ML-powered Threat Protection in Prisma Access Secures Hybrid Workforce

It’s clear that where and how we work has forever changed. Work used to be a physical place we all went to be able to get access to all the applications, data, and resources needed to do our jobs, but now it’s being done everywhere. Hybrid work has emerged as the accepted standard, empowering employees to work where they feel most productive - home offices, branch offices, corporate offices, and all points in between.

Businesses had to accelerate their transformation initiatives and embrace a cloud-first approach to make the hybrid workforce a reality. This transformation drove greater business flexibility and agility, but it also exploded an already vast attack surface exposing major gaps in security approaches that were never designed to accommodate the sheer scope of users, applications, and data being anywhere.

Cyber adversaries exploited these security gaps and widened attack surface with a dramatic increase in cyber attacks. Malicious actors began unleashing a trove of new attacks leveraging speed, precision, and persistence, duping unsuspecting and unsavvy users into willingly giving up their access credentials to gain footholds into corporate networks. Attackers began to use more automated and evasive techniques that easily evaded formerly known “tried-and-true” security practices.

Whack-a-mole 2.0

The relentless pace and sophistication of these new and highly evasion-resistant attacks pushed legacy signature and database-based security approaches to the breaking point. The legacy approaches require security teams to identify an alert further down the attack chain. Once identified, the team then performs manual investigation and responses to deliver prevention signatures days after the initial victim had already been compromised. This results in a never-ending game of whack-a-mole where adversaries always seem to have the upper hand.

The time it takes to create new prevention signatures is incongruent with cybercriminal speed and automated attack delivery. To successfully protect hybrid workers against today’s threats, secure access solutions must be able to quickly detect and validate unknown threats while operating on live traffic to see and stop attacks as they happen, all without impacting user productivity.

Security teams now have the tools to make this real-time threat detection and eradication happen. Prisma Access has cloud-delivered, advanced threat prevention capabilities that leverage deep, inline machine learning. Security teams can now prevent even the most evasive threats just as they try to infiltrate their networks.

Prisma Access protects the hybrid workforce with the superior security of ZTNA 2.0 while providing exceptional user experiences from a simple, unified security product. Purpose-built in the cloud to secure at cloud scale, only Prisma Access with ZTNA 2.0 provides best-in-class capabilities that dramatically reduce the risk of a data breach while consistently protecting all users, devices, applications, and data everywhere. These ZTNA 2.0 capabilities are now further enhanced with powerful advanced threat prevention capabilities using cutting-edge, deep machine learning to effectively stop unknown attacks in real-time.

Get the Cloud-Delivered Ability to Stop Unknown Threats with Prisma Access

Security practitioners can finally turn the tables on adversaries with the new advanced threat prevention capabilities in Prisma Access. Prisma Access now provides:

• Advanced Threat Prevention Security. The ML-powered advanced threat prevention security allows Prisma Access to quickly detect and prevent malicious command-and-control communications over SSL, HTTP, and unknown TCP/UDP protocols. It also provides additional visibility into associated malware families, including MITRE ATT&CK tactics and techniques for preventing unknown attacks using purpose-built ML and inline deep learning models. Prisma Access identifies unknown threats with shared data from the industry’s largest enterprise malware analysis community, including threats submitted from networks, endpoints, clouds, and third-party partners. Leveraging our custom-built hypervisor with bare metal analysis, WildFire uses various complementary analysis engines that can detect sandbox-evading attacks.
• Advanced DNS Security. This capability enhances the leading DNS security capabilities currently available in Prisma Access with inline machine learning that applies automated and real-time protections to disrupt command-and-control callback and other DNS-based attacks. It also prevents security measure bypassing and eliminates the need for independent tools or changes to DNS routing.
• Advanced URL Filtering. This feature takes web security to a new level by combining powerful database protections with an ML-powered web security engine that categorizes and blocks new malicious URLs in real-time to provide superior protection against web-based threats, such as phishing, malware, and command-and-control. What’s more, industry-leading phishing protection now tackles the most common causes of breaches through fine-grained controls and policy settings that automate security actions based on users, risk ratings, and content categories.

The deep learning and inline ML-powered threat prevention capabilities in Prisma Access are tuned to “learn” how to identify tell-tale signs of threats and what to look for when new threats emerge, providing instant protection for hybrid workforces and hybrid environments without requiring a first victim or manual intervention.

Schedule your Prisma Access test drive and find out how you can take back the upper hand from your adversaries by deploying ML-powered advanced threat prevention security in Prisma Access. Stop the whack-a-mole game you’ve been forced to play with signature and database security approaches.