Palo Alto Networks bulks-up its SASE portfolio

Palo Alto Networks is reinforcing the security and operational features of its Prisma secure-access service edge (SASE) package.

New features include the ability to adjust security settings for multiple software-as-a-service-based apps, new security capabilities, and AIOPs support. In addition the company is expanding its family of Ion SD-WAN security devices to provide additional configuration options.

Palo Alto introduced Prisma SASE last fall to bring together the company’s Prisma Access package of cloud-based, next-generation security gateways with its Prisma SD-WAN technology it got when it bought CloudGenix for $420 million in 2020.

Prisma SASE integrates zero-trust network access, advanced threat protection, and user-behavior monitoring. It also includes a secure web gateway, a cloud-access security broker (CASB), firewall-as-a-service (FWaaS), and SD-WAN technology.

Prisma SASE also supports Palo Alto’s Autonomous Digital Experience Management (ADEM) monitoring and management platform that gives visibility into endpoints, WAN links, cloud resources, applications, and traffic levels to help troubleshoot performance issues. It can provide end-to-end visibility from a single management console without  additional agents or appliances.

More security features

New Prisma SASE features include the ability to control and monitor the security of SaaS applications by adding SaaS Security Posture Management (SSPM) to its CASB agent to spot cloud security issues such as system misconfigurations, unnecessary user accounts, excessive user permissions, and compliance risks. The idea is to provide a dashboard to more quickly fix problems and lock critical security settings in place.

Prisma SASE upgrades also aim to improve its ability to learn threat patterns and to detect and stop unknown threats more quickly.

“Leveraging intelligence from our Wildfire and Advanced URL Filtering services, we’ve created accurate and efficient ML models to stop zero-day threats with inline deep learning for Advanced Threat Protection, Advanced URL Filtering, and DNS Security,” wrote Kumar Ramachandran, senior vice president of Palo Alto in a blog about the new features. “The result is that Prisma SASE can now prevent up to 95% of never-before-seen malware.”

The vendor also added AIOps for SASE, to help automate the gathering of root-cause analysis information to speed remediation of problems and to reduce trouble tickets.

“Predictive analytics enable more efficient capacity planning and anomaly detection, preventing business disruptions,” Ramachandran wrote. “Formal verification can automate policy reasoning, ensuring continuous compliance and audit readiness. A query-based interface empowers the IT service desk with automated contextual troubleshooting and change analysis” he stated.

New branch-office hardware

In addition to the software upgrades, Palo expanded it’s Ion family of hardware appliances to include two new branch-office devices, the ION 1200-S for small branches and ION 3200 mid-size offices. Both support WAN connectivity options including 5G and LTE. 

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.