Phishing websites are fraudulent sites designed to steal user credentials and gain access to your network. To defend against these attacks, it's critical to prevent the submission of corporate credentials to unsanctioned sites. Prisma® Access 4.2 introduces credential phishing prevention for Panorama® managed and Cloud managed deployments, helping you secure remote networks.

You can restrict where users submit corporate credentials by specifying the action taken (alert, allow, block, or continue) when Prisma Access detects submissions to specific URL categories. The continue action, for example, presents a response page that warns users about potential account compromise and requires them to acknowledge this risk before they can proceed to the requested site.

Credential phishing prevention works by scanning username and password submissions for valid corporate credentials using your chosen credential detection method. While some methods focus only on usernames, the domain credential filter method validates both usernames and passwords against a directory server. Each detection method varies in detection ability and requires a different User-ID™ configuration. When Prisma Access detects a valid corporate credential submission, it enforces the appropriate Security policy rule.