Manage your organization’s shadow IT risks, secure SaaS applications from cloud
threats, and ensuee compliance across all SaaS applications.
Where Can I Use
What Do I Need?
Strata Cloud Manager
Either one of these licenses:
AIOps for NGFW Premium
With this license:
Identify cloud-based threats and risky user activity in sanctioned and unsanctioned
apps with SaaS Security Inline.
SaaS Security Inline is built-in to Cloud
Managed Prisma Access to give you a centralized view of network and CASB security.
It offers SaaS visibility—which includes advanced analytics and reporting—so that your organization has
the insights to understand the data security risks of sanctioned and unsanctioned
SaaS application usage on your network.
Cloud Access Security Broker (CASB) bundle includes Saas Security Inline, Enterprise
Data Loss Prevention (DLP) Inline, SaaS Security API, Data Loss Prevention (DLP)
API, and SaaS Security Posture Management (SSPM).
The Next-Generation Cloud Access Security Broker (CASB-X)
license contains all the CASB components such as SaaS Security Inline, SaaS Security
API, SaaS Security Posture Management (SSPM), and Enterprise DLP. It can be applied
on Cloud-Managed Prisma Access, Panorama Managed Prisma Access, and Panorama-Managed
Next Generation Firewall (NGFW) devices in a single tenant environment.
After activation, SaaS Security Inline automatically discovers all SaaS
applications and users and analyzes users’ SaaS activity and usage data
from your Prisma Access logs that are stored in Cortex Data Lake.
Review and manage administrator roles and access.
Identity and Access
to provide role-based access to SaaS Security controls in Prisma Access
To comprehensively manage SaaS Security, users must also be an
administrator for the SaaS Security Inline app. Jump directly from
the Prisma Access Cloud Management dashboard to the
SaaS Security Inline includes a SaaS Security report that provides a
snapshot of application usage with advanced aggregated data and views.
This report serves as a communication tool between your SaaS security
team and executive management. You can share this on-demand PDF report
with your SaaS security team for a periodic check-in, or email the
report to your executives to highlight the SaaS applications in use in
your organization and the security risks they pose.
To gain visibility into and control of SaaS applications, SaaS Security admins
create SaaS rule recommendations with specific SaaS App-IDs provided by the
App-ID Cloud Engine (ACE).
In Prisma Access Cloud Management, you can now review and choose to accept the
rules that SaaS Security admins recommend. SaaS rule recommendations are added
to your web access policy—you must have Web Security enabled to leverage SaaS