Today we are announcing the general availability of three new features for the iboss SASE Cloud Platform. The new capabilities include API CASB, Advanced CASB controls and Remote Browser Isolation (RBI). These latest enhancements continue to expand the Cloud Access Security Broker (CASB) functionality, security, and data leakage protection abilities available on the iboss platform.
The iboss platform offers many CASB features that control and limit access to cloud apps and identify and prevent data leakage. The API CASB functionality allows the iboss platform to support out-of-band access to files via APIs for Box, Google and Microsoft 365. This integration with Box, Google and Microsoft 365 enables the iboss platform to generate a list of files a user has stored in each of these cloud services. This file and user information allows the iboss platform to do further analysis on the content including malware detection and DLP compliance. If any DLP violations are discovered or any file stored within the cloud service contains malware, the file will be flagged along with the specific user. This information provides greater insight into the data at rest in Box, Google and Microsoft 365 and ensures that any DLP violations or malware threats can be remediated quickly.
Advanced CASB Controls
The Advanced CASB controls feature provides additional controls over cloud applications including Azure, AWS EC2, GitHub and more. CASB rules can be configured to trigger a response based on certain actions by the user. An AWS EC2 control example includes block the creation, deleting, listing, and changing of security groups for AWS EC2 instances. This capability can be leveraged to not only block access to unsanctioned cloud apps and services but also provide granular restrictions.
The new platform capabilities announced today extend the CASB and DLP controls, while providing additional security with the new RBI enhancement. These additional features continue to increase the number of ways our customers utilize the iboss Cloud Platform’s capabilities to support their journey to SASE cloud.
Remote Browser Isolation (RBI)
All traffic going through the iboss cloud is subject to comprehensive security scanning including IPS, malware protection, DLP and CASB, the new RBI feature adds another level of security protection. The RBI feature should be enabled for situations where users need access to web sites that are categorized as high-risk, to safeguard the endpoint from malware and other threats. The RBI feature protects the user’s device and browser from malware by instantiating a remote session that isolates the web traffic and never allows the user’s native browser direct access to that web resource. This increases protection and reduces the attack surface to stop malware and other threats from trying to exploit that user’s device.
In addition to enhancing security, the iboss RBI feature can also be used to control and allow access to sensitive data hosted in public cloud apps like Box, Dropbox, Salesforce, and more. In this scenario a user is requesting access to files in one or more of the cloud apps from an unmanaged device. To ensure the sensitive data is not downloaded or leaked by the user working from the unmanaged device, the iboss platform instantiates a remote session to allow that user secure data access.
The user on the unmanaged device is required to use an RBI that allows viewing and modify-only access to the files, while preventing the user from moving data from a trusted to untrusted location or device. In this case the sensitive information hosted in the public cloud has additional safeguards that prevent unauthorized downloading by users working from unmanaged devices.
For more information on the iboss Cloud Platform, visit: www.iboss.com/sase.