Q4: What can Prisma Browser Beyond do?
A: Prisma Browser Beyond V1 provides:
- Desktop Application Catalog - Browse and manage all applications
across your organization.
- Real-time Application Visibility - Logs and analytics of every
application launch.
- Access Control Policies - Block/allow rules for desktop
applications (file-sharing apps, unauthorized AI tools, etc).
- Single Browser Enforcement - Block consumer browsers, making Prisma
Browser the only browser on the device.
Q5: Does PBY do encryption?
A: No. Prisma Browser Beyond does not encrypt files. It tags files and blocks
access to them for unsanctioned applications. It prevents protected files from
leaving the secure perimeter (no USB, Bluetooth, shared folders, etc.).
Q6: Is PBY content-based or context-based?
A: Currently, Prisma Browser Beyond is context-based only. It does not perform
content inspection. For example, blocking a file upload to WhatsApp is based on
context (whether WhatsApp is in your sanctioned application list), not on the
content of the file. Content inspection is on the roadmap for a future release.
Q7: Does PBY support printing control?
A: This is under evaluation. Printing control is a known use case (especially for
healthcare and regulated industries), but it is not currently implemented in.
Q8: Can PBY block other browsers?
A: Yes. Prisma Browser Beyond can enforce "single browser" policies, blocking
consumer browsers and making Prisma Browser the only browser allowed on the
device. To do this, create a "Block Access" policy and select the Consumer
Browsers out-of-the-box application group.
Q9: Can you create custom application groups?
A: Yes. In addition to the out-of-the-box application groups (e.g., Consumer
Browsers), you can create custom groups from any applications in the catalog.
These groups can then be used in access control policies just like built-in
groups.
Q10: What does the end user see when an application is blocked?
A: The end user receives a Windows toast notification informing them that a
restricted application was blocked by their company policy. Notifications will
not appear if the user is in Do Not Disturb mode, sharing their screen, or has
disabled this notification type on their device
Admins can configure a GPO policy to prevent end users from
disabling or dismissing Prisma Browser Beyond notifications, ensuring the
block message always reaches the user.
Q11: Are application events available for SIEM or compliance export?
A: Yes. Prisma Browser Beyond events - including every application launch, block,
and policy evaluation - are available for export in the same way as all other
Prisma Browser events, and can be forwarded to your SIEM for compliance and
security investigations.