![\"cover_saas_1\"](\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2017\/02\/Cover_saas_1.png\")
<\/a>The Overlay Approach Is Insufficient<\/h3>\nIn a bolt-on approach, enterprises keep adding products, one on top of another, just to get insight into the traffic that has been moved to or deployed in SaaS applications in the cloud. Some of those moves include:<\/p>\n
- \n
- Placing a proxy in the cloud (e.g., forward proxy or reverse proxy)<\/li>\n
- Deploying a device on premises, perhaps a log forwarder, to gain some basic, limited visibility from the existing firewall<\/li>\n
- Using a traffic forwarder to redirect traffic to the cloud<\/li>\n
- Adding an active directory (AD) connector to understand who users are<\/li>\n
- Deploying VPN agents or PAC files onto the endpoints<\/li>\n<\/ul>\n
This process is extremely complicated, insufficient in terms of security, and doesn\u2019t scale. If you are an enterprise with several sites, you must repeat this process for each of your individual sites. And even with all components in place, there are still plenty of malicious tools available to criminals that are specifically designed to bypass proxy-based models, such as Tor or UltraSurf.<\/p>\n
<\/h3>\n
![\"cover_saas_2\"]()
<\/a>It\u2019s Time to Get Serious About Securing Your SaaS<\/h3>\nAt Palo Alto Networks we\u2019re addressing the SaaS security dilemma from an entirely new perspective \u2013 the platform perspective, to provide an integrated, comprehensive approach to SaaS security. Here\u2019s how:<\/p>\n
- \n
- Our Next-Generation Firewall (NGFW) already provides visibility and control of all applications within the network perimeter. Insights gained from the combination of App-ID, User-ID and Content-ID technologies enables security for content and data going into SaaS applications from the enterprise network.<\/li>\n<\/ol>\n
- \n
- GlobalProtect network security for endpoints extends the visibility, control and protection of next-generation network security to the mobile workforce by connecting a user\u2019s device to the closest NGFW, virtualized form factors included, so that full network security can be performed, regardless of physical location. This enables organizations to apply consistent security policy.<\/li>\n
- Aperture, our SaaS security service \u2013 essentially a SaaS application itself \u2013 connects directly to sanctioned SaaS applications via APIs to provide granular visibility and control within the applications to prevent data exposure and threat risks.<\/li>\n
- WildFire, our cloud-based threat analysis service, prevents new insertion points for malware and threats by identifying known and unknown malware across the network, the cloud and the endpoints.<\/li>\n<\/ol>\n
- Our Next-Generation Firewall (NGFW) already provides visibility and control of all applications within the network perimeter. Insights gained from the combination of App-ID, User-ID and Content-ID technologies enables security for content and data going into SaaS applications from the enterprise network.<\/li>\n<\/ol>\n