Hopefully the title will generate some interest and feedback! To keep this brief, im happy with the effectiveness of the P.A IPS, NSS labs test results proved this and well done PA, it appears to be world class. The effectiveness of the P.A antivirus / spyware engine is however another kettle of fish. Here i struggle to see the malware protection being anywhere near as effective. To lay some foundation to my observation, our endpoint antimalware solution provides us near real-time alerts of probable virus infection. When researching its obvious the traffic originated from the Internet, usually HTTP 🙂 and yes we are doing SSL decrypt with threat prevention inspection. My experience, based on endpoint alerts, is the firewall is missing more malware than i would have expected. Ps, our endpoint solution has a low false positive detection rate to clarify. I believe the paloalto A.M solution is proprietary, that they gather signatures from similar providers such as Sophos/Mcafee (supposedly comparable to clamav ?), that antimalware inspection includes HTTP/Javascript with PDF available in PANOS 4.0.1. Thing is, its not proving very effective right now. So having made this observation, my question now is... does P.A have any reports we can see to view its malware engine effectiveness to say that of Sophos? what's other P.A end users experiences?. It could just be me after all 🙂 and if my observations prove true...what can we expect to see ( from an antimalware perspective) to improve what’s an overall great product. thank you!
... View more