Unlocking Unimagined Use Cases with Prisma Access Browser

Jun 06, 2024
8 minutes
... views

The browser has become the main workspace and focal point for user-data interactions, exposing a missing layer in corporate security that requires a solution to secure work where it happens.

The enterprise browser enables security use cases that were previously difficult or impossible to achieve with existing tools. By integrating advanced security features directly into the browser, Prisma Access Browser unlocks new, previously unimagined use cases, taking your organization's security and productivity to the next level.

>>>Watch InterSECt 2024 on-demand to learn how you can unleash the power of the enterprise browser.

The Unique Capabilities of Prisma Access Browser

Embedding security controls directly into the browser ensures comprehensive visibility and control over all web-based activities. It enables centralized enforcement of security policies, real-time threat detection, and enhanced data protection.

With browser-embedded security controls, enterprises can achieve a consistent security posture when accessing corporate web applications on unmanaged devices. These controls address risks associated with contractors and bring-your-own-device (BYOD) policies. Additionally, they fill the missing layer of security on corporate devices.

Prisma Access Browser monitors and protects browser activities per your company policy. This allows for advanced security such as securing undecryptable traffic, last-mile data protection, secure use of GenAI tools, protecting privileged users, preventing insider threats in the browser, and more.

As the only enterprise browser that extends secure access service edge (SASE) to any device, Prisma Access Browser delivers best-in-class security to protect all browser-based activity. It leverages AI to stop 11.3 billion attacks a day in real-time.

With Prisma Access Browser, Prisma SASE is the only SASE to extend Zero Trust to all SaaS, web, and private applications. Let’s look at some of the previously unbelievable use cases unlocked by Prisma Access Browser.

1. Securing Undecryptable Traffic: QUIC, Microsoft 365 SLA

According to Google, 95% of internet traffic is encrypted. To secure this encrypted traffic, security teams must set up decryption policies and controls that comply with end-user privacy rules and the applications in use. Despite these measures, some protocols and application traffic remain inherently non-decryptable, which complicates the detection of malicious and sensitive files.

Traditional security solutions struggle with undecryptable traffic, like QUIC protocol and Microsoft 365 service level agreement (SLA) traffic, which is crucial for performance and user experience.

QUIC is faster and more efficient than traditional TCP. It's on by default in Google Chrome and used by a growing list of websites. Unfortunately, most security solutions do not currently recognize QUIC traffic as web traffic, therefore it is not inspected, logged, or reported on, leaving a gaping hole in your network's security.

Prisma Access Browser sees all web and SaaS traffic without requiring decryption, allowing security teams to easily log and control all events for data protection, threat hunting, and forensics. Similarly, for Microsoft 365, Prisma Access Browser can enforce SLA compliance and security policies, ensuring that enterprise data remains protected while maintaining optimal application performance.

2. Protect Data at the Last Mile

Last-mile protection is essential because it addresses security vulnerabilities at the final stage of data transmission and access, where data is most susceptible to breaches.

With more than 85% of employees' workday spent in the browser, web apps are the risky last mile of corporate work. Whether accessing internal tools, collaborating with colleagues through web-based platforms, or interacting with customers via online services, the browser is the common interface that combines the disparate components of modern enterprise workflows.

Protecting the last mile with Prisma Access Browser ensures that sensitive information remains secure even in this vulnerable space by offering seamless integration of security measures directly where work happens. This includes encryption, access controls, and real-time monitoring to prevent unauthorized activities.

By securing the last mile, organizations can protect against data breaches, comply with regulatory requirements, and maintain the integrity and confidentiality of their data, all while ensuring end users have an experience consistent with other modern browsers.

With full visibility into user activity in the browser, Prisma Access Browser enables highly granular content & context-based controls of data to help ensure that confidential information remains protected with advanced controls like data masking, screenshot blocking, limit sharing via collaboration tools, control copy and paste, prevent printing, apply watermarks on sensitive screens, limit file viewing on unsanctioned apps, block uploads to personal drives, and more.

3. Enabling Secure Use of GenAI Tools

Generative AI (GenAI) tools, such as ChatGPT, DALL-E, and other AI-driven platforms, are transforming business operations, offering new ways to enhance creativity, productivity, and decision-making. However, these tools also introduce potential security risks, including data leakage and unauthorized access.

Prisma Access Browser helps mitigate these risks by providing a secure environment for using GenAI tools. Embedding security features into the browser helps ensure that data interactions with GenAI platforms are protected. IT and security teams can set the stage for the secure enablement of GenAI tools in their organizations according to the user, device, application, and data type.

For example, Prisma Access Browser’s Typing Guard can identify when sensitive data is typed into an unauthorized web application and redact the sensitive data. This allows enterprises to harness the full potential of AI-driven innovations while balancing security and productivity.

4. Secure Privileged Users

Securing privileged users involves implementing stringent measures and protocols to protect accounts and access rights with elevated privileges within an organization's IT infrastructure. This is critical for corporate security because privileged accounts can access and manipulate sensitive data and critical systems, making them prime targets for cyberattacks.

By effectively securing these accounts, organizations can prevent unauthorized access, mitigate the risk of data breaches, and ensure compliance with regulatory requirements, safeguarding their operational integrity and reputation.

Prisma Access Browser can significantly enhance the security of privileged users accessing corporate apps in the browser by integrating robust features, including:

  • Step up multifactor authentication during critical stages of workflow.
  • Just-in-time (JIT) access by demanding admin approval for sensitive actions.
  • Last-mile data protections that enable least-privileged access.
  • Highly granular controls to ensure data integrity according to context and content.
  • Device posture checks to protect against privileged access from unsafe endpoints.
  • Audit trails of all activity and selected session recordings.

These comprehensive security measures ensure that privileged users operate within a secure and controlled environment, preventing unauthorized access, mitigating the risk of data breaches, and ensuring compliance with regulatory requirements.

5. Preventing Insider Threats in the Browser

Imagine a scenario where a long-time employee is preparing to leave the company. In the weeks leading up to their departure, they send themselves emails containing sensitive corporate materials, such as project documents and product presentations, using their personal email account.

This action isn't driven by malicious intent; the employee simply wants reference materials for future use. However, despite the seemingly innocent nature of their actions, this transfer of confidential information to an unsecured personal email poses a significant risk to the company's data security and privacy protocols. Insider threats remain a significant concern for many organizations.

Whether intentional or accidental, employee actions can lead to data breaches and security incidents. Leaking data has never been easier when using consumer browsers for work.

Prisma Access Browser lets you easily define which applications can only be accessed in your secure workspace, and which should be completely blocked. You can control:

  • The user login to specific services, based on the email domain to isolate the business workspace from personal accounts.
  • Which file types can be shared in a specific app. For example, files downloaded from a corporate app can be defined as sensitive and inaccessible from a noncorporate SaaS app, like personal email.
  • File encryption upon download, making the browser a secure bubble where all data inside is accessible and protected, but outgoing data is unusable.

These are just a few examples of new use cases unlocked by the powerful security of Prisma Access Browser. Other examples include browser threat hunting and forensics, access to nonmanaged accounts (e.g., virtual deal room, financial services), shadow IT, secure foreign operations, and more.

Prisma Access Browser Secures the Modern Enterprise

Designed with productivity in mind, Prisma Access Browser enables these use cases using granular content and context controls that do not hinder productivity. It includes mechanisms to mitigate risky behavior while allowing a seamless work environment. All rules and policies are fully customizable and can be easily tailored to your use case and corporate needs at any point.

Prisma Access Browser is redefining the role of the browser in enterprise security. It’s a secure browser and the ultimate modern workspace, designed with security and productivity in mind. Powered by AI, it is natively integrated with Advanced WildFire, one of the strongest file-scanning engines in the industry, scanning over 35 million files daily.

As the only SASE-native enterprise browser, it unlocks previously unimaginable use cases, providing a powerful, holistic solution that addresses the complex challenges of modern enterprises.

Watch InterSECt 2024 on-demand to learn how to secure workspaces on managed and unmanaged devices with a SASE-native enterprise browser.


Subscribe to Sase Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.