App-ID Features
Learn about the new App-ID™ features in PAN-OS® 8.1.
New App-ID Feature | Description |
---|---|
SaaS Application Hosting Characteristics | By leveraging the enhanced SaaS Application Hosting Characteristics in
App-ID ™ , you can now identify and control SaaS applications
that could pose a risk to your organization due to unfavorable hosting
characteristics. To help you understand the enterprise readiness
of a SaaS application, five new characteristics have been added:
certifications achieved, past data breaches, support for IP-based
access restrictions, financial viability, and terms of service. Using
these characteristics, you can identify and explore the extent of high
risk application usage from the Application Command Center (ACC). The
SaaS Application Usage report is also enhanced to incorporate this context
with a summary page covering risky SaaS applications and highlights
the characteristics on the detailed pages. For a more tailored view,
you can use the characteristics when building custom reports. Armed
with the usage and the detailed risk profile, you can make informed
decisions about which SaaS applications should be allowed in your
environment and create policy to enforce this. |
Simplified App-ID | Palo Alto Networks releases
new App-IDs on a monthly basis that your security policy can begin
to enforce without any additional configuration. While this enables
the firewall to dynamically control application traffic with ever-increasing
precision, it can also impact the availability of the mission-critical
applications on which your organization relies. Together,
these new App-ID features enable
you to equip the firewall with the latest application knowledge
and ensure availability for mission-critical applications at the
same time. Plus, they make it easier to move to and maintain an
application-based security policy:
|
SaaS Application Access Control
using HTTP Header Insertion | Unsanctioned usage of SaaS
applications can be a way for your users to transmit sensitive information
outside of your network. This kind of SaaS usage usually means that
the user is accessing a consumer-version of the application. At
the same time, you may have found that usage of the enterprise-version
of these applications by specific individuals or organizations is
both desirable and necessary. You can now disallow SaaS consumer
accounts while allowing usage of a specific enterprise account by managing HTTP header information. Many
SaaS applications allow or disallow application access based on
information contained on specific HTTP headers. This feature provides
predefined header insertion rules for popular SaaS application such
as G Suite and Microsoft Office 365. You can also create your own
custom header insertion rules for SaaS applications for which predefined
header insertion rules have not been provided by Palo Alto Networks,
but that also use HTTP headers to limit service access. |
Easy Custom Timeouts for Applications and Services | You want to migrate from your legacy firewall
to a Palo Alto Networks next generation firewall so that you can
safely and comprehensively enable the applications you need to do
business, but you also need to maintain any custom timeouts configured
for your mission-critical applications. Now, you can custom timeouts for legacy applications in
two quick and easy steps, where previously to maintain custom timeouts
during the move to an application-based policy, you might have overridden
App-ID (losing application visibility) or created a custom App-ID
(expending a lot of time and research). |
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.