[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Cloud Security](https://www.paloaltonetworks.com/cyberpedia/cloud-security?ts=markdown) 3. [What Is a CASB (Cloud Access Security Broker)? | 101 Guide](https://www.paloaltonetworks.com/cyberpedia/what-is-a-casb-cloud-access-security-broker?ts=markdown) Table of contents * [Why are CASBs important for businesses today?](#why-casb) * [What are the four components of CASB?](#casb-components) * [How does a CASB work?](#casb-work) * [What are the benefits of a CASB?](#casb-benefits) * [What are the primary CASB use cases?](#casb-uses) * [What are the different types of CASB deployment models?](#casb-models) * [How to choose a CASB solution and what to look for](#casb-choose) * [How to implement a CASB in 6 steps](#implement-casb) * [What is the role of a CASB in SASE architecture?](#casb-role) * [Comparing CASBs with other security technologies](#casb-other) * [What is the history of CASB?](#casb-history) * [CASB FAQs](#casb-faqs) # What Is a CASB (Cloud Access Security Broker)? | 101 Guide 13 min. read Table of contents * [Why are CASBs important for businesses today?](#why-casb) * [What are the four components of CASB?](#casb-components) * [How does a CASB work?](#casb-work) * [What are the benefits of a CASB?](#casb-benefits) * [What are the primary CASB use cases?](#casb-uses) * [What are the different types of CASB deployment models?](#casb-models) * [How to choose a CASB solution and what to look for](#casb-choose) * [How to implement a CASB in 6 steps](#implement-casb) * [What is the role of a CASB in SASE architecture?](#casb-role) * [Comparing CASBs with other security technologies](#casb-other) * [What is the history of CASB?](#casb-history) * [CASB FAQs](#casb-faqs) 1. Why are CASBs important for businesses today? * [1. Why are CASBs important for businesses today?](#why-casb) * [2. What are the four components of CASB?](#casb-components) * [3. How does a CASB work?](#casb-work) * [4. What are the benefits of a CASB?](#casb-benefits) * [5. What are the primary CASB use cases?](#casb-uses) * [6. What are the different types of CASB deployment models?](#casb-models) * [7. How to choose a CASB solution and what to look for](#casb-choose) * [8. How to implement a CASB in 6 steps](#implement-casb) * [9. What is the role of a CASB in SASE architecture?](#casb-role) * [10. Comparing CASBs with other security technologies](#casb-other) * [11. What is the history of CASB?](#casb-history) * [12. CASB FAQs](#casb-faqs) A cloud access security broker (CASB) is a security tool that acts as an intermediary between an organization's on-premises infrastructure and cloud service providers. It extends security measures to the cloud, enforcing policies and providing visibility into cloud application usage. CASBs operate across various cloud models: software-as-a-service (SaaS), platform-as-a-service (PaaS), and infrastructure-as-a-service (IaaS). They protect organizational data by managing security functions like authentication, authorization, and encryption. ![Cloud Access Security Broker (CASB) architecture diagram in a three-column format; on the left, the Organization column shows icons for PCs, laptops, and mobile devices \& data, suggesting the internal assets protected by the CASB, with an arrow labeled Enterprise Integration pointing towards the middle column which is highlighted in teal to denote the CASB's central functionalities including Visibility, Compliance, Data Security, and Threat Protection, each represented by an intuitive icon such as an eye for visibility and a shield for data security; the right column, labeled As-a-Service, lists different cloud services the CASB interfaces with, including PaaS with IBM Bluemix and Oracle Cloud, SaaS with ServiceNow and Salesforce, and IaaS with Azure and AWS, showing the CASB’s extensive integration capabilities across various cloud platforms.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/CASB-2025_1.png "Cloud Access Security Broker (CASB) architecture diagram in a three-column format; on the left, the Organization column shows icons for PCs, laptops, and mobile devices & data, suggesting the internal assets protected by the CASB, with an arrow labeled Enterprise Integration pointing towards the middle column which is highlighted in teal to denote the CASB's central functionalities including Visibility, Compliance, Data Security, and Threat Protection, each represented by an intuitive icon such as an eye for visibility and a shield for data security; the right column, labeled As-a-Service, lists different cloud services the CASB interfaces with, including PaaS with IBM Bluemix and Oracle Cloud, SaaS with ServiceNow and Salesforce, and IaaS with Azure and AWS, showing the CASB’s extensive integration capabilities across various cloud platforms.") ## Why are CASBs important for businesses today? CASBs are important for businesses today because with the vast adoption of cloud services, businesses face majorly increased security vulnerabilities. "As organizations increasingly rely on cloud resources for both operations and the storage of valuable data, incidents related to the cloud or SaaS applications are some of the most impactful we see. A little less than one third of cases (29%) in 2024 were cloud-related. This means that our investigation involved collecting logs and images from a cloud environment or touched on externally hosted assets such as SaaS applications. Those cases don't necessarily represent the situations in which threat actors are doing damage to cloud assets. We see this in about one in five cases in 2024 (21%), where threat actors adversely impacted cloud environments or assets." [- Palo Alto Networks, ​​2025 Unit 42 Incident Response Report](https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report) CASBs provide a critical layer of security that ensures enterprise data---whether in transit or at rest---remains secure across cloud platforms and applications. ![Access Security Broker (CASB) system diagram with multiple components interacting to secure enterprise cloud applications. It features three main elements: Branch, represented by an office building icon, connects through a labeled pathway https://443 allow to Internet, suggesting secure internet access protocols. The central CASB service icon, symbolized by a cloud with a lock, receives data from an IDP/authentication symbol showing a person and a key, indicating identity verification processes. To the right, two groups of cloud applications are shown; Sanctioned apps like Box and Zoom are tagged with 'Allowed,' while 'Blocked' labels appear near icons for Shadow IT applications like Skype and Slack, visually differentiating permitted and restricted cloud services within the enterprise environment.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/CASB-2025_2.png "Access Security Broker (CASB) system diagram with multiple components interacting to secure enterprise cloud applications. It features three main elements: Branch, represented by an office building icon, connects through a labeled pathway https://443 allow to Internet, suggesting secure internet access protocols. The central CASB service icon, symbolized by a cloud with a lock, receives data from an IDP/authentication symbol showing a person and a key, indicating identity verification processes. To the right, two groups of cloud applications are shown; Sanctioned apps like Box and Zoom are tagged with 'Allowed,' while 'Blocked' labels appear near icons for Shadow IT applications like Skype and Slack, visually differentiating permitted and restricted cloud services within the enterprise environment.") Here's why this matters: Traditional [network security](https://www.paloaltonetworks.com/cyberpedia/what-is-network-security) measures like [firewalls](https://www.paloaltonetworks.com/cyberpedia/what-is-a-firewall) are less effective outside the physical data center. Plus: The rise of remote work and BYOD policies expands the potential for insecure app usage, AKA [shadow IT](https://www.paloaltonetworks.com/cyberpedia/shadow-data). ![A diagram depicting Shadow IT, with two sides connected to a central Staff icon. On the left, Sanctioned apps is labeled with icons for Google Drive, Gmail, Microsoft 365, and Teams. On the right, Shadow IT (Unsanctioned apps) is labeled with icons for Zoom, Instagram, Skype, Facebook, and WhatsApp.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/SaaS-2025_6.png "A diagram depicting Shadow IT, with two sides connected to a central Staff icon. On the left, Sanctioned apps is labeled with icons for Google Drive, Gmail, Microsoft 365, and Teams. On the right, Shadow IT (Unsanctioned apps) is labeled with icons for Zoom, Instagram, Skype, Facebook, and WhatsApp.") CASBs address these risks by offering features like shadow IT control and [cloud data loss prevention (DLP)](https://www.paloaltonetworks.com/cyberpedia/cloud-data-loss-prevention). This enables businesses to maintain stringent security standards while adopting flexible and mobile working practices. Not to mention, cloud environments come with the shared responsibility model we all know and love: ![A diagram illustrating the shared responsibility model with two sections labeled Customer and Cloud service provider. The customer is responsible for security related to operating systems, networking and firewall configuration, customer data, and storage. The cloud service provider is responsible for platforms, applications, client-side data encryption, software, and compute. Both sides include elements like encryption, identity management, networking, and data protection.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/SaaS-2025_7.png "A diagram illustrating the shared responsibility model with two sections labeled Customer and Cloud service provider. The customer is responsible for security related to operating systems, networking and firewall configuration, customer data, and storage. The cloud service provider is responsible for platforms, applications, client-side data encryption, software, and compute. Both sides include elements like encryption, identity management, networking, and data protection.") The shared responsibility model leaves certain security obligations to the user. CASBs help businesses fulfill these responsibilities by enhancing visibility and control over cloud resources. And that's important for compliance **and** protecting against sophisticated cyber threats. In essence, CASBs matter because they allow businesses to extend the security perimeter to the cloud seamlessly and effectively---which leads to the safe and compliant use of cloud applications. ## What are the four components of CASB? The four components of CASB include: 1. Visibility 2. Data security 3. Threat protection 4. Compliance ![Graphic titled CASB features with four columns highlighting key functionalities of Cloud Access Security Brokers (CASB). Each column has a distinct icon at the top followed by text explaining the feature. The first column, labeled Visibility, features an eye icon and discusses the detection of new cloud services usage, identification of unauthorized (Shadow IT) applications, and risk evaluation of cloud services. The second column, Data security, shows a shield icon and details the control of data sharing and data loss prevention (DLP) strategies, implementation of encryption, and data labeling for secure data management. The third column, Threat protection, with a guard shield icon, outlines protection against malware, detection of unusual activities and security anomalies, and the establishment of flexible access rules. The fourth and final column, Compliance, represented by a balance scale icon, focuses on reviewing and assessing security configurations and compliance status, and offering guidance for ongoing internal risk management strategies.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/CASB-2025_3.png "Graphic titled CASB features with four columns highlighting key functionalities of Cloud Access Security Brokers (CASB). Each column has a distinct icon at the top followed by text explaining the feature. The first column, labeled Visibility, features an eye icon and discusses the detection of new cloud services usage, identification of unauthorized (Shadow IT) applications, and risk evaluation of cloud services. The second column, Data security, shows a shield icon and details the control of data sharing and data loss prevention (DLP) strategies, implementation of encryption, and data labeling for secure data management. The third column, Threat protection, with a guard shield icon, outlines protection against malware, detection of unusual activities and security anomalies, and the establishment of flexible access rules. The fourth and final column, Compliance, represented by a balance scale icon, focuses on reviewing and assessing security configurations and compliance status, and offering guidance for ongoing internal risk management strategies.") Let's break down the four main components that make CASBs essential in detail: 1. **Visibility:** Visibility is the starting point for effective [cloud security](https://www.paloaltonetworks.com/cyberpedia/what-is-a-cloud-security). CASBs provide a panoramic view of all cloud services in use within an organization, shedding light on shadow IT. And that allows IT teams to see which cloud applications are being accessed and by whom, which means more informed policy decisions and risk assessments. 2. **Compliance:** Navigating the complex landscape of regulatory requirements becomes more manageable with a CASB. A CASB makes it way easier for the security team to be certain that cloud data handling complies with laws like [GDPR](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance), [HIPAA](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa), or [PCI-DSS](https://www.paloaltonetworks.com/cyberpedia/pci-dss). CASBs automate compliance tasks, reducing the burden on IT teams and helping prevent costly penalties for non-compliance. 3. **Data security:** Protecting [sensitive data](https://www.paloaltonetworks.com/cyberpedia/sensitive-data) is a core function of CASBs. They extend traditional security measures into the cloud, implementing controls such as access restrictions and [data loss prevention (DLP)](https://www.paloaltonetworks.com/cyberpedia/what-is-data-loss-prevention-dlp) to safeguard data in transit and at rest. This not only prevents [data leaks](https://www.paloaltonetworks.com/cyberpedia/data-leak) but also enhances the overall integrity of data across cloud platforms. 4. **Threat protection:** CASBs are equipped to defend against both internal and external threats. By analyzing usage patterns and detecting anomalies, they can identify potential security incidents before they escalate. This proactive [threat management](https://www.paloaltonetworks.com/cyberpedia/what-is-threat-intelligence-management) includes everything from [malware](https://www.paloaltonetworks.com/cyberpedia/what-is-malware) defense to spotting risky user behaviors, ensuring comprehensive security coverage. | ***Further reading:** [A More Effective Cloud Security Approach: NGFW for Inline CASB](https://www.paloaltonetworks.com/cyberpedia/more-effective-cloud-security-approach-NGFW-for-inline-CASB)* ## How does a CASB work? A CASB works through a strategic process to ensure robust security across an organization's cloud environment. Here's a breakdown of how CASBs typically work: ![Graphic that outlines the How a CASB works process using a flow diagram with three key phases: Discovery, Classification, and Remediation. At the top, a title How a CASB works is placed above a light blue flow arrow that visually connects the phases, each denoted by a distinct icon and a vertical text box. The Discovery phase uses a magnifying glass icon and discusses employing automated discovery tools to compile a list of all cloud services and identify their users. In the Classification phase, symbolized by two overlapping squares, the text explains that risks are evaluated by determining specific applications involved, the types of information stored, and the ways information is shared within these applications. The Remediation phase, indicated by a wrench and gear icon, describes formulating policies that tailor security measures to organizational needs and implementing immediate responses to address security breaches, focusing on data protection and user access requirements.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/CASB-2025_4.png "Graphic that outlines the How a CASB works process using a flow diagram with three key phases: Discovery, Classification, and Remediation. At the top, a title How a CASB works is placed above a light blue flow arrow that visually connects the phases, each denoted by a distinct icon and a vertical text box. The Discovery phase uses a magnifying glass icon and discusses employing automated discovery tools to compile a list of all cloud services and identify their users. In the Classification phase, symbolized by two overlapping squares, the text explains that risks are evaluated by determining specific applications involved, the types of information stored, and the ways information is shared within these applications. The Remediation phase, indicated by a wrench and gear icon, describes formulating policies that tailor security measures to organizational needs and implementing immediate responses to address security breaches, focusing on data protection and user access requirements.") 1. **- Discovery:** The first step involves identifying all cloud applications being used within the organization. This includes sanctioned apps as well as shadow IT---applications not officially sanctioned by the organization. By employing auto-discovery technologies, a CASB can catalog all cloud services accessed, pinpointing potential risks and vulnerabilities. 2. **- Classification:** After discovery, the next phase is to assess the risk associated with each identified cloud service. A CASB evaluates the types of data stored and shared within these applications and the security measures they employ. This step helps determine the security posture of each application and how it aligns with the organization's compliance and governance standards. 3. **- Remediation:** Based on the risk assessment, the CASB then enforces appropriate security policies to manage and mitigate risks. This includes implementing [access controls](https://www.paloaltonetworks.com/cyberpedia/access-control), enforcing data protection measures like encryption, and providing real-time threat protection. If any activity or data movement violates the set policies, the CASB can automatically take corrective actions, such as blocking risky transactions or alerting security personnel. Essentially, CASBs integrate various security functions---such as threat prevention, compliance management, and [data security](https://www.paloaltonetworks.com/cyberpedia/what-is-data-security)---into a single solution that spans multiple cloud services. A unified approach simplifies cloud application security management. It also makes protecting sensitive information and maintaining compliance in a dynamic cloud environment way more reasonably achievable. ## What are the benefits of a CASB? ![Structured diagram titled Benefits of CASB, featuring six squares aligned in a two-column format, each detailing a specific benefit of Cloud Access Security Brokers. Each square contains an icon and a label describing the benefit. From left to right, top to bottom, the benefits listed are: Enhanced operational efficiency, with an icon of linked circles; Comprehensive data protection, depicted with a document and shield icon; Improved regulatory compliance, shown with a checklist icon; Enhanced visibility \& control, represented by an eye and dashboard icon; Advanced security against cyber threats, featuring a shield and bug icon; and Cost-effective management of cloud security, illustrated with a dollar sign and shield icon. The squares are connected by a light gray line, suggesting a flow or relationship between the benefits.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/CASB-2025_5.png "Structured diagram titled Benefits of CASB, featuring six squares aligned in a two-column format, each detailing a specific benefit of Cloud Access Security Brokers. Each square contains an icon and a label describing the benefit. From left to right, top to bottom, the benefits listed are: Enhanced operational efficiency, with an icon of linked circles; Comprehensive data protection, depicted with a document and shield icon; Improved regulatory compliance, shown with a checklist icon; Enhanced visibility & control, represented by an eye and dashboard icon; Advanced security against cyber threats, featuring a shield and bug icon; and Cost-effective management of cloud security, illustrated with a dollar sign and shield icon. The squares are connected by a light gray line, suggesting a flow or relationship between the benefits.") Implementing a cloud access security broker (CASB) brings plenty of advantages to organizations navigating the complexities of cloud security. Here's how CASBs benefit businesses: * **Enhanced operational efficiency:** CASBs integrate multiple security functions into a single platform, which streamlines cloud security management. The consolidation reduces the complexity and costs associated with managing disparate security tools, which simplifies the security management lifecycle. * **Improved regulatory compliance:** CASBs ensure organizations meet stringent regulatory standards for data protection. By applying uniform security policies across all cloud services, businesses can maintain compliance automatically. And that reduces the risk of costly penalties. * **Advanced security against cyber threats:** CASBs offer proactive threat protection with sophisticated behavior analytics and anomaly detection. They safeguard against both internal and external threats, preventing unauthorized access and other cyber risks in real-time. * **Comprehensive data protection:** By extending robust data security measures like [encryption](https://www.paloaltonetworks.com/cyberpedia/data-encryption) and access controls to the cloud, CASBs ensure sensitive data is protected both in transit and at rest. They enforce DLP to prevent [data exfiltration](https://www.paloaltonetworks.com/cyberpedia/data-exfiltration) and leaks. Which ultimately secures critical data. * **Enhanced visibility and control:** CASBs provide deep visibility into cloud application usage within an organization, including the detection and management of shadow IT. This way, security teams can better manage security risks by enforcing consistent security policies across all cloud resources. * **Cost-effective management of cloud security:** By consolidating security measures into a unified platform, CASBs reduce the overhead and complexity associated with multiple security solutions. And that cuts costs **and** improves the effectiveness of security measures across cloud environments. ## What are the primary CASB use cases? ![Graphic titled CASB use cases, featuring six purple squares organized in two vertical columns connected by a central vertical line. Each square includes an icon and a label describing different use cases for Cloud Access Security Brokers. On the left column, from top to bottom, the labels read: Discover and control shadow IT with a magnifying glass icon, Secure non-corporate SaaS tenants represented by a shield with a house, and Control risky file sharing indicated by a checkmark inside a document icon. On the right column, the labels are Remediate SaaS misconfigurations with puzzle pieces icon, Avoid data leakage shown with a document and outward arrows, and Prevent successful attacks featuring a crossed-out bug icon. Each benefit is directly aligned with the CASB's capabilities to enhance IT security and compliance management.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/CASB-2025_6.png "Graphic titled CASB use cases, featuring six purple squares organized in two vertical columns connected by a central vertical line. Each square includes an icon and a label describing different use cases for Cloud Access Security Brokers. On the left column, from top to bottom, the labels read: Discover and control shadow IT with a magnifying glass icon, Secure non-corporate SaaS tenants represented by a shield with a house, and Control risky file sharing indicated by a checkmark inside a document icon. On the right column, the labels are Remediate SaaS misconfigurations with puzzle pieces icon, Avoid data leakage shown with a document and outward arrows, and Prevent successful attacks featuring a crossed-out bug icon. Each benefit is directly aligned with the CASB's capabilities to enhance IT security and compliance management.") A CASB is a critical tool when it comes to managing and securing an organization's use of cloud services. Below are some of the primary use cases where CASBs provide the biggest benefits: * Discover and control shadow IT * Secure non-corporate SaaS tenants * Control risky file sharing * Remediate SaaS misconfigurations * Prevent data leakage * Prevent successful attacks ### Discover and control shadow IT ![Architecture diagram that illustrates the CASB use case Discover and control shadow IT and features a central blue box labeled CASB service divided into four sections: Policy, Inspection, Monitoring, and Remediation, each identified by unique icons. To the left, an icon representing a user connects to this box via a labeled line reading Internet, indicating the flow from user to cloud services. On the right, two groups of app icons demonstrate the outcomes of CASB actions: Sanctioned apps like Box and Zoom are marked as Allowed with a blue check, while Shadow IT apps, represented by Slack and Skype icons, are marked Blocked with a red cross, showcasing the CASB's role in regulating access to applications based on company policies.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/CASB-2025_7.png "Architecture diagram that illustrates the CASB use case Discover and control shadow IT and features a central blue box labeled CASB service divided into four sections: Policy, Inspection, Monitoring, and Remediation, each identified by unique icons. To the left, an icon representing a user connects to this box via a labeled line reading Internet, indicating the flow from user to cloud services. On the right, two groups of app icons demonstrate the outcomes of CASB actions: Sanctioned apps like Box and Zoom are marked as Allowed with a blue check, while Shadow IT apps, represented by Slack and Skype icons, are marked Blocked with a red cross, showcasing the CASB's role in regulating access to applications based on company policies.") Again: CASBs are instrumental in identifying and managing shadow IT. By automatically discovering these apps, CASBs help IT teams understand and secure cloud usage by applying policies that can allow, block, or restrict activities based on the organization's security protocols. This not only enhances visibility but also mitigates the risks associated with unauthorized app usage. ### Secure non-corporate SaaS tenants ![Architecture diagram depicting the CASB use case for securing and discovering non-corporate SaaS tenants; it features a central blue box labeled CASB service, subdivided into four segments: Policy, Inspection, Monitoring, and Remediation, each with a unique icon. On the left, an icon representing a user labeled User accessing file drive connects through the Internet to the CASB service, symbolizing data flow. To the right, two email icons represent different domains: one marked @corporate.com and another @personal.com, indicating the CASB's role in differentiating and managing access between corporate and personal SaaS applications.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/CASB-2025_8.png "Architecture diagram depicting the CASB use case for securing and discovering non-corporate SaaS tenants; it features a central blue box labeled CASB service, subdivided into four segments: Policy, Inspection, Monitoring, and Remediation, each with a unique icon. On the left, an icon representing a user labeled User accessing file drive connects through the Internet to the CASB service, symbolizing data flow. To the right, two email icons represent different domains: one marked @corporate.com and another @personal.com, indicating the CASB's role in differentiating and managing access between corporate and personal SaaS applications.") In environments where users may access both sanctioned and unsanctioned instances of applications like Google Drive, CASBs distinguish between these instances and apply appropriate security measures. This capability allows security teams to protect organizational data without hindering productivity. Which leads to a balanced approach to cloud application security. ### Control risky file sharing ![Architecture diagram illustrating the CASB use case for controlling risky file sharing, centered around a large blue box labeled CASB service divided into four sections: Policy, Inspection, Monitoring, and Remediation, each marked with distinct icons. To the left, an icon representing an HR database connects to the CASB service, signifying the source of data. On the right side, a series of user icons are labeled HR staff and Non-HR staff, with lines connecting to text indicating Access granted for HR staff and Access denied for Non-HR staff, visually representing the selective permission settings managed by the CASB service to control access to sensitive files.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/CASB-2025_9.png "Architecture diagram illustrating the CASB use case for controlling risky file sharing, centered around a large blue box labeled CASB service divided into four sections: Policy, Inspection, Monitoring, and Remediation, each marked with distinct icons. To the left, an icon representing an HR database connects to the CASB service, signifying the source of data. On the right side, a series of user icons are labeled HR staff and Non-HR staff, with lines connecting to text indicating Access granted for HR staff and Access denied for Non-HR staff, visually representing the selective permission settings managed by the CASB service to control access to sensitive files.") Cloud applications enable unprecedented levels of sharing and collaboration. CASBs manage this by monitoring who is sharing what within sanctioned applications and reacting to any shares that pose a risk. This particular control is crucial for preventing unauthorized access to sensitive data and for maintaining compliance with data protection regulations. ### Remediate SaaS misconfigurations ![Architecture diagram titled CASB use case: Remediate SaaS misconfigurations, illustrating the process of managing misconfigurations in SaaS applications using a CASB system. The left side shows icons for SaaS apps like Azure, Box, and Zoom, linking to the first stage labeled Configuration management. This process flows into an Identity graph facilitated by a SaaS API, which feeds into Data enrichment that supports detailed Activity monitoring. The center highlights the crucial steps of Access governance and Detection \& response, which lead to Remediation efforts and Behavior analytics. The right side connects to several data analytics services such as Cribl, Crowdstrike, Elastic, servicenow, and Splunk through a CASB API, emphasizing the integration of security and operational data to enhance SaaS application security. The diagram uses a mix of arrows and connecting lines to denote the flow of data and decision-making across different stages, structured horizontally across the image.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/CASB-2025_10.png "Architecture diagram titled CASB use case: Remediate SaaS misconfigurations, illustrating the process of managing misconfigurations in SaaS applications using a CASB system. The left side shows icons for SaaS apps like Azure, Box, and Zoom, linking to the first stage labeled Configuration management. This process flows into an Identity graph facilitated by a SaaS API, which feeds into Data enrichment that supports detailed Activity monitoring. The center highlights the crucial steps of Access governance and Detection & response, which lead to Remediation efforts and Behavior analytics. The right side connects to several data analytics services such as Cribl, Crowdstrike, Elastic, servicenow, and Splunk through a CASB API, emphasizing the integration of security and operational data to enhance SaaS application security. The diagram uses a mix of arrows and connecting lines to denote the flow of data and decision-making across different stages, structured horizontally across the image.") Misconfigurations in cloud applications can lead to significant security risks. CASBs provide continuous monitoring and automatic remediation of such misconfigurations. Which means that cloud services are not correctly configured and compliant. ### Prevent data leakage ![Architecture diagram depicting the CASB use case titled Prevent data leakage centered around a CASB service diagram in a large blue box subdivided into four sections labeled Policy, Inspection, Monitoring, and Remediation, each marked with specific icons. An envelope icon on the left signifies the data source as email, connecting to the CASB service, which oversees the security process. To the right, several icons representing 'Employee email' and 'Personal email' show lines marked 'Sent' or 'Blocked' indicating the email's status, demonstrating how the CASB manages and controls email flow to prevent unauthorized data transmission.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/CASB-2025_11.png "Architecture diagram depicting the CASB use case titled Prevent data leakage centered around a CASB service diagram in a large blue box subdivided into four sections labeled Policy, Inspection, Monitoring, and Remediation, each marked with specific icons. An envelope icon on the left signifies the data source as email, connecting to the CASB service, which oversees the security process. To the right, several icons representing 'Employee email' and 'Personal email' show lines marked 'Sent' or 'Blocked' indicating the email's status, demonstrating how the CASB manages and controls email flow to prevent unauthorized data transmission.") By integrating with cloud services, CASBs enforce DLP policies that monitor and control sensitive data patterns in the cloud. This function is essential in preventing [data breaches](https://www.paloaltonetworks.com/cyberpedia/data-breach) and adhering to compliance regulations. ### Prevent successful attacks ![Architecture diagram illustrating the CASB use case titled Prevent successful attacks featuring a central blue box representing the CASB service divided into four interconnected sections labeled Policy, Inspection, Monitoring, and Remediation, each accompanied by distinct icons. On the left, an icon represents a user connected to the Internet, linked to the CASB service, which regulates data flow. To the right, the CASB service interacts with files in two states: 'Files uploading' and 'Files at REST', indicated by arrows showing the direction of data monitoring and protection to prevent successful cyber attacks.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/CASB-2025_12.png "Architecture diagram illustrating the CASB use case titled Prevent successful attacks featuring a central blue box representing the CASB service divided into four interconnected sections labeled Policy, Inspection, Monitoring, and Remediation, each accompanied by distinct icons. On the left, an icon represents a user connected to the Internet, linked to the CASB service, which regulates data flow. To the right, the CASB service interacts with files in two states: 'Files uploading' and 'Files at REST', indicated by arrows showing the direction of data monitoring and protection to prevent successful cyber attacks.") CASBs protect against malware and other cyber threats in real time by scanning files at upload and at rest. They do this with advanced threat protection mechanisms. This includes real-time and out-of-band scanning, cloud sandboxing, and [isolating browsing sessions](https://www.paloaltonetworks.com/cyberpedia/what-is-an-enterprise-browser) from unmanaged endpoints to secure access and prevent data breaches. ## What are the different types of CASB deployment models? CASBs offer various deployment models to fit the diverse security needs and architectural preferences of organizations. Each CASB model has distinct features that cater to specific security, compliance, and performance requirements, including: * API-based CASB deployment * Proxy-based CASB deployment * Hybrid CASB deployment ### API-based deployment ![Architecture diagram depicting an API-based CASB deployment architecture diagram, centrally featuring a large teal box labeled 'CASB service', which is subdivided into four areas: Policy, Inspection, Monitoring, and Remediation. Dotted lines extend from this central CASB service box to a set of icons on the right, representing sanctioned applications such as Box, Salesforce, and Zoom, indicating API calls. To the bottom left of the CASB service, another set of dotted lines connects to a circular icon labeled 'User activity/log' symbolizing the tracking of user interactions. On the far right, an icon representing a user connected through the Internet suggests the user's access point to the cloud services and the CASB service monitoring this interaction.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/CASB-2025_13.png "Architecture diagram depicting an API-based CASB deployment architecture diagram, centrally featuring a large teal box labeled 'CASB service', which is subdivided into four areas: Policy, Inspection, Monitoring, and Remediation. Dotted lines extend from this central CASB service box to a set of icons on the right, representing sanctioned applications such as Box, Salesforce, and Zoom, indicating API calls. To the bottom left of the CASB service, another set of dotted lines connects to a circular icon labeled 'User activity/log' symbolizing the tracking of user interactions. On the far right, an icon representing a user connected through the Internet suggests the user's access point to the cloud services and the CASB service monitoring this interaction.") API-based CASBs integrate directly with cloud service providers (CSPs) using their application programming interfaces (APIs). This method allows the CASB to monitor and control interactions between users and cloud services seamlessly. It's effective for continuous monitoring and retroactive adjustments in cloud environments. Organizations tend to prefer this model for its minimal impact on user experience and its ability to enforce security policies and compliance without redirecting web traffic. However: It may not provide real-time data protection or threat mitigation. ### Proxy-based deployment ![Proxy-based CASB deployment architecture diagram, featuring a large central teal box labeled 'CASB service', divided into four sections: Policy, Inspection, Monitoring, and Remediation. To the left, an icon labeled 'Branch' connected through the Internet symbolizes a branch office's network access point. To the right, icons representing sanctioned apps such as Box and Zoom indicate the cloud services being managed by the CASB. The CASB service connects to these components, illustrating its role in mediating and securing interactions between the branch network and cloud applications.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/CASB-2025_14.png "Proxy-based CASB deployment architecture diagram, featuring a large central teal box labeled 'CASB service', divided into four sections: Policy, Inspection, Monitoring, and Remediation. To the left, an icon labeled 'Branch' connected through the Internet symbolizes a branch office's network access point. To the right, icons representing sanctioned apps such as Box and Zoom indicate the cloud services being managed by the CASB. The CASB service connects to these components, illustrating its role in mediating and securing interactions between the branch network and cloud applications.") Proxy-based CASBs route user traffic through the CASB to enforce security policies in real time. This can be set up as either a forward proxy---which directs outbound traffic from users to the cloud---or as a reverse proxy---which manages requests coming from the internet to the cloud service. This model offers immediate threat prevention and deep visibility into data in transit. On the other hand: It can introduce latency and requires significant network configuration to ensure seamless user experiences. ### Hybrid deployment ![Hybrid CASB deployment architecture diagram, centered around a large teal block labeled CASB service, segmented into four sections: Policy, Inspection, Monitoring, and Remediation. To the left, a 'Branch' icon connects through the Internet, symbolizing branch network access to the CASB service. To the right, the CASB service interfaces with sanctioned apps like Box and Zoom via API calls, indicating integration with cloud applications. Further right, a user icon linked to the Internet shows end-user interaction with the cloud services, highlighting the CASB's role in securing both direct and cloud-based interactions.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/CASB-2025_15.png "Hybrid CASB deployment architecture diagram, centered around a large teal block labeled CASB service, segmented into four sections: Policy, Inspection, Monitoring, and Remediation. To the left, a 'Branch' icon connects through the Internet, symbolizing branch network access to the CASB service. To the right, the CASB service interfaces with sanctioned apps like Box and Zoom via API calls, indicating integration with cloud applications. Further right, a user icon linked to the Internet shows end-user interaction with the cloud services, highlighting the CASB's role in securing both direct and cloud-based interactions.") The hybrid model combines API and proxy-based approaches, offering a balance of real-time data protection and post-event compliance enforcement. This model provides comprehensive security coverage. So organizations can rely on the instant control of proxy-based methods and the extensive coverage of API-based methods. Hybrid deployments are particularly valuable for organizations that require robust security without compromising on the flexibility of cloud operations or user experience. ## How to choose a CASB solution and what to look for ![Image depicting a structured guide titled How to choose a CASB solution and what to look for, presented in a chain of six interconnected orange circles. Each circle contains a step number and a brief directive accompanied by a unique icon. Step 1, labeled Evaluate compatibility \& scalability, features a connection network icon, indicating the importance of integration and growth potential in CASB solutions. Step 2, Examine comprehensive security features, shows an icon with a shield and magnifying glass, suggesting a focus on security capabilities. Step 3, Consider deployment flexibility, is represented by a cloud and gear icon, highlighting the need to assess deployment options. Step 4, Assess ease of policy enforcement, uses a gavel icon to emphasize the management of security policies. Step 5, Check for proactive compliance support, includes a checklist icon, pointing towards compliance management. Finally, Step 6, Look for advanced analytics capabilities, displays a chart icon, underscoring the value of analytics in CASB solutions.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/CASB-2025_16.png "Image depicting a structured guide titled How to choose a CASB solution and what to look for, presented in a chain of six interconnected orange circles. Each circle contains a step number and a brief directive accompanied by a unique icon. Step 1, labeled Evaluate compatibility & scalability, features a connection network icon, indicating the importance of integration and growth potential in CASB solutions. Step 2, Examine comprehensive security features, shows an icon with a shield and magnifying glass, suggesting a focus on security capabilities. Step 3, Consider deployment flexibility, is represented by a cloud and gear icon, highlighting the need to assess deployment options. Step 4, Assess ease of policy enforcement, uses a gavel icon to emphasize the management of security policies. Step 5, Check for proactive compliance support, includes a checklist icon, pointing towards compliance management. Finally, Step 6, Look for advanced analytics capabilities, displays a chart icon, underscoring the value of analytics in CASB solutions.") Choosing a cloud access security broker (CASB) solution requires evaluating its ability to secure cloud applications, enforce policies, and protect data. CASBs have evolved to address complex cloud security challenges, offering visibility, control, and threat protection across distributed environments. The right CASB should align with your organization's security priorities while ensuring consistent protection across SaaS, IaaS, and PaaS applications. Here's what you should think about when selecting a CASB for your organization: 1. **Evaluate compatibility and scalability:** Ensure the CASB can integrate seamlessly with your existing security infrastructure and scale as your organization grows. It should support your current and future cloud environments, adapting to changes in your security needs without compromising performance. 2. **Examine comprehensive security features:** A good CASB should offer robust security capabilities, including real-time threat detection, data protection, and compliance management. Look for solutions that provide detailed visibility and control over both sanctioned and unsanctioned cloud applications, ensuring comprehensive coverage. 3. **Consider deployment flexibility:** Choose a CASB that offers flexible deployment options that suit your specific operational requirements. Whether it's on-premises, cloud, or hybrid models, the right CASB should enhance your security without necessitating major changes to your existing workflows. 4. **Assess ease of policy enforcement:** The CASB you choose should facilitate straightforward policy management and enforcement. This includes automating compliance tasks and simplifying the creation and maintenance of security policies across various cloud services and applications. 5. **Check for proactive compliance support:** Select a CASB that proactively updates and manages your cloud security and compliance policies. It should keep pace with the latest regulatory changes and ensure your organization remains compliant with industry standards. 6. **Look for advanced analytics capabilities:** Opt for a CASB that offers advanced analytical tools to monitor and evaluate user behaviors and activities across cloud services. This helps in identifying potential security threats and mitigating risks before they escalate. | ***Further reading:*** * [*What Is a Next-Gen CASB? | 102 Guide*](https://www.paloaltonetworks.com/cyberpedia/next-generation-casb-redefines-saas-security) * [*Next-Gen CASB vs. Traditional CASB: What Are the Differences?*](https://www.paloaltonetworks.com/cyberpedia/what-is-the-difference-between-a-traditional-casb-and-an-next-generation-casb) ## How to implement a CASB in 6 steps Now that we've established why implementing a CASB effectively enhances your organization's cloud security posture through a structured approach, let's talk about how to do it. ![Flowchart titled How to implement a CASB in 6 steps, outlined in a vertical format with steps connected by dashed lines. Each step is numbered and accompanied by an icon that visually represents the action described. Step 1, Assess your environment and make a plan, includes a magnifying glass icon, indicating the examination phase. Step 2, Select the right CASB solution, is represented by a CASB icon. Step 3, Integrate the CASB with your cloud services \& user directories, uses a circular sync icon, suggesting integration activities. Step 4, Configure access, data sharing, DLP, and security policies, features a settings gear icon, highlighting configuration tasks. Step 5, Enable real-time monitoring and threat detection, includes a radar icon, focusing on security monitoring. Finally, Step 6, Regularly review and update policies, uses a refresh icon, indicating ongoing management and updates. The diagram is organized in a clean, straightforward layout to guide users through the CASB implementation process effectively.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/CASB-2025_17.png "Flowchart titled How to implement a CASB in 6 steps, outlined in a vertical format with steps connected by dashed lines. Each step is numbered and accompanied by an icon that visually represents the action described. Step 1, Assess your environment and make a plan, includes a magnifying glass icon, indicating the examination phase. Step 2, Select the right CASB solution, is represented by a CASB icon. Step 3, Integrate the CASB with your cloud services & user directories, uses a circular sync icon, suggesting integration activities. Step 4, Configure access, data sharing, DLP, and security policies, features a settings gear icon, highlighting configuration tasks. Step 5, Enable real-time monitoring and threat detection, includes a radar icon, focusing on security monitoring. Finally, Step 6, Regularly review and update policies, uses a refresh icon, indicating ongoing management and updates. The diagram is organized in a clean, straightforward layout to guide users through the CASB implementation process effectively.") Here's a detailed breakdown of the implementation steps involved in deploying a CASB: ### Step 1: Assess your environment and make a plan The first step is to conduct a thorough assessment of your current cloud environment: * Identify all cloud services in use * Understand the data flows * Pinpoint potential security vulnerabilities Develop a clear understanding of your security and compliance requirements, which will guide the selection and configuration of your CASB solution. ### Step 2: Select the right CASB solution Choosing the appropriate CASB solution is crucial. Evaluate different CASB offerings based on: * Compatibility with your cloud infrastructure * Security features they offer * Ease of integration with your existing IT environment Consider factors like real-time threat protection capabilities, compliance support, and the level of granularity in visibility and control. ***Tip:*** *Consider engaging with external cybersecurity consultants who specialize in cloud security to gain deeper insights into the CASB market. These experts can offer an unbiased perspective on the strengths and weaknesses of various CASB solutions, help you understand how different tools align with your specific business needs, and provide recommendations based on real-world implementations and performance outcomes.* ### Step 3: Integrate the CASB with your cloud services and user directories Integration is key to ensuring that your CASB functions seamlessly with your existing cloud applications and IT policies. This involves configuring the CASB to work with your cloud service providers and aligning it with your user authentication systems, like single sign-on (SSO) or Active Directory. Proper integration is what really enables the CASB to accurately monitor traffic and enforce security policies. ***Tip:*** *To streamline the integration process, consider using automated scripts or APIs provided by the CASB vendor. This can minimize manual configuration errors and ensure comprehensive coverage of all critical touchpoints across your cloud services and authentication frameworks, enhancing both security efficacy and operational efficiency.* ### Step 4: Configure access, data sharing, DLP, and security policies With the CASB integrated, the next step is to set up the necessary security policies. This includes configuring access controls to manage who can use cloud services and what data they can access. Implement DLP policies to protect sensitive information and configure sharing settings to prevent unauthorized data exposure. ### Step 5: Enable real-time monitoring and threat detection Activate the CASB's monitoring and threat detection capabilities to continuously oversee and protect your cloud environment. This includes setting up alerts for unusual activities and potential security breaches. Regularly review and adjust the CASB's settings based on evolving security needs and emerging threats to maintain robust cloud security. ***Tip:*** *Utilize historical data trends to set specialized alert thresholds, enhancing the accuracy of your CASB's threat detection system. By examining past security incidents and user behavior patterns, you can refine the CASB's alert settings to reduce false positives and more effectively identify genuine threats. This will improve the efficiency of your monitoring system and allow for more precise security responses tailored to the specific dynamics of your cloud environment.* ### Step 6: Regularly review and update policies Cloud environments are dynamic, with new services being adopted and existing ones being updated frequently. Regularly review your CASB settings and policies to ensure they remain effective against new threats and compliant with updated regulations. The ongoing evaluation helps in adapting to the changing cloud landscape and maintaining a strong security posture. ## What is the role of a CASB in SASE architecture? In [SASE](https://www.paloaltonetworks.com/cyberpedia/what-is-sase) architecture, a cloud access security broker is essential for extending security policies beyond the traditional perimeter to cloud applications. It ensures consistent security across both on-premises and cloud environments. The integration is critical as organizations are increasingly adopting hybrid IT infrastructures. ![Architecture diagram titled The role of CASB in SASE, using two adjacent diagrams to depict the integration and functionality differences between CASB (Cloud Access Security Broker) and SASE (Secure Access Service Edge). The left diagram illustrates the CASB ecosystem, featuring icons that represent various components like API, User, On Premises Infrastructure, and two types of deployments: 'No Agents/No Proxy' and 'Install Agents/Profiles'. These elements are interconnected with dashed lines, highlighting the CASB's flexible deployment options. The right diagram lists SASE components in a vertical column, including Cloud SWG, CASB, ZTNA/VPN, Data Protection, Browser Isolation, Decryption, FWaaS, and more, followed by an arrow pointing to a simplified representation of a SASE framework marked as SASE leading to a WAN Edge. Below the diagrams, a caption explains that in the SASE framework, CASB acts as a security checkpoint that extends security policies to cloud applications, emphasizing the strategic role of CASB within SASE for enhanced security management.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/SASE-2024-q1_17.png "Architecture diagram titled The role of CASB in SASE, using two adjacent diagrams to depict the integration and functionality differences between CASB (Cloud Access Security Broker) and SASE (Secure Access Service Edge). The left diagram illustrates the CASB ecosystem, featuring icons that represent various components like API, User, On Premises Infrastructure, and two types of deployments: 'No Agents/No Proxy' and 'Install Agents/Profiles'. These elements are interconnected with dashed lines, highlighting the CASB's flexible deployment options. The right diagram lists SASE components in a vertical column, including Cloud SWG, CASB, ZTNA/VPN, Data Protection, Browser Isolation, Decryption, FWaaS, and more, followed by an arrow pointing to a simplified representation of a SASE framework marked as SASE leading to a WAN Edge. Below the diagrams, a caption explains that in the SASE framework, CASB acts as a security checkpoint that extends security policies to cloud applications, emphasizing the strategic role of CASB within SASE for enhanced security management.") A CASB's primary function within SASE is to monitor and control access to cloud applications. It checks that only authorized users can handle sensitive data, crucial for compliance with strict regulatory standards. This role is particularly important for companies using multiple SaaS applications accessed from various, sometimes insecure, locations. As part of SASE, the CASB helps ensure cloud security is not isolated but integrated into the overall network security strategy. | ***Further reading:** [SASE vs. CASB: What Is the Difference?](https://www.paloaltonetworks.com/cyberpedia/sase-vs-casb)* ## Comparing CASBs with other security technologies *Scroll the table to read further.* | Feature | Cloud access security broker (CASB) | Security service edge (SSE) | Security information and event management (SIEM) | Data loss prevention (DLP) | |---------------------------|---------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------| | **Primary focus** | Secures cloud applications by monitoring and controlling data traffic between users and cloud services. | Provides comprehensive security features across network environments including CASB, SWG, and ZTNA within SASE. | Aggregates and analyzes security information and events across IT infrastructure. | Detects and prevents data breaches, leaks, and exposure of sensitive information. | | **Security coverage** | Targets cloud-based environments and services, managing data access and security. | Covers data security both in transit and at rest across all network environments. | Focused on monitoring and managing on-premises environments; offers broad security event logging and incident management. | Operates across network, endpoint, and storage to safeguard sensitive data wherever it is processed, stored, or transmitted. | | **Implementation area** | Cloud environments, particularly for SaaS, IaaS, and PaaS applications. | Integrated within SASE architecture to provide secure access to cloud services and network security. | On-premises environments; suitable for monitoring network hardware and applications. | On-premises and cloud environments; covers data across all domains. | | **Specific capabilities** | Data security, threat protection, compliance, and visibility within cloud applications. | Unified security management with nuanced control over cloud interactions and data protection. | Real-time analysis of security alerts, event correlation, incident management, and compliance reporting. | Ensures data protection with policies that prevent unauthorized access and data exfiltration, focusing on data at rest and in motion. | \[Comparing CASBs with other security technologies table\] ### CASB vs. SSE [Security service edge (SSE)](https://www.paloaltonetworks.com/cyberpedia/what-is-security-service-edge-sse) encompasses broader security features, including CASB, SWG, and ZTNA, within the SASE framework to enhance secure access to cloud services. ![A circular diagram centered around the concept of Security service edge (SSE) shown in bold at the center. Radiating outward from the center are four labeled circles, each representing a different component of SSE: Zero trust network access (ZTNA), Firewall as a service (FWaaS), Secure web gateway (SWG), and Cloud access security brokers (CASB). Each of these components is illustrated with a simple icon inside their respective circles: ZTNA features a cloud icon, FWaaS shows a firewall, SWG is represented by a globe with a lock, and CASB by a cloud with a lock. These elements are connected by dotted lines that suggest a relationship as part of the SSE framework.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/SSE.png "A circular diagram centered around the concept of Security service edge (SSE) shown in bold at the center. Radiating outward from the center are four labeled circles, each representing a different component of SSE: Zero trust network access (ZTNA), Firewall as a service (FWaaS), Secure web gateway (SWG), and Cloud access security brokers (CASB). Each of these components is illustrated with a simple icon inside their respective circles: ZTNA features a cloud icon, FWaaS shows a firewall, SWG is represented by a globe with a lock, and CASB by a cloud with a lock. These elements are connected by dotted lines that suggest a relationship as part of the SSE framework.") Unlike CASB, which specifically secures cloud applications by monitoring and controlling data traffic between users and cloud services, SSE provides a comprehensive suite of security capabilities designed to protect data in transit and at rest, across all network environments. The integration of CASB within SSE frameworks ensures nuanced control and visibility over cloud interactions. ### CASB vs. SIEM [Security information and event management (SIEM)](https://www.paloaltonetworks.com/cyberpedia/what-is-siem) systems aggregate and analyze activity from various resources across your IT infrastructure. ![Architecture diagram detailing the components and process of Security Information and Event Management (SIEM). On the left side, a group of icons represents various data sources: databases, endpoints, IoT devices, applications, firewalls, and printers. These icons are vertically aligned and connected by a line to a central circle labeled SIEM which symbolizes the central processing unit of the SIEM system. From this central circle, a line extends to the right side of the image leading to another set of icons that represent the processing steps within the SIEM: normalization, storage, and analytics, stacked vertically with dotted lines between them indicating the flow of data processing. Further to the right, the outcome of this process feeds into four final icons that represent the applications of SIEM data: cybersecurity, compliance, IT operations, and business analytics, arranged in a vertical line and also connected by dotted lines. Each step and application is distinctly labeled to emphasize its role within the SIEM framework.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/SaaS-2025_14.png "Architecture diagram detailing the components and process of Security Information and Event Management (SIEM). On the left side, a group of icons represents various data sources: databases, endpoints, IoT devices, applications, firewalls, and printers. These icons are vertically aligned and connected by a line to a central circle labeled SIEM which symbolizes the central processing unit of the SIEM system. From this central circle, a line extends to the right side of the image leading to another set of icons that represent the processing steps within the SIEM: normalization, storage, and analytics, stacked vertically with dotted lines between them indicating the flow of data processing. Further to the right, the outcome of this process feeds into four final icons that represent the applications of SIEM data: cybersecurity, compliance, IT operations, and business analytics, arranged in a vertical line and also connected by dotted lines. Each step and application is distinctly labeled to emphasize its role within the SIEM framework.") SIEM is used primarily for monitoring and managing on-premises environments, providing real-time analysis of security alerts generated by network hardware and applications. CASB, on the other hand, focuses specifically on cloud environments, managing and securing data access across cloud services. While SIEM provides a broad scope of security event logging and incident management, CASB offers targeted cloud application security policies and controls. ### CASB vs. DLP Data loss prevention solutions focus primarily on detecting and preventing data breaches, data leaks, and the exposure of sensitive information across the network and at rest. ![Image illustrating the five steps of data loss prevention, each represented by a numbered icon with text. Step one is discovering and identifying data, represented by a magnifying glass symbol. Step two is classifying data, represented by a file icon. Step three is continuously monitoring data, represented by a data storage symbol. Step four is taking action when violations are detected, represented by a warning triangle symbol. Step five is ongoing documentation and reporting, represented by a document icon. The icons are arranged in a linear sequence with connecting arrows.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/How-DLP-works-1.png "Image illustrating the five steps of data loss prevention, each represented by a numbered icon with text. Step one is discovering and identifying data, represented by a magnifying glass symbol. Step two is classifying data, represented by a file icon. Step three is continuously monitoring data, represented by a data storage symbol. Step four is taking action when violations are detected, represented by a warning triangle symbol. Step five is ongoing documentation and reporting, represented by a document icon. The icons are arranged in a linear sequence with connecting arrows.") CASB integrates these capabilities within cloud environments, applying DLP policies specifically to cloud-based resources and services. While traditional DLP covers data across endpoints, networks, and storage, CASB ensures these DLP controls extend into the cloud, offering specialized protections for cloud applications and storage solutions. This allows for a unified approach to data protection that spans both on-premises and cloud-based environments. ## What is the history of CASB? ![Graphic of a timeline titled The history of CASB, arranged horizontally across a light gray background. It begins with the Early 2010s on the far left, marked by an icon of a magnifying glass and a cloud, indicating the emergence of Cloud Access Security Brokers (CASBs). Moving to the right, the Mid-2010s is noted with an icon representing a gear, symbolizing technological enhancements in CASB technology, including subpoints labeled Machine learning, Anomaly detection, and Security management, each accompanied by relevant icons (a brain, an alert sign, and a shield). The timeline progresses to the Late 2010s where a gavel icon represents the influence of regulatory changes. It concludes with the Early 2020s on the far right, marked by an interconnected network icon, denoting the integration of CASB with Secure Access Service Edge (SASE). The visual elements are connected by a dotted line that guides the viewer through the progression of CASB development over the decade.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/what-is-a-casb-cloud-access-security-broker/CASB-2025_18.png "Graphic of a timeline titled The history of CASB, arranged horizontally across a light gray background. It begins with the Early 2010s on the far left, marked by an icon of a magnifying glass and a cloud, indicating the emergence of Cloud Access Security Brokers (CASBs). Moving to the right, the Mid-2010s is noted with an icon representing a gear, symbolizing technological enhancements in CASB technology, including subpoints labeled Machine learning, Anomaly detection, and Security management, each accompanied by relevant icons (a brain, an alert sign, and a shield). The timeline progresses to the Late 2010s where a gavel icon represents the influence of regulatory changes. It concludes with the Early 2020s on the far right, marked by an interconnected network icon, denoting the integration of CASB with Secure Access Service Edge (SASE). The visual elements are connected by a dotted line that guides the viewer through the progression of CASB development over the decade.") Cloud access security brokers emerged in the early 2010s. Their arrival coincided with the rapid shift of enterprise data to the cloud. Initially, CASBs were developed to manage the security challenges of SaaS applications. A CASB was focused on extending traditional security measures beyond the confines of on-premises infrastructure. As cloud adoption grew, so did the functionality of CASBs. They began incorporating advanced technologies like machine learning---an enhancement that was crucial for improving anomaly detection and managing complex security incidents more effectively. The regulatory environment also heavily influenced CASB evolution. Regulations like GDPR and HIPAA called for better data protection strategies, especially for cloud-stored information. CASBs responded by enhancing their compliance features, becoming vital for organizations to meet stringent data protection standards. Today, CASBs are integral to comprehensive security frameworks, especially with the rise of SASE. ## CASB FAQs #### What is CASB and how does it work? A cloud access security broker (CASB) is a security tool that intermediates between on-premises infrastructure and cloud services. It enforces security policies and offers visibility into cloud application usage by managing authentication, authorization, and encryption. #### What does a CASB do? CASB secures cloud environments by providing visibility, enforcing data protection policies, and detecting threats. It extends on-premises security controls to the cloud, managing and securing data access and compliance. #### What are the 4 pillars of CASB? The four pillars of CASB are visibility, compliance, data security, and threat protection. These pillars support comprehensive cloud security by offering deep insight and control over data and app usage. #### What is the difference between a firewall and CASB? Firewalls protect internal networks by controlling inbound and outbound traffic based on predetermined security rules. CASB, in contrast, specifically secures cloud resources by managing and monitoring data access and application usage across cloud environments. ### What is an example of a CASB? An example of a CASB is the Prisma Access by Palo Alto Networks. It offers a comprehensive suite of tools designed to detect and address cybersecurity threats across a wide range of cloud services, not limited to but including Microsoft and third-party applications. Prisma Access helps enforce consistent security policies and ensures secure cloud usage throughout an organization's cloud environment. #### What problem does CASB solve? CASB addresses security gaps in cloud usage by extending on-premises security measures to the cloud. It manages access, enforces data protection policies, and provides visibility into shadow IT, significantly reducing the risk of data breaches. #### What is the difference between CASB and SASE? CASB focuses on securing cloud applications, while SASE integrates broad network and security functions to deliver secure access to resources anywhere. CASB is a component of SASE, which encompasses various security services including CASB. #### Is CASB the same as SASE? No, CASB is not the same as SASE. CASB is a part of the SASE framework, which includes additional security components like SD-WAN, SWG, and ZTNA, providing comprehensive security and network management. #### What is the difference between CASB and SSO? CASB secures cloud applications by monitoring and controlling data access, while single sign-on (SSO) simplifies user authentication by using one set of login credentials across multiple applications, enhancing user convenience and security. Related Content [Blog: Contain the SaaS Explosion with a Redefined Approach to CASB See why consistent SaaS security = protected users, apps, and data.](https://www.paloaltonetworks.com/blog/network-security/contain-the-saas-explosion-with-a-redefined-approach-to-casb/) [Guide: Next-Generation CASB for Dummies® Learn what a next-gen CASB is and how it keeps SaaS apps and sensitive data secure.](https://www.paloaltonetworks.com/resources/ebooks/next-generation-casb-for-dummies?ts=markdown) [Study: Total Economic Impact™ of Prisma Access with Integrated CASB Find out how integrated CASB features lead to a 50% reduction in data breaches.](https://start.paloaltonetworks.com/tei-spotlight-prisma-access-2024.html) [Guide: SASE For Dummies - Special 2nd Edition Discover how SASE can secure your branch and hybrid workforce.](https://start.paloaltonetworks.com/sase-4-dummies-rev2.html) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20a%20CASB%20%28Cloud%20Access%20Security%20Broker%29%3F%20%7C%20101%20Guide&body=A%20CASB%20is%20a%20security%20tool%20that%20acts%20as%20an%20intermediary%20between%20an%20organization%27s%20on-premises%20infrastructure%20and%20cloud%20service%20providers.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-a-casb-cloud-access-security-broker) Back to Top {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2025 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language