Please share with the community what you think needs improvement with Palo Alto Networks DNS Security.
What are its weaknesses? What would you like to see changed in a future version?
There should be an on-premise version of this solution. There are companies that have asked for a solution that is on-premise. The reason for this is some companies might want to have control of where their traffic is going. For example, banking companies do not want their DNS queries or any such traffic to be sent over the cloud, because the cloud can be inside India or anywhere. This is why they might want the solution to be on-premise to allow them to have full control of the security.
Every vendor that sells DNS or firewalls needs to be able to protect against DNS look-up attacks and DNS naming hacks. This is true of Palo Alto as well as others. The IDS and IPS should be built-in. With EDS and IDS, some are proud to have built-in IDS and IPS intrusion protection and intrusion detection as some vendors sell IDS and IPS separately. They shouldn't be separate. Instead of selling two products, it really should just be one.
We would like to have cloud-based management. I would like to see integration with Cisco Meraki so that they can work together on DNS issues.
We all know it's really hard to get good pricing and cost information.
Please share what you can so you can help your peers.
Let the community know what you think. Share your opinions now!