The first quarter of 2024 has been an exciting time for Banyan Security. Since joining SonicWall, we have continued to update and develop our innovative Security Service Edge (SSE) solution. 

Below, you’ll find highlights from the releases that have gone out in Q1 of 2024. You can also find past release notes and other product documentation here.

Generally Available Features

Here are some of the highlights from our GA feature releases thus far in Q1 2024:

• Enable Private Resources Discovery

• • • Admins can enable private resource discovery in the Advanced Settings of their Access Tier configuration. Once enabled, private resources will be displayed in the Discovery section of the Command Center.

• Encrypting DNS via DoT

• • • With Banyan app versions 3.14+, devices’ DNS requests are resolved over TLS by default, and these requests are encrypted.

• Auto re-enablement of ITP

• • • Now, when an end user disables ITP enforcement from the desktop app, ITP is automatically re-enabled after 1 hour.

• Cloud Command Center User Interface (UI) Re-design

• • New navigation categories include Private Access, Internet Access, and Trust.

Early Preview Features

Get a sneak peek of what’s coming for the Banyan Security product, and be among the first to experience the new enhancements:

• [INTERNET ACCESS] Enable URL Filtering

• • • Admins can now inspect host URLs within domains that are not considered threats. They can also configure URL filtering within ITP settings using a PAC file that contains URL inspection rules.

• Event Charting

• • • Admins can now view trends related to user access and service usage within Banyan. Event charting provides a visualization of events within the Command Center.

• Support for Oracle Linux in the OS Version Trust Factor

• • • Banyan now supports Oracle Linux 8 and 9 as values in the OS Version Trust Factor.

• Create a Custom Public App

• • Admins can now define public apps that Banyan has not already pre-populated in the App Discovery list in the Command Center. This new feature allows admins to easily surface, secure, and monitor apps that are critical to their business.

Enhancements & Updates for Q1 2024

Some helpful features have been included in the Q1 2024 releases to help you optimize your time and improve your workflows:

• [INTERNET ACCESS] Active Roles in Internet Threat Protection (ITP) Policies

• • • Roles used in ITP policies now show as Active.

• Terraform Exemptions

• • • Terraform now supports exemptions within service configurations.

• Simplified Silent Cert Authentication

• • Silent cert authentication now works directly through the API in organizations that have the silent cert auth flow configured; admins no longer need to maintain the mdm-config file for this flow to work.

Test drive these new features with Team Edition

Are you ready to explore the latest features from our Q1 in 2024? Test drive the Security Service Edge (SSE) capabilities of the Banyan Security | SonicWall solution with our Team Edition — it’s free! 

Experience the full range of features available at your fingertips. See why so many organizations have chosen our comprehensive SSE and Zero Trust Network Access (ZTNA) security solution. Get access to Team Edition.

In the rapidly evolving digital infrastructure landscape, companies are continually searching for solutions that not only provide robust security, but also offer the flexibility required to adapt to dynamic business needs. Banyan Security’s innovative Flexible Edge was created to be able to simply answer “Yes” when asked if our solution fits into an organization’s deployment scenario. This transformative technology not only addresses the limitations seen in other vendors’ offerings but also introduces a new era of connectivity that seamlessly combines flexibility and security.

Limitations of Other Vendors

Many vendors in the market provide connectivity solutions, but a common theme among them is a lack of flexibility. These vendors typically offer a singular means of connecting to their infrastructure and services, limiting the adaptability of organizations. Furthermore, the reliance on a single traffic flow can lead to potential security concerns, as traffic may need to be decrypted at certain points.

Another drawback with some vendors is the restriction to specific points of presence (PoPs) within designated cloud service providers (CSPs). This limitation can hinder organizations that require a more diverse and distributed network. Additionally, some vendors may confine their PoPs to a limited number of data centers, restricting the geographical reach of their services.

Flexible Edge: A Paradigm Shift

Banyan stands out by introducing the concept of Flexible Edge, which goes beyond the constraints imposed by other vendors. This innovation encompasses both Global Edge and Private Edge, providing unparalleled flexibility in connectivity options.

Global Edge

Banyan’s Global Edge facilitates quick connector deployments in a matter of seconds.

This agility in deployment ensures that organizations can establish connections rapidly, responding to the need for swift and efficient deployments. The flexible nature of Global Edge also allows for the deployment of Access Tiers and Connectors anywhere, empowering organizations with a truly global reach.

Private Edge

On the other hand, Private Edge emphasizes security, offering a more robust and controlled environment for deployments.

With Private Edge, organizations have the ability to maintain full control of the data plane, enhancing privacy and ensuring that traffic is not unnecessarily inspected in the vendor’s cloud. This added layer of security is crucial for organizations dealing with sensitive data or operating in regulated industries.

Enhancing Security Through Flexibility

Banyan’s Flexible Edge not only provides unprecedented flexibility but also enhances security in the process. By offering the option to choose between Global Edge for faster deployments and Private Edge for more secure deployments, Banyan empowers organizations to strike the right balance between speed and security.

The ability to deploy both Global Edge and Private Edge simultaneously sets Banyan apart from other vendors. This unique feature enables organizations to achieve the fastest productivity while seamlessly transitioning into the most secure deployment. In an era where the cybersecurity landscape is constantly evolving, having the ability to adapt without compromising on security is a significant advantage.

Simplicity Redefined with Flexible Edge

In addition to its groundbreaking capabilities, one of the most compelling aspects of Banyan’s solution is its user-friendly interface (try a self-driven demo here). The ease with which organizations can implement and manage Flexible Edge makes it a viable choice for businesses of all sizes. Banyan has successfully combined advanced technology with simplicity, ensuring that even non-technical users can harness the power of Flexible Edge without extensive training.

Moreover, unlike some vendors, Banyan doesn’t charge based on the type of edge used, connectors, gateways, or throughput. This means deploying a leading solution while significantly saving an organization time and money.

Flexible Edge is not just a connectivity solution; it’s a paradigm shift in how organizations approach secure and flexible connectivity. By addressing the limitations seen in other vendors’ offerings and introducing a unique blend of flexibility and security, Banyan has positioned itself as a leader in the industry. As businesses continue to navigate the complex landscape of digital transformation, having a solution that provides both speed and security is not just an advantage – it’s a necessity. Banyan’s Flexible Edge meets this demand head-on, setting a new standard for what organizations can achieve in the realm of secure connectivity.

November 2023 has been a busy month for the Banyan Security product and development teams, and we’re excited to share some highlights from our recent product updates. We’ve boiled down key pieces of information from our October and November release notes. We also welcome you to subscribe to our updates so you can stay informed of what’s new and what’s ahead on the Banyan Security roadmap.

Highlights from our October and November releases can be found below (you can also find past release notes here):

Generally Available Features

Some exciting GA features have been released over the past few months. Here are some of the highlights from our October and November GA feature releases:

• App-based routing for Service Tunnel
• • • Admins can now configure specific apps to tunnel through or block from their Service Tunnels.

• Zero Touch Install for Chrome Browser extension

• • • Banyan Security now supports zero touch installation for the new Chrome Browser extension.

• Private Resource discovery

• • • Admins can now view a comprehensive list of private resources (including domain name, IP address, and port) accessed via Service Tunnel by users in their organizations.

Early Preview Features

Get a sneak peek of our early preview features! Take a look at what’s coming for the Banyan Security product, and be among the first to experience the new enhancements:

• Security Actions for Public Apps
• • • Discovered public apps now offer guidance on Security Actions admins can take; Security Actions are specific to the app.
    • Security Actions include guidance on configuring ITP policies, DLP policies, Banyan IDP federation, and routing via Service Tunnel.

• AI-Assisted Admin Search
• • • Admins can now use Banyan’s AI-Assisted Admin Search in the Command Center to perform quick searches related to the Banyan Security product.

Enhancements & Updates for November 2023

Valuable tools and features have been included in the November 2023 release. These feature enhancements should help you optimize your time and improve your workflows:

• Let’s Encrypt Wildcard Support
• • • Admins can now protect multiple hosted websites with a single wildcard Let’s Encrypt certificate, procured and managed by Banyan Security.

• Terraform Import Tool

• • • A command-line utility that allows admins to import existing resources from the Banyan API and generate Terraform configuration files for managing those resources.
    • This tool simplifies the process of managing Banyan Security resources through Terraform, making it easier for admins to automate infrastructure setup.

Test Drive the New Features with Team Edition

Are you ready to explore the latest features available in our November 2023 release? Try out the device-centric and SSE capabilities of the Banyan Security solution with our Team Edition — it’s absolutely free! 

Take a test drive and see the full range of features available at your fingertips. See why so many organizations have chosen Banyan Security for a comprehensive SSE and ZTNA security solution. Give it a try and see the powerful result. Get access to Team Edition.

July 2023 welcomed several updates to our Banyan suite of Security Service Edge solutions. Below, you’ll find detailed release notes and we welcome you to subscribe to our updates to stay informed of what’s new and what’s coming. Find our July 2023 release notes below:

Generally Available Features

• Netagent Health Check:
  • New health check endpoint that provides a real time indicator for the status for the Netagent and preliminary stats that can be used to evaluate performance.

Enhancements & Updates

• Session Expiration Timer
  • Renew your session early to avoid losing work due to expiration.

• Added Trust Factor information in Log Events
  • View passed and failed trust factors in each Trust scoring log event

Component Versions

* Updated in the latest release

Try our device-centric SSE solution for free with our Team Edition.

It’s widely recognized that change is a universal constant and nowhere has that been more apparent than in the dramatic changes we’ve seen over the last few years in the composition, complexity, and potential of the modern workforce. We now take for granted that our workforce needs to be able to securely access applications, resources, and corporate infrastructure from anywhere if they are going to be productive. The concept of a well-defined network perimeter has disappeared and we are now left with the reality that the “device” is the new perimeter and the cloud is the backbone of most company’s infrastructure. What has not kept pace with the rapid evolution in the way that a modern enterprise is constructed is the architecture that we use to secure our data, IP, and brands. It is time we realized that to unleash the productivity of the modern workforce, we need an architecture that was purpose built to take advantage of this changing environment. Now is the time to embrace the security and productivity benefits that can only be offered through a device-centric SSE solution.

Evolution of the enterprise workforce.

Within the last five years we have all seen a dramatic change in how business is done by companies around the world. They have evolved in many ways, and taken together these fundamental changes have laid to rest the idea of a traditional network perimeter.

For example, we have embraced the rise of mobile and remote workforces. With the advent of mobile devices and the ability to work remotely, employees no longer need to be physically present within the company’s network perimeter to access company resources. This means that traditional network security measures such as firewalls and legacy VPNs can no longer provide security against the myriad of threats present in this new landscape. This also renders on-premises solutions such as network access control (NAC) and switch-based VLAN segmentation useless.

Another sea change is the universal adoption of cloud services. Most forward-looking organizations now rely on cloud services to store and manage their data, which means that the data is no longer contained within the company’s physical network perimeter. This presents several important benefits to companies, but it also requires a different mindset to effectively implement security policies and protect against the evolving threat landscape.

Finally, we need to consider the impact that reliance on third-party relationships can have on providing enterprise security. Many companies now rely on third-party vendors and contractors to provide mission-critical services and support. While these third parties have their own networks and security measures, given the external nature of the systems, the exact manner and depth of security is often unknown, meaning that vendor’s data and resources may be accessed from a breach that takes place outside the company’s network perimeter.

Zero trust security has just recently become a critical business process.

The concept of zero trust was introduced in the early 2000s but its profound importance in providing enterprise security is not yet fully understood. It was not until the early 2010s that zero trust solutions began to address the internal threats that arose due to changes in the workforce. This was when focus shifted to protecting individual assets and data within the network, rather than trying to secure the network perimeter. During this time, the development of solutions providing access control and authorization policies to verify the identity and trustworthiness of users and devices before granting them access to resources came online.

More recently we have seen a phase of zero trust solutions that are characterized by the adoption of cloud computing, mobile devices, and BYOD policies. As a result, security solutions needed to be agile and flexible, allowing users to access resources from anywhere and at any time. The focus shifted to identity and access management (IAM) solutions that verified user identity and context-based access policies that controlled access to resources based on the user’s role, location, and device.

Finally, the most recent phase of providing zero trust solutions is focused on Security Service Edge (SSE) solutions. With the proliferation of cloud applications and IoT devices, security solutions need to be deployed at the edge of the network, more specifically on the devices, where data is generated and consumed. SSE solutions are designed to provide security services such as authentication, encryption, and access controls at the network edge, rather than centrally. This approach provides the promise of being able to provide secure access to resources from anywhere, at any time, and from any device, without compromising security.

What are the critical components of a modern SSE solution?

There are four crucial capabilities that form the core of SSE technology. These capabilities include: cloud-based VPN (VPNaaS), Zero Trust Network Access (ZTNA), Cloud Access Security Broker (CASB), and Secure Web Gateway (SWG).

VPNaaS is a cloud-based virtual private network (VPN) service that allows users to create a secure connection to a remote network over the internet. It is a subscription-based service that can easily scale up or down based on your business needs, without having to invest in new hardware or software. Banyan is able to leverage its patented zero trust architecture to take VPNaaS further than other vendors, allowing it to take advantage of core zero trust features like continuous authorization and device trust. Zero trust is a security model that assumes all users, devices, and applications are untrusted until they can be verified and authenticated. This means that access to resources is only granted on a need-to-know basis and after a user’s identity and device have been verified.

Zero Trust Network Access (ZTNA) is a security approach that provides users with secure access to specific applications and resources, regardless of their location. With ZTNA, every user must go through a strict authentication and authorization process before accessing any resource or application. This ensures that only authorized personnel can access sensitive data and applications, thereby preventing cyberattacks.

Cloud Access Security Broker (CASB) is a security technology that provides visibility and control over cloud-based applications and services. It allows organizations to enforce security policies for data access and usage, preventing unauthorized access or data leakage. CASB can also help organizations identify and mitigate risks associated with cloud applications and services, thereby ensuring data privacy and regulatory compliance.

Secure Web Gateway (SWG) is a security technology that helps organizations protect their network and users from web-based threats, such as malware and phishing attacks. It acts as a filter that blocks malicious websites and content from entering the organization’s network. Additionally, SWG can also provide organizations with visibility into their web traffic, which can be used to enforce compliance of acceptable use policies and detect any suspicious activities.

Overall, these four SSE capabilities are critical components that help organizations build a comprehensive security strategy that addresses threats at the network, application, and cloud levels. By leveraging these capabilities, organizations can create a secure and resilient infrastructure that protects against cyber threats while enabling business agility and growth.

Effective SSE solutions require a radically different architecture – the benefits of a device-centric solution

Given the radical changes in the computing environment and workforce composition, trying to take legacy security solutions purpose built for a simpler time, and incrementally evolve them for today’s setting is guaranteed to fail. Vendors must take a step back and architect solutions that are appropriate for the modern enterprise. Banyan Security embarked upon this journey 6 years ago, and the result is a new class of SSE solution built with an understanding that the device is the new edge. The implications of a device-centric SSE product are profound and provide organizations with considerable benefits that simply are not achievable using legacy architectures. The four most important benefits include:

Improved User Experience

Localized intelligent decision making minimizes latency and results in a better user experience. Rather than forcing organizations to ship all traffic to the cloud for inspection, a single, intelligent application on each device makes the optimum access and security decisions. Coupling faster decision making with an always-on approach minimizes potential gaps for advanced threats to exploit.

Better Enterprise Security

The Banyan SSE solution includes multiple layers of security, providing least privileged access for users regardless of location. Additional security is provided by incorporating real time, continuous authorization using advanced risk modeling based on device, resource, and threat profiles. Together these features provide superior threat protection and automated threat remediation.

Lower Total Cost of Ownership

A device-centric Security Service Edge is significantly easier to set up and deploy for most organizations. Rather than having to configure complex network environments to support the analysis and routing of user traffic, users can be provided secure access quickly and easily through intuitive selections made in the Banyan admin console and executed locally on end-user devices. Advanced discover and publish capabilities further simplify deployments and result in much lower total cost of ownership for an organization versus legacy solutions.

Deployment Flexibility

The Banyan Security SSE solution architecture provides additional benefits for organizations that are concerned with data privacy and security. Unlike other SSE solutions, the Banyan Security Platform can be configured to route encrypted traffic through either the Banyan cloud infrastructure or directly through a service installed and maintained in the organization’s infrastructure. This capability allows the freedom to address the needs of all regulatory or security-conscious environments.

With the network perimeter blurred, users working from anywhere, resources spanning on-premises, hybrid and multi-cloud environments, and the internet carrying the majority of an organization’s traffic, it’s clear that a new approach is needed to effectively secure organizations and their users. It’s also clear that successful solutions must ensure administrative ease of management as well as end-user ease of use. Security does not have to come at the expense of usability. Only in this way will the modern workforce be truly safe and productive.

To learn more about device-centric SSE and the Banyan Security Platform, please visit: https://www.banyansecurity.io/product/.

How do system admins protect their company’s sensitive data, which is hosted in multiple environments and accessed by employees and contractors in changing locations?

This is what Banyan’s ZTNA solution allows admins to do. And now, we’ve made it even easier for admins by streamlining the steps required to install the brain of our ZTNA solution: the Access Tier.

Here, we’ll explain what our Access Tier is, what it does, and how easy it is to install one in your organization.

What is an Access Tier?

The Access Tier acts as the data plane of Banyan’s ZTNA solution; it works in conjunction with Banyan’s Cloud Command Center, which can be thought of as the control plane, where admins can centrally manage security policies and events in their org.

Technically speaking, the Access Tier is an identity-aware proxy (IAP) that securely mediates access between entities on the internet and internal services. Each Banyan Access Tier has a public IP address that is reachable from the internet and able to accept inbound connections. Banyan’s Flexible Edge architecture allows customers to deploy an Access Tier inside their private network on their org’s own private server (aka Private Edge) if they want to manage the data plane or they can alternatively opt to have Banyan manage the Access Tier (aka Global Edge).

Introducing a streamlined, self-serviceable installation flow

In our November 2022 release of Access Tier v2, we introduced a guided installation and configuration flow. Now, only three simple steps are required to launch orgs on their zero-trust journey:

1. Configure – Here, admins define the list of private CIDRs that will be exposed (via the Access Tier) as well as any domains that will resolve via private DNS.
2. Install – Installation methods (Docker Container, Tarball Installer, Deb/RPM Package, AWS CloudFormation, and even Terraform*) are now available selections in the new installation flow, and steps required to complete installation are embedded right into the Cloud Command Center’s UI.
3. Validate – In this final step, admins can ensure that they’ve successfully established end-to-end connectivity from devices to private resources within the network.

*P.S. Here’s a secret tip…

If you want an unbelievably fast and easy deployment experience, try installing the Access Tier using the new Terraform module – this leverages Infrastructure as Code and doesn’t even require use of our Command Center’s UI. With Access Tier v2, this method brings substantial cohesion to the overall deployment process, and it requires minimal parameters.

Centralized manageability from the Cloud Command Center

Managing Access Tier settings and configurations, post-installation, has also been shifted to Banyan’s Cloud Command Center. This allows admins managing their own org’s Access Tiers, or MSPs managing their customers’ Access Tiers, to do so from a central, highly visible location.

Access Tier Advanced Settings

Hopefully I’ve shown just how easy it is to deploy Banyan’s ZTNA solution. To learn more about the Access Tier, visit here.

Banyan Security is ecstatic to introduce phase 2 of our Granular Trust Scoring (GTS) feature set. Phase 2 includes the ability to create a Trust Profile. Trust Profiles allow an admin to assign trust factors to different groups of devices, with available assignment criteria of; user groups, serial numbers, operating systems, MDM management, and device ownership.

The F.A.C.T.S.

The term ‘trust’ is a cemented industry concept within IT organizations used to describe the backbone of Zero Trust Architecture (ZTA). Afterall, security and networking teams have been devising methods to trust devices for years.

With ZTA, trust isn’t so straightforward. You cannot simply place computers into a secured network and call it a day as it violates the fundamentals of ZTA. Instead, ZTA warrants the need for organizations to collect signals from devices, users, applications, etc. to determine the trust of the devices registered to the organization.

As a result, Banyan introduced Trust Scoring to alleviate ambiguity of ‘trust’ as organizations adopt ZTA throughout their own ecosystem. As we spoke with adopters of our trust scoring process, we realized some F.A.C.T.S about trust:

Flexibility

Analysis of Trust Factors must be flexible. Organizations can’t globally adhere to Trust Factors as IT organizations manage a multitude of versions of devices and employee types (vendors, contactors, etc.) that require unique rulesets.

Applicability

Trust factors must be useful in determining the trust of a device. For example, it’s useful to know which factors apply only to mobile devices (e.g., Not Jailbroken) and which only apply to desktop devices (e.g., Firewall).

Clarity

Assessing Trust of devices and services requiring trust must be crystal clear in order for organizations to feel confident in their deployment of Trust Scoring.

Transparency

Understanding the Trust Scoring calculation is imperative to admins and allowing configurability provides complete transparency.

Supportability

The capability to understand what factors are not compliant on an end user’s device and what specific steps are needed to satisfy/remediate them is paramount to adopting Trust Scoring.

Introducing Trust Profiles (GTS)

Historically, Banyan struggled to provide the flexibility required for customers to fully consume our device trust scoring feature set. That has since changed with the release of Trust Profiles. Trust Profiles allow admins to assign different devices to trust factors. The assignment can be based on the following (all additive):

After creating the assignment, admins can then add which Trust Factors will be evaluated to the devices assigned to the Trust Profile. All existing Trust Factors will remain, including the ability to set the Trust Effect. Once completed the admin can set the priority of the Trust Profile.

How Trust Profiles help with the F.A.C.T.S.

Anyone working on bringing something to the masses knows that there seems to be endless edge cases and that each customer seems to be a unique snowflake when it comes to technology. Trust profiles have the flexibility required to deliver Banyan’s leading Trust Scoring feature across an organization by providing extensive assignment criterion. All while delivering clarity as to which devices are assigned to the Trust Factors deemed important by the organization. Furthermore, Trust Profiles layers on top of the existing Trust Effect feature we released last month enabling transparency across a device fleet by having the admin control the effect of each trust factor within a Trust Profile. Lastly, by layering Trust Effect within Trust Profiles, it expands the applicability of Trust Scoring throughout a customer’s organization without compromising the supportability needed to adopt the new security control.

Experience the Banyan Security Difference

Traditionally, customers have only ever dreamed of enabling some sort of mechanism to evaluate the security posture of their device fleet. With Trust Profiles, the blockers preventing this dream from being realized are moot, and we encourage everyone to give it a try. No additional software is needed, simply enroll a device and create a Trust Profile.

Try it out for yourself, and sign up for Banyan’s free Team Edition.

Additional Information

Banyan Security maintains a rich repository of product documentation, including information regarding today’s subject matter including a Trust Score Overview and further details about Trust Effect and Trust Profile.

In Banyan Security’s October release, we announced a new Granular Trust Scoring feature, called Trust Effect. Trust Effect brings transparency to Banyan’s trust scoring process. This new feature also offers admins control over the relative impact of each Trust Factor on a device’s security posture.

The Love/Hate Relationship to Device Trust Scores

In the past, we took a conservative approach to access control, allowing admins to enable or disable Trust Factors, while we determined how much weight each Trust Factor had in the Trust Scoring process. Customers offered us two key pieces of feedback:

1. I love the simplicity of enabling Trust Scoring with Banyan.
2. I dislike that I’m unable to relatively weigh Trust Factors. Some are more important than others, and I need a way to determine this.

So, we pivoted and made an adjustable trust scoring process: In our new model, admins now determine the weight of Trust Factors.

Introducing: Trust Effect

The Trust Effect feature allows admins to determine how important each Trust Factor is within their environment. The Effect determines which Trust Level (High, Medium, Low, or Always Deny) a device receives if the device does not meet the Trust Factor requirements. For example, if an admin sets the Effect to Low on the Firewall Trust Factor, and the device doesn’t have its Firewall enabled, then the device’s Trust Level will drop to Low. The Trust Level is then used as a criterion for security policies, applied to Banyan-protected services.

Moving away from a numerical trust score simplified the process. Now, the conversation flows simply, as such: “Is Auto Update critical to us?” If the answer is “yes,” set the Trust Effect to Low TL (Trust Level). If the answer is “it’s a little less important,” set it to Medium TL.

There are, of course, situations in which admins would want to evaluate a new Factor without impacting their users’ access. That’s why we created a No Effect setting, which calculates the device’s security posture against the Factor, without influencing the device’s Trust Level.

Standardizing with Trust Levels

In moving away from a numerical score and toward Trust Levels, we also hoped to help standardize trust scoring. Ideally, this should reduce misalignment between admins when configuring policies and it should standardize the end user experience in the Banyan app.

Finding the Sweet Spot of Control

In conversations with our design partners and our customers, we found that the addition of Trust Effect and the standardization of scoring via Trust Levels offered just the right approach to measuring device trust.

Try it out for yourself, and sign up for Banyan’s free Team Edition.

Additional Information

For more information about Banyan’s approach to trust scoring please check out the following resources:

• Trust Score Overview
• Trust Effect
• Trust Calculation

Thank You!

Huge thank you to all the engineers, designers, and many others that we partnered with to bring this feature into fruition.

We’ve made some enhancements to our self-service offering and we’re convinced that intent-based onboarding will be a leading conduit to the successful first time user experience. This post is to share more about what we did, why, and some lessons learned along the way!

Great onboarding flows orient around outcomes

A key goal at Banyan is to guide organizations on their journey toward securing a modern, hybrid workforce. “Journey” is the most important word in that statement. In hundreds of conversations with customers and prospects, we’ve seen that organizations ultimately agree on an end state but they are at a variety of stages along the way.

We’ve found that orienting the user around the outcome they want to achieve at the start of onboarding will lead to an optimal experience and higher conversion.

Let’s take the three main personas we encounter evaluating our Zero Trust Networks Access (ZTNA) offering.

Networking teams are looking for a modern VPN solution that accomplishes the following:

• Better performance. And even the ability to own and manage their own points of presence
• Device trust that integrates with their existing security investments and provides continuous evaluation
• Easy to configure policies with a streamlined end user experience

Security and Compliance teams are aiming to reduce reliance on the VPN and accomplish the following:

• Publish granular, least privileged access to private resources such as databases, internal websites, Linux servers, and more
• Establishing different baseline trust profiles for employees, contractors, and vendors
• Add device trust and passwordless to SaaS applications without IP whitelisting

Devops teams are having a field day with the automation capabilities that ZTNA and SSE (Security Service Edge)  vendors provide. They are increasingly looking for:

• Automation via “zero trust as code”
• Strong access policies, audit logging, and monitoring to infrastructure such as SSH servers and Kubernetes clusters

We’ve built a personalized, intent-based onboarding flow to account for the goals these teams have and the early results are promising.

Why we love intent-based onboarding

A benefit of layering on a bottoms up, product-led growth motion is that users are often signing up with a specific problem already in mind. Their intent is to see if your product solves that problem and provides them a stellar experience along the way. Building your onboarding flow to account for this has many benefits.

• It helps personalize the experience. Canva asks users how they will use the tool in order to cater a series of templates for them.
  
• It allows you to quantify the outcomes that are most important to your user base. Based on this data, you can iterate quickly and ensure you are providing enough value to have an active, monetizable user base.
  

More self-service learnings and insights

Effective onboarding is emotional

The beauty and challenge with self-service is instilling joy in signing up for and configuring a product. This is where the lines between consumer products and B2B products start to blur. It’s also a test of which organizations really understand their users and the types of products they love.

I wouldn’t go as far as saying onboarding onto Banyan’s security offering should be equivalent to signing up for TikTok but there are two key learnings thus far:

• Users want to feel progress as they navigate their onboarding. Small wins add up to a larger win or ‘aha’ moment. For example, this could be a dashboard updating in real-time or even providing test connection buttons to successfully show a component is connected.
• Education and context is key. The user must understand the context of the step they are on but also WHY the step is needed to accomplish their broader goal. Investing in this area will result in product stickiness as well as a savvy user base.

Remove dependencies on other teams

Often, setting up a security solution requires talking to multiple groups within an organization. The infrastructure team may need to be involved to set up a server and add firewall rules. The identity team may be required to set up users and groups. If a self-serve offering requires this much interaction, it will strongly impact activation metrics and user sentiment. You want to get users to their ‘aha’ moment as quickly as possible.

At Banyan, we sought out a design that would eliminate many cross-functional dependencies within teams while prioritizing context and user education. When you sign up for the product, we provide local user management and default to our Global Edge deployment model which eliminates the need to open inbound ports or change firewall rules. This is the fastest way to get going with the product and allows a frictionless first time user experience.

The Banyan team in a workshop to design the enhanced onboarding flow!

Every step must build on the next

When we started building a self-service offering, we had many conversations on the most streamlined way to get to the ‘aha’ moment. I suspect this is common with most organizations venturing into self-service. However, we became obsessed with removing dependencies! Can the user see the value without having to set up infrastructure? Do they need to download an app?

The danger in this approach is that you can end up building around friction points and ultimately miss creating any stickiness within the product. Every action a user takes in the product should build towards the outcome they are looking for. Address key friction points head on as the payoff is exponential for not only a self-serve motion but existing customers as well.

Try it out for free!

The product and engineering teams worked hard to get this first phase of intent-based onboarding out the door so we’d love to hear what you think. All you need is a resource you want to provide secure access to and 15 minutes of time. There’s plenty more to come…

Sign up here!

As we work with organizations helping them modernize and secure their remote access infrastructure, we’ve consistently seen that one of the larger stumbling blocks to making deployment progress is an accurate inventory of what services are currently in use. This holds especially true for IaaS-based services, as they are often outside of IT and Security’s purview. If you think about it, it’s kind of like painting the Golden Gate Bridge. As soon as you’re done, it’s out of date and you need to start over.

With that in mind, we’re excited to announce Discover and Publish, a streamlined way to secure access to hybrid and multi-cloud infrastructure. Banyan Security is providing customers with the following benefits:

1. Improved time to value – we provide a quick and effective way to create least-privileged access to your infrastructure and services.
2. Scalable IaaS access management – we provide a modern, consistent way to manage access to IaaS workloads across any cloud.

Let’s dive in!

Resources are everywhere

The number of options for deploying computing workloads has grown tremendously in the past decade. Most enterprise organizations will likely have a combination of workloads across on-premises, colocation, edge, and cloud. However, many CIOs are now shifting towards a “cloud-everywhere” mentality where the number of cloud workloads continues to rise and multi-cloud adoption is widely accepted.

Cybersecurity professionals face challenges managing secure, least-privileged access to infrastructure across different IaaS providers. Usually this consists of a hodge-podge of VPNs, bastion hosts, and custom tooling. Banyan’s zero trust access solution helps resolve these challenges for organizations embracing multi-cloud and the “cloud everywhere” mentality.

Discover and Publish for IaaS providers

For cloud resource discovery, Banyan integrates with major IaaS providers including AWS, Azure, Google Cloud, and Oracle Cloud to automatically detect when new infrastructure is created.

The discovered inventory section of the command center is populated with key IP and/or domain information about the cloud resource and the IaaS provider it was sourced from. Our cloud resource discovery process runs at regular intervals to ensure the inventory table is always up to date and can even perform granular syncing of resource types, tags, or labels.

For example, admins can automatically sync AWS EC2 instances that have a tag of ‘banyan:discovery’.

Within the cloud resource, an admin can go through a simple publish flow that will create a Banyan-secured hosted website or infrastructure service in seconds. The IP, DNS, and port information are automatically populated, creating a strong link between the cloud resource and the published Banyan service.

A consistent approach to IaaS secure remote access

We’re strong believers in the BeyondCorp approach towards zero trust security but we realize that moving from legacy VPNs and bastion hosts to granular, least-privileged access can be difficult. Banyan, however, provides a consistent way to manage secure remote access, regardless of the application and where it is hosted.

Typically, one of the first steps towards zero trust is understanding the security posture of your users and devices. Once that is complete, discover and publish provides a way for organizations to understand their multi-cloud resources, create Banyan services to secure the infrastructure, and fine-tune the policies for least-privileged access.

End users benefit from this consistent approach in the form of a unified Service Catalog. The days of having to remember how to access websites or infrastructure depending on which cloud it is hosted on are now done. Banyan improves productivity across your organization.

Getting started with IaaS Discover and Publish today

All of the functionality discussed above is immediately available and is included in Banyan Security’s Enterprise edition!

For details on how to set up discover and publish for your IaaS provider(s), see our docs.