Beyond Identity and Palo Alto Networks Integration

Beyond Identity and Palo Alto Networks Integration Helps Customers on the Journey to Zero Trust Authentication

Categories: Product, Workforce

Recently, Beyond Identity announced our launch of Zero Trust Authentication focused on helping organization modernize their security and authentication strategy by “shutting the front door” to protect against credential theft, MFA bypass attacks, phishing and adversary-in-the-middle attacks designed to gain access to sensitive data and resources.  

Zero Trust Authentication provides the strongest security for a zero trust architecture by requiring seven tenets:

  1. Passwordless: Does not use passwords or other shared secrets
  2. Phishing resistant: Provides no opportunity to obtain codes, magic links, or other factors through phishing
  3. Capable of validating user devices: Is able to ensure that requesting devices are bound to a user and authorized to access information assets and applications
  4. Capable of assessing device security posture: Determines whether devices comply with security policies
  5. Capable of analyzing many types of risk signals: Ingests and analyzes data from endpoints and security and IT management tools
  6. Continuous risk assessment: Evaluates risk throughout out a session, rather than relying on one-time authentication
  7. Integrated with the security infrastructure: Integrates with a variety of tools in the security infrastructure to improve risk detection, accelerate responses to suspicious behaviors, and to improve audit and compliance reporting 

Providing secure application access

Beyond Identity helps organizations who have made investments in a broad security fabric to leverage the risk signals generated by security solutions, including EDR/XDR, MDM, vulnerability management, threat intelligence, and VPN, Zero Trust Network Access (ZTNA), and SASE services.

Organizations demand immediate, uninterrupted access for their users, whether they are in the office, working from home, or while traveling. With an increase in remote users and software-as-a-service (SaaS) applications, data moving from the data center to cloud services, and more traffic going to public cloud services and branch offices than back to the data center, the need for a new approach for network security has risen. 

As a leader in cybersecurity, Palo Alto Networks helps customers map out and accelerate their zero trust maturity. Prisma Access, the Security Service Edge component of Prisma SASE, helps customers adopt a zero trust approach across users, devices, and the applications they connect to. This includes the ability to continuously access appropriate levels of trust and continuously inspect for security threats and indicators of compromise.

Think of this as a network-centric zero trust strategy, which enables secure connectivity based on identity and policy for a hybrid workforce in today's modern cloud/SaaS environments. It hides applications on the public internet while providing easy and secure access for authorized individuals, whether they are in the office, working from home, or on the road. It also provides visibility to all network traffic.

The partnership between Beyond Identity and Palo Alto Networks enables phishing resistant, passwordless Zero Trust Authentication to Palo Alto Networks Prisma SASE. The integration combines Beyond Identity’s phishing-resistant multi-factor authentication (MFA) and Palo Alto Networks’ industry-leading ZTNA 2.0 capabilities to secure access to all applications, regardless of the end-user’s location. This includes leveraging Beyond Identity’s ability to provide device trust by pulling a broad range of local device signals, as well as signals from third party EDR/XDR solutions to secure user access to Prisma SASE.

Working together to provide continuous authentication

Continuous authentication is one of the core principles of Zero Trust Authentication. Beyond Identity provides the ability to prevent malicious access by ensuring all identities are authenticated at initial access and on a continuous basis. Beyond Identity continuously re-validates the full posture of every device. If the security posture of the device changes and violates policy, Beyond Identity’s Zero Trust Policy Engine takes action, and working with Palo Alto Networks, can isolate the endpoint and disconnect the session.

Together, Beyond Identity and Palo Alto Networks help organizations rapidly progress their zero trust programs. 

Benefits of the integrated solution:

  • Ensures applications are hidden from the public internet.
  • End users can only see the applications and services they are explicitly allowed to access.
  • Provides the highest level of assurance on who is gaining access—is it a corporate identity or authorized user? The integration then enables the highest level of access controls with phishing resistant authentication that positively identifies that user.
  • Provide the highest level of assurance on what device is gaining access—is it an authorized device? Is it cryptographically bound to the identity? Is the device running the proper level of security controls at the point of authentication? Does the device present any risk or vulnerability?
  • Only when the assurance of identity and device exists will that user and device gain access.
  • Provides continuous authentication checks that verify both user and device continue to comply with policy and if not, alerts necessary resources to terminate that session. Then it requires the user to re-authentication, which will only be granted if the user and device re-conform to policy.

Working together, Beyond Identity and Palo Alto Networks bring together network-centric zero trust and identity-centric zero trust to help customers enable secure and efficient access to critical applications, resources, and data. 

Please check out our joint solutions and we look forward to continuing to expand our partnership.