I deal with various attack support use cases for multiple organizations. The most common use case is when enterprises are looking for easy failover of their links and better visibility into their network environments and traffic. It also supports integration with other vendors' products, like Slack or Teams, and integration with Prisma Access, a cloud-based firewall. We also have a cloud presence, but we need the licenses for firewalls or routers in the cloud.
We have more than 700 tenants or users. I can't disclose customer names, but we have clients in retail, auto manufacturing, banks, and manufacturers of consumer products like toothpaste. I have clients ranging from the Australian time zone to the European time zones. There are some working in the United States, as well.
Prisma reduces the network engineers' workload by 40-60 percent. When there is a problem with traffic not reaching its destination, you'll get an alert to get it sorted out. The second benefit is security. Prisma SD-WAN has built-in VPN and fault-tolerance personnel functionality. It's integrated with cloud firewalls, and you can get the strength and availability of a SASE environment.
You can replace your old routers and firewall with Prisma. It's like two devices in one. The portal provides a single pane of glass and zero-touch provisioning. You only need to get the device online, and you can do the rest through the portal.
Prisma inspects packets for Layer 7 intelligence but doesn't provide all the intelligence that firewalls do. That's the job of a firewall, not ION boxes or SD-WAN devices. Prisma provides application-level visibility. For example, you can see the bandwidth consumption of Teams and Outlook or the consumption of SaaS applications versus in-house applications. With that level of detail, we can have security applied to traffic-based applications.
This gives you control over what application traffic should link. For example, let's say I have a link from AT&T and one from Verizon, but the Verizon link is not performing well in certain areas compared to AT&T. I can send my mission-critical applications to the AT&T link. Applications that aren't mission-critical, like Microsoft updates or file transfers can go to the Verizon link.
You can steer traffic based on the application type, and it warns you if traffic isn't reaching a destination. For example, if Verizon isn't taking me to Google, the device will recognize that and redirect the traffic through AT&T. If the policy says to go to Verizon, with AT&T as a backup, it will ship to AT&T and start probing. These kinds of features are unique to Prisma.
The application visibility features help you to support your SLAs. Before SD-WAN, most customers reported issues with voice communication, CUCM, and video conferencing. In those cases, the failover provides a seamless experience of voice, video, and real-time traffic.
Prisma simplifies troubleshooting. One recent example is that one of my customers was seeing certain links getting flapped. One alarm created one ticket each time it popped up, but that flap was five seconds, ten seconds, or a minute. Creating a ticket for a one-minute flap isn't an efficient use of tickets. With automation, you have one other feature of an event policy device. You can also automate with tools like Splunk and ITSM. You can set a rule where they only raise a ticket if it flaps five times within ten minutes or if the link is down for longer than two or three minutes.
We have used automation for dealing with those kinds of minor things. There are other use cases, but this is the most common. You get email integration with all alerts, ITSM, and Splunk. Predefined cloud levels are also available on the portal. You can request it and integrate your ITSM with Prisma SD-WAN. The automation helps you quickly locate the root cause, so you don't need to dig through multiple layers of logs. In fact, you don't need to touch the device to get the logs. You can get it on a portal or through automation on your preferred monitoring tool.
Prisma's event correlation and analysis help minimize the number of alarms from one event. A year ago, Prisma SD-WAN rolled out an event separation feature. Let's say one link goes down, and it causes ten VPNs to go down, making a site unreachable. In that case, it triggers only one alarm that this site is partially inaccessible or has some fault. It will not trigger a separate notice for each VPN or application that isn't performing because of that. It will present one alarm showing that the IP is down. That significantly reduces downs the number of alerts in the portal. All the constituent alarms will still be there, and you can drill down to see those.
Prisma has specific policies for event management you can use for sites under maintenance or those with a lower priority. For example, a branch site shouldn't have the same priority as the home office or the data center. You set priorities with the event policies. The administrators will focus on priority events they see in a portal at the same level. A link that goes down at the headquarters is a higher priority than a single VPN going down at a branch with two links. Under normal working conditions, both events will have the same priority. However, if you have this event policy set up, the administrator will see the priority levels for each ticket and prioritize tasks accordingly.
With Prisma, we can deliver branch services like networking and security from the cloud. We can have security integrations, including cloud-based firewalls like Zscaler and Prisma Access. You can also do some Zoom-based firewalling on these devices. Shifting from a legacy Layer 2 WAN to Prisma has reduced outages. Many things change when you move from legacy to SD-WAN. You must learn a lot in the initial stages, but once you are familiar with the changes, your job is almost 60 percent done. You don't need to focus on many tasks. The device takes care of them.