Palo Alto Networks DNS Security Reviews

In my company, we use Palo Alto Networks DNS Security to protect the command-and-control server and for protection from attackers trying to attack the organizations of our company's clients. We use the tool in our company to protect user access to the internet and servers, specifically the critical servers. In our company, we are connected to a Tier 1 firewall and a Tier 2 firewall for DNS security.

The most valuable features of the solution are DNSSEC and the domain generation algorithm.

Pricing is one of the areas of concern in Palo Alto Networks DNS Security since it is an expensive product. I feel that the product's pricing is an area that could be improved.

The price of the product has always been high in general, but recently Palo Alto has further increased the price. My customers complained about the solution's price rise and also had to purchase a new hardware box. The prices for renewal of the product are also pretty high. My company had to explain to the customers that they would have to make certain payments towards the research required to improve the product.

The solution's technical support needs to improve and be faster to offer support to its customers on time. Palo Alto Networks should arrange for a tech support engineer to troubleshoot the issues faced by their customers.

I have been using Palo Alto Networks DNS Security for three years. My company is a reseller of the solution.

It is a very stable solution since I have not received any complaints from our customers regarding the hardware or software of the product. Stability-wise, I rate the solution a ten out of ten.

It is a very scalable solution. Scalability-wise, I rate the solution a nine out of ten.

Around 15 of my company's customers in Cambodia work with the product.

I rate the technical support an eight out of ten.

Positive

I rate the initial setup a nine on a scale of one to ten, where one is difficult, and ten is easy.

The solution is deployed on-premises.

The solution's deployment process takes a week or two.

Regarding the deployment steps, there is a need to first create a security profile in Palo Alto Networks DNS Security before attaching it to the security policy rule, where we get an option asking to allow or block the security policy rule. The solution's deployment steps are very simple.

Palo Alto Networks DNS Security is an expensive product. I rate the product's pricing an eight on a scale of one to ten, where one is cheap, and ten points are expensive. The prices offered by the competitors of Palo Alto Networks are much cheaper than the current price of Palo Alto Networks DNS Security.

I think it is a good tool right now, and we can protect the newly registered domain name or the architecture that uses DNS. The product uses machine learning to protect DNS technology in networking. I don't have any comment on the downsides of the tool. The features and the security protection that the solution provides are good.

Those planning to buy the solution should try it even though it may appear expensive. Once the product's potential buyers start using the solution, they will see the strong protection the tool provides and how easy it is to use it. In general, it is a very good product to protect an IT environment from external attacks.

I rate the overall solution a nine out of ten.

Our clients use the product for perimeter and DNS to prevent DDoS attacks.

The solution can be used as an antivirus. It is also useful for inspection. A lot is working well.

The product is one step behind its competitors. The product should provide email protection. It should also introduce DLP features. It should provide an end-to-end platform.

I have been working with the solution for ten years.

The product is not as stable as other solutions, such as Cisco Umbrella, Infoblox, and EfficientIP. I rate the product’s stability a five out of ten.

The solution scales well. Our clients are also partners of the solution. They have more than 10,000 users.

The support team has good knowledge about the solution. Support is good enough.

Positive

The product is expensive compared to Fortinet. The solution has an annual licensing fee.

As a system integrator, I think my clients should move to a private cloud. It's the only way they can keep up in the business. If not, they will be out. When customers have the equipment and replace it in the cloud, the product enables some features such as DNS. However, I believe DNS solutions should not focus only on DNS.

If given a choice, I would probably think of other solutions before Palo Alto. The product is suitable for small companies. They can probably acquire the first line of protection with a small fee. Overall, I rate the product a nine out of ten.

The solution is used to drive SaaS via DNS.

It's difficult to speak about the features I found to be valuable because today, there are bundles of other solutions that put everything together at a very good price. So it's something amazing. Our customers appreciate only buying them. So instead of buying one single feature, they buy all the features together.

No solution provides a hundred percent security, so that can be improved. For the scalability aspect, to cover up its shortcomings, they need to deploy more models in some areas, like SMBs.

I have experience with Palo Alto Networks DNS Security for two years.

It is a stable solution. I had two major tickets open in my two years of experience with Palo Alto.

So, in general, it's very stable because the process to deliver new features and new releases in not so long. Generally, when they provide a new release that is already really stable. But Fortinet is a disaster from this point of view. I have customers complaining about Fortinet all the time I'm meeting them; I'm trying to understand what's happening. They complain about the stability of their solutions.

Palo Alto is a scalable solution. The problem is a little tweak in the datasheet because it saves SaaS and helps to maintain a bandwidth once a day. So it's less compared to all the other vendors. They put in the value, so they are not realistic. So it's only something on the paper. And when you put the field to the solution, it's one-third of what they put on the datasheet. So it's a different approach to security and post-production.

I rate the scalability a nine out of ten.

I do not have many details about the technical support.

The installation is more complex because the solution has another approach to security. Still, the operational aspect is the tool which is the main thing.

But to overcome the issue, I thought you needed to store it. The deployment of the solution depends on the customers.

It is not an expensive solution.

In the future, Palo Alto will be launching new models with new features and better integration. It is also necessary to understand who is willing to integrate when the solution is open to integration. I rate the overall solution a nine out of ten.

Our primary use case is for preventing malware and malicious requests.

We now have insight into our DNS requests and we can actively see how many thousands of malicious requests have gotten knocked down in the last day or week that we didn't know before. There's more security and more insight.

The fact that the solution detects five times more malicious, newly registered domains and more than nine days faster than the in industry average, affects our security posture by blocking the bleeding edge malicious attacks. In theory, it just keeps us a few branches up from everybody else so we won't get hit.

We are moving towards a Zero Trust Architecture but not necessarily directly. We are in the process of trying to deploy a PAM that is in the direction of Zero Trust. It's very convenient that we can just put it in line, turn it on, and watch it go.

The autofocus piece that gives us insights into how many requests we have and how many malicious requests get denied is the most valuable feature. We didn't really have eyes on the DNS queries. We had some filtering done, but we didn't know which pieces it knocked down and how much work it was doing.

The comprehensiveness of DNS Security against emerging DNS layer threats is very good. They seem to have updates nearly daily.

My understanding is that it would protect against DNS tunneling, rebinding, and dangling DNS attacks. Any of the malicious-type attacks, like getting blocked, are important for us because we're trying to keep our network secure.

Features specifically relevant to DNS Security, like proactively digging for potential cybercriminal activities, C2, phishing, and grayware hosting are very important to us because they're malicious attempts at the network and Palo Alto knocks it down.

I'm not really sure what needs improvement. The only hiccup I've really seen is a couple of the DNS requests get flagged as the Sophos traffic instead of DNS traffic, but that's more of their app detection in the DNS Security. I haven't really seen any issues with the DNS security.

I have been using Palo Alto for around two years. 

It's been very robust. You check the box and watch it work.

It covered our whole network without us having to really tweak anything. The one adjustment we had to make is that we had to make the DNS lookup timeouts slightly longer, but as soon as we contacted support, they knew to do that and gave us the instructions on how to do it. 

We support 47 different school districts and they all come to us and pull through. It fluctuates and they manage their end of the network. 

At this point, we have two Egresses and it's on both Egresses fully.

Eight of us on the team work with Palo Alto. We mostly do the LAN side of the network.

My only qualm with them is that sometimes they work off-hours compared to our time zone.

Positive

We didn't really have a solution before and we didn't have any eyes on our DNS requests, as far as what was malicious and what was expected traffic.

The initial setup was straightforward. You just set up a security profile and attach it to your rules and it filters DNS requests.

We did it all together when the firewalls were deployed in the beginning. I'm not sure how long the DNS Security piece took.

Palo Alto sales engineers helped us deploy it. Our experience with them was very good. They're very knowledgeable and very helpful.

We have eyes and security in a place we didn't before, so that's at least worth something.

I wasn't too involved in the pricing piece of this, but we're an educational-type institution and we were able to make it work. I think the pricing is good.

We were replacing our outward-facing firewall but we mostly shop between Cisco and Palo Alto.

We were looking at Palo Alto as a whole for the firewall, not just the DNS Security filtering. As a whole, we like the management, features, and subscriptions that Palo Alto has compared to Cisco.

We've been really happy with it. And it seems like even with the web security piece doing some inspection, Palo Alto does more. With Palo Alto having the near-constant updates, they're usually cutting down newer malicious DNS requests before the others could.

Turn it on and run it and see how many DNS requests you were missing before.

The biggest lesson I have learned is that we have a lot more malicious requests than we thought we did.

I would rate Palo Alto Networks DNS security a nine out of ten. 

This is a subscription-based solution that you need to procure for our firewall that provides DNS security. We use this solution for all of our on-premise and remote users. It is used in any servers which are connected over the internet or the users who are trying to reach the internet.

When comparing other cloud-based DNS security solutions to this one I have found the main beneficial feature in this solution we do not need to change our architecture. There was no need to change the configuration or to do any modification to the user's end. The user's DNS will be the same, the traffic will flow through the same firewall, and it will give us the DNS level security. For other OEMs or other solutions, we need to map their DNS to the public DNS and there is a need to modify the DNS at the user level. Additionally, the solution works in real-time and it is easier to deploy users. For example, to deploy 1,000 - 2,000 users having to do the modifications in each user's IT environment would take a lot of time.

Additionally, I have found the solution to be very user-friendly.

There should be an on-premise version of this solution. There are companies that have asked for a solution that is on-premise. The reason for this is some companies might want to have control of where their traffic is going. For example, banking companies do not want their DNS queries or any such traffic to be sent over the cloud, because the cloud can be inside India or anywhere. This is why they might want the solution to be on-premise to allow them to have full control of the security.

I have been using the solution within the last 12 months.

The solution is very reliable and stable. It intercepts DNS traffic and it can block unwanted traffic and forward it elsewhere.

The solution is highly scalable since it is in the cloud. We have approximately 50 users using the solution. Between my customers, they have a user base of 10 to 10,000 users using the solution.

The technical support is responsive.

Since it is a subscription, all you need to do is activate the license to use it.

There is an annual license for the solution and I am satisfied with the pricing.

We did evaluate other options.

My advice to those wanting to implement Palo Alto Next-generation Firewalls, VM-Series, K2, or any other firewall from Palo Alto, I would recommend them to enable DNS Security.

I rate Palo Alto Networks DNS Security a nine out of ten.