UK Sales: 0330 1340 230

CLOUD SECURE EDGE

SonicWall Cloud Secure Edge (CSE), formerly Banyan Security, easy to adopt Security Service Edge (SSE) solution, enabling your workforce to securely access any resource from any device. It delivers simple, secure, zero trust access to private and internet resources for all your employees and third parties, regardless of their network location. To accomplish that, CSE combines the functionality of multiple traditional network appliances – remote access VPN, web proxy, firewall, etc. – into a unified cloud-delivered solution, improving the security posture and user experience for the entire workforce.


Datasheet: https://www.sonicwall.com/resources/datasheet/clou...


Zero Trust Network Access (ZTNA) - application and infrastructure access Virtual Private Network-as-a-Service (VPNaaS) - network access Cloud Access Security Broker (CASB) - SaaS application access security Secure Web Gateway (SWG) - internet threat protection

Zero Trust Network Access (ZTNA) - application and infrastructure access

Simple, least-privilege access to applications and services across hybrid- and multi-cloud infrastructure, leveraging your existing enterprise identity and security tool investments.Simple, least-privilege access to applications and services across hybrid- and multi-cloud infrastructure, leveraging your existing enterprise identity and security tool investments.

Virtual Private Network-as-a-Service (VPNaaS) - network access

Modern, high-performance, tunnel-based access to networks, incorporating zero trust enhancements like continuous authorization and device trust.

Cloud Access Security Broker (CASB) - SaaS application access security

Layered security that provides easily managed controls for who can access your SaaS applications, and which devices they can use to connect.

Secure Web Gateway (SWG) - internet threat protection

Protects users from being phished, straying onto malicious websites, or being exposed to ransomware. Optional controls enable organizations to block specific website categories , such as gambling and pornography.


SonicOS Cloud Secure Edge : Feature Guide

 

Cloud Secure Edge - Private

Cloud Secure Edge - Internet


Secure Private Access (SPA) and Secure Internet Access (SIA) SKUs are both available in two tiers: Basic and Advanced. What you get in each:

Secure Private Access Secure Internet Access
Feature Basic Advanced Basic Advanced
Core Capabilities
ZTNA Tunnel (VPNaaS) to enable access to specific networks
ZTNA Proxy to securely connect to internal HTTP applications and TCP services
DNS-Layer Security for Internet threat protection
Cloud Access Security Broker (CASB) to enforce device trust polices for SaaS applications
Advanced Secure Web Gateway (SWG) to filter out malware and other threats hidden in encrypted web traffic
Secure Network Access
Private Networks (RFC-1918 ranges) and domains (internal DNS servers)
Split Tunneling to specific subnets and domains (private or public)
Full Tunneling for all traffic
Network / Layer 4 polices based on CIDRs and FQDNs
Secure Access to Private Resources
Internal Websites access using browser-only OpenID Connect flows
SSH to Linux servers
RDP to Windows machines
Native clients to access database servers such as PostgreSQL and MySQL
Kubernetes client to access cluster
SSH Certificate Authentication, Authorize Principals, and audit logging
Layer 7 policies to access APIs, webpages
Internet Threat Protection
DNS Layer Security blocking domains with malware, phishing, botnet, and other risks
Content categorization
Custom blocking
SaaS Application Security
Visibility into Cloud Applications / Shadow IT
IP Allowlisting for Cloud Applications through SonicWall Edge
Device Trust for Okta
Device Trust for Azure AD
Device Trust for other IDPs such as OneLogin, Jumpcloud
Web Content Filtering Service
URL Filtering
Malware Protection
Users and Devices
Passwordless Authentication via IDP Federation
Policy-enforced access from Unregistered Devices with a trusted device certificate
Clientless access
Service Accounts (API tokens for programmatic access such as scripting and automation through the Data Plane)
SCIM integration to manage user assignments
EDR integrations (e.g. CrowdStrike, SentinelOne, Microsoft Defender)
MDM/UEM Integrations (e.g. JAMF, Kandji, Jumpcloud, Intune, Workspace One)
Visibility and Compliance
SIEM Integration (eg. Splunk, Elastic, Sumo Logic)
Private Network Discovery (non-approved applications accessed by user or devices) n/a
IaaS Resource Discovery n/a
SaaS Application Discovery n/a
Operations and Automation
Private Edge Deployment: Host SonicWall’s identity-aware gateway in your own infrastructure n/a n/a
Services and Support
24x7 Support
Premier Support add-on add-on
Remote Implementation Services add-on add-on


Licensing

Cloud Secure Edge is available for purchase as Secure Private Access (to resources on internal networks) and Secure Internet Access (to resources on the public Internet).

  1. 1. Secure Private Access provides two core capabilities:
    1. Tunnel-based ZTNA (also called Cloud VPN or VPNaaS): Secure network access to specific network segments.
    2. Proxy-based ZTNA: Secure access to private resources such as internal HTTP applications and TCP services.
  2. 2. Secure Internet Access provides three core capabilities:
    1. DNS-Layer Security (DNS): Domain-level threat protection blocking malicious domains and enforcing acceptable use policies.
    2. Cloud Access Security Broker (CASB): Enforcement device trust policies to access SaaS pplications.
  3. 3. Secure Web Gateway (SWG): Web content filtering to block malware and other threats hidden in encrypted web traffic.

Secure Private Access (SPA) and Secure Internet Access (SIA) SKUs are both available in two tiers: Basic and Advanced. Licenses are sold per-user.