Prisma Access by Palo Alto Networks: Your Secure Gateway to a Connected World.

Prisma Access by Palo Alto Networks
Palo Alto Networks Prisma Access protects hybrid workforces with the superior security of ZTNA 2.0 while providing exceptional user experiences from a simple, unified security product. Purpose-built in the cloud to secure at cloud scale, Prisma Access delivers the industry’s only ZTNA 2.0 solution that protects all internet, SaaS, and private application traffic with best-in-class Cloud-Delivered Security Services and data protection to effectively reduce the attack surface. With a common policy framework and single-pane-of-glass management, Prisma Access secures today’s hybrid workforce without compromising performance, backed by industry-leading SLAs to ensure exceptional user experiences. Cloud based security offerings have emerged, but they can offer only inconsistent and incomplete protections as well as deliver poor performance and user experiences.

The Prisma Access Difference
Prisma Access enables organizations to securely connect all users to the internet, SaaS, and private applications they need, regardless of where they’re accessing them from or which device they are using, all while significantly reducing risk. It provides a cloud-native single product to secure hybrid enterprises and workforces, is made up of best-in-class security capabilities, optimizes the user experience with dynamic scalability, and guarantees maximum end-user performance. Prisma Access makes securing today’s hybrid workforces and cloud-first organizations easy by offering:
• The superior protection of ZTNA 2.0 that combines fine-grained, least-privileged access with deep and ongoing security inspection as well as enterprise DLP to protect all users, devices, apps, and data.
• A unified security product with comprehensive protections converged into a single unified product, single-pane-of-glass visibility, consistent policy management, and shared data for all users and all apps.
• The best user experiences from a truly cloud-native architecture built to secure at cloud scale, providing uncompromised performance—all backed by leading SLAs.

Prisma Access consolidates best-in-class security in a leading cloud-native security service edge (SSE) platform. When combined with Prisma SD-WAN, businesses are able to transform their networking and security with the most complete secure access service edge (SASE) solution in the industry.

Security-as-a-Service Layer
Prisma Access includes comprehensive security capabilities consolidated into a single SSE platform that delivers ZTNA 2.0 with the best user experience on a single unified platform.

Firewall as a Service
Prisma Access provides firewall-as-a-service (FWaaS) capabilities with the full functionality of Palo Alto Networks Next-Generation Firewalls (NGFWs). This includes inbound and outbound protection, native user authentication and access control, and Layer 3–7 single-pass inspection to secure branch offices against threats.

Cloud Secure Web Gateway
Prisma Access provides cloud secure web gateway (SWG) functionality to protect users from threats when accessing the internet and SaaS applications. Flexible connectivity options include proxy auto-configuration (PAC) files, agent, agentless, and IPsec tunnel/SD-WAN. Proxy-based connectivity through the single unified GlobalProtect app enables organizations with proxy architectures to benefit from ZTNA 2.0 while even coexisting with third-party VPN agents. IT teams can operationalize next-generation internet, SaaS, and application security that meets all proxy-based routing and compliance requirements.

Organizations can easily migrate from legacy on-premises web proxies or alternative cloud-based proxies with ease. Cloud SWG is natively integrated with Next-Generation CASB and supports all the web security protections Prisma Access offers, including Advanced Threat Prevention, Advanced WildFire, Advanced URL Filtering, DNS Security, and DLP. Also, remote browser isolation (RBI) is supported via integration with the Cloud-Blades architecture in Prisma Access.

Zero Trust Network Access 2.0
Prisma Access ZTNA 2.0 connects all users and all apps with fine-grained access controls, providing behavior-based continuous trust verification after users connect to dramatically reduce the attack surface. It secures all apps, all the time, including premises-based, internet-based, legacy, SaaS, and modern/cloud-native apps, with deep and ongoing security inspection to ensure all traffic is secure without compromising performance or user experience. What’s more, Prisma Access ZNTA 2.0 provides consistent visibility with a single DLP policy to secure both access and data across the entire enterprise.

Next-Generation Cloud Access Security Broker
Prisma Access natively provides the industry’s only Next-Generation CASB that automatically keeps pace with the SaaS explosion by combining powerful SaaS Security Posture Management (SSPM) capabilities, proactive visibility, real-time data protection including hard-to-detect secrets exchanged in collaboration apps, and best-in-class security. It delivers multimode functionalities via inline and API-based security for sanctioned and unsanctioned SaaS apps to help today’s cloud-first organizations:
• Detect and stop activity from compromised accounts and malicious insiders before any damage is done.
• Detect suspicious user activity that could indicate a compromised account or malicious insider.
• Go beyond standard compliance checks and get comprehensive protection from the industry’s first Security Posture Policy Engine.
• Eliminate the risk of compromise and data loss due to user misconfiguration.
• Resolve critical misconfigurations with a single click, dramatically reducing remediation time

Network-as-a-Service Layer

Prisma Access provides consistent, secure access to all applications—in the cloud, in your data center, or on the internet. Networking for Hybrid and Mobile Users Connect hybrid and mobile users with the GlobalProtect app, which supports user-based always-on,
pre-logon always-on, and on-demand connections. Prisma Access supports split tunneling based on access route and application types, including its associated risk and bandwidth utilization.

Networking for Remote Networks
Connect branch offices to Prisma Access over a standard IPsec VPN tunnel using common IPsec compatible devices, such as your existing branch router or software-defined wide area network (SD-WAN) appliance. You can use Border Gateway Protocol (BGP) or static routing from the branch, and you can use equal-cost multipath (ECMP) routing for faster performance and better redundancy across multiple links.

Autonomous Digital Experience Management
The Autonomous Digital Experience Management (ADEM) add-on for Prisma Access provides native end-to-end visibility for SASE. With ADEM, you gain segment-wise insights across the entire service delivery path, with real and synthetic traffic analysis that enables autonomous remediation—now including user self-service remediation with ADEM Self-Serve—of digital experience problems when they arise. The platform’s built-in AI-based incident detection, diagnostics, predictive analytics, and automated workflows empower IT teams to detect and resolve complex problems before they have a widespread impact. The complimentary Prisma Access Insights lets you monitor and get on-demand visibility into the health of your Prisma Access deployment.

Centralized Management
Prisma Access supports flexible management options:
• Prisma Access Cloud Management streamlines Prisma Access configuration management with seamless onboarding, including secure out-of-the-box configurations built on best practices, continuous assessment of security posture, digital experience monitoring, and reporting through a unified experience delivered from the cloud.
• Panorama network security management centralizes policy management across all Palo Alto Networks Next-Generation Firewalls and Prisma Access. Panorama saves time and reduces complexity by managing network security through a single pane of glass.