NetWitness SASE, combined with Palo Alto Networks, provides unprecedented visibility into behavior and communication among devices and services in remote and distributed networks across on-premises, hybrid, and cloud deployments.

What NetWitness SASE does:

  • Streamline searches and investigations: Log into a single user interface to perform index searches, pivot through metadata, and reconstruct network sessions to receive results quickly.

  • Leverage retained data: Empower analysts to perform forensic examinations on a triggered detection and threat hunt for unknown threats against retained raw network communications.

  • Correlate disparate data sets: Enrich the context of investigations by correlating data from the actual network traffic of remote users with other access by those same users for a complete end-to-end story of what transpired.

  • Minimize costs: Optimize storage and reduce operating costs using new compression algorithms, selective retention, and the ability to split network decoder components to limit what must run in the cloud.

About NetWitness SASE

NetWitness supports SASE and critical hybrid use cases across on-premises and in the cloud by partnering with Palo Alto Networks on technical integrations. NetWitness SASE Integrations give organizations complete visibility into encrypted traffic, remote users, and cloud workloads. With NetWitness SASE integrations, customers can achieve SASE flexibility, inherent security advantages, and complete visibility into threat detection and response.

NetWitness SASE provides the following capabilities:

  • Flexible, secure, real-time traffic monitoring: NetWitness SASE integrations capture all network traffic from remote users in near real-time, enabling immediate response to any potential threats. Regardless of the location of the data collected, the data is available in the detection engine, and analysts can easily find the anomalies. The customization opens available in NetWitness SASE reduce the risk of storing sensitive, personally identifiable information.

  • Get scalable, high-performance cloud security: With NetWitness SASE integrations, enhance total visibility and threat detection capabilities across your enterprise using well-known on-premises mechanisms such as rules, parsers, feeds, and machine learning. Perform searches and investigations and swiftly receive results with a single user interface. The integration supports forensic examinations on triggered detections and facilitates threat hunting against retained network communications, empowering analysts to combat unknown threats effectively.

  • Eliminate blind spots: NetWitness SASE integrations empower organizations to retain complete visibility into their cloud security stack, cost-effectively eliminating blind spots in their cloud traffic and maximizing the effectiveness of their security infrastructure investments. Organizations have the visibility and control they need over encrypted traffic to ensure compliance with their privacy, regulatory, and acceptable use policies, whether on-premises or in the cloud.

  • Unparalleled network visibility to strengthen SASE security: The improved visibility provided by the integration allows organizations to close gaps in their zero trust security posture and enable better detection capabilities.

Configure Palo Alto Prisma Integration

There are two methods to configure Palo Alto Prisma Integration from NetWitness Platform.

Note: NetWitness recommends you to use the Centralized Content Management (CCM) method for a more streamlined deployment process.