What is Zero Trust
Platform
- Security, Authorization & Access Controls
  Provides CASB, Malware Defense and DLP Across All Users, Devices & Resources
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all applications
  - Adaptive Access Policies
    Provides Continuous Conditional Access to Apps, Data & Services
  - Criteria-Based Access Policies
    Provides Role-Based Access to Sensitive Apps & Data
  - ChatGPT Risk Module
    Monitors and Secures User ChatGPT Conversations
  - Malware Defense
    Prevents Ransomware & Device Infections
  - Data Loss Prevention
    Ensures Sensitive Information is not Lost
  - RBI and Browser Isolation
    Provides Contractors, 3rd Parties & BYOD Secure Access to Resources
  - Device Posture Checks
    Including Anti-malware, Firewall & Disk Encryption for Compliance
  - SSL Decryption
    Ensures Policies & Protection Apply to Encrypted Content
  - Secure Mobile Users
    Automatically & Transparently Secure All Traffic From Devices In & Out of the Office
  - Outbound Firewall Protection
    Extends Beyond the Physical Network Perimeter
  - DNS Security
    Quickly Secures BYOD Networks with Simple Configuration
- Application & Data Discovery
  Clearly Understand What Needs Protection
  - CASB
    Provides In-App Controls for Granular Access Decisions
  - Built-in Resource Catalog
    Enables Classification of Protected Apps and Services
  - Asset & Device Catalog
    Ensures Devices are Healthy, Compliant & Secure
  - Resource Labeling by Type & Security Objective
    Enables Risk Assessments and Understanding Business Impact of Sensitive Resources
  - Automatic Resource Discovery & Classification
    Reduces Overhead on Security Teams and Identifies Shadow IT
- Federated Identity Provider Integration
  Eliminates Unauthorized Users and Provides Role-Based Access Policies
  - SSO Identity Providers
    Integrates with Identity Providers Including Azure AD, Okta, Ping, SAML, OIDC
  - Step-Up Authentication
    Ensures the Right Level of Identity Confidence When Accessing Sensitive Resources
  - Group-Based Policies
    Leverage Okta, Azure AD and SAML Providers to Simplify Creation & Management of Security Policies
  - SSO for Legacy Apps
    Ensures Modern Authentication is Performed Even When Apps Do Not Support It
  - Supports Multiple Concurrent Identity Providers
    Authenticate Users Across Multiple Domains
- Alerting, Auditing, Logging & Reporting
  Provides In-Depth Detailed Visibility For Security Teams Across All Users, Devices & Transactions
  - Detailed Logging and Reporting
    Provides Visibility for Every Resource Transaction
  - Risk & Threat Reports
    List Infected Devices & High Risk Users
  - Digital Experience Management
    Provides Insights Into End-user Experience While Leveraging Business-critical SaaS Applications
  - Next-Gen Incident Dashboard
    Monitor and Instantly Address Security Threats
  - ChatGPT Risk Module
    Controlled Use of ChatGPT With Security and Monitoring
  - SIEM Integration
    Ensures Logs Are Copied to External Databases
  - Splunk Enterprise Security Add-On
    Automatically Populate Your Splunk Dashboards With Valuable Data
  - Integrates with Your Security Stack
    Including ICAP, Proxy Chaining and Log Forwarding
- Cloud Security & Connectivity
  Easily Protect Apps & Data Across SaaS, Cloud & Datacenters
  - iboss Zero Trust SD-WAN
    Streamline Connectivity & Security with iboss Zero Trust SD-WAN
  - Azure Cloud Security Gateways
    Extend the Security Edge Natively, Ensuring Robust Protection While Reducing Backhauling Costs
  - iboss ZTNA VPN Co-Pilot
    Provides a Transparent and Seamless Transition From VPN to ZTNA
  - Connect Organization Owned Devices
    Provides Access & Ensures Compliance Checks
  - Connect SaaS Apps
    Including O365 & Teams to Offload Overloaded On-Prem Proxies
  - Connect Cloud Providers
    Including AWS & Azure to Protect Multi-Cloud Resources
  - Connect On-Prem Resources
    Within Datacenters with Drop-In Proxy Replacements Eliminating High Renewal Costs
  - Terminal Server Protection
    With Unique Policies & Logging for Each User
  - IPsec & GRE Tunnels
    Provides Branch Office Local Internet Breakouts to Cloud Security
  - Private On-Prem Gateways
    Extends the Security Service Edge into the Datacenter to Protect Local Resources
  - Offload MPLS
    MPLS & SD-WAN Become More Efficient with Cloud Security
  - Dedicated Cloud IPs
    Enable Resource Anchoring to Ensure Proper Authorization & Third-Party Integration
Industry
- Mitie Switches to iboss For Fast and Secure Connections
  Mitie, a Global Provider of Smart Spaces, successfully migrates 8,500 devices from Zscaler to iboss in under 3 weeks.
  View Case study
- Business
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Cloud-Based Branch Office Web Security
    Eliminate data backhaul to on-prem appliances from remote offices
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to Any External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Ensure GDPR Compliance
    The iboss cloud allows admin configurable zones to ensure cloud security is applied while meeting regulatory requirements
- Healthcare
  - For Healthcare
    Fast and Secure Connectivity from Anywhere, Designed for Healthcare
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all cloud applications
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Integrates with your existing security stack
    Easily integrate iboss cloud with your existing workflows using a 100% open API
  - Terminal Server Protection in the Cloud
    User based policies and reporting for Windows Terminal Servers
  - Make MPLS and SD-WAN More Efficient with Cloud Security
    Send internet traffic directly to the cloud from branch offices to alleviate this load from private site-to-site connections
  - Data Loss Prevention
    Secure sensitive data with data loss prevention
- Finance
  - For Finance
    Fast and Secure Connectivity from Anywhere, Designed for Financial Institutions
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all cloud applications
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Integrates with your existing security stack
    Easily integrate iboss cloud with your existing workflows using a 100% open API
  - Terminal Server Protection in the Cloud
    User based policies and reporting for Windows Terminal Servers
  - Make MPLS and SD-WAN More Efficient with Cloud Security
    Send internet traffic directly to the cloud from branch offices to alleviate this load from private site-to-site connections
  - Data Loss Prevention
    Secure sensitive data with data loss prevention
- Education
  - Student Risk Module Identifies Threats
    Safeguard Student Risk to monitor signs of cheating, suicide, drug use, bullying, violence, and mass shootings, to protect students & schools
  - Web Filtering for CIPA Compliance
    Streamline web filtering and CIPA compliance for students whether on campus or at home
  - Granular Student Web Activity Reports
    Generate detailed web activity history reports for any student which includes on-campus at home Internet use
  - YouTube and Social Media Controls
    Safe access to Google, YouTube and social media including Safe Search enforcement
  - Automatic Safe Search Enforcement
    Enforce Safe Search across search engines including Google, Bing, Yahoo and YouTube
  - Create Teacher and Student Based Policies
    Flexible filtering polices for teachers vs. students across any device on or off network
  - Cloud Web Security for One to One Initiatives
    Easily take home devices in the cloud to ensure CIPA compliance at all times
  - Ensure Fast Connections During State Testing
    Achieve seamless and uninterrupted state testing
  - iboss Classroom Management
    Visually monitor the activities of all of your students, from any location
- Government
  - For Government
    Fast and Secure Connectivity from Anywhere, Designed for Government
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all cloud applications
  - Complete Data Isolation & Extensible Platform for Government Entities
    The best choice for government entities for fast and secure connections for users from anywhere with a SASE platform that completely isolates network data traffic
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Integrates with your existing security stack
    Easily integrate iboss cloud with your existing workflows using a 100% open API
  - Terminal Server Protection in the Cloud
    User based policies and reporting for Windows Terminal Servers
  - Data Loss Prevention
    Secure sensitive data with data loss prevention
Use Cases
- Replacement Use Cases
- Replace VPN with ZTNA
- Replace Proxy with SSE
- Replace VDI with Browser Isolation
Resources
- Award Winning Cloud Security Platform
  The iboss Zero Trust Secure Access Service Edge is consistently recognized as an industry leader in cloud security. Our patented containerized cloud architecture ensures secure, fast and reliable connectivity to cloud applications from any device, from any location.
  View Awards & Recognition
- Cloud Data Centers
  View Global Cloud Points of Presence that deliver the iboss Zero Trust SASE
- Cloud Status
  View real time status of the global Zero Trust Security Service Edge
- News
  See iboss in the latest news
- Blog
  Latest insights on Zero Trust Security Topics
- Events
  Join us for upcoming events and webinars
- FAQ
  Get answers to frequently asked questions
- Solution Briefs
  Detailed solution briefs covering iboss Zero Trust Security Use Cases
- Reviews
  Recognized by industry experts as the leading Zero Trust Security Platform
- Case Studies
  Learn how the iboss platform has been leveraged by leading organizations around the world
- Cloud Compliance
  The iboss global cloud fabric meets industry standards and certifications, including SOC1, SOC2 and ISO compliance
- Patents
  The iboss platform is protected by over 250 issued and pending patents
- Demo Videos
  View videos and demos of the iboss Zero Trust Platform
- Awards
  The most award winning Zero Trust Security Service Edge
- Careers
  Join the iboss team
Partners
- iboss Partners
  Partnering with iboss for Success
- Technology Alliances
  The iboss Cloud Platform extends capabilities with leading Technology Alliances Partners
- iboss MSP
  Scale your MSP offering by leveraging iboss to secure Internet access in the cloud
Get Demo
Get Pricing

Blog

iboss Integrates Seamlessly with SD-WAN Solutions to Provide Cloud-Based Internet Security

October 1, 2019

Have you moved to an SD-WAN solution, hoping to reduce costs and increase efficiency? If so, you may have run into these common challenges:

The amount of traffic being back-hauled through private SD-WAN links is still substantially high adding latency to cloud applications.
The cost of deploying onsite full stack security, along with hiring the staff needed to maintain it, remains high and is continuing to rise.
If you back-haul traffic from your branch offices to centralized network security appliances and proxies to enforce security policies, users experience high network latency.

Let’s take a look at how connecting branch offices directly to the iboss cloud reduces costs and latency while eliminating the need for data backhauling.

Reduce network latency and costs by eliminating data backhauling
Internet-bound traffic from branch offices can be sent directly to iboss cloud for security, while internal traffic remains on private SD-WAN links. Since iboss cloud peers directly with many popular SaaS platforms, including Microsoft Office 365, this increases user productivity and network speeds to cloud applications. This also minimizes network latency by eliminating the need to back-haul traffic unnecessarily through SD-WAN connections to the organization’s data center before it can be sent to the online service.

Realize cost-efficient scaling using elastic cloud capacity
Because iboss lives in the cloud, your account can be scaled infinitely to accommodate higher bandwidth or storage needs. Being able to scale automatically as your needs grow enables you to provide secure Internet access that is cost-efficient at any scale — from small, branch offices and remote users to entire campuses.

Broad compatibility with SD-WAN solutions
The iboss cloud supports a comprehensive set of GRE and IPsec tunneling modes and standards. This versatility enables you to integrate the iboss cloud with nearly any SD-WAN deployment.

Improve time-to-value by minimizing upfront costs
Deploying physical secure web gateway appliances requires significant upfront investments. The elasticity of the iboss cloud enables you to scale your costs proportionally as you grow. Reducing the expense of maintaining physical infrastructure improves the cost-effectiveness of supporting branch offices and remote users, without compromising security.

Apply regional and global security policies by using geolocation to identify SD-WAN endpoints
The iboss cloud has points of presence spanning every continent. This enables you to provide users at remote offices with secure, low-latency internet access and consistent security policies. The iboss cloud has a modular policy system that supports inheritance and layers. This enables you to efficiently configure and deploy security policies with minimal redundancy.

Use 100% dedicated IP addresses to integrate with secure cloud SaaS applications
Since the iboss cloud provides 100% dedicated IP addresses to their customers, users always present a source IP address that is associated with your organization. This means that users always appear to be accessing the Internet from within your network regardless of whether they’re in the office or on the road. This simplifies the integration with SaaS platforms, where access is typically restricted to an organization’s IP range.

Demonstration: Creating a Local Internet Breakout Using GRE and IPsec

Here’s a quick demonstration of using GRE and IPsec to create local internet breakouts from a branch office in an SD-WAN.

Suppose that this office is located in Frankfurt, Germany. To ensure the best performance, we’ll connect our tunnels to a local iboss cloud point of presence in Germany.

From the Node Collection Management page (Figure 1), notice the Location column.

Figure 1 - The Node Collection page with a list of cloud nodes in different regions

This displays the region of each of the nodes for this iboss cloud account. For this example, cloud-node-26800 is in the emea-de region (Germany). The iboss cloud enables you to connect a tunnel directly to the nearest point of presence.

Before we go any further, remember that we are adding a tunnel that connects the SD-WAN endpoint and the iboss cloud. You may need to review the configuration of your SD-WAN appliance to verify some of the required settings. As you probably already realize, the values used in these examples are going to be different for your organization.

Example 1: GRE Tunneling

From your iboss cloud account, open the GRE Tunnels page for the node where the tunnel will be connected. From this page, we can add a GRE tunnel (Figure 2).

Figure 2 - The GRE Tunnels page, with no tunnels defined

Clicking the Add GRE Tunnel button loads a window where you can enter the GRE settings (Figure 3).

To configure the tunnel, you’ll need the public IP address of your SD-WAN endpoint, as well as a pair of private (non-routable) IPs for the inside addresses. These are used to establish a private point-to-point connection between the SD-WAN endpoint and the iboss cloud. The GRE Tunnel Name can be anything you want.

Figure 3 - The Add GRE Tunnel window, with example values added

Example 2: IPsec Tunneling

From your iboss cloud account, open the IPsec Tunnels page for the node where the tunnel will be connected. Turn on Enabled to reveal the Configured IPsec Tunnels section and click Save (Figure 4).

Figure 4 - The IPsec Tunnels page, after turning on Enabled

Click Add IPsec Tunnel to load a window with a set of configuration fields (Figure 5).

Figure 5 - The Add IPsec Tunnel window, with a variety of cipher settings available

As with GRE, you’ll need the public IP address of your SD-WAN endpoint. For IPsec, you must also add the network IDs for the internal network and the Allowed Internet Subnet. These are sometimes referred to as the “right” and “left” subnets, respectively.

The Mode and IKE settings will depend on your hardware. Additionally, you can choose from a variety of cipher settings and add a Tunnel Secret (pre-shared key). And like GRE, the IPsec Tunnel Name can be anything you want.

Summary of Key Features

Let’s review the key benefits of connecting your branch offices to the iboss cloud, using GRE or IPsec:

It reduces network latency and costs by eliminating data backhauling which eliminates Internet-bound data from private SD-WAN connections
SaaS-delivered elastic cloud capacity allows for cost-efficient scaling as your organization grows.
Apply security policy to device connections for any amount of bandwidth and any quantity of encrypted HTTPS data without the need for appliances
It offers broad compatibility with SD-WAN solutions
By minimizing upfront costs, you can achieve a faster return on your investment.
It enables you to apply regional and global security policies by using geo-location to identify SD-WAN endpoints.
The iboss cloud provides customers with 100% dedicated IP addresses, allowing you to integrate with secure cloud SaaS applications.