https://live.paloaltonetworks.com/t5/prisma-access-discussions/prisma-access-questions-on-the-limits-of-threat-detection-and/m-p/571093#M646 <P>Hello everyone!</P> <P><BR />After exploring the PRISMA ACCESS demo available here : [demo link] (<A href="https://www.paloaltonetworks.com/partners/nextwave-partner-portal/help-me-learn/demo-systems/prisma-access" target="_blank">https://www.paloaltonetworks.com/partners/nextwave-partner-portal/help-me-learn/demo-systems/prisma-access</A>)</P> <P>&nbsp;</P> <P>I have a question for you: If I use Prisma Access as a stand-alone solution without integrating it with Cortex XDR, how far can it go in terms of threat detection and vulnerability analysis?</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Also, regarding ZTNA 2.0, I've heard that it can provide continuous compliance monitoring through host-based policies.</P> <P>- But how far can it push these policies?</P> <P>- Can it detect misconfigured or disabled settings on the endpoint?</P> <P>- And how far can it restrict a non-compliant host?</P> <P>- For example, if the antivirus is disabled, I know it can be considered non-compliant and cause pings to be blocked to the host, but what other type of policy can be put in place, with concrete examples?</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>I'm open to all kinds of feedback and would appreciate any views or experiences you could share on these topics! Feel free to add your observations and suggestions. Thanks in advance for your contribution!</P> Thu, 28 Dec 2023 08:28:01 GMT bastien.guidone 2023-12-28T08:28:01Z https://live.paloaltonetworks.com/t5/prisma-access-discussions/prisma-access-questions-on-the-limits-of-threat-detection-and/m-p/571093#M646 <P>Hello everyone!</P> <P><BR />After exploring the PRISMA ACCESS demo available here : [demo link] (<A href="https://www.paloaltonetworks.com/partners/nextwave-partner-portal/help-me-learn/demo-systems/prisma-access" target="_blank">https://www.paloaltonetworks.com/partners/nextwave-partner-portal/help-me-learn/demo-systems/prisma-access</A>)</P> <P>&nbsp;</P> <P>I have a question for you: If I use Prisma Access as a stand-alone solution without integrating it with Cortex XDR, how far can it go in terms of threat detection and vulnerability analysis?</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Also, regarding ZTNA 2.0, I've heard that it can provide continuous compliance monitoring through host-based policies.</P> <P>- But how far can it push these policies?</P> <P>- Can it detect misconfigured or disabled settings on the endpoint?</P> <P>- And how far can it restrict a non-compliant host?</P> <P>- For example, if the antivirus is disabled, I know it can be considered non-compliant and cause pings to be blocked to the host, but what other type of policy can be put in place, with concrete examples?</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>I'm open to all kinds of feedback and would appreciate any views or experiences you could share on these topics! Feel free to add your observations and suggestions. Thanks in advance for your contribution!</P> Thu, 28 Dec 2023 08:28:01 GMT https://live.paloaltonetworks.com/t5/prisma-access-discussions/prisma-access-questions-on-the-limits-of-threat-detection-and/m-p/571093#M646 bastien.guidone 2023-12-28T08:28:01Z https://live.paloaltonetworks.com/t5/prisma-access-discussions/prisma-access-questions-on-the-limits-of-threat-detection-and/m-p/571273#M647 <BLOCKQUOTE><HR /> <BLOCKQUOTE><HR /> <P>I have a question for you: If I use Prisma Access as a stand-alone solution without integrating it with Cortex XDR, how far can it go in terms of threat detection and vulnerability analysis?</P> <P>&nbsp;</P> <P><FONT color="#008080">Prisma Access as a standalone product can do all the things a NGFW can do, so any transit traffic can be inspected for threats and threat indicators, and upload files to wildfire for sandbox analysis</FONT></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Also, regarding ZTNA 2.0, I've heard that it can provide continuous compliance monitoring through host-based policies.</P> <P>- But how far can it push these policies?</P> <P><FONT color="#008080">This is outside of the scope of prisma access as standalone product. prisma access provides traffic security and can isolate an endpoint by means of connectivity</FONT></P> <P>- Can it detect misconfigured or disabled settings on the endpoint?</P> <P><FONT color="#008080">Prisma Access can't, you would need XDR</FONT></P> <P>- And how far can it restrict a non-compliant host?</P> <P><FONT color="#008080">HIP checks can be used to completely isolate an endpoint, or restrict it in such a way that it is still accessible by IT and is able to reach remediation serrvices but blocked from everything else</FONT></P> <P>- For example, if the antivirus is disabled, I know it can be considered non-compliant and cause pings to be blocked to the host, but what other type of policy can be put in place, with concrete examples?</P> <P><FONT color="#008080">hip checks can be created (check the full list of option in the link below) and then profiles created around these checks.</FONT></P> <P><FONT color="#008080">these profiles can then be used in security policies to determine what connectivity is allowed from the host</FONT></P> <P><FONT color="#008080">additionally the host can be quarantined completely isolating it from the world</FONT></P> <P>&nbsp;</P> <P><FONT color="#008080"><A href="https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/globalprotect/objects-globalprotect-hip-objects" target="_blank">https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/globalprotect/objects-globalprotect-hip-objects</A></FONT></P> <P>&nbsp;</P> <P>&nbsp;</P> <HR /></BLOCKQUOTE> <P>&nbsp;</P> </BLOCKQUOTE> <P>&nbsp;</P> Fri, 29 Dec 2023 22:15:26 GMT https://live.paloaltonetworks.com/t5/prisma-access-discussions/prisma-access-questions-on-the-limits-of-threat-detection-and/m-p/571273#M647 reaper 2023-12-29T22:15:26Z