Palo Alto Networks is as a Leader within the Gartner Magic Quadrant, recognised for their Prisma SD-WAN platform, which includes Instant-On Network (ION) edge appliances and orchestration. Palo Alto operates a global presence and serves approximately 3,500 SD-WAN enterprise customers across various industries and sizes. Future investments are expected in application acceleration, SASE enhancements, and packet steering.
I started the Palo Alto SD-WAN demo by deploying the Panorama™ management server to centrally govern the SD-WAN setup across both hub and branch devices. The server consolidates management tasks and reduces operational load. I found the installation of the Prisma SD-WAN plugin and configuration straightforward, with simple to manage interface settings and SD-WAN configurations.
Prisma SD-WAN ensures application availability based on real-time performance SLAs and visibility, which delivers a significant improvement in performance compared to legacy MPLS. Palo SD-WAN uses application response time to determine the optimal path for a flow and confirms that the path adheres to the application's requirements. In our test, the traffic steering feature worked by performing below latency, jitter and packet loss threshold levels.
I noted that Primsa publicises their capability to reduce network trouble tickets by up to 99% by providing at-a-glance management of multiple Internet and MPLS circuitst. Prisma's user-friendly interface and integration with Prisma Access for securing remote networks demonstrates that it is simpler for IT teams to understand network issues which reduces the reliance on support.
As the demo progressed, it became clear that Palo Alto has an good SD-WAN features but excellent SASE security capability. The integration of next-generation firewalls into the SD-WAN architecture provided me with a highly secure environment, capable of safeguarding sensitive business with comprehensive cloud security measures integrated into their network fabric. The intent is to ensure that cloud applications and protected against cyber threats.
Through the Panorama management server, I set up and monitored link health to manage traffic across the demo network. One clear benefit I noted was the ability to facilitate centralise control without compromising the granular visibility required to safeguard and enhance branch-office and user experience. For instance, handling traffic for cloud services and applications through encrypted links proved to be reliable during the test.
In my hands-on experience, I valued the capability of the Palo Alto Prisma suite to extend security to remote users, regardless of their location without compromise vs branch-office or HQ sites. These features are important for businesses that are increasingly reliant on the cloud for their operational needs.
Palo Alto Prisma SD-WAN, initially CloudGenix, has significantly evolved since Palo Alto Networks acquired the company in 2020. Prisma now supports complex network architectures and offers improved network visibility. Palo Alto Networks has continued their development, specifically surrounding SASE capabilities.
What are the Pros & Cons of Palo Alto Networks SD WAN & SASE Cybersecurity?
List of the pros and cons associated with Palo Alto Networks SD WAN and SASE security.
Palo Alto SD-WAN Pros and Cons
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Pros | Cons |
|---|---|---|---|---|---|---|
| 1 | hyelland | 21/10/2024 04:01 PM | hyelland | 21/10/2024 04:01 PM | ✓ Comprehensive Cybersecurity: Provides extensive cybersecurity features. | ❌ Complexity: The solution can be complex to configure and manage. |
| 2 | hyelland | 21/10/2024 04:01 PM | hyelland | 21/10/2024 04:01 PM | ✓ AI Assistance: Utilises AI to assist with network management and threat detection. | ❌ Learning Curve: There is a significant learning curve for new users. |
| 3 | hyelland | 21/10/2024 04:01 PM | hyelland | 21/10/2024 04:01 PM | ✓ Proactive Network Optimisation: Provides proactive optimisation to enhance network performance. | |
| 4 | hyelland | 21/10/2024 04:01 PM | hyelland | 21/10/2024 04:01 PM | ✓ Automation: Offers automation for streamlined network operations. | |
| 5 | hyelland | 21/10/2024 04:01 PM | hyelland | 21/10/2024 04:01 PM | ✓ WAN Optimisation: Offers WAN optimisation for improved performance. | |
| 6 | hyelland | 21/10/2024 04:01 PM | hyelland | 21/10/2024 04:01 PM | ✓ Efficient QoS Configuration: Quality of Service (QoS) is efficiently managed. | |
| Pros | Cons |
Palo Alto Pros & Cons
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Pros | Cons |
|---|---|---|---|---|---|---|
| 1 | hyelland | 04/11/2024 03:54 PM | hyelland | 04/11/2024 03:54 PM | ✓ Innovation: Recognised for recent and planned innovations across AIOps, visibility, and granular policy control, with potential game-changing capabilities. | ❌ Pricing: Higher SD-WAN pricing as observed in client interactions. |
| 2 | hyelland | 04/11/2024 03:54 PM | hyelland | 04/11/2024 03:54 PM | ✓ Customer Experience: Above-average customer experience ratings based on Gartner interactions and Peer Insights data. | ❌ Performance Optimisation: Limited capabilities across TCP protocol optimisation and WAN optimisation features. |
| 3 | hyelland | 04/11/2024 03:54 PM | hyelland | 04/11/2024 03:54 PM | ✓ Market Understanding: Strong understanding of both current and future customer requirements. | ❌ Multiple SD-WAN Products: The existence of two different SD-WAN products may lead to market confusion and challenges in choosing the right product based on security and SD-WAN needs. |
| Pros | Cons |
Palo Alto Pros & Cons
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Palo Alto Networks Pros | Palo Alto Networks Cons |
|---|---|---|---|---|---|---|
| 1 | hyelland | 30/10/2024 02:10 PM | hyelland | 30/10/2024 02:10 PM | Lightweight | Expensive |
| 2 | hyelland | 30/10/2024 02:10 PM | hyelland | 30/10/2024 02:10 PM | Good threat hunting capabilities | Learning Curve |
| 3 | hyelland | 30/10/2024 02:10 PM | hyelland | 30/10/2024 02:10 PM | Management of endpoint security controls (USB, encryption, etc.) | Lots of automation, but it takes work to implement |
| Palo Alto Networks Pros | Palo Alto Networks Cons |
Palo Alto Managed CyberSecurity Pros & Cons
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Pros | Cons |
|---|---|---|---|---|---|---|
| 1 | hyelland | 01/11/2024 03:29 PM | hyelland | 01/11/2024 03:29 PM | Options for cloud or on-premises deployment | Cloud management possible, but requires Palo Alto Panorama |
| 2 | hyelland | 01/11/2024 03:29 PM | hyelland | 01/11/2024 03:29 PM | Integration with existing Palo Alto firewalls | Agent or app required to enable remote access |
| 3 | hyelland | 01/11/2024 03:29 PM | hyelland | 01/11/2024 03:29 PM | Replaces legacy VPN infrastructure | Fully managed service not available directly from Palo Alto |
| Pros | Cons |
Zscaler ZTNA Pros & Cons
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Pros | Cons |
|---|---|---|---|---|---|---|
| 1 | hyelland | 22/10/2024 02:56 PM | hyelland | 22/10/2024 02:56 PM | ✓ Zscaler’s solution removes the need for multiple endpoint agents as their ZTNA is built into its secure web gateway client. | ❌ The cost of deploying the Zscaler solution is higher than industry standard. |
| 2 | hyelland | 22/10/2024 02:56 PM | hyelland | 22/10/2024 02:56 PM | ✓ The solution is capable of supporting very large organisations, with the ability to take in up to hundreds of thousands of users and endpoints. | ❌ Lack of VoIP support for Zscaler Internet Access. |
| 3 | hyelland | 22/10/2024 02:56 PM | hyelland | 22/10/2024 02:56 PM | ✓ The Zscaler solution supports common UDP and TCP applications out-of-the-box, offering contextual data security and application access. | ❌ Endpoint device security support (compatibility) and security inspections are areas that need some improvement to compete with other pure-play security solutions. |
| 4 | hyelland | 22/10/2024 02:56 PM | hyelland | 22/10/2024 02:56 PM | ✓ The scalability of the Zscaler solution is above par for the industry, and it has strong capabilities for integration with the broader security ecosystem. | ❌ Traffic routing issues have also been noted by some customers upon initial deployment, although this isn’t uncommon during SD-WAN or security solution deployment. |
| Pros | Cons |
Comparison: Palo Alto vs Fortinet vs FireEye vs Forcepoint SD WAN & security
Consider the points below to compare Palo Alto vs Fortinet vs FireEye vs Forcepoint SD WAN and SASE security.
Palo Alto vs Fortinet vs FireEye vs Forcepoint Comparison
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Palo Alto | Fortinet | FireEye | Forcepoint |
|---|---|---|---|---|---|---|---|---|
| 1 | hyelland | 04/11/2024 03:50 PM | hyelland | 04/11/2024 03:50 PM | Palo Alto's main product focus is a converged SD WAN and SASE platform, delivered from the cloud. The solution supports remote and home workers as well as those on-premises. | Fortinet offers hardware-based SASE and SD WAN, with offerings for Extended Detection and Response (XDR). | FireEye offers XDR and cloud security services, with a range of managed security solutions. | Forcepoint offers SASE with options for integrated data protection services. |
| 2 | hyelland | 04/11/2024 03:50 PM | hyelland | 04/11/2024 03:50 PM | Palo Alto offers fully featured SD WAN via their acquisition of CloudGenix. | Fortinet's SD WAN offering was built internally from the ground up as a component of their overall solution. | FireEye does not offer SD WAN or SASE services. | Forcepoint does not have an SD WAN offering. |
| 3 | hyelland | 04/11/2024 03:50 PM | hyelland | 04/11/2024 03:50 PM | Palo Alto supports remote users with the Okyo Garde appliance, which works as an extension of the corporate network avoiding the need to configure VPNs. | Fortinet supports users with cloud-delivered threat protection, which removes the need for legacy VPN technologies. | FireEye offers security for remote users via a technology partnership with iBoss. The solution features authentication and SSL decryption, with intelligence-driven technologies to detect and protect against zero-day attacks. | Forcepoint offers security for remote users via a cloud-delivered security gateway, Data Loss Prevention (DLP), and private access to applications. |
| Palo Alto | Fortinet | FireEye | Forcepoint |
Palo Alto vs Checkpoint vs Darktrace Comparison
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Palo Alto | Check Point | Darktrace |
|---|---|---|---|---|---|---|---|
| 1 | hyelland | 04/11/2024 03:49 PM | hyelland | 04/11/2024 03:49 PM | Palo Alto is a suitable choice for large global enterprises requiring integrated SD WAN and SASE. | Check Point is a good choice for large multinational corporations looking for security to protect remote and on-premises users. | Darktrace is a suitable choice for clients looking to bolster their pre-existing network security perimeter. |
| 2 | hyelland | 04/11/2024 03:49 PM | hyelland | 04/11/2024 03:49 PM | Palo Alto offers SD WAN and SASE solutions. | Check Point offers a range of network security products, as well as full SASE. | Darktrace offers AI services that complement existing SASE and SD WAN solutions and fill any gaps in the perimeter. |
| 3 | hyelland | 04/11/2024 03:49 PM | hyelland | 04/11/2024 03:49 PM | Palo Alto offers hardware and cloud-based deployment options. | Check Point focuses mainly on hardware-based solutions. | Darktrace offers software-based virtual solutions. |
| Palo Alto | Check Point | Darktrace |
CrowdStrike vs Palo Alto Comparison
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Crowdstrike | Palo Alto |
|---|---|---|---|---|---|---|
| 1 | hyelland | 04/11/2024 03:13 PM | hyelland | 04/11/2024 03:13 PM | Crowdstrike is a good choice for clients looking for granular security services. | Palo Alto is a good choice for clients looking for an integrated SD WAN and SASE solution with strong cloud capabilities. |
| 2 | hyelland | 04/11/2024 03:13 PM | hyelland | 04/11/2024 03:13 PM | Offers Extended Detection and Response services. | Offers Extended Detection and Response services. |
| 3 | hyelland | 04/11/2024 03:13 PM | hyelland | 04/11/2024 03:13 PM | Crowdstrike offers connectivity to AWS, Azure, and Google Cloud. | Offers connectivity to AWS, Azure, and Google Cloud. |
| Crowdstrike | Palo Alto |
OpenSystems vs Versa vs Palo Alto Comparison
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Open Systems | Versa Networks | Palo Alto |
|---|---|---|---|---|---|---|---|
| 1 | hyelland | 04/11/2024 03:47 PM | hyelland | 04/11/2024 03:47 PM | Open Systems is a good choice for large global enterprises with multiple locations worldwide. | Versa Networks are a good choice for small, medium, and large enterprises with their two options for SD WAN. Further, they are PCI-DSS compliant making them a suitable choice for retail businesses. | Palo Alto is a suitable fit for large global enterprises requiring a combined SD WAN and SASE platform with strong cloud capabilities. |
| 2 | hyelland | 04/11/2024 03:47 PM | hyelland | 04/11/2024 03:47 PM | Offers full SASE. | Offers full SASE. | Offers full SASE. |
| 3 | hyelland | 04/11/2024 03:47 PM | hyelland | 04/11/2024 03:47 PM | Offers support from their Security Operations Center (SOC). | Offers full SD WAN. | Offers full SD WAN. |
| 4 | hyelland | 04/11/2024 03:47 PM | hyelland | 04/11/2024 03:47 PM | Provides security from Edge to cloud. | Can be deployed from the cloud, on-premises, or via a combination of both. | Converged next-generation SD WAN and SASE into a single cloud-delivered platform to secure on-premises, remote, and home workers. |
| 5 | hyelland | 04/11/2024 03:47 PM | hyelland | 04/11/2024 03:47 PM | Offers full SD WAN. | ||
| Open Systems | Versa Networks | Palo Alto |
Zscaler vs CrowdStrike vs Palo Alto vs Citrix Comparison
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Zscaler | CrowdStrike | Palo Alto Networks | Citrix |
|---|---|---|---|---|---|---|---|---|
| 1 | hyelland | 04/11/2024 04:00 PM | hyelland | 04/11/2024 04:00 PM | Zscaler is suitable for large multinational corporations requiring a granular SASE solution. | CrowdStrike is a suitable choice for clients looking for a granular security stack. | Suitable choice for large global enterprises looking for integrated SD WAN and SASE. | Suitable for clients requiring a comprehensive and cloud-based SD WAN and SASE solution. |
| 2 | hyelland | 04/11/2024 04:00 PM | hyelland | 04/11/2024 04:00 PM | Operates 150 data centres worldwide. | Provides security for data centres. | Provides security for data residing in data centres. | Citrix offers data centre modernization services. |
| 3 | hyelland | 04/11/2024 04:00 PM | hyelland | 04/11/2024 04:00 PM | Provides native security to nine major cloud providers, including Azure, AWS, and Google Cloud. | Offers security for cloud vendors AWS, Azure, and Google Cloud. | Offers cloud security for Azure, AWS, and Google Cloud. | Provides a hybrid cloud environment with access to AWS, Azure, and Google Cloud. |
| Zscaler | CrowdStrike | Palo Alto Networks | Citrix |
Frequently Asked Questions
What is the Palo Alto Networks SD WAN architecture?
Palo Alto’s solution supports DIA, MPLS and LTE connectivity underlay services. As a vendor, Palo Alto do not manage or support SD WAN underlay. However, these services may be available via one of their service provider partners (See, Which service providers do Palo Alto support?).
Palo Alto Networks Service Providers
BT
NTT Global
Orange Cyberdefense
Lumen
Optiv
Trustwave
On2it
Lightstream
Presido
Critical Start
Telefonica Tech
Palo Alto Networks Integrators
- Accenture
- NTT Global
- Deloitte
- IBM
Palo Alto Networks Partners
Abnormal Security
AbuseIPDB
Acalvio
AccessData an Exterro company
ActiveMQ
Agari
Akamai
Alexa
AlgoSec
AlphaSOC
Altipeak Security
Analyst1
Anomali
ANY.RUN
APIVoid
Aria
Arista
Armis
Aruba
AT&T Cybersecurity
Atlassian
Attack IQ
Attivo Networks
Authentic8
Awake Security
Axonius
BackBox
Bambenek Consulting
Bastille Networks
BeyondTrust
BigFix
BitcoinAbuse
BitSight
BlockList DE
BlueCat
Blueliv
bmc helix
Box
C2SEC
Censys
Centreon
CheckPhish
Cherwell
CIRCL
CircleCI
Claroty
Cloudflare
Code42
Cofense
Cognni
Commscope
Concentric
Confluera
Coralogix
CounterCraft
Cradlepoint
Cuckoo
CVE
Cyber Observer
Cyber Triage
CyberArk
Cybereason
Cyberint
Cyberpion
Cybersixgill
CyCraft
Cyjax
Cylance
Cymptom
Cymulate
Cyren
Cyware
Darktrace
Deep Instinct
DeHashed
Devo
Digital Defense
Digital Guardian
Digital Shadows
dnstwist
DomainTools
Druva
Elastic
Endace
Ericom
Exabeam
ExtraHop
F5
Farsight Security
Fidelis
Field Effect
FireEye
Flashpoint
Forescout
Gamma
Genians
Google Chronicle
GreatHorn
GreyNoise
Group-IB
Gurucul
HashiCorp
Hatching
Humio
HYAS
IBM
iLert
Illusive Networks
Indeni
Infinipoint
Infoblox
Infocyte
Intel471
Intezer
IPQualityScore
IronNet
Ironscales
KeySight
Linkshadow
LogPoint
LogRhythm
Logz.io
Malwarebytes
McAfee
Menlo Security
Micro Focus
Microsoft Active Directory
mnemonic
MobileIron
Niagara Networks
Nozomi Networks
Nvidia
Pentera
Perception Point
PolySwarm
Proofpoint
QA Cafe
Qualys
Quantum Security Systems
Query.ai
Rapid7
Recorded Future
Red Hat
ReversingLabs
RiskIQ
RiskSense
RSA
RST Cloud
Rubrik
Saasyan
SafeBreach
SailPoint
SCADAfence CNM
SecBI
SecurityAdvisor
Securonix
Sepio
ServiceNow
Silverfort
Siscale
Slack
Splunk
SSL Blacklist (SSLBL), by Abuse
Sumo Logic
Swivel Secure
Symantec
Tanium
Tenable
Thales
ThreatQ
Thycotic
Titaniam
Trend Micro
TruSTAR
Twinwave
UBIRCH GmbH
Uptycs Inc
Vectra
Venafi
VMware
VMware Carbon Black
WootCloud
Workday
XM Cyber
XMatters
Zendesk
ZeroFox
Zimperium
Zoom
ZPE