Simplifying User-ID Deployments at Scale
User-ID™ technology, a standard feature on Palo Alto Networks® next-generation firewalls, enables you to leverage user information stored in a wide range of repositories. PAN-OS® 8.0 introduces powerful enhancements that make it easier for organizations of all sizes to control access to their resources based on user identity. By ensuring that only the right users have access to the right resources at all times, User-ID mitigates problems associated with identity theft and helps prevent modern-day breaches.
Awareness of user identity and group information is critically important to secure access to resources and data, which may live in your data centers or in the cloud. Our User-ID technology allows the next-generation firewall to consistently enforce policies based on users – irrespective of their location, time of access, or type of device. User-ID delivers identity-based security, enterprise-wide visibility and forensics of user activity, based on specific users and groups rather than just IP addresses. When used in conjunction with App-ID™ and Content-ID™ technologies, User-ID provides a strong foundation on which an organization can adopt security based on business- and IT-relevant context.
User-ID PAN-OS 8.0 Updates
PAN-OS 8.0 improves the accuracy, speed and scale with which an organization can adopt User-ID. Highlights:
- Collect user login and logout events via syslog messages from more sources, including enterprise-wide aggregators, such as SIEMs.
- Leverage Panorama™ network security management and Distributed Log Collectors to share User-ID information with firewalls to achieve horizontal and vertical scale.
- Use SAML with GlobalProtect™ network security for endpoints and Captive Portal to deliver a consistent and secure user authentication experience.
- Truly adopt a Zero Trust model of security and micro-segmentation with the ability to use thousands of groups in security policy.
- Prevent the theft and abuse of credentials.
Improved Breadth and Accuracy of User Information
With PAN-OS 8.0, the next-generation firewall can collect user information from more sources than ever, including enterprise-wide aggregators, such as SIEMs. The firewall can now track even more variants of network and endpoint activity to monitor users as they enter and leave networks, and deliver a precise and consistent representation of all user activity independent of access techniques. Beginning with PAN-OS 8.0, you can simplify distribution of user information among firewalls by leveraging Panorama as the central hub.
Seamless authentication with SAML
With PAN-OS 8.0, the next-generation firewall's authentication engines, including GlobalProtect and Captive Portal, are SAML-enabled. This allows administrators to deliver a consistent and secure authentication experience to the entire organization.
Live Community Discussion Articles
Related Technical Documentation