We changed our name from IT Central Station: Here's why

What needs improvement with Palo Alto Networks DNS Security?

Please share with the community what you think needs improvement with Palo Alto Networks DNS Security.

What are its weaknesses? What would you like to see changed in a future version?

ITCS user
44 Answers

author avatar
Top 20Real User

I'm not really sure what needs improvement. The only hiccup I've really seen is a couple of the DNS requests get flagged as the Sophos traffic instead of DNS traffic, but that's more of their app detection in the DNS Security. I haven't really seen any issues with the DNS security.

author avatar
Top 5LeaderboardReseller

There should be an on-premise version of this solution. There are companies that have asked for a solution that is on-premise. The reason for this is some companies might want to have control of where their traffic is going. For example, banking companies do not want their DNS queries or any such traffic to be sent over the cloud, because the cloud can be inside India or anywhere. This is why they might want the solution to be on-premise to allow them to have full control of the security.

author avatar
Top 5Real User

Every vendor that sells DNS or firewalls needs to be able to protect against DNS look-up attacks and DNS naming hacks. This is true of Palo Alto as well as others. The IDS and IPS should be built-in. With EDS and IDS, some are proud to have built-in IDS and IPS intrusion protection and intrusion detection as some vendors sell IDS and IPS separately. They shouldn't be separate. Instead of selling two products, it really should just be one.

author avatar
Top 5LeaderboardReal User

We would like to have cloud-based management. I would like to see integration with Cisco Meraki so that they can work together on DNS issues.

Learn what your peers think about Palo Alto Networks DNS Security. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
563,148 professionals have used our research since 2012.