Secure Cloud Apps
The Palo Alto Networks Aperture service allows you to consistently define and enforce policy for securing data across all of your sanctioned software as a service (SaaS). Although each SaaS application has its own settings to secure how users can store and share data, the settings and levels of enforcement vary by application. By adding your SaaS applications to the Aperture service, you have visibility into and control over how your users are accessing and sharing data across all of your sanctioned SaaS applications.
When the Aperture service first connects to a SaaS application, it scans all the assets in the application and matches against the policy rules to retroactively uncover incidents and then displays all active incidents on the Dashboard. To maximize the results from this initial discovery process, configure the global scan settings for policy, examine your corporate acceptable use policy for SaaS applications, and review the default policy rules in the Aperture service before you start the scan.
Configure the Aperture service to control unmanaged device access to your sanctioned SaaS applications by redirecting traffic through your next generation firewall. Utilizing your existing corporate Identity Provider, add Aperture and SaaS application integration to authenticate requests and grant access to users using Aperture as SAML proxy.
Additionally, you can use Aperture to connect to your Cortex Data Lake to access your next-generation firewall or GlobalProtect Cloud Service logs to present a holistic view of sanctioned and unsanctioned SaaS application usage. This SaaS visibility on Aperture allows you granular control over SaaS access, unsanctioned application usage, and external exposure of data.
While the Aperture service performs deep content inspection, it does not store any data from your monitored SaaS applications. It stores only metadata about your assets, which is data about your data.
- Supported SaaS Applications
- Add Cloud Apps to the Aperture Service
- Add Unsanctioned Device Access Control to Aperture
- Monitor Scan Results on the Dashboard
- SaaS Application Visibility on Aperture
- Use Faceted Search to Filter Assets
- Use Advanced Search and Use Advanced Search Expressions
- Reauthenticate to a Cloud App
- Stop Scanning a Managed Cloud App
- Rescan a Managed Cloud App
SaaS Application Visibility on Aperture
Use SaaS application visibility on Aperture to gain better security control and awareness of the sanctioned and unsanctioned usage and traffic on your network. ...
New Features Introduced in March 2019
Learn about the new Aperture features launched in March 2019. ...
Add Unsanctioned Device Access Control to Aperture
Use the next generation firewall to control unsanctioned device access by configuring Aperture as a SAML proxy. ...
Extend Aperture SaaS Visibility to Cortex Data Lake
Connect the Aperture service to retrieve logs from your Cortex Data Lake to compile a combined view of unsanctioned and sanctioned SaaS application usage. ...
Get Started with Aperture
Get started using Aperture to analyze your data in SaaS applications and proactively detect issues such as data exposure or compliance policy violations. ...
New Features Introduced in June 2018
New Features Introduced in June 2018 The following table provides a snapshot of new features introduced for Aperture™ in June 2018. Refer to the Aperture ...
Aperture service focuses on Content Security, User Activity Monitoring, Security Configuration Controls and Third-Party App Integrations. ...
Aperture Policy Aperture policy gives you the controls to manage assets, user activity, third-party apps and security controls across the different cloud SaaS and IaaS ...
View SaaS Application Usage on Aperture
Use the SaaS visibility dashboard on Aperture to explore details about application data and network traffic populated from the Cortex Data Lake. ...