What is Zero Trust
Platform
- Security, Authorization & Access Controls
  Provides CASB, Malware Defense and DLP Across All Users, Devices & Resources
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all applications
  - Adaptive Access Policies
    Provides Continuous Conditional Access to Apps, Data & Services
  - Criteria-Based Access Policies
    Provides Role-Based Access to Sensitive Apps & Data
  - ChatGPT Risk Module
    Monitors and Secures User ChatGPT Conversations
  - Malware Defense
    Prevents Ransomware & Device Infections
  - Data Loss Prevention
    Ensures Sensitive Information is not Lost
  - RBI and Browser Isolation
    Provides Contractors, 3rd Parties & BYOD Secure Access to Resources
  - Device Posture Checks
    Including Anti-malware, Firewall & Disk Encryption for Compliance
  - SSL Decryption
    Ensures Policies & Protection Apply to Encrypted Content
  - Secure Mobile Users
    Automatically & Transparently Secure All Traffic From Devices In & Out of the Office
  - Outbound Firewall Protection
    Extends Beyond the Physical Network Perimeter
  - DNS Security
    Quickly Secures BYOD Networks with Simple Configuration
- Application & Data Discovery
  Clearly Understand What Needs Protection
  - CASB
    Provides In-App Controls for Granular Access Decisions
  - Built-in Resource Catalog
    Enables Classification of Protected Apps and Services
  - Asset & Device Catalog
    Ensures Devices are Healthy, Compliant & Secure
  - Resource Labeling by Type & Security Objective
    Enables Risk Assessments and Understanding Business Impact of Sensitive Resources
  - Automatic Resource Discovery & Classification
    Reduces Overhead on Security Teams and Identifies Shadow IT
- Federated Identity Provider Integration
  Eliminates Unauthorized Users and Provides Role-Based Access Policies
  - SSO Identity Providers
    Integrates with Identity Providers Including Azure AD, Okta, Ping, SAML, OIDC
  - Step-Up Authentication
    Ensures the Right Level of Identity Confidence When Accessing Sensitive Resources
  - Group-Based Policies
    Leverage Okta, Azure AD and SAML Providers to Simplify Creation & Management of Security Policies
  - SSO for Legacy Apps
    Ensures Modern Authentication is Performed Even When Apps Do Not Support It
  - Supports Multiple Concurrent Identity Providers
    Authenticate Users Across Multiple Domains
- Alerting, Auditing, Logging & Reporting
  Provides In-Depth Detailed Visibility For Security Teams Across All Users, Devices & Transactions
  - Detailed Logging and Reporting
    Provides Visibility for Every Resource Transaction
  - Risk & Threat Reports
    List Infected Devices & High Risk Users
  - Digital Experience Management
    Provides Insights Into End-user Experience While Leveraging Business-critical SaaS Applications
  - Next-Gen Incident Dashboard
    Monitor and Instantly Address Security Threats
  - ChatGPT Risk Module
    Controlled Use of ChatGPT With Security and Monitoring
  - SIEM Integration
    Ensures Logs Are Copied to External Databases
  - Splunk Enterprise Security Add-On
    Automatically Populate Your Splunk Dashboards With Valuable Data
  - Integrates with Your Security Stack
    Including ICAP, Proxy Chaining and Log Forwarding
- Cloud Security & Connectivity
  Easily Protect Apps & Data Across SaaS, Cloud & Datacenters
  - iboss Zero Trust SD-WAN
    Streamline Connectivity & Security with iboss Zero Trust SD-WAN
  - Azure Cloud Security Gateways
    Extend the Security Edge Natively, Ensuring Robust Protection While Reducing Backhauling Costs
  - iboss ZTNA VPN Co-Pilot
    Provides a Transparent and Seamless Transition From VPN to ZTNA
  - Connect Organization Owned Devices
    Provides Access & Ensures Compliance Checks
  - Connect SaaS Apps
    Including O365 & Teams to Offload Overloaded On-Prem Proxies
  - Connect Cloud Providers
    Including AWS & Azure to Protect Multi-Cloud Resources
  - Connect On-Prem Resources
    Within Datacenters with Drop-In Proxy Replacements Eliminating High Renewal Costs
  - Terminal Server Protection
    With Unique Policies & Logging for Each User
  - IPsec & GRE Tunnels
    Provides Branch Office Local Internet Breakouts to Cloud Security
  - Private On-Prem Gateways
    Extends the Security Service Edge into the Datacenter to Protect Local Resources
  - Offload MPLS
    MPLS & SD-WAN Become More Efficient with Cloud Security
  - Dedicated Cloud IPs
    Enable Resource Anchoring to Ensure Proper Authorization & Third-Party Integration
Industry
- Mitie Switches to iboss For Fast and Secure Connections
  Mitie, a Global Provider of Smart Spaces, successfully migrates 8,500 devices from Zscaler to iboss in under 3 weeks.
  View Case study
- Business
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Cloud-Based Branch Office Web Security
    Eliminate data backhaul to on-prem appliances from remote offices
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to Any External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Ensure GDPR Compliance
    The iboss cloud allows admin configurable zones to ensure cloud security is applied while meeting regulatory requirements
- Healthcare
  - For Healthcare
    Fast and Secure Connectivity from Anywhere, Designed for Healthcare
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all cloud applications
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Integrates with your existing security stack
    Easily integrate iboss cloud with your existing workflows using a 100% open API
  - Terminal Server Protection in the Cloud
    User based policies and reporting for Windows Terminal Servers
  - Make MPLS and SD-WAN More Efficient with Cloud Security
    Send internet traffic directly to the cloud from branch offices to alleviate this load from private site-to-site connections
  - Data Loss Prevention
    Secure sensitive data with data loss prevention
- Finance
  - For Finance
    Fast and Secure Connectivity from Anywhere, Designed for Financial Institutions
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all cloud applications
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Integrates with your existing security stack
    Easily integrate iboss cloud with your existing workflows using a 100% open API
  - Terminal Server Protection in the Cloud
    User based policies and reporting for Windows Terminal Servers
  - Make MPLS and SD-WAN More Efficient with Cloud Security
    Send internet traffic directly to the cloud from branch offices to alleviate this load from private site-to-site connections
  - Data Loss Prevention
    Secure sensitive data with data loss prevention
- Education
  - Student Risk Module Identifies Threats
    Safeguard Student Risk to monitor signs of cheating, suicide, drug use, bullying, violence, and mass shootings, to protect students & schools
  - Web Filtering for CIPA Compliance
    Streamline web filtering and CIPA compliance for students whether on campus or at home
  - Granular Student Web Activity Reports
    Generate detailed web activity history reports for any student which includes on-campus at home Internet use
  - YouTube and Social Media Controls
    Safe access to Google, YouTube and social media including Safe Search enforcement
  - Automatic Safe Search Enforcement
    Enforce Safe Search across search engines including Google, Bing, Yahoo and YouTube
  - Create Teacher and Student Based Policies
    Flexible filtering polices for teachers vs. students across any device on or off network
  - Cloud Web Security for One to One Initiatives
    Easily take home devices in the cloud to ensure CIPA compliance at all times
  - Ensure Fast Connections During State Testing
    Achieve seamless and uninterrupted state testing
  - iboss Classroom Management
    Visually monitor the activities of all of your students, from any location
- Government
  - For Government
    Fast and Secure Connectivity from Anywhere, Designed for Government
  - Secure Access Service Edge
    The most advanced SASE and Zero Trust platform that allows users to work from anywhere with fast and secure connections to all cloud applications
  - Complete Data Isolation & Extensible Platform for Government Entities
    The best choice for government entities for fast and secure connections for users from anywhere with a SASE platform that completely isolates network data traffic
  - Private Access VPN Replacement
    Replace VPN with Zero Trust Network Access allowing users to connect to private applications from anywhere
  - Microsoft 365 Features & Integration
    Native Microsoft integrations including Office 365, Microsoft Cloud App Security CASB and Azure
  - Stream Cloud Logs to External SIEM
    Gain visibility into web activity by streaming real-time log events directly from iboss cloud to your existing logging database or SIEM
  - Integrates with your existing security stack
    Easily integrate iboss cloud with your existing workflows using a 100% open API
  - Terminal Server Protection in the Cloud
    User based policies and reporting for Windows Terminal Servers
  - Data Loss Prevention
    Secure sensitive data with data loss prevention
Use Cases
- Replacement Use Cases
- Replace VPN with ZTNA
- Replace Proxy with SSE
- Replace VDI with Browser Isolation
Resources
- Award Winning Cloud Security Platform
  The iboss Zero Trust Secure Access Service Edge is consistently recognized as an industry leader in cloud security. Our patented containerized cloud architecture ensures secure, fast and reliable connectivity to cloud applications from any device, from any location.
  View Awards & Recognition
- Cloud Data Centers
  View Global Cloud Points of Presence that deliver the iboss Zero Trust SASE
- Cloud Status
  View real time status of the global Zero Trust Security Service Edge
- News
  See iboss in the latest news
- Blog
  Latest insights on Zero Trust Security Topics
- Events
  Join us for upcoming events and webinars
- FAQ
  Get answers to frequently asked questions
- Solution Briefs
  Detailed solution briefs covering iboss Zero Trust Security Use Cases
- Reviews
  Recognized by industry experts as the leading Zero Trust Security Platform
- Case Studies
  Learn how the iboss platform has been leveraged by leading organizations around the world
- Cloud Compliance
  The iboss global cloud fabric meets industry standards and certifications, including SOC1, SOC2 and ISO compliance
- Patents
  The iboss platform is protected by over 250 issued and pending patents
- Demo Videos
  View videos and demos of the iboss Zero Trust Platform
- Awards
  The most award winning Zero Trust Security Service Edge
- Careers
  Join the iboss team
Partners
- iboss Partners
  Partnering with iboss for Success
- Technology Alliances
  The iboss Cloud Platform extends capabilities with leading Technology Alliances Partners
- iboss MSP
  Scale your MSP offering by leveraging iboss to secure Internet access in the cloud
Get Demo
Get Pricing

Use Case

Reduce or Eliminate Network Security Infrastructure at the Corporate Datacenter

The iboss Cloud Platform can eliminate network security and proxy appliances hosted at the corporate datacenter

Most organizations have been tasked to reduce or eliminate the corporate datacenter. This migration is occurring in an effort to become cloud-first in order to reduce costs and operational overhead. The migration from hosting applications on infrastructure to consuming those same applications in the cloud not only is more efficient, it enables organizations to work faster and be more productive by getting the benefits of SaaS, without worrying about the infrastructure overhead.

With these data center reduction efforts, server and network infrastructure must be eliminated or migrated to cloud services. Some of those services will move to cloud infrastructure providers while others will be transformed to SaaS applications. Within the datacenter, there are likely a lot of network security appliances, including proxies, to protect end users and servers. These network security appliances were designed to protect fixed servers which are disappearing and end users which are leaving the office. However, the need to protect end user connections has never been greater or more difficult, given the users are working on untrusted networks, consuming a lot of bandwidth and working from home.

The iboss cloud platform is the SaaS equivalent of the network security infrastructure and appliances, such as proxies, with the same features and capabilities delivered without appliances and completely in the cloud. This allows end users to connect quickly to cloud applications and resources while providing network and security administrators the ability to protect those connections from phishing, malware and data loss. Since the iboss cloud platform runs in the cloud, it scales infinitely as bandwidth and cloud application consumption increases, without increasing costs.

The Problem

As a network or security administrator, you’ve been tasked to reduce or eliminate the datacenter. You know, however, this will be challenging as there are many network and security policies in place that need to be applied for compliance and security. In addition, due to increases in bandwidth and cloud application consumption, the volume of bandwidth has increased exponentially driving the number of proxy appliances and network security firewalls up, including costs and management. The users that are protected by these appliances have also left the office, and may no longer return with new corporate work from home policies. The same level of network security must be applied to those users to prevent phishing, malware and data loss in addition to gaining visibility into cloud use.

The migration may also take some time. And some servers and on-prem IoT infrastructure may remain during and even after the migration. Heavily changing the network topology for some aspects of the network may not be feasible and must be taken into account during this migration.

The iboss cloud provides the same capabilities found in advanced proxies and next-gen firewalls as a SaaS service, delivered in the cloud. It is designed for both the network and security teams and meets the requirements of both fast connectivity while providing security to connections while users are in the office or working from home. It scales infinitely as it runs in the cloud, giving it the capacity to inspect and protect an infinite amount of bandwidth, including decryption, without increasing costs. And, it eliminates the network security appliances from the data center helping to achieve cloud first initiatives.

Typical Challenges

Must eliminate or reduce infrastructure in the datacenter, including network security appliances such as proxies and next-gen firewalls
Must ensure network security policies remain in place after the data center reduction
Must ensure that mobile and work from home users are protected from phishing, malware and data loss as they connect to the cloud
Must have visibility into network activity while users work out of the office
Must support decryption of HTTPS traffic to protect from malware and data loss without increasing costs
Must be able to deal with increases in bandwidth without increasing infrastructure footprint and infrastructure costs
Must ensure that migration will not cause network interruptions and reduces risks related to connectivity outages
Must ensure that IP Address space that is used for application IP access restrictions is available in the new solution and that the solution provides dedicated IP Address space for Access Control Lists

Must support IoT and other network devices that may not be proxy aware or cannot authenticate to proxies
May need native hybrid approach for situations where private cloud gateway appliances make sense.
Ideally, the private cloud appliances are managed by the service and are drop-in replacements for the legacy traditional proxy appliance infrastructure
Ideal if the policies that are in place with the legacy proxy infrastructure can easily be migrated so that interruptions to security and audit teams are not interrupted.
Would like to ensure that branch offices can run through the cloud solution to minimize the number of remote firewall and proxy appliances hosted at the branch offices
Must ensure that private HTTPS keys used for decryption remain isolated and controlled
Must ensure data sovereignty requirements are being met as appliances are decommissioned, especially if the solution runs in the cloud as a SaaS offering

How the Solution Works

The iboss cloud platform runs in the cloud, as a SaaS offering, with all of the capabilities found in advanced proxies and the security features found in next-gen firewalls. The iboss platform is built on a containerized architecture which guarantees that any feature that can be delivered with network security appliances, can be delivered with infinite horizontal scaling in the cloud. It can be used to completely decommission on-prem proxy appliances and turn off next-gen security features in the firewall as those same features can be delivered instantly, and at scale, in the cloud.

To leverage the iboss cloud platform, first route network data through the iboss cloud service. This can be achieved using a variety of methods with the most flexibility on the market. For example, GRE or IPSec tunnels can be created from the offices to the service to automatically route network data headed to the cloud through the iboss cloud platform first. Private cloud containerized gateway appliances can be dropped in the place of legacy proxy appliances without changing network topology, authentication, or existing data redirection techniques. Unlike legacy proxy appliances, the private cloud containerized gateway appliances are completely managed by the cloud service and treated as another data center linking to the global iboss cloud SASE footprint. Network data is processed within the containerized private cloud gateways and sent directly to the cloud, eliminating any extra hops. This is ideal for large sites or locations where changing network topology is highly restrictive. In addition, since the private cloud containerized gateway appliances are linked to the global SASE footprint, a consistent global policy can be applied across the organizations, from infrastructure to remote users.

For truly Zero-Trust models, iboss provides agents, called cloud connectors, for virtually every operating system that will automatically connect users and devices to the cloud service in seconds. The cloud connectors can be pushed in mass using Active Directory Group Policy (GPO), Mobile Device Management (MDM), SCCM or any other bulk deployment strategy. In addition to connecting users and devices to the cloud service, the cloud connectors also install the root MITM decryption certificate, extract the logged in username, device name and end-user groups for dynamic ZTNA policy assignment. With cloud connectors, having users work from the office or from home is no different. In addition, the iboss cloud connectors can route all traffic through the cloud service, not just web browsing traffic, to provide protection across all network traffic. Users are always connected through the iboss cloud service before accessing anything in the cloud protecting the organization from phishing, malware and data loss as well as providing CASB visibility regardless of the user location. In essence, the device becomes the new network perimeter.

Network Architecture Scenarios

If users are using VPNs, traffic from the VPN is offloaded using split tunneling. Only traffic that will end up in the office should be sent through the VPN while all other traffic, the vast majority of it, is sent through the iboss cloud. The split tunneling works by setting iboss as the default VPN route. The specific office destinations are configured as explicit routes. The iboss agents are completely compatible with all VPN clients, run silently, can be pushed out via bulk deployment methods instantly and have the ability to send ALL cloud traffic through the iboss cloud service for inspection and protection.

Bad

Sending all traffic through a VPN to a datacenter hosting proxy appliances is the worst case scenario and will lead to slow and unusable connections for users, especially remote workers.

Better

Leverage iboss as your Secure Access Service Edge (SASE) platform for internet bound traffic. Offloading Internet bound traffic to iboss while only sending traffic that terminates at the office through the VPN will greatly improve the end user experience by increasing connection speeds dramatically. The iboss cloud connector takes the default route on the end user device and automatically redirects all non-private traffic through iboss cloud for security. This improves user productivity and streamlines connections to Office 365, Zoom, Teams, and other cloud applications. It also reduces the proxy and network security appliance footprint and the data center as all heavy traffic processing is performed within iboss cloud which has infinite scale.

Best

Leverage iboss as your Secure Access Service Edge (SASE) platform for ALL network traffic, both public and private, so that users are connected directly to any cloud resource quickly and securely. Sending all traffic through iboss cloud, both private and public, connects users to all cloud resources quickly and securely based on user identity and role. It eliminates costs by eliminating proxy and network security appliances hosted at the data center or office by performing security functions in the cloud and eliminating VPN infrastructure. Users connect to iboss cloud and all traffic to Office 365, cloud applications and video conference apps such as Zoom and Microsoft Teams is sent directly from the user to the cloud application with no extra hops to on-prem infrastructure. Since iboss is connected to all resources, public and private, it can connect users directly to those resources based on user role with speed and security while greatly reducing infrastructure costs, management costs and improving user productivity as they work with the network speed necessary to use cloud applications efficiently. The iboss platform is the premier SASE and Zero Trust platform that is the center piece of your cloud transformation.

The iboss Platform is the Premier Global SASE Platform which is Natively Designed to Protect Azure Resources

The iboss platform is natively integrated with Microsoft Office 365. As a zero-trust SASE platform, the iboss cloud platform can grant or deny access to cloud resources based on user context by connecting user security groups and OUs from Azure ADFS automatically. The built-in iboss cloud CASB visibility can be tied to Microsoft Cloud App Security, so that policies configured in MCAS automatically sync to the inline data path protected by iboss. Logs generated from a remote work force can be connected with Sentinel to provide more visibility and context to security admins. Any infrastructure running the Azure cloud can have their connections automatically secured by the iboss platform with a few clicks without ever deploying a virtual firewall providing true, complete SaaS network security. The following shows how iboss provides the “centerpiece” for any Microsoft Office 365 strategy, by providing the fastest and most secure connection to the cloud and to the Microsoft Office 365 suite.

Instant Benefits and Savings

The iboss cloud platform provides instant benefits and savings as the friction to purchase and implement appliances is eliminated. As bandwidth and encrypted traffic increases, the iboss cloud platform scales automatically while maintaining costs. It’s delivered globally so that data center footprints can be reduced while remote workforces are protected with ease. Because branch offices, users and corporate offices are connected through iboss directly to the cloud without unnecessary backhauling or network hair-pinning, network speeds increase, costs go down and productivity goes up.

Take the next step in shifting to the world’s largest security platform built for the future.

Sign up for a demo to see how the iboss Cloud Platform closes network security gaps, reduces costs, and helps empower your remote workforce.

REQUEST DEMO CONTACT US