Prisma Access on the New Strata Cloud Manager Platform

• What to expect when Prisma Access is updated to give you the new management experience
• Where are my Prisma Access features in Strata Cloud Manager?
• Prisma Access visibility and monitoringwith Strata Cloud Manager

• Shared policy for SASE and your NGFWs, and a unified view into security effectiveness.
• AI-Powered ADEM for Prisma SASE; this new Prisma Access add-on license automates complex IT operations, to increase productivity and reduce time to resolution for issues.
• Best practice recommendations and workflows to strengthen security posture and eliminate risk.
• A common alerting framework that identifies network disruptions, so you can maintain optimal health and performance.
• Enhanced user experience, with contextual and interactive use-case driven dashboards and license-aware data enrichment.

• Get started with Strata Cloud Manager
• What to expect when moving to Strata Cloud Manager
• What products are supported with Strata Cloud Manager?
• Take a first look at Strata Cloud Manager

High-Bandwidth Private App Access with Colo-Connect

Does your organization require high-bandwidth (more than 10 Gbps) access between its network infrastructure and Prisma Access at multiple locations as part of your hybrid multicloud strategy? Perhaps you’ve thought about aggregating multiple service connections to achieve high bandwidth, but you’re concerned about scalability. If so, Colo-Connect has you covered.

Today, large enterprises are building Colo-based performance hubs to reach private applications in hybrid, multicloud architectures because of the high-bandwidth and low-latency requirements. Typically, these hubs include interconnects to one or more cloud providers and connections to the on-premises data centers over a private or leased WAN. Performance hubs can route traffic between the public cloud and on-premises infrastructure at high speed, and are resilient because of the underlying interconnect infrastructure.

Colo-Connect builds on the Colo-based performance hub concept, offering high-bandwidth (10-20 Gbps) low-latency connections, seamless Layer 2/3 connectivity to Prisma Access from existing performance hubs. The following figure shows Prisma Access being onboarded in a GCP instance using service connections and cloud interconnects. This setup limits exposure to the internet and allows the use of private connections for private application connectivity.

Colo-Connect allows you to use Prisma Access to secure private apps using a cloud interconnect that can provide high-bandwidth service connections using the following capabilities:

• High bandwidth (up to 20-Gbps) throughput per region for private application access
• Support for Dedicated and Partner interconnects using Google Cloud Platform (GCP)
• Support for multiple VLAN attachments (up to 20) per interconnect link
• Redundant connectivity support per region

Third-Party Device-ID

You can use the Cloud Identity Engine along with Prisma Access to apply information from third-party IoT detection sources to simplify the task of identifying and closing security gaps for devices in your network. After you set up Third-Party Device-ID in the Cloud Identity Engine using an API, you can set up a device object and a security policy rule in Prisma Access to obtain and use information from third-party IoT visibility solutions through the Cloud Identity Engine for device visibility and control.

In the following figure, the Third-Party Device-ID service receives the device information from the third-party IoT solutions, which it then transmits as IP address-to-device mappings to the Cloud Identity Engine and the Prisma Access Security Processing Nodes (SPNs).

Traffic Replication and PCAP Support

Prisma Access secures your traffic in real time based on traffic inspection, threat analysis, and security policies. While you can view Prisma Access logs to view security events, your organization might have a requirement to save packet capture (PCAP) files for forensic and analytical purposes, for example:

• You need to examine your traffic using industry-specific or privately-developed monitoring and threat tools in your organization and those tools require PCAPs for additional content inspection, threat monitoring, and troubleshooting.
• After an intrusion attempt or the detection of a new zero-day threat, you need to preserve and collect PCAPs for forensic analysis both before and after the attempt. After you analyze the PCAPs and determine the root cause of the intrusion event, you could then create a new policy or implement a new security posture.
• Your organization needs to download and archive PCAPs for a specific period of time and retrieve as needed for legal or compliance requirements.
• Your organization requires PCAPs for network-level troubleshooting (for example, your networking team requires data at a packet level to debug application performance or other network issues).

To accomplish these objectives, you can enable traffic replication which uses the Prisma Access cloud to replicate traffic and encrypt PCAP files using your organization's encryption certificates. To store the PCAP files, you create a GCP service account, which Prisma Access uses as the storage location of the PCAP files.

Service Provider Backbone Integration

Integrate Prisma Access with a service provider (SP) backbone, which allows you (the SP) to assign specific region and egress internet capabilities to your tenants, providing more granular control over the Prisma Access egress traffic. Without the SP Backbone feature, Prisma Access egress traffic uses public cloud providers for network backbone instead.

The following diagram represents Prisma Access egress traffic without SP Backbone integration.

The following diagram represents Prisma Access egress traffic with SP Backbone integration.

Transparent SafeSearch Support

Private IP Visibility and Enforcement for Explicit Proxy Traffic Originating from Remote Networks

New and Remapped Prisma Access Locations and Compute Locations