Palo Alto Networks Introduces SaaS Security With Integrated CASB

Many organizations are embracing the convenience of the cloud. At Palo Alto Networks, we are leading the charge for application security and continuing to solve the greatest security challenges that your cloud-centric organization faces today with software as a service (SaaS).

Today, we are thrilled to announce the launch of SaaS Security by Palo Alto Networks – our integrated CASB that lets you automatically keep pace with the explosive growth of SaaS applications in your enterprise environment. This new CASB approach helps your IT security teams see and secure new SaaS applications, protect your sensitive data and prevent zero-day threats, without deployment complexity or additional infrastructure. And, as the business decision maker, you get to enjoy the fastest time to value by choosing to secure your SaaS ecosystem using our comprehensive cloud-delivered service.

Why Current Approaches Fall Short

Existing cloud access security brokers (CASBs) are restrictive because of various architectural and operational limitations.

• Signature-Based Discovery: Legacy solutions do not adopt new applications quickly as they rely on static application libraries that are manually populated only after end-user notifications or a catalyst event, which is often too late.
• Siloed Features and Operations: Data loss prevention (DLP) features are basic and confined to cloud environments only. They fail to span the entire enterprise, public cloud infrastructures, on-premises networks or remote locations. This piecemeal approach forces security teams to manage multiple data protection products, disparate compliance policies, and handle multiple time-consuming false-positive triages.
• Poor Security: Detection capabilities of current solutions are generally untested and are not designed to protect against the endless variants of threats that constantly keep coming into play across cloud environments. Adversaries who are determined to evade security systems always use the least point of resistance to gain a foothold in your network.
• Require Dedicated Resources: Current approaches are also standalone, making them disjointed from your organization's security infrastructure. Moreover, designed with a proxy-based inline approach, they add unnecessary layers of brokerage, requiring complicated traffic redirection, log collectors and proxy auto-config (PAC) agents.

Difficult to deploy, difficult to manage and solving only part of the problem, any current approach your team uses today puts it further away from achieving holistic security that should not hinge on a patchwork of assorted tools and technologies.

Case in point – containing the SaaS chaos needn't be so clunky.

What Is Needed in a CASB Today

In the post-pandemic world, where a universally remote workforce and its reliance on the cloud is now the norm, enterprise security teams are contending with multiple issues:

• Monitoring employees’ use of the explosive number of SaaS applications that keep becoming available and adopted.
• Protecting the transfer of credentials and sensitive data to these sanctioned and unsanctioned apps to keep corporate and employee data safe.
• Maintaining compliance across multiple cloud environments.
• Blocking ever-evolving threats, ensuring prevention and user experience is consistent to minimize risk of data and time loss.
• Complex deployments, multiple tools, management consoles and disjointed protection policies.

To safely embrace the cloud, companies need a single, consistent way to protect their users, applications and data across every corporate environment. This is why Palo Alto Networks decided to step in.

SaaS Security – an Integrated CASB

Palo Alto Networks SaaS Security takes on the burden of keeping up with the SaaS explosion, automating discovery and protection while being embedded into existing workflows. This leads to a whole new level of ease, simplicity and efficiency for the CASB market.

Product Highlights

Ready to go over the product highlights? Let’s begin!

Automatically Discover and Control New SaaS Apps

Our patented cloud App-ID technology leverages the power of our Palo Alto Networks global community to identify new SaaS applications, ensuring applications are discovered automatically as they become popular. SaaS Security delivers granular visibility and control of SaaS applications, their usage within your organization and their risks. A full and complete view into shadow IT risks enables security teams to intelligently keep up with their growth and prevent unsanctioned apps from becoming another conduit of data loss.

Use Enterprise Data Loss Prevention Across All SaaS Apps

The industry’s most comprehensive cloud-delivered enterprise DLP provides data protection and compliance controls consistently across all SaaS applications (both in-line and at-rest via out-of-band APIs), and comprehensively throughout the rest of the enterprise, across clouds, on-premises networks – basically wherever your users and data reside. Its cloud-delivered centralized architecture and management ensures updates are applied the instant they are released, reassuring you of accurate detection and consistent policy for sensitive data everywhere.

Prevent Threats With Zero Delay

Our best-in-class security services and industry-first inline ML models stop known and unknown threats instantly. Aided by the intelligent network effect of over 35,000 global customers to deliver evasion-resistant signatures within seconds of discovery, SaaS Security helps prevent all threats, including zero-days, in realtime, without needing third-party security tools.

Help Maintain Compliance

Through out-of-the-box compliance reports and by protecting SaaS apps consistently by applying Enterprise DLP, ML-powered threat prevention, and ongoing monitoring of user activity and administrative configurations, SaaS Security helps you maintain necessary compliance with regulations such as PCI DSS, HIPAA and GDPR.

Benefit From Integrated Architecture

Using cloud native implementation, our SaaS Security natively integrates with your network security infrastructure, forming an integral part of your Next-Generation Firewall and comprehensive SASE platform. Designed to see and protect all applications in use, both web and non-web, it offers enterprise data protection across all applications, networks, data and workloads as well as all users working from any location.

Get Fastest Time to Value and Lowest TCO

Compared to proxy-based CASB, our integrated CASB’s lean architecture eliminates man-in-the-middle components, ensuring five times faster time to value because it can be up and running on our Next-Generation Firewall and SASE platforms within minutes. And what are the perks you get to enjoy from our integrated CASB? Highest operational efficiency, up to 50% lower total cost of ownership (TCO) and a 247% jump in ROI, according to the Total Economic Impact study from Forrester Consulting.

SaaS Security by Palo Alto Networks is our answer to the enterprise market’s need for a disruptively simplistic approach to legacy CASB. Our research shows taking this kind of a comprehensive yet uncomplicated approach results in a 45% reduction in breaches over three years.

As your organization wrangles with its explosive SaaS adoption journey, consider our SaaS Security. It will provide holistic defense to your entire enterprise from a unified cloud-delivered console that helps you safely adopt SaaS apps, protect data and prevent threats. For more information, download our “Navigating the SaaS Security Jungle” ebook and register for our online event.

For more information on selected citations, please see “The Total Economic Impact™ of Palo Alto Networks for Network Security and SD-WAN,” Forrester, February 2021.