Palo Alto Networks has revamped its SASE offering. Version 4.0 of Prisma SASE uses AI to protect organizations from AI. Both the dangers of internal AI use and external threats must be covered in the new release.
The biggest addition to Prisma SASE 4.0 is SaaS Agent Security. This module monitors AI agents such as Microsoft Copilot that have access to company data. Palo Alto currently supports Microsoft Copilot Studio and ServiceNow.
The agents on such platforms operate autonomously and create new risks for data breaches. For example, employees can pass on sensitive information via uncontrolled prompts or install risky plugins. The new security layer gives security teams insight into which agents are active and blocks unauthorized data access. Since copilots and agents need to have access to sensitive data in order to be useful, such insight is necessary to ensure that access management is carried out as desired. In this sense, AI agents are no different from employees: they are considered unpredictable factors and must therefore be seen as a potential risk for data breaches.
AI versus AI
Attackers are using AI en masse to challenge users in previously unusual ways. The browser, for example, is anything but a secure domain, where AI-driven attackers can deceive unsuspecting employees just like with phishing emails. Think of contact forms that turn out to be fake in order to extract sensitive data, or hijacking a browser session to obtain cookies.
Because cyberattacks are occurring more frequently via the browser than before, organizations need to find a way to protect this attack surface. Palo Alto Networks notes that 95 percent of organizations report incidents originating from the browser. They bypass network controls, exploit interactive sessions, and use DNS as a weapon. The latter is sometimes overlooked, according to the security company. That is why the Advanced DNS Resolver (ADNSR) within the Palo Alto platform must provide DNS traffic with a basic layer of protection. This is done without setting up a full tunnel.
Prisma Access Browser Advanced Web Security introduces real-time malware detection in the browser. The solution scans fully loaded web pages and detects threats that only activate after user interaction. This is done without the need for TLS (transport-layer decryption).
Private Application Security goes one step further. It consolidates various security layers and automatically generates digital fingerprints of applications. This enables the system to detect deviations from the norm. It tracks botnets, API abuse, and zero-day exploits without relying on updates.
The new features will be rolled out to existing customers later this year.
Read also: Founder Nir Zuk leaves Palo Alto