“We’re a full Layer 7 proxy. We decrypt and re-encrypt at the edge of everything,” Tremante explained.
For employee traffic, the discovery mechanism works through either DNS resolution or full proxy capabilities. “Once we’re proxying traffic, we don’t actually differentiate who’s on the other end of that connection,” he said. “It can be a SaaS application, a custom-built internal application… as long as they’re speaking the protocols we understand.”
Why the network has upper hand for security posture management
Managing SaaS-based application security can be particularly complex. Most SaaS vendors already have integrated various access and security controls, but there is still more that can be done at the network layer.
Tremante noted that, for example, if an organization is using Microsoft 365, there are a series of specific controls within the provided dashboard which are more specific to that environment.
“If you’re in a security team and you want to make sure that only a subset of your employees are accessing Outlook or Microsoft 365, and that no content going towards Outlook is malicious so you want to block it upfront before I even reach the Outlook service, the network has an upper hand, because we’re the full proxy,” he said.
Getting ready for PCI DSS 4.0 compliance
The platform also addresses compliance requirements by automatically identifying potential issues.
