Palo Alto Networks Prisma Access
About the product
Palo Alto Networks Prisma Access is a comprehensive Secure Service Edge (SSE) platform that integrates advanced security features with cloud-based software-defined WAN technology (Prisma SD-WAN), delivering the Secure Access Service Edge (SASE) model. Prisma Access offers centralized protection for mobile users, remote branches, applications in the organization’s data centers and on the Internet through a global network of access points (PoPs), eliminating the need to deploy local security devices.
Prisma Access is managed from the Strata Cloud Manager cloud console, which is the central interface for security policy configuration, environment monitoring, and deployment automation. SCM enables the creation of consistent rules for all locations and user types.
Prisma Access as a Firewall-as-a-Service (FWaaS) moves security configurations to the cloud, offering traffic tunneling using the IPSec protocol. Service Connection, which connects customer data centers to the Prisma Access cloud, provides secure access to private customer applications, while Remote Networks offers connectivity to remote branches by moving communication security configurations to the Prisma Access edge. A global network of access points (PoPs) connects data centers, remote locations, and mobile users, optimizing traffic routes and minimizing communication delays.
Prisma Access offers a modern Zero Trust Network Access (ZTNA) approach through dynamic identity and context verification before granting access to applications. The solution’s architecture also includes a Secure Web Gateway (SWG) that blocks web threats in real time and a CASB (Cloud Access Security Broker) that monitors and controls access to SaaS applications, enforcing DLP (Data Loss Prevention) policies by masking sensitive data and blocking unauthorized transfers. FWaaS provides L3-L7 traffic filtering with features familiar to Palo Alto NGFW.
Access for mobile customers is provided by a dedicated Palo Alto GlobalProtect agent with communication encryption using IPSec/SSL protocols. In addition, the Prisma Access Browser is available with preventive features such as sensitive data masking, screen sharing blocking, clipboard blocking, and file upload blocking and restrictions.
Prisma Access uses the Autonomous Digital Experience Management (ADEM) tool to monitor user experience, analyzing latency, packet loss, and application performance.
Adventages of the solution
Global reach and scalability – Prisma Access is a cloud-based solution with multiple access points around the world, enabling secure connections regardless of user location (headquarters, branch office, mobile user, remote worker).
High level of security – offers advanced threat protection, including malware prevention, phishing prevention, URL filtering, SSL decryption, and precise App-ID-based policies.
Consistent protection for all users – policy centralization enables security policies to be standardized regardless of location or user type.
Reduced local hardware – simplifies configuration and reduces the number of network devices in company branches.
Flexible deployment – offers management via Panorama or SCM and scalability according to the needs of the organization.
End-to-end encryption – ensures secure encryption of data between mobile users, branches, and the data center.
Support for different connection types – supports IPSec connections, GlobalProtect VPN for mobile users, and the Prisma Access Browser for corporate users and external contractors, allowing flexible security for all types of traffic.
Centralized logging and analysis – centralizes log storage in the cloud (Strata Logging Service), facilitating analysis, reporting, and troubleshooting.
Benefits of Implementation
Increased network and data security – thanks to comprehensive protection against threats and consistent enforcement of security policies for all users, regardless of location.
Reduced IT costs – no need to invest in network and security hardware and maintenance, reducing operating and capital expenses.
Support for remote and mobile work – enables secure access to company resources from anywhere, including for external users using private devices, which is crucial in today's hybrid work model.
Scalability and flexibility – easily adapt solutions to changing organizational needs without having to expand your infrastructure.
Simplified security management – central management and visibility allow administrators to focus on protection.
Fast deployment and integration – seamless migration from existing solutions and integration with other Palo Alto Networks solutions.