No. As with all iboss Zero Trust Security Service Edge platform updates, no service interruptions are expected.
No. Your terms of service and existing subscription are unaffected.
Please ensure that the account is fully updated to version 10.0.1.40, including all cloud gateways, reporting, and browser isolation nodes.
With advanced authentication, the iboss Zero Trust Edge can perform automatic authentication step-up for resources associated with a resource policy. To learn more about implementing SAML/OIDC authentication with auto step-up please review our SAML/OIDC documentation here.
With advanced data redirection, connecting resources on private networks to the iboss Zero Trust Edge can be configured via IPsec tunnels, GRE tunnels, and/or SD-WAN. To learn more about configuration options including guides for integrating with Azure, AWS, Cisco, Palo Alto, Fortigate, Silver Peak, Sonic Wall, and others, please see our advanced data redirection documentation here.
With log forwarding, the iboss Zero Trust Edge provides granular external logging options. For information regarding supported log server types and formats, please visit our external logging documentation here.
The iboss cloud secures user Internet access on any device, from any location, in the cloud. It is a cloud-based platform with a focus on following users instead of perimeters to ensure that Internet access is always secure regardless of user location. Since users are always connected to iboss cloud, their access to the cloud and Internet is always protected. Administrators can apply compliance, web filtering, malware defense and data loss prevention to Internet access regardless of user location.
The iboss cloud is built on the notion of containerization. What this means is that the gateways that scrub data for protection within iboss cloud are containerized so that they process data in isolation from processing data for other customers. This allows for more security and the ability to horizontally scale. Horizontal scaling is important to allow for infinite growth in processing power for security as the data traversing the iboss cloud is divided across the containerized work units within the cloud.
The iboss cloud is sold as a 100% SaaS subscription. The iboss eliminates the need to purchase or manage web gateway appliances.
Secure Web Gateway appliances are perimeter-focused equipment designed to secure Internet access for users inside the office or organization. As users access the Internet from within the office, the user traffic is directed through the web gateway appliances for protection. Because web gateway appliances were designed for perimeters, securing users outside the office is a challenge as users are not normally connected to the on-prem web gateway appliances.
Web gateway appliances were created with a focus on protecting perimeters versus the users themselves. This is problematic as users are no longer restricted to working in the office. Since virtually all applications have moved to the cloud, users can access those applications from anywhere. What this means is that a user sitting in the office is no different from a user sitting outside the front door, in a coffee shop or at home. They can be productive from anywhere and access the cloud from anywhere. In order to secure that access with web gateway appliances, the only choice is to send all of the data back to where the appliances are hosted. This creates huge strains on the core network as the amount of bandwidth continues to increase for users everywhere. Web gateways are limited in how much bandwidth they can process which results in more costs and your network is limited on the amount of bandwidth it can sustain from outside users which only adds additional costs to purchase more. In addition, the user experience is terrible as backhauling to on-prem web gateway appliances is slow and cumbersome.
In the past, renewing a web gateway subscription was the easy thing to do. However, there are a number of items that are almost certain to occur:
- Bandwidth will increase
- Mobility will increase
- Applications will continue to move to the cloud
- The number of appliances will continue to decrease as applications move to the cloud
With the rate of at which bandwidth is increasing alone, the appliance you have in place today will not last another 3-5 years. Likely it will only have a life span of months as the appliance reaches its limits of the sheer amount of bandwidth it can process. And with users mobile and accessing cloud applications, sending that data back to those appliances will only shorten the time window for the current appliance.
The iboss cloud lives in the cloud and follows users wherever they go. Since users are always connected to iboss cloud, their connections are always secure regardless of whether they are in the office or anyplace else. Best of all, as bandwidth increases, the load is automatically handled by iboss cloud which can scale infinitely removing the burden from your organization. This results in substantially lower costs from not needing to purchase more gear and bandwidth. And users have the fastest connections possible making them more productive resulting in great organizational efficiencies and savings.
Although hosting a virtual firewall appliance in the cloud may appear like a good idea on the surface, there are many reasons you should avoid this strategy when digging further.
First, public cloud providers typically charge for bandwidth either entering their cloud or exiting their cloud. Sometimes they charge for both directions. In this example, let’s assume inbound bandwidth to the public cloud hosting the firewall is free and outbound bandwidth is not, as is the case with one of the largest cloud providers. Since all traffic from the devices being secured will need to go into the public cloud that is hosting the firewall and then be sent by the firewall to the Internet in the outbound direction, the cost for this bandwidth is astronomical.
Let’s use a typical public cloud calculator which allows you to enter the number of outbound Gigabytes (GB) that will be used per month. We’ll start with 1 Gbps of bandwidth over a month period which is equal to 328500 GB per month of use. Using this calculator, the charges for this bandwidth consumption is $22,036.89 per month or $264,442.68 per year! This is only for the bandwidth and does not include the cost to operate the virtual firewall inside the public cloud which adds even more costs.
To make things worse, you actually have to multiply this number by two. Take a look at the flow of traffic from a user to its final destination on the Internet:
user -> (in) public cloud firewall (out $) -> [request] Internet Destination [response] -> (in) public cloud firewall (out $) -> user
The traffic flows out of the firewall to the Internet on the way from the user to the Internet (charges apply). On the way back from the Internet, traffic flows from the firewall back to the user in the outbound direction again (charges apply again). This doubles the amount of outbound bandwidth charges being incurred.
The financial issues aren’t over at this point. Bandwidth from all mobile users will have to be routed to the cloud firewall. Given that gigabit connections are becoming commonplace in the home, think about how much bandwidth is going to flow to the public firewall when you multiply the high amount of available bandwidth per user while mobile times the number of users in the organization!
Other challenges will follow. The virtual firewalls will eventually reach saturation. This will lead to virtual load balancing and additional firewall which will consume more cloud resources and incur more charges. And since this isn’t a SaaS offering, the amount of labor you will need to manage the cloud infrastructure will substantially increase as well leading to exponential costs.
With the iboss cloud, internet security is delivered as a SaaS offering, meaning you benefit from the security without managing any infrastructure. Best of all, when bandwidth increases from mobile users and cloud application use, this bandwidth cost does not impact your organization as it would using a virtual appliance hosted in a public cloud strategy. The iboss cloud provides a sustainable path to the cloud-first and mobile world.
The issue is not the efficacy of the firewall itself or its capabilities. The issue comes back to the focus on following perimeters versus following users. Firewalls were traditionally created to protect the servers within the four walls of the organization. They were designed to protect the infrastructure you own. Web gateways have the inverse goal of firewalls which is protecting users as they access the Internet – meaning users accessing the things you don’t own, which includes infected blogs or websites. Of course, since users were in the same office as the infrastructure, using a firewall to protect user Internet access might have made sense.
The fundamental issue is that the users are no longer stuck in the office and accessing the Internet from various locations. With virtually all applications moving to the cloud, the need to access the Internet from any location has become fundamental and common. Since firewalls are designed to protect your four walls, they don’t focus on following users to protect Internet access on any device, from any location by following the user. Because of this, you may be backhauling data back to firewall appliances which is cumbersome, expensive and unsustainable. The iboss cloud shifts the focus from following perimeters to following users so that Internet protection follows the user wherever they go. They always have fast and secure connections to the Internet, and thus their business apps, because they are always connected to iboss cloud. This also eliminates all data backhaul to on-prem appliances reducing the load on the firewall and network resources. Complimenting your firewall which can still protect infrastructure you own with iboss cloud means that users will have faster secure access to the Internet from wherever they are located. As an administrator, you don’t have to worry about infrastructure or configuration as policies for compliance, malware defense and data loss prevention will be applied without worrying about how it makes it to the users who need it. The lifespan of the firewall is also extended as it does not have to process backhauled Internet bound traffic preventing it from reaching it’s bandwidth capacity limit.
SDWANs are a cost effective way to connect branch offices together to the corporate network. SDWAN is related to perimeters and solves the need of making sure offices can communicate to each other over private connections for internal traffic. MPLS was traditionally used to do this, but the cost of the private connections are extremely high and the bandwidth that can be sent through the connections are typically very low.
The iboss cloud is not focused on perimeters at all and instead focuses on securing user Internet access as data leaves your users to the cloud. If you are leveraging MPLS or SDWAN to connect offices to each other for internal communication, there is no need to send Internet bound traffic through those connections at all. Even with increased speeds and the lower cost of SDWAN relative to MPLS, the private links will get saturated quickly if you are sending Internet destined traffic through those links.
Send Internet bound data through iboss cloud directly from branch offices for security. Send office-to-office traffic through your MPLS or SDWAN links.
Desktop anti-malware or antivirus is designed to scan a computer’s files and hard drive. The iboss cloud is designed to secure user Internet access. The iboss cloud focuses on the data once it leaves a device so that no matter what happens on the device itself, the data moving to and from the Internet is secured. This includes preventing malware before it reaches a device, detecting infected devices that are beaconing to Command and Control (CnC) centers, and enforcing group based policies centrally. Because the iboss cloud does not depend on what happens on a device, it’s able to serve as a first and last line of defense for all devices, regardless of where they are located. This is a fundamental complement to desktop malware protection.
There are over 15 options to connect users to the iboss cloud for protection. Typical options include Proxy, IPSec Tunnels, GRE Tunnels, and iboss cloud lightweight agents. The iboss cloud agents are light weight and provide many benefits which include:
- Connecting users to iboss cloud regardless of location, including in and out of the office
- Providing single sign-on to map username and groups to policies and logs
- Installing MITM SSL decryption certificates automatically
The iboss cloud detects where a user is located based on a variety of criteria, including the user’s source IP Address. Using this information, the iboss cloud connects the user to the closest cloud data center to apply advanced security to their Internet access. As the user moves from place to place, the iboss cloud continuously routes user Internet traffic to the closest cloud data center. This eliminates the need to back haul data to on-prem appliances, increasing Internet connection speeds and reducing costs for the organization.
The iboss cloud includes iboss malware engines and feeds, but in addition includes best-of-breed malware engines and feeds automatically within the malware defense subscription. This includes BitDefender, Bright Cloud, Web Root and dozens of industry leading threat feeds. The best-of-breed blended approach outperforms any single engine strategy approach or any single vendor. There is no need to purchases these additional engines and feeds as they are included in the subscription.
The iboss cloud lives in the cloud throughout cloud data centers around the world. This includes over 100 iboss cloud operated data center touch points. What makes iboss cloud unique is its multi-cloud design. What this means is that iboss cloud does not only exist in iboss operated data centers, but also exists in other large global clouds concurrently to form the largest cloud footprint on the market. The additional global clouds include all of Microsoft Azure’s data centers and Verizon Cloud data centers. This ensures users connected to iboss cloud always have fast connections that are near them as their Internet data is secured by iboss cloud wherever they roam.
Absolutely. The iboss cloud provides detailed reporting that includes log details such as username, destination, group and action. In addition, extensive customizable drill down reports are also provided. Because the iboss cloud follows the user, visibility into logs are always available regardless of user location, in and out of the office.
Yes. The iboss cloud can stream reporting logs in real-time directly to any existing SIEM. The logs stream directly from iboss cloud and requires no additional virtual appliances like other competitors.
Yes. The iboss cloud includes DNS-based protection. Simply configure your guest network DNS settings to iboss cloud for immediate protection. A default policy can be set for the guest network, including multiple default policies if more than one guest network is being protected.
Yes. The iboss cloud provides CASB controls for data in motion. As cloud applications traverse the iboss cloud, they can be controlled. In addition, the logs produce cloud app discovery reports.
A CASB relies on the data produced by cloud gateways to produce meaningful insight into network activity. Since users are always connected to iboss cloud regardless of location, the iboss cloud can feed the data needed by the CASB at all times. This includes when users are in and out of the office. Additional CASB systems can compliment the data-in-motion CASB included iboss cloud with functions around data at rest.
The iboss cloud is natively integrated with Microsoft CAS. By simply entering your Microsoft E5 subscription key, the iboss cloud will automatically synchronize with Microsoft CAS and the Microsoft CAS platform will produce insight from the data generated within iboss cloud. In addition, when sanctioning a risky app within Microsoft CAS, the information is automatically transferred to iboss cloud so that Internet transfers from that app are automatically prevented by iboss cloud.
Microsoft Virtual WAN (vWAN) provides direct to cloud connectivity through Microsoft Azure. Offices are connected to Microsoft Azure’s Virtual Hub allowing them to communicate with each other and the Internet. The iboss cloud is natively integrated with vWAN so that traffic leaving Microsoft Azure for the Internet is automatically routed through iboss cloud for protection. The integration is seamless and can be completed in seconds allowing protection for Internet bound data traversing vWAN easily.