Aperture - Securing SaaS Applications - Palo Alto Networks

Bridge the SaaS security gap

Use of SaaS applications is exploding because software as a service is so easy. But, because of that simplicity, the security risks of SaaS are also on the rise. The use of unsanctioned SaaS apps can expose sensitive data and propagate malware – and even sanctioned SaaS adoption can increase the risk of data exposure, breaches and noncompliance.

By offering advanced data protection and consistency across clouds, Palo Alto Networks reins in the risks. Our products address your cloud access security broker needs and provide advanced capabilities in risk discovery, data loss prevention, user behavior monitoring and advanced threat protection. Now you can maintain compliance while preventing data leaks and business disruption through a fully cloud-delivered CASB deployment.

Safely enabling SaaS adoption

Risk discovery and deep visibility

Palo Alto Networks provides unparalleled visibility and precise control of all applications, including SaaS as one of the many application categories supported through an extensive library of application signatures. Easy-to-navigate SaaS usage dashboards and detailed reporting help rein in shadow IT risk and get you started on your journey to securing SaaS applications. In addition, discover risks at a much deeper level with an API-based approach that provides complete visibility across all user, folder and file activity, generating detailed analysis that helps you quickly determine if there are any data risk- or compliance-related policy violations.

Data leak prevention and compliance

Define granular, context-aware policy control to drive enforcement as well as quarantine users and data as soon as violations occur. This enables you to quickly and easily satisfy data risk compliance requirements, such as those related to PCI, PII or PHI data, while still maintaining the benefits of cloud-based applications. Aperture can connect directly to enterprise SaaS applications to provide:

Data classification and monitoring
Data loss prevention, or DLP, capabilities
User activity tracking for anomalies
Known and unknown malware prevention
Detailed risk and usage reporting

User behavior monitoring

Heuristic-based user behavior monitoring and alerting enables you to easily identify suspicious behavior, such as logins from unexpected regions, unusually large usage activity or multiple failed login attempts, indicative of credential theft.

Advanced threat prevention

WildFire^® malware prevention service, integrated across the platform, provides advanced threat prevention to block known malware and identify and block unknown malware. You can keep threats from spreading through the SaaS applications, preventing a new insertion point for malware. New malware discovered is automatically shared with the broader enterprise security tools, strengthening your overall security posture.

Multimode CASB capabilities, cloud-delivered

Palo Alto Networks offers inline and API-based protection technologies that work together to minimize the wide range of cloud risks that can cause breaches. With a fully cloud-delivered approach to a cloud access security broker, you can secure your SaaS applications using:

INLINE – An approach with Palo Alto Networks GlobalProtect™ cloud service to secure inline traffic with deep application visibility, segmentation, secure access and threat prevention. This approach combines user, content and application inspection features within the security service to enable CASB functions.

API-BASED – An approach with Aperture SaaS security service to connect directly to SaaS applications for data classification, DLP and threat detection. Aperture takes an out-of-band, API-based approach that enables granular inspection of all data at rest in the cloud application as well as ongoing monitoring of user activity and administrative configurations.