Prisma Access
Prisma Access makes it easy for you to enable consistent,
secure access to the internet, as well as to your sanctioned SaaS
applications, public cloud environments, and data centers and headquarters
for all users at all locations all the time.
To keep
your applications and data safe, you must secure all users at all
locations all the time. But how do you do this when your footprint
is expanding globally, more and more of your users are mobile, and
your applications and data are moving out of your network and into
the cloud? Prisma Access enables this consistent security by safely
enabling your users to access cloud and data center applications
as well as the internet whether they are at your headquarters, branch
offices, or on the road. Prisma Access consistently inspects all
traffic across all ports, enabling secure access to the internet,
as well as to your sanctioned SaaS applications, public cloud environments,
and data centers and headquarters. Threat prevention, malware prevention,
URL filtering, SSL decryption, and application-based policy capabilities
are built-in to provide you with the same level of security no matter
where your users are or what resources they are accessing. All Prisma Access
logs are stored in the Cortex Data Lake, providing centralized analysis,
reporting, and forensics across all users, applications, and locations.
Prisma Access delivers protection at scale with global coverage
so you don’t have to worry about things like sizing and deploying
hardware firewalls at your branches or building out and managing appliances
in collocation facilities. Prisma Access provides the network infrastructure
to connect all of your remote branches, your headquarter sites,
data centers, and mobile users without requiring you to build out
your own global security infrastructure and expand your operational
capacity.
With Prisma Access, Palo Alto Networks
deploys and manages the security infrastructure globally:
- Prisma Access for Remote Networks—Secures traffic to and from your branch offices to the internet, other branches, and to your headquarters and data centers over an IPSec tunnel. You can use any router, SD-WAN edge device, or firewall that supports IPSec to connect your remote networks to Prisma Access. Prisma Access then implements a full-mesh VPN within the security overlay, eliminating the complexity and operational overhead normally associated with branch-to-branch networking.
- Prisma Access for Mobile Users—Provides consistent security for your mobile users whether they are accessing applications at your data center, using SaaS applications, or browsing the internet. You can enable your mobile users to connect to Prisma Access through:
- You can deploy the GlobalProtect app to your users (available for smartphones, tablets, or laptops running Microsoft Windows, Apple macOS and iOS, Android, Google Chrome OS, and Linux) so that they can tunnel the traffic to Prisma Access for policy enforcement and threat prevention. The GlobalProtect app also provides host information profile (HIP) reporting so that you can create granular policies based on device state to ensure that endpoints adhere to your security standards—for example, they are equipped with the most up-to-date patches, encryption, and virus definitions—in order to access your most sensitive applications. Or, to enable secure access to users on unmanaged devices, you can enableClientless VPN. Prisma Access dynamically scales in and out per region based on where your users are at the moment.
- If your organization’s existing network already uses explicit proxies and deploys PAC files on your client endpoints, you can smoothly migrate to Prisma Access to secure mobile users’ outbound internet traffic.
Palo Alto Networks manages the
underlying security infrastructure, ensuring it is secure, resilient,
up-to-date and available to you when you need it. Your organization’s
responsibility is to onboard branches and mobile users, create
policies, query logs, and generate reports.
