Our primary use case for Palo Alto Networks IoT Security is for the operational technology (OT) network. We have industrial systems, referred to as ICS or Industrial Control Systems, to control manufacturing devices. The IoT subscription is necessary for various compliances, such as ICS compliance or SCADA compliance. For that, we have Palo Alto Networks Firewall and IoT Security ensuring adequate security is in place.
The deductions from application protocols and application signatures are very important. Once visibility is obtained, it is possible to discuss with the team and take action. This visibility is crucial.
It is simple to use. We just need to enable features and then configure IoT policies. We can take a call on whether to block or allow something. It is pretty simple.
It is not very comprehensive in terms of visibility. When we tested, multiple application signatures were not available with Palo Alto. Fortinet, Claroty, and Nozomi had more application signatures and visibility protocols. More application signatures are required. Claroty and Nozomi also have more automated solutions and more straightforward options to integrate through APIs, etc.
Palo Alto should also look into level 0, level 1, and level 2 Purview models.
Its risk assessment is okay. It is not bad or good. When it comes to risk assessment, we should get more intel in terms of device identification, the type of device, the operating systems, and the application traffic. With all these together, we get better information.
I have been using Palo Alto Networks IoT Security for five and a half to six years.
The stability of Palo Alto Networks IoT Security is normal.
Palo Alto Networks IoT Security is scalable. They are doing well in this area.
They are very process-oriented. They should be more flexible in supporting customers.
We used Forescout before switching to Palo Alto Networks IoT Security. Forescout was more focused on the network level rather than the perimeter level. For perimeter level, options include Palo Alto, Fortinet, or Check Point.
Its implementation is simple. There is not much work to do. Because it does not have so many features, the work is less. It provides basic security, making it simple to configure.
In terms of maintenance, we have to regularly look into it and alter the configurations. Regular maintenance is required.
The deployment involved two people from our team. Although a reseller was present, the implementation was done in-house.
There is not much return on investment. It is primarily a compliance and security requirement rather than a solution offering direct ROI.
The pricing for Palo Alto Networks IoT Security is a bit high.
It is very important for the next-generation firewall to act as a sensor, eliminating the need for extra hardware deployment or management, and allowing seamless communication with the external world.
Palo Alto Firewall does not have an inbuilt system for Zero Trust. They have a separate solution called Prisma Access that can be integrated, whereas Fortinet Firewall has an inbuilt system, so the Fortinet Firewall can act as a zero-trust data capture gateway. Palo Alto Firewall requires a separate solution, so there are additional system requirements.
I would rate Palo Alto Networks IoT Security an eight out of ten.
