Global Network Tech Lead at a tech vendor with 10,001+ employees
Real User
Top 5
Aug 26, 2025
Palo Alto Networks can improve Advanced Threat Prevention by catering to the growing adoption of AI and agentic tooling. The Threat Protection modules should have the necessary intelligence to protect against those types of threats, as AI will be there to do a human job; this is an evolving area. From an Advanced Threat Protection perspective, the technology associated with Palo Alto Networks, such as their sandboxing environment, is quite good. However, Palo Alto needs to focus on how to bring that technology to end users and how easy it is to use, especially in a hybrid environment where users work from various locations. While Palo Alto excels in certain setups, they need to improve the user experience in distributed working conditions.
In this scenario with Palo Alto Networks Advanced Threat Prevention, I did not get any opportunity to work on it. The only thing I did was forward the logs to the SIEM ( /categories/security-information-and-event-management-siem ) solution.For government entities, they are not allowing configuration changes. For non-government users, there is a support portal to get the configuration file and upload it to the portal. We can identify misconfigurations and where the loop is very big, so we can get the report and establish it. In Saudi Arabia specifically, the support service needs improvement. When customers have incidents with Palo Alto Networks Advanced Threat Prevention and want to open a case with the Palo Alto team, the available number in Saudi Arabia leads to a long procedure. They're not able to answer within one or two hours. This needs to be implemented. They may need to open offices in Dubai or other places for Arabic-speaking people to access TAC support.
The behavioral detection capabilities could be expanded to address all threats at the perimeter, reducing the reliance on endpoint detection and response systems. Improving the handling of false positives would also enhance the solution, as they still occur occasionally.
All the subscriptions come in bundles, therefore, it is difficult to pinpoint specific areas for improvement. However, there is a potential drawback to the lack of support for the ICAP protocol. Integration using this protocol could make the device work seamlessly with some other solutions.
The solution could benefit from improved AI analytics to predict potential attacks before they occur, similar to NDR systems. Behavioral analytics and a more intuitive engine could also enhance it further. While it is a powerful tool, it may have a steep learning curve for new users due to its advanced features and configurations.
Learn what your peers think about Palo Alto Networks Advanced Threat Prevention. Get advice and tips from experienced pros sharing their opinions. Updated: December 2025.
We are attempting to improve the use of URL filtering beyond threat protection. I'm not sure what the remaining threat protection features are off the top of my head. But beyond that, we use URL filtering. We have three approved cases for using external dynamic lists that are stored in a bucket repository. Then, for each URL site that needs to be whitelisted, we add it to the external dynamic list in order to gain access to this email. I would like Wildfire to be implemented. We use the equivalent in Cisco is the integration policies. We have the Wildfire but we are not currently implementing it. We don't have the license to use it, but we are not currently implementing it until we present the use cases that the company gives some value to and they approve the use of it.
Senior Network Security Architect at a financial services firm with 10,001+ employees
Real User
Dec 8, 2022
The granularity of the signature could be improved. Mission learning techniques on firewalls are good but should continue to expand and detect unknown threats on the fly. The capability seems to be a bit limited on certain types of traffic. The solution should include a checkbox to select or bypass the profile on a firewall or policy. The option to customize signature fields or allow feeds from other tools or environments would be interesting.
Coordinator of the Architecture Security Team at TOTVS
Real User
May 19, 2022
The initial setup is complex. We'd like more APIs to manage programmatically the IPS to orchestrate it and avoid logging into the graphical user interface console. We'd like to have some robots to manage the solution's tasks.
Consultant at a computer software company with 201-500 employees
Consultant
Oct 6, 2019
The solution needs to improve Reverse DNS functionalities. Right now, when you check the IP address, it tells all. It assumes that that IP address is locally available on the inside. When the request is going back to me it's supposed to do what we call rights. Instead of giving me the public IP address in my response, it's supposed to give me the private IP address or the local IP address so that I can reach the device locally. That's the challenge right now. Sometimes when you want to group a set of ports, and communicate with Palo Alto, you cannot group TCP and UDP ports together. This needs to be adjusted.
I think they can use some improvement on FID. There are lots of false positives and those can be eradicated. Sometimes you can't identify a 10-year-old doc, but they can probably update those signatures and false positives, so it would be helpful and save us a lot of time.
Quality engineer of the 1st category at Modern Expo
Real User
Sep 29, 2019
The price of licenses should be lowered to make it less costly to scale our solution. I would like to see consolidated licensing for on-premises solutions. This would give us all of the features available for the one box.
The IPS can be improved on the solution. The itineration, for example. Also, if additional features, like SD Wan, etc. can be added. This would be helpful. Other additional features that could be added include Individual Traps. In terms of enhancement for overall protection, we would like more Traps or other solutions that are developing within the firewall. The solution needs to improve its local technical support services. There is no premium support offered in our market.
Consultant at a aerospace/defense firm with 501-1,000 employees
Consultant
Sep 3, 2019
It's not so easy to set up a test environment because it's not so easy to get the test license. The vendor only gives you 90 days for a test license; it's a tough license to get.
Head Of Information Security at SAUDI PARAMOUNT COMPUTER SYSTEMS
Real User
Apr 11, 2019
In most areas, Palo Alto Threat Prevention is a fine choice. The application is very good. The most important feature we find to be the NCR Reader. It is best for application security. I don't know how they could improve it more. The application is already working fine with good results. Support is really good with Palo Alto and we are resellers of the software to our customers. They will let us know how they find it valuable after we implement it. Most of our customers have found Palo Alto Threat Prevention very good to use. We have a number of customers in the market. Everybody is happy with the product. Overall, Palo Alto Threat Prevention doesn't need much more. From a general point of view, you get everything. If it is content filtering, it should be no problem.
Information Security Officer at National Bank of Cambodia
Real User
Mar 3, 2019
Right now we are focusing on email. If Palo Alto can increase the features related to email filtering and the new malware, it would help us protect our systems.
Palo Alto Networks Advanced Threat Prevention is a cloud-based security service that combines cutting-edge technologies, including machine learning, artificial intelligence, and expert human monitoring, to effectively thwart advanced threats like malware, zero-day attacks, and command-and-control threats. It offers inline protection, scrutinizing all network traffic irrespective of port, protocol, or encryption. An integral component of Palo Alto Networks' security platform, it enjoys...
Palo Alto Networks can improve Advanced Threat Prevention by catering to the growing adoption of AI and agentic tooling. The Threat Protection modules should have the necessary intelligence to protect against those types of threats, as AI will be there to do a human job; this is an evolving area. From an Advanced Threat Protection perspective, the technology associated with Palo Alto Networks, such as their sandboxing environment, is quite good. However, Palo Alto needs to focus on how to bring that technology to end users and how easy it is to use, especially in a hybrid environment where users work from various locations. While Palo Alto excels in certain setups, they need to improve the user experience in distributed working conditions.
In this scenario with Palo Alto Networks Advanced Threat Prevention, I did not get any opportunity to work on it. The only thing I did was forward the logs to the SIEM ( /categories/security-information-and-event-management-siem ) solution.For government entities, they are not allowing configuration changes. For non-government users, there is a support portal to get the configuration file and upload it to the portal. We can identify misconfigurations and where the loop is very big, so we can get the report and establish it. In Saudi Arabia specifically, the support service needs improvement. When customers have incidents with Palo Alto Networks Advanced Threat Prevention and want to open a case with the Palo Alto team, the available number in Saudi Arabia leads to a long procedure. They're not able to answer within one or two hours. This needs to be implemented. They may need to open offices in Dubai or other places for Arabic-speaking people to access TAC support.
The behavioral detection capabilities could be expanded to address all threats at the perimeter, reducing the reliance on endpoint detection and response systems. Improving the handling of false positives would also enhance the solution, as they still occur occasionally.
All the subscriptions come in bundles, therefore, it is difficult to pinpoint specific areas for improvement. However, there is a potential drawback to the lack of support for the ICAP protocol. Integration using this protocol could make the device work seamlessly with some other solutions.
The solution could benefit from improved AI analytics to predict potential attacks before they occur, similar to NDR systems. Behavioral analytics and a more intuitive engine could also enhance it further. While it is a powerful tool, it may have a steep learning curve for new users due to its advanced features and configurations.
There could be some firewalls with fiber optics interfaces.
The application’s pricing and dashboard need improvement. It could be user-friendly.
The installation was complicated.
Palo Alto Networks Threat Prevention could improve the commercial offing. Other solutions, such as Fortinet provide better commercial features.
We are attempting to improve the use of URL filtering beyond threat protection. I'm not sure what the remaining threat protection features are off the top of my head. But beyond that, we use URL filtering. We have three approved cases for using external dynamic lists that are stored in a bucket repository. Then, for each URL site that needs to be whitelisted, we add it to the external dynamic list in order to gain access to this email. I would like Wildfire to be implemented. We use the equivalent in Cisco is the integration policies. We have the Wildfire but we are not currently implementing it. We don't have the license to use it, but we are not currently implementing it until we present the use cases that the company gives some value to and they approve the use of it.
The granularity of the signature could be improved. Mission learning techniques on firewalls are good but should continue to expand and detect unknown threats on the fly. The capability seems to be a bit limited on certain types of traffic. The solution should include a checkbox to select or bypass the profile on a firewall or policy. The option to customize signature fields or allow feeds from other tools or environments would be interesting.
The initial setup is complex. We'd like more APIs to manage programmatically the IPS to orchestrate it and avoid logging into the graphical user interface console. We'd like to have some robots to manage the solution's tasks.
The resource consumption should be addressed. The technology firewall anomaly network could stand improvement. The pricing could be better.
We use four Palo Alto solutions in stand-alone mode and but it's hard to use when I use it in Panorama. Palo Alto's maintenance needs to be improved.
The documentation needs to be improved. I need better information about how to configure it and what the best practices are.
The solution needs to improve Reverse DNS functionalities. Right now, when you check the IP address, it tells all. It assumes that that IP address is locally available on the inside. When the request is going back to me it's supposed to do what we call rights. Instead of giving me the public IP address in my response, it's supposed to give me the private IP address or the local IP address so that I can reach the device locally. That's the challenge right now. Sometimes when you want to group a set of ports, and communicate with Palo Alto, you cannot group TCP and UDP ports together. This needs to be adjusted.
I think they can use some improvement on FID. There are lots of false positives and those can be eradicated. Sometimes you can't identify a 10-year-old doc, but they can probably update those signatures and false positives, so it would be helpful and save us a lot of time.
The price of licenses should be lowered to make it less costly to scale our solution. I would like to see consolidated licensing for on-premises solutions. This would give us all of the features available for the one box.
The IPS can be improved on the solution. The itineration, for example. Also, if additional features, like SD Wan, etc. can be added. This would be helpful. Other additional features that could be added include Individual Traps. In terms of enhancement for overall protection, we would like more Traps or other solutions that are developing within the firewall. The solution needs to improve its local technical support services. There is no premium support offered in our market.
It's not so easy to set up a test environment because it's not so easy to get the test license. The vendor only gives you 90 days for a test license; it's a tough license to get.
In most areas, Palo Alto Threat Prevention is a fine choice. The application is very good. The most important feature we find to be the NCR Reader. It is best for application security. I don't know how they could improve it more. The application is already working fine with good results. Support is really good with Palo Alto and we are resellers of the software to our customers. They will let us know how they find it valuable after we implement it. Most of our customers have found Palo Alto Threat Prevention very good to use. We have a number of customers in the market. Everybody is happy with the product. Overall, Palo Alto Threat Prevention doesn't need much more. From a general point of view, you get everything. If it is content filtering, it should be no problem.
The organization mail security solutions could be improved. There is no mail security solution available.
Right now we are focusing on email. If Palo Alto can increase the features related to email filtering and the new malware, it would help us protect our systems.