There is room for improvement in the pricing model. For additional features, maybe Palo Alto could improve their documentation. It would be helpful to have better documentation for configuring and installing the solution. Currently, the documentation is not very comprehensive, and there isn't much information available. Sometimes it's difficult to understand how to use it.
Senior Staff Security Engineer at a renewables & environment company with 1,001-5,000 employees
Real User
2021-03-14T23:45:25Z
Mar 14, 2021
At times in AutoFocus, when you have a homegrown application or you check another threat intelligence feed, it's not malicious but is still categorized as gray. We need to request a change in the verdict, AutoFocus then deals with it and sends us an update that it is benign for us. It would be better if they used the threat intelligence feeds directly from their side and changing the verdict instead of us requesting it.
I would like to have more technical documentation that contains greater detail on the types of threats that are occurring. Examples of things that I would like more technical details about are specific malware and APTs. This solution seems to run slowly, although I haven't used another similar solution that I can use to compare it.
Find out what your peers are saying about Palo Alto Networks, Cisco, Recorded Future and others in Threat Intelligence Platforms. Updated: October 2024.
A Threat Intelligence Platform (TIP) is a solution that collects, analyzes, and distributes threat intelligence data. TIPs can help organizations to identify and mitigate cyber threats by providing them with insights into known and emerging threats.
I would like the tool to see more integration with Cortex XDR. There is no real reason to keep them separate.
There is room for improvement in the pricing model. For additional features, maybe Palo Alto could improve their documentation. It would be helpful to have better documentation for configuring and installing the solution. Currently, the documentation is not very comprehensive, and there isn't much information available. Sometimes it's difficult to understand how to use it.
It must be on-premises as well; it must have a server on-premises. It is a completely cloud-based product at present.
At times in AutoFocus, when you have a homegrown application or you check another threat intelligence feed, it's not malicious but is still categorized as gray. We need to request a change in the verdict, AutoFocus then deals with it and sends us an update that it is benign for us. It would be better if they used the threat intelligence feeds directly from their side and changing the verdict instead of us requesting it.
I would like to have more technical documentation that contains greater detail on the types of threats that are occurring. Examples of things that I would like more technical details about are specific malware and APTs. This solution seems to run slowly, although I haven't used another similar solution that I can use to compare it.