Palo Alto Networks has bet everything on being a next-generation firewall. Without the next-generation hook, Palo Alto has little chance at breaking into the established world of firewalls, and they've done a good job at defining the category on their own terms.
In our initial foray into testing next generation firewalls last August, we looked at Palo Alto's PA-5060 by itself, so it's only logical to consider how Palo Alto stacks up against the four vendors in this test.
We used a different methodology to test application identification between the two tests, so we can't make a head-to-head comparison Palo Alto's PA-5060 had a higher identification rate when we passed canned applications, but we can't generalize from that. However, in areas such as management of application firewall rules, we'd put them at the top. Likewise, the Palo Alto PA-5060 had a good design for what to do once application traffic matches, again putting them at the top, with Check Point's Security Gateway.
Since Palo Alto didn't have to carry any legacy GUI baggage with them, they were able to design their management from the beginning to handle the integrated application identification and threat mitigation features, all at once. On the other hand, Palo Alto has a ways to go with the performance of their management system, which is frustratingly slow when applying changes.
Visibility, showing you what is happening on your network, is another area where Palo Alto's PA-5060 shined in our test. Starting from scratch with the goal of next generation visibility gave Palo Alto a big leg up, and the PA-5060 came out of the starting gate with an outstanding visibility tool, setting the standard for this category. While Check Point has some great features in SmartEvent, the prize for accessible visibility has to go to Palo Alto.
We didn't test the PA-5060's SSL decryption capabilities as systematically as we did the products in this test, but because the PA-5060 has an architecture more like SonicWall, with virtually unlimited SSL decryption, we expect it would have also landed at the top of the list with SonicWall.
When it comes to UTM features, the Palo Alto PA-5060 can be compared more closely to the products we tested. When it comes to IPS coverage, the PA-5060 turned in scores in the low 90% range, putting it up near the high scorers in our IPS testing. For the anti-virus/anti-malware testing, the PA-5060 fit more in the bottom of the range of our testing.
We stand by our original PA-5060 test headline back in August: "Palo Alto earns short list status." If you are considering replacing your firewall to gain next generation features, Palo Alto remains a credible contender.
The new president of Microsoft France says Microsoft is giving up on the consumer mobile market.
As the containers vs. virtual machine debate rages on, new research finds that containers could yield...
By forcing Windows 10 on users, Microsoft has lost the tenuous trust and credibility users had in the...
Clever use of history commands to help you move faster on the Unix command line.
Marten Mickos is crowdsourcing security with a growing army of ethical hackers who can help your...
Enterprises gain more options to mix and match internal and external clouds -- if they can adapt.
How do you get started using the cloud? To have a successful cloud deployment, it’s helpful to have a...