With App-ID Cloud Engine (ACE), which powers our SaaS Security Inline subscription, you can now dramatically increase visibility and control of over 15,000 SaaS applications and their corresponding functions. Applications identified through ACE integrate seamlessly with Policy Optimizer to streamline incorporation of these new applications with the strongest possible security posture. New applications become available in PAN-OS as ACE defines them, with no need to wait for App-ID signature development. New ACE applications don’t break existing policy because the Security policy rules that previously controlled the applications continue to control them until you use ACE App-IDs in Security policy.

SaaS Policy Recommendation works with next-generation firewalls that have a SaaS Security Inline subscription to provide SaaS visibility and security controls that prevent data security risks of unsanctioned SaaS app traffic traversing your network. With SaaS policy rule recommendations authored by the SaaS administrator and imported as policy rules by the firewall administrator, SaaS Policy Recommendation facilitates a seamless SaaS security workflow throughout your organization for improved security posture.