What is Zero Trust
Platform
- Security, Authorization & Access Controls
  Provides CASB, Malware Defense and DLP Across All Users, Devices & Resources
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all applications
  - Adaptive Access Policies
    Provides Continuous Conditional Access to Apps, Data & Services
  - Criteria-Based Access Policies
    Provides Role-Based Access to Sensitive Apps & Data
  - ChatGPT Risk Module
    Monitors and Secures User ChatGPT Conversations
  - Malware Defense
    Prevents Ransomware & Device Infections
  - Data Loss Prevention
    Ensures Sensitive Information is not Lost
  - RBI and Browser Isolation
    Provides Contractors, 3rd Parties & BYOD Secure Access to Resources
  - Device Posture Checks
    Including Anti-malware, Firewall & Disk Encryption for Compliance
  - SSL Decryption
    Ensures Policies & Protection Apply to Encrypted Content
  - Secure Mobile Users
    Automatically & Transparently Secure All Traffic From Devices In & Out of the Office
  - Outbound Firewall Protection
    Extends Beyond the Physical Network Perimeter
  - DNS Security
    Quickly Secures BYOD Networks with Simple Configuration
- Application & Data Discovery
  Clearly Understand What Needs Protection
  - CASB
    Provides In-App Controls for Granular Access Decisions
  - Built-in Resource Catalog
    Enables Classification of Protected Apps and Services
  - Asset & Device Catalog
    Ensures Devices are Healthy, Compliant & Secure
  - Resource Labeling by Type & Security Objective
    Enables Risk Assessments and Understanding Business Impact of Sensitive Resources
  - Automatic Resource Discovery & Classification
    Reduces Overhead on Security Teams and Identifies Shadow IT
- Federated Identity Provider Integration
  Eliminates Unauthorized Users and Provides Role-Based Access Policies
  - SSO Identity Providers
    Integrates with Identity Providers Including Azure AD, Okta, Ping, SAML, OIDC
  - Step-Up Authentication
    Ensures the Right Level of Identity Confidence When Accessing Sensitive Resources
  - Group-Based Policies
    Leverage Okta, Azure AD and SAML Providers to Simplify Creation & Management of Security Policies
  - SSO for Legacy Apps
    Ensures Modern Authentication is Performed Even When Apps Do Not Support It
  - Supports Multiple Concurrent Identity Providers
    Authenticate Users Across Multiple Domains
- Alerting, Auditing, Logging & Reporting
  Provides In-Depth Detailed Visibility For Security Teams Across All Users, Devices & Transactions
  - Detailed Logging and Reporting
    Provides Visibility for Every Resource Transaction
  - Risk & Threat Reports
    List Infected Devices & High Risk Users
  - Digital Experience Management
    Provides Insights Into End-user Experience While Leveraging Business-critical SaaS Applications
  - Next-Gen Incident Dashboard
    Monitor and Instantly Address Security Threats
  - ChatGPT Risk Module
    Controlled Use of ChatGPT With Security and Monitoring
  - SIEM Integration
    Ensures Logs Are Copied to External Databases
  - Splunk Enterprise Security Add-On
    Automatically Populate Your Splunk Dashboards With Valuable Data
  - Integrates with Your Security Stack
    Including ICAP, Proxy Chaining and Log Forwarding
- Cloud Security & Connectivity
  Easily Protect Apps & Data Across SaaS, Cloud & Datacenters
  - iboss Zero Trust SD-WAN
    Streamline Connectivity & Security with iboss Zero Trust SD-WAN
  - Azure Cloud Security Gateways
    Extend the Security Edge Natively, Ensuring Robust Protection While Reducing Backhauling Costs
  - iboss ZTNA VPN Co-Pilot
    Provides a Transparent and Seamless Transition From VPN to ZTNA
  - Connect Organization Owned Devices
    Provides Access & Ensures Compliance Checks
  - Connect SaaS Apps
    Including O365 & Teams to Offload Overloaded On-Prem Proxies
  - Connect Cloud Providers
    Including AWS & Azure to Protect Multi-Cloud Resources
  - Connect On-Prem Resources
    Within Datacenters with Drop-In Proxy Replacements Eliminating High Renewal Costs
  - Terminal Server Protection
    With Unique Policies & Logging for Each User
  - IPsec & GRE Tunnels
    Provides Branch Office Local Internet Breakouts to Cloud Security
  - Private On-Prem Gateways
    Extends the Security Service Edge into the Datacenter to Protect Local Resources
  - Offload MPLS
    MPLS & SD-WAN Become More Efficient with Cloud Security
  - Dedicated Cloud IPs
    Enable Resource Anchoring to Ensure Proper Authorization & Third-Party Integration
Industry
- Mitie Switches to iboss For Fast and Secure Connections
  Mitie, a Global Provider of Smart Spaces, successfully migrates 8,500 devices from Zscaler to iboss in under 3 weeks.
  View Case study
- Business
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Cloud-Based Branch Office Web Security
    Eliminate data backhaul to on-prem appliances from remote offices
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to Any External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Ensure GDPR Compliance
    The iboss cloud allows admin configurable zones to ensure cloud security is applied while meeting regulatory requirements
- Healthcare
  - For Healthcare
    Fast and Secure Connectivity from Anywhere, Designed for Healthcare
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all cloud applications
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Integrates with your existing security stack
    Easily integrate iboss cloud with your existing workflows using a 100% open API
  - Terminal Server Protection in the Cloud
    User based policies and reporting for Windows Terminal Servers
  - Make MPLS and SD-WAN More Efficient with Cloud Security
    Send internet traffic directly to the cloud from branch offices to alleviate this load from private site-to-site connections
  - Data Loss Prevention
    Secure sensitive data with data loss prevention
- Finance
  - For Finance
    Fast and Secure Connectivity from Anywhere, Designed for Financial Institutions
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all cloud applications
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Integrates with your existing security stack
    Easily integrate iboss cloud with your existing workflows using a 100% open API
  - Terminal Server Protection in the Cloud
    User based policies and reporting for Windows Terminal Servers
  - Make MPLS and SD-WAN More Efficient with Cloud Security
    Send internet traffic directly to the cloud from branch offices to alleviate this load from private site-to-site connections
  - Data Loss Prevention
    Secure sensitive data with data loss prevention
- Education
  - Student Risk Module Identifies Threats
    Safeguard Student Risk to monitor signs of cheating, suicide, drug use, bullying, violence, and mass shootings, to protect students & schools
  - Web Filtering for CIPA Compliance
    Streamline web filtering and CIPA compliance for students whether on campus or at home
  - Granular Student Web Activity Reports
    Generate detailed web activity history reports for any student which includes on-campus at home Internet use
  - YouTube and Social Media Controls
    Safe access to Google, YouTube and social media including Safe Search enforcement
  - Automatic Safe Search Enforcement
    Enforce Safe Search across search engines including Google, Bing, Yahoo and YouTube
  - Create Teacher and Student Based Policies
    Flexible filtering polices for teachers vs. students across any device on or off network
  - Cloud Web Security for One to One Initiatives
    Easily take home devices in the cloud to ensure CIPA compliance at all times
  - Ensure Fast Connections During State Testing
    Achieve seamless and uninterrupted state testing
  - iboss Classroom Management
    Visually monitor the activities of all of your students, from any location
- Government
  - For Government
    Fast and Secure Connectivity from Anywhere, Designed for Government
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all cloud applications
  - Complete Data Isolation & Extensible Platform for Government Entities
    The best choice for government entities for fast and secure connections for users from anywhere with a SASE platform that completely isolates network data traffic
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Integrates with your existing security stack
    Easily integrate iboss cloud with your existing workflows using a 100% open API
  - Terminal Server Protection in the Cloud
    User based policies and reporting for Windows Terminal Servers
  - Data Loss Prevention
    Secure sensitive data with data loss prevention
Use Cases
- Replacement Use Cases
- Replace VPN with ZTNA
- Replace Proxy with SSE
- Replace VDI with Browser Isolation
Resources
- Award Winning Cloud Security Platform
  The iboss Zero Trust Secure Access Service Edge is consistently recognized as an industry leader in cloud security. Our patented containerized cloud architecture ensures secure, fast and reliable connectivity to cloud applications from any device, from any location.
  View Awards & Recognition
- Cloud Data Centers
  View Global Cloud Points of Presence that deliver the iboss Zero Trust SASE
- Cloud Status
  View real time status of the global Zero Trust Security Service Edge
- News
  See iboss in the latest news
- Blog
  Latest insights on Zero Trust Security Topics
- Events
  Join us for upcoming events and webinars
- FAQ
  Get answers to frequently asked questions
- Solution Briefs
  Detailed solution briefs covering iboss Zero Trust Security Use Cases
- Reviews
  Recognized by industry experts as the leading Zero Trust Security Platform
- Case Studies
  Learn how the iboss platform has been leveraged by leading organizations around the world
- Cloud Compliance
  The iboss global cloud fabric meets industry standards and certifications, including SOC1, SOC2 and ISO compliance
- Patents
  The iboss platform is protected by over 250 issued and pending patents
- Demo Videos
  View videos and demos of the iboss Zero Trust Platform
- Awards
  The most award winning Zero Trust Security Service Edge
- Careers
  Join the iboss team
Partners
- iboss Partners
  Partnering with iboss for Success
- Technology Alliances
  The iboss Cloud Platform extends capabilities with leading Technology Alliances Partners
- iboss MSP
  Scale your MSP offering by leveraging iboss to secure Internet access in the cloud
Get Demo
Get Pricing

The iboss Academy

Training and certification for the iboss Zero Trust Secure Access Service Edge

Download this Solution Brief Download PDF

OVERVIEW

The iboss Academy provides training and certification for the iboss Zero Trust Secure Access Service Edge (SSE). The academy takes you through a journey of implementing a Zero Trust Security Service Edge at a fictional company called The Acme Corporation. The Acme Corporation has many challenges that include protecting enterprise-owned applications, data and services that are located onsite, in cloud infrastructure and across SaaS applications. In addition, the Acme Corporation has remote workers, contractors and guests that need access to these critical resources. The goal is to protect the applications, data and services while allowing users and assets to interact with the resources securely. The Acme Corporation would like to modernize by completing a cloud transformation for connectivity and security. This will allow the Acme Corporation to leapfrog the competition and remain competitive while delivering products to the world in an environment where everything and everyone can be remote and are not bound by perimeters. The iboss Zero Trust SASE will provide connectivity and security that includes compliance, CASB, malware defense and data loss prevention to ensure Acme Corporation remains at the peak of innovation while reducing cyberrisk and greatly improving the end-user experience.

iboss Academy Overview

THE ACME CORPORATION
IBOSS ZERO TRUST SSE OVERVIEW
IMPLEMENTATION STRATEGY
CERTIFICATION COURSE
COURSE SYLLABUS

Your Mission

The Certification Process

You have been hired by the Acme Corporation to implement the iboss Zero Trust SASE. The Acme Corporation would like to solve for all use-cases related to connecting and protecting sensitive resources, users and devices. Your job is to be the trusted professional that will design and implement the Zero Trust SSE cloud transformation. This includes connecting remote users to Acme Corporation applications that reside onsite and in the cloud. In addition, Acme Corporation would like to reduce costs by decommissioning legacy technology such as proxy security appliances that reside in the datacenter, VPNs that remote users leverage to connect to onsite resources, and Virtual Desktop Infrastructure (VDI) that is used to connect guests, contractors and high risk users to Acme Corporation sensitive data. By leveraging the budget from legacy technology that will be replaced by the iboss Zero Trust SASE, the cloud transformation to the iboss Zero Trust SASE will not only improve security and end-user experience for Acme by ensuring that security and logging is available everywhere, it will also provide substantial cost savings from the elimination of legacy appliances, the labor required to manage it, the datacenter space required to host it and ongoing future costs that are incurred in future hardware refresh cycles.

As you implement the iboss Zero Trust SASE for Acme Corporation, you will achieve iboss Zero Trust SASE certifications. The iboss Academy will provide you with hands on experience using the iboss Zero Trust SASE platform and implementing meaningful use cases that can be applied beyond the Acme Corporation.

iboss Zero Trust SASE Overview

The iboss Zero Trust Secure Access Service Edge is a platform that combines connectivity, such as ZTNA, and security capabilities such as CASB, malware defense, DLP and logging, into a single platform that automatically connects users and devices to all enterprise owned resources and the public Internet. It automatically encrypts all network traffic, including DNS, at all times regardless of location and redirects the traffic to the global Security Service Edge which provides connectivity and security capabilities. The iboss Zero Trust SASE platform will be used at Acme Corporation to perform the complete cloud transformation for connectivity and security.

Implementation Strategy

Core Zero Trust SSE Concepts

Before starting with any configuration, it is important to understand a core concept that is used for the foundation of any policies created within Zero Trust SSE framework. The Zero Trust journey is anchored around understanding clearly what is being protected. Zero Trust is anchored around three core variables:
1. The Resource
2. The Subject (i.e. User)
3. The Asset (i.e. Device)
These are the three key components that are interacting with each other and the foundation for the risk that is to be mitigated.

Certification Course Overview

The certification course will take you through deploying the iboss Zero Trust SASE at Acme Corporation. As the hired trusted IT and security consultant responsible for the design and implementation, you will gain a detailed understanding of the iboss Zero Trust SASE including how to create appropriate policies for connectivity and security.

What’s Needed for the Course

Requirement	Description
Acme Corp Virtual Windows Desktop	Acme Corp will provide you a virtual desktop environment that you will use during the course. You can connect to this desktop using a RDP client. This desktop will be used throughout the course which will represent an Acme owned asset. This desktop will be connected to the iboss Zero Trust SASE using the Cloud Connector agent. You will receive the credentials for the remote desktop before you start the course.
iboss Zero Trust SASE account	You will need an iboss Zero Trust SASE account which will represent the service that Acme Corporation will be connected to for security. The account should have Browser Isolation enabled for the guest, contractor and call center portions of the Acme deployment.
Access to the Identity Provider Azure AD	This will be used to configure authentication to Acme resources using the iboss Zero Trust SASE. Access to the Acme Corporation's Azure AD account will be provided.
Access to the Acme Corporation Office Environment	This is a simulated environment that is provided by iboss and represents the Acme Datacenter, HQ and Office.
Access to the VMWare ESX environment within the Acme datacenter which will run the iboss Network Connector	The iboss Network Connector creates tunnels from the Acme datacenter to the iboss Zero Trust SASE so that users can access Acme resources that sit onsite within the datacenter, HQ and branch office. The iboss Network Connector is a virtual appliance that is installed in the Acme datacenter within the VMWare ESX server sitting in that datacenter.

Course Outline

The iboss Zero Trust SASE certification course will be a journey of implementing iboss at Acme with the following steps.

Course Steps

The course will begin by providing a fundamental understanding of what the iboss Zero Trust Secure Access Service Edge is and its overall architecture. This will be important as it will set the foundation for the deployment strategy as well as the business and security outcomes that will be achieved during Acme’s cloud transformation.
Acme resources are then connected to the iboss Zero Trust SASE. Connecting Acme SaaS applications will be covered first.
Next, a fundamental understanding of what resource policies are and how they are used to protect Acme resources is provided. This will include creating and managing iboss Zero Trust SASE resource policies.
Acme owned devices are then connected to the iboss Zero Trust SASE using the iboss Cloud Connector agent. For this portion of the course, your laptop will be connected to the iboss Zero Trust SASE which will represent an Acme owned laptop.
The Acme Identity Provider (Azure AD) is then connected to provide modern authentication and MFA when accessing Acme resources.
This is followed by connecting Acme resources within the Acme datacenter, HQ and the branch office. This is accomplished by deploying the iboss Network Connector within the datacenter which will create tunnels to the iboss Zero Trust SASE that will be used to access onsite resources.
Security and compliance policies are configured to protect resources with compliance policies, CASB, malware defense and Data Loss Prevention.
Advanced continuous adaptive access policies are created using iboss Trust Algorithms to provide dynamic protection to Acme resources based on user and asset risk.
The Application & Service discovery dashboard is leveraged to discover resources within Acme for classification and cataloging.
iboss Browser Isolation is then used to connect call center agents through a VDI-like interface to critical Acme resources.
Guests are then connected using iboss Browser Isolation guest sessions.

GET IBOSS CERTIFIED

Download this Solution Brief Download PDF