Edge Security solutions secure your employees from threats coming into and out of the corporate estate regardless of whether they are working locally or remotely. They can also enable businesses to securely collaborate with third parties without the inherent security risks.
Almost all organisations need to use the internet as part of their daily workflows and gaining visibility of these interactions is crucial to any security strategy.
The traditional network perimeter has changed significantly in recent years, with the use of cloud & SaaS applications as well as hybrid working models. It is no longer possible to manage security solutions such as email gateways and web proxies in the same way. Organisations need to retain control and visibility of traffic coming in and out of corporate devices in multiple locations.
We work with leading vendors to provide enterprise-class web, email and network connectivity – extending your reach throughout the world.
Secure Service Edge
Zero Trust Network Access
Secure Service Edge (SSE) & SASE
Gartner termed SASE (Secure Access Service Edge) as a group of technologies that bring together networking and security tooling and incorporate the growth of service and Cloud SaaS utilisation. SASE includes; Cloud Access Security Brokers CASB), Secure Web Gateways (SWG), Firewall-as-a-Service and SD-WAN. SSE (Secure Service Edge) is a subset of these controls, focused on the user edge incorporating SWG, CASB and Zero Trust Network Access (ZTNA) into a single solution, whilst leaving Firewall and SD-WAN as the other components in SASE.
Web Security (SWG, RBI)
Web Security comes in a couple of different forms, some endpoint security solutions include browser plugins or HTTPS inspection locally on a single machine, whilst these can offer the basics of URL Blocking and Categorisation they may not be as effective as a full Secure web gateway solution.
Secure web gateways are solutions that are designed to protect an organisation’s network from cyber threats by inspecting and filtering internet traffic and blocking malicious content. They are usually deployed as a local gateway or a cloud proxy service. The advantage of Secure Web Gateways is that they provide visibility of all web access by a system, and can also apply organisational controls and add a layer of anti-malware to protect against file downloads and malicious scripts before they reach the endpoint. Additionally, many cloud SWG solutions add in elements of CASB features such as Cloud Application Controls and Shadow IT monitoring.
Remote Browser Isolation (RBI)
RBI is another Zero Trust based web security tool that minimises risk when users are accessing unsanctioned web services. RBI uses an appliance or cloud service to load web sites into a remote sandbox so that any code or malicious downloads are contained and do not reach the end user device. They can also be useful to limit data leakage using in-build DLP controls.
By default many organisations use either their ISPs DNS servers or a Public DNS provider such as Google (184.108.40.206). These services do not focus on security and will resolve any domain name regardless of risk. Secure DNS providers enable organisations to block known malicious domains as well as configure blocked and allowed domains/categories based on policy.
As corporate and personal email remains the number one entryway for cyber attacks, cutting-edge email security is essential. Protection today covers many areas to give the best cover for organisational data.
Secure Email Gateways
Secure Email Gateway (SEG) are great at looking for known malicious domains and IPs as well as enforcing policy based on SPF/DKIM/DMARC. They can also add in controls for sender/recipient, attachment filters, Data Loss Prevention and transport encryption.
API Based Email Security
Unfortunately, gateway-based email security tools only offer point-in-time protection so the growth in API based solutions enable many features such as: phishing protection, just-in-time link protection, machine learning and writing-style-analysis to better protect businesses from phishing, business email compromise (BEC) and compromised email accounts.
Zero Trust Network Access (ZTNA)
ZTNA builds on the Zero Trust security model and applies it to network access. Zero Trust implies that the device, user and service are not explicitly trusted and each element needs to be authorised. ZTNA can be seen as a replacement for traditional VPN and remote access tools. ZTNA typically requires device posture checks including: managed/unmanaged, AV, Encryption as well as user authentication via an IdP. As a result, the ZTNA solution is able to provide granular access to internal or cloud-based services based on policy and role.
Secure Remote Access
Many organisations have the requirement for third parties and contractors to connect and use RDP and SSH sessions or utilise HTTP(s) business applications. Traditionally this has been done using SSL VPN, however with technologies like ZTNA we can provide an access gateway to specific hosts.
Software Defined Perimeter & SD-WAN
Organisations with multiple sites and data centers used to rely on site-to-site VPN or expensive MPLS / fibre connections. With SD-WAN organisations can interconnect sites, cloud services & data centers with cloud-first centrally managed firewalls which provide increased visibility and security controls. They can also optimise connections to reduce the cost of physical infrastructure.
At ITB we are always looking for the latest technology, whether this is to allow external access to business applications, or to secure your employees wherever they roam. We have the expertise to design your cybersecurity strategy by reviewing the security market for the right solutions for you.
Talk to a Cyber Advisor
Our Cyber Advisors have excellent knowledge on Edge Security solutions, request a call back to speak to us about your requirements
Managed Edge Security Services
ITB have been providing managed email and web security services for over ten years and have recent experience of deploying and managing CASB & SSE solutions for our clients. We can provide cloud-first Zero Trust Network Access to enable you to confidently embrace the hybrid working model.
We also have a great relationship with select SD-WAN service providers who are able to offer managed networking services.
See how our Managed Services can increase your security posture without the need for internal resources or skill sets.