The iboss Academy

Training and certification for the iboss Zero Trust Security Service Edge

Download this Solution Brief Download PDF


The iboss Academy provides training and certification for the iboss Zero Trust Security Service Edge (SSE). The academy takes you through a journey of implementing a Zero Trust Security Service Edge at a fictional company called The Acme Corporation. The Acme Corporation has many challenges that include protecting enterprise-owned applications, data and services that are located onsite, in cloud infrastructure and across SaaS applications. In addition, the Acme Corporation has remote workers, contractors and guests that need access to these critical resources. The goal is to protect the applications, data and services while allowing users and assets to interact with the resources securely. The Acme Corporation would like to modernize by completing a cloud transformation for connectivity and security. This will allow the Acme Corporation to leapfrog the competition and remain competitive while delivering products to the world in an environment where everything and everyone can be remote and are not bound by perimeters. The iboss Zero Trust SSE will provide connectivity and security that includes compliance, CASB, malware defense and data loss prevention to ensure Acme Corporation remains at the peak of innovation while reducing cyberrisk and greatly improving the end-user experience.

iboss Academy Overview


Your Mission

The Certification Process

You have been hired by the Acme Corporation to implement the iboss Zero Trust SSE. The Acme Corporation would like to solve for all use-cases related to connecting and protecting sensitive resources, users and devices. Your job is to be the trusted professional that will design and implement the Zero Trust SSE cloud transformation. This includes connecting remote users to Acme Corporation applications that reside onsite and in the cloud. In addition, Acme Corporation would like to reduce costs by decommissioning legacy technology such as proxy security appliances that reside in the datacenter, VPNs that remote users leverage to connect to onsite resources, and Virtual Desktop Infrastructure (VDI) that is used to connect guests, contractors and high risk users to Acme Corporation sensitive data. By leveraging the budget from legacy technology that will be replaced by the iboss Zero Trust SSE, the cloud transformation to the iboss Zero Trust SSE will not only improve security and end-user experience for Acme by ensuring that security and logging is available everywhere, it will also provide substantial cost savings from the elimination of legacy appliances, the labor required to manage it, the datacenter space required to host it and ongoing future costs that are incurred in future hardware refresh cycles.

As you implement the iboss Zero Trust SSE for Acme Corporation, you will achieve iboss Zero Trust SSE certifications. The iboss Academy will provide you with hands on experience using the iboss Zero Trust SSE platform and implementing meaningful use cases that can be applied beyond the Acme Corporation.

iboss Zero Trust SSE Overview

The iboss Zero Trust Security Service Edge is a platform that combines connectivity, such as ZTNA, and security capabilities such as CASB, malware defense, DLP and logging, into a single platform that automatically connects users and devices to all enterprise owned resources and the public Internet. It automatically encrypts all network traffic, including DNS, at all times regardless of location and redirects the traffic to the global Security Service Edge which provides connectivity and security capabilities. The iboss Zero Trust SSE platform will be used at Acme Corporation to perform the complete cloud transformation for connectivity and security.

Implementation Strategy

Core Zero Trust SSE Concepts

Before starting with any configuration, it is important to understand a core concept that is used for the foundation of any policies created within Zero Trust SSE framework. The Zero Trust journey is anchored around understanding clearly what is being protected. Zero Trust is anchored around three core variables:
1. The Resource
2. The Subject (i.e. User)
3. The Asset (i.e. Device)
These are the three key components that are interacting with each other and the foundation for the risk that is to be mitigated.

Certification Course Overview

The certification course will take you through deploying the iboss Zero Trust SSE at Acme Corporation. As the hired trusted IT and security consultant responsible for the design and implementation, you will gain a detailed understanding of the iboss Zero Trust SSE including how to create appropriate policies for connectivity and security.

What’s Needed for the Course

Requirement Description
Acme Corp Virtual Windows DesktopAcme Corp will provide you a virtual desktop environment that you will use during the course. You can connect to this desktop using a RDP client. This desktop will be used throughout the course which will represent an Acme owned asset. This desktop will be connected to the iboss Zero Trust SSE using the Cloud Connector agent. You will receive the credentials for the remote desktop before you start the course.
iboss Zero Trust SSE accountYou will need an iboss Zero Trust SSE account which will represent the service that Acme Corporation will be connected to for security. The account should have Browser Isolation enabled for the guest, contractor and call center portions of the Acme deployment.
Access to the Identity Provider Azure ADThis will be used to configure authentication to Acme resources using the iboss Zero Trust SSE. Access to the Acme Corporation's Azure AD account will be provided.
Access to the Acme Corporation Office EnvironmentThis is a simulated environment that is provided by iboss and represents the Acme Datacenter, HQ and Office.
Access to the VMWare ESX environment within the Acme datacenter which will run the iboss Network ConnectorThe iboss Network Connector creates tunnels from the Acme datacenter to the iboss Zero Trust SSE so that users can access Acme resources that sit onsite within the datacenter, HQ and branch office. The iboss Network Connector is a virtual appliance that is installed in the Acme datacenter within the VMWare ESX server sitting in that datacenter.

Course Outline

The iboss Zero Trust SSE certification course will be a journey of implementing iboss at Acme with the following steps.

Course Steps

  • The course will begin by providing a fundamental understanding of what the iboss Zero Trust Security Service Edge is and its overall architecture. This will be important as it will set the foundation for the deployment strategy as well as the business and security outcomes that will be achieved during Acme’s cloud transformation.
  • Acme resources are then connected to the iboss Zero Trust SSE. Connecting Acme SaaS applications will be covered first.
  • Next, a fundamental understanding of what resource policies are and how they are used to protect Acme resources is provided. This will include creating and managing iboss Zero Trust SSE resource policies.
  • Acme owned devices are then connected to the iboss Zero Trust SSE using the iboss Cloud Connector agent. For this portion of the course, your laptop will be connected to the iboss Zero Trust SSE which will represent an Acme owned laptop.
  • The Acme Identity Provider (Azure AD) is then connected to provide modern authentication and MFA when accessing Acme resources.
  • This is followed by connecting Acme resources within the Acme datacenter, HQ and the branch office. This is accomplished by deploying the iboss Network Connector within the datacenter which will create tunnels to the iboss Zero Trust SSE that will be used to access onsite resources.
  • Security and compliance policies are configured to protect resources with compliance policies, CASB, malware defense and Data Loss Prevention.
  • Advanced continuous adaptive access policies are created using iboss Trust Algorithms to provide dynamic protection to Acme resources based on user and asset risk.
  • The Application & Service discovery dashboard is leveraged to discover resources within Acme for classification and cataloging.
  • iboss Browser Isolation is then used to connect call center agents through a VDI-like interface to critical Acme resources.
  • Guests are then connected using iboss Browser Isolation guest sessions.

Download this Solution Brief Download PDF