Valtix vs. Palo Alto Cloud NGFW
A Square Peg
in a Round Hole
Don’t be fooled. Palo Alto Networks Cloud NGFW is a poorly executed solution for cloud network security that fragments visibility and control across clouds and adds compliance risk. Valtix provides best-in-class network security for cloud workload protection in a single policy, cloud-native, compliance-ready, and multi-cloud platform.
Don’t Let Palo Alto Networks
Create a Mess of Your Cloud Network Security
Fragmented
Management
The Palo Alto Cloud NGFW requires 3 different consoles: AWS Firewall Manager (FMS) for deployment, the Cloud NGFW console for policy, and there’s no console for analyzing logs going to AWS S3, Kinesis or CloudWatch.
Bottom Line Impact:
Elevated Security Risk
Not Really
Multi-Cloud
Palo Alto Cloud NGFW is an AWS only offering. There is no support for Azure, and GCP has a separate IDS-only version which cannot inspect encrypted traffic. There’s yet another experience in OCI. With multiple products the PAN solution fragments your security.
Bottom Line Impact:
Wasted Expense and Efforts
Lost Traffic
Ownership
Traffic is sent outside your cloud account boundaries to the Palo Alto Cloud NGFW along with access to your private encryption keys.
Bottom Line Impact:
Increased Compliance Risk
Palo Alto Network Cloud NGFW
Fails to Meet Key Cloud Security Needs
Need
PAN Cloud NGFW
Valtix
Need:
Visibility of Workloads and Cloud Services
PAN Cloud NGFW:
PAN’s strength in App ID is eliminated in the cloud where they have have almost zero awareness of cloud services and no integration with the cloud provider for workload context (dev, test, pci, etc)
Valtix:
Valtix provides continuous visibility and discovery of cloud workloads along with association with workload context from cloud tags. Valtix delivers IDs for 100s of cloud services.
Need:
Zero Trust Microsegmentation
PAN Cloud NGFW:
PAN security policies only support static policies using IP addresses. Zero trust requires dynamic context-specific policies, i.e. different policies for dev/test/prod or frontend/app-tier/backend or based on trust levels. IP addresses in public clouds are ephemeral, a static policy does not allow microsegmentation or zero trust.
Valtix:
Valtix delivers tag-based microsegmenation that leverages native cloud constructs to adapt seamlessly to change.
Need:
Protection of Cloud Workloads
PAN Cloud NGFW:
Given that most cloud workloads are ultimately web apps or APIs, a generic NGFW cannot truly protect web-facing assets. And adding a separate WAF means you deal with two different management consoles – security policies and logs. More importantly, by fragmenting WAF from the NGFW, you lose a 360 view of traffic flows inbound, inside your environment, and outbound.
Valtix:
Valtix delivers comprehensive web protection in the form of a WAF with single policy management and comprehensive traffic visibility across web, east-west traffic, and egress.
Need:
Cloud Friendly Pricing
PAN Cloud NGFW:
A simple cloud-friendly pricing model should include no more than 1 or 2 metrics. You want predictable pricing and clarity in the budgeting and purchase process. The Palo Alto Cloud NGFW includes multiple pricing components with additional upsells for what should be essential security features.
Valtix:
Valtix delivers consumption based pricing that is simple to estimate based on number of VPCs and desired architecture.