What is Zero Trust
Platform
- Security, Authorization & Access Controls
  Provides CASB, Malware Defense and DLP Across All Users, Devices & Resources
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all applications
  - Adaptive Access Policies
    Provides Continuous Conditional Access to Apps, Data & Services
  - Criteria-Based Access Policies
    Provides Role-Based Access to Sensitive Apps & Data
  - ChatGPT Risk Module
    Monitors and Secures User ChatGPT Conversations
  - Malware Defense
    Prevents Ransomware & Device Infections
  - Data Loss Prevention
    Ensures Sensitive Information is not Lost
  - RBI and Browser Isolation
    Provides Contractors, 3rd Parties & BYOD Secure Access to Resources
  - Device Posture Checks
    Including Anti-malware, Firewall & Disk Encryption for Compliance
  - SSL Decryption
    Ensures Policies & Protection Apply to Encrypted Content
  - Secure Mobile Users
    Automatically & Transparently Secure All Traffic From Devices In & Out of the Office
  - Outbound Firewall Protection
    Extends Beyond the Physical Network Perimeter
  - DNS Security
    Quickly Secures BYOD Networks with Simple Configuration
- Application & Data Discovery
  Clearly Understand What Needs Protection
  - CASB
    Provides In-App Controls for Granular Access Decisions
  - Built-in Resource Catalog
    Enables Classification of Protected Apps and Services
  - Asset & Device Catalog
    Ensures Devices are Healthy, Compliant & Secure
  - Resource Labeling by Type & Security Objective
    Enables Risk Assessments and Understanding Business Impact of Sensitive Resources
  - Automatic Resource Discovery & Classification
    Reduces Overhead on Security Teams and Identifies Shadow IT
- Federated Identity Provider Integration
  Eliminates Unauthorized Users and Provides Role-Based Access Policies
  - SSO Identity Providers
    Integrates with Identity Providers Including Azure AD, Okta, Ping, SAML, OIDC
  - Step-Up Authentication
    Ensures the Right Level of Identity Confidence When Accessing Sensitive Resources
  - Group-Based Policies
    Leverage Okta, Azure AD and SAML Providers to Simplify Creation & Management of Security Policies
  - SSO for Legacy Apps
    Ensures Modern Authentication is Performed Even When Apps Do Not Support It
  - Supports Multiple Concurrent Identity Providers
    Authenticate Users Across Multiple Domains
- Alerting, Auditing, Logging & Reporting
  Provides In-Depth Detailed Visibility For Security Teams Across All Users, Devices & Transactions
  - Detailed Logging and Reporting
    Provides Visibility for Every Resource Transaction
  - Risk & Threat Reports
    List Infected Devices & High Risk Users
  - Digital Experience Management
    Provides Insights Into End-user Experience While Leveraging Business-critical SaaS Applications
  - Next-Gen Incident Dashboard
    Monitor and Instantly Address Security Threats
  - ChatGPT Risk Module
    Controlled Use of ChatGPT With Security and Monitoring
  - SIEM Integration
    Ensures Logs Are Copied to External Databases
  - Splunk Enterprise Security Add-On
    Automatically Populate Your Splunk Dashboards With Valuable Data
  - Integrates with Your Security Stack
    Including ICAP, Proxy Chaining and Log Forwarding
- Cloud Security & Connectivity
  Easily Protect Apps & Data Across SaaS, Cloud & Datacenters
  - iboss Zero Trust SD-WAN
    Streamline Connectivity & Security with iboss Zero Trust SD-WAN
  - Azure Cloud Security Gateways
    Extend the Security Edge Natively, Ensuring Robust Protection While Reducing Backhauling Costs
  - iboss ZTNA VPN Co-Pilot
    Provides a Transparent and Seamless Transition From VPN to ZTNA
  - Connect Organization Owned Devices
    Provides Access & Ensures Compliance Checks
  - Connect SaaS Apps
    Including O365 & Teams to Offload Overloaded On-Prem Proxies
  - Connect Cloud Providers
    Including AWS & Azure to Protect Multi-Cloud Resources
  - Connect On-Prem Resources
    Within Datacenters with Drop-In Proxy Replacements Eliminating High Renewal Costs
  - Terminal Server Protection
    With Unique Policies & Logging for Each User
  - IPsec & GRE Tunnels
    Provides Branch Office Local Internet Breakouts to Cloud Security
  - Private On-Prem Gateways
    Extends the Security Service Edge into the Datacenter to Protect Local Resources
  - Offload MPLS
    MPLS & SD-WAN Become More Efficient with Cloud Security
  - Dedicated Cloud IPs
    Enable Resource Anchoring to Ensure Proper Authorization & Third-Party Integration
Industry
- Mitie Switches to iboss For Fast and Secure Connections
  Mitie, a Global Provider of Smart Spaces, successfully migrates 8,500 devices from Zscaler to iboss in under 3 weeks.
  View Case study
- Business
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Cloud-Based Branch Office Web Security
    Eliminate data backhaul to on-prem appliances from remote offices
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to Any External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Ensure GDPR Compliance
    The iboss cloud allows admin configurable zones to ensure cloud security is applied while meeting regulatory requirements
- Healthcare
  - For Healthcare
    Fast and Secure Connectivity from Anywhere, Designed for Healthcare
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all cloud applications
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Integrates with your existing security stack
    Easily integrate iboss cloud with your existing workflows using a 100% open API
  - Terminal Server Protection in the Cloud
    User based policies and reporting for Windows Terminal Servers
  - Make MPLS and SD-WAN More Efficient with Cloud Security
    Send internet traffic directly to the cloud from branch offices to alleviate this load from private site-to-site connections
  - Data Loss Prevention
    Secure sensitive data with data loss prevention
- Finance
  - For Finance
    Fast and Secure Connectivity from Anywhere, Designed for Financial Institutions
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all cloud applications
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Integrates with your existing security stack
    Easily integrate iboss cloud with your existing workflows using a 100% open API
  - Terminal Server Protection in the Cloud
    User based policies and reporting for Windows Terminal Servers
  - Make MPLS and SD-WAN More Efficient with Cloud Security
    Send internet traffic directly to the cloud from branch offices to alleviate this load from private site-to-site connections
  - Data Loss Prevention
    Secure sensitive data with data loss prevention
- Education
  - Student Risk Module Identifies Threats
    Safeguard Student Risk to monitor signs of cheating, suicide, drug use, bullying, violence, and mass shootings, to protect students & schools
  - Web Filtering for CIPA Compliance
    Streamline web filtering and CIPA compliance for students whether on campus or at home
  - Granular Student Web Activity Reports
    Generate detailed web activity history reports for any student which includes on-campus at home Internet use
  - YouTube and Social Media Controls
    Safe access to Google, YouTube and social media including Safe Search enforcement
  - Automatic Safe Search Enforcement
    Enforce Safe Search across search engines including Google, Bing, Yahoo and YouTube
  - Create Teacher and Student Based Policies
    Flexible filtering polices for teachers vs. students across any device on or off network
  - Cloud Web Security for One to One Initiatives
    Easily take home devices in the cloud to ensure CIPA compliance at all times
  - Ensure Fast Connections During State Testing
    Achieve seamless and uninterrupted state testing
  - iboss Classroom Management
    Visually monitor the activities of all of your students, from any location
- Government
  - For Government
    Fast and Secure Connectivity from Anywhere, Designed for Government
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all cloud applications
  - Complete Data Isolation & Extensible Platform for Government Entities
    The best choice for government entities for fast and secure connections for users from anywhere with a SASE platform that completely isolates network data traffic
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Integrates with your existing security stack
    Easily integrate iboss cloud with your existing workflows using a 100% open API
  - Terminal Server Protection in the Cloud
    User based policies and reporting for Windows Terminal Servers
  - Data Loss Prevention
    Secure sensitive data with data loss prevention
Use Cases
- Replacement Use Cases
- Replace VPN with ZTNA
- Replace Proxy with SSE
- Replace VDI with Browser Isolation
Resources
- Award Winning Cloud Security Platform
  The iboss Zero Trust Secure Access Service Edge is consistently recognized as an industry leader in cloud security. Our patented containerized cloud architecture ensures secure, fast and reliable connectivity to cloud applications from any device, from any location.
  View Awards & Recognition
- Cloud Data Centers
  View Global Cloud Points of Presence that deliver the iboss Zero Trust SASE
- Cloud Status
  View real time status of the global Zero Trust Security Service Edge
- News
  See iboss in the latest news
- Blog
  Latest insights on Zero Trust Security Topics
- Events
  Join us for upcoming events and webinars
- FAQ
  Get answers to frequently asked questions
- Solution Briefs
  Detailed solution briefs covering iboss Zero Trust Security Use Cases
- Reviews
  Recognized by industry experts as the leading Zero Trust Security Platform
- Case Studies
  Learn how the iboss platform has been leveraged by leading organizations around the world
- Cloud Compliance
  The iboss global cloud fabric meets industry standards and certifications, including SOC1, SOC2 and ISO compliance
- Patents
  The iboss platform is protected by over 250 issued and pending patents
- Demo Videos
  View videos and demos of the iboss Zero Trust Platform
- Awards
  The most award winning Zero Trust Security Service Edge
- Careers
  Join the iboss team
Partners
- iboss Partners
  Partnering with iboss for Success
- Technology Alliances
  The iboss Cloud Platform extends capabilities with leading Technology Alliances Partners
- iboss MSP
  Scale your MSP offering by leveraging iboss to secure Internet access in the cloud
Get Demo
Get Pricing

Connect Offices to Each Other and the Internet Securely with Microsoft Virtual WAN

Microsoft Virtual WAN makes it easy to connect offices to each other and the Internet securely with Virtual WAN combined with iboss cloud.

Microsoft Virtual WAN with iboss cloud Overview

Microsoft Virtual WAN, or vWAN, can send traffic that is already destined to the Internet directly from branch locations to the cloud. Taking advantage of direct Internet breakouts for branch offices by sending Internet destined data directly to the Internet reduces the load on site-to-site links and in turn reduces costs and increases user experience. The iboss cloud is natively integrated with Microsoft vWAN so that Internet security is applied to traffic as it is routed directly to the Internet from branch locations. The configuration is automatic and has massive scale so that branch office traffic can traverse directly to the Internet with low latency and high security while reducing management and configuration time.

The iboss cloud is integrated natively with Microsoft Virtual WAN so that branch office traffic is automatically routed from Microsoft to iboss cloud for compliance, malware defense and data loss prevention
One click configuration within iboss cloud connects Internet security to Microsoft Virtual WAN
SaaS offering abstracts all of the complexities of configuring and implementing local branch Internet breakouts which substantially reduce data backhauling costs and increase speeds to cloud applications resulting in higher end user productivity
Combining iboss cloud’s horizontal scaling with Microsoft Virtual WAN, branch office to cloud tunneling capacity expands and scales to over 20 Gbps which is more than any other cloud security provider
The iboss cloud gateway capacity lives directly within Microsoft Azure, ensuring fast and efficient connectivity that is close to the user
Support for multiple Microsoft Hubs and regions to ensure data is scanned within country boundaries for GDPR compliance
Optimized for Office 365 migrations with native Office 365 support features

Typical Challenges Related to Cloud Adoption and Increasing Bandwidth

Migrating applications to the cloud and moving to a SaaS based delivery model can reduce management overhead and costs. An organization’s strategy may also involve moving to a cloud first delivery model for all applications which reduces infrastructure management and eliminates data center footprints. With this cloud migration, however, various challenges emerge:

The amount of bandwidth consumption for users increases exponentially as cloud application use surges
Traditional models involving hairpinning traffic through centrally hosted gateway proxies for security increase strain on site to site bandwidth adding substantial costs to the IT budget
The number of security appliances needed to secure bandwidth increases substantially resulting in high IT overhead and high infrastructure costs
Meanwhile, the need to send some data between offices and data centers might still exist for internal resources

Microsoft Virtual WAN provides a solution to connect offices together securely through Microsoft Azure cloud. Additionally, Microsoft Virtual WAN has the ability to route traffic from branch offices directly to the Internet when accessing cloud applications. Before the traffic is routed to the Internet, the need to scan data for compliance, malware defense and data loss prevention is required to ensure safe access to the public Internet.

The iboss cloud is integrated with Microsoft Virtual WAN so that Internet bound traffic from users at branch offices is secured from Internet threats. This includes automatically routing data from Microsoft Virtual WAN through iboss cloud security. The iboss cloud automatically instructs Microsoft Virtual WAN how to route the data in addition to automatically scaling as bandwidth needs increase. The iboss cloud containerized gateway capacity lives directly within Microsoft Azure ensuring a direct connection between Microsoft Virtual WAN and iboss cloud for fast and efficient connections.

iboss cloud with Microsoft Virtual WAN

Apply Compliance, Malware Defense and Data Loss Prevention to Internet Traffic from Branch Offices

Enabling Microsoft Virtual WAN within iboss cloud will automatically route Internet destined traffic to iboss cloud security so that compliance, malware defense and data loss prevention can be applied to user Internet traffic as it moves between branch offices and the cloud. All of the capabilities of iboss cloud can be leveraged, including the best malware defense comprised of industry leading malware engines and feeds. CASB controls for social media and cloud applications are also native within the iboss cloud platform. Additionally, protect from data loss using deep file inspection capable of detecting PII and other sensitive information.

Ensure the Same Security and Policies Apply to Branch Offices and Mobile Users

Any policy applied to Microsoft Virtual WAN Internet traffic will also apply to mobile users working on the road or at home. Users are always connected to iboss cloud which ensures any policies created for branch office traffic routed through Virtual WAN will also apply to users wherever they roam.

Eliminate Sending Unnecessary Internet Traffic Through Private Network Connections

When traffic is headed toward cloud applications such as Office 365, unnecessarily sending that traffic through private connections to centrally hosted security appliances is not only costly, but reduces user productivity substantially as Internet connections from branch offices are choked. Leveraging Microsoft Virtual WAN and natively integrated iboss cloud allows traffic to flow through the most optimized path directly to the Internet. This reduces load on MPLS links and valuable network resources, including firewalls and routers. It also extends the useful life of existing network appliances which will not need to reach their maximum throughput capabilities due to the offloaded direct to Internet traffic. This results in substantial savings and reduced IT labor costs.

Security That Lives Directly Inside Microsoft Azure

As traffic is routed between Microsoft Virtual WAN and iboss cloud, the containerized cloud gateway capacity that protects data Internet transfers lives directly inside Azure. This minimizes the amount of hops needed to apply Internet security to branch office data resulting in increased speeds and the best user experience. The iboss cloud extends across all of Microsoft Azure for maximum global reach and coverage.

Multiple Concurrent Microsoft Hub Support

Microsoft Virtual WAN relies on the concept of connecting branch offices to Microsoft Hubs. The Microsoft Hubs exists within different Microsoft data centers. The iboss cloud supports connecting multiple hubs and regions concurrently to gateway capacity within those regions so that Internet security can be applied to branch office traffic while ensuring compliance is met, such as GDPR.

Designed for Office 365

The power of Microsoft Office 365 requires bandwidth and fast connections. With iboss cloud living directly inside Azure, security lives next to the resources running Office 365 for fast connections. Best of all, the iboss cloud includes native features to ensure Office 365 traffic is always routed in the most optimized way possible and never interferes with Office 365 connections.

How It Works

Taking advantage of iboss cloud security with Microsoft Virtual WAN is easy. To get started:

Get an active iboss cloud account
Log into your Microsoft Azure account or create one for free at https://azure.microsoft.com/en-us/free
Connect offices to Microsoft Azure and each other using Microsoft Virtual WAN
Enter your Microsoft Azure settings into the iboss cloud admin interface to enable vWAN connectivity
Connect a Microsoft Virtual WAN Hub to an iboss cloud Zone for protection

Enter Basic Azure Settings into the iboss cloud Admin Interface

To enable the Virtual WAN feature, enter your Microsoft Subscription ID, Client ID, Key and Tenant ID into the iboss cloud admin interface. The iboss cloud uses this to automatically configure all Virtual WAN routing and connections. IT staff do not have to worry about complex networking and routing configuration as this is completely abstracted by iboss cloud.

Connect an iboss cloud Zone to a Virtual WAN Hub

The iboss cloud allows IT administrators to create zones which represent users in offices or geographical regions. This also allows tight control of where data is processed for users within different regions for compliance, such as GDPR. Since Microsoft Virtual WAN relies on Virtual Hubs that exist within different regions, connecting an iboss cloud zone to a Microsoft Virtual Hub ensures traffic from users in that zone is automatically routed through iboss cloud security. This includes ensuring that traffic from that Microsoft Internet breakout point is scanned with iboss gateway capacity that exists within that region.

Once Virtual WAN is enabled for a zone, the iboss cloud automatically configures all routes and connections to Internet security with no IT intervention. Scaling is also automatic and can support tunnels between offices and the Internet in excess of 20 Gbps.

Pricing

Microsoft Virtual WAN Features	Contact Us
Microsoft Virtual WAN (vWAN) features are included with all iboss cloud subscriptions at no additional cost.

Learn More About Virtual WAN

To learn more about Virtual WAN, visit Microsoft’s Virtual WAN home page at https://azure.microsoft.com/en-us/services/virtual-wan.

Download this Solution Brief as PDF

Download PDF