Prisma Access

Prisma Access

• rnThe hybrid workforce and direct-to-app architectures have rendered legacy securityrnarchitectures obsolete while dramatically increasing our attack surface. Cloud-basedrnsecurity offerings have emerged, but others can offer only inconsistent and incompleternprotections as well as deliver poor performance and user experiences.rn
• Palo Alto Networks Prisma® Access protects hybrid workforces with the superiorrnsecurity of ZTNA while providing exceptional user experiences from a simple, unifiedrnsecurity product. Purpose-built in the cloud to secure at cloud scale, Prisma Accessrndelivers the industry’s only ZTNA solution that protects all internet, SaaS, and privaternapplication traffic with best-in-class Cloud-Delivered Security Services and datarnprotection to effectively reduce the attack surface. With a common policy frameworkrnand single-pane-of-glass management, Prisma Access secures today’s hybridrnworkforce without compromising performance, backed by industry-leading SLAs tornensure exceptional user experiences.

The Prisma Access Difference

• Prisma Access enables organizations to securely connect all users to the internet, SaaS, and private applications they  need, regardless of where they’re accessing them from or which device they are using, all while significantly reducing risk. It provides a cloud-native single product to secure hybrid enterprises and workforces, is made up of best-in-class security capabilities, optimizes the user experience with dynamic scalability, and guarantees maximum end-user performance. Prisma Access makes securing today’s hybrid workforces and cloud-first organizations easy by offering:

The superior protection of ZTNA

• That combines fine-grained, least-privileged access with deep and ongoing security inspection as well as enterprise DLP to protect all users, devices, apps, and data.

A unified security product

• With comprehensive protections converged into a single unifiedproduct, single-pane-of-glass visibility, consistent policy management, and shared data for allusers and all apps.

The best user experiences

• From a truly cloud-native architecture built to secure at cloud scale, providing uncompromised performance—all backed by leading SLAs. Prisma Access consolidates best-in-class security in a leading cloud-native security service edge (SSE) platform. When combined with Prisma SD-WAN, businesses are able to transform their networking and security with the most complete secure access service edge (SASE) solution in the industry.

Security-as-a-Service Layer

• Prisma Access includes comprehensive security capabilities consolidated into a single SSE platform that delivers ZTNA with the best user experience on a single unified platform.

Firewall as a Service

• Prisma Access provides firewall-as-a-service (FWaaS) capabilities with the full functionality of Palo Alto Networks Next-Generation Firewalls (NGFWs). This includes inbound and outbound protection, native user authentication and access control, and Layer 3–7 single-pass inspection to secure branch offices against threats.

Cloud Secure Web Gateway

• Prisma Access provides cloud secure web gateway (SWG) functionality to protect users from threats when accessing the internet and SaaS applications. Flexible connectivity options include proxy auto-configuration (PAC) files, agent, agentless, and IPsec tunnel/SD-WAN. Proxy-based connectivity through the single unified Global Protect® app enables organizations with proxy architectures to benefit from ZTNA while even coexisting with third-party VPN agents. IT teams can operationalize next generation internet, SaaS, and application security that meets all proxy-based routing and compliance requirements. Organizations can easily migrate from legacy on-premises web proxies or alternative  cloud-based proxies with ease.
• Cloud SWG is natively integrated with Next-Generation CASB and supports all the web security protections Prisma Access offers, including Advanced Threat Prevention, Advanced Wild Fire®, Advanced URL Filtering, DNS Security, and DLP. Also, remote browser isolation (RBI) is supported via integration with the Cloud Blades architecture in Prisma Access.

Zero Trust Network Access

• Prisma Access ZTNA connects all users and all apps with fine-grained access controls, providing behavior-based continuous trust verification after users connect to dramatically reduce the attack surface. It secures all apps, all the time, including premises-based, internet-based, legacy, SaaS, and modern/cloud-native apps, with deep and ongoing security inspection to ensure all traffic is secure without compromising performance or user experience. What’s more, Prisma Access ZTNA provides consistent visibility with a single DLP policy to secure both access and data across the entire enterprise.

Next-Generation Cloud Access Security Broker

• Prisma Access natively provides the industry’s only Next-Generation CASB that automatically keeps pace with the SaaS explosion by combining powerful SaaS Security Posture Management (SSPM) capabilities, proactive visibility, real-time data protection including hard-to-detect secrets exchanged in collaboration apps, and best-in-class security. It delivers multimode functionalities via inline and API-based security for sanctioned and unsanctioned SaaS apps to help today’s cloud-first organizations:
• Detect and stop activity from compromised accounts and malicious insiders before any damage is done.
• Detect suspicious user activity that could indicate a compromised account or malicious insider.
• Go beyond standard compliance checks and get comprehensive protection from the industry’s first Security Posture Policy Engine.
• Eliminate the risk of compromise and data loss due to user misconfiguration.
• Resolve critical misconfigurations with a single click, dramatically reducing remediation time.

Network-as-a-Service Layer

• Prisma Access provides consistent, secure access to all applications—in the cloud, in your data center, or on the internet.

Networking for Hybrid and Mobile Users with Managed and Unmanaged Devices

• Connect hybrid and mobile users with the GlobalProtect app, which supports user-based always-on, pre-logon always-on, and on-demand connections. Prisma Access supports split tunneling based on access route and application types, including its associated risk and bandwidth utilization.
• Prisma Access also extends these capabilities to the industry’s first integrated browser, offering ZTNA, AI-powered threat prevention for unmanaged devices, and browser-based DLP into a single solution, reducing complexity and enhancing protection across all user activities and data exchanges.

Networking for Remote Networks

• Connect branch offices to Prisma Access over a standard IPsec VPN tunnel using common IPsec compatible devices, such as your existing branch router or software-defined wide area network (SDWAN) appliance. You can use Border Gateway Protocol (BGP) or static routing from the branch, and you can use equal-cost multi-path (ECMP) routing for faster performance and better redundancy across multiple links.

Centralized Management

 Prisma Access Cloud Management streamlines Prisma Access configuration management

• With seamless onboarding, including secure out-of-the-box configurations built on best practices, continuous assessment of security posture, digital experience monitoring, and reporting through a unified experience delivered from the cloud.

Panorama network security management centralizes policy management across all Palo Alto

• Networks Next-Generation Firewalls and Prisma Access. Panorama® saves time and reduces complexity by managing network security through a single pane of glass.

Prisma Access for Users

Locations

•  100+ in 87 countries (Global Protect) 
• 25 locations (explicit proxy) 

Connection Type

• Global Protect app IPsec/SSL/Explicit Proxy
• Global Protect Clientless VPN
• Explicit proxy

Global Protect App Platform Support

• Apple iOS
• Apple macOS
• Google Android
•  Android App for Chromebook
•  CentOS Linux
•  Red Hat Enterprise Linux
•  Ubuntu
•  Windows 10 and UWP