New Features Introduced in Prisma Access 4.2

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Team Member



Prisma Access Release 4.2 is Here!


Palo Alto Networks continues to push boundaries in cloud-delivered security with the introduction of Prisma Access 4.2. This impressive release stands as the industry's sole ZTNA 2.0 security solution presented within a seamless, all-in-one package. In this fresh update, we're once again strengthening our cutting-edge ZTNA 2.0 security with an array of exciting new features and improvements:


  • Explicit Proxy Enhancements - Check out what's in store when it comes to Explicit Proxy Features in the 4.2 release of Prisma Access:
    • Kerberos Improvements:
      • When SAML isn't on the table, customers turn to Kerberos as their go-to authentication method to achieve SSO. It's the seamless solution that lets them effortlessly authenticate servers and users on the VDI.
      • In the past, Kerberos could authenticate all the traffic and apply security to all traffic but for identity based policies we were restricted to HTTP and decrypted HTTPS. We've bridged that gap with this enhancement!
      • You have the power to identify and shape security policies across all HTTP, HTTPS, and even HTTP(s) CORS based on user-ID making your digital domain safer than ever before!
      • Say goodbye to the hassle of managing trusted IPs for your HTTPS traffic. Even branches with ever-changing egress points can now tap into this feature without a worry.

    • PA managed PAC File endpoint
      • Customers leverage host PAC in conjunction with Prisma Access to specify which traffic is directed towards Prisma Access.
      • We set up the PAC files on AWS S3, which means customers needed to create pathways from their branches to AWS S3. However, that approach wasn't always practical, especially for those customers with non-default networks.
      • Prisma Access is stepping up by taking over the hosting duties for PAC files on <>. Now, customers can open access to only that and avoid the hassle of opening access to AWS S3.
      • We're keeping the door open for existing customers – the file will still be accessible on their trusted S3 location until March 31, 2024. This means there's plenty of time to make the switch and update the endpoints without feeling rushed.

  • Admin Credential Phishing

    We're rolling out credential phishing features to all Prisma Access deployments. There are three methods i.e Group mapping, IP mapping and domain credential filter with the domain credential filter only applicable for RN deployments.

    • There are these cunning sites known as phishing sites. Crafty attackers make them look just like the real deal, all to trick you into sharing your precious user information, especially those credentials that unlock the doors to your network.
    • Credential phishing prevention is like having a digital guardian that's always on the lookout. It scans username and password you punch into websites and cross-references them with your official company credentials. It's like having a watchful friend who knows when something fishy is going on!

    To learn more about the new Credential Phishing feature in Prisma Access 4.2, please check out the links below: 

  • New Prisma Access Locations (CDL, Local Zone and Compute Regions)
    We're on a mission to make your digital journey smoother and more secure than ever. That's why we're keeping the momentum going by consistently adding fresh Prisma Access compute regions. We're thrilled to introduce the latest additions to our lineup of locations and regions:

    • New Compute Regions
      • AWS Local Zones: 
        • Lima, Peru
        • Lagos, Nigeria
        • Auckland, New Zealand
      • South Korea (GCP) Compute region with Explicit Proxy support
    • New CDL Region
      Prisma Access has your back in Switzerland, supporting key components like CDL, ADEM, and AIOPS.
  • AI applications control and data security

    To shield against the increasing threat of sensitive data leakage to AI applications and APIs we're thrilled to introduce a fresh arsenal of capabilities. These extend to ChatGPT and other AI apps and are part our Next-Generation CASB solution. Here's what you can expect:

    • We're bringing you comprehensive visibility into every nook and cranny of SaaS activity. This means you'll have your finger on the pulse of all usage, including when employees venture into the realm of new and cutting-edge generative AI apps such as ChatGPT that can put data at risk.

      SaaS Security VisibilitySaaS Security Visibility


    • We're introducing granular controls where employees can securely access essential business apps, while access to risky apps – yes, including those tempting generative AI apps – can be limited or even blocked entirely.

      SaaS Security Granular ControlSaaS Security Granular Control


  • Our cutting-edge technology employs machine learning to classify data and initiate data loss prevention (DLP) to root out potential threats, such as the leakage of company secrets, personally identifiable information (PII), and other sensitive data to generative AI apps by well-intentioned employees.

    Data Loss Prevention (DLP)Data Loss Prevention (DLP)


Aside from ChatGPT, we're on a continuous mission to expand AI app support! Brace yourself for a growing roster that now includes notable names like GitHub Copilot, Playground, and Bing Chat. It's all about making sure you have the tools and protection you need across a wide spectrum of AI-powered applications.


Want to know more ? Check out all there is to know about this amazing new release in the Prisma Access Administration Guide and the Prisma Access Release Notes.


We would like to hear how you've experienced Prisma Access release 4.2 so far.  Please share your thoughts, comments and questions in the comments section below or on the Prisma Access LIVE Resource page.


Thanks for taking time to read this blog.
If you enjoyed this, please hit the Like (thumb up) button, don't forget to subscribe to the LIVEcommunity Blog area.

Register or Sign-in
Top Liked Authors