Palo Alto Networks SD WAN & SASE Cybersecurity Solutions

Sector, Company Type, and Location:Manufacturing  |  Healthcare  |  Retail  |  Utilities  |  Public Sector  |  Education  |  Financial Services  |  Government  |  Energy  |  ICS/SCADA Control Systems  |  Vendor  |  Europe  |  Asia  |  Australia  |  Israel  |  United Arab Emirates  |  UK  |  North America  |  South America
Tags & Search Filters:SD WAN  |  XDR  |  CASB  |  ZTNAand 12 more tags  |  DIY SD WAN services  |  Internet leased line  |  SASE Cybersecurity  |  MDR  |  FWaaS  |  SWG  |  MPLS  |  SIEM  |  Security service edge  |  Next-Generation Firewalls  |  Featured on Gartner  |  EDR

Palo Alto Networks are a good option for large global enterprises looking for a solution with integrated SD WAN and SASE and strong cloud capabilities. The solution leverages machine learning to simplify network operations, removing the need for manual control.  Further, the company are a good option for those looking for strong access to cloud vendors such as AWS, Azure and Google Cloud. However, caution may be taken as Palo Alto do not offer WAN acceleration and optimization - client’s looking for these services may need to look elsewhere.

Palo Alto Networks SD WAN & SASE Cybersecurity Solutions
Review

Netify Review

Palo Alto's solution has very strong cloud connectivity (including cloud security) and security (SASE, XDR) capabilities. Their integrated SD WAN and SASE capabilities make them an ideal choice for large global enterprises with Machine Learning (ML) capabilities to simplify network operations - making them ideal for those with small or preoccupied IT teams. However, although Palo Alto's solution is strong, previous customers state that the solution can be very expensive. Further, as with a majority of vendors, Palo Alto do not support their own backbone (underlay connectivity), but instead use PoPs on third-party cloud platforms (AWS and Google Cloud Platform, for example). This is not necessarily an issue, however clients looking for a vendor provided overlay and underlay solution may not be suited to Palo Alto for this reason. 

Summary

Palo Alto Networks SD WAN & SASE Cybersecurity Solution: Comparisons, Review, Benefits, Use Cases, Pros & Cons

Author: Netify Research Team

If you have questions about Palo Alto Networks and how their capability is aligned to your needs, email the Netify research team. UK: uk@netify.co.uk North America: northamerica@netify.com

(Please use the UK email for ROW - Rest of the World - questions or inquiries)

Resources and Downloadable Content

Request the very latest Palo Alto SD WAN & SASE sales PDF directly from your local account team. Please check your junk folder if not received.

Complete your details to arrange a demo of Palo Alto. You will receive contact requesting available dates and times - please check your junk folder if not received.

Request your local in-country sales contact. You will receive details as soon as possible - please check your junk folder if not received.

Marketplace Assistance

Are you an IT decision maker building your own SD WAN or SASE Cybersecurity shortlist?

Take our 90 second assessment quiz to find out which top 3 vendors or managed providers are a match for your answers.

About

About Palo Alto Networks

Palo Alto Networks acquired CloudGenix (a software company founded in 2013) in 2020. The company is headquartered in San Jose, California, North America and offers SD WAN and SASE solutions. The company were awarded “Customer’s Choice” in the 2021 ‘Voice of the Customer’: WAN Edge Infrastructure by Gartner Peer Insights. Palo Alto’s SASE solution is used by over 2500 enterprises globally. As of 20th July 2021, Palo Alto partnered with Google Cloud to provide native threat detection for virtual private clouds through Cloud IDS, a joint network threat detection service. Their Unit 42 team leverages over 200 threat researchers as part of their threat intelligence support to enhance their products and provide services in the case of advanced attacks. Palo Alto Networks was named a Leader in The Forrester Wave™: Enterprise Firewalls, Q4 2022 report. In 2022, Palo Alto Networks entered negotiations to acquire Israeli AppSec operating system developer Cider Security.

Pros & Cons

What are the pros and cons of Palo Alto Networks SD WAN & SASE Cybersecurity?

List of the pros and cons associated with Palo Alto Networks SD WAN and SASE security.

Pros

  • Palo Alto offer next generation SD WAN and SASE, designed to replace legacy architectures with simplified and fully cloud-integrated alternatives.
  • Offer a strong security product portfolio, including next generation SASE, 5G Security, Cloud Native Security, Okyo Garde which is Palo Alto’s home and small business security device and various network security features.

Cons

  • Poor option for industry verticals such as retail, due to limited capabilities in simple all-in-one form factors.
  • Do not offer a specific WAN optimization or application acceleration service.
Comparison

Comparison: Palo Alto vs Fortinet vs FireEye SD WAN & security

Consider the points below to compare Palo Alto vs Fortinet vs FireEye SD WAN and SASE security.

Palo Alto

  • Palo Alto's main product focus is a converged SD WAN and SASE platform, delivered from the cloud. The solution supports remote and home workers as well as those on-premises. 
  • Palo Alto offers fully featured SD WAN via their acquisition of CloudGenix. 
  • Palo Alto support remote users with the Okyo Garde appliance, which works as an extension of the corporate network avoiding the need to configure VPNs. 

Fortinet

  • Fortinet offer hardware-based SASE and SD WAN, with offerings for Extended Detection and Response (XDR). 
  • Fortinet's SD WAN offering was built internally from the ground up as a component of their overall solution. 
  • Fortinet support users with cloud-delivered threat protection which removes the need for legacy VPN technologies. 

FireEye

  • FireEye offer XDR and cloud security services, with a range of managed security solutions.  
  • FireEye do not offer SD WAN or SASE services. 
  • FireEye offer security for remote users via a technology partnership with iBoss. The solution features authentication and SSL  decryption, with intelligence-driven technologies to detect and protect against zero-days attacks. 

Forcepoint

  • Forcepoint offer SASE with options for integrated data protection services. 
  • Forcepoint do not have an SD WAN offering. 
  • Forcepoint offer security for remote users via a cloud delivered security gateway, Data Loss Prevention (DLP) and private access to applications. 

Similar Vendors

Top 3 similar SD WAN & SASE Vendors

Click the service provider logo to find out more about each respective SD WAN and SASE solution.

SD WAN

What is the Palo Alto Networks SD WAN Solution?

Palo Alto deliver ‘next generation’ Prisma SD WAN, delivering and connecting all branch services from the cloud. The aim is to replace legacy SD WAN platforms with Palo Alto SD WAN which uses machine learning to simplify overall network operations by eliminating 99% of trouble tickets. 

Configuration-Based Key Features:

  • Cloud-Delivered Branch: All branch services are delivered from the cloud, including security, networking, voice and more. This simplifies WAN management, as all applications are integrated even in different locations.
  • Application-Defined: SLAs are delivered for all applications including Cloud, SaaS and UCaaS.
  • Application Visibility: Includes Layer-7 intelligence that enables simpler traffic engineering and network policy creation. 

Security-Based Key Features:

  • See the Palo Alto SASE security solution here. 

Performance-Based Key Features:

  • Router Modernization: Legacy routers can be upgraded to lightweight branch appliances, with zero-touch provisioning to improve branch deployment services.
  • Autonomous Network Operations: Prisma SD WAN leverages artificial intelligence of IT operations (AIOps) and machine learning with data science methodologies to automate problem avoidance and simplify network operations.
Service Providers

Which service providers offer Palo Alto SD WAN/SASE?

Filter by tag, location, and service type:
(Select any number of tags)

EuropeAsiaAustraliaIsraelUnited Arab EmiratesUKNorth AmericaSouth AmericaSD WANXDRCASBZTNADIY SD WAN servicesInternet leased lineSASE CybersecurityMDRFWaaSSWGMPLSEndpoint protectionFile analysisIoT securityVulnerability assessmentSecurity and complianceMobile threat defenceSIEMSecurity service edgeCloud workload protectionIdentity governance, access managementInstant communications securityManaged securityIntegrationsAnalyticsNetwork firewallsWAN Edge infrastructureReporting and statistics (SD WAN)On-premises/Private cloudSaaSCompliance reportingArtificial Intelligence (AI)
SASE

What is the Palo Alto Networks SASE security solution?

The Prisma Access SASE security solution is designed to replace legacy SASE architectures. The security solution converges next generation SASE and next generation SD WAN into one cloud-delivered platform, securing applications used by workforce users in the branch office, remote or from home. Multiple security products are combined into one integrated service to reduce complexity whilst increasing agility. 

SASE Features: 

  • Firewall as a Service (FWaaS): Delivered as a cloud-based service, FWaaS provides next generation firewall (NGFW) capabilities and hyper scale, with security features such as advanced threat protection (ATP), intrusion prevention system (IDS), domain name system (DNS) and web filtering.
  • Cloud Secure Web Gateway (SWG): Deployed from the cloud, SWG enables web security for any authorized device, which could be used in a remote location. Performs malicious content inspection, URL filtering, web visibility and web access controls.
  • Zero Trust Network Access (ZTNA): Provides secure access to services and applications based on pre-set access control policies.
  • Integrated Cloud Access Security Broker (CASB): Cloud-based, integrated CASB does not require a broker, as it is easily deployed due to it being integrated into an existing security stack. It is designed to protect sensitive data which is being transported between company networks, users and SaaS providers. It monitors and manages user behavior to minimize shadow IT risks, whilst securing applications, data and users on-premises and in remote locations and the cloud.

Further, as of May/June 2022, Palo Alto has announced two new integrations between themselves and technology companies Infosys and Thales. 

The integration between Palo Alto and Thales will allow customers to implement Palo Alto security systems globally, by integrating Thales SafeNet Trusted Access across Palo Alto's Prisma Access, ML-powered NGFW, Cortex XSOAR and GlobalProtect technologies - deploying Thales' zero trust model across Palo Alto's suite of solutions. 

Palo Alto and Infosys aim to provide large-scale cybersecurity solutions for global enterprises, whilst securing hybrid cloud environments, all from a single, unified platform. The solution is also able to integrate SASE and Zero Trust and works by delivering network security from Palo Alto across Infosys' global network of Security Operations Centres (SOCs) and will be aimed at large multinational corporations. 

In 2022 Palo Alto Networks introduced software-as-a-service (SaaS) Security Posture Management (SSPM) and new SD-WAN appliances (ION 1200-S and ION 3200) to its Prisma secure access service edge (SASE) platform.

As part of SSPM, Palo Alto Networks’ next-generation cloud access security broker (NG-CASB) is fully integrated within the SASE solution. SaaS settings can be viewed and configured via the SASE portal, bringing SASE with CASB and DLP into a unified cloud console, leaving no gaps in security. Features include access to corporate SaaS applications only for legitimate users, threat prevention via inline ML models, continuous application discovery, categorization and control of new and emerging SaaS applications via App-ID™ technology.

The solution includes some of the most extensive API-based coverage of SaaS apps in the industry, and cloud Enterprise DLP protects sensitive data and supports compliance everywhere.

Cortex SOC Tools

What XDR (Extended Detection and Response) Solution is Supported by Palo Alto Networks?

Cortex XDR: Palo Alto's Cortex XDR features Next-Generation Anti-Virus (NGAV), host firewall, USB device control, disk encryption, threat detection driven by machine learning, deep forensics, incident management and automated root cause analysis.

 Cortex XDR PreventCortex XDR Pro
Endpoint Protection
Next-Generation Antivirus
Detection and ResponseVisibility across virtually all data
ForensicsOptional
Managed Detection and ResponseOptional
Host Insights Optional

Source: Palo Alto Networks (2022)

Cortex SOC Tools

What SOAR (Security Orchestration, Automation and Response) Solution is Supported by Palo Alto Networks?

Cortex XSOAR: Palo Alto Cortex XSOAR can be hosted, deployed in a multitenant environment or on-premises and enables SecOps workflow and network security automation as well as incident case and threat intelligence management. The machine-learning enabled platform frees up Security Operations Centre (SOC) staff by automating routine tasks and the distribution of changes to enforcement points at scale. Cortex XSOAR features over 750 integrations and 680+ content packs for various security use cases. The solution can also improve the efficiency of human analysts through integrated threat intelligence management, real-time collaboration, incident-specific layouts, war rooms and customizable reporting.

Cortex SOC Tools

What ASM (Attack Surface Management) Solution is Supported by Palo Alto Networks?

Cortex Xpanse: Provides continual discovery and monitoring of the internet-facing corporate attack surface to find exposures in IT admin system portals, exposed development infrastructure, sensitive business operation applications, remote access service, unencrypted logins and text protocols, insecure file sharing/exchanging services, insecure or abandoned marketing portals, directly exposed Internet of Things (IoT) devices, weak and insecure/deprecated cryptography, and unpatched systems vulnerable to public exploit and end-of-life (EOL) systems.

Cortex SOC Tools

What SIEM (Security Information and Event and Management) Solution is Supported by Palo Alto Networks?

Cortex XSIAM: Palo Alto's SIEM solution is their proprietary Cortex Extended Security Intelligence and Automation Management (XSIAM) solution. Cortex XSIAM is an autonomous SOC platform leveraging machine-learning-based security analytics, built-in attack surface management capabilities and threat intelligence to ensure proactive security. Cortex XSIAM provides end-to-end threat management across enterprise and cloud security operations from a single platform. The solution delivers threat detection and response, orchestration and automation, UEBA, Network and Cloud analytics, attack surface management, endpoint protection and intelligence, reporting and compliance, threat intelligence management, data foundation and detection analytics.

Funding

Funding Rounds

2005$0M
2006$10M
2007$18M
18/08/2008$27M
03/11/2008$10M
Cloud Vendors

How does Palo Alto Networks access cloud vendors?

The Prisma Cloud Security platform offers comprehensive cloud security, which extends to AWS, Azure and Google Cloud. Palo Alto are an AWS partner, offering VM Series Cloud Migration, SD WAN Connectivity to AWS and hybrid cloud. They are a Microsoft Azure Gold partner in Application Development and Cloud Platform, and a Silver partner in Security. They also partner with Google Cloud and offer Managed Cloud Security through a partnership with Telus.

Cloud Access Features: 

  • Cloud Security and Posture Management: Maintains compliance across public clouds whilst monitoring posture and detecting and responding to threats.
  • Cloud Infrastructure Entitlement Management: Secures identities and enforces permissions across workloads and cloud resources.
  • DevSecOps: Integrates security with developer tools whilst securing configuration and scan codes.
  • Cloud Workload Protection: Secures serverless functions, hosts and containers across the application lifecycle.
  • Cloud Network Security: Enforces micro-segmentation and secure trust boundaries and provides network visibility.
Cloud Access

Cloud Access

Amazon Web Services33.33
Microsoft Azure33.33
Google Cloud33.33
WAN Acceleration and Optimization

Does Palo Alto Networks offer WAN acceleration and optimization?

Palo Alto do not provide WAN optimization or acceleration. However, Quality of Service (QoS) and application routing services are available to improve performance.

Remote Users

How does Palo Alto Networks support remote users?

Users that work from home are supported via Palo Alto’s Okyo Garde appliance. The device is available to both Enterprise as well as Home and Small business. The Enterprise edition provides teleworking staff with an easy-to-use and secure extension of the corporate network. The device uses Zero Trust access and multi-layered protection to deliver enterprise grade security to corporate devices on the home network. The lack of network isolation at an employee’s home and the inability to configure VPN or agents to some corporate devices means that the home environment becomes a significant hazard as the enterprise network becomes vulnerable to cyberattack or loss of sensitive data if an employee’s network is inadequately secured. Okyo Garde offers high performance corporate segments through the use of a mesh-enabled Wi-Fi 6 system and multi layer protection for all corporate devices on the network whilst being orchestrated through a single pane of glass. The home network becomes integrated with Prisma Access to provide SASE security without the need for a datacenter and a minimal deployment time to allow remote workers and IT administrators to attend to other tasks. An employee using the Okyo Garde enterprise edition is also able to set up an optional subscription to secure their own personal home network at no additional cost.

Managed, co-managed & DIY services

What is the Palo Alto Networks managed, co-managed and DIY services solution?

Palo Alto is available as a managed service through qualified Managed Security Service Providers (MSSP).

SASE

The Percentage of Companies Considering a SASE Deployment in the next 12 Months

Confirmed SASE Deployment in the next 12 Months19%
Strongly Considering SASE but no Current Plans to Deploy27%
No Plans to Deploy SASE23%
Portal

What Reporting and Management is available via the Palo Alto Networks Portal?

Palo Alto offer customers access to their Customer Support Portal, where assets and support cases can be registered and managed, questions can be answered and the Live Community can be accessed.

years active

Number of years active

Palo Alto17
Fortinet22
Forcepoint28
Service Level Agreement

What is the Palo Alto Networks SLA?

Below is a table displaying the main focus points of the Palo Alto Networks Service Level Agreement (SLA). 

Support Plans and Services offered: 

 

Platinum 

Premium 

Standard 

Online support 

Yes - 24x7x365

Yes - 24x7x366

Yes - 24x7x367

Telephone support 

Yes - 24x7x365

Yes - 24x7x365

No

Response Times 

Platinum 

Premium 

Standard 

Severity 1 - Critical 

Product is down, critically affects customer environment. No workaround available. 

≤ 15 minutes 

≤ 1 hour

≤ 2 hours 

Severity 2 - High

Product is impaired, customer production not affected. Support is aware of the issue and a workaround is available. 

≤ 30 minutes

≤ 2 hours

≤ 4 hours 

Severity 3 - Medium 

A Product function has failed, customer production not affected. Support is aware of the issue and a workaround is available.

≤ 2 hours 

≤ 4 hours 

≤ 12 hours 

Severity 4 - Low 

Non-critical issue. Does not impact customer business. Feature, information, documentation, how-to and enhancement requests from customer. 

≤ 4 hours 

≤ 8 Business hours 

≤ 48 hours

Additional Services 

Platinum 

Premium 

Standard 

Premium United States Government (“USG”) Support

N/A

Yes, if eligible 

N/A

Security Assurance 

Yes, if eligible 

Yes, if eligible 

N/A

Expert Assistance 

Yes, if eligible 

N/A

N/A

Focused Services including Plus and Elite tiers

Optional, if eligible 

Optional, if eligible 

N/A

Hardware RMA

4-hr Premium or 4-hr Platinum 

Premium or Platinum 

Standard 

Advance Replacement Service: 4-Hour Replacement (available only for Hardware located within a specified range of Palo Alto Networks service locations)

Yes, if eligible 

No

No

Advance Replacement Service: Next Business Day Service

N/A

Yes

No

Return and Repair 

N/A

N/A

Yes

Palo Alto End User Support Agreement. (Palo Alto, 2020.) See more at:https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-global-customer-support-services-terms-and-conditions-eusa.pdf

Customer Success Plans and Services Offered: 

 

Premium 

Standard 

Online support 

Yes - 24x7x366

Yes - 24x7x367

Telephone support 

Yes - 24x7x365

No

Response Times 

Premium 

Standard 

Severity 1 - Critical 

Product is down, critically affects customer production environment. No workaround available yet. 

≤ 1 hour

≤ 2 hours 

Severity 2 - High

Product is impaired, customer production up, but impacted. No workaround available yet. 

≤ 2 hours 

≤ 4 hours 

Severity 3 - Medium 

A Product function has failed, customer production not affected. Support is aware of the issue and a workaround is available. 

≤ 4 hours 

≤ 12 hours 

Severity 4 - Low 

Non-critical issue. Does not impact customer business. Feature, information, documentation, how-to and enhancement requests from customer. 

≤ 8 Business hours

≤ 48 hours

Self-help guidance:

  • Online access to quick-start guides, best practices and training materials (pdf and video).
  • Online access to knowledge base and Support Portal.

Yes

Yes

Customer Success Team assistance:

  • Onboarding oversight.
  • Best practice guidance. 
  • Operational excellence reviews. 
  • Personalized training. 

Optional, if eligible 

No

Additional Services 

Premium 

Standard

Premium United States Government (“USG”) Success

Yes, if eligible 

No

Focused Services including Plus and Elite tiers

Optional, if eligible 

No

Hardware RMA

Premium or Platinum 

Standard

Advance Replacement Service: 4-Hour Replacement (available only for hardware located within a specified range of Palo Alto Networks service locations)

No

No

Advance Replacement Service: Next Business Day Service

Yes

No

Return and Repair 

N/A

Yes

Palo Alto End User Support Agreement. (Palo Alto, 2020.) See more at:https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-global-customer-support-services-terms-and-conditions-eusa.pdf

Frequently Asked Questions
What is the Palo Alto Networks SD WAN architecture?
Palo Alto Networks Service Providers
Palo Alto Networks Integrators
Palo Alto Networks Partners
Ask a question

Send your local contact from Palo Alto Networks a message, this form will reach Palo Alto Networks directly.

Contact Palo Alto Networks
Complete the form to get in touch with a representative from Palo Alto Networks.
Report

Download the the complete guide to 10 SD WAN solutions.

The most comprehensive top 10 guide we have ever created.

Similar Companies

There are no results matching your selection.

Deployments

Deployment Region

North America45%
Europe, Middle East and Africa40%
Asia/Pacific35%
Latin America15%
Proposition Focus

Proposition Focus

Features4
SASE/Security4.7
Cloud5
SD WAN4.5
Industries

Industry Coverage

Finance131%
Manufacturing107%
Services140%
Other29%
Education113%
Healthcare76%
Energy and Utilities45%
Communications35%
Retail34%
Government 33%
Transportation18%
Media17%
Construction 16%
Focus

Other Focus

Remote users40
Simplicity40
Complex requirements20
List your business

List your business with Netify Learn More →

Geographic

Geographic Focus

EMEA30
APAC20
Americas50

Please complete the form to ask a question or send a message directly to Palo Alto Networks. Netify have carefully curated global sales contacts based on your IP location. If you do not receive contact, please check your junk folder.

Book a demo of the Palo Alto Networks SD WAN and SASE security capability over Zoom or Teams. Learn about their management portal, deployment, SLA and support. You will receive an email asking for times/dates, please check your junk folder if not received.

A Netify Vendor Briefing is a 30 minute Zoom research session for IT decision makers, and an opportunity to learn about the vendors products, services and business strategies specifically or a related technology or market. We'll also discuss their competitors and which other solutions your business should consider. If you do not receive contact, please check your junk folder.

Netify is the first dedicated global SD WAN & SASE comparison marketplace.

List Your Business