[](https://www.paloaltonetworks.com/?ts=markdown) * CN * [USA (ENGLISH)](https://www.paloaltonetworks.com/) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * CHINA (简体中文) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [联系我们](https://www.paloaltonetworks.cn/contact?ts=markdown) * [资源](https://www.paloaltonetworks.cn/resources?ts=markdown) * [获得支持](https://support.paloaltonetworks.com/support) * [遭遇攻击?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * 产品 ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) 产品 [人工智能驱动的网络安全平台](https://www.paloaltonetworks.cn/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.cn/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.cn/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.cn/sase/ai-access-security?ts=markdown) * [云交付的安全服务](https://www.paloaltonetworks.cn/network-security/security-subscriptions?ts=markdown) * [高级威胁预防](https://www.paloaltonetworks.cn/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.cn/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.cn/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.cn/network-security/advanced-dns-security?ts=markdown) * [企业数据丢失防护](https://www.paloaltonetworks.cn/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.cn/network-security/enterprise-device-security?ts=markdown) * [医疗物联网安全](https://www.paloaltonetworks.cn/network-security/medical-iot-security?ts=markdown) * [工业 OT 安全](https://www.paloaltonetworks.cn/network-security/industrial-ot-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.cn/sase/saas-security?ts=markdown) * [新一代防火墙](https://www.paloaltonetworks.cn/network-security/next-generation-firewall?ts=markdown) * [硬件防火墙](https://www.paloaltonetworks.cn/network-security/hardware-firewall-innovations?ts=markdown) * [软件防火墙](https://www.paloaltonetworks.cn/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.cn/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.cn/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.cn/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.cn/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.cn/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.cn/sase?ts=markdown) * [应用加速](https://www.paloaltonetworks.cn/sase/app-acceleration?ts=markdown) * [自主数字体验管理](https://www.paloaltonetworks.cn/sase/adem?ts=markdown) * [企业 DLP](https://www.paloaltonetworks.cn/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.cn/sase/access?ts=markdown) * [Prisma 浏览器](https://www.paloaltonetworks.cn/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.cn/sase/sd-wan?ts=markdown) * [远程浏览器隔离](https://www.paloaltonetworks.cn/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.cn/sase/saas-security?ts=markdown) [基于 AI 的安全运营平台](https://www.paloaltonetworks.cn/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.cn/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.cn/cortex/cloud?ts=markdown) * [应用安全](https://www.paloaltonetworks.cn/cortex/cloud/application-security?ts=markdown) * [云态势安全](https://www.paloaltonetworks.cn/cortex/cloud/cloud-posture-security?ts=markdown) * [云运行时安全](https://www.paloaltonetworks.cn/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.cn/prisma/cloud?ts=markdown) * [Unit 42 托管检测和响应](https://www.paloaltonetworks.cn/cortex/managed-detection-and-response?ts=markdown) * [人工智能驱动的 SOC](https://www.paloaltonetworks.cn/cortex?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.cn/cortex/advanced-email-security?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.cn/cortex/exposure-management?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.cn/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.cn/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.cn/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.cn/cortex/cortex-xpanse?ts=markdown) * [托管 XSIAM](https://www.paloaltonetworks.cn/cortex/managed-xsiam?ts=markdown) * 解决方案 ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) 解决方案 AI 安全 * [安全的人工智能生态系统](https://www.paloaltonetworks.cn/prisma/prisma-ai-runtime-security?ts=markdown) * [安全使用 GenAI](https://www.paloaltonetworks.cn/sase/ai-access-security?ts=markdown) 网络安全 * [云网络安全](https://www.paloaltonetworks.cn/network-security/software-firewalls?ts=markdown) * [数据中心安全](https://www.paloaltonetworks.cn/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.cn/network-security/advanced-dns-security?ts=markdown) * [入侵检测和防御](https://www.paloaltonetworks.cn/network-security/advanced-threat-prevention?ts=markdown) * [IoT Security](https://www.paloaltonetworks.cn/network-security/enterprise-device-security?ts=markdown) * [5G 安全](https://www.paloaltonetworks.cn/network-security/5g-security?ts=markdown) * [确保所有应用、用户和位置的安全](https://www.paloaltonetworks.cn/sase/secure-users-data-apps-devices?ts=markdown) * [确保分支机构转型的安全](https://www.paloaltonetworks.cn/sase/secure-branch-transformation?ts=markdown) * [确保任何设备上的工作安全](https://www.paloaltonetworks.cn/sase/secure-work-on-any-device?ts=markdown) * [VPN 替代](https://www.paloaltonetworks.cn/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web 和网络钓鱼安全](https://www.paloaltonetworks.cn/network-security/advanced-url-filtering?ts=markdown) 云安全 * [应用安全态势管理 (ASPM)](https://www.paloaltonetworks.cn/cortex/cloud/application-security-posture-management?ts=markdown) * [软件供应链安全](https://www.paloaltonetworks.cn/cortex/cloud/software-supply-chain-security?ts=markdown) * [代码安全](https://www.paloaltonetworks.cn/cortex/cloud/code-security?ts=markdown) * [云安全态势管理 (CSPM)](https://www.paloaltonetworks.cn/cortex/cloud/cloud-security-posture-management?ts=markdown) * [云基础架构权限管理 (CIEM)](https://www.paloaltonetworks.cn/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [数据安全态势管理 (DSPM)](https://www.paloaltonetworks.cn/cortex/cloud/data-security-posture-management?ts=markdown) * [AI 安全态势管理 (AI-SPM)](https://www.paloaltonetworks.cn/cortex/cloud/ai-security-posture-management?ts=markdown) * [云检测与响应 (CDR)](https://www.paloaltonetworks.cn/cortex/cloud-detection-and-response?ts=markdown) * [云工作负载保护 (CWP)](https://www.paloaltonetworks.cn/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web 应用及 API 安全 (WAAS)](https://www.paloaltonetworks.cn/cortex/cloud/web-app-api-security?ts=markdown) 安全运营 * [云检测和响应](https://www.paloaltonetworks.cn/cortex/cloud-detection-and-response?ts=markdown) * [网络安全自动化](https://www.paloaltonetworks.cn/cortex/network-security-automation?ts=markdown) * [事件案例管理](https://www.paloaltonetworks.cn/cortex/incident-case-management?ts=markdown) * [SOC 自动化](https://www.paloaltonetworks.cn/cortex/security-operations-automation?ts=markdown) * [威胁情报管理](https://www.paloaltonetworks.cn/cortex/threat-intel-management?ts=markdown) * [托管的检测和响应](https://www.paloaltonetworks.cn/cortex/managed-detection-and-response?ts=markdown) * [攻击面管理](https://www.paloaltonetworks.cn/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [合规性管理](https://www.paloaltonetworks.cn/cortex/cortex-xpanse/compliance-management?ts=markdown) * [互联网运营管理](https://www.paloaltonetworks.cn/cortex/cortex-xpanse/internet-operations-management?ts=markdown) 端点安全 * [端点防护](https://www.paloaltonetworks.cn/cortex/endpoint-protection?ts=markdown) * [扩展的检测和响应](https://www.paloaltonetworks.cn/cortex/detection-and-response?ts=markdown) * [勒索软件防护](https://www.paloaltonetworks.cn/cortex/ransomware-protection?ts=markdown) * [数字取证](https://www.paloaltonetworks.cn/cortex/digital-forensics?ts=markdown) [行业](https://www.paloaltonetworks.cn/industry?ts=markdown) * [公共部门](https://www.paloaltonetworks.com/industry/public-sector) * [金融服务](https://www.paloaltonetworks.com/industry/financial-services) * [制造](https://www.paloaltonetworks.com/industry/manufacturing) * [医疗保健](https://www.paloaltonetworks.com/industry/healthcare) * [中小型企业解决方案](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio) * 服务 ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) 服务 [威胁情报和事件响应服务](https://www.paloaltonetworks.cn/unit42?ts=markdown) * [评估](https://www.paloaltonetworks.cn/unit42/assess?ts=markdown) * [AI 安全评估](https://www.paloaltonetworks.cn/unit42/assess/ai-security-assessment?ts=markdown) * [攻击面评估](https://www.paloaltonetworks.cn/unit42/assess/attack-surface-assessment?ts=markdown) * [防泄露准备工作审核](https://www.paloaltonetworks.cn/unit42/assess/breach-readiness-review?ts=markdown) * [BEC 准备情况评估](https://www.paloaltonetworks.com/bec-readiness-assessment) * [云安全评估](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment) * [入侵评估](https://www.paloaltonetworks.cn/unit42/assess/compromise-assessment?ts=markdown) * [网络风险评估](https://www.paloaltonetworks.cn/unit42/assess/cyber-risk-assessment?ts=markdown) * [并购网络尽职调查](https://www.paloaltonetworks.cn/unit42/assess/mergers-acquisitions-cyber-due-dilligence?ts=markdown) * [渗透测试](https://www.paloaltonetworks.cn/unit42/assess/penetration-testing?ts=markdown) * [紫队演习](https://www.paloaltonetworks.cn/unit42/assess/purple-teaming?ts=markdown) * [勒索软件就绪评估](https://www.paloaltonetworks.cn/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC 评估](https://www.paloaltonetworks.com/unit42/assess/soc-assessment) * [供应链风险评估](https://www.paloaltonetworks.cn/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [桌面演习](https://www.paloaltonetworks.cn/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 顾问人员](https://www.paloaltonetworks.cn/unit42/retainer?ts=markdown) * [响应](https://www.paloaltonetworks.cn/unit42/respond?ts=markdown) * [云事故响应](https://www.paloaltonetworks.cn/unit42/respond/cloud-incident-response?ts=markdown) * [数字取证](https://www.paloaltonetworks.cn/unit42/respond/digital-forensics?ts=markdown) * [事件响应](https://www.paloaltonetworks.cn/unit42/respond/incident-response?ts=markdown) * [托管检测与响应](https://www.paloaltonetworks.cn/unit42/respond/managed-detection-response?ts=markdown) * [托管威胁追踪](https://www.paloaltonetworks.cn/unit42/respond/managed-threat-hunting?ts=markdown) * [托管 XSIAM](https://www.paloaltonetworks.cn/cortex/managed-xsiam?ts=markdown) * [Unit 42 顾问人员](https://www.paloaltonetworks.cn/unit42/retainer?ts=markdown) * [转型](https://www.paloaltonetworks.cn/unit42/transform?ts=markdown) * [事故响应计划制定与审核](https://www.paloaltonetworks.cn/unit42/transform/incident-response-plan-development-review?ts=markdown) * [安全计划设计](https://www.paloaltonetworks.cn/unit42/transform/security-program-design?ts=markdown) * [虚拟 CISO](https://www.paloaltonetworks.cn/unit42/transform/vciso?ts=markdown) * [零信任咨询](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory) [全球客户服务](https://www.paloaltonetworks.cn/services?ts=markdown) * [教育与培训](https://www.paloaltonetworks.com/services/education) * [专业服务](https://www.paloaltonetworks.com/services/consulting) * [成功工具](https://www.paloaltonetworks.com/services/customer-success-tools) * [支持服务](https://www.paloaltonetworks.com/services/solution-assurance) * [客户成功](https://www.paloaltonetworks.com/services/customer-success) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) Unit 42 顾问人员 为满足企业的需求而定制,您可以选择将顾问人员工时数分配给我们的任意产品,包括主动网络风险管理服务。了解如何一键呼叫世界一流的 Unit 42 事故响应团队。 了解更多](https://www.paloaltonetworks.cn/unit42/retainer?ts=markdown) * 合作伙伴 ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) 合作伙伴 NextWave 合作伙伴 * [NextWave 合作伙伴社区](https://www.paloaltonetworks.com/partners) * [云服务提供商](https://www.paloaltonetworks.com/partners/nextwave-for-csp) * [全球系统集成商](https://www.paloaltonetworks.com/partners/nextwave-for-gsi) * [技术合作伙伴](https://www.paloaltonetworks.com/partners/technology-partners) * [服务提供商](https://www.paloaltonetworks.com/partners/service-providers) * [解决方案提供商](https://www.paloaltonetworks.com/partners/nextwave-solution-providers) * [托管安全服务提供商](https://www.paloaltonetworks.com/partners/managed-security-service-providers) 采取行动 * [门户网站登录](https://www.paloaltonetworks.com/partners/nextwave-partner-portal) * [管理的服务计划](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program) * [成为合作伙伴](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [请求访问](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [查找合作伙伴](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE 代表了因其安全专业知识而值得信赖的前 1% 的合作伙伴工程师。 了解更多](https://www.paloaltonetworks.com/cyberforce) * 公司 ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) 公司 Palo Alto Networks * [关于我们](https://www.paloaltonetworks.cn/about-us?ts=markdown) * [管理团队](https://www.paloaltonetworks.com/about-us/management) * [投资者关系](https://investors.paloaltonetworks.com/) * [地点](https://www.paloaltonetworks.com/about-us/locations) * [道德与合规性](https://www.paloaltonetworks.com/company/ethics-and-compliance) * [企业责任](https://www.paloaltonetworks.com/about-us/corporate-responsibility) * [军人和退伍军人](https://jobs.paloaltonetworks.com/military) [为什么选择 Palo Alto Networks?](https://www.paloaltonetworks.cn/why-paloaltonetworks?ts=markdown) * [Precision AI 安全](https://www.paloaltonetworks.cn/precision-ai-security?ts=markdown) * [我们的平台方法](https://www.paloaltonetworks.cn/why-paloaltonetworks/platformization?ts=markdown) * [加速网络安全转型](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio) * [获得的奖项与表彰](https://www.paloaltonetworks.com/about-us/awards) * [客户案例](https://www.paloaltonetworks.cn/customers?ts=markdown) * [全球认证](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance) * [全方位信任计划](https://www.paloaltonetworks.com/resources/whitepapers/trust-360) 职业生涯 * [概述](https://jobs.paloaltonetworks.com/) * [文化与福利](https://jobs.paloaltonetworks.com/culture) [《新闻周刊》评选出的最受欢迎的工作场所 善待员工的企业 阅读更多](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021) * 更多内容 ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) 更多内容 资源 * [博客](https://www.paloaltonetworks.com/blog/?lang=zh-hans) * [Unit 42 威胁研究博客](https://unit42.paloaltonetworks.com/) * [社区](https://www.paloaltonetworks.com/communities) * [内容库](https://www.paloaltonetworks.cn/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.cn/cyberpedia?ts=markdown) * [技术内幕](https://techinsider.paloaltonetworks.com/) * [知识库](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks 频道](https://tv.paloaltonetworks.com/) * [领导者的视角](https://www.paloaltonetworks.com/perspectives/) * [《网络视角》杂志](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine) * [区域云位置](https://www.paloaltonetworks.cn/products/regional-cloud-locations?ts=markdown) * [技术文档](https://docs.paloaltonetworks.com/) * [安全态势评估](https://www.paloaltonetworks.cn/security-posture-assessment?ts=markdown) * [威胁载体播客](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) 联系 * [在线社区](https://live.paloaltonetworks.com/) * [活动资讯](https://events.paloaltonetworks.com/) * [高管简报中心](https://www.paloaltonetworks.com/about-us/executive-briefing-program) * [演示](https://www.paloaltonetworks.cn/demos?ts=markdown) * [联系我们](https://www.paloaltonetworks.cn/company/contact-sales?ts=markdown) [博客 了解行业趋势和全球最大网络安全公司的最新创新 了解更多](https://www.paloaltonetworks.com/blog/?lang=zh-hans) * CN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com/) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * CHINA (简体中文) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [联系我们](https://www.paloaltonetworks.cn/contact?ts=markdown) * [资源](https://www.paloaltonetworks.cn/resources?ts=markdown) * [获得支持](https://support.paloaltonetworks.com/support) * [遭遇攻击?](https://start.paloaltonetworks.com/contact-unit42.html) * [立即开始](https://www.paloaltonetworks.cn/get-started?ts=markdown) 搜索 Close search modal [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.cn/cyberpedia?ts=markdown) 2. [Network Security](https://www.paloaltonetworks.com/cyberpedia/network-security?ts=markdown) 3. [安全企业浏览器的使用案例包括](https://www.paloaltonetworks.cn/cyberpedia/secure-enterprise-browser-use-cases?ts=markdown) 目录 * [1. 确保第三方和承包商的访问权限](#securing-third-party-and-contractor-access) * [2. 监控和管理特权用户活动](#monitoring-and-managing-privileged-user-activity) * [3. 启用安全的 BYOD 政策](#enabling-secure-byod-policies) * [4. 防止 GenAI 应用程序中的数据暴露](#preventing-data-exposure-in-genai-apps) * [5. 减轻浏览器中的网络威胁](#migrating-web-based-threats-in-the-browser) * [6. 减少对 VDI 的依赖](#reducing-vdi-dependency) * [7. 支持不可解密流量](#securing-undecryptable-traffic) * [8. 在最后一英里保护数据](#protecting-data-at-the-last-mile) * [9. 安全的并购入职](#secure-m-and-a-onboarding) * [10. 防止内部人员驱动的数据泄漏](#preventing-insider-driven-data-leakage) * [安全企业浏览器使用案例常见问题](#secure-enterprise-browser-use-cases-faq) # 安全企业浏览器的使用案例包括 [安全企业浏览器 | Prisma Access 浏览器](https://www.paloaltonetworks.cn/sase/prisma-browser?ts=markdown) [Prisma Access 与 Blue Coat 对比](https://www.paloaltonetworks.cn/sase/prisma-access-vs-blue-coat?ts=markdown) [Strata Cloud Manager](https://www.paloaltonetworks.cn/network-security/strata-cloud-manager?ts=markdown) 目录 * [1. 确保第三方和承包商的访问权限](#securing-third-party-and-contractor-access) * [2. 监控和管理特权用户活动](#monitoring-and-managing-privileged-user-activity) * [3. 启用安全的 BYOD 政策](#enabling-secure-byod-policies) * [4. 防止 GenAI 应用程序中的数据暴露](#preventing-data-exposure-in-genai-apps) * [5. 减轻浏览器中的网络威胁](#migrating-web-based-threats-in-the-browser) * [6. 减少对 VDI 的依赖](#reducing-vdi-dependency) * [7. 支持不可解密流量](#securing-undecryptable-traffic) * [8. 在最后一英里保护数据](#protecting-data-at-the-last-mile) * [9. 安全的并购入职](#secure-m-and-a-onboarding) * [10. 防止内部人员驱动的数据泄漏](#preventing-insider-driven-data-leakage) * [安全企业浏览器使用案例常见问题](#secure-enterprise-browser-use-cases-faq) 1. 1. 确保第三方和承包商的访问权限 * [1. 1. 确保第三方和承包商的访问权限](#securing-third-party-and-contractor-access) * [2. 2. 监控和管理特权用户活动](#monitoring-and-managing-privileged-user-activity) * [3. 3. 启用安全的 BYOD 政策](#enabling-secure-byod-policies) * [4. 4. 防止 GenAI 应用程序中的数据暴露](#preventing-data-exposure-in-genai-apps) * [5. 5. 减轻浏览器中的网络威胁](#migrating-web-based-threats-in-the-browser) * [6. 6. 减少对 VDI 的依赖](#reducing-vdi-dependency) * [7. 7. 支持不可解密流量](#securing-undecryptable-traffic) * [8. 8. 在最后一英里保护数据](#protecting-data-at-the-last-mile) * [9. 9. 安全的并购入职](#secure-m-and-a-onboarding) * [10. 10. 防止内部人员驱动的数据泄漏](#preventing-insider-driven-data-leakage) * [11. 安全企业浏览器使用案例常见问题](#secure-enterprise-browser-use-cases-faq) 1. 确保第三方和承包商的访问权限 ----------------- 独立员工,如自由职业者、承包商和顾问,往往在传统 IT 界限之外工作。他们使用自己的非托管设备,跨多个组织工作,经常需要访问企业 SaaS 和专用应用程序。这意味着:它们会带来难以控制的风险,同时也会拖慢它们的速度。 这就是为什么这是一个挑战。 无人管理的设备增加了攻击面。大多数[勒索软件](https://www.paloaltonetworks.cn/cyberpedia/what-is-ransomware?ts=markdown)和[网络钓鱼](https://www.paloaltonetworks.cn/cyberpedia/what-is-phishing?ts=markdown)攻击都是通过网络浏览器或被入侵的端点发起的。而且,由于独立员工往往跳过与全职员工相同的入职和监督流程,敏感数据变得更难保护。 ![Architecture diagram showing a sequence labeled 'Unmanaged device accessing corporate app introducing risk via web browser.' It begins with a user icon connected to a red box labeled 'Unmanaged device' with a warning icon, followed by a red box labeled 'Outdated browser' with another warning icon. An arrow leads through the internet icon to a gray building icon labeled 'HQ data center,' then to a gray circle with a download icon and a gray box labeled 'DMS.' An HQ user icon appears at the top right, connected to the DMS with a line and download icon. Red text indicates that a malicious file is uploaded into the DMS and that a corporate user unknowingly downloads the malicious file from the DMS.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-enterprise-browser-use-cases/Secure-Browser-2025_4.png "Architecture diagram showing a sequence labeled 'Unmanaged device accessing corporate app introducing risk via web browser.' It begins with a user icon connected to a red box labeled 'Unmanaged device' with a warning icon, followed by a red box labeled 'Outdated browser' with another warning icon. An arrow leads through the internet icon to a gray building icon labeled 'HQ data center,' then to a gray circle with a download icon and a gray box labeled 'DMS.' An HQ user icon appears at the top right, connected to the DMS with a line and download icon. Red text indicates that a malicious file is uploaded into the DMS and that a corporate user unknowingly downloads the malicious file from the DMS.") [安全的企业浏览器](https://www.paloaltonetworks.cn/cyberpedia/what-is-an-enterprise-browser?ts=markdown)有助于控制这种风险。它只为独立工作者提供所需的服务。通过在浏览器层级执行安全策略(如屏蔽[敏感数据](https://www.paloaltonetworks.cn/cyberpedia/sensitive-data?ts=markdown)、阻止未经授权的上传以及实时检查流量),无需部署完整的桌面环境就能保持合规性。 就像这样: ![The diagram shows a freelancer using an unmanaged device represented by a red laptop icon with a warning symbol, which connects to a secure browser represented by a teal-colored browser icon with a padlock. From the secure browser, three connection lines branch out. The top connection, marked with a green check icon, leads to a box labeled 'Internal apps.' The other two connections, each marked with a red blocked icon, lead to boxes labeled 'www.draftkings.com' and 'www.espn.com.' The diagram is captioned 'Enforcing least-privilege access in the browser.'](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-enterprise-browser-use-cases/Secure-Browser-2025_5.png "The diagram shows a freelancer using an unmanaged device represented by a red laptop icon with a warning symbol, which connects to a secure browser represented by a teal-colored browser icon with a padlock. From the secure browser, three connection lines branch out. The top connection, marked with a green check icon, leads to a box labeled 'Internal apps.' The other two connections, each marked with a red blocked icon, lead to boxes labeled 'www.draftkings.com' and 'www.espn.com.' The diagram is captioned 'Enforcing least-privilege access in the browser.'") 换句话说:企业可以降低复杂性,同时将保护范围扩大到所有用户,无论设备所有权或就业状况如何。这是同时保持生产力和安全性的关键。 ***提示:*** *为加强监督,请考虑将浏览器会话日志集成到现有的[SIEM](https://www.paloaltonetworks.cn/cyberpedia/what-is-siem?ts=markdown)或审计工作流程中。这样就能更容易地将承包商活动与其他安全事件关联起来--即使设备本身不受管理。* 2. 监控和管理特权用户活动 -------------- 特权用户管理着维持一切运行的系统。他们拥有对关键基础设施、敏感数据和管理控制的高级访问权限。任何泄露都可能导致严重的运行或安全后果。 挑战在于可见性和控制。这些用户经常跨环境工作,并使用 SSH 或 RDP 等安全协议访问远程系统。如果没有细粒度的[访问策略](https://www.paloaltonetworks.cn/cyberpedia/access-control?ts=markdown)和适当的会话监督,特权活动就会绕过传统的防御措施。 ![Architecture diagram showing a freelancer using an unmanaged device represented by a red laptop icon with a warning symbol, which connects to a secure browser represented by a teal-colored browser icon with a padlock. From the secure browser, three connection lines branch out. The top connection, marked with a green check icon, leads to a box labeled 'Internal apps.' The other two connections, each marked with a red blocked icon, lead to boxes labeled 'www.draftkings.com' and 'www.espn.com.' The diagram is captioned 'Enforcing least-privilege access in the browser.'](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-enterprise-browser-use-cases/Secure-Browser-2025_6.png "Architecture diagram showing a freelancer using an unmanaged device represented by a red laptop icon with a warning symbol, which connects to a secure browser represented by a teal-colored browser icon with a padlock. From the secure browser, three connection lines branch out. The top connection, marked with a green check icon, leads to a box labeled 'Internal apps.' The other two connections, each marked with a red blocked icon, lead to boxes labeled 'www.draftkings.com' and 'www.espn.com.' The diagram is captioned 'Enforcing least-privilege access in the browser.'") 安全的企业浏览器有助于降低这种风险。 它可以直接在浏览器中实现上下文控制,比如对敏感任务执行及时访问、设备状态检查和升级验证。它还可以限制会话行为、记录操作和应用[最低权限规则](https://www.paloaltonetworks.cn/cyberpedia/what-is-the-principle-of-least-privilege?ts=markdown),而无需完全控制端点。 具体操作如下 ![Architecture diagram showing a freelancer connecting through a secure browser that enforces access conditions based on context. A dotted box next to the user lists three conditions: 'M–F 09:00–17:00,' 'VPN,' and 'OS up to date,' each marked with a green check. The freelancer connects to a secure browser icon with a padlock, which branches out into four single session paths. The top two paths lead to icons labeled 'Internal apps' and 'SaaS apps.' The third path is labeled 'SSH' and leads to 'Allowed servers.' The fourth path is also labeled 'SSH' and leads to 'HR server,' but is blocked with a red prohibited icon. The image is captioned 'Granular, context-aware browser security.'](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-enterprise-browser-use-cases/Secure-Browser-2025_7.png "Architecture diagram showing a freelancer connecting through a secure browser that enforces access conditions based on context. A dotted box next to the user lists three conditions: 'M–F 09:00–17:00,' 'VPN,' and 'OS up to date,' each marked with a green check. The freelancer connects to a secure browser icon with a padlock, which branches out into four single session paths. The top two paths lead to icons labeled 'Internal apps' and 'SaaS apps.' The third path is labeled 'SSH' and leads to 'Allowed servers.' The fourth path is also labeled 'SSH' and leads to 'HR server,' but is blocked with a red prohibited icon. The image is captioned 'Granular, context-aware browser security.'") 换句话说企业可以通过精确的浏览器本地方式监控和管理特权用户的活动。这样就能更轻松地检测异常情况,防止未经授权的访问,并在不降低运行速度的情况下保持合规性。 ***提示:*** *如果解决方案支持基于浏览器的会话监控,可考虑针对异常访问模式设置警报,例如非工作时间活动或意外的应用程序使用。这有助于发现误用或入侵的早期迹象,而不需要全面的 [UEBA](https://www.paloaltonetworks.cn/cyberpedia/what-is-user-entity-behavior-analytics-ueba?ts=markdown) 工具。* 3. 启用安全的 BYOD 政策 ---------------- 自带设备(BYOD)计划让员工在工作中使用个人设备。这样既能提高灵活性,又能降低硬件成本。但它也扩大了攻击面--尤其是当非托管设备访问敏感应用程序时。 问题就出在这里。 大多数网络威胁都来自浏览器。如果不对各种设备实施一致的控制,企业可能会失去对危险行为、数据移动甚至凭证滥用的可见性。 ![Architecture diagram illustrating a corporate network where a user on a laptop connects to a browser, which then attempts to access both the internet and local applications. Two red warning icons appear between the browser and its destinations, indicating potential risk paths to the internet and to local apps. A label above reads 'Risk exposure from inconsistent browser controls,' and a caption below notes, 'User traditionally allowed because the firewall trusts the local corporate network.'](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-enterprise-browser-use-cases/Secure-Browser-2025_8.png "Architecture diagram illustrating a corporate network where a user on a laptop connects to a browser, which then attempts to access both the internet and local applications. Two red warning icons appear between the browser and its destinations, indicating potential risk paths to the internet and to local apps. A label above reads 'Risk exposure from inconsistent browser controls,' and a caption below notes, 'User traditionally allowed because the firewall trusts the local corporate network.'") VDI 和 DaaS 等传统解决方案往往过于昂贵或令人沮丧,无法针对每个用户进行扩展。 安全的企业浏览器提供了一种更实用的方法。它可以安全访问 SaaS 和专用应用程序,而无需全面的设备管理。通过态势检查、策略执行和数据保护控制,在浏览器中直接应用安全性,从而使个人设备与企业资产保持隔离。 ![Architecture diagram showing a user on a laptop connecting to a browser within a corporate network. From the browser, two paths emerge—one to the internet and one to local applications—each with an associated security control icon. Beyond these paths, URL filtering is depicted with six applications arranged in two columns. Green and red checkmarks indicate allowed and blocked access based on filtering policies, with some apps connected to the internet and others to local apps. The title above reads 'Applying security controls directly in the browser.'](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-enterprise-browser-use-cases/Secure-Browser-2025_9.png "Architecture diagram showing a user on a laptop connecting to a browser within a corporate network. From the browser, two paths emerge—one to the internet and one to local applications—each with an associated security control icon. Beyond these paths, URL filtering is depicted with six applications arranged in two columns. Green and red checkmarks indicate allowed and blocked access based on filtering policies, with some apps connected to the internet and others to local apps. The title above reads 'Applying security controls directly in the browser.'") 换句话说BYOD 可以在不影响监督的情况下保持灵活性。这种平衡使我们更容易支持现代化的员工队伍,同时又不会产生新的安全漏洞。 ***提示:*** *为降低非托管设备上的残余风险,可考虑强制执行会话过期和浏览器数据自动刷新。在注销时清除历史记录、缓存文件和 Cookie,或在固定时间后清除历史记录、缓存文件和 Cookie,有助于防止敏感数据在预定会话结束后继续滞留。这在 BYOD 和承包商场景中尤其有用,因为在这些场景中不可能对设备进行全面控制。* 4. 防止 GenAI 应用程序中的数据暴露 ---------------------- 如今,大多数组织都无法了解 GenAI 应用程序中的用户活动。 然而,生成式人工智能工具正在成为许多工作流程的核心部分。它们支持从内容创建到软件开发和数据分析的一切工作。 "在三分之一或更多的工作中使用 gen AI 的员工人数是领导者想象的 3 倍......" [- 麦肯锡数字公司,《工作场所的超级代理》:赋能于人,释放人工智能的全部潜能,2025 年 1 月 28 日](https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/superagency-in-the-workplace-empowering-people-to-unlock-ais-full-potential-at-work) 但它们也带来了新的安全问题--尤其是当用户将敏感数据输入公共模型时。 "根据 Gartner 公司的数据,"到 2027 年,40% 以上与人工智能相关的数据泄露事件将由跨境不当使用生成式人工智能(GenAI)造成。" [- Gartner 新闻稿,Gartner 预测到 2027 年,40% 的人工智能数据泄露将源于跨境 GenAI 滥用,2025 年 2 月 17 日。](https://www.gartner.com/en/newsroom/press-releases/2025-02-17-gartner-predicts-forty-percent-of-ai-data-breaches-will-arise-from-cross-border-genai-misuse-by-2027) 原因就在这里。 大多数 GenAI 平台都在云中运行。这意味着:数据提交后,组织无法完全控制其去向。如果没有防护栏,用户可能会在不知情的情况下与第三方服务共享机密信息、知识产权或客户数据。 ![Architecture diagram illustrating a scenario labeled 'Accidental data exposure in GenAI apps.' On the left, a user uploads a secure file that contains sensitive information such as social security numbers and account numbers. The user then issues a prompt that reads, 'Please summarize this file.' On the right, the GenAI system responds with a summary that includes partial sensitive data, displaying a response such as 'Account numbers starting with \[000-00...\].' Arrows connect the user and GenAI to show the flow of information between them.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-enterprise-browser-use-cases/Secure-Browser-2025_10.png "Architecture diagram illustrating a scenario labeled 'Accidental data exposure in GenAI apps.' On the left, a user uploads a secure file that contains sensitive information such as social security numbers and account numbers. The user then issues a prompt that reads, 'Please summarize this file.' On the right, the GenAI system responds with a summary that includes partial sensitive data, displaying a response such as 'Account numbers starting with [000-00...].' Arrows connect the user and GenAI to show the flow of information between them.") 安全的企业浏览器有助于降低这种风险。它可以直接在交互点(浏览器内部)执行策略。例如,安全团队可以阻止或编辑敏感输入,应用基于内容的控制,并根据身份、设备状态或应用程序上下文限制使用。 ![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/07/GenAI-blog-gif.gif) 换句话说:企业可以在不牺牲数据保护的情况下[安全地启用 GenAI](https://www.paloaltonetworks.com/cyberpedia/what-is-generative-ai-security)。随着这些工具越来越多地融入日常运营,这一点尤为重要。 ***提示:*** *要降低 GenAI 工具中意外暴露数据的风险,可以考虑采用实时检查键入输入和编辑敏感内容的策略。这有助于防止用户在与公共模型的日常互动中无意共享机密数据。* 5. 减轻浏览器中的网络威胁 -------------- 浏览器是外部攻击的主要目标。它将用户与 SaaS 应用程序、云平台和公共网站连接起来,为网络钓鱼、[恶意软件](https://www.paloaltonetworks.cn/cyberpedia/what-is-malware?ts=markdown)和漏洞利用尝试创造了一个开放的渠道。这就是为什么需要像监控其他威胁面一样监控浏览器活动的原因。 ![Architecture diagram showing a sequence titled 'How browsers create open channels for web-based threats.' A user accesses an unmanaged device, which then uses an outdated browser to open an email. The user clicks a phishing email link, represented by an icon and a label reading 'User clicks phishing email link.' This triggers the browser to create a new session to a malicious site, depicted with an icon and the label 'Browser creates new session to malicious site.' Arrows connect each step to illustrate the flow from user to threat.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-enterprise-browser-use-cases/Secure-Browser-2025_11.png "Architecture diagram showing a sequence titled 'How browsers create open channels for web-based threats.' A user accesses an unmanaged device, which then uses an outdated browser to open an email. The user clicks a phishing email link, represented by an icon and a label reading 'User clicks phishing email link.' This triggers the browser to create a new session to a malicious site, depicted with an icon and the label 'Browser creates new session to malicious site.' Arrows connect each step to illustrate the flow from user to threat.") 挑战来了。 大多数浏览器在设计时都没有考虑到企业风险。它们对用户如何与数据和应用程序交互的控制有限。这使得通过下载、第三方扩展或不安全网站引发安全事件变得轻而易举--即使是无意间。 安全的企业级浏览器改变了这一状况。 它在使用点实施实时控制。安全团队可以检查行为,根据应用程序类型或设备状态执行策略,并阻止下载恶意软件或登录个人服务等危险操作。 ![Architecture diagram demonstrating a secure web browser blocking compromised web traffic. It depicts a user on the left side connected to a secure browser represented by a green icon with security features. This secure browser intercepts traffic from a compromised website shown on the right, which is indicated by a red icon with a warning symbol. The malicious code in the response traffic is highlighted between the browser and the compromised website, emphasizing the browser’s protective action. The caption beneath reads, 'Secure web browser blocking compromised web traffic.'](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-enterprise-browser-use-cases/Enterprise-Browser-2025_7.png "Architecture diagram demonstrating a secure web browser blocking compromised web traffic. It depicts a user on the left side connected to a secure browser represented by a green icon with security features. This secure browser intercepts traffic from a compromised website shown on the right, which is indicated by a red icon with a warning symbol. The malicious code in the response traffic is highlighted between the browser and the compromised website, emphasizing the browser’s protective action. The caption beneath reads, 'Secure web browser blocking compromised web traffic.'") 这样既能减少曝光,又不会影响用户体验。 如果要部署安全浏览器访问,可考虑限制域级登录,以防止用户在同一会话中登录个人账户。这有助于遏制依赖跨账户活动的网络钓鱼企图,并将敏感的工作流程与不受管理的目的地分开。 ***提示:*** *为减少网络威胁,应优先使用可隔离个人和企业账户访问的浏览器工具。通过电子邮件域强制执行登录限制,有助于阻止利用会话重叠的网络钓鱼企图,并防止[数据跨环境泄露](https://www.paloaltonetworks.cn/cyberpedia/data-leak?ts=markdown)。* 6. 减少对 VDI 的依赖 -------------- 虚拟桌面基础设施(VDI)和桌面即服务(DaaS)通常用于支持远程访问。它们提供集中控制和一致的用户环境。但它们也带来了高成本、复杂性和性能权衡。 这就是问题所在。 VDI 设置难以扩展和维护。许多用户只需要访问基于网络的应用程序,而不是完整的虚拟桌面。通过 VDI 运行所有活动会产生不必要的开销。 安全的企业浏览器提供了更简单的选择。它可以安全访问 SaaS 和内部网络应用程序,而无需依赖虚拟桌面。这意味着更少的 VDI 许可证、更少的基础架构需求,以及更好的用户体验(基于浏览器的任务)。 ![Architecture diagram shows a comparison of VDI resource usage for 5,000 users before and after reducing VDI instances. On the left side, a labeled section reads 'VDI resources for 5,000 VDI users' and shows an icon representing multiple computer screens stacked, indicating full VDI allocation. Below it, text states that users spend 30% of the time on thick client app access and 70% on browser app access. An arrow points to the right with a note above it saying 'Reduce costs by up to 79% by reducing the VDI instances,' accompanied by an icon of a cloud with a downward arrow. To the right of the arrow, another section labeled 'Reduced VDI resources for 5,000 VDI users' displays a single monitor icon and the same usage breakdown—30% on thick client app access and 70% on browser app access. Next to it, a plus sign separates this from a blue monitor icon labeled 'Same 5,000 users.' Below the diagram, a caption reads 'Minimizing VDI deployments using a secure enterprise browser.'](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-enterprise-browser-use-cases/Secure-Browser-2025_1.png "Architecture diagram shows a comparison of VDI resource usage for 5,000 users before and after reducing VDI instances. On the left side, a labeled section reads 'VDI resources for 5,000 VDI users' and shows an icon representing multiple computer screens stacked, indicating full VDI allocation. Below it, text states that users spend 30% of the time on thick client app access and 70% on browser app access. An arrow points to the right with a note above it saying 'Reduce costs by up to 79% by reducing the VDI instances,' accompanied by an icon of a cloud with a downward arrow. To the right of the arrow, another section labeled 'Reduced VDI resources for 5,000 VDI users' displays a single monitor icon and the same usage breakdown—30% on thick client app access and 70% on browser app access. Next to it, a plus sign separates this from a blue monitor icon labeled 'Same 5,000 users.' Below the diagram, a caption reads 'Minimizing VDI deployments using a secure enterprise browser.'") 从根本上说,企业可以为真正需要的用户保留 VDI。其他所有人都可以通过浏览器进行安全操作,全面降低成本和操作负担。 ![Architecture diagram showing a segmentation of 5,000 VDI users before and after deploying a secure enterprise browser. On the left side, a group labeled '5,000 VDI users' is split into two subgroups: '2,000 Full desktop users' with green icons and '3,000 Browser-only users' with orange icons. An arrow points to the right, where the same label '5,000 VDI users' is used again, but the subgroups are now labeled '2,000 Full desktop need (using VDI or DaaS)' with green icons and '3,000 Prisma Access Browser users' with blue icons. A caption below states that secure enterprise browsers allow organizations to deploy VDI exclusively to users who require it.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-enterprise-browser-use-cases/Secure-Browser-2025_2.png "Architecture diagram showing a segmentation of 5,000 VDI users before and after deploying a secure enterprise browser. On the left side, a group labeled '5,000 VDI users' is split into two subgroups: '2,000 Full desktop users' with green icons and '3,000 Browser-only users' with orange icons. An arrow points to the right, where the same label '5,000 VDI users' is used again, but the subgroups are now labeled '2,000 Full desktop need (using VDI or DaaS)' with green icons and '3,000 Prisma Access Browser users' with blue icons. A caption below states that secure enterprise browsers allow organizations to deploy VDI exclusively to users who require it.") ***提示:*** *在评估 VDI 的替代方案时,应[寻找](https://www.paloaltonetworks.com/cyberpedia/how-to-choose-an-enterprise-browser)支持基于角色的访问细分的基于浏览器的解决方案。这样就可以更容易地将需要完整桌面环境的用户与可以完全在浏览器中工作的用户区分开来--从而可以在不影响安全性或访问的情况下合理调整 VDI 占地面积。* 7. 支持不可解密流量 ----------- 现在,大多数互联网流量都已[加密](https://www.paloaltonetworks.cn/cyberpedia/data-encryption?ts=markdown)。这对保护隐私来说是件好事。但这也使得传统安全工具更难检查和控制用户的操作,尤其是在浏览器内部。 但问题就在这里。 有些协议,如 QUIC,并不容易解密。其他流量,如 Microsoft 365 流量,则附带服务级别协议,不鼓励深度检查。因此,即使流量可疑,安全团队也可能无法在不违反合规性或不影响性能的情况下对其进行分析。 安全的企业浏览器提供了一种不同的方法。它不是在传输过程中解密流量,而是直接在使用点--浏览器本身--实施控制。 它是这样工作的: ![Graphic titled 'Securing encrypted browser sessions without traffic decryption' and is divided into two horizontal sections. In the top section, a user accesses a secure browser, which communicates via SSL to a firewall labeled 'Firewall decrypt – Allowed or denied based on policy.' From there, traffic is either allowed to Website A or blocked from accessing Website B, shown with green and red indicators respectively. In the bottom section, a user again accesses a secure browser, which sends SSL traffic to a firewall labeled 'Firewall – Allowing encrypted traffic.' From there, the traffic is allowed to reach the internet, shown with a green indicator.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-enterprise-browser-use-cases/Secure-Browser-2025_12.png "Graphic titled 'Securing encrypted browser sessions without traffic decryption' and is divided into two horizontal sections. In the top section, a user accesses a secure browser, which communicates via SSL to a firewall labeled 'Firewall decrypt – Allowed or denied based on policy.' From there, traffic is either allowed to Website A or blocked from accessing Website B, shown with green and red indicators respectively. In the bottom section, a user again accesses a secure browser, which sends SSL traffic to a firewall labeled 'Firewall – Allowing encrypted traffic.' From there, the traffic is allowed to reach the internet, shown with a green indicator.") 这意味着,即使底层流量保持加密,企业仍然可以监控访问、执行策略和检测风险活动。 基本上,你不需要破解加密来确保会话安全。基于浏览器的可视性有助于填补基于网络的工具所留下的空白,尤其是当越来越多的网络和 SaaS 应用程序转向现代加密协议时。 ***提示:*** *在考虑对加密流量进行浏览器级控制时,请检查解决方案能否在无需解密的情况下应用策略。这包括对使用 QUIC 或 Microsoft 365 流量的应用程序的可见性,而许多传统工具都忽略了这一点。这有助于在不影响性能或合规性的情况下消除盲点。* 8. 在最后一英里保护数据 ------------- 浏览器是最容易暴露敏感数据的地方。用户可实时阅读、编辑、下载和共享关键业务信息。这意味着:最后一英里--用户与数据交互的地方--是应用安全的最重要场所之一。 原因就在这里。 即使有强大的网络和云保护措施,数据一旦到达用户手中,仍会面临风险。例如:有人可能会将机密内容复制到个人应用程序中,对敏感资料进行截图,或将文件上传到未经批准的驱动器中。传统的控制方法往往会错过这一活动。 安全的企业浏览器可直接在终端解决这些问题。它可以屏蔽敏感数据、阻止截图、限制文件上传和应用水印,而不会干扰用户体验。这些政策根据内容、用户身份和上下文进行调整。 ![Architecture diagram titled 'Enforcing last-mile data protection in the browser' illustrates a sequence beginning with a privileged user on a managed device. The user attempts to upload a malicious file, which passes through a secure browser and into the HQ data center. At the final stage, the data management system (DMS) blocks the upload. Labels indicate that the corporate user unknowingly uploads a malicious file to the DMS, but the upload is blocked before reaching its destination.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-enterprise-browser-use-cases/Secure-Browser-2025_13.png "Architecture diagram titled 'Enforcing last-mile data protection in the browser' illustrates a sequence beginning with a privileged user on a managed device. The user attempts to upload a malicious file, which passes through a secure browser and into the HQ data center. At the final stage, the data management system (DMS) blocks the upload. Labels indicate that the corporate user unknowingly uploads a malicious file to the DMS, but the upload is blocked before reaching its destination.") 这样:您可以精确控制如何在浏览器中访问和使用数据。这是在信息最脆弱的地方--就在信息离开你的环境之前--保护信息的关键。 ***提示:*** *在评估 "最后一英里 "保护措施时,应寻找能同时响应内容和上下文的浏览器级控制。这包括根据用户角色、应用类型或数据敏感性进行调整的策略,如在高风险会话中阻止上传,同时仍允许只读访问。* 9. 安全的并购入职 ---------- 并购取决于速度。新收购的员工越快获得企业应用程序和数据的安全访问权限,交易就越快实现价值。换句话说,访问时间直接影响价值时间。 不过有一个问题。 传统的上岗培训方法(如运送笔记本电脑或配置 VDI)需要数周时间。它们还会造成物流瓶颈,提高成本,延误生产。如果再加上合规性限制或设备评估,时间就更长了。 安全的企业级浏览器可以消除许多此类延迟。它可以在受管理和不受管理的设备上安全访问 SaaS、网络和专用应用程序。甚至在企业硬件交付之前,员工就可以在几分钟内开始工作。 ![Architecture diagram titled 'Enforcing last-mile data protection in the browser' illustrates a sequence beginning with a privileged user on a managed device. The user attempts to upload a malicious file, which passes through a secure browser and into the HQ data center. At the final stage, the data management system (DMS) blocks the upload. Labels indicate that the corporate user unknowingly uploads a malicious file to the DMS, but the upload is blocked before reaching its destination.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-enterprise-browser-use-cases/Secure-Browser-2025_13.png "Architecture diagram titled 'Enforcing last-mile data protection in the browser' illustrates a sequence beginning with a privileged user on a managed device. The user attempts to upload a malicious file, which passes through a secure browser and into the HQ data center. At the final stage, the data management system (DMS) blocks the upload. Labels indicate that the corporate user unknowingly uploads a malicious file to the DMS, but the upload is blocked before reaching its destination.") 这意味着组织可以在不牺牲安全性的情况下快速扩展访问量。基于浏览器的控制可按用户、设备状态或数据类型执行策略,帮助 IT 部门保持合规性,同时实现快速、安全的集成。 安全团队可以按用户组定义访问权限,执行设备状态检查,并应用水印、截图阻止或文件上传限制等上下文感知策略。这些"最后一英里"保护措施有助于防止员工在使用个人或购买的设备工作时发生数据泄漏。浏览器还支持快速离线,因此在需要时可以立即取消访问权限。 ***提示:*** *为加快并购期间的入职速度,可考虑按设备类型和角色对用户进行细分。基于浏览器的方法可让你立即应用特定组的安全策略,因此新入职的员工只需访问他们所需的内容,甚至在 IT 交付企业设备之前。* 10. 防止内部人员驱动的数据泄漏 ----------------- 并非所有威胁都来自外部。内部风险--无论是有意的还是意外的--都是数据暴露的主要原因。而浏览器是用户在不被发现的情况下移动敏感信息的最便捷途径之一。 这很重要,因为: 浏览器是用户访问企业工具、下载文件和与数据交互的地方。如果没有防护措施,他们就可能将内容复制到个人应用程序中,将文件上传到未经批准的目的地,或者模糊工作和个人使用之间的界限。 安全的企业浏览器可让安全团队看到并控制这些操作。例如,它们可以阻止文件上传到个人驱动器,防止在高风险工作流程中复制粘贴,或在敏感会话上添加水印。它们还可以限制登录行为,或将会话完全隔离为不同的身份。 简单地说:您可以在不中断合法工作的情况下[降低数据丢失的风险](https://www.paloaltonetworks.com/cyberpedia/what-is-data-loss-prevention-dlp)。因此,在现代工作环境中,浏览器层防护是抵御[内部威胁的](https://www.paloaltonetworks.cn/cyberpedia/insider-threat?ts=markdown)一种实用方法。 ***提示:*** *如果担心内部人员风险,则应评估浏览器会话控制是否能实现个人身份与企业身份的分离--例如按域限制登录或隔离工作会话。这有助于在发生安全事故之前防止无意交叉。* [![CTA banner featuring a light teal background with a circle graphic containing a book. Text within the banner reads 'Learn more about secure browsers and which solution is right for your business, featuring 'The Definitive Guide to Secure Browsers.' and includes a 'Download guide' button.](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberpedia/secure-enterprise-browser-use-cases/SASE-CTAs-2024_CTA_sb.png)](https://www.paloaltonetworks.com/resources/ebooks/definitive-guide-to-secure-browsers) ## 安全企业浏览器使用案例常见问题 #### 什么是安全的企业浏览器? 企业浏览器提供安全、可管理的网络浏览器环境,专为满足特定业务需求而设计,允许对所有网络服务和用户操作进行完全可见性和控制。 #### 安全浏览器有什么好处? 安全的企业浏览器可在不影响可用性的情况下增强安全性。它可以保护数据、防止恶意软件并执行策略,无需安装端点。降低成本、快速部署和流畅的用户体验让企业受益匪浅,同时还能在托管和非托管设备之间安全扩展。 相关内容 [报告:混合劳动力安全状况关键... 了解 SASE 和安全浏览器如何共同防止外泄和保护数据。](https://start.paloaltonetworks.cn/Omdia-state-of-workforce-security) [白皮书:Prisma 浏览器:一个完整的... 了解如何扩展 Prisma^®^ SASE 解决方案,以确保浏览器中的工作安全。](https://start.paloaltonetworks.cn/prisma-access-browser-integral-part-whitepaper.html) [数据表:Prisma 浏览器。 了解产品功能、执行、部署和集成。](https://www.paloaltonetworks.cn/resources/datasheets/prisma-access?ts=markdown) [博客:企业浏览的关键作用... 了解浏览器成为核心工作区如何要求将 SASE 扩展到新的领域。](https://www.paloaltonetworks.com/blog/sase/critical-role-of-enterprise-browsers-in-a-sase-framework/) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=10%20%E4%B8%AA%E5%AE%89%E5%85%A8%E4%BC%81%E4%B8%9A%E6%B5%8F%E8%A7%88%E5%99%A8%E4%BD%BF%E7%94%A8%E6%A1%88%E4%BE%8B%20%5B%2B%20%E7%A4%BA%E4%BE%8B%E5%92%8C%E6%8F%90%E7%A4%BA%5D&body=%E5%AE%89%E5%85%A8%E4%BC%81%E4%B8%9A%E6%B5%8F%E8%A7%88%E5%99%A8%E7%9A%84%E7%94%A8%E4%BE%8B%E5%8C%85%E6%8B%AC%E6%89%BF%E5%8C%85%E5%95%86%E7%9A%84%E5%AE%89%E5%85%A8%E8%AE%BF%E9%97%AE%E3%80%81BYOD%E3%80%81GenAI%E3%80%81%E5%B9%B6%E8%B4%AD%E4%BB%A5%E5%8F%8A%E5%87%8F%E5%B0%91%20VDI%20%E7%9A%84%E4%BD%BF%E7%94%A8%EF%BC%8C%E5%90%8C%E6%97%B6%E4%BF%9D%E6%8A%A4%E6%95%B0%E6%8D%AE%E5%B9%B6%E9%98%B2%E6%AD%A2%E5%A8%81%E8%83%81%E3%80%82%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/secure-enterprise-browser-use-cases) 返回页首 {#footer} ## 产品和服务 * [实时人工智能驱动的网络安全](https://www.paloaltonetworks.cn/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.cn/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.cn/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.cn/sase/ai-access-security?ts=markdown) * [云交付的安全服务](https://www.paloaltonetworks.cn/network-security/security-subscriptions?ts=markdown) * [高级威胁预防](https://www.paloaltonetworks.cn/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.cn/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.cn/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.cn/network-security/advanced-dns-security?ts=markdown) * [企业数据丢失防护](https://www.paloaltonetworks.cn/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.cn/network-security/enterprise-iot-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.cn/network-security/medical-iot-security?ts=markdown) * [工业 OT 安全](https://www.paloaltonetworks.cn/network-security/industrial-ot-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.cn/sase/saas-security?ts=markdown) * [新一代防火墙](https://www.paloaltonetworks.cn/network-security/next-generation-firewall?ts=markdown) * [硬件防火墙](https://www.paloaltonetworks.cn/network-security/hardware-firewall-innovations?ts=markdown) * [软件防火墙](https://www.paloaltonetworks.cn/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.cn/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.cn/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.cn/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.cn/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.cn/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.cn/sase?ts=markdown) * [应用加速](https://www.paloaltonetworks.cn/sase/app-acceleration?ts=markdown) * [自主数字体验管理](https://www.paloaltonetworks.cn/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.cn/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.cn/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.cn/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.cn/sase/sd-wan?ts=markdown) * [远程浏览器隔离](https://www.paloaltonetworks.cn/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.cn/sase/saas-security?ts=markdown) * [基于 AI 的安全运营平台](https://www.paloaltonetworks.cn/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.cn/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.cn/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.cn/cortex/cloud/application-security?ts=markdown) * [云态势安全](https://www.paloaltonetworks.cn/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.cn/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.cn/prisma/cloud?ts=markdown) * [人工智能驱动的 SOC](https://www.paloaltonetworks.cn/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.cn/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.cn/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.cn/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.cn/cortex/cortex-xpanse?ts=markdown) * [Unit 42 托管检测和响应](https://www.paloaltonetworks.cn/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.cn/cortex/managed-xsiam?ts=markdown) * [威胁情报和事件响应服务](https://www.paloaltonetworks.cn/unit42?ts=markdown) * [主动评估](https://www.paloaltonetworks.cn/unit42/assess?ts=markdown) * [事故响应](https://www.paloaltonetworks.cn/unit42/respond?ts=markdown) * [安全策略转型](https://www.paloaltonetworks.cn/unit42/transform?ts=markdown) * [发现威胁情报](https://www.paloaltonetworks.cn/unit42/threat-intelligence-partners?ts=markdown) ## 公司 * [关于我们](https://www.paloaltonetworks.cn/about-us?ts=markdown) * [人才招聘](https://jobs.paloaltonetworks.com/en/) * [联系我们](https://www.paloaltonetworks.cn/company/contact-sales?ts=markdown) * [企业责任](https://www.paloaltonetworks.com/about-us/corporate-responsibility) * [客户](https://www.paloaltonetworks.cn/customers?ts=markdown) * [投资者关系](https://investors.paloaltonetworks.com/) * [位置](https://www.paloaltonetworks.com/about-us/locations) * [新闻资讯](https://www.paloaltonetworks.cn/company/newsroom?ts=markdown) ## 热门链接 * [博客](https://www.paloaltonetworks.com/blog/?lang=zh-hans) * [社区](https://www.paloaltonetworks.com/communities) * [内容库](https://www.paloaltonetworks.cn/resources?ts=markdown) * [网络百科](https://www.paloaltonetworks.com/cyberpedia) * [事件中心](https://events.paloaltonetworks.com/) * [管理电子邮件首选项](https://start.paloaltonetworks.com/preference-center) * [产品清单](https://www.paloaltonetworks.cn/products/products-a-z?ts=markdown) * [产品认证](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance) * [报告漏洞](https://www.paloaltonetworks.com/security-disclosure) * [网站地图](https://www.paloaltonetworks.cn/sitemap?ts=markdown) * [技术文档](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [请勿出售或分享我的个人信息](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [隐私](https://www.paloaltonetworks.com/legal-notices/privacy) * [信任中心](https://www.paloaltonetworks.com/legal-notices/trust-center) * [使用条款](https://www.paloaltonetworks.com/legal-notices/terms-of-use) * [文档](https://www.paloaltonetworks.com/legal) 版权所有 © 2025 Palo Alto Networks。保留所有权利 * [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * CN Select your language