What is our primary use case?
I use
Palo Alto Networks Advanced Threat Prevention as an intelligent protection service, focusing on ongoing threats and known threats. It uses embedded signatures in PAN-DB and PAN-OS with regular updates and assesses transit traffic to block any identified threat signatures. I primarily use it on the perimeter for internet-bound traffic.
What is most valuable?
Palo Alto Networks Advanced Threat Prevention provides advanced threat prevention through behavioral analytics and heuristic-based scanning. As traditional signature-based mechanisms become less effective due to the evolving nature of attacks, this solution's focus on behavioral analysis is crucial. The real-time response capability, based on SP3 architecture, ensures minimal delays and effective threat interception. While activation increases compute cycle demands, proper sizing of firewalls ensures stable performance. The solution integrates well within Palo Alto stack but requires custom integrations for non-Palo systems.
What needs improvement?
The behavioral detection capabilities could be expanded to address all threats at the perimeter, reducing the reliance on endpoint detection and response systems. Improving the handling of false positives would also enhance the solution, as they still occur occasionally.
For how long have I used the solution?
I have used advanced threat protection since its introduction sometime in 2021, but I have been working on similar threat protection since 2014.
What was my experience with deployment of the solution?
Deployment is straightforward and involves selecting options and specifying download intervals for signatures. I recommend setting these updates during off-business hours to minimize the impact on compute resources. The process is simple and quick.
What do I think about the stability of the solution?
Activating advanced threat protection requires considering the increased compute cycles of the firewalls. Proper sizing of the firewall models ensures that the system does not experience crippling performance issues.
What do I think about the scalability of the solution?
Palo Alto Networks Advanced Threat Prevention is scalable and works well wherever enforcement points exist. It is designed to be used out of the box.
How are customer service and support?
I rate technical support from Palo Alto as eight out of ten. They are reliable and offer the expected level of service.
How would you rate customer service and support?
How was the initial setup?
The initial setup is straightforward, involving checking options and setting download intervals for signatures. The deployment is a quick process, taking only about five minutes.
What was our ROI?
I hope the solution is providing ROI, but due to the layered defense approach in use, a precise calculation has not been done. It offers insights into security threats, despite the inability to quantify its impact in numbers.
What's my experience with pricing, setup cost, and licensing?
Palo Alto Networks Advanced Threat Prevention requires an add-on license and is considered expensive compared to competitors like Cisco AMP and
FortiGate firewalls. Its justification lies in its effectiveness, but calculating the exact ROI is complex due to multiple defense layers.
What other advice do I have?
I rate Palo Alto Networks Advanced Threat Prevention as nine out of ten. It silently performs its functions without demanding much attention unless issues arise. While false positives can occur, they are not disruptive to network flows.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
*Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
