What advice do you have for others considering Palo Alto Networks DNS Security?

There are two approaches my customers can use to integrate the tool into the existing network security framework. With the tool in place, we can enable data security in the policy in NGFW. The second approach is if you go for Infoblox DNS, we can enable its features in Palo Alto Networks DNS Security. Palo Alto Networks DNS Security is an add-on in NGFW from Palo Alto, and it is also an add-on feature in the data server from Infoblox. We do not need to integrate something like APIs in the tool to enable the rest of its features. I don't know how to say the predictive analytics of the solution works, but it is very important besides the signature-based protection method. The predictive analytics method is very important to stop zero-day attacks. I recommend the tool to others. I rate the tool a nine out of ten.

I recommend it. Overall, I would rate it a nine out of ten.

As per my understanding, it was easy to integrate the product into my company's infrastructure. It is a straightforward process to integrate the product with other tools and install it if our company receives help in advance from Palo Alto Networks. It is easy to maintain. One person is required to maintain the solution. I rate the tool a seven out of ten.

DNS is the first line of defense while accessing the internet. You cannot block the entire DNS traffic. DNS security is required to filter out the DNS traffic, any DNS-based attacks, DNS DDoS attacks, and DNS amplification attacks. DNS security is required for traffic initiated from the inside or outside network. I rate the solution a seven out of ten for performing false positive management. The automated threat prevention capability of DNS security is overall good, and I rate it eight and a half out of ten. The solution can be deployed on-premises, on the cloud, or as a hybrid model. The solution's reporting analytics capabilities for threat intelligence are great and quite comparable with Check Point or FortiGate solutions. Overall, I rate the solution an eight out of ten.

I would recommend Palo Alto Networks DNS Security to other users because it’s a stable solution. Overall, I rate Palo Alto Networks DNS Security a nine out of ten.

I think it is a good tool right now, and we can protect the newly registered domain name or the architecture that uses DNS. The product uses machine learning to protect DNS technology in networking. I don't have any comment on the downsides of the tool. The features and the security protection that the solution provides are good. Those planning to buy the solution should try it even though it may appear expensive. Once the product's potential buyers start using the solution, they will see the strong protection the tool provides and how easy it is to use it. In general, it is a very good product to protect an IT environment from external attacks. I rate the overall solution a nine out of ten.

In the future, Palo Alto will be launching new models with new features and better integration. It is also necessary to understand who is willing to integrate when the solution is open to integration. I rate the overall solution a nine out of ten.

Turn it on and run it and see how many DNS requests you were missing before. The biggest lesson I have learned is that we have a lot more malicious requests than we thought we did. I would rate Palo Alto Networks DNS security a nine out of ten.

My advice to those wanting to implement Palo Alto Next-generation Firewalls, VM-Series, K2, or any other firewall from Palo Alto, I would recommend them to enable DNS Security. I rate Palo Alto Networks DNS Security a nine out of ten.

We are customers and end-users. I'm not sure which version of the solution we're using. I'm currently during training with new virtual firewalls. DNS is a very ancient protocol. The protocol 53 and the UCP and so on, and ARP. We need to review that architecture due to the way we do networking is open to hacking. People can poison the cache, and therefore we need to look at a way of doing away with ARP, doing away with the UCP and having, let's say, the address convert automatically into the IP address and do away with IP version 6. IP version 6 was a total mess. Although the protocol works, it consumes too much overhead and it's too much of a fat protocol. It uses 64 bit, 128 bit, hex addressing at the Mac layer and also at the network layer when using hex. We need to stick with expanding IP version 4, data in notation. That works at a human level better than working at the network layer. When you use, let's say, IP version 6 it is very difficult to troubleshoot. It's a lot easier to troubleshoot IP version 4, that it's decimal and hex at the network layer. It's a lot easier to identify patterns, easier for the eye to be able to recognize that something is negative or to understand how protocols are working or how routing is working. Right now, most companies operate with all the DNS. What's surrounding the DNS are the firewalls, intrusion protection and detection, load balancing, fault tolerance et cetera. Other than that, we don't have a secure DNS. That's why we need to reinvent networking. We need to switch to a new method of networking, where we have a truly secure DNS. Without the DNS the internet does not work. That's like having a store open to pirates. DNS is the best thing that has been invented, as far as the internet goes, as that's what allows the browsers to work, that's what allows network solutions to work. Without it we're dead. I'd rate the solution at an eight out of ten.

For us, this is the best product that we have used. Nonetheless, I will recommend it only once they have integration with Cisco Meraki so that the two technologies can work together. I would rate this solution a nine out of ten.