfaction with Palo Alto Networks AutoFocus
Auto focus is being used for threat intelligence integrated with all of the palo alto networks firewalls. We use it throughout the enterprise even for the subsidiary companies. It really helps the SOC team to enhance their incident analysis. It broadens the scope of analysis with threat specific pinpoint data with a little False Positive. Autofocus is a saas service. Licensing is based on the number of users. It leverages the analytics and correlation with cloud services whereas the correlation is based on the customer data. Dahsboard is customizable. I see more value on the autofocus data compared to panorama or palo alto firewalls dashboards. It has tight integrations with several services. There are feeds which we use and indirectly to import these lists to the firewalls with SOAR entegration.
- tagging and prioritization of events
- sectoral and peer/industry views compared to your company
- dnssec view is superb, I get more detail on the autofocus compared to my local implementation
- customizable alerts for specific indicators and events
- additional feed entegrations
- searches for IP, URL, hash
- minemeld integration throgh the indicators
- unit42 direct integration on the dashboard
- Views are cumbersome, you should know what to search and use the input
- It's solely to PaloAlto environment I can't integrate other vendors natively
- Application integrations is limited, you should have your own SOAR to automaion
- Concerns related to privacy, I can't hash some values or variables on the cloud
- Sharing option of the datas with cloud has limited configuration
- It's aimed for strata, I don't see data coming/analyzed or integration for the prisma cloud side.
- Analytics and correlation
- Threat Hunting
- Unit42 data
- company vs global vs industry view
- Search functionality
- Licensing is solid and based on numbers of users
- ROI time for the big enterprises is very fast
- Pinpoint accuracy on the threats, SOC does not waste time for additional analysis
- Superb easy integration
- Little maintenance for the service
- Service uptime is very high
If you have Palo Alto, autofocus is the selected choice. If you have Checkpoint than the threat cloud. Price of autofocus is much cheaper. Unit42 is the real differentiator. Minemeld is unique to PAN and working perfectly. Search outputs and are detailed and gives lots of data. Integration with SOAR is much easier with autofocus. Indicator list is huge. Tagging works magnificent.
Do you think Palo Alto Networks AutoFocus delivers good value for the price?
Are you happy with Palo Alto Networks AutoFocus's feature set?
Did Palo Alto Networks AutoFocus live up to sales and marketing promises?
Did implementation of Palo Alto Networks AutoFocus go as expected?
Would you buy Palo Alto Networks AutoFocus again?
Analytics, Threat Hunting and detailed investigations for the security incidents are the main use cases. Automation on the cloud based on the feeds through the minemeld is another use case. When you deploy PAN on perimeter, Autofocus gives you a temendaous value. If you have non PAN firewall/products running Auto focus doe not make sense.