1. Home
  2. Blog
  3. Cybersecurity
  4. Maximize Your Tufin Investment with Prisma Access Automation

Last updated February 5th, 2024 by Avigdor Book

Remote work has significantly expanded cyber-attack surfaces for organizations across all sectors, in part because millions of users are accessing sensitive data and applications from various endpoints.

The growing adoption of remote work has led to a highly distributed volume of network traffic that increases network complexity and spikes the costs associated with network traffic loads.  

These factors have paved the way for change automation, efficient and rapid troubleshooting of network connectivity issues, and visibility from the cloud to the edge—no name a few. Above all, it necessitates network architecture that combines security and networking functionalities.

In this article, we will explore the significance of Tufin’s integration with Palo Alto Prisma Access, but first, we’ll uncover Secure Access Service Edge (SASE) and discuss Prisma Access at large. 

What is SASE? 

In short, SASE is the convergence of networking and security services. SASE combines network security services with wide area network (WAN) capabilities, bridging security inspection closer to the point of origin of traffic. The emergence of SASE eliminates the need for backhauling to on-premises infrastructure for security enforcement.

SASE addresses the challenges of growing data traffic distributed across the cloud and edge by combining network security services with WAN capabilities, such as software-defined WAN (SD-WAN) and offering benefits such as distributed inspection and policy enforcement. 

The Case for SASE 

SASE solutions cater to two crucial aspects at the network’s edge: creating operational security by efficiently handling traffic and providing security controls that match the dynamic nature of this type of connectivity.

Beyond that, SASE offers the following benefits:   

  • Global SD-WAN footprint over a private network 

  • Cloud-native architecture 

  • Services based on user, device, and location 

What is Prisma Access? 

Palo Alto Prisma Access is a cloud-delivered security service that enables organizations to enforce consistent security policies globally. PAN Prisma Access is the market leader in SASE—and its 5+ multi-module adoption is growing by 166% YOY

Prisma Access technologies serve as a central clearing house for all data companies move across on-prem and the edge.

Prisma Access includes a range of security services, such as firewalling, threat prevention, URL filtering, and more. Prisma Access is particularly significant for its ability to seamlessly scale with an organization’s needs and ensure consistent security performance across diverse environments.

By embracing Zero Trust principles, Prisma Access contributes to a robust cloud security posture, with the added benefit of SaaS application visibility and control.  

Why Prisma Access Integration with Tufin is Important 

Tufin’s support for Prisma Access empowers you to simplify, manage, and optimize network security management by centralizing it.

In other words, Tufin’s integration with Prisma Access security policies better protects your hybrid-cloud infrastructure through optimized operation efficiency, increased cost savings, and bolstered compliance adherence.

For example, GlobalProtect Integration, Prisma Access’s remote access VPN solution, facilitates secure connectivity for remote users, which dovetails with Tufin’s efforts to provide visibility and control over the security policies governing remote access.  

Similarly, Tufin’s support for Prisma Access facilitates the design, management, and maintenance of a centralized and agnostic segmentation policy, helping you stay on top of segmentation policy violations and be proactive in vetting network and firewall changes.

The integration extends security policies across disparate networks and cloud environments, simplifying defining and enforcing security policies. By automating change management workflows, organizations can achieve operational efficiency and gain a consolidated view of security policies and network activities, resulting in increased cost savings and operational efficiency.

How Prisma Access Works with Tufin 

In centralizing network security management, you can integrate Prisma Access with your existing workflows.  

Here’s what this means for you: 

1. Centralize network security management

a. Apply granular policies and automatically manage access requests and changes for custom applications

b. Facilitate policy optimization 

c. Use automated tools to detect and mitigate Prisma Access misconfigurations  

d. Automate cleanup and access change workflows across Palo Alto Networks and other vendors’ devices and clouds   

e. Enrich Cortex XSOAR playbooks with network intelligence and change management

2. Increase operational efficiency  

a. Ensure operational efficiency through policy optimization based on real-time data—and do so with the same or less headcount  

b. Achieve successful audits in hours instead of weeks

c. Standardize Prisma Access network changes for mobile users and remote networks

d. Automate application connectivity monitoring, leading to fewer outages and lower Mean Time to Resolution (MTTR)

e. Improve collaboration among all stakeholders

f. Ensure continuous compliance and alignment with regulatory and industry standards

g. Increase cost savings

3. Ensure continuous compliance  

a. Extend security during transitions between on-premises and cloud-based infrastructure, reducing the probability and impact of successful breaches

b. Automate changes with corporate security policy and industry regulation baked into the process

c. Automate changes with external and internal processes  

4. Fortify network security through visibility  

a. Identify and clean up risky rules, unused rules, and network objects to prioritize and mitigate vulnerabilities based on exposure and impact.  

b. Gain complete visibility, reporting, and control of all traffic for any app type or next-generation firewall (NGFW) policies, including User-ID, app-ID, FQDN, Content-ID, Dynamic Address Groups, and Panorama Device groups

With Enterprise, customers can maximize their operational efficiency for specific workflows and use SecureChange+ to address the remaining workflows. 

In addition, Tufin Orchestration Suite (TOS) R24-1 lets you leverage Tufin’s topology map to troubleshoot and analyze north-south and east-west network and security connectivity between mobile user networks, remote networks, data centers, and more.  

Tufin: The Only NSPM that Supports Prisma Access  

Prisma Access further enhances Tufin’s capabilities by providing organizations with a holistic approach to securing their cloud infrastructure and applications that focuses on achieving operational efficiency, cost savings, and improved security.

By implementing changes with minimal human intervention and deploying automation across the entire network, you can maximize your ROI and automate changes across your entire network in hours instead of days. 

Tufin stands out as the first and only Network Security Policy Management (NSPM) solution that supports Prisma Access. Unlike other NPSM providers, Tufin’s support for Prisma Access ensures you can manage your security policies for SASE technologies in the same way you address your Firewall policies: seamlessly, automatically, and efficiently.

For more information on how to integrate Prisma Access into your existing workflows, please schedule a demo.

Don't miss out on more Tufin blogs

Subscribe to our weekly blog digest

Try Tufin for Free


In this post:

Background Image