The strong force of distributed resources is shaping today’s organizations – workers are hybrid and applications are increasingly moving to the cloud. While this creates an opportunity for businesses to innovate and scale faster, it exposes them to a new generation of evasive and unique attacks.
Organizations have been adopting Secure Access Service Edge (SASE) at an unprecedented pace to address this new reality of work. Prisma SASE is a globally distributed service that combines cloud-delivered secure access (SSE) and SD-WAN into a single solution, helping customers drive better security and networking outcomes while automating manual and complex IT operations. Our customers tell us they want to consolidate these capabilities into a unified solution.
“By 2025, 65% of enterprises will have consolidated individual SASE components into one or two SASE vendors, up from 15% in 2021.”
- Gartner, Market Guide for Single-Vendor SASE, Neil MacDonald, John Watts, Jonathan Forest, Andrew Lerner, September 28, 2022:
Despite this wide adoption and expanding list of vendors offering SASE, not all SASEs are created equal. Today at SASE Converge ‘23, we’re showcasing innovations helping shape the future of SASE and network security.
Every day, Palo Alto Networks detects 1.5 million new and unique attacks, as well as analyzes 750 million new and never-before-seen objects. In total, each day we prevent up to 8.6 billion attacks in near real-time.
Today, we’re announcing powerful new capabilities to achieve Zero Trust security and how we believe SASE needs to evolve to secure managed and unmanaged devices:
- Securing Against the Rising Risk of Unmanaged Devices – While most IT teams are focused on securing the managed devices, attackers can target vulnerabilities in the personal unmanaged devices of workers with sophisticated attacks, including phishing and smishing, to get access to company information. Last week, we announced our intent to acquire Talon Cyber Security to help tackle this challenge. Once we integrate Talon’s Enterprise Browser with Prisma SASE, after closing our proposed acquisition, customers will be able to apply best-in-class security to all users. They will get unprecedented visibility into all devices connecting to business applications.
- Protection Against Unknown Web-Based Threats – Today, we are introducing remote browser isolation (RBI) natively integrated with Prisma SASE. In an RBI solution, the browser is run in an isolated environment in the cloud. The screen renderings are presented back to the user. This prevents any kind of malware from directly executing in the end user's environment. In addition, the RBI solution seamlessly integrates with the Prisma SASE security policy, allowing an easy way to extend a URL Filtering policy to send unknown websites through RBI for an extra layer of protection.
- Data Security for Interconnected SaaS Apps – A typical large enterprise consumes over 130 sanctioned SaaS applications, not to mention numerous SaaS apps that employees use for shadow IT or personal use. Oftentimes, a SaaS application is not just a standalone application. Because of marketplaces, browser plugins and API integrations, any SaaS application is interconnected with numerous other SaaS applications. We are now introducing Interconnected SaaS Apps security with our Next-Generation CASB from Palo Alto Networks. It gives you complete visibility into which users use plugins and interconnected SaaS applications. It provides information on permission scopes, the number of active users, installation dates and other attributes used to assess risk. Once you have visibility and can see the risk, you can easily revoke any specific plugin’s access to your apps and data. This helps minimize risk to your organization.
- Securing Against the Rise of Gen AI Applications – ChatGPT and various other generative LLM applications have seen accelerated adoption by workers in all industries in the last year. While there are numerous benefits of LLMs, they also increase the risk of employees leaking sensitive data through these applications, violating compliance or regulatory requirements. Our Next-Generation CASB can now identify and block access to entire catalogs of unsanctioned and high-risk generative AI apps that put your users and data at risk. And for the apps you do allow, we can prevent sensitive data loss to ChatGPT and other commonly used apps, such as when users paste source code or PII data into these applications.
- Data Security for Unique Intellectual Property & Sensitive Data – We are making it even easier for customers to accurately discover and protect sensitive data unique to your business with the power of AI and ML. Our DLP classifiers already feature 100+ predefined document-type detectors and leverage the latest LLM technology to drive unparalleled accuracy. In addition, you can now train custom ML models on your unique and proprietary documents. This capability can be used to discover and protect financial, legal, scientific, and business documents such as pay stubs, employment contracts, legal intake forms, and more that are unique to your organization.
Exceptional User Experience
Network security and seamless user experience must go hand-in-hand to empower organizations to prevent the latest technology from inhibiting user productivity. Today, we are introducing innovations through which Prisma SASE will deliver faster than direct-to-app user experience:
- SASE Is Faster Than the Internet with App Acceleration – We’re announcing the new Prisma Access App Acceleration capability that will deliver up to five times faster performance* for users accessing business-critical apps like Salesforce, Google Workspace, SAP and others via Prisma SASE than when they access applications directly over the internet. Leveraging a patented technology to do predictive modeling of user and app behavior, Prisma Access can anticipate user interactions, quickly identifying dynamic content the user will ask for next. This intelligent prefetching of dynamic enterprise app content results in an unprecedented and high-performing user experience.
- Application SLA Assurance with Prisma SD-WAN – Prisma SD-WAN allows customers to measure, enforce and create automated alerts to deliver exceptional user experience. It delivers app SLA assurance by measuring the network and application performance, and taking action if they fall below the threshold levels. It applies app prioritization for your mission-critical applications, whether point of sale in retail or your ERP application in manufacturing. Second, it ensures that application flows can be moved across various network connections, which is especially relevant for real-time traffic. Finally, with Adaptive FEC, it allows uninterrupted operation even in lossy network environments. Prisma SD-WAN enables adaptive FEC on any WAN carriers or links and dynamically adjusts based on the lossy conditions.
- Broadest Segmentation with Prisma SD-WAN – We've always supported network context for segmentation with no network or routing changes, which is a highly innovative way to isolate user and application traffic. We are now introducing support for VRF as well, which is important for organizations that are more comfortable with the VRF segmentation approach, as well as for those who may have overlapping IP addresses, due to M&A.
With the new capabilities announced today, I’m incredibly excited about delivering even better security and user experience outcomes for our customers. At Palo Alto Networks, we believe a unified approach is the best way for organizations to optimize their security and operational outcomes. As a result, Prisma SASE secures all users, whether in branches, at home or on the go, with all the applications, wherever they are – in the data center, SaaS, cloud or multiple clouds.
I encourage you to check out the SASE Converge ‘23 virtual event experience. There, you’ll find educational videos, product demos and conversations with customers and analysts at the leading edge of their industries. These are all designed to help you realize the promise of AI-powered SASE and achieve your transformation goals.
* Palo Alto Networks App Acceleration for Prisma SASE delivers measurable performance improvements up to 5 times faster than accessing the same applications directly via the internet.