Secure the business-critical data within your SaaS applications

Sanctioned isn’t the same as secure

Fill the SaaS security gaps that put your data at risk

The appeal of SaaS applications, such as Office 365®, G Suite™, Box and Salesforce®, is growing, but so are the hidden threats in SaaS offerings: costly data leaks, regulatory noncompliance, malware propagation and so on. Aperture™ SaaS security service complements your existing security tools and delivers data classification, data leakage prevention and threat detection – so you can secure your SaaS applications.

Interested in learning more about SaaS Security?

Tune in to our educational SaaS podcast series.


Safely enabling SaaS adoption

Risk discovery and deep visibility

Aperture provides complete visibility across all user, folder and file activity, generating detailed analysis that helps you transition from a position of speculation to one of full awareness at any given point in time. Deep analytics into day-to-day usage allow you to quickly determine if there are any data risk- or compliance-related policy violations.

Data leak prevention and compliance

Define granular, context-aware policy control to drive enforcement as well as quarantine users and data as soon as violations occur. This enables you to quickly and easily satisfy data risk compliance requirements, such as those related to PCI, PII or PHI data, while still maintaining the benefits of cloud-based applications. Aperture can connect directly to enterprise SaaS applications to provide:

  • Data classification and monitoring
  • Data loss prevention, or DLP, capabilities
  • User activity tracking for anomalies
  • Known and unknown malware prevention
  • Detailed risk and usage reporting
Read the white paper

Advanced threat prevention

WildFire® malware prevention service, integrated with Aperture, provides advanced threat prevention to block known malware and identify and block unknown malware. You can keep threats from spreading through the sanctioned SaaS applications, preventing a new insertion point for malware. New malware discovered by Aperture is shared with the rest of the Security Operating Platform, strengthening your overall security posture.

Simple to deploy

Aperture is a cloud-delivered service, without the need for any proxies or agents. Because Aperture communicates directly with SaaS applications, it will look at data from any source, regardless of the device or location from which the data originates. Because Aperture isn’t inline, it doesn’t impact latency or bandwidth of applications, and it doesn’t affect the end-user experience.

Multimode CASB capabilities, cloud-delivered

The Palo Alto Networks Security Operating Platform offers inline and API-based protection technologies that work together to minimize the wide range of cloud risks that can cause breaches. With a fully cloud-delivered approach to a cloud access security broker, or CASB, you can secure your SaaS applications using:

INLINE – an approach with Palo Alto Networks GlobalProtect cloud service to secure inline traffic with deep application visibility, segmentation, secure access and threat prevention. This approach combines user, content and application inspection features within the security service to enable CASB functions.

API-BASED – an approach with Aperture SaaS security service to connect directly to SaaS applications for data classification, DLP and threat detection. Aperture takes an out-of-band API-based approach that enables granular inspection of all data at rest in the cloud application as well as ongoing monitoring of user activity and administrative configurations.

Experience Aperture

Watch a quick demo of Aperture’s SaaS security capabilities, including:

  • Connecting cloud apps to Aperture
  • Creating granular policies
  • Remediating risks automatically
  • Preventing malware with WildFire

Featured Applications and Services

Related Products

GlobalProtect Cloud Service

Our next-generation firewall security delivered from the cloud globally in an operationally efficient manner.

Learn more


WildFire malware prevention service is the industry’s most advanced analysis and prevention engine for highly evasive zero-day exploits and malware.

Learn more