What is Zero Trust
Platform
- Security, Authorization & Access Controls
  Provides CASB, Malware Defense and DLP Across All Users, Devices & Resources
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all applications
  - Adaptive Access Policies
    Provides Continuous Conditional Access to Apps, Data & Services
  - Criteria-Based Access Policies
    Provides Role-Based Access to Sensitive Apps & Data
  - ChatGPT Risk Module
    Monitors and Secures User ChatGPT Conversations
  - Malware Defense
    Prevents Ransomware & Device Infections
  - Data Loss Prevention
    Ensures Sensitive Information is not Lost
  - RBI and Browser Isolation
    Provides Contractors, 3rd Parties & BYOD Secure Access to Resources
  - Device Posture Checks
    Including Anti-malware, Firewall & Disk Encryption for Compliance
  - SSL Decryption
    Ensures Policies & Protection Apply to Encrypted Content
  - Secure Mobile Users
    Automatically & Transparently Secure All Traffic From Devices In & Out of the Office
  - Outbound Firewall Protection
    Extends Beyond the Physical Network Perimeter
  - DNS Security
    Quickly Secures BYOD Networks with Simple Configuration
- Application & Data Discovery
  Clearly Understand What Needs Protection
  - CASB
    Provides In-App Controls for Granular Access Decisions
  - Built-in Resource Catalog
    Enables Classification of Protected Apps and Services
  - Asset & Device Catalog
    Ensures Devices are Healthy, Compliant & Secure
  - Resource Labeling by Type & Security Objective
    Enables Risk Assessments and Understanding Business Impact of Sensitive Resources
  - Automatic Resource Discovery & Classification
    Reduces Overhead on Security Teams and Identifies Shadow IT
- Federated Identity Provider Integration
  Eliminates Unauthorized Users and Provides Role-Based Access Policies
  - SSO Identity Providers
    Integrates with Identity Providers Including Azure AD, Okta, Ping, SAML, OIDC
  - Step-Up Authentication
    Ensures the Right Level of Identity Confidence When Accessing Sensitive Resources
  - Group-Based Policies
    Leverage Okta, Azure AD and SAML Providers to Simplify Creation & Management of Security Policies
  - SSO for Legacy Apps
    Ensures Modern Authentication is Performed Even When Apps Do Not Support It
  - Supports Multiple Concurrent Identity Providers
    Authenticate Users Across Multiple Domains
- Alerting, Auditing, Logging & Reporting
  Provides In-Depth Detailed Visibility For Security Teams Across All Users, Devices & Transactions
  - Detailed Logging and Reporting
    Provides Visibility for Every Resource Transaction
  - Risk & Threat Reports
    List Infected Devices & High Risk Users
  - Digital Experience Management
    Provides Insights Into End-user Experience While Leveraging Business-critical SaaS Applications
  - Next-Gen Incident Dashboard
    Monitor and Instantly Address Security Threats
  - ChatGPT Risk Module
    Controlled Use of ChatGPT With Security and Monitoring
  - SIEM Integration
    Ensures Logs Are Copied to External Databases
  - Splunk Enterprise Security Add-On
    Automatically Populate Your Splunk Dashboards With Valuable Data
  - Integrates with Your Security Stack
    Including ICAP, Proxy Chaining and Log Forwarding
- Cloud Security & Connectivity
  Easily Protect Apps & Data Across SaaS, Cloud & Datacenters
  - iboss Zero Trust SD-WAN
    Streamline Connectivity & Security with iboss Zero Trust SD-WAN
  - Azure Cloud Security Gateways
    Extend the Security Edge Natively, Ensuring Robust Protection While Reducing Backhauling Costs
  - iboss ZTNA VPN Co-Pilot
    Provides a Transparent and Seamless Transition From VPN to ZTNA
  - Connect Organization Owned Devices
    Provides Access & Ensures Compliance Checks
  - Connect SaaS Apps
    Including O365 & Teams to Offload Overloaded On-Prem Proxies
  - Connect Cloud Providers
    Including AWS & Azure to Protect Multi-Cloud Resources
  - Connect On-Prem Resources
    Within Datacenters with Drop-In Proxy Replacements Eliminating High Renewal Costs
  - Terminal Server Protection
    With Unique Policies & Logging for Each User
  - IPsec & GRE Tunnels
    Provides Branch Office Local Internet Breakouts to Cloud Security
  - Private On-Prem Gateways
    Extends the Security Service Edge into the Datacenter to Protect Local Resources
  - Offload MPLS
    MPLS & SD-WAN Become More Efficient with Cloud Security
  - Dedicated Cloud IPs
    Enable Resource Anchoring to Ensure Proper Authorization & Third-Party Integration
Industry
- Mitie Switches to iboss For Fast and Secure Connections
  Mitie, a Global Provider of Smart Spaces, successfully migrates 8,500 devices from Zscaler to iboss in under 3 weeks.
  View Case study
- Business
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Cloud-Based Branch Office Web Security
    Eliminate data backhaul to on-prem appliances from remote offices
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to Any External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Ensure GDPR Compliance
    The iboss cloud allows admin configurable zones to ensure cloud security is applied while meeting regulatory requirements
- Healthcare
  - For Healthcare
    Fast and Secure Connectivity from Anywhere, Designed for Healthcare
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all cloud applications
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Integrates with your existing security stack
    Easily integrate iboss cloud with your existing workflows using a 100% open API
  - Terminal Server Protection in the Cloud
    User based policies and reporting for Windows Terminal Servers
  - Make MPLS and SD-WAN More Efficient with Cloud Security
    Send internet traffic directly to the cloud from branch offices to alleviate this load from private site-to-site connections
  - Data Loss Prevention
    Secure sensitive data with data loss prevention
- Finance
  - For Finance
    Fast and Secure Connectivity from Anywhere, Designed for Financial Institutions
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all cloud applications
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Integrates with your existing security stack
    Easily integrate iboss cloud with your existing workflows using a 100% open API
  - Terminal Server Protection in the Cloud
    User based policies and reporting for Windows Terminal Servers
  - Make MPLS and SD-WAN More Efficient with Cloud Security
    Send internet traffic directly to the cloud from branch offices to alleviate this load from private site-to-site connections
  - Data Loss Prevention
    Secure sensitive data with data loss prevention
- Education
  - Student Risk Module Identifies Threats
    Safeguard Student Risk to monitor signs of cheating, suicide, drug use, bullying, violence, and mass shootings, to protect students & schools
  - Web Filtering for CIPA Compliance
    Streamline web filtering and CIPA compliance for students whether on campus or at home
  - Granular Student Web Activity Reports
    Generate detailed web activity history reports for any student which includes on-campus at home Internet use
  - YouTube and Social Media Controls
    Safe access to Google, YouTube and social media including Safe Search enforcement
  - Automatic Safe Search Enforcement
    Enforce Safe Search across search engines including Google, Bing, Yahoo and YouTube
  - Create Teacher and Student Based Policies
    Flexible filtering polices for teachers vs. students across any device on or off network
  - Cloud Web Security for One to One Initiatives
    Easily take home devices in the cloud to ensure CIPA compliance at all times
  - Ensure Fast Connections During State Testing
    Achieve seamless and uninterrupted state testing
  - iboss Classroom Management
    Visually monitor the activities of all of your students, from any location
- Government
  - For Government
    Fast and Secure Connectivity from Anywhere, Designed for Government
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all cloud applications
  - Complete Data Isolation & Extensible Platform for Government Entities
    The best choice for government entities for fast and secure connections for users from anywhere with a SASE platform that completely isolates network data traffic
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Integrates with your existing security stack
    Easily integrate iboss cloud with your existing workflows using a 100% open API
  - Terminal Server Protection in the Cloud
    User based policies and reporting for Windows Terminal Servers
  - Data Loss Prevention
    Secure sensitive data with data loss prevention
Use Cases
- Replacement Use Cases
- Replace VPN with ZTNA
- Replace Proxy with SSE
- Replace VDI with Browser Isolation
Resources
- Award Winning Cloud Security Platform
  The iboss Zero Trust Secure Access Service Edge is consistently recognized as an industry leader in cloud security. Our patented containerized cloud architecture ensures secure, fast and reliable connectivity to cloud applications from any device, from any location.
  View Awards & Recognition
- Cloud Data Centers
  View Global Cloud Points of Presence that deliver the iboss Zero Trust SASE
- Cloud Status
  View real time status of the global Zero Trust Security Service Edge
- News
  See iboss in the latest news
- Blog
  Latest insights on Zero Trust Security Topics
- Events
  Join us for upcoming events and webinars
- FAQ
  Get answers to frequently asked questions
- Solution Briefs
  Detailed solution briefs covering iboss Zero Trust Security Use Cases
- Reviews
  Recognized by industry experts as the leading Zero Trust Security Platform
- Case Studies
  Learn how the iboss platform has been leveraged by leading organizations around the world
- Cloud Compliance
  The iboss global cloud fabric meets industry standards and certifications, including SOC1, SOC2 and ISO compliance
- Patents
  The iboss platform is protected by over 250 issued and pending patents
- Demo Videos
  View videos and demos of the iboss Zero Trust Platform
- Awards
  The most award winning Zero Trust Security Service Edge
- Careers
  Join the iboss team
Partners
- iboss Partners
  Partnering with iboss for Success
- Technology Alliances
  The iboss Cloud Platform extends capabilities with leading Technology Alliances Partners
- iboss MSP
  Scale your MSP offering by leveraging iboss to secure Internet access in the cloud
Get Demo
Get Pricing

Data Loss Prevention Ensures Sensitive Information does not Leak

All resources, such as applications, data and services, are protected and are inaccessible without going through the iboss Zero Trust SASE

The iboss Zero Trust Secure Access Service Edge has full content inspection capabilities for data loss prevention, including the ability to scrape spreadsheets, analyze Microsoft Word documents and inspect deep into web page content data. As information is exchanged between users, sensitive resources and the public cloud, the iboss Zero Trust Secure Access Service Edge is analyzing the transfers with full context to prevent data loss. Data Loss Prevention capabilities also include Exact Data Match, or EDM, to find exact records within content. With the ability of the iboss Zero Trust Secure Access Service Edge to be close to the user and close to the resource, data loss prevention can be accomplished regardless of where the user works or the resource resides.

Inspect deep inside content for sensitive information and personal data

Data Loss Prevention policies can be applied to users, groups and resources

Reads document labels to apply data loss prevention rules, including labels from Microsoft Information Protection

Supports regular expressions for custom match patterns

Exact Data Match capable of handling extremely large data sets

Reduce complexity and false positives with pre and post-scan Lua Logic

Enhanced Desktop App Notifications

Inspect deep inside content for sensitive information and personal data

The iboss Zero Trust Secure Access Service Edge inspects full content, including content on documents, spreadsheets, web pages and SaaS applications. With access to the full content when data is transferred between users and applications, the ability to apply data loss prevention rules that are capable of searching for personal data and sensitive information is possible. The iboss platform inspects data as it moves between applications, devices and users and enforces policies that ensure data only resides where it is compliant and secure.

The data loss prevention algorithms run natively within the iboss cloud platform and are optimized for performance. They are applied to the full content during data transfers to ensure full context is available when searching for matches. With the iboss Zero Trust Secure Access Service Edge, users are able to connect directly to business-critical applications while data loss prevention policies are enforced in the cloud.

The data loss prevention engine has built-in algorithms for information such as:

Credit Card Numbers
Credit Card Stripe Data
Personal data such as phone numbers and email addresses

data loss prevention engine has built-in algorithms progress

data loss prevention engine has built-in algorithms 1 for Credit Card Numbers

data loss prevention engine has built-in algorithms 2 Credit Card Stripe Data

data loss prevention engine has built-in algorithms 3 PII

Data Loss Prevention policies can be applied to users, groups and resources

The dynamic policy engine within the iboss Zero Trust Secure Access Service Edge allows data loss prevention policies to be applied effectively when needed. Data loss prevention policies can be linked to specific sensitive resources, to specific users or to specific groups of users. Different data loss prevention policies can also be applied depending on the protection or compliance scenario. Group membership is tied directly to Azure AD, Okta, Ping or any other identity provider that supports SAML so that data loss prevention policies can be created easily and effectively.

Reads document labels to apply data loss prevention rules, including labels from Microsoft Information Protection

The iboss Zero Trust Secure Access Service Edge is capable of extracting and reading document labels to apply data loss prevention rules depending on the type of labeled content that is being transferred. The content analysis engine can inspect labels from Microsoft Information Protection (MIP) or other document labeling systems such as Fortra’s Classifier Suite (formerly Boldon James). When a specific label is encountered for sensitive data that is being transferred to a non-compliant location, the iboss can prevent the transfer eliminating the risk. Different data loss prevention rules can be created to match various document labels and take different actions depending on the situation being addressed.

Reads document labels to apply data loss prevention rules screen

labels from Microsoft Information Protection DLP - MIP 1

Supports regular expressions to content for custom match patterns

Supports regular expressions for custom match patterns

The iboss Zero Trust Secure Access Service Edge supports the use of regular expressions so that any type of content can be matched in cases that custom patterns are necessary. These search patterns will be applied to document text, including document formats such as Microsoft Word and Microsoft Excel. Regular expressions will apply to content within encrypted HTTPS connections when decryption of content is enabled within the iboss platform.

Exact Data Match capable of handling extremely large data sets

The iboss Zero Trust Secure Access Service Edge also supports Exact Data Match, or EDM, so that specific words or phrases can be matched within content. This is a powerful solution for organizations that have specific database records, such as patient information or credit card numbers, and want to ensure those specific records to not leak resulting in data loss. The iboss Exact Data Match capability can handle hundreds of millions of records and is designed for scale and data security.

Offline data indexing is possible with the iboss indexing tool which will hash the sensitive records prior to being leveraged for Exact Data Match within the iboss platform. The indexing tool ensures that data is not plain text readable and is protected from brute force attacks. The indexer can process the data set offline and also upload the pre-indexed data automatically. It’s designed to run on any platform, including Linux and Windows, and can be included with bash script processing to eliminate human interaction with the indexed data.

Multiple Exact Data Match templates can be used as well with each template containing any number of columns with varying data types. There is no limit to the number of columns that can be configured and unlike Zscaler, the iboss Exact Data Match engine does not count each column as a row when considering maximum number of records. The iboss platform can do any number of columns and hundreds of millions of rows to support vast Exact Data Match data sets.

Exact Data Match capable of handling extremely large data sets

Exact Data Match also supports match criteria with boolean expressions so that a match is considered only when the boolean expression is met which derived from the multiple columns being matched. Complex boolean expressions are supported and multiple match criteria are supported as well. When a match criteria is met, a confidence score can be assigned to get more context in the likelihood of a breach.

Reduce Complexity and False Positives with Pre and Post-Scan Lua Logic

iboss elevates Data Loss Prevention (DLP) through its pre and post-scan Lua Logic feature, utilizing a sophisticated IDE text editor for script creation. This functionality enables the crafting of custom DLP policy logic by allowing administrators to develop Lua scripts that execute before and after the scanning process.

Pre-scan Lua logic prepares data for scanning by filtering out irrelevant information, significantly cutting down on system strain and false positives. This step customizes data inputs based on complex criteria, making the scan more efficient and focused.

Post-scan Lua logic comes into play after the scan, offering a means to sift through results with additional criteria. It automates responses based on the outcomes, enhancing decision-making processes and tailoring actions in line with organizational policies.

By integrating both pre and post-scan Lua logic, iboss provides a dynamic approach to minimize false positives and streamline DLP policy management. This approach not only offers flexibility and efficiency but also aligns DLP operations closely with an organization’s specific requirements, ensuring data protection is both precise and effective.

Enhanced Desktop App Notifications

The iboss platform’s Enhanced Desktop Notifications capability bridges the gap between user interaction and security enforcement, all while maximizing convenience. As part of the iboss Zero Trust SASE, the feature complements the platform’s dynamic security by pushing essential notifications directly to the user’s desktop.

Whether the need arises for advanced authentication in non-browser applications or immediate attention is needed due to DLP violations, the Enhanced Desktop Notifications feature delivers clear, interactive alerts. Unlike traditional systems that often struggle with non-browser-based applications, this iboss capability simplifies the process. It allows users to validate their identity in applications like SSH with the same modern SAML authentication methods used in browser-based apps.

The feature also addresses DLP violations in an innovative way. Even if a violation is detected within a custom widget in a modern app, this feature ensures that the violation alert is clear and actionable, overcoming the limitations of browser-based notifications. Furthermore, it enables end-users to request exceptions within the notification modal itself, saving time and facilitating a smoother workflow.

The Enhanced Desktop Notifications feature is a unique extension of the iboss Zero Trust SASE platform. It is designed to provide instant, unambiguous notifications to end-users, including step-up authentication requests for non-browser applications and alerts for Data Loss Prevention (DLP) violations. This feature offers users the option to request exceptions directly within the notification modal, facilitating real-time resolution of access issues.

Experience the Power of Zero Trust: Replace Your Legacy VPN, Proxy Appliances, and VDI with iboss

REQUEST DEMO CONTACT US