PRISMA ACCESS : Questions on the Limits of Threat Detection and Compliance with ZTNA 2.0

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

PRISMA ACCESS : Questions on the Limits of Threat Detection and Compliance with ZTNA 2.0

L0 Member

Hello everyone!


After exploring the PRISMA ACCESS demo available here : [demo link] (https://www.paloaltonetworks.com/partners/nextwave-partner-portal/help-me-learn/demo-systems/prisma-...)

 

I have a question for you: If I use Prisma Access as a stand-alone solution without integrating it with Cortex XDR, how far can it go in terms of threat detection and vulnerability analysis?

 

 

Also, regarding ZTNA 2.0, I've heard that it can provide continuous compliance monitoring through host-based policies.

- But how far can it push these policies?

- Can it detect misconfigured or disabled settings on the endpoint?

- And how far can it restrict a non-compliant host?

- For example, if the antivirus is disabled, I know it can be considered non-compliant and cause pings to be blocked to the host, but what other type of policy can be put in place, with concrete examples?

 

 

I'm open to all kinds of feedback and would appreciate any views or experiences you could share on these topics! Feel free to add your observations and suggestions. Thanks in advance for your contribution!

1 accepted solution

Accepted Solutions

Cyber Elite
Cyber Elite


I have a question for you: If I use Prisma Access as a stand-alone solution without integrating it with Cortex XDR, how far can it go in terms of threat detection and vulnerability analysis?

 

Prisma Access as a standalone product can do all the things a NGFW can do, so any transit traffic can be inspected for threats and threat indicators, and upload files to wildfire for sandbox analysis

 

 

Also, regarding ZTNA 2.0, I've heard that it can provide continuous compliance monitoring through host-based policies.

- But how far can it push these policies?

This is outside of the scope of prisma access as standalone product. prisma access provides traffic security and can isolate an endpoint by means of connectivity

- Can it detect misconfigured or disabled settings on the endpoint?

Prisma Access can't, you would need XDR

- And how far can it restrict a non-compliant host?

HIP checks can be used to completely isolate an endpoint, or restrict it in such a way that it is still accessible by IT and is able to reach remediation serrvices but blocked from everything else

- For example, if the antivirus is disabled, I know it can be considered non-compliant and cause pings to be blocked to the host, but what other type of policy can be put in place, with concrete examples?

hip checks can be created (check the full list of option in the link below) and then profiles created around these checks.

these profiles can then be used in security policies to determine what connectivity is allowed from the host

additionally the host can be quarantined completely isolating it from the world

 

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/globalprotect/objects-globalp...

 

 


 

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

View solution in original post

1 REPLY 1

Cyber Elite
Cyber Elite


I have a question for you: If I use Prisma Access as a stand-alone solution without integrating it with Cortex XDR, how far can it go in terms of threat detection and vulnerability analysis?

 

Prisma Access as a standalone product can do all the things a NGFW can do, so any transit traffic can be inspected for threats and threat indicators, and upload files to wildfire for sandbox analysis

 

 

Also, regarding ZTNA 2.0, I've heard that it can provide continuous compliance monitoring through host-based policies.

- But how far can it push these policies?

This is outside of the scope of prisma access as standalone product. prisma access provides traffic security and can isolate an endpoint by means of connectivity

- Can it detect misconfigured or disabled settings on the endpoint?

Prisma Access can't, you would need XDR

- And how far can it restrict a non-compliant host?

HIP checks can be used to completely isolate an endpoint, or restrict it in such a way that it is still accessible by IT and is able to reach remediation serrvices but blocked from everything else

- For example, if the antivirus is disabled, I know it can be considered non-compliant and cause pings to be blocked to the host, but what other type of policy can be put in place, with concrete examples?

hip checks can be created (check the full list of option in the link below) and then profiles created around these checks.

these profiles can then be used in security policies to determine what connectivity is allowed from the host

additionally the host can be quarantined completely isolating it from the world

 

https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-web-interface-help/globalprotect/objects-globalp...

 

 


 

 

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
  • 1 accepted solution
  • 1689 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!