New Features - Strata Cloud Manager - January 2026

To streamline threat investigation and incident management, SaaS Security has introduced a new Filter by Policy capability within the Behavior Threats dashboard. This enhancement allows security administrators to quickly isolate specific types of risks by filtering the incident view based on the underlying detection policy.

With this update, you can now target high-priority behavioral anomalies such as abnormal location access, bulk data downloads, or suspicious uploads with a single click. By narrowing the focus to specific policy violations, security teams can significantly reduce noise, prioritize critical alerts, and accelerate response times for potential insider threats or account compromises.

This feature provides more granular control over how you view and assess threats, ensuring that your security operations center (SOC) can efficiently manage the complex landscape of SaaS application behavior. This capability is now available in the Behavior Threats monitoring view under the incident filters.

Managing fragmented performance data across multiple platforms complicates troubleshooting and slows response times for critical network incidents. To solve this visibility gap, the NGFW status monitoring feature in Strata Cloud Manager organizes critical device performance data in a clear, intuitive interface. When you transition from Panorama to Strata Cloud Manager, you benefit from a unified view of both NGFW and Prisma® Access infrastructure while maintaining access to familiar metrics for operational monitoring.

Device details, categorized by resource and traffic metrics, provide performance insights. Resource metrics indicate potential constraints, while traffic metrics offer comprehensive network visibility with interface statistics, tunnel metrics, throughput, latency, and packet drops. The network topology view displays connectivity to management systems, high-availability clusters, and log collectors. Additionally, session metrics display throughput, session counts, connection rates, and global session table utilization.

This improved organization of metrics makes reactive troubleshooting more efficient by helping you distinguish between device health issues and network behavior problems. When incidents occur, the interface links alerts directly to specific metrics with visual indicators on time series charts to correlate issues across multiple data points. You can quickly identify devices experiencing telemetry delays, certificate expiration issues, or critical incidents requiring immediate attention to maintain a robust security posture.