Service Connection – Enabling Palo Alto Networks Prisma Access with Ericom Remote Browser Isolation (RBI)

Palo Alto Networks offers multiple ways to integrate complementary solutions from their network of technology partners to their industry-leading cloud SaaS security services. One increasingly popular way to connect to Palo Alto Networks services is through the aptly-named “Service Connections” option. For example, organizations using the Prisma Access Secure Access Service Edge (SASE) can use a Service Connection to steer internet-bound traffic to the security services of technology partners for additional processing.

This traffic steering functionality allows Information Technology and Security teams to direct internet-bound network traffic based on a number of different criteria, including IP addresses, users, URLs, custom URL categories, service type (HTTP or HTTPS), dynamic address groups (DAGs), dynamic user groups (DUGs), and IP-based external dynamic lists. When used with Prisma Access and Ericom’s ZTEdge Web Isolation Remote Browser Isolation (RBI) service, Service Connections are a great option for moving specific types of traffic between the two cloud security services.

Here is how it works. Prisma Access, with its native SWG capabilities, provides granular policy-based access control for each user. Users authenticate to Prisma Access, which then grants or denies access to web categories based on user and group rules that have been defined in the system. All traffic flows through Prisma Access and can be routed in different ways based upon a number of factors, which is where the Service Connection integration with Ericom RBI comes into play.

Isolation Policies set in Prisma Access send certain types of traffic, or all the traffic of certain users or groups, to Ericom RBI to deliver secure isolated web sessions. When a request to access a website is routed to RBI, Ericom executes the website’s code in a remote, isolated cloud-based container and sends only safe rendering information to the browser on users’ endpoints. Since no risky content executes directly on the devices, RBI eliminates the chance that web-based malware will compromise a device. Since the approach allows the user to browse the web on the standard web browser they have become accustomed to, with the cloud isolation work going on behind the scenes, user experience is not impacted. Users stay productive with fast access to the web while IT/Security get isolation-based web security for the organization – a true win-win.

Ericom Group CTO Nigel Willis recently recorded a short video on the Palo Alto Networks Prisma Access and Ericom RBI Service Connection integration. If you have a few minutes, it’s well worth the watch! You can access the video here or view the joint Palo Alto Networks-Ericom Software solution guide here.

---

Share this on:

---

About Gerry Grealish

Gerry Grealish, ZTEdge CMO, is a security industry veteran, bringing over 20 years of marketing and product experience in cybersecurity, cloud, analytics, and related technologies. Responsible for marketing and business development, Gerry previously was at Symantec, where he led the product marketing and go-to-market activities for the company’s broad Network Security portfolio. Prior to Symantec, Gerry was at Blue Coat, which he joined as part of Blue Coat’s acquisition of venture-backed Cloud Access Security Broker (CASB) innovator, Perspecsys, where he was Chief Marketing Officer.