Remote Browser Isolation Enhances SWG Capabilities for Prisma Access

Palo Alto Networks is today announcing the integration of Prisma Access with leading Remote Browser Isolation (RBI) solution, Ericom Shield. Available through CloudBlades, our third-party services integration platform for SASE, this integration complements the native Prisma Access Cloud Secure Web Gateway (SWG) capabilities to deliver enhanced security to our customers, while delivering an unparalleled user experience. Integration with Ericom Shield's solution enables our mutual customers to easily incorporate RBI services into their Prisma Access deployment.

Zero Trust Web Browsing

Web-based attacks continue to account for a significant portion of zero-day threats, typically through website or web browser vulnerabilities. Configuring allow and deny lists and acceptable use policies (AUP) for employees can be a challenge as acceptable web activity varies considerably by user, and as attackers often hide command and control domains in designated “safe” categories.

RBI solutions provide a way to implement zero trust browsing by assuming all websites could contain malicious code. They also alleviate the burden on IT teams of constantly reconfiguring AUP, which negatively impacts user experience. Zero trust browsing provides these benefits:

  • Configuring access control policies for high risk categories and suspicious sites is relieved by RBI’s ability to render web content in its remote secure container environment - simply send that traffic to remote isolation for safe access.
  • Render websites in a “read-only” mode, to prevent users from entering in credentials on suspected phishing or scam sites.
  • Shield web applications from malware uploads that could compromise other users.

Prisma Access & Ericom Shield

Prisma Access, with its native SWG capabilities, provides granular role-based and service specific access control to all users. With the GlobalProtect client, users authenticate to the Prisma Access service which grants or denies access to web categories based on user and group policy. Prisma Access secures and inspects all traffic, across all protocols, with leading next-generation threat prevention. For customers looking for RBI functionality, the joint Prisma Access and Ericom Shield solution offers a simple and elegant approach. Ericom Shield executes website code in a remote, isolated cloud-based container and sends only safe rendering information to the browser on users’ endpoints. Since no risky content executes directly on the devices, RBI mitigates the risk of advanced attacks without negatively impacting user experience.

Administrators can send web traffic to Ericom Shield by URL filtering category (i.e. uncategorized, shareware tools, etc.), or by web user-groups, such as corporate VIPs, to prevent the risk of spear phishing. Integration between Prisma Access and Ericom Shield is simple and is performed either through automatic traffic redirection or via IPSec tunneling. With the Prisma Access 2.0 release, customers have the option of using an explicit proxy for their deployment in place of a GlobalProtect agent for secure internet access. Ericom Shield integrates with Prisma Access explicit proxy as well to provide the same capabilities for securing web based protocols and traffic.

We’re excited to see how our customers leverage the integration between Prisma Access and Ericom Shield to deliver unparalleled user experience with industry leading cloud delivered security. Learn more about this partnership in our solution brief.

On July 28, Palo Alto Networks announced the integration of Prisma Access with leading RBI providers Menlo and Authentic8.