SOLUTION BRIEF

Skyhigh Security
Security Service Edge (SSE)
The SSE security service empowering cloud transformation

Our Security Service Edge (SSE) solution is the security fabric

between your workforce and their resources that enables fast
direct-to-internet access by eliminating the need to route traffic
through your data center for security. Data and threat protection
are performed at every control point in a single pass to reduce the
cost of security and simplify your management.

1
SOLUTION BRIEF

Is Your Digital Transformation as Fast • Opening access to corporate resources

and Secure as It Should Be? through unmanaged mobile devices means
that data is being accessed in new ways that
We are in the midst of digital transformation that
are missed by perimeter security.
is reaping tremendous benefits, but also
presenting several substantial challenges. • Traditional security tools are not able to cope
with the 630% spike in advanced cloud-based
• As the workforce adopts a “Work from
and web-based threats.1
Anywhere” model, traditional VPN and MPLS-
connected branch users are only able to
access their critical web and cloud resources
by routing back through their traditional
network infrastructure, which is increasingly
congested and slow.

Corporate Network
Network Security
Applications
Appliances

Private
VPN Tunnels
Cloud
MPLS Lines
Internet

Remote Users Branch Offices

Traffic Flow

Figure 1. Traditional network architecture

1. Source: Skyhigh Security: “Cloud Adoption and Risk Report:

Work from Home”

2 Skyhigh Security - Security Service Edge

 SOLUTION BRIEF

Accelerate Your SSE Adoption with Our Skyhigh Security’s cloud-native Hyperscale

SSE
Security Service Edge (SSE) —
defined by Gartner2— is a
collection of integrated, cloud-
centric security capabilities that
facilitates safe access to
websites, cloud, and
applications. The SSE framework
converges all security services,
including Secure Web Gateway,
Cloud Access Security Broker,
and Zero Trust Network Access,
into a single, cloud-native
framework. This integrated
approach supports the digital
business transformation and
workforce mobility, while
minimizing the impact on
security performance,
complexity, and cost.
Integrated Security Service Edge
Solution
Skyhigh Security SSE solution is the SSE security
fabric that delivers data and threat protection to
any location, so you can enable fast and secure
direct-to-internet access for your distributed
workforce.
As digital transformation creates a shift for
organizations to “Work from Anywhere,” enabling
fast and secure access for your remote workers to
your internal apps and data is crucial. With access
delivered from a secure service edge, you can
protect users and data in new ways; from full
visibility over remote worker traffic, to unmanaged
device control, and cloud-native activity
monitoring.
Unlock direct internet access by seamlessly
routing office locations and remote users through
Cloud Apps
Service Edge—which processes your traffic for
unauthorized access, data risk, and threats from
anywhere in the world—and then directly to the
cloud, eliminating the need to route traffic
through your data center and back out.
• By transforming to a cloud-delivered SSE that
converges connectivity and security,
organizations are then able to reduce cost and
complexity while increasing the speed and
agility of the workforce.
• An SSE architecture delivers complete
visibility and control over data at every policy
decision point, whether it be at the endpoint,
through the web, or in the cloud.
• Threat protection controls that adapt to
changes in risk and context allow for
protection against even the most
sophisticated cyberattacks and data loss.

Web & Shadow Apps Private & Cloud-Developed Apps

& Data
Centers

Mult
tion i-V Pervasive DLP Across
tec ec Endpoint, Cloud and Web
Figure 2. Security Service Edge User & Entity Behavior ro
Analytics (UEBA) Real-Time Collaboration
to
tP

Control
rD
rea

Intelligent Remote Browser

ata

Isolation (RBI) Adaptive Risk-Based

anced Th

Real-Time Emulation Enforcement

Protection

Sandbox (30,000+ Apps Guided

Policy Advisor)
1 B Sensor Global Threat
Intelligence SECURITY
Adv

SERVICE EDGE Data-Aware ZTNA

99.999% Uptime Data-Aware CNAPP
H g SDWAN Enabled Cloud
yp
e

Ultra Low Latency

ers Ed NG Firewall
85+ Global Pops
c ale S ervic e

Managed & Unmanaged Remote Site

Head Quarters

3 Skyhigh Security - Security Service Edge

SOLUTION BRIEF
Deliver SSE with Skyhigh Security SSE
SD-WAN can transform your network with
greater simplicity, cost effectiveness, and user
productivity by simplifying and accelerating the
connections between users and cloud resources.
However, unless it is coupled with a ubiquitous
cloud security platform, traffic must still be
forced back to your data center. But doing this
slows down productivity and doubles down on an
already outdated architectural model.
Skyhigh Security’s Hyperscale Service Edge is
the cloud-native security fabric between your
workforce, WAN infrastructure, cloud services,
and the web. Additional capabilities of our service
edge include:
Over 60 Points of Presence (PoPs) peered with
content providers at global Internet Exchange
Points (IXPs).
Figure 3. SSE direct-to-cloud
transformation Corporate Network
Network Security
Appliances
Private
Cloud
Internet
Internet
4 Skyhigh Security - Security Service Edge
The capability to provide the fastest access to
cloud applications possible, often outperforming
direct-to-cloud access.
A simplified architecture that empowers you to
enable the access patterns of your workforce—
anywhere, any application, and from any device.
Operates at 99.999% uptime to keep your
workforce connected without disruption.
Converge SD-WAN and ZTNA with our cloud-
delivered service edge to simplify your
technology stack so you have less to manage.
Enjoy low latency and unlimited scalability with a
global cloud footprint and cloud-native
architecture. By bringing together Skyhigh
Security SSE in a seamlessly integrated SSE
solution, organizations can reduce complexity
and costs while delivering a blazing fast user
experience.
Applications
SD-WAN
Fabric Links
via Broadband
Internet
IPSec/GRE
Tunnels
SECURITY
SERVICE EDGE
Branch Offices
Traffic Flow
SOLUTION BRIEF

Multi-Vector Data Protection: Data • Shared data protection policies are enforced
Awareness at Every Access Point at every control point, allowing you to easily
decide who can see your data and what they
Cloud transformation has meant that a large
can do with it.
portion of enterprise data now resides and is
being accessed outside of the network perimeter • Unified incident management between con-
and beyond the reach of traditional data security trol points with no increase in operational
controls. Collaboration from the cloud to third overhead.
parties, between cloud services, access by Skyhigh Security SSE draws incident event
unmanaged devices, and devices at home information from all control points into one
connected to peripherals have created new blind management console for a single view of your
spots that typically require multiple fragmented data protection environment. The unified data
data protection solutions. classification and management view delivers
Skyhigh Security multi-vector data protection consistent detection results and prevents the data
provides full-scope data protection for your loss prevention (DLP) security gaps that occur
workforce and eliminates data visibility gaps. when using multiple tools with disjointed policies
Each control point works as part of a whole and reporting. Our solution enables the correlation
solution. of data incidents across all vectors, enabling
administrators to identify signs of potentially
• Data classifications can be set once and
serious attacks.
applied across policies protecting the end-
point, network, web, and cloud.

Figure 4. Skyhigh Security Block upload of Enables transfer of sensitive files to internal recipient
sensitive docs
SSE multi-vector data b & Can’t share with unapproved 3rd parties
We San
protection use cases isk ps ctio
i u m R w Ap ned
d o Saa
Me Shad S

G CA
SW SB
Shado k Web &

Enable email of sensitive files

ps

Block or limit access to

w Ap

to internal recipient
risky sites and enforce
Email

Can’t share with unapproved

Ris

tenant restrictions
CASB
SWG

3rd parties
High

User
P
DL
CN

nt
AP

oi
dp
P

rk
wo
En

Network DLP
et
lN

CSPM and CWPP Prevent copy to cloud

ca
Iaa

Lo

In-tenant scans prevent personal apps, USB, print,

S

&

malware and data loss screen capture, etc.

es
vic
De

Corporate Data Center

Prevent file uploads and

emails to unauthorized
sites or parties

5 Skyhigh Security - Security Service Edge

SOLUTION BRIEF
Defense Against Cloud-Native Threats
and Advanced Malware
As valuable resources have shifted to the cloud,
threat actors have followed. New methods of
attack are emerging that leverage the features of
cloud providers to fly under the radar while
searching for and stealing information.
Additionally, the advanced malware and
malicious code used in fileless attacks remain an
evolving threat. New protection methods are
needed to detect and block these threats without
impacting end-user productivity. Skyhigh
Security’s integrated SSE solution defends
against cloud-native threats, advanced malware,
and fileless attacks with an array of traditional
and state-of-the-art threat protection capabilities.
These defenses mitigate the risk of attack and
data loss as your enterprise transforms its
network and productivity tools into cloud-based
services.
Figure 5. Security Service Edge
threat protection including
Remote Browser Isolation
Safe Risky
Content
Filtering
6 Skyhigh Security - Security Service Edge
User and Entity Behavior Analytics (UEBA) finds
threats that traditional technologies miss by
monitoring cloud activity across all your cloud
services and refining millions of events to identify
anomalies and threats in your environment. These
anomalies are correlated to DLP incidents, cloud
configurations, and app vulnerabilities to create a
pre-built view of cloud-native attacks using the
MITRE ATT&CK framework.
Any malware that attempts to land on your
endpoints meets a rigorous, line-speed inspection
path that includes the industry’s most accurate
real-time emulation sandbox. In cases where
attacks forego malware in favor of zero-day
exploits or fileless attacks that leverage operating
system commands or website code, users
automatically enter a Remote Browser Isolation
session, allowing for full use of the web with zero
possible infection.
Additionally, all events can be shared with third-
party SIEM solutions to empower security
operations teams.
Reputation
Global Threat Intelligence
Anti-Malware
Emulation
Sandbox
Remote Browser
Isolation
DLP Scanning
Activity Controls
Tenant Restriction
SOLUTION BRIEF
Skyhigh Security Private Access—
Industry’s First Sensitive Data-Aware
ZTNA
It’s important for users to have access to internal-
facing, private apps that often contain sensitive
information. Virtual Private Networks (VPNs) have
traditionally been used for this, but they suffer
from performance and scalability issues, and
make it difficult to enforce tight security controls.
While traditional Zero Trust Network Access
(ZTNA) solutions provide fast, direct access to
private assets while employing granular dynamic
access policies that prevent oversharing or lateral
movement, they lack stringent data protection
controls to secure the sensitive data hosted
within those assets.
Skyhigh Security Private Access secures access
to private applications from any location and
device, and controls data collaboration with
integrated data loss prevention (DLP). Our Private
Access performs continuous risk assessment of
the connecting devices by deriving enhanced
posture information providing blazing fast, “least
privileged” access to private applications through
a cloud-native hyperscale service edge.
7 Skyhigh Security - Security Service Edge
Cloud Firewall—Secure All Non-Web
Traffic for Remote Users and Sites
The proliferation of remote sites and users has
challenged security practitioners to secure the
non-web and non-cloud traffic. Backhauling
every connection to centralized datacenters for
security inspection leads to network latency and
affects the user performance.
Cloud Firewall extends next-generation firewall
(NGFW) capabilities to remote users through a
cloud-delivered service model, securing local
internet breakouts across all ports and protocols.
The solution includes a sophisticated policy
engine offering contextual awareness and a next-
generation intrusion prevention system (IPS) with
superior IPS efficacy, while offering end-to-end
traffic visibility for troubleshooting and optimizing
the network issues.
Skyhigh Security Private Access and Cloud
Firewall converge with our Security Service Edge
solution, offering organizations an all-
encompassing, cloud-delivered solution for
accelerating their business transformation.
SOLUTION BRIEF

About Skyhigh Security

When your sensitive data spans the web, cloud
applications, and infrastructure, it’s time to
rethink your approach to security. Imagine an
integrated Security Service Edge solution that
controls how data is used, shared, and created,
no matter the source. Skyhigh Security empowers
organizations to share data in the cloud with
anyone, anywhere, from any device without
worry. Discover Skyhigh Security, the industry-
leading, data-aware cloud security platform.

Learn More
For more information visit us at skyhighsecurity.com

6220 America Center Drive Skyhigh Security is a registered trademark of Musarubra US LLC. Other
San Jose, CA 95002 names and brands are the property of these companies or may be claimed
888.847.8766 as the property of others. Copyright © 2022. March 2022
skyhighsecurity.com