Let’s start with a quick reminder of what SASE stands for, its key benefits, characteristics, and its essential components.

Secure Access Service Edge (SASE) is a cloud-native approach that integrates data transport and security into a single, managed solution, ensuring secure access to applications and data from any location.

Key Characteristics of SASE:

• Cloud-native delivery: Utilizes multiple points of presence to minimize latency and comply with regional regulations.
• Converged WAN and security: Offers integrated services with unified visibility for all locations, users, and the cloud.
• Broad network-edge support: Goes beyond traditional hardware by providing agent-based, cloud-managed access.
• Identity-based policies: Enforces real-time access control using factors like device type, location, and posture.

Essential Components of SASE:

1. Cloud Secure Web Gateway (SWG): Secures web traffic through URL filtering, application control, and threat detection.
2. Firewall as a Service (FWaaS): Delivers advanced cloud-native firewall capabilities, including Layer 7 inspection and threat prevention.
3. Cloud Access Security Broker (CASB): Monitors SaaS usage, detects malware, and controls sensitive data in SaaS environments.
4. Software-defined WAN (SD-WAN): Provides a secure, flexible overlay network for site-to-site connectivity.

Benefits of SASE:

• Enhanced operational efficiency through tight integration of features and services.
• Reduced vendor and system complexity.
• Eliminated bottlenecks, improving performance and security.

By unifying security and networking in a cohesive, cloud-based solution, SASE helps organizations streamline management and ensure secure, efficient access for all users.

The Palo Alto Networks SASE Solution brings together all essential SASE components into a unified platform, leveraging Prisma Access and Prisma SD-WAN for comprehensive security and connectivity. Prisma Access secures mobile users, remote sites, and retail locations globally, with more than 100 enforcement points worldwide, ensuring low-latency protection close to users. Prisma SD-WAN provides secure and fully orchestrated WAN transport between offices, on-premises data centers, cloud-based data centers, and SaaS applications, seamlessly connecting to Prisma Access for end-to-end security.

With Prisma SASE 3.0, Palo Alto Networks enhances the SASE framework by offering robust security, visibility, and control for any device and application. Key innovations include the Prisma Access Browser for secure application access via browsers, AI-powered data security for advanced data visibility and protection, and App Acceleration to ensure optimal application performance across both managed and unmanaged devices.

Additionally, the solution features unified management, streamlining operations and integration for organizations. By delivering uncompromised performance and security, Prisma SASE 3.0 provides a seamless and efficient approach to securing modern, distributed networks.

Zero Trust Network Access 2.0

The Palo Alto Networks SASE solution enables a ZTNA 2.0-compliant network, enhancing Zero Trust principles with advanced capabilities for comprehensive application and data security.

Key features include:

• Least-privileged access: Grants users only the minimum access required for their tasks by identifying applications at Layer 7 for granular app and sub-app control, independent of IP and port numbers.
• Continuous trust verification: Reassesses trust dynamically based on changes in device posture, user behavior, and app behavior.
• Continuous security inspection: Performs deep, ongoing traffic inspection, even for allowed connections, to prevent threats, including zero-day attacks.
• Protection for all data: Ensures consistent data-loss prevention (DLP) across private and SaaS applications using a unified policy.
• Security for all apps: Safeguards modern cloud-native apps, legacy private apps, SaaS apps, and those using dynamic ports or server-initiated connections.

The solution uses:

• App-ID™, User-ID™, and Device-ID™: To enable rich context-aware, granular access control for least-privileged access.
• Continuous monitoring tools: Such as WildFire®, advanced URL security, SaaS security, and AI/ML-powered threat prevention to protect against known and unknown threats through deep traffic inspection.

These capabilities ensure dynamic protection, smarter security decisions, and rapid adaptation to changes, maintaining a resilient Zero Trust architecture.

Prisma Access

Prisma Access, powered by PAN-OS®, is a cloud-based service from Palo Alto Networks that provides secure access to internet, SaaS, corporate data centers, and public cloud applications. It supports both managed and unmanaged devices, delivering a comprehensive SASE solution with integrated security and connectivity.

Prisma Access inspects all traffic, including non-web protocols, to identify applications, threats, and content. Features like DNS security block malicious payloads hidden in DNS transactions, while unknown files are scanned by WildFire®, the industry’s largest sandbox utility for threat detection. Its cloud-native architecture eliminates challenges like firewall sizing and coverage gaps, scaling elastically to meet shifting demands.

Prisma Access Options

1. Prisma Access for Users

Prisma Access for users provides cloud-delivered security services, including App-ID, URL filtering, DLP, and threat prevention, as an alternative to traditional on-premises deployments. This option is ideal for both global deployments and hybrid setups.

• Access Methods for Managed Devices:
  • GlobalProtect: Extends visibility and control over all traffic, enabling secure access to internet and data center applications.
  • Explicit Proxy: Supports secure web gateway (SWG) access to SaaS applications via HTTP and HTTPS.
• For Unmanaged Devices: Clientless VPN provides secure access to on-premises applications without requiring endpoint installation.

By integrating support for web and non-web traffic, Prisma Access aligns with the SASE framework for comprehensive protection.

2. Prisma Access for Networks

This option secures remote networks with services like App-ID, URL filtering, and threat prevention, enabling safe access to commonly used applications and web resources. Remote sites connect to Prisma Access using Prisma SD-WAN or an IPSec VPN-capable device.

Direct internet access is provided through Prisma Access, eliminating the need to backhaul traffic to a central site, making it suitable for remote sites with one or more WAN links.

Prisma Access offers a unified, scalable solution to secure users, devices, and applications, providing flexibility and operational efficiency for distributed organizations.

Prisma SD-WAN

Prisma SD-WAN simplifies deployment and management of wide-area networks by combining next-generation software-defined networking with cloud orchestration. Its cloud controller automatically establishes secure, encrypted connections between remote offices, on-premises data centers, public clouds, and SaaS applications.

At its core, Prisma SD-WAN uses built-in Layer 7 intelligence to enable application-aware networking, traffic steering, and security policies. It also measures traditional metrics such as jitter, latency, and packet loss. The system provides complete visibility into application health across locations, along with granular, application-driven analytics for monitoring and troubleshooting.

The service is powered by Prisma SD-WAN Instant-On Network (ION) devices, which are available as hardware or virtual appliances. These devices:

• Enforce policies based on business intent.
• Enable dynamic path selection for optimal application performance.
• Provide visibility into application and network performance.
• Support zero-touch provisioning, authenticating automatically to the cloud portal for seamless deployment.

Once deployed, ION devices establish VPN connections across all internet circuits and private WAN links with a shared service provider. Organizations can define application-specific policies for performance, security, and compliance. Using real-time analytics and business intent policies, the ION devices automatically select the best WAN path, ensuring optimal application performance and network efficiency.

When Prisma SD-WAN remote sites need secure internet access, Prisma Access provides consistent, cloud-based protection. Prisma SD-WAN automates connectivity to Prisma Access using its simple onboarding process.

With application-aware policies, Prisma SD-WAN routes external traffic to Prisma Access, where it undergoes inspection, threat detection, and enforcement of security policies, ensuring comprehensive security across the organization.