Palo Alto Networks announced a partnership with Microsoft Azure this week that will see the security vendor integrate its secure access service edge (SASE) offering with the cloud provider’s Active Directory (AD) identity and access management platform. The integration aims to simplify identity-based policy enforcement when using Palo Alto’s Prisma Access and Prisma Cloud platforms.
Identity-based policy enforcement is critical to securing remote users across hybrid on-premises and multi-cloud environments, wrote Joby Menon, product manager for Prisma Access at Palo Alto, in a blog post.
Azure AD provides enterprises with a single service to create and manage access control policies for users, he explained.
And Azure AD Conditional Access accesses customized attributes such as the connecting user, device, location, and user risk to determine whether to grant access to an application.
“Once users are authenticated through Azure AD, Prisma Access leverages information from Azure AD to provide secure, encrypted remote access to corporate resources, regardless of location,” Menon wrote, adding that this approach offers a distinct security advantage over traditional virtual private networks (VPN).
“With distributed applications and services across hybrid cloud and on-premises environments, users can’t simply VPN into a single data center to get the resources they need,” he wrote.
The shift to remote work due to the pandemic has further complicated things, Menon added.
“Mobile work introduces new security risks as users access data over unsecured WiFi or unmanaged, unpatched, and vulnerable user-owned devices,” he wrote. “This leaves user credentials vulnerable to compromise, and applications vulnerable to data theft.”
Through a combination of zero-trust network access, secure web gateways, firewall-as-a-service, and a cloud-access security broker, Palo Alto argues its Prisma Access SASE platform gets around these challenges, while Azure AD can help enterprises ensure that only the right people are accessing the applications they should be accessing.
Palo Alto is also extending this integration to its Prisma Cloud platform, which provides a cloud-native security platform that combines posture management and cloud workload protection to secure organizations’ hybrid and multi-cloud infrastructure.
Like with Prisma Access, Azure AD will provide a greater degree of accuracy when applying consistent policy across multiple clouds and data centers.
Palo Alto Networks Expands SASE Scope
The news comes just a little over a week after the company announced a spate of updates to its CloudGenix-based SD-WAN offering. Improvements included artificial intelligence operations (AIOps) capabilities, tighter integrations with its Prisma Access platform, and two new SD-WAN appliances.
Palo Alto acquired CloudGenix back in April for $420 million.
The ION 1000 is a small form factor appliance aimed at small retail or branch offices and remote workers, while the ION 9000 is designed specifically for use in large enterprise and campus environments.
Launching alongside these was an AIOps platform that the company claims will dramatically simplify network operations, aid in capacity planning, and automatically correlate alarms to find the source of disruptions.