Skyhigh Security Service Edge Key Features
Skyhigh Security Service Edge (SSE) provides a single solution that enables you to apply a single, consistent web security and threat protection policy on devices and in the cloud.
The SSE solution allows you to control access to cloud services, protect against web threats and insider threats from them, and enforce web policies, from a single cloud-native user interface.
- Centralized policy definition — Protect against threats and data loss by creating web policy within Skyhigh CASB, synchronizing web policy across devices, networks, and the cloud and allowing you to enforce it consistently.
- Unified classification management — Edit and manage classifications from a single console, and apply to either cloud or web policies.
- Control access to all cloud applications — One console to manage and deliver cloud application control, tenant restrictions and zero-day malware protection.
- Acceptable use policy enforcement with advanced malware protection — Application Control blocks uploads to high risk apps or personal accounts, and malware scanning for apps.
- Cloud data and permission controls — Gain visibility and control over sanctioned cloud services using either API integrations and reverse proxy, and unsanctioned services using forward-proxy. Control access from a single console.
- Manage Client Proxy from Skyhigh Security Service Edge — Use SSE to set up and configure Client Proxy, to redirect traffic through Secure Web Gateway for filtering.
- Route web traffic securely and efficiently — SD-WAN partners secure web traffic from remote sites or branch offices using IPsec or GRE protocols, allowing it to be routed directly to Secure Web Gateway where it is filtered according to web policy.
- Threat protection — Detect and respond to threats with Skyhigh CASB’s threat protection user interface, supported by activity monitoring, user-behavior, geo-location, and privileged user analytics.
- Support for Skyhigh Mobile Cloud Security — Manage Skyhigh Mobile Cloud Security through SSE to redirect HTTP/HTTPS traffic from mobile devices to Secure Web Gateway for filtering.
- Centralized incident management — View and manage incidents generated by web and cloud policies in a single location in the UI.
- Remote Browser Isolation — Ensure safe access for users to potentially malicious content by isolating browsing on a remote server, controlled by web policy rules.
Secure Web Gateway key features
- SAML, IP address range, IPsec and GRE authentication methods — Authenticate users requesting cloud access.
- Secure Channel — Establish a secure communication channel between Client Proxy and Secure Web Gateway for all HTTP/HTTPS requests. This is applicable only for cloud proxies.
- Reporting — Provides productivity, web activity, web policy enforcement, and web security overview reports.
- Traffic redirection — The software redirects web traffic to proxy servers for filtering according to the settings in the Client Proxy policy.
- Location-awareness — Location-awareness settings allow one policy to cover users working inside the network, outside the network, or connected to the network by VPN.
- Transparent authentication — Client Proxy authenticates users without prompting for credentials and passes group membership and other information in metadata that it adds to HTTP/HTTPS requests.
- Tamper resistance — Users are not allowed to remove Client Proxy software from the endpoint or bypass the policy without requesting and receiving a temporary release code from an administrator.
- Added context — Adds context such as process name, host name, operating system type, operating system version, system name to a request, which is used for filtering traffic.
- Administrator controlled temporary bypass — Administrators can temporarily disable Client Proxy for specified duration and it gets re-enabled automatically. Users are not allowed to independently disable or bypass Client Proxy.
- Application agnostic — Redirect, authenticate, and add context to web traffic from any application regardless of whether or not the application is proxy aware.
Web policy key features
- Default policy in place — Protect against full range of web threats immediately after setup with best-practice settings. These include global block and bypass lists, HTTPS scanning, web filtering, content inspection, application control, and threat protection.
- URL filtering — Uses allow lists, block lists, and reputation categories based on risk levels determined by Skyhigh Security Global Threat Intelligence™ (GTI). GTI evaluates website reputation based on past behavior and assigns websites to categories of high, medium, low, and unverified risk. It collects, analyzes, and distributes data in real time from sensors in more than 120 countries. Simplify policy rules by assigning similar websites, web applications and file types to groups.
- Web content filtering using the Web Category Filter — Assigns websites to categories based on content. This filter allows or blocks access to specified content, such as blocking access to gambling sites.
- Web application filtering using Application Control — Assigns web applications to categories by type. This filter allows or blocks access to web applications individually or by category. For example, it can block file uploads to file-sharing applications in the cloud.
- Media type filtering using the Media Type Filter — Categorizes files by document type or audio or video format. This filter allows or blocks access to specified media types, such as blocking access to streaming media.
- HTTPS scanning — Includes full decryption and content inspection.
- Web filtering — Simplifies policy rules by assigning similar websites, web applications, and file types to groups.
- Web content filtering using the Web Category Filter — Assigns websites to categories based on content. This filter allows or blocks access to specified content, such as blocking access to gambling sites.
- Web application filtering using Application Control — Assigns web applications to categories by type. This filter allows or blocks access to web applications individually or by category. For example, it can block file uploads to file-sharing applications in the cloud.
- Media type filtering using the Media Type Filter — Categorizes files by document type or audio or video format. This filter allows or blocks access to specified media types, such as blocking access to streaming media.
- Remote Browser Isolation —
- Risky Web isolation — Automatically isolate a user's browsing when a website is considered a potential risk.
- Full Isolation — Enable browser isolation by default for web access based on your own selected criteria. Control exceptions, such as applying or exempting access from isolation by domains, IP addresses or URL categories, allowing or blocking uploads and downloads, copying and pasting, and blocking cookie storage. Full Isolation is available as part of Skyhigh Security Service Edge with an additional license.
- Flexibility to adapt and fine-tune — Modify web policy rules to suit different environments and meet individual requirements.
- Modular structure for ease of use — Rules for different fields of web security bundled in rule sets to ensure user-friendly handling.
- Scope limits configurable — Enforce tailored web policies on regions, IP address ranges, and user groups.
- Extend coverage with rule set library — Import more rule sets created by web security experts from the library to extend protection and cover new threats.
- Code accessible — Permissions allow administrators to implement advanced web policy design through code access.
- Antimalware filtering — Blocks malware in-line using traditional antivirus and behavior emulation technology. The Gateway Anti-Malware Engine filters web traffic, detecting and blocking zero-day malware in-line using emulation technology before user devices become infected.
- Allow access to websites with coaching — Allow access to blocked websites for specific users with a business reason to visit.
Data protection key features
- Skyhigh Security Share pre-defined classifications across web and cloud — Use the same set of pre-defined classifications across cloud and web policies.
- Policy Wizard — Use the Wizard to create complex data protection policies quickly and easily, to prevent data leaking out.