Analyst & Field-Based Comparison

Security Vendor Comparison

An engineer's comparison of Palo Alto Networks against the field — built from Gartner Magic Quadrant 2024, Forrester Wave 2024, SE Labs test results, and real-world deployment experience across UK and global enterprises.

Next-Generation Firewall

Palo Alto Networks Strata vs Fortinet, Check Point & Cisco — Gartner MQ Network Firewalls 2024.

Palo Alto Networks — Gartner MQ Leader 2024
Highest completeness of vision; 12 consecutive Leader placements

Capability	Palo Alto Strata NGFW	Fortinet FortiGate	Check Point Quantum	Cisco Secure Firewall
Gartner MQ 2024 position	Leader — #1 Vision	Leader	Leader	Challenger
Single-pass parallel processing (SP3)		—	—	—
Native App-ID (app classification)	Best-in-class	Good	Good	Fair
Inline ML zero-day prevention		Partial	Partial	Partial
Cloud-delivered security services	Extensive (8+ CDSS)	Broad	Moderate	Moderate
SE Labs Enterprise Network Protection (2024)	AAA rated	AAA rated	AAA rated	AA rated
Unified policy (HW + VM + Container + Cloud)		Partial	Partial	Partial
AIOps / management intelligence	Strata Cloud Manager	FortiManager AI	Horizon AI	Limited
IoT Security (agentless)		Partial	Partial	—
Gartner Peer Insights rating (2024 avg)	4.7 / 5	4.6 / 5	4.6 / 5	4.4 / 5

Sources: Gartner Magic Quadrant for Network Firewalls 2024, SE Labs Enterprise Network Protection 2024, Gartner Peer Insights. Ratings represent independent analyst / tester assessments.

SSE / SASE — Security Service Edge

Palo Alto Networks Prisma Access vs Zscaler, Netskope & Fortinet — Gartner MQ SSE 2024 & Forrester Wave Zero Trust Edge 2023.

Palo Alto Networks — Gartner MQ SSE 2024 Leader
Named Leader alongside Zscaler & Netskope; highest vision score in 2024

Capability	Palo Alto Prisma Access	Zscaler ZIA / ZPA	Netskope	Fortinet FortiSASE
Gartner MQ SSE 2024 position	Leader	Leader	Leader	Challenger
ZTNA 2.0 (continuous trust verification)		ZTNA 1.0	ZTNA 1.0	ZTNA 1.0
Single-vendor SASE (SSE + native SD-WAN)		—	—
Full Layer-7 FWaaS		Partial	Partial
Inline + API-mode CASB			Best-in-class	Partial
Digital Experience Monitoring (DEM)	ADEM — built-in	ZDX — add-on	Partial	Partial
Consistent policy with on-prem NGFW		—	—
Enterprise Secure Browser	Prisma Access Browser	Partial	—	—
Gartner Peer Insights rating (2024 avg)	4.6 / 5	4.6 / 5	4.5 / 5	4.4 / 5

Sources: Gartner Magic Quadrant for Security Service Edge 2024, Forrester Zero Trust Edge Wave 2023, Gartner Peer Insights.

SOAR — Security Orchestration, Automation & Response

Cortex XSOAR vs Splunk SOAR, Microsoft Sentinel (Playbooks) & Tines — Forrester Wave SOAR 2023.

Cortex XSOAR — Forrester Wave SOAR Leader 2023
Highest score in current offering; 1,000+ marketplace integrations

Capability	Cortex XSOAR	Splunk SOAR	Microsoft Sentinel Playbooks	Tines
Forrester Wave SOAR 2023	Leader	Leader	N/A — Logic Apps	Strong Performer
Pre-built integrations / content packs	1,000+	350+	300+ connectors	Growing
Native Threat Intelligence Management		Partial	Partial	—
Collaborative incident War Room		Partial	—	—
Visual + Python playbook authoring			Logic Apps (low-code)	No-code
Unified with SIEM / XDR (XSIAM)		Splunk ES required	Sentinel native	—
Pricing model	User + automation	Workload-based	Azure consumption	Workflow-based

Sources: Forrester Wave for Security Orchestration, Automation and Response 2023. Microsoft Sentinel uses Logic Apps rather than a dedicated SOAR engine.

XSIAM / Next-Gen SIEM — AI-Driven SOC Platform

Cortex XSIAM vs Splunk, Microsoft Sentinel & CrowdStrike — Gartner MQ SIEM 2024.

Palo Alto Networks (XSIAM) — Gartner MQ SIEM 2024 Leader
XSIAM recognised as an autonomous SOC platform; highest vision score among dedicated SOC platforms

Capability	Cortex XSIAM	Splunk Enterprise Security	Microsoft Sentinel	CrowdStrike Falcon Next-Gen SIEM
Gartner MQ SIEM 2024 position	Leader	Leader	Leader	Challenger
Purpose-built autonomous AI SOC		Partial	Partial	Partial
Native XDR endpoint telemetry		Requires add-on	Defender add-on
Built-in SOAR automation		SOAR add-on (cost)	Logic Apps playbooks	Partial
Attack Surface Management	Cortex Xpanse	—	Defender EASM	Falcon Surface
Data ingestion pricing	Predictable — endpoint-based	Volume-based (costly at scale)	Pay-per-GB (variable)	Event-based
Mean time to detect (MTTD) reduction vs legacy SIEM	Up to 75% (PAN data)	Moderate improvement	Good with MS stack	Strong on endpoint
Gartner Peer Insights rating (2024 avg)	4.6 / 5	4.4 / 5	4.5 / 5	4.7 / 5

Sources: Gartner Magic Quadrant for SIEM 2024, Gartner Peer Insights. MTTD improvement figures from Palo Alto Networks commissioned ESG study — independent results may vary.

Full capability Partial Partial / add-on required — Not available / not applicable Comparisons reflect analyst reports, public documentation and deployment experience as of 2024–2025. Capabilities evolve — contact us for a current, environment-specific assessment.

Vendor Selection Guide

Which Vendor Is Right for You?

Answer these four questions to identify the platform best suited to your environment — based on field deployments and independent analyst data.

Full-Stack Enterprise Platform

Do you need one consistent security platform across HQ, branches, remote users and cloud?

Organisations running a mix of physical firewalls, cloud workloads and a hybrid workforce often accumulate disconnected tools — each with its own policy model, log format and management plane. That fragmentation creates blind spots, doubles your operational overhead and makes incident response slower.

Unified Cortex Data Lake — every Strata firewall, Prisma Access node and Cortex endpoint feeds the same telemetry store for correlated detection

Consistent App-ID policy — the same application classification engine runs across hardware, VM, container and cloud firewalls with no policy drift

Single management plane — Strata Cloud Manager and XSIAM give your ops and SOC teams one pane of glass, eliminating context switching

ZTNA 2.0 — continuous trust verification mid-session, not a one-time login gate that competitors still rely on

Our Recommendation

Palo Alto Networks

Strata NGFW + Prisma Access + Cortex XSIAM

The only vendor where all three security pillars are engineered to share a common data layer from day one — not stitched together through acquisitions.

Also consider: Fortinet if SD-WAN is the primary driver and budget is constrained. FortiSASE + FortiManager is a capable mid-market option at a lower total cost.

Talk to an Engineer →

Firewall Refresh

Are you replacing an ageing Cisco, Check Point or Fortinet firewall estate?

Legacy firewalls inspect ports and protocols. A hardware refresh is the moment to gain application-layer visibility, user-identity awareness and inline ML threat prevention — not just swap one appliance for another. The migration tooling available from the destination vendor matters as much as the hardware specs.

Expedition migration tool — automatically converts rulesets from Cisco ASA/FTD, Check Point and Fortinet, cutting migration effort by 60–80%

App-ID from day one — immediately identifies which applications are traversing your network, not just which ports are open

SP3 single-pass architecture — all inspection functions — including TLS decryption — run in a single pass so throughput is not halved by security features

12 consecutive Gartner Magic Quadrant Leader placements — the longest unbroken leadership run of any NGFW vendor

Our Recommendation

Palo Alto Networks Strata NGFW

PA-400 series for branch · PA-3400 / PA-5400 for data centre · Strata Cloud Manager for centralised policy

ENS handles the full migration lifecycle — from ruleset analysis and Expedition conversion through to cutover and post-migration tuning.

Also consider: Fortinet FortiGate for cost-constrained mid-market organisations with fewer than 500 seats and no immediate cloud-security requirement. FortiGate delivers strong NGFW value at a lower entry price.

Free Firewall Refresh Assessment →

Cloud-First / Hybrid Workforce

Is your workforce remote or hybrid, with most applications already in SaaS or cloud?

If you are decommissioning on-premise appliances, the answer is a Security Service Edge platform — not another hardware refresh. The differentiator between SSE vendors is how deeply they enforce Zero Trust and how consistently they apply policy across your remaining on-premise estate alongside the cloud.

ZTNA 2.0 continuous verification — access is revoked mid-session if device posture or user behaviour changes; Zscaler and Netskope still implement ZTNA 1.0

Autonomous DEM built-in — ADEM identifies whether a performance issue originates from the ISP, cloud provider or application, without a paid add-on

Single-vendor SASE — native Prisma SD-WAN delivers one contract, one support call and consistent policy from branch to remote user

Consistent on-prem and cloud policy — Prisma Access and Strata share the same App-ID engine; Zscaler has no on-premise firewall counterpart

Our Recommendation

Palo Alto Networks Prisma Access

SASE · ZTNA 2.0 · Add Prisma SD-WAN for full single-vendor SASE

The strongest choice when you need ZTNA 2.0, full FWaaS and consistent policy across a hybrid estate where on-premise Strata firewalls remain in place.

Also consider: Zscaler ZIA/ZPA for pure-play cloud organisations with no on-premise firewalls, a deep Microsoft 365 investment and no SD-WAN requirement. Zscaler's inline CASB and DLP are market-leading.

Discuss Your Cloud Security Plan →

SOC Modernisation

Is your SOC overwhelmed by alert volume, slow MTTR and unpredictable SIEM costs?

Most security operations centres are drowning in alerts generated by a legacy SIEM that was designed for compliance log retention, not autonomous detection and response. If your analysts spend more time triaging false positives than hunting threats, the problem is the tooling — not the team.

Purpose-built autonomous SOC platform — XSIAM was architected from scratch for AI-driven detection, not retrofitted from a log aggregator

Predictable endpoint-based pricing — your bill does not spike during a high-volume security incident, unlike Splunk's per-GB ingestion model

SOAR and TIM included — playbook automation and threat intelligence management are native to the platform, not a separate licence

Up to 75% MTTD reduction — AI-driven alert correlation reduces noise before it reaches an analyst desk, not after

Our Recommendation

Cortex XSIAM

SIEM · SOAR · TIM · Attack Surface Management — one platform, one predictable licence

The strongest fit for organisations that have outgrown their legacy SIEM and need to consolidate detection, automation and threat intelligence without volume-based billing surprises.

Also consider: Microsoft Sentinel if you are 100% Microsoft stack (Defender for Endpoint, Defender for Cloud, Azure workloads) — the native integration reduces deployment friction significantly. Splunk Enterprise Security for organisations that need deep custom SPL query capability and have existing Splunk expertise.

Book a SOC Modernisation Assessment →

Security Vendor Comparison

Next-Generation Firewall

SSE / SASE — Security Service Edge

SOAR — Security Orchestration, Automation & Response

XSIAM / Next-Gen SIEM — AI-Driven SOC Platform

Which Vendor Is Right for You?

Do you need one consistent security platform across HQ, branches, remote users and cloud?

Are you replacing an ageing Cisco, Check Point or Fortinet firewall estate?

Is your workforce remote or hybrid, with most applications already in SaaS or cloud?

Is your SOC overwhelmed by alert volume, slow MTTR and unpredictable SIEM costs?

Want a Comparison Mapped to Your Environment?