See our complete list of top next-generation firewall vendors.
Bottom line
If you’ve got the budget, Palo Alto’s got game. The company’s next-generation firewalls offer strong security with best-in-class performance, and solid core features often make it an enterprise shortlist candidate – where it frequently winds up with the highest overall evaluation score.
Company Description
Palo Alto Networks is a security vendor based in Santa Clara, Calif., with more than 4,000 employees and annual revenues of more than $1.4 billion. It has been in the enterprise firewall business for a more than a decade. It serves more than 42,500 customers in 150+ countries.
Product Description
Gartner placed Palo Alto in the Leaders quadrant and gave it one of the highest ratings in its enterprise firewall Magic Quadrant. Its next-generation firewalls run on its PAN-OS. The NGFWs classify all traffic, including encrypted traffic, based on application, application function, user and content. Models range from the low-end PA-200 to the high-end PA-7000. The firewalls combine policy enforcement and cyberthreat prevention via the company’s Content-ID and WildFire sandboxing features. Content-ID limits unauthorized data transfer and blocks threats. WildFire identifies unknown malware, zero-day exploits, and advanced persistent threats (APTs) through static and dynamic analysis in a virtual environment. It automatically disseminates updated protections globally in near-real time. The Application Command Center includes visibility of sanctioned and unsanctioned SaaS applications. Combined with automated event aggregation and filtering and drill-down options, this makes it easier to understand application flows and related risks.
Features
Security and performance: Tops. NSS Labs gave the PA-5220 a 98.7% security effectiveness rating in recent tests, fourth best among vendors it tested (the top four were all within a percentage point of each other), while the device’s 7,888 Mbps performance was tops among solutions tested.
Value: Good. NSS Labs gave Palo Alto a $7 TCO per protected Mbps, in the middle of the pack. Price is often the reason that potential buyers look elsewhere, Gartner reports, especially in distributed organizations.
Implementation: Very good. Users report relatively easy implementation.
Management: Again very good. Some complexity, but users praise the product’s rich features. Management features, application visibility, sandboxing and small branch office options are among its greatest strengths.
Support: Very good. The company’s customers can be so loyal that many renew without a competitive evaluation. The stability of the company’s large, infrequent updates is one complaint, however.
Cloud features: Very good. Palo Alto is better than average in an area where many firewall vendors lag, with virtual firewall offerings and support for public and private cloud environments.
Security Qualifications
NEBS level 3
Intelligence
The Application Command Center (ACC) includes visibility of sanctioned and unsanctioned SaaS applications. Combined with its automated event aggregation and filtering and drill-down options, it makes it easy to understand application flows and related risks.
Delivery
Physical and virtual appliances.
Agents
Agentless integration with Microsoft Active Directory and Terminal Services, LDAP, Novell eDirectory and Citrix.
Pricing
Palo Alto Networks offers a wide range of NGFW options. The company’s most recently released appliances, the PA-220R (ruggedized), PA-3200 Series and PA-5280, range in price from $2,900 to $200,000, while the base PA-220 lists at $1,000. The 220 offers 100 Mbps VPN throughput and 64,000 sessions; the 5280 offers 24 Gbps VPN throughput and 64 million sessions.