Palo Alto Prisma Access

Service scope

Software add-on or extension: No
Cloud deployment model: Public cloud
Service constraints: Yes, like any technology or service, Prisma Access has some constraints, including:

Prisma Access relies on a stable and reliable internet connection for proper functionality.

It may have compatibility limitations with certain legacy systems/software.

Implementing/maintaining Prisma Access may involve additional expenses for licensing, infrastructure, and ongoing support.

Proper configuration and setup requires time and technical expertise.

Organizations may need to provide training to employees.

Availability and coverage of Prisma Access may vary based on location.

Organizations using Prisma Access rely on the service provider's infrastructure and support.

We recommend consulting Palo Alto Networks, the provider, for specific constraints and limitations.
System requirements: Supports various devices, including laptops, mobiles, etc.

Compatible with various operating systems including Windows, macOS, Android, etc.

A stable/reliable internet connection to establish a connection with Prisma.

Compatible with web browsers including Chrome, Firefox, Edge, and Safari.

Organizations must have a compatible network infrastructure.

Organisations may need Prisma's VPN client for secure remote access.

User support

Email or online ticketing support: Email or online ticketing
Support response times: SLA for Support-related response times are dependant on the level of support purchased with the service.
User can manage status and priority of support tickets: Yes
Online ticketing support accessibility: None or don’t know
Phone support: Yes
Phone support availability: 24 hours, 7 days a week
Web chat support: No
Onsite support: No
Support levels: Palo Alto Networks offers three support levels: Standard, Premium, and Elite. The Standard level provides 8x5 access to technical support, software updates, and hardware replacement. The Premium level offers 24x7 access to technical support, along with additional features such as designated support engineers and proactive monitoring. The Elite level includes all Premium features, as well as faster response times and personalized support services. Each level is designed to meet varying customer needs and service level requirements.
Support available to third parties: Yes

Onboarding and offboarding

Getting started: Palo Alto Networks assists users in starting to use Prisma Access through comprehensive documentation, technical support, training programs, and professional services. They provide step-by-step guides for setup and configuration, offer assistance and troubleshooting, educate users through training resources, and offer consulting services for a smooth deployment. Additionally, they foster a user community for collaboration and knowledge sharing. These efforts ensure that users have the necessary resources and support to effectively implement and utilize Prisma Access.
Service documentation: Yes
Documentation formats: HTML

PDF
End-of-contract data extraction: When a Prisma Access contract ends, users have different options to extract their data and ensure a smooth transition. Here are some steps users can take:

1. Data Backup: Before the contract ends, it is crucial to perform a comprehensive data backup. This includes saving any configuration files, security policies, user profiles, and other relevant data associated with Prisma Access.

2. Export Logs and Reports: Users should extract logs, reports, and any other relevant data generated by Prisma Access during the contract period. This information can be essential for compliance, auditing, or historical analysis purposes.

3. Data Migration: If users plan to transition to a different solution or platform, they should explore data migration options. This may involve exporting and converting configurations, policies, and user data to a format compatible with the new platform.

4. Vendor Assistance
End-of-contract process: At the end of a Prisma Access contract, the services provided by Prisma Access will cease. The contract will reach its agreed-upon end date, and the customer will no longer have access to the Prisma Access platform and its associated features and benefits. The customer will need to make alternative arrangements for their network security needs.

Prior to the contract end date, the customer and the service provider may engage in discussions regarding contract renewal. If both parties agree, they may negotiate new terms and conditions for a renewed contract. If no agreement is reached, the contract will terminate as scheduled.

During the contract termination process, the customer may be required to complete certain tasks. These tasks may include retrieving any data or information stored within the Prisma Access system, ensuring that critical information is not lost. The customer will need to transition to an alternative solution or provider for their network security requirements.

It is important for the customer to review the contract terms and conditions to understand the specific obligations and requirements at the end of the Prisma Access contract. Each contract may have its own provisions and procedures for termination or renewal.

Using the service

Web browser interface: Yes
Supported browsers: Internet Explorer 11

Microsoft Edge

Firefox

Chrome

Safari
Application to install: Yes
Compatible operating systems: Android

IOS

Linux or Unix

MacOS

Windows

Windows Phone
Designed for use on mobile devices: Yes
Differences between the mobile and desktop service: Information available upon request.
Service interface: Yes
User support accessibility: None or don’t know
Description of service interface: The service interface for Prisma Access is primarily accessed and managed through the Strata Cloud Management console, which is a web-based interface. The management console provides a centralized platform for administrators to configure and monitor the Prisma Access service. Through this interface, administrators can manage security policies, view logs and analytics, configure user access, and perform other administrative tasks related to the Prisma Access service.
Accessibility standards: None or don’t know
Description of accessibility: Prisma Access Strata Cloud Manager is accessed via any web browser.
Accessibility testing: N/A
API: Yes
What users can and can't do using the API: With Prisma Access APIs, users can programmatically interact with and automate various aspects of the Prisma Access service. Here are some examples of what users can do with Prisma Access APIs:

Users can use APIs to automate the configuration of various settings and policies within the Prisma Access service. This includes managing network and security policies, user access controls, and other configuration parameters.

APIs allow users to programmatically onboard and provision users, manage user roles and permissions, and authenticate users accessing the Prisma Access service.

Users can leverage APIs to retrieve logs, statistics, and other data related to network traffic, security events, and user activity. This enables custom reporting, analysis, and integration with third-party tools.

Prisma Access APIs enable integration with other security solutions and services. Users can integrate Prisma Access with SIEM (Security Information and Event Management) systems, threat intelligence platforms, or custom security workflows to enhance their overall security posture.

APIs allow users to monitor the health and performance of the Prisma Access service by retrieving real-time status, metrics, and alerts. This helps in proactive monitoring and incident response.

Users can refer to the official Prisma Access API documentation provided by Palo Alto Networks for detailed information.
API documentation: Yes
API documentation formats: HTML
API sandbox or test environment: No
Customisation available: Yes
Description of customisation: Yes, users can customize the Prisma Access service to align with their specific requirements. They can define and customize security policies, user access controls, network segmentation, and integrate it with their existing security ecosystem. Additionally, users can customize reporting and analytics to generate insights based on their unique needs. It's important to note that the extent of customization may vary based on the specific features and licensing agreement. Users should refer to the documentation provided by Palo Alto Networks for detailed information on customization options and limitations.

Scaling

Independence of resources: Prisma Access utilizes a distributed architecture and scalable infrastructure to ensure that users are not affected by the demand placed by other users on the service. It dynamically allocates resources based on demand to maintain optimal performance and availability. Load balancing techniques are employed to distribute traffic evenly across multiple servers and data centers. Additionally, Prisma Access leverages advanced traffic management and prioritization mechanisms to ensure that critical applications and users receive the necessary resources and are not negatively impacted by other users' activities.

Analytics

Service usage metrics: Yes
Metrics types: 1. User activity and behavior monitoring.
2. Application usage and performance tracking.
3. Network bandwidth consumption analysis.
4. Threat detection and prevention metrics.
5. VPN tunnel utilization and performance monitoring.
6. User authentication and access control metrics.
7. Firewall rule effectiveness and usage metrics.
8. Web filtering and content inspection statistics.
9. Incident response and security incident metrics.
10. Compliance and regulatory reporting metrics.
Reporting types: API access

Real-time dashboards

Regular reports

Resellers

Supplier type: Reseller (no extras)
Organisation whose services are being resold: Palo Alto

Staff security

Staff security clearance: Other security clearance
Government security clearance: Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations: Yes
Data storage and processing locations: United Kingdom

European Economic Area (EEA)

Other locations
User control over data storage and processing locations: Yes
Datacentre security standards: Supplier-defined controls
Penetration testing frequency: At least every 6 months
Penetration testing approach: Another external penetration testing organisation
Protecting data at rest: Physical access control, complying with CSA CCM v3.0

Physical access control, complying with SSAE-16 / ISAE 3402

Physical access control, complying with another standard

Encryption of all physical media

Scale, obfuscating techniques, or data storage sharding

Other
Other data at rest protection approach: Service are supplied from Google and Amazon Data centers (further information to follow)
Google Security statement
https://cloud.google.com/security/overview/
https://cloud.google.com/security/

AWS Security Statement
https://aws.amazon.com/compliance/data-center/controls/
https://d1.awsstatic.com/whitepapers/aws-security-whitepaper
https://aws.amazon.com/compliance/data-center/data-centers/

All logs are stored in the Cortex data lake, user activity is monitored and stored in the Cortex data lake for the agreed retention period.
Data sanitisation process: Yes
Data sanitisation type: Explicit overwriting of storage before reallocation

Deleted data can’t be directly accessed
Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach: Users can export data from Prisma Access by logging into the management console, navigating to the desired data section, selecting the export format (e.g., CSV, PDF, JSON), specifying any parameters, and initiating the export process. Upon completion, users can download the exported file or receive a download link via email. Specific steps and options may vary, so it's advisable to consult the official documentation or Palo Alto Networks support for detailed instructions based on the specific setup.
Data export formats: CSV

Other
Other data export formats: PDF

Json
Data import formats: CSV

Other
Other data import formats: JSON

XML

Data-in-transit protection

Data protection between buyer and supplier networks: Private network or public sector network

TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Other
Other protection between networks: Prisma Access uses segmentation techniques to isolate network parts, limiting breach impacts. It employs advanced firewalls for traffic control, including deep packet inspection and intrusion prevention. Robust encryption protocols protect data at rest and in transit, ensuring data remains secure even if accessed unauthorisedly.
Threat intelligence and machine learning are leveraged for risk identification and mitigation, enabling proactive threat response by monitoring network traffic and identifying anomalies.
Overall, Prisma Access combines segmentation, firewall controls, encryption, and threat detection to safeguard network data, reducing breach risks and ensuring data confidentiality and integrity.
Data protection within supplier network: TLS (version 1.2 or above)

IPsec or TLS VPN gateway

Other
Other protection within supplier network: Prisma Access protects data within the network through segmentation, advanced firewall controls, encryption, and threat detection. Segmentation isolates network parts to prevent threats from spreading. Advanced firewalls monitor and control traffic with intrusion prevention and deep packet inspection. Robust encryption secures data at rest and in transit. Threat intelligence and machine learning identify and mitigate risks. Prisma Access actively monitors traffic, detects anomalies, and responds to threats. These measures reduce the risk of data breaches, ensuring data confidentiality and integrity within the network.

Availability and resilience

Guaranteed availability: Palo Alto Networks aims to maintain at least 99.99% availability for Prisma Access. If this commitment is not met, customers may be eligible for a service credit. Monthly uptime availability is calculated by subtracting the percentage of downtime, excluding planned or emergency outages. To claim a service credit, customers must open a case within 24 hours of an outage and submit a claim within 5 business days. Palo Alto Networks will promptly review the claim within 15 days after determining the root cause and closing the case.
Approach to resilience: Prisma Access is designed with built-in resiliency to ensure continuous and reliable network security. It employs several key mechanisms to enhance its resilience.

Firstly, Prisma Access utilises a global network of Points of Presence (PoPs) strategically distributed across different regions. This distributed architecture enables load balancing and automatic failover, ensuring uninterrupted service even in the event of a localised failure.

Secondly, Prisma Access incorporates redundant components and multiple layers of fault tolerance. This includes redundant hardware, network connections, and power supplies, minimising the impact of hardware failures and ensuring high availability.

Thirdly, Prisma Access leverages dynamic routing protocols and intelligent traffic management algorithms. These mechanisms allow for efficient rerouting of traffic in the event of network congestion or failure, optimising performance and maintaining connectivity.

Moreover, Prisma Access employs proactive monitoring and alerting systems to promptly detect and respond to any issues or anomalies. This enables quick identification and resolution of potential problems, minimising downtime and maximising uptime.

Overall, the combination of distributed architecture, redundancy, fault tolerance, intelligent routing, and proactive monitoring makes Prisma Access resilient to disruptions, ensuring continuous and reliable network security for organisations.
Outage reporting: Prisma Access provides various mechanisms to report service outages and communicate with customers regarding any disruptions or incidents.

Firstly, Palo Alto Networks maintains a dedicated status page or portal where customers can access real-time information about the status of Prisma Access services. This status page provides updates on any ongoing incidents, maintenance activities, or service outages.

Additionally, Prisma Access offers proactive monitoring and alerting capabilities. Palo Alto Networks monitors the service infrastructure and network health to promptly detect any issues or potential outages. In the event of a service outage, customers may receive automated notifications or alerts via email, SMS, or through the Prisma Access management console.

Furthermore, customers can also reach out to Palo Alto Networks' support team directly for assistance and information regarding service outages. The support team is available to provide timely updates, answer queries, and address any concerns related to service disruptions.

By utilising these reporting mechanisms, Prisma Access ensures transparent communication and keeps customers informed about any service outages or incidents, enabling them to take necessary actions and plan accordingly.

Identity and authentication

User authentication needed: Yes
User authentication: 2-factor authentication

Public key authentication (including by TLS client certificate)

Identity federation with existing provider (for example Google Apps)

Limited access network (for example PSN)

Dedicated link (for example VPN)

Username or password
Access restrictions in management interfaces and support channels: Access to Prisma Access management interfaces and support channels is restricted through role-based access control (RBAC) and two-factor authentication (2FA). RBAC ensures that only authorized users with specific roles and permissions can access and perform actions within these interfaces. 2FA adds an extra layer of security by requiring users to provide additional authentication factors such as one-time passwords (OTPs) or mobile authentication apps. These measures help restrict access to authorised personnel and protect sensitive functionalities and data.
Access restriction testing frequency: At least every 6 months
Management access authentication: 2-factor authentication

Public key authentication (including by TLS client certificate)

Identity federation with existing provider (for example Google Apps)

Limited access network (for example PSN)

Dedicated link (for example VPN)

Username or password

Audit information for users

Access to user activity audit information: Users have access to real-time audit information
How long user audit data is stored for: User-defined
Access to supplier activity audit information: Users contact the support team to get audit information
How long supplier audit data is stored for: User-defined
How long system logs are stored for: User-defined

Standards and certifications

ISO/IEC 27001 certification: Yes
Who accredited the ISO/IEC 27001: PECB MS
ISO/IEC 27001 accreditation date: 2020/07/06
What the ISO/IEC 27001 doesn’t cover: Palo Alto Network's overarching information security program is aligned to ISO 27001/2, and includes key controls from HIPAA, PCI and SOC2 we maintain certification against ISO 27001, ISO 27017, ISO 27018, ISO 27701.
To ensure high quality and reliability, our factory certifications do however include: ISO 9001:2008, ISO 14001:2004, AS9100, TL 9000, ANSI ESD S20:20-2007, ISO 1384:2003. All products are UL and TUV certified and have undergone Electromagnetic emissions and immunity testing.
ISO 28000:2007 certification: No
CSA STAR certification: Yes
CSA STAR accreditation date: Available upon request
CSA STAR certification level: Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover: N/A
PCI certification: No
Cyber essentials: Yes
Cyber essentials plus: Yes
Other security certifications: Yes
Any other security certifications: https://www.paloaltonetworks.com/legal-notices/trust-center/technical-certifications#

Security governance

Named board-level person responsible for service security: Yes
Security governance certified: Yes
Security governance standards: ISO/IEC 27001
Information security policies and processes: Palo Alto Networks has a formal Enterprise Risk Management program, which includes the performance of an annual risk assessment, with periodic updates, as applicable, to identify and assess key risks and their mitigation approaches. The scope of the program encompasses information security risks and product risks. Our security program consists of a risk-based approach that includes administrative, technical and physical safeguards reasonably designed to protect the confidentiality, integrity and availability of customer data. Palo Alto Network's information security program is aligned to ISO 27001/2, and includes key controls from HIPAA, PCI and SOC2.

Operational security

Configuration and change management standard: Supplier-defined controls
Configuration and change management approach: Both Palo Alto Networks and the end-user organisation are in full control of their relevant and respective change control processes.
Additional details are available upon request.
Vulnerability management type: Supplier-defined controls
Vulnerability management approach: Prisma Access follows a proactive vulnerability management process to identify, assess, prioritize, and mitigate vulnerabilities:

1. Identification: Regular scanning and assessment are conducted to identify vulnerabilities.
2. Assessment: Vulnerabilities are evaluated for severity and potential impact.
3. Prioritization: Vulnerabilities are assigned priority levels based on severity and impact.
4. Mitigation Planning: A plan is developed to address vulnerabilities.
5. Remediation: The plan is executed, coordinating with relevant teams.
6. Monitoring and Reporting: Ongoing monitoring and reporting track progress in vulnerability remediation efforts.
Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach: Security processes involve monitoring system activities, network traffic, and user behavior to detect potential incidents.
This includes:
Event Collection: Gathering logs and events from various sources for analysis.
Log Analysis and Correlation: Identifying patterns and potential incidents from logs.
Threat Detection: Using advanced analytics and machine learning to detect threats.
Incident Response: Initiating a response process when an incident is detected. Incident Investigation, Resolution: Investigating incidents to understand their scope and impact, and taking actions to resolve them.
Reporting, Improvement: Generating reports to enhance security controls, update policies, and improve overall security.
Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach: This information is available upon request.

Secure development

Approach to secure software development best practice: Supplier-defined process

Public sector networks

Connection to public sector networks: No

Social Value

Fighting climate change
Tackling economic inequality
Equal opportunity
Wellbeing

Fighting climate change

Softcat are dedicated to reducing our environmental impact and actively promoting sustainability. Our commitment to sustainability is a core aspect of our business strategy, driving us to innovate and lead in the creation of a more sustainable future for our company and the communities we serve. This commitment is embedded in our policies, operating procedures, and training programs.

We are proud to be the first FTSE 250 company to be awarded 5-star status in relation to the United Nations Sustainable Development Goals.

We aim to achieve a Carbon Net-Zero Value Circle by 2040 by prioritising renewable energy, reducing natural resource use, minimising waste, and safeguarding biodiversity in compliance with environmental legislation.

At Softcat, we have taken significant steps towards securing renewable energy across our organisation, reducing our scope 1 & 2 emissions. We had the target of using 100% Renewable Energy across all our locations by 2024. We successfully delivered against this target ~2 years early.

In May 2023 we took delivery of 15 electric vehicles, replacing all existing fossil-fuelled company cars used by employees for business means. The implementation of the EV pool fleet will see a saving of over 80 tons of CO2e per year. A huge impact on our Net Zero targets.

Tackling economic inequality

As a value-add reseller, Softcat outsources the products, services, and solutions through our extensive network of partners, to best suit the needs of our broad client base. We always consider and promote SMEs and local providers where appropriate, particularly for the products and services we offer via the G Cloud framework.

We remain dedicated to improving employability and educational awareness across schools, colleges, and universities to help break down the barriers to joining technology organisations.

We work collaboratively with many schools that are close in proximity to our offices, to ensure we are actively supporting the community as well as schools from lower socio-economic backgrounds.

We visit the schools to talk about the IT sector and the roles in our organisation, as well as promoting work-experience opportunities during the summer. In particular, we actively encourage students from diverse backgrounds to engage in work experience to appreciate the roles available in our sector.

For ambitious school and college leavers, a Softcat Apprenticeship is a great first step into the world of work, with 94% of our apprentices offered a permanent position at Softcat post apprenticeships, which goes to show the amazing opportunity available with us.

We were ranked 1st in IT & Consultancy, and 10th overall in by RateMyApprenticeship.com - Best 100 Apprenticeship Employers 2023-2024 list.

Softcat now also offer 12 month paid internships to University students looking to complete a year in industry as part of their undergraduate studies.

Equal opportunity

Our approach to diversity and inclusion is introduced first during our induction training, as part of our Softcat values, outlining responsibility to uphold our principles. This message is reinforced by our process and policies, networks, Allyship Training and Inclusion Awareness campaigns.

Softcat supports diversity and inclusion through various networks including:
- Supporting Women in Business (SWIB)
- The Ethnic and Cultural Network
- The Pride Network
- The Family Network
- The Empowering Disability and Neurodiversity Network (EDN)
- The Faith at Work Network
- Armed Forces & Veterans Network
These networks aim to create a supportive and inclusive work environment for all employees, regardless of gender, ethnicity, sexual orientation, disability, or family commitments.

Our allyship programme, Stronger Together, is a mixture of event and workshop-based training available to all staff. Programme topics include, bias, power, privilege, and being a greater ally.

Inclusion Awareness campaigns include race, disability, sexual orientation, gender, faith, and caring responsibilities. These sessions highlight and celebrate minority groups, through panel sessions, Q&A sessions and training, providing an opportunity to discuss and understand ways to be more inclusive.

Our efforts to improve diversity and inclusion have been incredibly successful. Since 2020, the number of female employees below management level has increased to 35%, and the number of ethnic minority employees rose to 17%.

Wellbeing

At Softcat, all employees are provided with access to our multidimensional wellbeing programme which includes flexible work arrangements, free nutritious breakfast, mental health support, employee benefits scheme, health and wellbeing week activities, and online workshops.

Giving back to the community is an innate part of who we are as a company. All Softcat employees are therefore given two volunteer days per year to support a charitable or community cause.

Each of our 10 regional offices also support local charities through fundraising, donations and events. For example, our Manchester office has raised over £30,000 for the WeLoveMCR charity. This funding has supported young, disadvantaged Manchester citizens in gaining qualifications to broaden their work opportunities and supporting local groups in delivering indispensable services that enable community cohesion.

Pricing

Price: £90 a unit
Discount for educational organisations: No
Free trial available: No

Features

Benefits

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Pricing

Service documents

Cookies on Digital Marketplace

Palo Alto Prisma Access

Features

Benefits

Pricing

Service documents

Framework

Service ID

Contact

Service scope

User support

Onboarding and offboarding

Using the service

Scaling

Analytics

Resellers

Staff security

Asset protection

Data importing and exporting

Data-in-transit protection

Availability and resilience

Identity and authentication

Audit information for users

Standards and certifications

Security governance

Operational security

Secure development

Public sector networks

Social Value

Pricing

Service documents