PRISMA Browser
Access Protection Active

Prisma Browser Walkthrough

Welcome to your personal interactive walkthrough. To experience the difference in security and administrative control, we recommend testing this demo site on both a standard legacy browser and the secure Prisma Browser. Scroll down to evaluate the active policies enforced dynamically on this endpoint.

> PRISMA_INIT: Starting defense modules...
> WATERMARKING: Enforced
> DATA_MASKING: Enforced
> TYPING_GUARD: Active
> CLIPBOARD_RESTRICT: Enforced
> ANTI_CAPTURE: Shielded
> STATUS: SYSTEM SECURED. READY FOR WALKTHROUGH.
LIVE PREVIEW LAYER

Confidential Workspace

Dynamic secure watermark layer active.

Dynamic DLP Shield

Watermarking

Click the button on the left to see dynamic watermarking in action. Prisma Browser overlays a secure, customizable watermark containing your corporate logo, active username, and timestamp. The density, transparency, and display angle can be easily modified.

Mathematical Recognition

Data Masking

Operating at the browser layer allows Prisma Browser to inspect data as it renders in the DOM, eliminating the need to inspect network packets in transit. Below, you can see smart data masking in action: the system intelligently identifies and redacts only numbers that match Luhn credit card mathematics, leaving other numeric data untouched.

Name Credit Card Number
William Gibson 3729-381332-66424
Neal Stephenson 5370-4638-8881-3020
Rudy Rucker 3794-4638-0451-5000
Inline Verification

Typing Guard

Use the input console on the left to type free text (try typing the word "Security"). Prisma Browser's keyboard policy engine can be configured to block the entry of credit card numbers, PII, profanity, or custom restricted keywords in real time.


Sanctioned Data Isolation

Clipboard Control

Control how sensitive data moves in and out of the browser. Copy an ID number from the table on the right, and attempt to paste it into notepad or chatgpt.com (unsanctioned targets). Next, try pasting it into bing.com (a sanctioned application in this policy). Note that non-sensitive text remains unrestricted, as clipboard controls are targeted specifically to the ID numbers.

Name ID Number
William Gibson 537-32-7454
Neal Stephenson 837-52-1938
Rudy Rucker 848-29-9482
🛡️
ANTI-CAPTURE ACTIVE
Access Hardening

Print & Screenshot Protection

Right-click and select "Print" to see how this action is blocked. Additionally, click the button below to visit Atlassian's website, then attempt to take a screenshot using your operating system's screen capture utility. Prisma Browser successfully blocks unauthorized local print commands, screen sharing, and screen capture tools.

Advanced WildFire Core

Up/Download Controls

The "Malicious File" button links to a simulated threat; Prisma's integrated Advanced WildFire blocks the download in real time. The "Safe PDF" link initiates a secure file download that is automatically encrypted under your identity. This encrypted document can only be unlocked inside this Prisma Browser session. Drag the downloaded PDF back into the browser window to open it, maintaining full data policy inheritance. Administrators can also define policies to permit decryptions for uploading into specific sanctioned web applications.

> TRYING LOGIN: user@gmail.com
> [BLOCKED] Domain validation error. Non-sanctioned address.

> TRYING LOGIN: user@pabdemo.com
> [ALLOWED] Sanctioned workspace authorized. Proceeding...
Identity Governance

Login Controls

Click the Box.com button and enter the unsanctioned username "user@gmail.com" to see the login flow blocked. Next, try logging in with the sanctioned corporate account "user@pabdemo.com" to proceed. This ensures strict identity boundaries and blocks unauthorized account access.

Advanced URL Filters

Phishing & URL Protection

Prisma Browser utilizes Palo Alto Networks' Advanced URL Filtering to block phishing attempts. Click the "Phishing" button to see the threat prevention in action. This policy engine can also be configured to block access to unapproved web categories like gambling or unsanctioned services.

🔒 INCOGNITO BLOCKED
🛠️ DEV TOOLS LOCKED
Core Hardening

Incognito & Dev Tools

Hardened configurations allow administrators to restrict built-in browser features that could bypass logging or security layers. In this walkthrough session, both Incognito mode and Developer Tools are disabled. Attempt to launch either to observe the policy enforcement.

Integrity Compliance

Extensions

Secure extension management shields endpoints from rogue add-ons. Prisma Browser performs real-time security scans on extension source code and restricts unauthorized permissions. Additionally, administrators can force-install required extensions (such as Google Translate, active in the top-right toolbar).

> EXTENSION SCANNER ACTIVE...
> [VERIFIED] ID: Google Translate - Force Enforced (Clean)
> [RESTRICTED] Permission: Read local files - Shielded
in linkedin.com

Interactive Like feature enabled on this professional profile post.

DLP DOM Control

Element Removal

Prisma Browser provides the capability to dynamically strip out specific HTML elements from a webpage before rendering. By removing particular buttons (such as the LinkedIn 'Like' button on the left), form fields, or script blocks, administrators can easily restrict user actions and mitigate exfiltration risks on sanctioned or unsanctioned web applications.

eDLP System

Data Dictionary

To enforce precise Data Loss Prevention, Prisma Browser utilizes custom data dictionaries. The dictionary on the right shows the example database containing sensitive names, phone numbers, and IDs that our eDLP engine monitors. Any attempted transfer of this data will be immediately flagged and blocked.

dictionary.csv
Data Dictionary
Sensitive Document
Allowed Document
Drag & Drop or click to upload text/image
Ready
OCR Security

Up/Download Block on EDM with OCR

Our Optical Character Recognition (OCR) technology automatically scans and protects sensitive information within images and PDFs. Download the top image: Observe how the system blocks the file download due to sensitive name and phone number matches. Download the bottom image: Download successfully since the phone number is public and does not trigger eDLP rules. Upload test: Create a text file containing "Ivy Taylor 555-901-2345" and upload it to see the upload filter block it.

Enterprise Defense

Tip of the iceberg!

This walkthrough demonstrates only a fraction of Prisma's enterprise hardening features. Many underlying defenses operate at the system level and cannot be shown on a webpage. Please book a meeting with us to explore the complete threat defense architecture.

Action Blocked

This action has been blocked by Prisma eDLP Policy. Sensitive pattern match detected.