CLOUD SECURE EDGE
SonicWall Cloud Secure Edge (CSE), formerly Banyan Security, easy to adopt Security Service Edge (SSE) solution, enabling your workforce to securely access any resource from any device. It delivers simple, secure, zero trust access to private and internet resources for all your employees and third parties, regardless of their network location. To accomplish that, CSE combines the functionality of multiple traditional network appliances – remote access VPN, web proxy, firewall, etc. – into a unified cloud-delivered solution, improving the security posture and user experience for the entire workforce.
Datasheet: https://www.sonicwall.com/resources/datasheet/clou...
|
|
|
|
|
Zero Trust Network Access (ZTNA) - application and infrastructure access Simple, least-privilege access to applications and services across hybrid- and multi-cloud infrastructure, leveraging your existing enterprise identity and security tool investments.Simple, least-privilege access to applications and services across hybrid- and multi-cloud infrastructure, leveraging your existing enterprise identity and security tool investments. |
Virtual Private Network-as-a-Service (VPNaaS) - network access Modern, high-performance, tunnel-based access to networks, incorporating zero trust enhancements like continuous authorization and device trust. |
Cloud Access Security Broker (CASB) - SaaS application access security Layered security that provides easily managed controls for who can access your SaaS applications, and which devices they can use to connect. |
Secure Web Gateway (SWG) - internet threat protection Protects users from being phished, straying onto malicious websites, or being exposed to ransomware. Optional controls enable organizations to block specific website categories , such as gambling and pornography. |
SonicOS Cloud Secure Edge : Feature Guide
Cloud Secure Edge - Private
Cloud Secure Edge - Internet
Secure Private Access (SPA) and Secure Internet Access (SIA) SKUs are both available in two tiers: Basic and Advanced. What you get in each:
| Secure Private Access | Secure Internet Access | |||
| Feature | Basic | Advanced | Basic | Advanced |
| Core Capabilities | ||||
| ZTNA Tunnel (VPNaaS) to enable access to specific networks | ✔ | ✔ | ||
| ZTNA Proxy to securely connect to internal HTTP applications and TCP services | ✔ | |||
| DNS-Layer Security for Internet threat protection | ✔ | ✔ | ||
| Cloud Access Security Broker (CASB) to enforce device trust polices for SaaS applications | ✔ | |||
| Advanced Secure Web Gateway (SWG) to filter out malware and other threats hidden in encrypted web traffic | ✔ | |||
| Secure Network Access | ||||
| Private Networks (RFC-1918 ranges) and domains (internal DNS servers) | ✔ | ✔ | ||
| Split Tunneling to specific subnets and domains (private or public) | ✔ | ✔ | ||
| Full Tunneling for all traffic | ✔ | ✔ | ||
| Network / Layer 4 polices based on CIDRs and FQDNs | ✔ | ✔ | ||
| Secure Access to Private Resources | ||||
| Internal Websites access using browser-only OpenID Connect flows | ✔ | |||
| SSH to Linux servers | ✔ | |||
| RDP to Windows machines | ✔ | |||
| Native clients to access database servers such as PostgreSQL and MySQL | ✔ | |||
| Kubernetes client to access cluster | ✔ | |||
| SSH Certificate Authentication, Authorize Principals, and audit logging | ✔ | |||
| Layer 7 policies to access APIs, webpages | ✔ | |||
| Internet Threat Protection | ||||
| DNS Layer Security blocking domains with malware, phishing, botnet, and other risks | ✔ | ✔ | ||
| Content categorization | ✔ | ✔ | ||
| Custom blocking | ✔ | ✔ | ||
| SaaS Application Security | ||||
| Visibility into Cloud Applications / Shadow IT | ✔ | |||
| IP Allowlisting for Cloud Applications through SonicWall Edge | ✔ | |||
| Device Trust for Okta | ✔ | |||
| Device Trust for Azure AD | ✔ | |||
| Device Trust for other IDPs such as OneLogin, Jumpcloud | ✔ | |||
| Web Content Filtering Service | ||||
| URL Filtering | ✔ | |||
| Malware Protection | ✔ | |||
| Users and Devices | ||||
| Passwordless Authentication via IDP Federation | ✔ | ✔ | ||
| Policy-enforced access from Unregistered Devices with a trusted device certificate | ✔ | ✔ | ||
| Clientless access | ✔ | ✔ | ||
| Service Accounts (API tokens for programmatic access such as scripting and automation through the Data Plane) | ✔ | ✔ | ||
| SCIM integration to manage user assignments | ✔ | ✔ | ||
| EDR integrations (e.g. CrowdStrike, SentinelOne, Microsoft Defender) | ✔ | ✔ | ||
| MDM/UEM Integrations (e.g. JAMF, Kandji, Jumpcloud, Intune, Workspace One) | ✔ | ✔ | ||
| Visibility and Compliance | ||||
| SIEM Integration (eg. Splunk, Elastic, Sumo Logic) | ✔ | ✔ | ||
| Private Network Discovery (non-approved applications accessed by user or devices) | ✔ | n/a | ||
| IaaS Resource Discovery | ✔ | n/a | ||
| SaaS Application Discovery | n/a | ✔ | ||
| Operations and Automation | ||||
| Private Edge Deployment: Host SonicWall’s identity-aware gateway in your own infrastructure | ✖ | n/a | n/a | |
| Services and Support | ||||
| 24x7 Support | ✔ | ✔ | ✔ | ✔ |
| Premier Support | add-on | add-on | ||
| Remote Implementation Services | add-on | add-on | ||
