Security as A Service Edge (SASE)

With remote work on the rise, today’s enterprises are highly distributed with users and applications residing

everywhere. At any given time, a user can simultaneously be connected to the corporate data center and a cloud SaaS app while collaborating on a video conference and looking up something on the internet. Connecting users directly to the internet and cloud applications instead of backhauling traffic through a data center security stack provides a better user experience.

But is it secure?

To address this digital transformation, technology is emerging to converge networking and security into a

cloud-delivered secure access service edge (SASE). Gartner describes this need to shift the focus of network and security design from the data center to the identity of the user and device in their paper “The Future of Network Security is in the Cloud.” The SASE vision is available today.

With integrated security, traffic can be decrypted once and inspected in a single pass.

Application control, URL filtering, and content awareness (DLP) enforce safe web use.

IPS, anti-bot, and antivirus protect customers from known threats. HTTPS inspection

safeguards companies from threats trying to hide inside encrypted HTTPS channels.

 Preventing threats before the damage is done saves staff valuable time when responding to threats. NHC Sandblast Zero-Day Protection is a cloud-hosted sandboxing technology that quickly quarantines and inspects files by running them in a virtual sandbox to discover malicious behavior before it enters your network. 

 Apply a consistent security policy to protect remote offices and users. Centrally manage cloud security service policy and threats using a browser connected to the customer’s cloud tenant. Securely Connect Remote Users Authenticate and secure remote user connections to the internet. A lightweight client authenticates to the cloud security service. SSO options with SAML identity provider such as Okta, Ping Identity, OneLogin, ADFS, and Azure AD are available. Data in transit from the client to the cloud service is private and secured in an IPSec VPN tunnel. The cloud security service inspects the connection to the internet in a single pass according to policy. 

We provides Layer-7 access to only the applications allowed by policy after authenticating the user.  Authentication and authorization is set before the user logs in. Also, application connectors conceal the

datacenter applications from discovery and DDoS attacks. Corporate Access provides granular access control over and within each resource based on the dynamic and contextual assessment of user attributes and device state. A rich set of rules can be enforced across all user, server, and enterprise data stores including user commands and database queries. Reduce the risk of lost or compromised keys by managing

SSH keys in a central and secure location.

Get a full audit trail of user activity, including executed SSH commands. All audit logs are tied to users’ accounts and devices and can be exported to your SIEM for additional contextual data. Control access to sessions and block suspicious commands in real time.

Engineering teams need to leverage the agility and flexibility of cloud-based development and production

environments, without compromising security. Corporate Access privilege access management (PAM) provides automated cloud asset discovery, tag-based policies, secure key management, and SSO session recording. Administrators can leverage the cloud-native access platform to effortlessly provision and deprovision access to virtual machines, applications, or IaaS/PaaS services as needed.