Skyhigh Security Service Edge is a cloud-native security platform that enables consistent threat and data protection controls from device to cloud.
SSE creates an efficient and consistent security management experience by bringing together multiple Skyhigh Security products, components, and technologies on Skyhigh CASB.
SSE is available in two separate propositions.
- Skyhigh Security Service Edge Base brings together three core technologies:
- Skyhigh CASB — The direct API and reverse proxy-based visibility and control for cloud services that the Skyhigh CASB product provides.
- Skyhigh Security Web Security Gateway Service (WSGS) —
- The forward proxy-based visibility and control over web traffic provided by Skyhigh Security Web Security Gateway Service (WSGS)
- The location awareness and traffic redirection features provided by Client Proxy software installed on your endpoints.
- The mobile device protection feature provided by Skyhigh Mobile Cloud Security Client.
- Data protection — Unified enforcement of data protection policy across cloud and web using one console to manage classifications, incidents, and reporting.
- Skyhigh Security Service Edge Advanced contains all features of the Base proposition, and also includes access to Data Loss Prevention Endpoint (DLP Endpoint) and Skyhigh CASB for Sanctioned SaaS. For details of the DLP Endpoint and Skyhigh CASB SaaS capabilities, see the specific product documentation.
SSE combines Skyhigh CASB and WSGS technologies, working together to protect data from device-to-cloud, and to prevent cloud-native breach attempts that are invisible to the corporate network. This creates a secure environment for the adoption of cloud services and enablement of access to the cloud from any device.
With SSE you can achieve:
- Consistent visibility and control over data from device-to-cloud.
- Unified access control and threat protection for the cloud and web.
- Cloud-native and direct to cloud architecture with enterprise scale and resilience, with service availability of 99.999%.
Use Skyhigh CASB to set up how users in your organization authenticate and connect to Skyhigh Security WSGS. WSGS protects your organization from security threats that arise when users in your organization access the web, through in-depth content scanning and integration with other Skyhigh Security web security technologies. It:
- Scans and filters web traffic between your users and the cloud.
- Blocks traffic that is not allowed by the policies you configure.
- Protects users working inside or outside your network, for example users working in a coffee shop or hotel.
SSE also brings together the management of Client Proxy to redirect, block, or permit web traffic according to web policy. Client Proxy helps protect users from security threats that arise when they access the web from inside or outside your network. The client software, which is installed on endpoints running Microsoft Windows or macOS, redirects web requests or allows them to continue to a proxy for filtering. Client Proxy allows or redirects web requests from users based on policies that you configure.
Mobile Cloud Security
Skyhigh Mobile Cloud Security Client redirects web traffic from mobile devices to Skyhigh Security WSGS to be filtered. You can also configure authentication methods for multiple sites, with support for SD-WAN vendors using either dynamic IPsec or GRE secure tunnels, and set up where web access data is stored and reported.
Use Skyhigh Security Service Edge to protect your organization from security threats that arise when users in your organization access the web, by enforcing web policy, setting and applying rules to take action when certain conditions for web traffic are met.
Policy is enforced by rules, which are grouped into rule sets. These act on web traffic when a rule is applied, blocking, permitting or skipping specific actions, such as uploads or downloads.
SSE also uses the web features of WSGS to detect threats, including malware, spyware, viruses, and ransomware.
Remote Browser Isolation
Remote Browser Isolation protects users and secures the corporate network from potential threats by isolating browser sessions in a remote virtual environment outside the network. Web sessions are rendered to users as images, video, or audio, and nothing potentially malicious is returned to the end browser.
The controlled algorithm determines whether a website should be isolated, in line with your own existing policies. SSE also allows you to control how isolation works based on your own criteria, with Full Isolation capabilities. Remote browser isolation is controlled by web policy rules.
Use Skyhigh Security Service Edge to protect against data loss from the cloud by classifying sensitive data and applying those classifications to policies that trigger actions and generate incidents when sensitive data is identified, enforcing consistent behavior.
Manage and edit these classifications in a single location, and apply them to both cloud and web data protection policies. These classifications define sensitive data using classification criteria including keywords, file size, types or extensions, among others.
When a user tries to download, share, or upload sensitive files or data that meet one or more of these criteria, the classification is triggered and the policy defines the appropriate action to prevent a data breach, and generates an incident. Details of these incidents, including their severity and information about where and how they were generated, are viewed and managed in Skyhigh CASB.