In addition, the dramatic adoption of cloud infrastructure, cloud applications, and cloud services also makes it difficult for traditional on-premises datacenter security and network appliances to keep up. Employees today regularly access a variety of cloud- and datacenter-based applications from coffee shops, home offices, parks–just about anywhere–via a wide range of personal and employer-provided devices that includes phones, tablets, and computers.

The combined increases in cloud technology adoption and the number of employees working remotely have resulted in  61% of organizations reporting they've struggled to provide the necessary remote security to support work-from-home capabilities.

Traditional Web Proxy Solutions Can’t Keep Up

Traditional, on-premises web proxy appliances were designed for use in datacenter environments, providing headquarters-based office workers with internet access and security. However, these secure web gateway (SWG) appliances were never designed to support large numbers of remote workers, lacking the scalability and performance needed to support cloud-based applications. As a result, many organizations are open to a new approach to SWG, with only 8% of organizations indicating they are very satisfied with their current SWG solution and not planning to change any time soon.

Some of the key limitations associated with traditional on-premises web proxy appliances include:

• Incomplete security. On-premises web proxy appliances and other multi-vendor legacy products fail to provide complete, consistent security across all users, locations, and devices.
• Limited app coverage. Over half of all remote workforce threats are for non-web apps, which are invisible to web proxies. Security teams can’t block what they can’t see. The risk of a data breach increases without security for both web and non-web apps.
• Poor end-user experience. Performance bottlenecks happen when organizations backhaul remote worker internet traffic to datacenter-based web proxy appliances for access and security. In addition, remote workers use a VPN–not a SWG–to gain remote access to private applications, which can cause confusion and more IT help desk calls.
• Multi-vendor appliance limitations. Using many web proxy appliances results in a lack of centralized management, inconsistent security policies, slow performance, and poor visibility into network threats across the organization.

A Modern Cloud Secure Web Gateway

Traditional web proxy appliances are managed separately from other security controls, creating complexity, policy inconsistency, and ultimately leading to security gaps that put enterprises at risk. Fortunately, organizations can now transition from traditional web proxy appliances to the modern Cloud Secure Web Gateway capabilities in Prisma Access.

Prisma Access provides a natively integrated cloud SWG and a completely reimagined, user-centric workflow built from the ground up to offer simple and easy-to-define web security rules. Now, businesses can go beyond the traditional “allow” or “block” rules to enable more granular action controls that accommodate the emerging needs of their hybrid workforces to achieve:

• Protection for all app traffic. Prisma Access provides access to all apps and secures against both web- and non-web-based threats, helping organizations reduce the risk of a data breach by up to 45%.
• Complete, best-in-class security. Prisma Access converges industry-leading capabilities into a single cloud-delivered platform, providing more security coverage than any other solution and delivering more than 4.3M unique security updates per day, 24.5x more than our nearest competitor.
• Exceptional user experience. Prisma Access resides on a massively scalable network that provides ultra-low latency and is backed by industry-leading SLAs to ensure the best digital experience possible for end-users. Prisma Access also eliminates performance bottlenecks caused by backhauling traffic with 10x more total encrypted tunnel throughput than the nearest competitor and performance SLAs that are 10x better than any other cloud-delivered service.

We also simplify the transition from traditional web proxy appliances to the Cloud Secure Web Gateway capabilities in Prisma Access. By leveraging the cloud explicit proxy option, organizations can use Prisma Access Cloud Management to update existing PAC files so that internet-bound traffic is directed to Prisma Access cloud explicit proxy for user access and internet threat protection without requiring any network architecture changes.

We also provide a best practices dashboard, assessments, field checks, and reports to improve your security posture, streamline management, and increase user productivity. Continually assess your configuration against these inline checks, which include:

• Rulebase checks that look at security policy organization and management, including configuration settings that apply across many rules
• Security rules
• Security profiles
  • Anti-Spyware
  • Vulnerability Protection
  • WildFire and Antivirus
  • URL Access Management
  • DNS Security
• Authentication
• Decryption
• GlobalProtect

Cloud Secure Web Gateway in Prisma Access also provides flexible connectivity options that make it easy for organizations to protect all users and applications, wherever they reside, including:

• Managed mobile devices can be protected via the GlobalProtect agent to secure all ports and protocols, protecting web and non-web traffic.
• Unmanaged devices can use our agentless access for full protection.
• Branch offices can seamlessly connect via IPSec.

By using the Cloud Secure Web Gateway capabilities available in Prisma Access, organizations can consolidate or eliminate the need for multi-vendor web proxy appliances to enjoy simplified management, lower costs, improved security, and a superior remote user experience. Learn how our Cloud Secure Web Gateway in Prisma Access can protect all of your users and applications, everywhere.

The post Use Cloud SWG to Simplify Remote Workforce Security appeared first on Palo Alto Networks Blog.

A New Era of Home Network (In) security

IT security teams face unprecedented challenges with a work-from-home (WFH) model that expands the attack surface, reduces visibility and adds varying degrees of unknown risks. The critical role of securing sensitive data, corporate-issued devices and business operations in this vastly distributed workforce – amid evolving threats ranging from ransomware to phishing attacks – requires an approach to enterprise security that extends to the home network.

“...with increasing numbers of workers at home, malicious attackers

are focused now more than ever on what is often a

critical security weakness: home devices.” - Forrester Research^[1]

Cybercriminals are adapting to this new reality by targeting employees' personal lives in order to target companies. With the digital lines between personal and corporate often blurred and with seemingly limitless tools available to adversaries today, organizations must rethink their approach to risk. Threat actors can easily find the home IP addresses of executives and employees who have access to sensitive data. Once identified, they can target insecure personal devices to breach the home network and carry out lateral attacks against the enterprise. Consumer-grade home routers are particularly at risk with vulnerabilities and overly permissive factory-default configurations that can also be easily exploited.

Zero-Trust Approach to Securing WFH Employees

Similar to past IT challenges with mobile phones, organizations cannot simply hope its employees’ home routers will do a good enough job with security. Consumer-grade routers were neither designed to protect against rapidly evolving cyber attacks nor intended to integrate with enterprise security solutions. With the home now functioning as the new branch office, it needs a similar level of network security as traditional branch offices. That starts with secure routers and appropriate IT visibility.

Continuous visibility is often hindered by WFH employees who turn off their VPNs to wirelessly connect to local printers, boost performance or to use their corporate device for personal reasons. The moment an employee turns off their VPN, they risk exposing sensitive company data to cybercriminals. That’s why so many organizations are moving away from their legacy remote access VPN solutions to a pervasive and always-on ZTNA solution like Prisma Access.

As part of our Prisma SASE launch, we’re excited to announce the availability of the next-generation of enterprise cybersecurity from Palo Alto Networks for the home network – Okyo Garde Enterprise Edition.

In addition to the always-on ZTNA solution for the remote workforce in Prisma Access, Okyo Garde Enterprise Edition extends best-in-class secure access service edge (SASE) to the employees’ entire home network. Okyo Garde is a Wi-Fi 6 mesh-enabled router that brings the enterprise SSID into the home and allows corporate devices to automatically connect to a separate enterprise-managed network in the home. Prisma Access inspects all application traffic, across all ports, with Palo Alto Networks’ industry-leading threat intelligence. Okyo Garde adds another layer of protection by smartly segmenting the corporate network from the personal network to prevent lateral attacks, and can even extend protections to the personal network to secure the whole home.

Okyo Garde Enterprise Edition was designed with a zero trust model to safely and privately secure all devices in the home to provide the same peace of mind while working from home as you would in the office.

One Stop, Zero-Compromise Home Network Security

Okyo Garde Enterprise Edition enables fast, reliable Wi-Fi 6 coverage with a high-performance mesh router that improves throughput and resolves many common connectivity issues, alleviating burden on IT staff. Increased performance coupled with Okyo Garde security and Prisma Access can help your organization in several ways:

• Standardize your security posture – Improve risk awareness of corporate-issued devices, including agentless devices like printers, VoIP phones, hardware prototypes, etc., to identify issues sooner with uniform network-layer enterprise security that is always on. Extend network security policies to home-based corporate networks to ensure consistent and seamless implementation and enforcement.
• Secure the entire home, holistically – Employees can create a completely separate and secure personal Wi-Fi network at no additional cost. Protections include the latest cybersecurity defenses against malware, phishing attacks, ransomware, and other threats.
• Manage your workforce with visibility and scale – With Prisma Access cloud-based management console and Panorama, SOC/IR teams have visibility into WFH security risks and can centralize orchestration for unified management of security policies. Dedicated Okyo services also serve as first-line support to avoid calls to in-house IT staff related to home network issues; and Okyo Concierge (included with Premium Success) provide 24/7 priority access, as well as on-site installation and support.
• Respect employee privacy – The corporate network and the employee’s personal network are smartly segmented, with each having its own unique SSID and sign-in credentials. Employees operate and control their own personal network as the home network administrator via the Okyo Garde app. Employers have no visibility into the personal network, including who’s using it, the devices connecting to it and any activities that occur on it.

A Holistic and Proactive Mitigation Strategy

Although organizations invest in enterprise security to protect corporate assets and sensitive data in the office, they lose critical network-layer visibility and control when employees work from home. This lack of visibility coupled with the increasing number and sophistication of cyberattacks on home networks have elevated the importance of home network security as a key tenet of enterprise security.

In this new era of working from home, organizations require a holistic and proactive mitigation strategy that provides continuous visibility, comprehensive insights, and the ability to identify and stop sophisticated attacks. Purpose-built for today’s modern workforce, Okyo Garde Enterprise Edition boasts high performance, strong security, and privacy to not only extend enterprise security but drive business velocity in an increasingly distributed and digital world.

To learn more about Okyo Garde Enterprise Edition, we invite you to join our launch event on May 11, 2022, or contact a sales representative. Okyo Garde is currently available in the United States and Canada.

1. Protect Your Work-From-Home Workforce, Forrester Research, Inc., November 30, 2021 ↑

The post Okyo Garde Enterprise Edition: Now Available appeared first on Palo Alto Networks Blog.

Leading Provider of Healthcare Coverage for 80+ Years

Leading the way in supporting patient-focused care, this health insurance provider delivers coverage to more than 700,000 customers. After transitioning to remote work full time the business becomes even more reliant on applications to continue to collaborate and work efficiently across the company. In fact, they use multiple applications (both SAAS and private) that are mission critical to their business. As a result, IT wants to ensure the quality of services for users, wherever they are working, at home or in the office, is consistent and application performance bottlenecks are not hampering productivity.

Troubleshooting in the Dark

A remote workforce puts extra digital demands on the corporate IT, network and security teams who make remote work possible. IT can’t respond fast enough to the flood of questions and escalations from remote workers pouring into their help lines.

When it came to basic troubleshooting, IT and security managers typically had to log into multiple tools just to understand a fraction of their employees’ technology problems, which made their work unnecessarily time consuming. In addition, these existing monitoring tools provide them no visibility into their remote worker’s experience. When IT cannot see or understand what’s causing problems to occur, they are unable to resolve them. Many times IT routes user tickets to the network and security team for resolution, even when the root cause is outside of their control and within user’s purview, like the Device, WiFi, LAN or ISP. Not only do these inefficiencies and blind spots increase operational costs and MTTR outcomes, they also negatively impact employee productivity and ultimately business results.

Autonomous Digital Experience Management Integrated with Secure Access and Zero Trust Capabilities

The business rolled out Prisma Access, replacing their legacy VPN solution, and enabled ADEM to monitor and manage user experience. With Prisma Access, the organization enabled their workforce of 1,500+ employees to securely work from anywhere, while optimizing user experience with its integrated ADEM capabilities.

Results

Using ADEM, help desk managers now quickly get insights that can help identify the cause of experience issues and resolve them. In fact, ADEM has helped reduce Tier 2 and 3 escalation calls by more than 60%. ADEM has helped the business in the following ways:

• Deliver proactive IT: Solve problems before users submit support tickets. With data that is accurate and complete about users’ devices, network, applications, and the experiences of the end-users themselves, a proactive IT approach can lead to a future in which employees never have to suffer an IT issue or submit a ticket again.
• Have instant visibility into root cause of problems and a 60% reduction in T2/T3 escalation calls: Instantly identify the root cause of experience issues, even ones within the user's purview (e.g. employee’s devices switching between multiple WiFi connections resulting in a poor application experience). IT managers can identify and resolve a problem quickly, without having to escalate to multiple teams or wait for an end user to report it. With the right insights and evidence from ADEM, there is no more ‘passing the buck’ between security, network and application teams and third party service providers regarding root cause which can draw out MTTR to weeks or months. After rolling out ADEM, this team saw Tier 2/ 3 call escalation calls reduced by more than 60%.
• Resolve problems faster: When a user of Microsoft Teams, calls the helpdesk with “Teams doesn’t work” or “Teams is slow”, within a few clicks, IT can understand (for example) if their machine is running hot with high system CPU which can be resolved by closing unwanted applications or browsers, or if they are getting low wifi signal and need to move close to their wifi router.
• Operational simplicity: ADEM is natively integrated with Palo Alto Network’s Prisma SASE and Zero Trust capabilities making roll-out as easy as possible. In just a few clicks, ADEM starts providing experience insights without the overhead of additional software download and complex installation procedures.

Users have high expectations that online tools and communication channels always operate flawlessly, regardless of where they work. In order to execute on this high standard of user experience, visibility into all available channels and a single pane of glass to watch over them is critical.

Diagnose and fix reported incidents in a flash, but also proactively resolve unreported issues and prevent them from happening in the first place with ADEM. Learn more about how ADEM can add value to your organization, in this ESG Global report, “Autonomous Digital Experience Management (ADEM) Yields Benefits Across the Organization.”

The post Stop Troubleshooting in the Dark appeared first on Palo Alto Networks Blog.

Critical Drivers for Managed SASE

In today’s rapidly changing hybrid workforce, comprehensive converged security and networking are top-of-mind for every organization. Unfortunately, available offerings come from different vendors and are highly fragmented. They have nuanced, subtle, or incredibly stark differences to add further complexity. These challenges make it very hard for enterprises to maintain budget and “lean-IT”.

This is where an MSP comes in and provides value. With their vast experience in offering various services, coupled with deep consulting expertise, MSPs can help tackle most of these complexities.

MSPs leverage cloud SaaS models as their primary way to deliver managed services and offer a tiered catalog of services based on the end customer (or tenant) type. They typically have two models for their enterprise customers:

• “Fully Managed” is well suited for mid-market, small businesses as this involves minimal IT overhead on the enterprise. The MSP is responsible for all aspects of the tenant’s service lifecycle, including security policy configuration and operations.
• “Co-Managed” is prevalent in the large enterprise segment. The MSP provides delegated access to the customer to co-manage the policies and their specific services.

Typically, MSPs offer their customers a tiered set of service level agreements (SLAs) spanning delivery, operation & management, and continuous security assessment & threat management.

SASE architecture provides new options for MSPs to enhance their managed services with more comprehensive, integrated networking and security services to meet various customer needs. Consequently, MSPs are rapidly evolving to adapt to the unique needs of today’s organizations and augmenting their portfolios with a simple consumable Managed SASE offer that includes the latest and the most advanced threat protection and cybersecurity.

Taking Managed SASE To The Next Level: Prisma SASE for MSPs

Prisma SASE is the industry’s only complete SASE solution based on three foundational pillars: security, networking, and user experience. By enhancing the products with capabilities explicitly created for MSPs and large distributed enterprises, Palo Alto Networks enables MSPs to deliver the best experience to their customers.

• Multi-tenant Cloud Management that includes hierarchical multi-tenancy provides MSPs with a unified and converged “single pane of glass” for MSP administrators to manage many customers across different market segments with reduced cost of operation. A sophisticated dashboard provides aggregated views of threats, applications, network connections, licenses, alarms, and more across all managed customers. The “security” and “SD-WAN” dashboards provide actionable insights, aggregating rich telemetry of security and connectivity incidents to help monitor and act upon threats. The benefit to the MSP is the ability to perform granular trend analysis and create unique per customer (or tenant) security policies to address security vulnerabilities in their customer environments.

• Flexible Service Creation and Management includes intuitive licensing and activation flexibility to support fully managed and co-managed deployment models. Prisma SASE integrated license management provides per tenant license management and aggregated visibility of all licenses, license pools and consumption across all their tenants. Per tenant security services, policies and granular application controls are rapidly and easily configured across all managed customers.
  • A Security Service Lifecycle Management provides intuitive workflows to configure consistent security policy postures, threat prevention, and protection mechanisms across all managed tenants.
  • A Multi-Tenant Device Management supports different lifecycle stages of Prisma SD-WAN devices by allowing admins to allocate the devices to the managed tenant(s) based on their roles and permissions.
  • Integrated Tenant and Identity and Access Management provide CRUD (Create, Read, Update, Delete) capabilities to manage tenants with sophisticated role-based access control (RBAC) for delegated access.
  • Comprehensive Operational Lifecycle Management includes monitoring and reporting, which helps networking and security teams simplify troubleshooting and accelerate incident response.
• Open APIs provide seamless integration and automation. The entire solution is built on an API first architecture that enables seamless and frictionless integration of existing Operations Support Systems (OSS), Business Support Systems (BSS), Network Management Systems (NMS), including Customer Relationship Management (CRM), and billing systems. The comprehensive API lifecycle management includes version control for backward compatibility and integrated RBAC with multi-tenant support. The API framework is built on the latest RESTful JSON standards with built-in support for Authentication and OAuth2 based Authorization.

Empowering MSPs to Deliver on the SASE Promise

With Prisma SASE, MSPs can deliver comprehensive SASE solutions with rapid time to market while driving significant business outcomes.

MSPs can benefit from:

• Managing a large number of customers in an intuitive, highly scalable cloud-delivered platform to fast-track enterprise digital transformation with comprehensive state-of-the-art security for the hybrid workforce
• Accelerating top-line revenue growth with new differentiated security and connectivity services
• Decreasing COGS and improving bottom-line margins with comprehensive visibility and AI/ML driven operational excellence

For more detailed information, read our Prisma SASE for MSPs At a Glance. Learn more about Prisma SASE.

The post Fast-track Enterprise Digital Transformation with Managed Prisma SASE appeared first on Palo Alto Networks Blog.

This can be especially challenging when an organization relies on multi-vendor on-premise security appliances that were never designed for today’s cloud-centric world and global remote users. According to a survey by industry analyst ESG Global, when asked “What are the biggest challenges your organization faces relative to access control and management network security tools?” the leading responses include:

• Inconsistent management across physical and cloud/virtual environments
• Introduce performance issues that negatively impact user experience
• Too many disparate tools
• Difficult to implement

Additional research from ESG Global shows that many organizations are open to a new approach to secure web gateway, with only 8% of research respondents indicating they are very satisfied with their current solution and not planning to change any time soon.

Example: Global Airline

For many years, a popular global airline had used on-premise web proxy appliances to provide employees with access and security for internet-bound traffic. Spread across several data centers, the web proxy and other multi-vendor appliances met their needs at the time. However, as more applications moved to the cloud and employees transitioned to remote work locations, the company quickly learned that on-premise security appliances were unable to adequately support over 20,000 remote users. Some of the key challenges faced by the airline include:

• Incomplete Security. On-premise web proxy appliances, along with other multi-vendor legacy products fail to provide complete, consistent security across all users, locations, and devices. Also, they weren’t designed for cloud-based apps, so they lack the flexibility and scalability required in today’s environments. The lack of integrated security policies; single, pane-of-glass management; and limited visibility expose organizations to advanced threats.
• Limited app coverage. Over half of all remote workforce threats are for non-web apps, which are invisible to web proxies. Security teams can’t block what they can’t see and without security for all apps (web and non-web), the risk of a data breach increases.
• Poor End-user Experience. Deploying web proxy appliances at the data center for access and inspection of internet-bound traffic made sense when most workers were at the main office. However, with the majority of staff now working remotely, the backhauling of internet traffic to the data center creates bottlenecks. Poor performance along with inconsistent app access–which can vary depending upon the user’s device, permissions, and location–results in frustrated users, reduced productivity, and more calls to the IT support desk.

According to analyst ESG Global, the consistency with which users are protected regardless of where they are or what they are accessing should be a priority for nearly every organization. Given this, it should come as no surprise that 69% of research respondents indicated secure web gateway (SWG) will be the starting point or a secondary consideration for their SASE implementation.

A Modern, Complete, Cloud-Delivered Solution

Today, organizations require a solution that seamlessly protects their remote workers as they access web and non-web applications from just about anywhere. Our Cloud Secure Web Gateway delivers modern, complete cloud security through Prisma Access, as well as:

• Protection for All App Traffic. Provides access to all apps and secures against all threats, not just web-based apps and threats, helping organizations reduce the risk of a data breach by up to 45%.
• Complete, Best-in-class Security. Industry-leading capabilities converged into a single cloud-delivered platform, providing more security coverage than any other solution. We deliver more than 4.3M unique security updates per day, 24.5x more than our nearest competitor.
• Exceptional User Experience. Our massively scalable network with ultra-low latency and backed by industry-leading SLAs ensure the best digital experience possible for end-users. We provide 10x more total encrypted tunnel throughput than the nearest competitor, with performance SLAs that are 10x better than any other cloud-delivered service.

Cloud Secure Web Gateway also provides flexible connectivity options that make it easy for organizations to protect all users and applications, wherever they reside. For example:

• Managed mobile devices can be protected via the GlobalProtect agent to secure all ports and protocols, protecting web and non-web traffic.
• Unmanaged devices can use our agentless access for full protection.
• Branch offices can seamlessly connect via IPSec.
• Legacy proxy-based solutions can easily transition to our complete, cloud-delivered security platform by using our cloud explicit proxy that simply redirects your existing PAC files to Prisma Access, without the need for network architecture changes.

Learn how our Cloud Secure Web Gateway can help your organization by providing complete, award-winning security through Prisma Access for a single, cloud-delivered platform to protect all users and applications, everywhere.

The post A Cloud Secure Web Gateway Flexes to Secure Employees Everywhere appeared first on Palo Alto Networks Blog.

Improved Collaboration with Next-Gen SD-WAN and ChatOps

Prisma SD-WAN is the industry’s first next-generation SD-WAN to deliver comprehensive application-level visibility across branches, data centers, and the cloud. Combined with AIOps and ADEM, customers gain granular visibility into the performance at every WAN path, hop, and mile to destination. Simultaneously, organizations are increasingly leveraging collaboration tools to extend SD-WAN visibility anywhere. ChatOps applications are gaining popularity and are evolving into effective channels that connect people, tools, and processes.

With these requirements in mind, I am thrilled to announce Prisma SD-WAN integration with Microsoft Teams to deliver ChatOps for SD-WAN. This seamless integration connects ChatOps with the SD-WAN controller to interactively query analytics on any device and any location without requiring to log on to corporate networks.

“We are further strengthening our relationship with Palo Alto Networks to enable improved visibility for any organization with this turn-key integration,” states Casey McGee, VP ISV Partner Sales at Microsoft. “Our customers can now gain granular visibility into their branch connectivity, application performance, and utilization for an exceptional, secure, user experience from anywhere.”

Tana Rosenblatt, VP Network Security Technology Partnerships at Palo Alto Networks, states “We’re delighted to expand our strategic relationship with Microsoft to deliver our best-in-class SD-WAN analytics anywhere. Tightly integrating Prisma SD-WAN with Microsoft Teams enables our customers to manage resilient networks and deliver improved user experience.”

Automate Operations with Prisma SD-WAN CloudBlade

Prisma SD-WAN simplifies and fully automates integration with 3rd parties, using its unique API-based CloudBlade platform without any service disruption.

Customers can take advantage of this integration to achieve multiple benefits including:

• Access SD-WAN analytics on preferred medium. IT administrators can instantly access SD-WAN analytics by enabling Prisma SD-WAN chatbot experience on Teams. Moving away from the legacy approach that mandates corporate access and supported devices to access metrics, this integration delivers visibility securely anywhere, anytime, and on any smart device.
• Natural language-based access to information. Prisma SD-WAN ChatOps allows easy access to granular analytics using natural language queries. As a result, broader teams like desktop support, IT administrators, and users up to C-level can now look up branch connectivity, application performance, and network performance data to collaborate better on any issues.
• Deliver the best user experience. Prisma SD-WAN ChatOps makes information flow easier across teams, thus enabling support teams to understand quickly, delegate, and escalate critical issues. Critical issues are already identified through ChatOps allowing IT administrators to quickly troubleshoot and resolve them, resulting in reduced downtime and improved application performance. Users can get information about sites, apps, and branch appliances using Chatops.
• Monitor SD-WAN multi-cloud connectivity. The same CloudBlade platform also enables simplified and automated connectivity to cloud providers like Microsoft Azure. With organizations increasingly accessing their applications and workloads from the cloud, Prisma SD-WAN ChatOps now allows visibility into their branch-to-cloud connectivity to ensure cloud and SaaS applications meet their expected performance SLAs.

To learn more about how Prisma SD-WAN and Teams enable ChatOps integration benefits, check out our joint solution brief.

The post Instant SD-WAN Visibility at your Fingertips with ChatOps appeared first on Palo Alto Networks Blog.

Discover 228% ROI with Next-Gen SD-WAN

The manual operations required to manage legacy SD-WAN consume a lot of time. Finding ways to offload routine tasks with automation gives that time back to your staff. A next-generation SD-WAN solution, like Prisma SD-WAN, offers benefits such as automation in a way that legacy SD-WAN simply can’t match.

The Palo Alto Networks SASE ROI calculator provides realized cost savings and benefits for a complete security and SD-WAN solution (SASE), or security and SD-WAN only. The following numbers were calculated through the ROI calculator assuming only SD-WAN investment:

Large Enterprises have globally distributed branch locations and are constantly expanding with acquisitions and mergers that makes their infrastructure diverse and negatively impact ROI. Prisma SD-WANs cloud-delivered model enables branch transformation at scale with automation and can save up to 267% ROI over 3 years and realize 97% WAN hardware and connectivity cost reduction (assuming 50,000 - 100,000 employees, 50% remote workers and 2,500 branch offices). Realizing they have the most to gain with a next gen SD-WAN solution can expedite their digital transformation efforts while future-proofing their investments. Case in point is Salesforce.com, who selected Prisma SD-WAN, the industry’s first next-generation SD-WAN solution, delivering an ROI of up to 243%.

Mid-sized companies can also save up to 227% ROI over 3 years and realize 94% WAN hardware & connectivity cost reduction (assuming 10,000 - 50,000 employees). Even SMBs with 1,000 employees can save up to 70% ROI over 3 years and realize 81% WAN hardware & connectivity cost reduction.

For businesses like retail, delivering the best user experience translates to customer retention and increased revenues which inturn is an ROI. Check out how Aaron’s experienced a 99% reduction of trouble tickets for the WAN by employing Prisma SD-WAN.

Don’t Forget about Security

Enhancing your WAN with SD-WAN is great, but without security your users and data are constantly exposed to ever increasing threat landscape. A SASE solution converges networking and security services into one cloud platform, ensuring protection to users no matter where they are located. Prisma SASE is the industry’s most complete SASE solution, converging network security, SD-WAN, and Autonomous Digital Experience Management (ADEM) into a single cloud-delivered service. With Prisma SASE, organizations can realize security cost reduction of up to 30% and improve security efficiencies of up to 45%. See how much you can save with a SD-WAN solution or SASE solution using the ROI Calculator now.

The Prisma SASE ROI Calculator was commissioned by Palo Alto Networks and developed by the Forrester Consulting group who gathered data and interviewed Prisma SASE customers. The calculator provides a real life financial model for organizations looking to purchase a standalone SD-WAN, network security solution or a complete SASE solution.

The post Realizing the Best ROI for Your Digital Transformation Journey appeared first on Palo Alto Networks Blog.

The Organization

This global consumer services enterprise has over 17,000 employees across 44 countries worldwide. Putting customers first is a core part of the organization’s culture. For them, optimizing their digital employee experience is the key to providing a world-class customer experience.

The Challenge

Employees can’t provide the best customer service possible when application performance slowdowns and disruptions hamper their productivity. IT wants to help, but they are overwhelmed by tickets and lack the insights they need to resolve performance degradation issues quickly. And, unfortunately, the volume of employee support calls to IT regarding choppy VOIP during customer conference calls or slow systems greatly increased once the entire organization’s workforce of 17,000 shifted to working from home.

There are many variables to consider when supporting remote workers and delivering a high-quality user experience. IT and network teams do not control the employee’s environment, yet are still responsible for their user experience. Sitting between business-critical apps and end-users is a host of dependencies and third-parties, such as cloud providers, CDNs, DNS providers, last-mile ISPs, WiFi networks, and more.

In many cases, employees first try resolving network and application performance challenges on their own by rebooting their devices. But what happens when the root cause of the problem is low WiFi signal strength? Rebooting won’t resolve the issue. Using ADEM, IT can now quickly access insights that can help identify or rule out causes of performance issues across their entire workforce.

Solution

The business rolled out Prisma Access, replacing their legacy VPN solution, and enabled ADEM to monitor and manage user experience. The organization quickly modernized its legacy infrastructure in just a few clicks and enabled its entire workforce of 17,000+ employees to securely work from anywhere while optimizing user experience with the integrated ADEM capabilities.

Results

Using ADEM IT can now quickly get insights that can help identify the cause of performance issues and resolve them. ADEM has proven to be the ultimate troubleshooting tool, giving the IT team the necessary data for a complete understanding of network traffic and the segments impacting user experience. Specifically, ADEM has helped the business in the following ways:

• Faster troubleshooting and increased IT efficiency. With ADEM, troubleshooting performance degradation is now quick and easy, helping staff isolate and triage performance issues and get to resolutions faster.
• Improved user productivity and experience. Unreliable IT service and poor user experience negatively impacted the productivity of the organization’s customer support representatives. With ADEM, IT can mitigate, resolve and often prevent disruptions from getting in the way.
• Strong customer satisfaction. When a customer calls with a problem, they want a fast response. With ADEM, support representatives are able to do their job more efficiently and offer the best possible customer service for customers.

Is optimal user experience on your list of SASE solution requirements?

Your business shouldn’t be slowed down by poorly performing technology and insufficient end-user experience. Diagnose and fix reported incidents in a flash, but also proactively resolve unreported issues and prevent them from happening in the first place with ADEM.

To learn more about how ADEM can add value to your organization, read this report from ESG Global, “Autonomous Digital Experience Management (ADEM) Yields Benefits Across the Organization.”

The post ADEM improves the work-from-home experience for 17,000+ employees appeared first on Palo Alto Networks Blog.

Cloud Connectivity Simplified with SD-WAN

Organizations need a branch solution that simplifies and automates cloud connectivity at scale while securely connecting to the cloud applications to improve application performance, reduce complexity and provide greater security. With these requirements in mind, I am thrilled to announce the Palo Alto Networks Prisma SD-WAN enabling connectivity to Azure virtual WAN(vWAN). This extends our strong partnership with Prisma Access and Azure integration, further enabling organizations to achieve their secure access service edge (SASE) strategy for converged networking and security in the cloud. Gartner recognizes this growing trend by stating, “By 2024, more than 70% of software-defined wide-area network (SD-WAN) customers will have implemented a secure access service edge (SASE) architecture, compared with 40% in 2021.”

"We’re thrilled to see Palo Alto Networks continue to enable the business’s cloud journey," states Reshmi Yandapalli, Principal Product Manager at Azure. "Prisma SD-WAN customers can now leverage this integration to simplify connectivity to Azure. Using Azure Virtual WAN Service, Prisma SD-WAN CloudBlade can provide secure and fully automated cloud connectivity at scale across branch offices, resulting in improved user experience."

Simplify and Fully Automate Cloud Connectivity with Complete Visibility using CloudBlades

Prisma SD-WAN Azure Virtual WAN CloudBlade automates branch connectivity to Azure virtual wide area network (vWAN) with seamless virtual Instant-on Network (vION) deployment in the Azure by leveraging simplified UI-based workflow. It is based on Palo Alto Networks CloudBlades, an API-based platform that delivers rich branch services at speed and scale, without any disruption. Prisma SD-WAN Azure Integration CloudBlade, Prisma SD-WAN fabric connectivity to Azure helps customers save costs and simplify operations.

Prisma SD-WAN’s turnkey integration with Azure provides customers multiple benefits:

Automate Branch-to-Cloud Connectivity

• Provision Prisma SD-WAN AppFabric seamlessly to Azure, such that tunnels from all SD-wan branch sites to Azure are brought up automatically without any manual intervention.
• Single console to manage branch and cloud configurations while provisioning at scale across branch locations to Azure vWAN

Higher resiliency

• Automate cloud connectivity with zero service disruption using CloudBlades that does not require any controller, cloud, or branch appliance updates.
• Improve application resiliency with fully automated high available cloud gateway (vIONs) deployments in Azure that ensures redundancy and seamless failover.

Extend application performance

• Extend deep application visibility with Layer 7 intelligence to Azure with Prisma SD-WAN’s application-defined approach.
• Gain granular performance insights from branch to Azure to improve user experience and significantly reduce troubleshooting efforts with automation using ML and data science capabilities.

Deliver Flexible Cloud Security with Prisma Access

• Leverage Prisma Access and Azure integration to secure cloud application access for a hybrid workforce.
• Use Prisma Access or Azure security flexibly based on access, availability, and performance SLAs to secure applications and users.

To learn more about the benefits of Prisma SD-WAN and Azure integration, check out our solution brief.

The post Prisma SD-WAN Integrates With Azure to Simplify Cloud Connectivity appeared first on Palo Alto Networks Blog.

Fast forward to today and we see significant numbers of employees frequently working from anywhere but their corporate offices. At the same time, the datacenter is no longer the center of the universe, dethroned by the massive adoption of cloud infrastructure, cloud applications, and other cloud services. Employees now access a variety of work applications that reside both in the cloud as well as the on-premises datacenter from anywhere--including their home offices, coffee shops, parks, and more--via a combination of employer-provided and personal devices. So what does the new world of working from everywhere mean for on-premises datacenter secured with legacy, on-premises web proxy appliances? And how does this traditional architecture impact remote worker access and productivity?

Research shows that this paradigm poses significant challenges for security professionals, including:

• Limited app coverage. Over half of all remote workforce threats are for non-web apps, which are invisible to web proxies. Security teams can’t block what they can’t see, and the risk of a data breach increases without security for all web and non-web apps.
• Incomplete security. Multi-vendor legacy products fail to provide complete, consistent security across all users and locations. On-premises web proxy appliances weren’t designed for cloud-based apps, so they lack the flexibility and scalability required in today’s environments. Also, the lack of integrated security policies, single-pane-of-glass management, and limited visibility expose organizations to advanced threats.
• Poor end-user experience. Remote workers often struggle with slow network performance caused by backhauling all internet-bound traffic to the on-premises datacenter for inspection. This approach made sense when most users were at the main office, but it results in bottlenecks now that most workers are remote. Poor performance, along with inconsistent app access that can vary depending upon the user’s device permissions and location, results in frustrated users, reduced productivity, and more calls to the IT support desk.

A Modern, Complete, Cloud-Delivered Solution

Research from ESG Global shows that many organizations are open to a new secure web gateway approach, with only 8% of survey respondents indicating they are very satisfied with their current solution and not planning to change any time soon.

Today, organizations require a solution that seamlessly protects their remote workers as they access web and non-web applications from just about anywhere. The cloud secure web gateway capabilities within Prisma Access deliver modern, complete cloud security, as well as:

• protection for all app traffic, with access to all apps and securing against all threats, not just web-based apps and threats, reducing the risk of a data breach by up to 45%.
• complete, best-in-class security with industry-leading capabilities converged into a single cloud-delivered platform, providing more security coverage than any other solution with 4.3M unique security updates per day, 24.5x more than our nearest competitor.
• exceptional user experience with our massively scalable network that provides ultra-low latency, backed by industry-leading SLAs, to ensure the best digital experience possible for end-users. We provide 10x more total encrypted tunnel throughput than the nearest competitor, with performance SLAs that are 10x better than any other cloud-delivered service.

The cloud secure web gateway capabilities within Prisma Access protect all users and applications across multiple connectivity options, using: 

• the GlobalProtect agent to secure all ports and protocols, protecting web and non-web traffic for managed mobile devices.
• agentless access for full protection of unmanaged devices.
• IPSec for a seamless connection to branch offices.
• a transition from legacy, on-premise, proxy-based solutions to our complete, cloud-delivered security platform with cloud-explicit proxy, no network architecture changes required.

In addition, Palo Alto Networks is the first vendor to introduce machine learning (ML)-powered security capabilities to our already impressive arsenal of best-in-class protections. Prisma Access leverages machine learning for proactive real-time and inline zero-day protection, introducing multiple industry firsts:

• Prevention of up to 95% of unknown file and web-based threats instantly with inline ML. 
• Prevention of other unknown threats in near real-time using zero-delay signature updates.
• Extended visibility and security to all devices, including never-seen-before IoT devices, using ML-based detection, without the need to deploy additional sensors.
• Automated policy recommendations that save time and reduce the chance of human error.

Learn how the cloud secure web gateway capabilities in Prisma Access can help your organization protect all users and applications, everywhere.

The post Your Secure Web Gateway Needs a Cloud Makeover appeared first on Palo Alto Networks Blog.