What needs improvement with Palo Alto Networks WildFire?

Palo Alto Networks WildFire should be more real-time in nature. The signature updates should happen in a minute or less than a minute to be a very good feature for the customer. When an unknown attack occurs, Palo Alto Networks WildFire takes less than five minutes to confirm users about the attack, so it should be possible in a minute or less than that. In the future, it should support uploading files to WildFire Cloud. The solution already supports many other file formats. We should be able to analyze any file before we send it to the cloud.

Improving detection on non-Windows formats would be beneficial as there are many samples, such as Linux or ransomware for macOS. Enhancing detection in these areas would be great.

One area for improvement is the expansion of the sandbox environment to include a broader range of platforms, such as Linux, macOS, and mobile operating systems.

The analytical features require improvement.

The product integration with third-party systems need improvement.

The product's user interface for investigations needs enhancement. While it's already efficient for professionals who know how to use it, further interface refinement could make it more intuitive during complex forensic work.

The license is limited. Suppose you have a firewall with a WildFire license but haven't enabled the security profile. In that case, your firewall could be vulnerable to threats. WildFire could improve by enabling the firewall to update its security profile database, even if the security profile itself isn't active. This way, it could block threats not associated with WildFire as a first line of defense. If Wi-Fi can be improved to offer real-time security profiling and updates, it can prevent traits unrelated to Wi-Fi.

Palo Alto doesn't do much to support the on-premise version. It wants too much self-support for the on-premise version of WildFire. But for regulation purposes, some of our customers don't want to use the cloud environment, so they have to use the on-premise version. Integration is okay, not too hard, with Palo Alto. But we are facing a lot of issues, and most of the issues go unresolved. So, the on-premise version is not very stable. With my experience, the cloud version is stable. So I need the on-premises version to be more stable.

There is not much room for improvement for WildFire itself. It serves well as a repository for threat intelligence. Any enhancements should likely be focused on the firewall appliance to further strengthen overall security capabilities, such as refining app and user identity features.

The product fails to offer protection when dealing with high-severity vulnerabilities, making it an area of concern where improvements are required.

The free version does not have real-time updates. It is slow.

I have had only one matter of concern. Many years back an update caused an issue with the firewall. However, Palo Alto not only informed us of said issue, they also sent an update that fixed the issue before I even had time to log in to determine if the issue affected our services. Wildfire is subscription-based in order to submit and get responses, however, a SOC costs money and all the input keeps the protection fresh.

We have encountered implementation issues and identified gaps within Palo Alto Networks WildFire. In general, we need to address certain issues for the benefit of our end users. To overcome these challenges, we have been searching for alternative approaches, such as a defender flow sheet or an advanced application with improved filtering features. Some hardware and resource utilization issues exist. In additional features, I would like to see playbooks or actions that are possible or available in my system, but what we really need is a way to contain or disconnect servers when malicious communication is initiated. Specifically, we require blocking playbooks or some mechanism to contain the IP or initiator. There will be many improvements to come ahead, especially in AI-based machine learning and actions on it. For example, having the ability to delete threats with a visibility of our global threats for up to seven days, etcetera. We need improvement in this area.

The technical support response needs improvement.

I don't have any real problems with the solution. High availability features are lacking. It's a bit too standard as a solution. It needs high availability. We'd like the solution to be a bit cheaper. It's quite pricey.

The solution can improve its traffic management.

The price could be better.

Palo Alto Networks WildFire could improve by adding support for manual submission of suspicious files and URLs. Additionally, it would be an advantage to add rule-based analysis. Currently, it uses only static and AI. We need to be able to analyze archive files.

The global product feature, the VPN, needs improvement, and we need some enhanced features.

There are some formats that the solution cannot support today, but they are mostly very rare formats. So that can be improved.

Palo Alto limits the files submitted per day. There are limitations with the boxes for the Palo Alto module. In the future, I think Palo Alto will reduce the sandboxing in the on-prem version because the box cannot operate. In the future, Palo Alto could reduce the time it takes to process the file. Sometimes it takes 10 minutes.

I didn't experience any pain points in Palo Alto Networks WildFire. It's good "as is". In terms of what I'd like to see in the next release of Palo Alto Networks WildFire, each release is based on malware that has been identified. The key problem is an average of six months from the time malware is written to the time it's discovered and a signature is created for it. The only advice that I can give is for them to shorten that timeframe. I don't know how they would do it, but if they shorten that, for example, cut it in half, they'll make themselves more famous.

We do a lot with charities, and I'd love Palo Alto Networks WildFire to have more discounts, e.g. charity discounts, so we can protect healthcare and schools, then other than aiming at the universities and the big hospitals where it's a lot of money, we can go for the smaller schools, too. They make quite a killing there. Again, it's just charity pricing, but because we are a partner with them, we can do that ourselves, e.g. we can buy it and then reduce our margins on it to get them over. We feel that it's better to sell the device that's very good at a lower cost, then, we lock in with their services at the end, so work management, etc. Rather than saying, "It's going to cost you this much money, and it's too expensive to even begin with."

The only problem with this solution is the cost. It's expensive.

When comparing this solution to others it is not as good overall.

The system performance degrades after the solution has been deployed for some time. The data that it gives us becomes a little bit slow. When you try to get some data for troubleshooting, it seems like it's working hard to extract that data.

The solution needs more third-party integration. The automation and responsiveness need improvement. They need to be able to escalate technical support issues in a more effective way. The solution is a bit too expensive.

The cost of the solution is excessively high.

Management and web filtering can be improved. There should also be better reporting, particularly around web filtering.

The threat intelligence that we receiving in the reporting was not as expected. We were expecting more. Additionally, we should be able to whitelist a specific file based on a variety of attributes. In a future release, they could make the solution be a stand-alone deployment, one that does not need another Palo Alto solution and can integrate with any other solution from another company. For example, we could use this solution together with other solutions, such as Fortinet firewalls or endpoint solutions.

The support is good but they could be faster.

Our main concern is that everything has to be synced with the WildFire Cloud and has to be checked through the subscription. In the next release, I would like to see some integration with other products, with endpoints and management. Also, there are too many features for the client to research.

In the future, I would like to see more automation in the reporting.

The only complaint that we receive from our customers is in regards to the price. Our clients are happy with the technical aspects, but the cost is expensive. Some customers complain that it takes a long time to make changes to the configuration, but this depends on the customer and the environment. It may not be a problem that is directly related to the product. There are a lot of changes that need to be made for the security of a big company. The technical support team in Poland should be larger. Palo Alto needs to invest more in marketing because there is not enough awareness for the brand in Poland.

The price of WildFire should be reduced in order to make it more affordable for our customers. Deployment to mobile devices should be easier.

I think they should lower the price of this solution. They are losing customers because the price is too high. The deployment model could be better. WildFire is quite unknown in my country. They should develop a better system for teaching their customers how to use this solution and its features.

It's not a problem specific to the technology, it's a problem across the board. All the encrypted traffic can be a challenge. Becoming a man in the middle requires CPU cycles, causing additional overhead.

The support needs to be improved because it takes too long to resolve severity-one issues. Better integration with third-party products and services is needed. The need to implement their own multifactor authentication, rather than relying on third-party add-ons for it. They have malware protection and web-filtering in place, although they are not as effective as Titan or Cisco Umbrella.

In terms of threat prevention capabilities, the solution doesn't need any improvements that I can see. We've been quite satisfied. The size of Palo Alto's cloud is big but it could be easier to use from a product management perspective.

Palo Alto is very tech-heavy, and the average user can't just go and deploy one. You really need to know what you're doing. I've been doing IT for more than 25 years and I sometimes have to double-check things or ask for help. The reason is that there is so much included in the solution. It would be nice if there was an easier way to install and deploy it, such as through the inclusion of wizards. Having a more complex product generally means that you need more technical expertise, although if very experienced people are still having trouble then it is probably worth revisiting and trying to improve. It would be nice to have some sort of remote management tool. As far as I'm aware, they don't have a tool that runs on a mobile device, so you need to be in front of a workstation in order to get it up and running. If I had a remote tool that allowed me to access it then it would be very helpful. Even if I have to VPN into the network, that's fine, because being able to remotely do stuff on my phone would be useful. Everything is going that way.

I would like to see them continue their developmental roadmap for the product.

There are certain changes that I was expecting in the previous version, and I hope that they are soon fixed. Their database has good Information over threats because of Unit42 however there is a serious competition to the product from Cisco ThreatGrid and Umbrella I don't think there are any major features that are different from Palo Alto versus their competitors but with time the PA needs to improvise on products and threat feed if it needs to be the leader

Other vendors have some sort of bandwidth management built into the firewall itself and Palo Alto is missing that. If there was anything extra for the endpoint security and VNC that would be good, but again it's coming with Palo Alto and must come with some additional cost.

As a firewall and 360 degrees of security, there needs to be more maturity. And, the industry is currently moving towards automation and orchestration. I would like to see more of this in the product. They are part of the future roadmap to AI (Artificial Intelligence).

I do not find it as secure as other solutions. Furthermore, the cloud-based solutions are still not legally available in countries like Saudi Arabia, Iran, and Russia. Some countries do not allow the service according to country obligations. They can not use the cloud services for government offices. So, Wildfire is not allowed in several locations. I think it would be nice for Palo Alto to work without the connection to the cloud. It is 100% powerful when connected to the cloud. But, if you disconnect from the cloud, you only get 40-50% power.

They should make their user interface a little more user-friendly.