Palo Alto Networks WildFire Reviews

I love the idea of Palo Alto Networks WildFire. It's more geared toward preventing malware. If someone's laptop or phone is malware-infected, the tool prevents it from uploading valuable corporate data outside the corporate network. That's what I love about Palo Alto Networks WildFire. It stops malware in its tracks.

I didn't experience any pain points in Palo Alto Networks WildFire. It's good "as is".

In terms of what I'd like to see in the next release of Palo Alto Networks WildFire, each release is based on malware that has been identified. The key problem is an average of six months from the time malware is written to the time it's discovered and a signature is created for it. The only advice that I can give is for them to shorten that timeframe. I don't know how they would do it, but if they shorten that, for example, cut it in half, they'll make themselves more famous.

Stability in Palo Alto Networks WildFire is significantly better, compared to other solutions.

Palo Alto Networks WildFire, in terms of scalability, is significantly good, though you have to right-size or plan for the future for group capacity. A lot of the Palo Alto solutions, especially the chassis-based or the "non-fixed" solutions give you the ability to scale on port density, and I like that.

Technical support for Palo Alto Networks WildFire is good.

Setting up Palo Alto Networks WildFire is much more straightforward, especially when compared to Cisco.

I use Palo Alto Networks WildFire. I like it.

The number of people you need for maintaining Palo Alto Networks WildFire will depend on the number of devices you have. If you had one firewall, what do you need to maintain? You'll just need one guy, and he's going to be bored most of the time. One guy could maintain ten to twenty firewalls. If you have one hundred firewalls on your network, or you manage one hundred firewalls for your customers, then you're going to need five times as many engineers for maintaining Palo Alto Networks WildFire.

I have no advice for others looking into using the solution because it's so simple. You can turn it on with a button, then there's a radio box, then you click it, and away you go. If you need information, you can enter a support email, and it'll fire off an email saying, "I caught something. I shut it down, but you should know about this."

Nobody gets a ten, so I'll give Palo Alto Networks WildFire a rating of nine out of ten.

The solution is deployed on-premise.

The most valuable features are all of the security features in terms of protection and SSL and VPN.

Palo Alto is the top leader in the Magic Quadrant of Gartner. So, I don't think it needs to improve anything, except maybe the speed to deploy the changes.

I have been using this solution for one year.

The stability is very good. It's at the top of the market.

The scalability is good.

I have never needed to contact technical support.

Initial setup is straightforward. It's user-friendly. It's not too difficult to use it, and the learning curve is pretty good.

We used a system integrator.

The solution is a bit expensive. You pay for security.

For the cost, I would rate the pricing a 5 out of 5.

Palo Alto is a good product, but in the future I will deploy FortiGate because I prefer it.

I would rate this solution 10 out of 10. 

There are things to improve, and nobody is a perfect 10 in security.

You have better control because you define apps. You just don't define ports. You define apps, and the apps are monitored in the traffic. It is more specific than the Cisco firewall when it comes to our needs.

The configuration should be made a little bit easier. I understand why it is as it is, but there should be a way to make it easier from the user side.

I'm going into my second year here now.

Its stability is good.

It is good in terms of scalability. We have around 25 users currently, and we don't have any plans to increase the usage. The current solution supports up to 1,500 users. It is a little bit overkill for what we actually need. It would probably be good for quite a while in the future.

Their support is fantastic. You can call them and have a technician sitting with you at three o'clock in the morning to help you through things.

Previously, we were running Cisco's solution, but then we got told from headquarters in the US that we needed to change.

If you know what you're doing, it goes quickly. If you don't know what you're doing, it's going to take a while. That is why I requested an easier setup.

In terms of maintenance, our IT unit is responsible for all VPN traffic. We have now automated things a bit, but in the beginning, it was manual. 

We did it ourselves.

The physical appliance is around €3,000 or €4,000, and then, you have the licensing for a year for around €3,000.

I would recommend this solution to others. I would rate it at an eight out of 10.

Palo Alto Networks WildFire is being used as an effective zero-day threat prevention solution. When a file comes in from a user innocently clicking on a website, then downloading the file, for example, if your Palo Alto is set up in a way that detects what is happening in that traffic going through, whether the file is an audio file, a DLL, an executable file, etc., if it thinks that file is unsafe, it will ask for a second opinion from Palo Alto Networks WildFire.

If you'll imagine how a network would work: You've got your computer, then your antivirus on the computer, then you have your internet gateway. That suspicious file will stop at the gateway, rather than stopping at the computer. Think about hurdles, where you've got these people running over hurdles, and to win the race, you have to jump over every single hurdle. If you get one of those hurdles wrong, that's it. You're done. That's why we're doing this check almost at the perimeter, or at the edge of the network, instead of on the device, because once you're on the device, it means you're on the network.

What I found most valuable in Palo Alto Networks WildFire is that it's intuitive. I also love the App-ID feature, especially because it works out of the box. I can also instantly see all the traffic going out, e.g. I can just plug a firewall in, then connect one network socket to a switch, etc. There's no configuration I need to do to see it. It just tells me that you're sending BitTorrent traffic, or SLL traffic, or you're going into 365, etc. It just does that out of the box, and it's the best thing that this solution can do. Straight away you can see all the traffic going through your network.

Palo Alto Networks WildFire, because it's from Palo Alto Networks, has better visibility on everything, so they can see what's happening in the world. They recently released the Palo Alto Networks WildFire machine learning feature on the firewall, so it's them saying: "This thing's happening on your firewall, so you should do this," and it just does it for you. Rather than relying on a human to interpret these problems, it will just do it for you, and that's pretty cool. I've not played with the machine learning feature myself, but that's something I'm very keen to have a look at.

We do a lot with charities, and I'd love Palo Alto Networks WildFire to have more discounts, e.g. charity discounts, so we can protect healthcare and schools, then other than aiming at the universities and the big hospitals where it's a lot of money, we can go for the smaller schools, too. They make quite a killing there. 

Again, it's just charity pricing, but because we are a partner with them, we can do that ourselves, e.g. we can buy it and then reduce our margins on it to get them over. We feel that it's better to sell the device that's very good at a lower cost, then, we lock in with their services at the end, so work management, etc. Rather than saying, "It's going to cost you this much money, and it's too expensive to even begin with."

I've been a reseller of Palo Alto Networks WildFire for four years now.

Palo Alto Networks WildFire is a stable solution.

Palo Alto Networks WildFire is scalable, particularly if you pick the right firewall, and that's it: you can do what you need to with it.

With five being the highest and one being the lowest, I'm scoring the technical support for Palo Alto Networks WildFire a four. They're very, very good, but there is still room for improvement when some issues become more complex. If you understand the system, then you'll also understand why it is like it is.

Setting up Palo Alto Networks WildFire is easy out of the box, because you just plug in the cables you need, but the way it works is you need to have an understanding of networking, otherwise, setting it up will be difficult. If you are the right type of person, then you'll have no problems with the setup.

Palo Alto Networks WildFire is quite expensive, and this is what puts people off.

The way Palo Alto Networks WildFire works is that it's essentially a service that you get from Palo Alto as part of your subscription. You can subscribe to it at an additional cost, and the idea is it can communicate with all the Palo Alto devices in the world about a file, e.g. whether a file is suspicious or harmless.

For example, a machine in Australia downloads a file, and it doesn't know if it's a file that can be trusted or not. The Palo Alto Networks WildFire process is that it takes that file, and then moves it to the WildFire service in the cloud, so there's a transaction from the firewall doing that.

Let's say it's a Word file or something that looks suspicious, Palo Alto Networks WildFire then detonates the file, e.g. it takes that file and runs checks against it, before and after, and then it sees the difference and says, "Well, this actual file contains a payload." The way that it works then, is that there are attackers or people who are trying to subvert systems, and they will say, "Oh, if this file is running on a virtual machine, like in a sandbox environment, don't do the thing that you're going to do, only when it's a physical thing, like actual hardware.

The Palo Alto Networks WildFire process is a process that goes through all these other checks, e.g. it runs on physical, on virtual, on different types of Linux, MacOS, etc. This file is checked against all these different environments to see if it's okay or not, so this is done off the box, off the firewall.

This is the service that you pay for as part of that subscription, so when it's done, essentially that file is marked as safe, that's cool. If it's marked as bad, then that file, the hash is taken from it, so it's easily identified, then through the Palo Alto Networks WildFire subscription, all the firewalls in the world then get that information within just one minute, if you set it to that. It will say something similar to: "Look out for this file if you ever see it", and then all the machines now knows that the file is dodgy or suspicious. That's what Palo Alto Networks WildFire does.

Palo Alto Networks is very well rounded. They're building an ecosystem: the Palo Alto ecosystem. You've got global protect VPNs and they are the armor that works on the whole ecosystem. They also have integrations, e.g. there are other applications from HP that plug into the device, because it's got the APIs there.

For the deployment and maintenance of Palo Alto Networks WildFire, one person can do it, but it's a special tool, so a network staff that just looks after a server would probably struggle with it, just because of some of the concepts that you need to use. There are specific trainings you'd need to do to get the best out of it, but one specialist could do it, e.g. it's not unheard of.

My advice to others looking into implementing this solution is for them not to be put off by the cost. It's similar to looking at cars, e.g. there's a reason people like Jaguar cars over the Fords. I've always got this mantra that if you have a network, if you have a data network, and if it's going to cost you, e.g. if you look at the fines associated with various industries, and if you're a school that gets a data breach, it'll cost you this much money. The question is: "Can you afford that much money as a company?" If your answer is "No", then you have to look at mitigating it. I would suggest looking at Palo Alto Networks WildFire and saying, "Well, we do these types of things to protect your network."

If you still don't want to pay that money, then chances are, you don't particularly care about security. If you want to pay for that kind of thing to stave off the bigger fine that results from getting a data breach, or getting hacked, etc., then that's how we think about it. Don't be off put by the cost when you're looking at it. Palo Alto Networks WildFire is a very comprehensive device. They are the best firewalls in the world.

There are also other solutions like UTMs and XGs, e.g. if you like Fortigate, but everyone I've shown the Palo Alto to instantly said: "This big screen here: I can see all the traffic going through", and you just filter it at the top, and it just makes more sense to people. It's very intuitive.

My rating for Palo Alto Networks WildFire is eight out of ten. It's not a perfect score because of its cost.

I primarily use the solution for my client's companies. 

I did not find anything that makes it more unique than other equivalent products.

The initial setup is very simple.

The solution is stable.

The scalability is acceptable. 

Technical support is great.

The solution needs more third-party integration. 

The automation and responsiveness need improvement.

They need to be able to escalate technical support issues in a more effective way.

The solution is a bit too expensive. 

I've used the solution for many years. IT's been a while. 

The solution is stable. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. 

The solution does have the capability to scale. It can scale to a certain extent. 

Technical support was perfect. That said, it's hard to escalate. We're mostly happy with technical support. It's just that the escalation process takes too much time.

We are working with a similar product to WildFire at the moment. The features are the same, however, the stability and reliability are better.

The initial setup is very straightforward. It's not overly complex or difficult. A company shouldn't have any issue with the process.

The pricing could be a bit better. 

I'm a freelancing security consultant.

I'd advise new users to just double-check the admin guide, the organization guide, before beginning.

I'd rate the solution at an eight out of ten. 

I work on the network equipment in our company including switches, routers, firewalls, VPN, and all of the perimeter devices. Palo Alto WildFire is one of the products that we use to secure our network.

Generally, it detects threats to our network and blocks them. This includes checking applications for malware.

What I like about Palo Alto is that it is a complete product, with everything in it.

In the future, I would like to see more automation in the reporting.

We have been using WildFire for between four and five years.

This product is pretty stable.

Our network and security group are the ones who use it. We haven't had to scale beyond that.

We don't have a lot of contact with technical support but when we do, they are pretty quick.

I haven't used another solution that is better than this one.

The initial setup is straightforward. It was not complex for me at all.

The pricing is highly expensive.

From my perspective, Palo Alto is the best solution in the market. This is the reason that we implemented it.

I would rate this solution an eight out of ten.

WildFire is being deployed based on vendor and security best practices and recommendations from our Managed Service Provider. leveraging their inherent knowledge it allows us to think outside the box. 

When  a security Intel threat talks about an IOC. We can then go to our MSP and ask, "Is there a signature for this particular type of malware?" The response is generally  yes, it is applied almost in real time. 

It's not a problem specific to the technology, it's a problem across the board. All the encrypted traffic can be a challenge. Becoming a man in the middle requires CPU cycles, causing additional  overhead.

The stability's great as long as its sized correctly. no huge hits from a CPU or RAM from a performance perspective. It would be prudent to monitor performance statistics. 

The way it's delivered, I don't see scalability being an issue.

We're a managed service, so we've got to fill in the middle that's running interference for us.

The initial setup is really straightforward. Turn the WildFire service on within firewalls and then apply that service to the security policies you want.

Some services require additional licensing. WildFire was one of the services we definitely wanted out of the gate. Suggestion is to determine your requirements of services and map back to the cost of turning on the service.

Install the solution set it up the service in alert mode. Run reports and determine how you want it tuned, them move into block mode. You may want to go to  block mode right away with known out of the box threats. 

We had two 800-Series Palo Alto Firewalls, but as they reached end-of-life, we began researching alternatives. Ultimately, we chose to switch to Cisco Firepower, so we no longer use WildFire.

The most valuable feature for us is the VPN. We used GlobalProtect for the VPN, as well as site-to-site.

It is very simple to use.

The support needs to be improved because it takes too long to resolve severity-one issues.

Better integration with third-party products and services is needed.

The need to implement their own multifactor authentication, rather than relying on third-party add-ons for it.

They have malware protection and web-filtering in place, although they are not as effective as Titan or Cisco Umbrella.

I began working with Palo Alto WildFire a year ago when I joined the company.

It is a solid, stable network solution.

In terms of scalability, Palo Alto is at the top of the market.

Managing this solution we had six network administrators, who are network analysts. In terms of end-users, the entire company was using the Palo Alto network.

When you contact support, there is no guarantee that they will be available to help you tackle the issue that you are facing. Sometimes you are left on the phone for three or four hours before you can speak with an engineer, which is very, very poor. If you have an emergency situation or a network outage of severity-one, then you cannot wait for hours to support your clients.

Palo Alto was the first solution of this type that we used. However, we have recently purchased Cisco Firepower and no longer work with Palo Alto products.

Prior to Firepower being released, Palo Alto was very simple and better than Cisco ASA. Now, however, Firepower is simpler and the support is outstanding. With Cisco, if you have a severity-one outage then it will be less than ten minutes before you get an engineer on the phone to help you.

I have also worked with Check Point and Juniper solutions, and I feel that scalability-wise, Palo Alto is better than the rest, except for perhaps Cisco, where it is neck and neck.

The setup is not complex. When you come from a CLI background of Cisco ASA or any other platform, Palo Alto is much easier. As long as you are familiar with the general steps in the procedure, it is not difficult.

This solution is very pricey and it depends on the package that you implement. There are sometimes promotions on, which can save on costs.

The Palo Alto models that we were using are the PA800-500 and PA830. 

I have seen people in different organizations and different industries set their firewall solutions up in different ways. It depends on the level of support, in terms of who will be maintaining the network. It also includes the level of knowledge they have, as well as their management preference. Some people choose Palo Alto because they don't care about the costs, and it is an easy solution to use, especially if they are already familiar with it. I would say that if they have the budget then this is a good choice and I recommend it.

However, if they are looking to consolidate all of their services, then the option to choose is definitely Cisco. It's a cloud-based solution with malware protection, filtering, and everything you need all in one box. It makes a lot of difference.

Finally, some people prefer FortiGate because the pricing is good and it is simple to use, whereas some people prefer Check Point for other reasons. It's an individual choice, but it should be well researched before the final choice is made.

I would rate this solution an eight out of ten.