We shared an overview of Banyan Security’s latest product offering, a Security Service Edge composed of: ZTNA (Zero Trust Network Access), SWG (Secure Web Gateway), CASB (Cloud Access Security Broker) and VPNaaS (VPN-as-a-Service) with Chase Cunningham, a.k.a. Dr. Zero Trust and asked him to give us his thoughts. Below you will find a video of Chase walking through the latest set of capabilities and offering his thoughts and insights along the way.

Key Takeaways

Chase Cunningham, aka Dr. Zero Trust, former analyst and retired Navy Chief Cryptologist reviews Banyan’s Security Service Edge and calls it “super cool stuff”. Having seen dozens of solutions over the years as an analyst, Chase has a keen eye for simple and clear solutions that eliminate risks. The always-on model means “you can’t screw this up” and the latest offering provides easy and secure productivity for your modern workforce “in one package”. Spend a few minutes seeing Banyan’s SSE in action as Chase gives his unbiased play-by-play analysis.

Transcript:

Okay. Howdy. Back on another one. This is Chase Cunningham, Dr. Zero Trust.

I’m going to run through some stuff that Banyan Security sent me. They were one of the first ones that sent over one of their new 2023 offerings. And, this is, as always, an unbiased analysis of what they’re doing. I don’t have this product. I’m going through what they’ve provided me, and I’m gonna talk through it.

Now, I think, one thing to immediately take away is that, it’s clear enough that just looking at this, I can understand what’s going on. I think you can, too. So, let’s get started and go through this together.

So, this would be an internal webpage. And I believe what we’re gonna see here is that this, Banyan showing, look, here’s a ZTNA method for getting to internal resources. Now, an interesting point to take away really quickly is that, you notice that it says right there, “Sign in to applications and services.” They’re offering an “always on” solution because what you notice is the client there is not actually logged in. So, it shouldn’t be able to get to an internal resource. But the value proposition is, you can and this is set up to where you, honestly, kind of can’t screw it up. So, watch. So here’s the client, the Banyan Security piece. Now, it’s also useful to note what they’re showing us here. And this is in plain English. This is why I say anyone can understand this. It tells you the Device Trust Level. And this is really good because a lot of times when we’re having, folks access resources, we don’t know how safe their device is; if it’s hacked, or patched, or whatever else. This is a clear way to say, your device is either patched, or not patched, or has malware, et cetera, et cetera. And you can also see, you’ve got SentinelOne there and CrowdStrike. So, it’s checking the device to say, make sure that it’s healthy.

And so, now, they are going to access the resource would be my guess. And it says, “Mac operating system okay.” Et cetera, et cetera. It’s nice that it’s color coded too; green, red; that always makes it clear. So, here we go accessing an internal webpage. And it looks like that’s a trial. There you go. So, this is just an internal, website -word press thing. But the point is, I am  able to get to the resource super clean, super fast. Notice they didn’t enter any passwords. Now, here’s a Dropbox, a different application, I am entering the username and I don’t think they’re gonna enter a password, ’cause one of the things about this offering is passwordless, which is pretty slick. So, single sign-on is there. Cool. Click the continue button and it’s gonna get to that resource. And there you go. I don’t see a password prompt anywhere signing in. And you’re doing additional, out of band stuff, and there they go, they got to their resource. Pretty cool. I didn’t see passwords, didn’t see additional logins, and Banyan Security is constantly checking the device for health trust.

The Device-centric Security Service Edge

So, now, I’m actually logging into the client. The client’s doing its thing, login successfully! Okay. So, now you can use this from your desktop menu bar, et cetera, et cetera. It looks like one little clip thing. It happens. Any time you release new products, there’s always a blip here and there. But I applaud Banyan Security for having the intestinal fortitude to say, “Look, we’re fixing this little blip as well. No big deal.” There’s all the resources, favorite services. You can see web, SSH, RDP, database, TCP. Easy to connect, easy to understand what’s going on. Green, yellow, red; it’s all super clear. There’s some websites that they’ve got. And infrastructure pieces, so you could access those, as well. It’s not that there’s just a click and connect or whatever else. Like that, that makes it simple to understand what you’re doing and where you’re going with it. And the protocols listed at the top are also valuable.

Now, they’re RDP-ing into a dropbox. Uh, here we go, Dropbox, RDP. Notice again, no password. Cool. And there they go, they got to the resource. Oh, so, slick. And it looks like, now, we’re going to run something. Okay, device health trust is still high. Everything is still good. Life is great. Greens across the board. And now, oh, they’re running a bit-mining script, so this is a malware bit-miner that you wouldn’t want running on a corporate resource, or any resource, to be perfectly frank. So, watch that do its thing. And everything is still green. And unpacking, doing what they do. And it looks like it’s connecting. Service starting. Bingo. And now, that device is getting booted off of that resource on its own, auto-magically. And there you go.

Now, their device trust level has changed. It’s red. Red means not good. And you can see down there where it says, “Your access is restricted.” Tells you what’s detected, and it tells you what to do. So, Banyan Security identifies a problem, finds a problem, tells you how to fix this problem, and then you go on about your day. And it’s in plain English. Literally, it says, “Do this thing to fix the problem.” And you could always Google that to get the extra answers if you needed to, but the point is, you got to the resource. Or you were booted off the resource when something occurs that’s malicious in nature.

And it didn’t make the user’s life miserable. So, there! They are booted off of those other resources, as well.

So, in one fell swoop, everything that shouldn’t be allowed, or is potentially risky, problem solved. That’s really slick. And now, we’re going to reset that bit miner. Everything’s back to normal. Nobody’s compromised. And there you go. Looks like… Yep, back to the RDP session. So, slick. Let’s see if the device trust level changes here as well. Yep, there you go. Wow. So, that’s a combination of resources all put together; ZTNA, internal resource stuff, device health checking, malware defense, integration with SentinelOne and CrowdStrike, as well. And basically, taking care of the user as they’re accessing resources. And it just did what it needed to do. This was a scalpel type of fix instead of a sledgehammer, so that’s good.

Now, back to not logged in anymore. And this is the browser isolation piece, which is kind of the combined offering. So, you got, like, SWG (Secure Web Gateway), browser isolation, ZTNA (Zero Trust Network Access), all those things put into one package. And here you’re saying, don’t go to Spysurfing. Probably don’t go to FanDuel or, you know, whatever else is not safe for work. Whatever. If  people slide by controls using Google Translate, it does happen. But that’s really the crux of it. So, that’s, that’s super slick.

I applaud Banyan for putting this stuff out there. They’re taking capabilities and putting them into a stack, which is what everybody wants, and then they’re making it where it’s understandable, it’s clean, it’s concise. There’s color coding, and you know who does what, where. And if there’s a problem, they identify the problem, notify, boot the user off of where they shouldn’t be going to, to eliminate the risk, and then, tell the user how to fix it. Then, you get back in, and the device is trusted, and everyone goes on about their day.

So, super cool stuff. Banyan, thanks for sharing this with me. Folks, if you’re looking for these types of stack solutions, talk to Banyan Security.

author avatar
Chase Cunningham