12-28-2023 12:28 AM
Hello everyone!
After exploring the PRISMA ACCESS demo available here : [demo link] (https://www.paloaltonetworks.com/partners/nextwave-partner-portal/help-me-learn/demo-systems/prisma-...)
I have a question for you: If I use Prisma Access as a stand-alone solution without integrating it with Cortex XDR, how far can it go in terms of threat detection and vulnerability analysis?
Also, regarding ZTNA 2.0, I've heard that it can provide continuous compliance monitoring through host-based policies.
- But how far can it push these policies?
- Can it detect misconfigured or disabled settings on the endpoint?
- And how far can it restrict a non-compliant host?
- For example, if the antivirus is disabled, I know it can be considered non-compliant and cause pings to be blocked to the host, but what other type of policy can be put in place, with concrete examples?
I'm open to all kinds of feedback and would appreciate any views or experiences you could share on these topics! Feel free to add your observations and suggestions. Thanks in advance for your contribution!
12-29-2023 02:15 PM
I have a question for you: If I use Prisma Access as a stand-alone solution without integrating it with Cortex XDR, how far can it go in terms of threat detection and vulnerability analysis?
Prisma Access as a standalone product can do all the things a NGFW can do, so any transit traffic can be inspected for threats and threat indicators, and upload files to wildfire for sandbox analysis
Also, regarding ZTNA 2.0, I've heard that it can provide continuous compliance monitoring through host-based policies.
- But how far can it push these policies?
This is outside of the scope of prisma access as standalone product. prisma access provides traffic security and can isolate an endpoint by means of connectivity
- Can it detect misconfigured or disabled settings on the endpoint?
Prisma Access can't, you would need XDR
- And how far can it restrict a non-compliant host?
HIP checks can be used to completely isolate an endpoint, or restrict it in such a way that it is still accessible by IT and is able to reach remediation serrvices but blocked from everything else
- For example, if the antivirus is disabled, I know it can be considered non-compliant and cause pings to be blocked to the host, but what other type of policy can be put in place, with concrete examples?
hip checks can be created (check the full list of option in the link below) and then profiles created around these checks.
these profiles can then be used in security policies to determine what connectivity is allowed from the host
additionally the host can be quarantined completely isolating it from the world
12-29-2023 02:15 PM
I have a question for you: If I use Prisma Access as a stand-alone solution without integrating it with Cortex XDR, how far can it go in terms of threat detection and vulnerability analysis?
Prisma Access as a standalone product can do all the things a NGFW can do, so any transit traffic can be inspected for threats and threat indicators, and upload files to wildfire for sandbox analysis
Also, regarding ZTNA 2.0, I've heard that it can provide continuous compliance monitoring through host-based policies.
- But how far can it push these policies?
This is outside of the scope of prisma access as standalone product. prisma access provides traffic security and can isolate an endpoint by means of connectivity
- Can it detect misconfigured or disabled settings on the endpoint?
Prisma Access can't, you would need XDR
- And how far can it restrict a non-compliant host?
HIP checks can be used to completely isolate an endpoint, or restrict it in such a way that it is still accessible by IT and is able to reach remediation serrvices but blocked from everything else
- For example, if the antivirus is disabled, I know it can be considered non-compliant and cause pings to be blocked to the host, but what other type of policy can be put in place, with concrete examples?
hip checks can be created (check the full list of option in the link below) and then profiles created around these checks.
these profiles can then be used in security policies to determine what connectivity is allowed from the host
additionally the host can be quarantined completely isolating it from the world
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
