| App-ID | Continuously classifies all applications regardless of port,
TLS/SSL encryption, or technique used by an attacker to evade detection.
Unlike legacy solutions that depend on Layers 3 and 4 as the first layers of
control before application classification is applied, Prisma Access applies
App-ID along with other Layer 7 controls, such as User-ID. |
| User-ID | Integrates with a wide range of user identity repositories so
that your policies follow your users and groups regardless of their
location. |
| SSL Decryption | Inspects and applies policy to TLS/SSL-encrypted traffic. For
privacy and regulatory compliance, you can enable or disable decryption
flexibly based on URL, source, destination, user, user group, and
port. |
| AI/ML-Based Detection | Delivers inline, signatureless attack detection and zero-day
exploit prevention. Prisma Access adapts and provides instantaneous
real-time protection vs. scheduled updates. It prevents up to 95% of unknown
threats instantly, with less than 10-second signature delivery, resulting in
a 99.5% reduction in infected systems. |
| DNS Security | Applies real-time protections and inline machine learning to
disrupt C2 callback and other attacks that use DNS. Natively integrated into
Prisma Access, Advanced DNS Security provides automated protections,
preventing attackers from bypassing security measures, and eliminates the
need for independent tools or changes to DNS routing. |
| Advanced URL Filtering | Superior protection against web-based threats, such as
phishing, malware, and C2, that combines powerful database protections with
an ML-powered web security engine that categorizes and blocks new malicious
URLs in real time. Industry-leading phishing protection tackles the most
common causes of breaches, letting you take back control of your web traffic
through fine-grained controls and policy settings that automate security
actions based on users, risk ratings, and content categories. |
|
Advanced Threat Prevention
| Stop zero-day threats, known exploits, malware, spyware, and
malicious command and control (C2) with industry-leading threat prevention.
Prevent 60% more unknown injection attacks and 48% more highly evasive C2
traffic than traditional intrusion prevention systems. |
|
Advanced WildFire
| Ensure files are safe by automatically preventing known,
unknown, and highly evasive malware 60X faster with the industry’s largest
threat intelligence and malware prevention engine. |
| NG-CASB* | Gain proactive SaaS visibility, protection against
misconfigurations, and real-time data protection for best-in-class SaaS
security. |
| Data Loss Prevention (DLP)* | Includes a set of tools and processes that allow you to protect
sensitive information against unauthorized access, misuse, extraction, or
sharing. DLP on Prisma Access enables you to enforce data security policies
and prevent the loss of sensitive data across mobile users and remote
networks. |
| Remote Browser Isolation Support | Through CloudBlades, integrates with third-party RBI clouds by
leveraging existing NGFW URL categorization and URL rewrite features to
forward select/all internet-bound traffic to the RBI cloud. This capability
provides a seamless user experience while forwarding certain traffic
(unknown or high-risk categories) to RBI for additional inspection while the
remaining traffic can be inspected by Prisma Access and egress directly to
the internet. |
|
Reporting
| Includes, as a standard, a detailed, customizable SaaS
application usage report that provides insight into all SaaS
traffic—sanctioned and unsanctioned—on your network. You can also create
custom reports based on your needs and easily schedule, download, and share
them with others in your organization. |
|
User Authentication
| Supports all existing PAN-OS authentication methods, including
Kerberos, RADIUS, SAML, LDAP, client certificates, and a local user
database. With PAC only, supports Kerberos and SAML. |
| Site-to-Site IPsec VPN | Supports site-to-site tunnels over IPv4 and IKEv1/IKEv2 to
ensure compatibility. For multiple connection sites, ECMP routing can
provide additional redundancy and cost efficiency by balancing sessions over
available internet connections. |
| Logging | Shows overall traffic, application, user, threat, URL, and data
filter logging to facilitate organization of data via the cloud-based Strata Logging Service. |
| Forwarding Profiles | Enables the use of multiple PAC files for different user groups or
systems. Also supports the creation of forwarding rules for defining the
direction of web traffic to provide a simpler alternative to creating
and maintaining a PAC file. |
