With the recent issues involving COVID-19, and the recent closure announcements of college campuses, organizations are beginning to review their capacity to support a larger than normal remote workforce. In the event an office closing, is your organization prepared to support the influx of users attempting to gain access to the corporate network remotely. Can your organization do this with security in mind?
The good news is Palo Alto Firewalls, whether physical or virtual, includes GlobalProtect free for both Windows and Mac installations, and if needed, can support additional operating systems with the purchase of an annual GlobalProtect license. The goal of GlobalProtect is to extend the prevention capabilities an organization enforces internally to its mobile workforce, regardless of their location. By enabling and utilizing GlobalProtect your organization can extend its security policies to all users at any location and still provide visibility into the all application traffic. This is extremely useful for any organization dealing with sensitive data, who require auditable events to still be logged and alerted to.
Additionally, GlobalProtect provides the capacity to enable, and secure, non-company owned devices while still enforcing a zero trust infrastructure. For non-company devices, users can download the client software from the GlobalProtect gateway using the URL configured for access. They will simply have to authenticate using their domain credentials in order to get the client. This can come in handy in the event an office closure becomes extended, and not all employees have company issued endpoints. By using the capabilities within GlobalProtect, the organization has additional options for enabling the remote employee. Connecting to GlobalProtect will provide visibility into a user’s application activity, user-based policy control, user-based analysis/reporting/forensics and can also neutralize credential theft if configured correctly.
With the potential influx in the remote workforce, a challenge could be having enough internet bandwidth to handle the extra traffic. The Prisma Access license added to an existing Panorama deployment will help with this challenge. Prisma Access is a cloud-based infrastructure that utilizes the GlobalProtect gateways to secure mobile users with company laptops, phones and tablets. The functionality is the same from a user’s perspective but will be slightly different for an admin since the configuration is cloud-based.