Enhanced Branch Security

Table of Contents

Exact Data Matching Column Context for Enterprise DLP Incidents

Enhanced Branch Security

Learn about the enhanced branch security feature in Prisma SD-WAN.

Prisma SD-WAN is introducing CDSS (Cloud Delivered Security Services) Branch Security to extend on-box protection at the branch, complementing our SASE platform with capabilities such as intra-branch policy enforcement and local guest URL filtering.

The branch security feature requires a subscription license and is supported starting with the release 6.5.3-I. Logging to SLS also requires a valid SLS license for your tenant/devices.

Key Features:

Simplified Security Policy Enforcement: A Security Profile Group is a collection of security profiles (including Antivirus, Anti-Spyware, Vulnerability Protection, URL Filtering, and DNS) that function as a single unit. This structure allows for the assignment of multiple profiles to a security policy rule in one step. Both Prisma Access and Prisma SD-WAN use these Security Profile Groups to maintain a consistent security posture across the network. By applying the same profile group, traffic from mobile users (cloud-connected) and branch offices (local-edge-connected) receives an identical set of threat prevention checks, which simplifies policy management.
Integrated Threat Coverage: The feature provides integrated Threat Prevention, DNS Security, and URL Filtering services for your branch networks.
Centralized Logging: Prisma SD-WAN now offers the option to log all traffic and security events directly to the Strata Logging Service (SLS), providing centralized visibility, scalable cloud-native storage, and enhanced forensic capabilities.

Email DLP Inspection Status Header

Exact Data Matching Column Context for Enterprise DLP Incidents