Enhanced Anti-Tamper Protection for Prisma Access Agent
Focus
Focus
What's New in the NetSec Platform

Enhanced Anti-Tamper Protection for Prisma Access Agent

Table of Contents

Enhanced Anti-Tamper Protection for Prisma Access Agent

Improve agent security by providing granular control over Prisma Access Agent protection with unique one-time passwords, emergency access options, and comprehensive audit logging.
Enhanced anti-tamper protection for Prisma Access Agent extends the current anti-tamper protection implementation by introducing a secure and flexible approach to protecting agent services, processes, files, and registries from unauthorized tampering. The enhanced anti-tamper protection provides unique one-time passwords (OTPs) and more granular configuration where you can configure privileged access tokens per user and user group, enabling more granular control over who can modify the agent and when.
Enhanced anti-tamper protection supports the following use cases:
  • Granular anti-tamper protection—Gives you the flexibility to configure anti-tamper settings (also called privileged access protection settings) at a per-user or per-user group level.
  • Selective protection for operational teams—Temporarily disable privileged access protection for certain users or user groups who need the ability to modify files and folders, such as DevOps users, while maintaining anti-tamper protection for the rest of your users and user groups.
  • Streamlined bulk operations—Allow certain users to perform batch operations such as installing Prisma Access Agent on endpoints for specific users or user groups.
  • Offline access continuity—For emergency situations, such as when a device loses network connectivity, an emergency Privileged Access Token allows authorized users to perform necessary maintenance.
  • User-initiated troubleshooting—Provides time-bound access for problem resolution by providing time-limited Privileged Access OTPs for specific troubleshooting scenarios. This enables self-service problem resolutions while maintaining security controls.
The enhanced anti-tamper protection introduces several types of access passwords to address different scenarios. The Privileged Access Token serves as an emergency override solution for critical situations, such as when a device loses network connectivity. The Privileged Access OTP enables end users to execute any privileged command for troubleshooting. Specific operation OTPs are also available for targeted actions like disabling or uninstalling the agent. You can configure the duration for which protection remains disabled after using these tokens, with values ranging from 30-480 minutes.
Role-based access control (RBAC) ensures that only authorized administrators, such as superusers or security administrators, can access the Privileged Access Token. Any administrator who has access to the Inventory page can view and copy OTPs. All OTPs are automatically refreshed after one-time usage and are never stored on the endpoint, maintaining a secure environment even if a device is compromised.