Prisma Access
Prisma Access makes it easy for you to enable consistent,
secure access to the internet, as well as to your sanctioned SaaS
applications, public cloud environments, and data centers and headquarters
for all users at all locations all the time.
To keep
your applications and data safe, you must secure all users at all
locations all the time. But how do you do this when your footprint
is expanding globally, more and more of your users are mobile, and
your applications and data are moving out of your network and into
the cloud? Prisma Access enables this consistent security by safely
enabling your users to access cloud and data center applications
as well as the internet whether they are at your headquarters, branch
offices, or on the road. Prisma Access consistently inspects all
traffic across all ports, enabling secure access to the internet,
as well as to your sanctioned SaaS applications, public cloud environments,
and data centers and headquarters. Because Prisma Access leverages
the next-generation firewall capability, threat prevention, malware
prevention, URL filtering, SSL decryption, and application-based
policy capabilities are built-in to provide you with the same level
of security no matter where your users are or what resources they
are accessing. All Prisma Access logs are stored in the Cortex Data
Lake, providing centralized analysis, reporting, and forensics across
all users, applications, and locations.
Prisma Access delivers protection at scale with global coverage
so you don’t have to worry about things like sizing and deploying
hardware firewalls at your branches or building out and managing
appliances in collocation facilities. Prisma Access provides the
network infrastructure to connect all of your remote branches, your
headquarter sites, data centers, and mobile users without requiring
you to build out your own global security infrastructure and expand
your operational capacity.
With the Prisma Access, Palo Alto Networks
deploys and manages the security infrastructure globally based on
what you have licensed:
- Prisma Access for networks—Secures traffic to and from your branch offices to the internet, other branches, and to your headquarters and data centers over an IPSec tunnel. You can use any router, SD-WAN edge device, or firewall that supports IPSec to connect your remote networks to Prisma Access. Prisma Access then implements a full-mesh VPN within the security overlay, eliminating the complexity and operational overhead normally associated with branch-to-branch networking. You license Prisma Access for networks based on the total bandwidth you need across all sites. You can then allocate the specific amounts of bandwidth you need at each site.
- Prisma Access for users—Provides consistent security for your mobile users whether they are accessing applications at your data center, using SaaS applications, or browsing the internet. You can deploy the GlobalProtect app to your users (available for smartphones, tablets, or laptops running Microsoft Windows, Apple macOS and iOS, Android, Google Chrome OS, and Linux) so that they can tunnel the traffic to Prisma Access for policy enforcement and threat prevention. The GlobalProtect app also provides host information profile (HIP) reporting so that you can create granular policies based on device state to ensure that endpoints adhere to your security standards—for example, they are equipped with the most up-to-date patches, encryption, and virus definitions—in order to access your most sensitive applications. Or, to enable secure access to users on unmanaged devices, you can enable Clientless VPN. Prisma Access dynamically scales in and out per region based on where your users are at the moment. You license Prisma Access for Users based on the number of users.
Palo Alto Networks manages the
underlying security infrastructure, ensuring it is secure, resilient,
up-to-date and available to you when you need it. Your organization’s
responsibility is to onboard branches and mobile users, create
policies, query logs, and generate reports.