If the tool offers improved data security, I think it would be good. If some of our company's partners or customers want to distinguish the license between Palo Alto Networks DNS Security and Palo Alto Networks Advanced Threat Prevention, it should be made possible. Some people had asked me how they could distinguish between Palo Alto Networks DNS Security and Palo Alto Networks Advanced Threat Prevention if they bought both. With Palo Alto Networks DNS Security, there are no menus like in the case of Palo Alto Networks Advanced Threat Prevention. We configured Palo Alto Networks DNS Security in Palo Alto Networks Advanced Threat Prevention, and that is why our customers ask us how to check the features of the tools in the GUI. Palo Alto Networks DNS Security has a set of features that are different from Palo Alto Networks Advanced Threat Prevention, and so our customers want to be able to distinguish between the licenses of both solutions.
It could reduce the number of false positives. We have to white list multiple false positives manually, like applications. Sometimes, it blocks legitimate traffic for custom applications, requiring manual intervention.
Project Manager, Finance IT at Sun Hung Kai & Co. Limited
Real User
Top 10
2024-02-29T08:06:08Z
Feb 29, 2024
With Palo Alto Networks DNS Security, sometimes the DNS clients don't work well, and they get disconnected, making it an area where improvements are required.
The solution can capture more market if made more cost-competitive than Infoblox or Cisco Umbrella. The solution’s DLP capabilities could be improved.
Pricing is one of the areas of concern in Palo Alto Networks DNS Security since it is an expensive product. I feel that the product's pricing is an area that could be improved. The price of the product has always been high in general, but recently Palo Alto has further increased the price. My customers complained about the solution's price rise and also had to purchase a new hardware box. The prices for renewal of the product are also pretty high. My company had to explain to the customers that they would have to make certain payments towards the research required to improve the product. The solution's technical support needs to improve and be faster to offer support to its customers on time. Palo Alto Networks should arrange for a tech support engineer to troubleshoot the issues faced by their customers.
Learn what your peers think about Palo Alto Networks DNS Security. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
No solution provides a hundred percent security, so that can be improved. For the scalability aspect, to cover up its shortcomings, they need to deploy more models in some areas, like SMBs.
Network Engineer at a educational organization with 11-50 employees
Real User
2021-10-13T18:24:00Z
Oct 13, 2021
I'm not really sure what needs improvement. The only hiccup I've really seen is a couple of the DNS requests get flagged as the Sophos traffic instead of DNS traffic, but that's more of their app detection in the DNS Security. I haven't really seen any issues with the DNS security.
Consultant at a tech services company with 501-1,000 employees
Reseller
2021-05-19T12:06:51Z
May 19, 2021
There should be an on-premise version of this solution. There are companies that have asked for a solution that is on-premise. The reason for this is some companies might want to have control of where their traffic is going. For example, banking companies do not want their DNS queries or any such traffic to be sent over the cloud, because the cloud can be inside India or anywhere. This is why they might want the solution to be on-premise to allow them to have full control of the security.
Senior Technical Project Manager at a university with 10,001+ employees
Real User
2021-04-01T10:10:31Z
Apr 1, 2021
Every vendor that sells DNS or firewalls needs to be able to protect against DNS look-up attacks and DNS naming hacks. This is true of Palo Alto as well as others. The IDS and IPS should be built-in. With EDS and IDS, some are proud to have built-in IDS and IPS intrusion protection and intrusion detection as some vendors sell IDS and IPS separately. They shouldn't be separate. Instead of selling two products, it really should just be one.
Palo Alto Networks DNS Security is a solution that can stop attackers from abusing DNS for malicious activities like data theft, command and control, phishing, and ransomware. The solution offers organizations automated protections, prevents attackers from bypassing security measures, and eliminates the need for independent tools.
Palo Alto Networks DNS Security Features
Palo Alto Networks DNS Security has many valuable key features. Some of the most useful ones include:
Full protection:...
If the tool offers improved data security, I think it would be good. If some of our company's partners or customers want to distinguish the license between Palo Alto Networks DNS Security and Palo Alto Networks Advanced Threat Prevention, it should be made possible. Some people had asked me how they could distinguish between Palo Alto Networks DNS Security and Palo Alto Networks Advanced Threat Prevention if they bought both. With Palo Alto Networks DNS Security, there are no menus like in the case of Palo Alto Networks Advanced Threat Prevention. We configured Palo Alto Networks DNS Security in Palo Alto Networks Advanced Threat Prevention, and that is why our customers ask us how to check the features of the tools in the GUI. Palo Alto Networks DNS Security has a set of features that are different from Palo Alto Networks Advanced Threat Prevention, and so our customers want to be able to distinguish between the licenses of both solutions.
It could reduce the number of false positives. We have to white list multiple false positives manually, like applications. Sometimes, it blocks legitimate traffic for custom applications, requiring manual intervention.
With Palo Alto Networks DNS Security, sometimes the DNS clients don't work well, and they get disconnected, making it an area where improvements are required.
The solution can capture more market if made more cost-competitive than Infoblox or Cisco Umbrella. The solution’s DLP capabilities could be improved.
The solution’s scalability could be improved.
Pricing is one of the areas of concern in Palo Alto Networks DNS Security since it is an expensive product. I feel that the product's pricing is an area that could be improved. The price of the product has always been high in general, but recently Palo Alto has further increased the price. My customers complained about the solution's price rise and also had to purchase a new hardware box. The prices for renewal of the product are also pretty high. My company had to explain to the customers that they would have to make certain payments towards the research required to improve the product. The solution's technical support needs to improve and be faster to offer support to its customers on time. Palo Alto Networks should arrange for a tech support engineer to troubleshoot the issues faced by their customers.
No solution provides a hundred percent security, so that can be improved. For the scalability aspect, to cover up its shortcomings, they need to deploy more models in some areas, like SMBs.
I'm not really sure what needs improvement. The only hiccup I've really seen is a couple of the DNS requests get flagged as the Sophos traffic instead of DNS traffic, but that's more of their app detection in the DNS Security. I haven't really seen any issues with the DNS security.
There should be an on-premise version of this solution. There are companies that have asked for a solution that is on-premise. The reason for this is some companies might want to have control of where their traffic is going. For example, banking companies do not want their DNS queries or any such traffic to be sent over the cloud, because the cloud can be inside India or anywhere. This is why they might want the solution to be on-premise to allow them to have full control of the security.
Every vendor that sells DNS or firewalls needs to be able to protect against DNS look-up attacks and DNS naming hacks. This is true of Palo Alto as well as others. The IDS and IPS should be built-in. With EDS and IDS, some are proud to have built-in IDS and IPS intrusion protection and intrusion detection as some vendors sell IDS and IPS separately. They shouldn't be separate. Instead of selling two products, it really should just be one.
We would like to have cloud-based management. I would like to see integration with Cisco Meraki so that they can work together on DNS issues.