Prisma Access Browser
Manage Prisma Access Browser Security Rules
Table of Contents
Expand All
|
Collapse All
Prisma Access Browser Docs
Manage Prisma Access Browser Security Rules
Prisma Access Browser
Security RulesLearn how to manage security rules for
Prisma Access Secure Enterprise Browser
(Prisma Access Browser
).Where Can I Use This? | What Do I Need? |
---|---|
|
|
Browser Security Rules allow you to design a strong and secure browser environment.
Using the different controls, you can consider many potential security issues in
determining the security posture. This will make sure that the enforcement can be
done in a very effective manner.
To view the rules:
- FromStrata Cloud Manager, select.ManageConfigurationPrisma Access BrowserPolicyRules
- Select theBrowser Securitytab.The Browser Security list displays the following information for each rule:The information displays changes based on the rule type selected.
- Priority- The order in which the Rules are enforced. Once a Rule is matched, the Browser stops looking for another match.
- Select thecog iconto the left of Change priorities to modify which of the following fields you want to display.
- SelectChange prioritiesto reorder the rules in the list. The rules are processed in order, and once a rule is matched, the processing stops.
- Name- The name of the Rule.
- Scope- The Users and User groups included in the Rule.
- Browser Security controls- The Browser security controls used as part of the Rule. If the Rule uses a profile, the name of the profile is highlighted in the display.
- Updated- The date and name of the person who made the most recent update. Hover over the entry to see the full timestamp.
Search and Filter
You can search and filter for specific rules.
- FromStrata Cloud Manager, select.ManageConfigurationPrisma Access BrowserPolicyRules
- Select theBrowser Securitytab.
- Searchfor rules by the description.
- Filter on rules based on specific criteria:
- Users– The Users and User Groups that are included in a Rule.
- Device group- The Device groups that are included in a Rule.
- Controls- The browser security controls that are used in the Rule.
- Mode(available inAdd Filter) - The filter can include the following options:
- Active- Rules that are active and are used by the Policy Engine.
- Disabled– Inactive Rules are skipped by the Policy Engine.
- Profile- If the Rule uses External Controls (Profiles) as part of the Policy Rules, then you can use this filter to assist the search.
Create New Browser Security Rules
Adding a new Browser Security Rule can be done
easily with an understanding of how the Rule will be used and enforced. Each
Rule needs to be planned very carefully, taking into consideration the way that
each element will be configured. This will make sure that the enforcement can be
done effectively. These controls make sure that the actual Prisma Access browser
and the peripherals are protected.
The rule parameters allow you
to have full control over the entire policy.
Next:
button at
the bottom of the page.- FromStrata Cloud Manager, select.ManageConfigurationPrisma Access BrowserPolicyRules
- Select theBrowser Securitytab and+ Add Rule.
- Enter aNamefor the rule.
- Select theMode.
- Monitoring- Rules that only write an entry to the Events Log. A Rule set to monitoring can be used for testing new rules.
- Active- Rules that are active and are used by the Policy Engine. This is the default action.
- Disabled– These are inactive Rules that are skipped by the Policy Engine.
- SelectNext: Scope.
- On the Scope page, enter the following information:
- Users/User Groups- Select the Users and User Groups that will be covered by the Rule. It is possible to select multiple Users and User Groups. The default isAny user.
- Networks- Enter a Public IP address with a subnet, if needed, or a CIDR andAdd.
- Location– If the rule needs to be restricted by geolocation, select the location from the list.
- SelectNext: Browser Security controls.
- On the Browser Security controls page, select the controls that are used in the rule. It can contain multiple controls. For information on configuring the individual controls, configure browser security controls:
- Browser Session
- Browser Hardening
- Network Protection
- Extensions
- Internet Explorer Compatibility Mode
- Printers
- Privacy
- Browser Session
- Anti-Exploitation (Attack Surface Reduction)
- The Rule can include Profile configurations that can be configured outside of the Rule. SelectSaved profilesto select a preconfigured profile in place of the Data controls.
- Save.
Configure External Controls
Inline profiles should be configured within the Rules in the
Controls sections. This allows you to create specialized rules containing
different combinations and configurations of controls.
The Profiles feature is used
when you want to use legacy profiles and add them to the rules.
Rules can contain either inline data controls or external controls.
The Controls for the
Prisma Access Browser
rules are configured
internally, within the body of the individual rule. This means that each rule
contains its own unique set of controls. There are some use cases when you might want to create multiple rules
using the same list of controls. To accomplish this task,
Prisma Access Browser
has
a mechanism to create external controls that are not built into a rule but exist
separately. Each control defines a particular use case containing configurations
for the Policy control types.- ManageConfigurationPrisma Access BrowserRulesBrowser Security
- Add rule.
- Browser Security controlsThese controls block users and malicious actors from exploiting the information and accessing the data. For information on configuring the individual controls, configure browser security controls:
- Browser Session
- Browser Hardening
- Network Protection
- Extensions
- Internet Explorer Compatibility Mode
- Printers
- Privacy
- Anti-Exploitation (Attack Surface Reduction)