Maximize Zero-Day Protection with Dynamic RBI & Prisma SASE

Jul 22, 2024
4 minutes
... views

Employees now spend a significant portion of their workday interacting with web browsers and accessing critical SaaS applications. The average worker spends over 85% of their workday in the browser, making it a prime target for cybercriminals, who exploit it to infiltrate systems and deliver malware.

A total of 296 vulnerabilities were reported in Google Chrome in 2023. During the same period, six vulnerabilities were reported in Microsoft Edge and 41 vulnerabilities in Apple Safari. This is not a surprise given that Precision AI™ from Palo Alto Networks identifies an alarming 112 million new and malicious URLs daily. Organizations adopting a zero-tolerance approach to cyberthreats require utmost assurance against unknown threats.

Preventing Patient Zero

Palo Alto Networks Remote Browser Isolation (RBI) for Prisma SASE protects organizations against zero-day attacks originating in the browser. By remotely isolating web sessions, RBI for Prisma SASE ensures that no code executes on the user’s device and instead executes in a remote container, successfully protecting the user from being rendered patient-zero in the case of zero-day attacks.

Secure Web Browsing & Rich User Experiences with Dynamic RBI

Finding the right balance between enabling rich web browsing experiences and security is imperative. Today, security teams assess risk signals across the security stack, logically aggregate them, and derive a risk level to determine access rights. This can be cumbersome and doesn’t always lead to accurate assessments.

RBI for Prisma SASE is the only remote browser isolation solution that enables security teams to balance user experience and security with dynamic, risk-based remote browser isolation policies.

RBI natively integrates with Prisma SASE, which automatically fuses and assesses risk factors from multiple sources. Administrators can craft laser-focused, comprehensive policies based on native signals from other Prisma SASE products or third-party risk signal sources to dynamically trigger remote web browsing sessions in real-time when risk is identified.

For example, administrators can build targeted policies with App-IDs for a specific SaaS application or different SaaS application workflows. They can then attach this policy to existing security rules for specific users or user groups.

Administrators can create granular rules to trigger isolated sessions according to URL profiles, users, user groups, App-IDs, and other criteria—such as external dynamic lists (EDLs)—from third-party feeds and custom categories. By creating granular and contextual groups, security teams can reduce false positives by avoiding blanket actions for all high-risk users.

The Unique Power of RBI for Prisma SASE with ZTNA 2.0

RBI with Prisma SASE leverages ZTNA 2.0 to continuously validate user risk and enforce adaptive access control. Continuous trust verification, a core Zero Trust principle, significantly enhances the organization’s security posture. With it, enterprises can enforce granular security controls without compromising business productivity.

Moreover, Prisma SASE enables administrators to accurately identify risky users using third-party risk signals from their endpoint detection and response (EDR) and identity provider (IdP) solutions, in addition to native risk signals.

For example, today, organizations using Microsoft Entra ID as their IdP can seamlessly integrate its user risk signals into Prisma SASE to identify risky users based on various attributes. These attributes include the ingested user risk level, the reason for that risk, and Active Directory information.

Administrators can create a Cloud Dynamic User Group (CDUG) for users that Microsoft Entra ID has identified as high-risk due to using browsers with multiple Common Vulnerabilities and Exposures (CVEs). With just one click, security teams can use a granular and extremely flexible CDUG in the security policy to trigger RBI sessions as required.

Figure 1: Web sessions of high-risk users reported by Microsoft Entra ID are redirected to RBI in real-time.

Harness the Power of RBI for Prisma SASE

With the widespread shift to browser-based work, web browsers have become a prime target for threat actors. RBI for Prisma SASE uses ZTNA 2.0 to provide the ultimate protection against browser-based, zero-day threats.

RBI for Prisma SASE significantly reduces risk while minimizing unnecessary isolation, allowing safe activities to proceed uninterrupted. It can trigger RBI using native and third-party risk signals from EDR and IdP solutions.

Moreover, RBI natively integrated into Prisma SASE simplifies security and IT team operations with a unified management console for policy configuration, user monitoring, and troubleshooting. Learn more about RBI for Prisma SASE.

 


Subscribe to Sase Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.