Cloud Secure Edge

Remote Access, Better Security

SonicWall Cloud Secure Edge™, formerly known as Banyan functionality of multiple traditional network appliances –
Security, is a highly effective and easily adopted Security remote access VPN, web proxy, firewall and more – into a
Service Edge (SSE) solution, enabling your workforce unified cloud-delivered solution, improving the security
to securely access any resource from any device. It posture and user experience for the entire workforce.
delivers simple, secure, zero trust access to private and Note: Customers with SonicWall Gen 7 Firewalls already deployed can
internet resources for all your employees and third parties, connect them to Cloud Secure Edge out-of-box and manage access policies
regardless of their network location. It combines the via a unified dashboard.

CLOUD SECURE EDGE SSE

Internet SWG Internet
Websites Websites

SaaS CASB SaaS

Applications Applications

Cloud Cloud
Servers Servers
ZTNA

On-Premises On-Premises
Networks VPNaaS Networks

Figure 1: SonicWall Cloud Secure Edge protecting access to any resource from any device

DATASHEET
Why SonicWall Cloud Secure Edge?

EASY TO DEPLOY PROTECT AGAINST PERFORMANCE WITH

AND MANAGE MODERN THREATS PRIVACY

Cloud Secure Edge can be Cloud Secure Edge includes zero trust Cloud Secure Edge was built from the
standalone or added to your existing security controls that are needed for ground-up to deliver high performance
SonicWall Gen 7 Firewalls as a hybrid and remote workforces that while ensuring privacy. The admin
monthly subscription. It is ideal for need access to the sensitive private is in full control of their data while
MSPs and DIY organizations with and internet assets required to do ensuring users get the most natural
overstretched resources looking for their jobs from anywhere. It employs and efficient connection possible
low TCO and fast ROI. a unique technology based on device- for maximum productivity, data
and identity-centric trust scoring protection and privacy.
and short-lived cryptography to
deliver industry-leading security with
excellent user experience.

Common Use Cases Licensing

Modernize VPN/FW with ZTNA Cloud Secure Edge is available for purchase as Secure Private
Rather than rely on coarse tools like firewalls and legacy VPNs Access (to resources on internal networks) and Secure
to protect company resources, Cloud Secure Edge enables Internet Access (to resources on the public Internet).
least-privilege access to specific applications and servers 1. Secure Private Access provides two core capabilities:
based on the combined real-time contextual factors of user
• Tunnel-based ZTNA (also called Cloud VPN or
and device trust and resource sensitivity.
VPNaaS): Secure network access to specific
It is cloud based and can be applied independently or in network segments.
combination with pre-existing security infrastructures.
• Proxy-based ZTNA: Secure access to private
Protect Against Internet Threats resources such as internal HTTP applications
and Credential Compromise and TCP services.
SonicWall has deployed high-performance global edge POPs 2. Secure Internet Access provides three core capabilities:
to ensure the most efficient and direct routing while applying
• DNS-Layer Security (DNS): Domain-level threat
consistent enforcement controls to protect against every
protection blocking malicious domains and enforcing
type of attack or risky exposure. This provides simple and
acceptable use policies.
effective protection against phishing attacks and malicious
websites, while also applying content filtering as desired, and • Cloud Access Security Broker (CASB): Enforcement
device security is verified up front before access is granted – device trust policies to access SaaS applications.
the way it should be. • Secure Web Gateway (SWG): Web content filtering
to block malware and other threats hidden in
Secure High-Risk Users (3rd Parties / BYOD / M&A)
encrypted web traffic.
Provide third-parties easy, secure access to only the specific
Secure Private Access (SPA) and Secure Internet Access (SIA)
resources they need without over-provisioning. Cloud Secure
SKUs are both available in two tiers: Basic and Advanced.
Edge ensures access based not only on the security posture
Licenses are sold per-user.
of the user and device, but also on their role and what they
are authorized to view. Management is simple with groups
and roles that can be pre-identified and applied as necessary
from one central console. No need to patch or configure
hardware – ever.

2 | Cloud Secure Edge

Common Capabilities

Native Support for All Client

High Performance Data Plane Cloud Management Interface
Operating Systems

Dynamic edge architecture for fast Desktop (Windows, macOS, Linux) and For IT and security admins to
and reliable connections to users mobile (iOS, Android, ChromeOS) configure zero trust connectivity
around the world

Trust Scoring Actionable Visibility Continuous Policy Enforcement

Quantify the level of trust A complete view into user/device and Based on resource sensitivity,
and risk associated with your application/resource risk regardless of user’s location
users and devices

Integrations SonicWall Firewall Connector Multi-tenant Management

Integrates with existing tools (IDP, Out of box integration with Gen7 Cloud-based policies for multi-
EDR, MDM, SIEM) Firewalls in Global Mode on 7.1.2+. tenant management

User and Devices

Single Sign-On Posture Management Trust Profiles

Use corporate SSO with just-in-time Analyze the posture of a device, such Customize factors and policy effects
(JIT) user creation as firewall, disk encryption, screen based on groups of users and devices
lock, OS version, etc

Custom Remediation

Configure device posture remediation

instructions, such as messaging and
links, shown to your end users

Visibility and Compliance

Real-time Event Stream Device Posture Reporting Admin Activity Reporting

Monitor a real-time stream of user and Track all devices - managed and Log all admin activity in the
device activity unmanaged - accessing corporate Cloud Command Center
resources, as well as their
security posture

Operations and Automation

Restful API API Clients – pybanyan, terraform Zero Touch Device Registration

RESTful endpoint to configure CSE Python library and terraform for Roll out the Banyan app to your
objects in the Control Plane automation and management device fleet without requiring any
end-user interaction

3 | Cloud Secure Edge

 Secure Private Secure Internet
Access Access
Feature Basic Advanced Basic Advanced
Core Capabilities
ZTNA Tunnel (VPNaaS) to enable access to specific networks
ZTNA Proxy to securely connect to internal HTTP applications and TCP services
DNS-Layer Security for Internet threat protection
Cloud Access Security Broker (CASB) to enforce device trust polices for SaaS
applications
Advanced Secure Web Gateway (SWG) to filter out malware and other threats
hidden in encrypted web traffic
Secure Network Access
Private Networks (RFC-1918 ranges) and domains (internal DNS servers)
Split Tunneling to specific subnets and domains (private or public)
Full Tunneling for all traffic
Network / Layer 4 polices based on CIDRs and FQDNs
Secure Access to Private Resources
Internal Websites access using browser-only OpenID Connect flows
SSH to Linux servers
RDP to Windows machines
Native clients to access database servers such as PostgreSQL and MySQL
Kubernetes client to access cluster
SSH Certificate Authentication, Authorize Principals, and audit logging
Layer 7 policies to access APIs, webpages
Internet Threat Protection
DNS Layer Security blocking domains with malware, phishing, botnet, and other
risks
Content categorization
Custom blocking
SaaS Application Security
Visibility into Cloud Applications / Shadow IT
IP Allowlisting for Cloud Applications through SonicWall Edge
Device Trust for Okta
Device Trust for Azure AD
Device Trust for other IDPs such as OneLogin, Jumpcloud
Web Content Filtering Service
URL Filtering
Malware Protection
Users and Devices
Passwordless Authentication via IDP Federation
Policy-enforced access from Unregistered Devices with a trusted device
certificate
Clientless access
Service Accounts (API tokens for programmatic access such as scripting and
automation through the Data Plane)

4 | Cloud Secure Edge

 Users and Devices (Continued)
SCIM integration to manage user assignments
EDR integrations (e.g. CrowdStrike, SentinelOne, Microsoft Defender)
MDM/UEM Integrations (e.g. JAMF, Kandji, Jumpcloud, Intune, Workspace One)
Visibility and Compliance
SIEM Integration (eg. Splunk, Elastic, Sumo Logic)
Private Network Discovery (non-approved applications accessed by user or
n/a
devices)
IaaS Resource Discovery n/a

SaaS Application Discovery n/a

Operations and Automation
Private Edge Deployment: Host SonicWall’s identity-aware gateway in your own
n/a n/a
infrastructure
Services and Support
24x7 Support
Premier Support add-on add-on
Remote Implementation Services add-on add-on

Summary
SonicWall Cloud Secure Edge is a Security Service Edge solution combining industry-leading TCO with enterprise-grade zero
trust security. It delivers simple, secure zero trust access to private and internet resources for employees and third parties,
regardless of their physical location or device. Cloud Secure Edge combines the functionality of multiple traditional network
appliances - remote access VPN, web proxy, firewall, etc - into a unified multi-tenant cloud-delivered solution that is simple to
deploy and easy to manage for organizations of all sizes, maximizing ROI for you and your customers.

Want to learn more about SonicWall Cloud Secure Edge? Start here.

Contact your account executive, if you want to add Cloud Secure Edge to your existing SonicWall Gen 7 Firewalls.

About SonicWall
SonicWall is a cybersecurity forerunner with more than 30 years of expertise and a relentless focus on its partners. With the
ability to build, scale and manage security across the cloud, hybrid and traditional environments in real time, SonicWall can
quickly and economically provide purpose-built security solutions to any organization around the world. Based on data from
its own threat research center, SonicWall delivers seamless protection against the most evasive cyberattacks and supplies
actionable threat intelligence to partners, customers and the cybersecurity community.

SonicWall, Inc.
1033 McCarthy Boulevard | Milpitas, CA 95035
Refer to our website for additional information.
www.sonicwall.com

© 2024 SonicWall Inc. ALL RIGHTS RESERVED.

SonicWall is a trademark or registered trademark of SonicWall Inc. and/or its affiliates in the U.S.A. and/or other countries. All other trademarks and registered trademarks are property of their
respective owners. The information in this document is provided in connection with SonicWall Inc. and/or its affiliates’ products. No license, express or implied, by estoppel or otherwise, to any
intellectual property right is granted by this document or in connection with the sale of SonicWall products. Except as set forth in the terms and conditions as specified in the license agreement for this
product, SonicWall and/or its affiliates assume no liability whatsoever and disclaims any express, implied or statutory warranty relating to its products including, but not limited to, the implied warranty
of merchantability, fitness for a particular purpose, or non- infringement. In no event shall SonicWall and/or its affiliates be liable for any direct, indirect, consequential, punitive, special or incidental
damages (including, without limitation, damages for loss of profits, business interruption or loss of information) arising out of the use or inability to use this document, even if SonicWall and/or its
affiliates have been advised of the possibility of such damages. SonicWall and/or its affiliates make no representations or warranties with respect to the accuracy or completeness of the contents of
this document and reserves the right to make changes to specifications and product descriptions at any time without notice. SonicWall Inc. and/or its affiliates do not make any commitment to update
the information contained in this document.

174.24 - Datasheet - Cloud Secure Edge