This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew

Enhancing SASE Security: How Prisma Access Traffic Replication and Fidelis Security Eliminate Cloud Blind Spots

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Community Blogs
4 min read

Enhancing SASE Security: How Prisma Access Traffic Replication and Fidelis Security Eliminate Cloud Blind Spots

tasawant
L2 Linker
‎08-07-2025 11:00 AM

CoverPhoto.png

 

As organizations transition to a Secure Access Service Edge (SASE) architecture to support work-from-anywhere initiatives, their traditional on-premises tools for network traffic visibility and security analytics become obsolete. This fundamental shift creates significant visibility gaps for security teams, challenging their ability to perform in-depth forensic investigations, detect zero-day exploits, and gather the necessary evidence required to meet stringent regulatory deadlines, such as the SEC's four-day breach disclosure mandate. To bridge this gap and regain the essential insight, enterprises need more than just cloud-delivered security; they require a robust capability to replicate and analyze the full packet traffic that is now traversing the SASE cloud.

A powerful new solution emerges by combining Palo Alto Networks Prisma Access, featuring its Traffic Replication service, with Fidelis Security's advanced Network Detection and Response (NDR). This integrated approach provides organizations with unparalleled protection, visibility, and control.

 

The Power of the Integrated Solution

 

This end-to-end integration enhances threat detection, response, and prevention capabilities while ensuring secure and seamless access to applications and data for all users, regardless of location. Key benefits of this partnership include:

  • Decrypted, deep visibility into all network content - both inbound and outbound - across all ports and protocols.
  • Automated threat detection and hunting capabilities that generate automated alerts.
  • A contextual map of the customer's cyber terrain, which provides critical insights into the enterprise.
  • Real-time, session-level metadata collection and storage, supporting historical detection and investigation.
  • Advanced malware detection methods aligned with the MITRE ATT&CK framework.

 

tasawant_0-1754588777135.png

 

How It Works: A Seamless Flow of Data and Analysis

 

The joint solution creates a powerful, continuous workflow for capturing, analyzing, and responding to threats within your SASE environment.

 

Step 1: Realtime Full Packet Capture in Prisma Access Prisma Access provides cloud-delivered protection for all application traffic. The Prisma Access Traffic Replication Service captures all traffic packets traversing the SASE environment.

 

Step 2: Secure Transfer to Fidelis The collected traffic is encrypted and stored within an encrypted file in a Palo Alto Networks GCP data bucket. The Fidelis Google Cloud bucket then retrieves this encrypted file.

 

Step 3: Traffic Replay and Deep Session Inspection Using a built-in replay capability, the traffic is replayed from the Fidelis bucket to the Fidelis Network sensor. The sensor decrypts the files and PCAP data , rebuilds the sessions, and conducts Deep Session Inspection (DSI) and anomaly detection to analyze the packets for threats.

 

Step 4: Alerting and Response The Fidelis Network sensor generates alerts and sends them to the Fidelis CommandPost. The CommandPost provides a central dashboard for managing network sensor policies and viewing alerts, and it includes an interface to forward alerts to a customer's SIEM system for a unified response.

 

Key Use Cases in Action

 

This deep level of inspection and analysis enables critical security functions that are often difficult to achieve in a cloud-native environment:

 

  • Forensic and Threat Hunting Analysis: Conduct deep forensic investigations using packet captures as irrefutable evidence to understand an attack's origin, methods, and timeline. This provides the detailed understanding of attack vectors critical for post-incident analysis.
  • Regulatory Compliance and Evidence Retention: Fulfill regulatory standards that require network traffic to be collected, analyzed, and stored for a specific amount of time, providing crucial data for audits and legal evidence.
  • Network and Application Performance Debugging: Troubleshoot complex network and application performance issues by enabling packet-level debugging and deep analysis of transaction flows for root-cause analysis.

 

Conclusion

 

By combining Palo Alto Networks Prisma Access with Fidelis Network NDR, organizations can create a powerful security architecture that protects against sophisticated cyberthreats. This integrated solution provides consistent, secure, and high-performance access to applications and data across the enterprise, giving security teams the deep visibility and advanced threat detection needed to secure the future of work. To see how this powerful integration can strengthen your organization's security posture, visit

https://technologypartners.paloaltonetworks.com/English/integration/Prisma-Access-Fidelis-Security.

  • 766 Views
  • 0 comments
  • 2 Likes
Register or Sign-in
Labels
Contributors
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks