New Features - SaaS Security - February 2025

Tenant-level detection and control within SaaS Security Inline is limited to only select applications. For these applications, SaaS Security Inline can detect the specific application tenants that users are accessing. SaaS Security Inline displays these tenant details, and you can submit policy rule recommendations at the tenant level.

To support tenant-level detection and control for more applications, we now support even greater granularity through session tracking. We introduced session tracking to enable SaaS Security Inline to create policy recommendations for individual user accounts on an application tenant. This capability enables you to allow some application traffic for a tenant, while blocking traffic from specific user accounts on that tenant. For example, for a trusted vendor, you might allow traffic only for your organization's accounts for a particular application, while blocking traffic for the vendor's accounts or personal accounts for the application.

Session tracking is available only if your license includes SaaS Security Inline, and you must explicitly enable session tracking in PAN-OS®.

After you enable session tracking, PAN-OS logs additional user and tenant information to Strata Logging Service. This feature also introduces new custom objects types (SaaS Users and SaaS Tenants) for identifying user accounts and tenants in a policy rule.

Because SaaS Security Inline is the only consumer of the session tracking information, and because you might not need to block traffic at the granularity of user accounts, session tracking is disabled by default. Administrators can easily enable this setting, as described in the instructions for creating SaaS policy rule recommendations.

The Simplified Security Policy Recommendations for SaaS Security Inline enhances your ability to manage and enforce SaaS app Security policy rules efficiently for NGFW and Prisma Access managed by Strata Cloud Manager . You can now create, manage, and enforce SaaS Security Inline policy rules using the predefined SAAS-Inline-Pol-Recommendations snippet to enforce consistent SaaS app security.

Alternatively, you can now create an Internet Access rule instead of going through the typical SaaS Security Inline policy rule recommendation workflow. As a SaaS Security administrator, creating an Internet Access rule allows you to gain full control over policy rule enforcement and rule ordering. The unified policy framework simplifies your policy rule creation experience, allowing you to enforce consistent SaaS app security regardless of the enforcement point, eliminate policy implementation delay, and reduce the risk of misconfigurations. This streamlined workflow enables you to fully utilize the SaaS Security Inline capabilities, achieving a stronger security posture for your SaaS environment. Simplified Security Policy Recommendations for SaaS Security Inline allows you to more effectively secure your SaaS apps, reduce administrative overhead, and gain clearer visibility into your SaaS Security posture. The Simplified Security Policy Recommendations for SaaS Security Inline is valuable if you manage complex SaaS environments, require granular control over Security policy rules, or need to rapidly respond to evolving security requirements in your cloud infrastructure.

The simplified security policy feature solves the challenge of managing complex, fragmented Security policy rules across multiple Palo Alto Networks products by integrating policy management within the Strata Cloud Manager interface. It unifies SaaS Security and internet access policy rules, providing centralized control and enhanced visibility. This integration reduces misconfigurations and accelerates security best practices adoption.

You can create policy rules using predefined templates or from scratch, with granular controls for user and device-based access, application actions, and data loss prevention. The feature implements dynamic policy enforcement, automatically adapting to changes in application risk levels, tags, and categories. This ensures your security posture remains up to date without manual intervention.

By consolidating policy management, you gain improved control over policy enforcement, minimize configuration errors, and streamline security implementation. This unified approach allows you to effectively secure your SaaS environment while maintaining consistency with existing internet access security policy rules.