SASE, Application security

Palo Alto Networks Expands Browser Security with Prisma SASE 4.0

Data security

Palo Alto Networks has introduced Prisma SASE 4.0, a major update aimed at protecting enterprises from a new class of evasive web threats. At the center of the release is Prisma Browser, designed to stop attacks that assemble directly inside the browser - attacks that traditional web gateways often miss.

Why the Browser is the New Battleground

The browser isn’t just a gateway anymore; it’s the enterprise workspace. Employees run SaaS, AI tools, and access sensitive data there, making it a prime target. Attackers exploit what happens after a page loads: scripts, session hijacking, hidden exploits that slip past traditional defenses.

Security tools still treat the browser as peripheral, leaving a blind spot. Defenses need to shift inside the session itself - watching activity, controlling risky behaviors, and enforcing policies where the work actually happens.

Anupam Upadhyaya, SVP of Prisma SASE at Palo Alto Networks told MSSP Alert why this shift requires a different approach:

"Prisma Browser brings protection into the browser itself, which is where many modern attacks now take shape. It inspects fully rendered webpages in real time and blocks threats that only appear after page load, such as malware assembled through JavaScript, credential theft attempts during active sessions, or DNS exploits embedded in traffic. Endpoint tools and SWGs typically evaluate traffic before it reaches the user, but they cannot see or stop what unfolds inside the browser window. Because Prisma Browser operates at the point of interaction, it neutralizes attacks that other layers never encounter. This makes it essential for securing the browser, which has become the main environment where employees access SaaS apps, AI tools, and corporate data.”

Rethinking Data Security with AI

Data loss prevention (DLP) has long been a pain point for security teams. Legacy systems rely heavily on rigid rules and pattern matching, generating floods of false positives while leaving gaps in coverage for modern data types. As organizations increasingly handle AI-generated content, images, and unstructured datasets, traditional methods fall short.

Upadhyaya pointed to how Prisma SASE 4.0 changes that equation:

"Traditional DLP often struggles with the volume and variety of data enterprises handle today, particularly unstructured formats such as images, source code, and AI-generated content. The reliance on rules and pattern matching creates blind spots and floods teams with false positives, which increases overhead without improving protection. Prisma SASE 4.0 addresses these gaps with AI-augmented data classification that automatically recognizes sensitive information across formats and reduces false positives by tenfold. It also offers expanded ML-Classifier coverage with 140+ pretrained ML classifiers and customer-trainable models for documents and images, enabling protection for sensitive assets, such as patents, contracts and source code. Protection extends to data in-use like clipboard activity, printing and screenshots which traditional DLP does not cover.”

By embedding AI into classification, Prisma SASE 4.0 shifts DLP from a manual burden into an adaptive safeguard, giving enterprises stronger protection without the operational drag.

Integrating, Not Adding to, Tool Sprawl

Enterprises are already managing sprawling security stacks, often with overlapping tools that increase cost and complexity. Adding yet another product can feel counterproductive, even when the security benefits are clear.

Upadhyaya stressed that Prisma Browser was deliberately built to avoid this trap:

“Adding another isolated security product would only compound the problem of tool sprawl, but Prisma Browser is not a standalone bolt-on. It is delivered as a native capability within the Prisma SASE 4.0 platform. That means IT teams manage it through Strata Cloud Manager, alongside networking, access, and other security services, using a single set of policies and one management console."

This eliminates the need for another siloed product and ensures consistent enforcement across every device and user scenario.

Additionally, for end users, Prisma Browser is designed to feel seamless rather than intrusive. "It integrates enterprise password management and single sign-on directly into the browsing experience, so employees don’t need to juggle multiple logins or security prompts. It also provides contextual guidance and just-in-time access when employees use AI apps, with real-time coaching and approvals built into the browser itself. This means employees stay productive while IT retains the control and visibility they need. Instead of slowing people down, Prisma Browser reduces risky workarounds, ensures sensitive data is safeguarded at the point of use, and strengthens security without adding friction," said Upadhyaya.

The result is a security layer that strengthens control at the browser level while remaining invisible to the user experience.

Market Momentum

The release comes as Palo Alto Networks scales its SASE business to over $1.3 billion in annual recurring revenue. One-third of the Fortune 500 now rely on its platform, and adoption of Prisma Browser has already surpassed six million licensed seats. The new Prisma SASE 4.0 capabilities will roll out later this year. By bringing browser security, AI-driven data protection, and dynamic application defenses into a single platform, Palo Alto Networks is positioning SASE as both a security and growth enabler for enterprises navigating AI-driven change.

Suparna Chawla Bhasin

Suparna is the Senior Managing Editor for CyberRisk Alliance’s Channel Brands, including MSSP Alert and ChannelE2E. She manages content development, sharpens editorial workflows, and ensures storytelling is tightly aligned with audience needs. With a background in technology, media, and education, she combines strategic insight with creative execution.

You can skip this ad in 5 seconds