Extending Our SASE Leadership with Next-Gen CASB Innovations

Aug 31, 2022
6 minutes

This post is also available in: 日本語 (Japanese)

Next-Gen CASB gains SaaS Security Posture Management (SSPM). Additional Prisma SASE innovations include ML-powered security service enhancements, AIOps for SASE and new SD-WAN appliances.

Following the unprecedented increase in remote work over the last two years, organizations are turning their attention to the next seismic shift in the workplace – hybrid work. The transition from the relatively static environment of remote work to truly dynamic hybrid work presents a unique opportunity for IT leaders to modernize networks and improve security postures.

Palo Alto Networks developed Prisma SASE to help enterprises securely transform their networks and adapt to the new realities of cloud and hybrid work. The industry’s most complete SASE solution, Prisma SASE, converges network security, SD-WAN, and Autonomous Digital Experience Management into a single cloud-delivered service without compromises.

The pace of the transition to SASE has exceeded even the wildest projections, and the trend is only accelerating. According to Gartner, "By 2025, 80% of enterprises will have adopted a strategy to unify web, cloud services and private application access using a SASE/SSE architecture, up from 20% in 2021."[1]

Today, Palo Alto Networks is excited to introduce key Prisma SASE innovations that raise the bar for how organizations can securely enable hybrid work and SaaS adoption. Innovations, such as integrated SaaS Security Posture Management (SSPM), new ML-powered security services, AIOps for SASE and new SD-WAN appliances, drive the industry forward while improving security, user experience and operations for our customers.

Palo Alto Networks Next-Gen CASB to Secure the Most SaaS Apps with SSPM

Last year, we introduced Next-Generation CASB seamlessly integrated with Prisma Access to overcome the limitations of legacy CASBs. Using machine learning to automatically discover and secure all applications, it accurately protects sensitive data in real-time (including confidential conversations through modern collaboration apps, using an enterprise-grade DLP), and stops all known and unknown threats with comprehensive security.

Today, we’re making Next-Gen CASB even better with integrated SSPM. SSPM allows administrators to easily view and configure security settings for multiple SaaS apps in one place, helping make their SaaS apps both compliant and secure. In addition, users can remediate misconfigurations with a single click and prevent configuration drift by locking critical security settings in place, which reduces remediation time by up to 90%. Unlike other CASB offerings that focus on compliance checks, Next-Gen CASB will secure the posture of up to 20x more SaaS applications than any other solution.

Enhancing the ZTNA 2.0 Security Capabilities of Prisma SASE with Inline Deep Learning

Millions of new cyber threats emerge every year, with organizations constantly racing to prevent them. Leveraging cloud-scale resources, automation and other techniques, adversaries of all kinds are able to adapt and spread advanced attacks more quickly than ever. Unfortunately, every organization must now assume it will be the target of a sophisticated attack.

In response, Palo Alto Networks has developed new inline deep learning capabilities that shrink the time required to detect and stop unknown threats to near zero seconds. Leveraging intelligence from our Wildfire and Advanced URL Filtering services, we’ve created accurate and efficient ML models to stop zero-day threats with inline deep learning for Advanced Threat Protection, Advanced URL Filtering, and DNS Security. The result is that Prisma SASE can now prevent up to 95% of never-before-seen malware.

Reduce Trouble Tickets and Strengthen Security Posture with AIOps for SASE

Many IT teams spend an excessive amount of time manually managing network services, security policies and applications. The lack of context from siloed tools makes troubleshooting, fixing and validating connectivity and performance issues challenging. This can often be a critical vulnerability, limiting insight and visibility into network security misconfigurations, leading to massive security gaps, as well as manual and reactive network security operations.

Palo Alto Networks is introducing AIOps for SASE, delivering proactive and actionable insights for your networks, security posture and applications. With AIOps for SASE, organizations gain automated root cause analysis, rapid problem remediation and guided best practice adoption, allowing them to reduce trouble tickets by up to 99%. Predictive analytics enable more efficient capacity planning and anomaly detection, preventing business disruptions. Formal verification can automate policy reasoning, ensuring continuous compliance and audit readiness. A query-based interface empowers the IT service desk with automated contextual troubleshooting and change analysis.

Simplify Branch Operations with New Prisma SD-WAN Appliances

Organizations with smaller or remote branches often struggle with configuring and managing additional switching appliances and power sources to connect local area network devices, such as IP phones and cameras, point of sales (POS) devices, wireless access points and ATM machines. Additionally, the lack of visibility into the LAN appliance connectivity and performance is of concern when troubleshooting outages and user experience issues.

Today, we’re introducing new Prisma SD-WAN appliances, the ION 1200-S and ION 3200, to help organizations modernize their small to midsize branches. With a fully integrated switch and power over ethernet (POE++) ports, the new appliances can easily connect and power endpoints within the local area network. Additionally, integrated WAN capabilities, like 5G and LTE on the ION 1200-S, and the flexibility to choose copper or fiber connectivity on both of these appliances allow customers to improve WAN availability, performance and speed. These new appliances can significantly help reduce operational complexity by eliminating multiple point products, while providing power redundancy with a built-in dual power supply that ensures network uptime and consistent connectivity.

Image of Palo Alto Network's Prisma SD-WAN appliance, ION 1200-S.
ION 1200-S - Small Branch Office Appliance with switching, POE++ and integrated 5G and LTE.
Image of Palo Alto Network's Prisma SD-WAN appliance, ION 3200.
ION 3200 - Midsize Branches to Small Datacenters with switching and POE++ capabilities.

Prisma SASE Powers the Secure, Connected Hybrid Workforce

In May, we called upon the industry to adopt ZTNA 2.0 as the framework required for securing the hybrid workforce. With today’s announcement, we are taking Prisma SASE to new heights to deliver superior security and exceptional user experience, along with simplified operations the modern enterprise needs to thrive.

On Sept. 13 and 14, you’ll have the opportunity to hear from the innovators who are building and implementing the latest SASE technologies. Join me as I speak with Nir Zuk, founder and CTO of Palo Alto Networks, about the need for ZTNA 2.0 and how we implement it with Prisma Access. Following my session, Chief Product Officer Lee Klarich will dive deep into the details of our new product announcements. Experience the SASE-first, cloud-delivered future of cybersecurity at SASE Converge 2022!


GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

  1. Gartner, 2022 Strategic Roadmap for SASE Convergence, Neil MacDonald, Andrew Lerner and John Watts, June 24, 2022.

Subscribe to the Newsletter!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.