InstaSafe Solutions

InstaSafe Stick - Access using USB

Instasafe — Thu, 30 Jan 2025 10:18:44 GMT

InstaSafe stick is a lightweight portable version of an Ubuntu Operating System (OS) that can be run from a USB drive. Ubuntu OS is hardened and pre configured into the USB drive. Users need to just plug in the USB drive into their system, reboot and the system is now ready to access predefined corporate applications securely using InstaSafe Zero Trust Access solution along with Multi factor authentication.

InstaSafe stick only allows access to corporate applications and blocks the internet from browsing any external sites. With InstaSafe ZTA and MFA, users can still experience secure and seamless access to their applications.

Why InstaSafe Stick?

Enabling Third-Party Workers - Organizations need to provide third-party workers with access to certain applications in a secure manner. InstaSafe Stick can enable them with secure access.
Working with low-performance systems - Third party workers and external consultants are often provided with outdated systems that are low in performance and does not support new software versions. The InstaSafe Stick requires minimal system configuration to run the program efficiently and provide access.

How does it work?

Application Access through InstaSafe Stick

Features and Benefits

Secure Application Access - Access internal applications securely through InstaSafe ZTA
Lightweight - Preconfigured USB is lightweight and boots faster
Easy to Use - On the go, just plugin, reboot and start using services
Multi-Factor Authentication - additional security controls with secondary authentication methods
Device Compatibility: Works across desktops and laptops, regardless of hardware specifications.

Ready to experience the future of secure access? Get your InstaSafe Stick today and transform how you work.

Secure Access for Outlook Web Access (OWA)

Instasafe — Wed, 06 Nov 2024 12:58:51 GMT

Outlook Web Access (OWA) is one of the most popular web based email clients that is widely used by organizations. Earlier version of Outlook requires installation in the system and users used to access it through that particular system for whom Outlook is configured. With web based Outlook, users can now access their mailbox from anywhere over a browser. Microsoft Outlook Web Access (OWA) allows users to access their email, calendars, and contacts via a web browser, without requiring the installation of Microsoft Outlook or other email clients. OWA is widely utilized for its convenience and accessibility, making it a critical application for businesses worldwide.

This also creates security issues if the user credentials gets compromised. Better secure access solution along with MFA can provide stronger security controls for Outlook Web Access.

InstaSafe Secure Access for OWA

For web based applications, InstaSafe provides secure access through SAML authentication. InstaSafe can act as an identity provider and authenticate user based on user credentials and Multi factor authentication. InstaSafe MFA supports various authentication methods which includes OTP via Email or SMS, T-OTP, Biometrics, Push notifications through its authenticator application.

Key Features:

Enhanced Security: Multi-factor authentication adds an extra layer of security by combining something the user knows (password) with something the user has (security token or SMS code), making unauthorized access significantly more challenging.
Easy Integration: Seamlessly integrates with your existing OWA setup without the need for complex configurations, ensuring a smooth transition and user experience.
User-Friendly: Offers a straightforward authentication process that does not compromise on security while maintaining user convenience.

Benefits:

Prevents Data Breaches: By securing email accounts against unauthorized access, MFA significantly lowers the risk of potential data breaches.
Increases Trust: Enhances the trustworthiness of your IT infrastructure, making it safer for remote access.
Compliance Ready: Helps in complying with various regulatory requirements that mandate strict access controls, including MFA.

To know more about how InstaSafe Secure Access with MFA works for Outlook Web Access, refer to our documentation here - https://docs.instasafe.com/Zero%20Trust%20Application%20Access/owa_mfa/

Book A Demo using this link - https://instasafe.com/book-a-demo/

Secure Access for Google Workspace

Instasafe — Wed, 14 Aug 2024 11:24:12 GMT

As organizations increasingly rely on cloud-based productivity tools, Google Workspace (formerly G Suite) has become a cornerstone for collaboration and communication. However, with this shift to cloud-based services comes the challenge of securing access to these critical resources, especially in a remote work environment. InstaSafe’s Zero Trust Solution provides a comprehensive framework to secure access to Google Workspace, ensuring that only authenticated and authorized users can connect, regardless of their device or location.

Limitations of Traditional Security Models

Traditional security models typically rely on perimeter-based defenses, assuming that once a user gains access to the corporate network, they can be trusted with access to internal resources, including Google Workspace. However, this approach has several inherent risks:

Broad Access: Once inside the network, users often have wide access to multiple resources, including Google Workspace, increasing the risk of data breaches if credentials are compromised.
Device Vulnerabilities: Employees access Google Workspace from various devices, many of which may not be secured, exposing the organization to potential security threats.
Phishing and Credential Theft: Attackers often exploit weaknesses in traditional security measures through phishing and credential theft, gaining unauthorized access to sensitive data stored in Google Workspace.

Zero Trust: A Modern Approach to Securing Google Workspace

InstaSafe’s Zero Trust Solution is designed to overcome the limitations of traditional security models by implementing a "Never Trust, Always Verify" approach. This ensures that access to Google Workspace is granted based on continuous verification of the user's identity, device, and context. Here’s how InstaSafe enhances the security of Google Workspace:

Granular Access Controls: InstaSafe enables organizations to implement role-based access controls for Google Workspace, ensuring that users can only access the applications and data they need. This minimizes the risk of unauthorized access and protects sensitive information.
Continuous Monitoring and Anomaly Detection: With InstaSafe, access to Google Workspace is continuously monitored, and any unusual or suspicious activity is flagged in real time. This could include login attempts from unfamiliar locations, use of unauthorized devices, or deviations from typical user behavior. Such proactive monitoring allows for immediate response to potential threats.
Seamless Integration with Identity Providers: InstaSafe integrates seamlessly with identity providers like Google Identity and Access Management (IAM), enabling Single Sign-On (SSO) and Multi-Factor Authentication (MFA). These features reduce the risk of credential theft while providing a smooth user experience, as users can access Google Workspace with a single set of credentials.
Context-Aware Security Policies: InstaSafe’s Zero Trust Solution adapts to different contexts by enforcing security policies based on the user’s location, device, and the sensitivity of the data being accessed. For example, access to sensitive Google Workspace documents might require additional verification if the user is connecting from an unrecognized device or a high-risk location.

The InstaSafe Advantage for Google Workspace

By deploying InstaSafe’s Zero Trust Solution, organizations can significantly enhance the security of their Google Workspace environment. The solution not only protects against external cyber threats but also mitigates risks associated with insider threats and compromised devices. With features like continuous monitoring, role-based access controls, and seamless integration with existing infrastructure, InstaSafe ensures that your organization can securely leverage the full potential of Google Workspace.

Whether your organization is already using Google Workspace or planning to migrate, InstaSafe offers a scalable and flexible security solution tailored to your specific needs.

Securing Access for IceWarp Email

Instasafe — Wed, 14 Aug 2024 11:17:50 GMT

In the rapidly evolving digital landscape, email remains a critical communication tool for businesses. IceWarp Email, with its comprehensive suite of features, is a popular choice for enterprises looking to streamline communication and collaboration. However, as with any email platform, ensuring secure access is crucial to protect sensitive information from unauthorized access and cyber threats. InstaSafe’s Zero Trust Solution offers a robust framework to secure access to IceWarp Email, ensuring that only verified users can access the platform, regardless of their location or device.

Challenges with Traditional Email Security

Traditional security methods often rely on perimeter-based defenses, assuming that once a user is within the network, they can be trusted with access to sensitive resources. However, this approach is flawed, especially in today’s environment, where users frequently access emails from various devices and networks, including unsecured public Wi-Fi.

Such perimeter-based security models can lead to significant vulnerabilities:

Unauthorized Access: If credentials are compromised, unauthorized users can gain access to the entire email system, potentially leading to data breaches.
Device Vulnerabilities: Devices used to access IceWarp Email might be compromised, leading to the spread of malware or unauthorized access to corporate resources.
Phishing Attacks: Phishing attacks remain one of the most common methods used by attackers to gain access to email accounts, especially when multi-factor authentication (MFA) is not enforced.

Zero Trust: The Future of Email Security

InstaSafe’s Zero Trust Solution is designed to address these challenges by implementing a "Never Trust, Always Verify" approach to security. Here’s how it enhances the security of IceWarp Email:

Role-Based Access Controls: InstaSafe enables granular access control policies based on user roles and responsibilities. This ensures that users have access only to the emails and resources they need, reducing the risk of unauthorized access.
Continuous Monitoring and Threat Detection: The Zero Trust framework continuously monitors user activity across IceWarp Email. If any unusual behavior is detected—such as logins from unfamiliar locations or attempts to access unauthorized resources—InstaSafe can automatically trigger additional verification steps or block access.
Seamless Integration with Identity Providers: InstaSafe seamlessly integrates with existing identity providers, such as Active Directory or LDAP. This allows for Single Sign-On (SSO) and Multi-Factor Authentication (MFA) capabilities, making it easier for users to securely access IceWarp Email without the need for multiple passwords.
Adaptive Security Policies: InstaSafe’s solution adapts to changing security landscapes by enforcing context-aware security policies. For instance, if a user attempts to access IceWarp Email from an unfamiliar device or location, they may be required to pass additional security checks before access is granted.

The InstaSafe Advantage for IceWarp Email

By implementing InstaSafe’s Zero Trust Solution, organizations can secure access to IceWarp Email without compromising on user experience. The solution not only protects against external threats but also mitigates the risks posed by insider threats and compromised devices. With features like real-time monitoring, adaptive security, and seamless integration with existing IT infrastructure, InstaSafe ensures that your IceWarp Email system remains secure and resilient against evolving cyber threats.

Whether your organization is already using IceWarp Email or considering its adoption, InstaSafe offers a scalable, flexible security solution that can be tailored to meet your specific needs.

Securing Access for Microsoft 365

Instasafe — Wed, 14 Aug 2024 11:15:03 GMT

Securing Access to Microsoft 365 with InstaSafe Zero Trust

In today's digital workspace, where remote work and cloud-based tools are becoming the norm, ensuring secure access to critical applications like Microsoft 365 is paramount. With an ever-increasing number of cyber threats, traditional security models that rely on implicit trust are no longer sufficient. InstaSafe’s Zero Trust Solution offers a modern approach to securing access, ensuring that only authenticated and authorized users can connect to your Microsoft 365 environment, regardless of their location or device.

Why Traditional Security Models Fall Short

Traditional security approaches, such as VPNs, often grant broad network access once a user is authenticated. This method assumes that anyone inside the network is trustworthy, a concept known as implicit trust. However, this assumption exposes organizations to significant risks, especially when users connect from unsecured networks or compromised devices. The need for a more granular and secure method of access control has led to the adoption of Zero Trust principles.

Zero Trust: The Foundation of Secure Access

InstaSafe’s Zero Trust approach is built on the principle of "Never Trust, Always Verify." Instead of assuming trust based on network location, InstaSafe continuously verifies the identity and context of each access attempt. This model provides several key benefits for securing Microsoft 365:

Granular Access Controls: InstaSafe allows organizations to define specific access policies for Microsoft 365 based on user roles, device compliance, and location. This ensures that users can only access the data and applications they need, reducing the attack surface and mitigating the risk of data breaches.
Continuous Monitoring and Verification: With InstaSafe, access to Microsoft 365 is continuously monitored. The solution uses machine learning to detect and respond to anomalous behavior, such as unusual login locations or unauthorized device access, allowing IT teams to quickly address potential threats.
Seamless Integration with Existing Infrastructure: InstaSafe integrates seamlessly with your existing identity management solutions, such as Azure Active Directory. This integration enables Single Sign-On (SSO) capabilities for Microsoft 365, reducing password fatigue for users while enhancing security through multi-factor authentication (MFA).
Improved User Experience: Unlike traditional VPNs, InstaSafe’s Zero Trust Solution does not require users to connect to a corporate network to access Microsoft 365. This reduces latency and improves the overall user experience, making it easier for employees to stay productive while working remotely.

The InstaSafe Advantage

By deploying InstaSafe’s Zero Trust Solution, organizations can achieve a higher level of security for their Microsoft 365 environment. This solution not only protects against external threats but also addresses the risks posed by insider threats and compromised devices.

Whether your organization is already using Microsoft 365 or planning to migrate, InstaSafe provides a scalable and flexible solution that can be tailored to meet your specific security needs. By adopting a Zero Trust approach, you can ensure that your critical business applications are protected against the evolving threat landscape.

Documentation - Secure Web Gateway

Instasafe — Tue, 30 Jul 2024 07:50:42 GMT

Introduction

InstaSafe is an RFC 2616 compliant HTTP/1.1 proxy server, specially designed to provide maximum protocol, and payload security.

InstaSafe based Secure Web Gateways enable your users to safely access the web.InstaSafe, when setup in Reverse Proxy mode, secures your web applications.

InstaSafe is a highly scalable software, that enables scaling up by increasing the hardware provisioning, or scaling out by creating an application cluster.

While the installable packages for both these platforms are different for obvious reasons, the configuration and operation is quite identical. So you can choose platform of your choice, to host InstaSafe Proxy Service. Yes, the advantages of deploying InstaSafe on Linux are overall higher because the Linux operating system is better suited for servers. But then if you are more comfortable with Microsoft®Windows, you can happily deploy on Windows. Migration from either of the platforms to the other is not very difficult, really!

System Requisites

Use InstaSafe Appliance Builder (IAB) to setup your secure web gateway. SAB is an Ubuntu Linux operating system ISO, customized to provide automatic setup of all the necessary files and services. IAB enables you to transform a standard Intel® hardware architecture for servers, into a hardware web security appliance, or a setup a virtual appliance on any virtualization infrastructure like VmWare® or Microsoft Hyper-V®.

Use the InstaSafe installation packages (tar.gz) if you wish to setup secure web gateway on other Linux distributions like RedHat®, SuSe®, CentOS®, etc.

Use Windows installer package to setup InstaSafe on a Microsoft Windows system.

Note: InstaSafe Secure Web Gateway is powered by SafeSquid

Hardware Requirements

Minimal Hardware

RAM: 4 GB
CPU: 4 Core
HDD: 160 GB (Depending upon the number of logs and database you want to keep)

Recommended Hardware

The above specified Minimal Hardware should enable you to do a functional setup of InstaSafe.

However provisioning it for active servicing a platform with atleast 8 CPU cores, and 8GB RAM should be a great starting point.

InstaSafe is SMP-aware, enabling seamless scale-up by increasing CPU cores, RAM and NIC.

As a thumb rule for server sizing add 2 CPU cores and 4GB RAM per 100 concurrent connections.

If you intend to use InstaSafe's HTTPS Inspection feature, using processors with "AES-NI", is recommended.

How to find out AES-NI (Advanced Encryption) Enabled on Linux System

InstaSafe is cluster-ready.

You may thus scale-out by adding nodes to your cluster.

A clustered setup would give you the advantage of both load‑balanced throughput as well as high‑availability service.

CPU (cores)	RAM (GB)	HDD	Max Concurrent Connections	Approx Users
4	8	500GB	100	25
4	16	1TB	500	150
8	16	2TB	1000	350
8	32	4TB	1500	600
16	32	4TB	2000	1000
16	64	8TB	3000	1500

Installation and Activation

Get Product Activation Key

Before downloading the InstaSafe installer(s), you MUST register to create your account on InstaSafe's self-service portal. Registration is free, and requires just a few minutes. Your registered account also provides the management of InstaSafe's cloud-backed features, like Custom Web Categorization, VPN support, Configuration Backup, Subscription management, etc.

All registered users are provided with a Product Activation Key. After the actual installation, you must upload this activation key via InstaSafe's Browser based Interface. Your users may not be able to access the web until then. Use the same Activation Key across all your instances of InstaSafe, to ensure easy replication of policies, and other common aspects.

Download Installation Package

InstaSafe Appliance Builder

InstaSafe Appliance Builder (SAB) is the most recommended installer. You may download it using the link displayed when you log into your registered account. Alternatively you may download it from - https://downloads.InstaSafe.com/appliance/InstaSafe.iso . SAB is a customized version of Ubuntu 18.04 x86_64 minimal iso. You may create a virtual appliance using the SAB iso on any virtualization infrastructure, or boot a standard Intel Server hardware to create a hardware appliance.

Basic Setup

If you plan to use HTTPS inspection, then you must first configure HTTPS inspection

Integration of InstaSafe Proxy Service with your Microsoft Active Directory, or OpenLDAP service, would be the most recommended immediate next step.

The How To section could provide you with a fair idea of the rest of the goals that you may want to achieve.

How to integrate AD or OpenLDAP with InstaSafe

Overview

Active directory information is used to authorize/authenticate the users and computers which are part of your network. Active directory objects are mainly a set of attributes like domain, Organization Unit(OU), user, group, subnet etc. In any Active directory domain controller is responsible for all the authorizations/authentications inside a domain. If any user has access to a domain, he/she can logon from anywhere and any computer in that domain. Active directory Organization unit(OU) can appear only inside a domain and can be used to denote a specific department, location, team, etc. OUs are unique inside a domain. Organization Unit contains objects like users, groups, computers, etc. Active directory user is part of organization and has unique idenity in the domain. Also each user has an unique SID which authorizes user and allow/deny users to access the network resources. Each account is unique and is secured by password.

Why should we use Active directory services?Active directory services are highly secured they may have layered security which consists of policies and permissions for security at different levels. Objects are usually located anywhere yet can access the domain/network resources securely. Also Active directory services are easily scalable and extensible. Active directory services has easy and efficient mechanism to locate an object. Users can have the same environmental settings immaterial of which computer or location they logon from.

Why is a proxy based web-gateway integrated to a Microsoft AD or OpenLDAP?

Network enterprises that have a large number of users, popularly manage user credentials via a centralized system.The centralized system ensures user identification across all the networked enterprise resources and services.Users too benefit immensely, as they need a singular credential to access anything across the network enterprise.

Microsoft’s Active Directory, and OpenLDAP based various Directory Services like Novell’s e-Directory are extremely popular for setting up a centralized user identity management systems.Almost all Directory services also offer role, and hierarchy based grouping of users. Most enterprise class networked resources and services also allow control of user access, and rights based on their group membership.

A proxy-based web gateway is an application layer firewall service that distributes Internet Access to people in the networked enterprise. It is thus essentially a network service.A Web Gateway when integrated to a Directory Service, can:

Authenticate the users, based on their Directory Service Credentials,
Control their access to the web depending upon their enterprise role and hierarchy,
Log and report their activity, in a manner that the HR managers can analyze internet usage individually and of groups of people.

Tutorial Goals

In this tutorial you will see how to integrate your Microsoft Active Directory or OpenLDAP service to a proxy server easily.With the use of InstaSafe SWG WebGUI it is easy to perform the necessary integration process, you can create the policies to control access, and validate the success.

At the end we will inspect InstaSafe’s logs to inspect how the internet usage of any user identified via the Directory Service, is recorded for the purpose of analytics.InstaSafe can be integrated to the Microsoft Active Directory for SSO/Kerberos based user identification. The additional steps required for Kerberos configuration are discussed in another tutorial.

Prerequisites

Collect the following information before starting integration

LDAP Server Fully Qualified Domain Name ( FQDN ) and IP address.
LDAP Administrator User name and Password.(You can provide any user from LDAP server who has administrator rights)
LDAP Server Basedn
LDAP Server Domain name

Note :

Add InstaSafe server DNS entry in your Active Directory Server
Make sure that your AD Domain must be resolvable from all clients and InstaSafe Server.

Integration of Microsoft Active Directory

Integration of Active Directory include the following types of Authentication.

Simple Authentication

Simple authentication is a type of interactive authentication to the user. If you configure simple authentication the user will be prompted for credentials for every new session opened.

SSO Authentication

SSO authentication is a type of non-interactive authentication to the user. In SSO authentication once the user logged into his/her system then that credentials will be used for all sessions opened by that user.

Preferred Linux distribution: Setup Your Secure Web Gateway on your preferred Linux distribution

InstaSafe Appliance Builder (SAB) is an optimized version of Ubuntu Linux, optimized for easy setup of your secure web gateway. The SAB installs the Ubuntu Linux operating system, downloads and deploys the InstaSafe for Linux installation package, and the necessary dependencies. InstaSafe can also be installed on any other Linux operating system like Red-Hat, SuSe, CentOS, etc.

How to setup virtualization environment for InstaSafe with VirtualBox.

VirtualBox is a powerful x86 and AMD64/Intel64 Virtualization Product. It can be used for Enterprise as well as for personal use. It is freely available and is an Open Source Software. It runs on windows, Linux, Macintosh and Solar Host.

Setup HTTPS Inspection

HTTPS Inspection is the standard Security technology for encrypting a connection between the client and web server. Enable HTTPS inspection on InstaSafe SWG to inspect HTTPS traffic that is encrypted by the Secure Sockets Layer (SSL) protocol. InstaSafe will do deep content inspection of encrypted HTTPS traffic. Further this encrypted content can be filtered easily.

Integrate a Linux Host with a Windows AD for Kerberos SSO authentication

Kerberos Authentication support is particularly useful for Enterprise networks that have a Microsoft AD based Domain controller. By properly configuring the necessary Kerberos related factors, your enterprise Internet users can optionally enjoy Windows Integrated Authentication. Windows Integrated Authentication is a non-interactive authentication process, that uses SSO authentication. SSO ensures that your users do not have to manually provide their user credentials as username / password to access your networked enterprise resources and services, yet their access is restricted as specified. SSO, thus not only just adds convenience to the overall user experience, but also enhances security.

Block Personal Gmail And Allow Google Corporate Accounts

Block Personal Gmail to ensure Data Security. No sharing of confidential data with personal accounts.You may want to prevent users from signing into Google services using any accounts other than the accounts you provided them with.Auto logout when detected that user is logged into personal Gmail. You can setup InstaSafe to block the access to consumer Google accounts.

Data Leakage Prevention

Controlling Uploads

DLP module is primarily used to restrict/prevent uploads of confidential and critical information from any organization. You can select predefined content type(s) in DLP section to prevent their upload(s). You can create multiple policies in DLP section such that all the selected content types will be blocked when any end user tries to upload it.

Block Virus Uploads And Downloads

Protect your network against viruses, Trojans, malware and other threats. You can block virus uploads and downloads by using InstaSafe. InstaSafe is providing different types of antivirus setups.

Block Anonymous Proxies

An anonymous proxy will allow your users to surf the web anonymously, since it tunnels your data through servers that are spread out across the globe and involve other IP addresses. Anonymous Proxy service enhances your security and lets your users access some restricted websites online. You can block these proxies by using InstaSafe, so that no user access the blocked websites

Block Advertisements And Banners

Security was the main reason cited for blocking of Advertisements. Advertisements can be annoying or intrusive. Blocking of advertisements can result in quicker loading and cleaner looking web pages with fewer distractions, lower resource waste (bandwidth, CPU, memory, etc.). You can setup InstaSafe to block all types of annoying advertisements and banners.

Block Third Party Cookies

You can block the cookies for third-party domains. Control tracking your activity across different sites and you can hide the referer for third-party domains. Now referer is same as hostname. You can also hide the user agents for third-party domains. Instead of original user agent InstaSafe use default user agent. (Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)).

Restrict selective login user-names of logins from Facebook Or Gmail. You just enable default rule and modify your respective username with default ones. Now except selected users all can able to login into Facebook or Gmail.

Profiled Internet Access

Your secure web gateway serves a variety of users, and applications. Appropriate restrictions ensure the web access boosts efficiency, while curbing non-productive activities. InstaSafe enables you to define policies as access profiles, and ensure compliance. Create policies for users, based on their organizational hierarchy, and business role, to boost productivity.

Enforce Safe Searches On Gateway

World Wide Web provide extensive knowledge on almost every topic that you can think. Due to the vast information scattered around on the web we sometimes find the content that are irrelevant and inappropriate. We often come across adult/porn content accidentally while we are trying to find some information over internet. This may be faced by children or by someone who isn't supposed to watch pornographic content. Search engines help us big time in searching the appropriate content, but can sometimes mislead us. To avoid this Search engines has started providing with an additional feature Safe-Search.You can setup Safe Searches for different search engines like Google, Yahoo, Bing by using InstaSafe.

FAQs

What is InstaSafe SWG?

InstaSafe is an RFC 2616 compliant HTTP/1.1 proxy server, specially designed to provide maximum protocol, and payload security.

InstaSafe based Secure Web Gateways enable your users to safely access the web.

InstaSafe, when setup in Reverse Proxy mode, secures your web applications.

InstaSafe is a highly scalable software, that enables scaling up by increasing the hardware provisioning, or scaling out by creating an application cluster.

Why should I use InstaSafe?

InstaSafe is an HTTP Proxy Server specially designed for web security. You should use InstaSafe for securely distributing Internet access across large network and to protect your enterprise against productivity losses, and collateral losses.

Which Operating Systems does InstaSafe support?

InstaSafe support both operating systems, i.e. LINUX as well as Microsoft Windows.

The installable packages for both these platforms (LINUX and Microsoft Windows) are different for obvious reasons, the configuration and operation is quite identical. So, you can choose platform of your choice, to host InstaSafe Proxy Service.

Yes, the advantages of deploying InstaSafe on Linux are overall higher because the Linux operating system is better suited for servers. But then if you are more comfortable with Microsoft®Windows, you can happily deploy on Windows. Migration from either of the platforms to the other is not very difficult, really!

What is the minimal hardware required for InstaSafe?

RAM: 4 GB

CPU: 2 Core

HDD: 160 GB (Depending on the size of logs and database you want to store)

See the Hardware Requirements here - Hardware requirements

What is InstaSafe Appliance Builder?

InstaSafe Appliance Builder (IAB) is the most recommended method for setting up your secure web gateway. IAB is a customized distro of Ubuntu Linux. It enables you to quickly setup your secure web gateway on a standard Intel server hardware, or as a virtual appliance on any virtualization platform like VMware or Hyper-V.

IAB automatically installs and configures all dependency libraries, and services.

Where should I get the latest version of InstaSafe to upgrade?

You can download InstaSafe SWG for Windows package from - http://downloads.InstaSafe.net/SWG/windows/setup_InstaSafe_swg_latest.exe

You can download InstaSafe SWG for Linux package from - http://downloads.InstaSafe.net/appliance/binary/InstaSafe_latest.tar.gz

What is InstaSafe for Windows?

InstaSafe for Windows is content filtering proxy server. InstaSafe for Linux has been natively ported for use on Microsoft Windows platform, and distributed as InstaSafe for Windows. It gives you Total Access Control, Total Content Control & Total Internet Security. InstaSafe for Windows can be installed on any desktop/server having Microsoft Windows based 64-bit Operating Systems.

Where should I get a product activation key?

You can get a product activation key on InstaSafe self-service portal - https://key.InstaSafe.com/

You must register to create your account on InstaSafe self-service portal and download your product activation key

What is InstaSafe Self Service portal?

The InstaSafe Self-Service Portal is the cloud-based management console for InstaSafe.

The InstaSafe Self-Service Portal manages the activities like, InstaSafe cloud-backed features, Custom Web Categorization, Web Security Clients for Roaming users (VPN), Confidential Data Signatures, Subscription management, etc.

Read more about Management of Self-Service Portal

Whom should we permit to access the InstaSafe Web GUI?

InstaSafe has an intrinsic Web GUI, that enable you to manage your installation, setup required policies, and monitor your secure web gateway.

You should configure InstaSafe policies to allow access of the Web GUI to only security administrators.

How do I know InstaSafe product is activated?

If you able to access all the websites from your browser that means your product is activated.

Where should I get license details?

Once you activate product successfully you should get license details on Support page of InstaSafe Web GUI.

For more details follow- LINK

Why am I getting "Proxy Access Denied?"

If you should not properly configure policies under access restriction section or administrator should not give you access of InstaSafe Interface, you are getting "Proxy Access Denied" template.

Does InstaSafe inspect HTTPS traffic?

Yes of course, InstaSafe inspect HTTPS traffic.

HTTPS Inspection is the standard Security technology for encrypting a connection between the client and web server.

When should I enable HTTPS Inspection?

Enable HTTPS inspection on InstaSafe SWG to inspect traffic that encrypted by the Secure Sockets Layer (SSL) protocol. By that InstaSafe do deep content inspection of encrypted HTTPS traffic. Encrypted content filtered easily.

When should I bypass HTTPS Inspection?

The HTTPS inspection Bypass option enables you to define specific websites that are not subject to decryption as they flow through the proxy.

Some websites may include personal identification information that should not be decrypt.

To avoid liability for inspecting this type of information, you may want to specify some or all these sites for decryption bypass.

The selected sites will not be decrypt even if the category or categories that the sites belong to selected for SSL analysis.

What are the benefits of HTTPS inspection in InstaSafe?

Having HTTPS inspection feature some interesting things that you can do with this InstaSafe SWG

You should block access to personal Google accounts.

You should give Read only access to the Facebook, Twitter sites. Users can able to login into their accounts but they cannot able to do post or comment or like or chat.

You should enforce safe search or safety mode-based searches in Google, Bing and Yahoo search engines and also, we can enforce in any websites that are offering safety mode-based search.

You should block images over Google

You should filter text, Images over HTTP, and HTTPS sites

You should allow specified users to access or to login into specified HTTP and HTTPS sites and block others

You should use Virus scanning for both HTTP and HTTPS sites?

You should block attachments to Gmail and Block Gmail Chat

What is an SSL certificate?

SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details.

When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser.

SSL Certificates provide secure, encrypted communications between a website and an internet browser.

SSL stands for Secure Sockets Layer, the protocol which provides the encryption.

SSL Certificates installed on pages that require end-users to submit sensitive information over the internet like credit card details or passwords.

Where can I get an SSL certificate?

You should get SSL certificate on InstaSafe self-service portal at - https://www.InstaSafe.com/

You can generate new self-signed certificate also.

Follow - LINK

Can I use my SSL certificates generated from my Enterprise CA?

Yes, you can use your SSL certificate generated from you Enterprise CA if you have. InstaSafe provides you a facility to use SSL certificate generated from Enterprise CA.

Can I integrate an LDAP service like Microsoft Active Directory or OpenLDAP with InstaSafe?

Yes, you can integrate an LDAP service like Microsoft Active Directory or OpenLDAP with InstaSafe if your network enterprises that many users have, popularly manage user credentials via a centralized system.

Microsoft’s Active Directory, and OpenLDAP based various Directory Services are extremely popular for setting up a centralized user identity management system.

A Web Gateway when integrated to a Directory Service, can:

Authenticate the users, based on their Directory Service Credentials,

Control their access to the web depending upon their enterprise role and hierarchy,

Log and report their activity, in a manner that the HR managers can analyses internet usage individually and of groups of people.

What is InstaSafe SSO Authentication?

InstaSafe SSO authentication is non-interactive authentication process.

InstaSafe SSO Authentication support is particularly useful for Enterprise networks that have a Microsoft AD based Domain controller.

By properly configuring the necessary Kerberos related factors with InstaSafe, your enterprise Internet users can enjoy SSO Authentication.

InstaSafe SSO authentication ensures that your users do not have to manually provide their user credentials as username / password to access your networked enterprise resources and services, yet their access restricted as specified. InstaSafe SSO authentication, thus not only just adds convenience to the overall user experience, but also enhances security.

If my SSO authentication fails is LDAP fail over functionality available in InstaSafe?

If user unable to get access for network enterprise in case, user should not face any problem of authentication because InstaSafe gives you a fantastic functionality known as LDAP fail-over.

If user face any issue while SSO authentication he/she should give LDAP valid credentials i.e. Username and Password.

Once username and password validated user should get access for network enterprise.

When should I bypass authentication?

Certain applications (like Dropbox) which does not support proxy authentication, they want to bypass authentication for that application.

Can I use InstaSafe Captive portal to monitor internet usage traffic?

Yes, you can use InstaSafe captive portal to monitor internet usage traffic.

What is InstaSafe Captive portal?

InstaSafe captive portal is works as same as general captive portal.

Used to enhance security of WIFI network by authenticating users before granting internet access.

Users will receive InstaSafe captive portal landing page when they try to access internet access via WIFI network. Users will punch in credentials.

InstaSafe captive portal validates user credentials using various authentication mechanisms and maintains database of authenticated source IP addresses and usernames for lookup.

If a user from a source IP address authenticated through captive portal, then InstaSafe will pick the username from the database and attach to the traffic coming from the same source IP address

This way InstaSafe captive portal secures WIFI network by only granting access to valid users

Combining InstaSafe Captive Portal with InstaSafe secure web gateway will allow you to monitor internet usage, allow you to filter traffic and do many more things to enhance security levels.

Does InstaSafe supports transparent proxy?

Yes, InstaSafe supports transparent proxy.

InstaSafe support both HTTP and HTTPS websites in transparent mode. The HTTPS websites in transparent mode called as SSL transparent proxy

The traffic will come to router and router will send traffic to InstaSafe Secure web gate way with port 80 and 443 respectively.

The redirection rules on InstaSafe Secure web gateway will redirect traffic to InstaSafe Proxy with port 8080 and 8443 (SSL transparent) respectively (By enabling IP forwarding).

Why should I enable WCCP?

If you are looking for transparent redirection of traffic, Load balance traffic & scaling up or Service assurance & high availability, you should enable WCCP in InstaSafe

Enable WCCP support in routers. This can be done only if your router supports WCCP.

Ex: CISCO ASA routers.

Web Cache Communication Protocol (WCCP) is a Cisco-developed content-routing protocol that provides a mechanism to redirect traffic flows in real-time. It has built-in load balancing, scaling, fault tolerance, and service-assurance (failsafe) mechanisms.

Yes, you can prevents users from accessing Social networking sites using InstaSafe.

If you configured InstaSafe, will block all social networking sites by default.

You can allow those sites for specific time say in between LUNCH hour.

Facebook is a social networking website that allows users to interact with other users in a multimedia environment on the Web. Facebook users can install and use applications to enhance their experience. Many organizations want to allow Facebook access to maintain morale, increase retention, and boost hiring, but they also want to control access to it.

InstaSafe allows you to give full Facebook access to your social media group, partial access to a customer service group, and read-only access to other groups. Access to Facebook can also assigned by time of day, so permissions could relax during lunch or after business hours. For more details follow - LINK

Can I prevent users to upload confidential data?

Yes, you can prevents users from uploading confidential data using InstaSafe.

When you have confidential information in your organization and someone from internal users just leaked the information intentionally or unintentionally, then what will happen? Huge productivity loss.

There are various mediums for data leakage. Users can upload important document to internet, even though your content filtering software does not allow users to upload Microsoft Word and Microsoft XL files, users can act smart and creates an archive using those files and tries to upload achieved files. You cannot simply block archives in your organization because there are people who simply use archive to transfer log files of large sizes.

There are other users who simply take information out of Microsoft Word and Microsoft XL and simply send an Email to third party.

In modern era, these kind of data leaks become a challenge for organizations. Organizations are in a quest for content filtering software’s which can deeply inspect archive files and able to identify whether the archive or emails which contains certain keyword matches.

This challenge is also big for security experts because when there is an upload the post data formation is different for Gmail / Google Drive/ Media fire/ Drobox etc. The wide range of formations of post data made it difficult for security experts to derive concrete solution to these challenges.

But InstaSafe come up with Advanced DLP solution embedded into InstaSafe SWG, which analyses post data, deeply inspect archives using file decomposition methods and able to identify whether archive or emails or social media posts contains certain keyword matches. Based on the match you can take effective actions like block upload if user is so and so or block if the destination website is so and so.

The Advanced DLP solution can managed from InstaSafe Self Service portal there you can create various keyword expression matches. InstaSafe SWG will download those keyword expressions and loads into memory. When an archive uploads or an email write, InstaSafe SWG analyses Post data and transmit it to the Clam AV daemon for Signatures verification. If the keyword expression matches Clam AV daemon responds with match. InstaSafe will take respective action based on match.

Can I prevent users to upload specific file extensions?

Yes you can prevent users from uploading specific file extensions using InstaSafe.

InstaSafe DLP section is nothing but Data Loss Prevention module, used to protect from sending sensitive or critical information outside the corporate network.

It is possible by blocking the specific file types or file extensions based on Content type and extension of file types.

For more information follow - How to block file uploads or downloads

Can I prevent users to use anonymous proxy?

Yes you can prevent users from using anonymous proxy using InstaSafe.

An anonymous proxy will allow users to surf the web anonymously, since it tunnels your data through servers that spread out across the globe and involve other IP addresses.

Anonymous Proxy service enhances your security and lets your users access some restricted websites online.

InstaSafe block these proxies so that no user can access the blocked websites.

For more detail follow – How to block anonymous proxies

Can I prevent users to use their personal Gmail account in company network?

Yes, you can prevent users from using their personal Gmail account in company network using InstaSafe.

Currently e-mails are necessary to exchange information. But allowing personal e-mails in the office network allows users to spend their productive time in other unnecessary things. Personal mails can be also a path leading to send confidential information. Blocking personal mails, solves the issue. But now some of the company mails are via Google Corporate domains.

Google corporate account allows organization to have their mailing server along with the additional Gmail features personalized for the organization with complete control. So, we currently cannot block Gmail.

InstaSafe restrict specific users from login over Facebook or Gmail.

Except selected users all can able to login into Facebook or Gmail.

Does InstaSafe protect network against Malware and External Attacks?

InstaSafe protect network against Malware and External attacks. There are numerous ways to protect and remove malware from our computers.No one method is enough to ensure your computer is secure. The more layers of Défense, the harder for hackers to use your computer.

InstaSafe block the cookies for third-party domains.

Control tracking your activity across different sites and hide the referrer for third-party domains. InstaSafe provides you a great functionality. Now referrer is same as hostname.

You can also hide the user agents for third-party domains, instead of original user agent. InstaSafe use default user agent (Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)).

For more details - How to block third party cookies

Where should I get InstaSafe default policies?

You should get InstaSafe default policies and it's respective how to on "How To" section of http://docs.InstaSafe.com

Should I get performance plot in InstaSafe?

You should get performance plot on support page of InstaSafe Web GUI. You can generate performance plot as per your choice. InstaSafe gives you choice according to Last hour, last 7 days, last month, today InstaSafe also gives you choice to select custom time.

Should I get support tarball in InstaSafe?

You should get support tar-ball on support page of InstaSafe Web GUI. You can generate new support tar-ball. You can search support tar-ball from existing list according to year, month, day, or time

Should I download my config file?

You should download your config file any time. InstaSafe gives you choice to download config file according to year, month, day, or time. InstaSafe also gives you choice to download default config file in case you should have to revert the config file.

Is InstaSafe provide dashboard for reporting?

InstaSafe provide dashboard which contain details of last 1000 transactions. InstaSafe dashboard provides Ip address, Users, User groups, websites domains, profiles, application signature, categories, upload content, download content, User can edit total number of transactions as per the requirement for report. User also gets report based on date range. Use can select any number of filtering option.

Should I get report in PDF format?

InstaSafe reporting model gives you exportable reports to PDF and Excel formats. To get report you have to access InstaSafe interface and click on Reports > Dashboard. At right bottom you should get PDF button just above the InstaSafe version.

Can I get report of specific dates?

Yes, InstaSafe has reporting model. InstaSafe reporting model reduced data Processing time. InstaSafe reporting model gives you more detailed reports. InstaSafe reporting model gives you hour-wise reports. InstaSafe reporting model gives you more filtering options. InstaSafe reporting model gives you deeper data analysis. InstaSafe reporting model gives you an automated data mining engine. InstaSafe reporting model gives you exportable reports to PDF and Excel formats. My InstaSafe becomes very slow after it has been running for some time? Why?

How does InstaSafe licensing work?

InstaSafe SWG is available with annual subscription. Base Subscription Plans

You may choose any one of the following Base Subscription plans:

Named Users

Concurrent Connections

CPU Hours

Named Users, and Concurrent Connection based subscriptions are annual subscriptions. You may however purchase for multiple consecutive years.

Premium Features Subscription

Data Leakage Prevention

Support for Roaming (Windows Laptop) users

Log Aggregator

WCCP

For more details Follow - InstaSafe licensing

How do I purchase InstaSafe secure web gateway?

You can opt for InstaSafe SWG subscription by paying online via PayPal or via Wire / Bank Transfer.

What happens if I stop paying InstaSafe for my subscription(s)?

As InstaSafe SWG is available as annual subscription, if you do not renew your subscription the product will stop working.

InstaSafe Secure Web Gateway

Instasafe — Thu, 25 Jul 2024 07:12:55 GMT

InstaSafe Cloud Web Security provides users with a safe and secure Internet access experience, protected from threats and malware. Now IT Security organizations can now instantly create and deploy, without the need for any hardware or software to buy with no maintenance or upgrade.

There are many advantages of InstaSafe Cloud Web Security (CWS). InstaSafe provides your organization with a versatile and flexible Web security platform – enabling you to protect your users anywhere and on any Web-capable device. As a
hosted solution, InstaSafe enables considerable advantages over traditional in-house security solutions:

Instant Deployment – connect to the service and you’re immediately up and running.
No Upfront Expenditure – no need to purchase capital and no obsolete hardware.
Predictable Costs To Suit Any Organization – InstaSafe CWS has
a subscription fee, instead of upfront costs, making security affordable to organizations of all sizes.
Enterprise-Class Security – you gain the benefit of top email and Web security infrastructure thanks to economies of scale.
The Experts Work For You – your email traffic is managed 24/7 by Internet security experts and modelled against other networks to detect traffic anomalies.
Save Bandwidth And Resources – control access to bandwidth heavy sites and applications such as YouTube which our research has shown to consume 75%-90% of most typical organization’s bandwidth.
Strength In Numbers – you gain the shared benefits of being part of
a larger security community.
Zero Administration - No tedious upgrades, no maintenance requirements; you always have the latest and best protection.

InstaSafe Web Security enables comprehensive security yet is simple
and easy to use. Our services target a range of Web-based threats and
security concerns.

InstaSafe Cloud Web Security - Block Diagram

Key Features of InstaSafe Cloud Web Security Includes

Mobile Security – InstaSafe Web Security is cloud- based, protection and policies can be applied to your users anywhere and on any device, in
the office, on the road or at home / on a laptop or workstation.
URL Filtering – utilizing a layered approach, the service employs the latest
range of Web filtering technologies including real-time content analysis and behavioral modelling in conjunction with over 50 constantly updated categories of millions of websites to enable you to control access to related Web content.
Anti-Virus & Malware – the service incorporates traditional anti-virus technology, sophisticated dynamic anomaly detection and behavioral modelling systems to protect your organization from viruses, botnets, spyware, browser exploits and other Web 2.0 threats.
Application Control – gain control over popular Web 2.0 applications such as Social Networking, Streaming Media and Web-based messaging.
Bandwidth Control – manage your Internet bandwidth consumption and control unnecessary or non-business use. With flexible, policy-based control you can place restrictions on specific users or at particular times of day when you need to ensure you are getting the most from your bandwidth.
Inbound & Outbound Policy Compliance – actively monitor your
acceptable use policies and ensure appropriate use of Web resources, block inappropriate conduct and prohibited content which could potentially create legal liability risk and ensure a safe and productive workplace for your employees.
Security & Compliance Reporting – access useful and easy to understand reports on your Internet activity and threats. Graphical summaries are provided as well as in-depth reports to help you investigate specific events or user activity. You can run reports by site, category, user, and bandwidth and by
threat type across a wide range of time periods.
Directory Synchronization – InstaSafe provides automated user account directory synchronization to streamline administration and save you time and
effort. InstaSafe supports all common directory formats including Active Directory and LDAP.

InstaSafe Cloud Web Security Features and Capabilities

Advantages of InstaSafe Cloud Web Security

Malware Protection: Malware are the bane of any organisation with the potential to wreak havoc in your infrastructure. InstaSafe CWS works on
sophisticated algorithms to dynamically detect any anomalies, inspect the files and model traffic over the net to protect your organisation from viruses, botnets, spyware, browser exploits and other advanced threats.
Off- Network Protection: With an increase in remote mobile workers accessing from different parts of the globe on open networks, it is imperative to secure the users and devices beyond the network perimeter. Instasafe CWS offers complete security for all users and their devices outside of the perimeter in a simplest and cost effective manner.
Compliance Enforcement: Compliance to corporate browsing policy is essential to ensure a productive workforce. With Instasafe CWS, it becomes extremely simple and easy to not just define and enforce content and browsing user policies but also get alerts on non compliance and ability to do forensic compliance analysis.
Data Leakage Prevention: Unintentional data leakage of confidential information is the weakest link in an organisation’s security. Instasafe CWS helps you with policies to control sharing of confidential information over the
network thereby helping you with compliance to data security regulations and policies.

Benefits of InstaSafe Cloud Web Security

Plug and Play: Connect to the service in just 5 steps. Instantly up and running
No Capex, Only Opex: No upfront investment in expensive or obsolete hardware
Predictable Costs: Pay-as-you-grow. InstaSafe CWS is a subscription based service so you exactly know how much to pay and when.
Enterprise Class Security: Economies of scale coupled with top class security initiatives irrespective of organization size.
Cost Savings: Save on bandwidth by controlling access to heavy sites and applications like Youtube and streaming apps which consume 70% -90% of your bandwidth
Zero Administration: No Upgrades. No patches. No maintenance. Just connect and stay updated with the latest at all times
Expert Involvement: 24/7 email traffic management by security experts constantly modelled against other networks to detect anamolies.

Customer Testimonial

"InstaSafe Cloud based Web Security is the simplest and most cost effective way to protect my data and devices from digital threats, whether on-network or off" - Satyajit Sarkar, GM IT, DTDC Cargo and Courier

Website Traffic Filtering

Instasafe — Wed, 24 Jul 2024 09:33:38 GMT

Overview

In today's interconnected world, managing and controlling web traffic is crucial for maintaining a secure and productive environment. Our Secure Web Gateway (SWG) solution includes advanced Website Traffic Filtering capabilities to help you monitor, filter, and control the websites accessible through your network. Protect your organization from malicious content, enhance productivity, and ensure compliance with our robust and flexible traffic filtering tools.

Key Features

1. Comprehensive Web Filtering

Category-Based Filtering: Block or allow websites based on predefined categories such as social media, gambling, adult content, and more.
Custom URL Filtering: Create custom lists of allowed or blocked websites tailored to your organization’s needs.

2. Real-Time Threat Protection

Malware and Phishing Blocking: Automatically block websites known to host malware, phishing attacks, and other cyber threats.
Dynamic Analysis: Analyze web content in real-time to detect and block newly emerging threats.

3. Granular Control

User and Group Policies: Set different web filtering rules for various user groups or individual users based on their roles and needs.
Time-Based Access Control: Schedule access to specific websites or categories during certain hours to enhance productivity.

4. SSL Inspection

Encrypted Traffic Monitoring: Inspect and filter HTTPS traffic to ensure that encrypted connections do not bypass your security measures.
Compliance with Privacy Standards: Maintain compliance with privacy regulations while inspecting SSL traffic.

5. Detailed Reporting and Analytics

Usage Reports: Generate comprehensive reports on web usage patterns, blocked sites, and policy violations.
Real-Time Alerts: Receive instant notifications about attempts to access blocked content or other suspicious activities.

6. Easy Integration

Seamless Deployment: Integrate easily with your existing network infrastructure and security tools.
Scalable Solution: Adaptable to businesses of all sizes, from small offices to large enterprises.

Benefits

1. Enhanced Security

Protect Against Threats: Shield your network from malicious websites, phishing attacks, and other cyber threats.
Reduce Attack Surface: Minimize the risk of security breaches by controlling access to harmful websites.

2. Improved Productivity

Eliminate Distractions: Block access to non-work-related websites to keep employees focused on their tasks.
Optimize Bandwidth: Conserve bandwidth by restricting access to high-bandwidth sites that are not essential for business operations.

3. Compliance and Control

Regulatory Compliance: Ensure adherence to industry regulations and internal policies by controlling web access.
Enforce Acceptable Use Policies: Implement and enforce acceptable use policies to maintain a professional and secure online environment.

4. Insightful Analytics

Understand Usage Patterns: Gain insights into web usage within your organization to make informed decisions.
Identify Trends: Detect trends and potential issues early with detailed analytics and reports.

Use Cases

1. Corporate Offices

Implement web filtering to maintain a secure and productive work environment.
Ensure that employees adhere to acceptable use policies and focus on work-related activities.

2. Educational Institutions

Protect students from inappropriate content and online threats.
Manage bandwidth usage to prioritize educational resources and tools.

3. Healthcare Organizations

Secure patient data by controlling access to potentially harmful websites.
Comply with healthcare regulations and protect sensitive information.

4. Government Agencies

Enforce strict web access policies to protect sensitive data and maintain security.
Ensure compliance with governmental regulations and standards.

Why Choose Our Secure Web Gateway with Website Traffic Filtering?

Advanced Filtering Technology: Our solution uses cutting-edge technology to provide robust and accurate web filtering.
User-Friendly Interface: Easy to configure and manage with an intuitive user interface.
Reliable Support: Our dedicated support team is always available to help you get the most out of our solution.

Get Started Today!

Enhance your network security and productivity with our Secure Web Gateway and Website Traffic Filtering solution. Contact us to schedule a demo or to speak with one of our experts about how we can help you achieve your security goals.

Data Loss Prevention

Instasafe — Wed, 24 Jul 2024 09:29:44 GMT

Overview

In an era where data breaches and leaks are increasingly common, protecting sensitive information has become a critical priority for businesses. Our Secure Web Gateway (SWG) solution includes robust Data Loss Prevention (DLP) capabilities to help you safeguard your organization's data. With our advanced DLP features, you can prevent unauthorized data transfers, ensure regulatory compliance, and protect your intellectual property from cyber threats.

Key Features

1. Comprehensive Data Monitoring

Real-Time Detection: Monitor all data transfers in real-time to detect potential data breaches immediately.
Detailed Analytics: Access detailed reports and analytics to understand data flow and identify vulnerabilities.

2. Content Inspection

Deep Content Analysis: Inspect content within emails, web traffic, and file transfers to detect sensitive information.
Pattern Recognition: Utilize advanced pattern recognition to identify and protect sensitive data such as credit card numbers, social security numbers, and proprietary business information.

3. Policy Enforcement

Customizable Policies: Create and enforce data protection policies based on specific needs and compliance requirements.
Automated Responses: Configure automated actions, such as blocking or encrypting data transfers, when policy violations are detected.

4. Data Encryption

Secure Transfers: Ensure that data is encrypted during transmission to protect it from interception.
Endpoint Encryption: Extend encryption to endpoints to secure data stored on devices.

5. User and Role Management

Role-Based Access Control: Define and manage user roles to ensure that only authorized personnel can access sensitive data.
Activity Logging: Maintain comprehensive logs of user activities to track data access and prevent unauthorized actions.

6. Regulatory Compliance

Compliance Templates: Use predefined templates to quickly comply with industry regulations such as GDPR, HIPAA, and PCI-DSS.
Audit Support: Generate compliance reports to support audits and demonstrate adherence to regulatory standards.

Benefits

1. Prevent Data Breaches

Proactive Protection: Identify and mitigate risks before data breaches occur.
Comprehensive Coverage: Protect data across all channels, including email, web, and cloud services.

2. Ensure Regulatory Compliance

Stay Compliant: Meet industry-specific regulatory requirements and avoid costly fines.
Streamline Audits: Simplify audit processes with detailed compliance reports and logs.

3. Protect Intellectual Property

Safeguard Assets: Prevent unauthorized access to and sharing of proprietary business information.
Maintain Competitive Edge: Secure intellectual property to maintain your organization's competitive advantage.

4. Enhance Data Security

End-to-End Encryption: Secure data from the point of creation to its final destination.
User Awareness: Educate users on data security policies and best practices to foster a culture of security.

Use Cases

1. Financial Services

Protect customer financial data from unauthorized access and ensure compliance with financial regulations.
Monitor and control data transfers to prevent insider threats and data leaks.

2. Healthcare

Secure patient records and comply with HIPAA and other healthcare regulations.
Prevent unauthorized sharing of sensitive medical information.

3. Manufacturing

Protect proprietary manufacturing processes and intellectual property.
Ensure that trade secrets and confidential information are not leaked.

4. Education

Safeguard student records and personal information.
Ensure compliance with education-specific data protection regulations.

Why Choose Our Secure Web Gateway with DLP?

Integrated Solution: Combines advanced data loss prevention with robust web security features.
Scalable and Flexible: Adapts to the needs of businesses of all sizes and industries.
Expert Support: Our dedicated support team is always available to assist with deployment, management, and optimization.

Get Started Today!

Protect your sensitive data with our Secure Web Gateway and Data Loss Prevention solution. Contact us to schedule a demo or to speak with one of our experts about how we can help safeguard your organization’s information.

Internet Access Control

Instasafe — Wed, 24 Jul 2024 08:36:57 GMT

Overview

In today's digital age, managing and securing internet access is more critical than ever. Our Internet Access Control solution provides businesses with the tools they need to monitor, manage, and secure internet usage across their networks. Ensure productivity, enhance security, and maintain compliance with our comprehensive and easy-to-use platform.

Key Features

1. Comprehensive Monitoring

Real-Time Tracking: Monitor internet activity in real-time across all connected devices.
Detailed Reports: Generate detailed reports on internet usage patterns, helping you understand and optimize network traffic.

2. Advanced Filtering

Content Filtering: Block inappropriate or non-work-related websites with customizable content filters.
Keyword Blocking: Prevent access to sites containing specific keywords to ensure compliance with company policies.

3. User-Based Controls

Customizable Policies: Set internet access policies based on user roles, departments, or individual employees.
Time-Based Restrictions: Schedule internet access restrictions to ensure focus during work hours and reduce bandwidth usage.

4. Enhanced Security

Threat Detection: Identify and block malicious websites and potential cyber threats in real-time.
SSL Inspection: Inspect encrypted traffic to ensure no threats are hidden behind secure connections.

5. Data Protection

Data Loss Prevention: Prevent sensitive data from being transmitted to unauthorized websites.
Audit Logs: Maintain detailed logs of internet activity for compliance and auditing purposes.

Benefits

1. Boost Productivity

Eliminate Distractions: By blocking non-work-related websites, employees can focus better on their tasks.
Optimize Bandwidth: Ensure that valuable bandwidth is reserved for business-critical applications.

2. Enhance Security

Protect Against Threats: Shield your network from malware, phishing, and other cyber threats.
Secure Data: Prevent data breaches and ensure sensitive information stays within the organization.

3. Ensure Compliance

Regulatory Adherence: Meet industry-specific regulations by controlling and monitoring internet access.
Policy Enforcement: Automatically enforce company internet usage policies.

4. Gain Insights

Usage Analytics: Gain valuable insights into internet usage patterns to make informed decisions.
Employee Behavior: Understand employee behavior online to create better internet usage policies.

Use Cases

1. Corporate Offices

Manage internet access for large teams, ensuring productivity and security.
Enforce company policies across various departments and roles.

2. Educational Institutions

Protect students from inappropriate content and cyber threats.
Manage bandwidth usage to ensure smooth operation of educational tools and resources.

3. Healthcare Providers

Ensure compliance with data protection regulations.
Secure patient data by controlling internet access points.

4. Financial Services

Protect sensitive financial data from cyber threats.
Ensure compliance with stringent industry regulations.

Secure Access for Salesforce

Instasafe — Tue, 11 Jun 2024 09:33:39 GMT

Salesforce is a powerful Customer Relationship Management (CRM) platform that many businesses rely on for managing their sales, customer service, and marketing operations. Given its critical role in storing and processing sensitive customer data, ensuring secure access to your Salesforce application is essential. This article explores various methods to enhance the security of your Salesforce environment, focusing on Single Sign-On (SSO), Multi-Factor Authentication (MFA), and other best practices to safeguard your data.

Introduction to Salesforce Security

Securing your Salesforce application involves implementing multiple layers of protection. These layers include managing user access, configuring network security, enabling logging and monitoring, and integrating with security tools. Let's delve into these strategies to enhance the security of your Salesforce environment.

1. Managing User Access

a. Use Strong Password Policies

Implementing strong password policies is the first step in securing user accounts. Ensure all users follow best practices for password creation:

Use a mix of upper and lower case letters, numbers, and special characters.
Avoid common passwords and patterns.
Change passwords regularly and avoid reuse.

b. Enable Two-Factor Authentication (2FA)

Two-Factor Authentication adds an additional layer of security by requiring users to provide a second form of verification. Salesforce supports 2FA through various methods such as SMS, authenticator apps, and hardware tokens.

c. Implement Role-Based Access Control (RBAC)

Salesforce's RBAC allows you to assign roles to users based on their responsibilities. By limiting access to certain functionalities, you can minimize the risk of unauthorized actions:

Standard User: Can access and use the applications they are assigned.
System Administrator: Can manage application settings and user permissions.

2. Configuring Network Security

a. Restrict IP Access

Restricting IP access ensures that only trusted networks can access your Salesforce instance. Configure firewall rules to allow traffic only from known IP addresses and block others.

b. Use HTTPS

Always use HTTPS to encrypt data in transit. This ensures that sensitive information, such as login credentials and API tokens, is not intercepted by unauthorized parties. Obtain an SSL certificate from a trusted Certificate Authority (CA) and configure your Salesforce instance to use it.

3. Enabling Logging and Monitoring

a. Enable Auditing

Auditing logs are crucial for tracking and investigating security incidents. Salesforce provides auditing features to log important events such as login attempts, changes to user permissions, and modifications to critical settings.

b. Monitor User Activity

Monitoring user activity helps in identifying unusual or unauthorized actions. Implement monitoring tools that provide insights into user behavior and alert you to potential security threats.

4. Integrating with InstaSafe for Enhanced Security

a. Single Sign-On (SSO)

InstaSafe Secure Access enables seamless and one-click access to Salesforce applications using Single Sign-On. With SSO, users authenticate once and gain access to multiple applications without needing to sign in repeatedly. This not only enhances user convenience but also improves security by reducing the risk of password fatigue.

b. Multi-Factor Authentication (MFA)

MFA provides an additional layer of security by requiring users to verify their identity through multiple methods such as OTP, T-OTP, push notifications, biometric verifications, or hardware tokens. This reduces the risk of unauthorized access due to compromised passwords.

c. Device Authentication

InstaSafe ensures that only authorized and compliant devices can access your Salesforce instance. By enforcing device authentication, you significantly reduce the chances of data breaches and ensure that only the right users with the right devices are accessing your application.

Benefits of InstaSafe Secure Access for Salesforce

1. Granular Access Controls

InstaSafe allows you to provision users or user groups based on their roles, determining who can access specific applications. This granular control enhances security by ensuring that only authorized personnel can access sensitive information.

2. Complete Visibility

Gain complete visibility of user activity with InstaSafe’s detailed insights. This visibility helps in monitoring user behavior, detecting anomalies, and improving overall security posture.

3. Enhanced Security with Seamless User Experience

By integrating MFA and SSO, InstaSafe provides an enhanced security layer while maintaining a seamless user experience. Users enjoy easy access without compromising on security.

4. Easy to Deploy

InstaSafe Secure Access can be set up in minutes, making it easy to get started. The straightforward deployment process ensures that your Salesforce instance is quickly secured without extensive configuration.

Step by Step Guide for configuring Salesforce with Single Sign On using SAML

Login to the Instasafe Admin Console with valid credentials.
Go to the IDP/ Identity provider section in Identity Management.

In choose IDP, select the application type as SAML.

Enter IDP Name as Salesforce.

Enter the SP Entity ID or Issuer
Enter the ACS URL
Exchange SAML metadata between Salesforce and ZTAA to establish the trust relationship.

In the Attribute Mapping tab configure the following attributes as shown in the image below.

Salesforce Application Set Up In Instasafe console

In the Instasafe admin console.
Go to applications in perimeter management.
Create the Salesforce application and add the logo if needed.

Create the application.

Set up the Access policy for the application access

In the access policy create an policy for Salesforce access
Enter the policy name
Choose the expiry date as per requirement.
Click on the next button

Click on the add button and add the user or user group to whom you want to give access to the Salesforce application.

Add the salesforce application

Save the access policy

Test SSO and Conditional Access:
- Verify that users can successfully authenticate to Salesforce using SSO via ZTAA.

Conclusion

Securing your Salesforce application is crucial to protecting your customer data and maintaining the integrity of your workflows. By implementing strong user access controls, network security measures, and leveraging InstaSafe’s Secure Access solution with SSO and MFA, you can ensure that your Salesforce instance remains secure, user-friendly, and protected from potential threats.

Secure Access for Zoho

Instasafe — Tue, 11 Jun 2024 09:30:55 GMT

Zoho offers a comprehensive suite of online productivity tools and SaaS applications for businesses of all sizes. As organizations rely more on Zoho for their operational needs, securing access to these applications becomes increasingly important. This article explores various methods to enhance the security of your Zoho environment, focusing on Single Sign-On (SSO), Multi-Factor Authentication (MFA), and other best practices to protect your data.

Introduction to Zoho Security

Securing your Zoho application involves multiple layers of protection. These include managing user access, configuring network security, enabling logging and monitoring, and integrating with security tools. Let's explore these strategies to enhance the security of your Zoho environment.

1. Managing User Access

a. Use Strong Password Policies

Implementing strong password policies is the first step in securing user accounts. Ensure all users follow best practices for password creation:

Use a mix of upper and lower case letters, numbers, and special characters.
Avoid common passwords and patterns.
Change passwords regularly and avoid reuse.

b. Enable Two-Factor Authentication (2FA)

Two-Factor Authentication adds an additional layer of security by requiring users to provide a second form of verification. Zoho supports 2FA through various methods such as SMS, authenticator apps, and hardware tokens.

c. Implement Role-Based Access Control (RBAC)

Zoho's RBAC allows you to assign roles to users based on their responsibilities. By limiting access to certain functionalities, you can minimize the risk of unauthorized actions:

User: Can access and use the applications they are assigned.
Admin: Can manage application settings and user permissions.

2. Configuring SAML in Zoho Accounts

To create a SAML connection between Zoho and InstaSafe, you will need to provide some details from Zoho to your InstaSafe, and vice versa. You can get Zoho's details from the Zoho metadata and provide them to your InstaSafe IdP while configuring SAML. Similarly, you will need to get the required details from your InstaSafe IdP to configure SAML in Zoho.

SAML configuration in Zoho

For detailed documentation, please refer this LINK

3. Enabling Logging and Monitoring

a. Enable Auditing

Auditing logs are crucial for tracking and investigating security incidents. Zoho provides auditing features to log important events such as login attempts, changes to user permissions, and modifications to critical settings.

b. Monitor User Activity

Monitoring user activity helps in identifying unusual or unauthorized actions. Implement monitoring tools that provide insights into user behavior and alert you to potential security threats.

4. Integrating with InstaSafe for Enhanced Security

a. Single Sign-On (SSO)

InstaSafe Secure Access enables seamless and one-click access to Zoho applications using Single Sign-On. With SSO, users authenticate once and gain access to multiple applications without needing to sign in repeatedly. This not only enhances user convenience but also improves security by reducing the risk of password fatigue.

b. Multi-Factor Authentication (MFA)

c. Device Authentication

InstaSafe ensures that only authorized and compliant devices can access your Zoho instance. By enforcing device authentication, you significantly reduce the chances of data breaches and ensure that only the right users with the right devices are accessing your application.

Single Sign On Portal for Zoho Applications

Benefits of InstaSafe Secure Access for Zoho

1. Granular Access Controls

2. Complete Visibility

Gain complete visibility of user activity with InstaSafe’s detailed insights. This visibility helps in monitoring user behavior, detecting anomalies, and improving overall security posture.

3. Enhanced Security with Seamless User Experience

By integrating MFA and SSO, InstaSafe provides an enhanced security layer while maintaining a seamless user experience. Users enjoy easy access without compromising on security.

4. Easy to Deploy

InstaSafe Secure Access can be set up in minutes, making it easy to get started. The straightforward deployment process ensures that your Zoho instance is quickly secured without extensive configuration.

Step by Step Guide for configuring Zoho Single Sign On (SSO)

Prerequisites

If you're already a Zoho One user, proceed to the next point. If you haven't signed up yet, log in to Zoho One and complete the registration. Registering with Zoho One is necessary to enable Single Sign-On (SSO) configurations in Zoho Accounts.
Login to Zoho Account.
In the left panel, under Organization, click SAML Authentication.
Click Download Metadata. A file named "zohometadata.xml" will be downloaded. (Will be required later)

Configure Zoho in Instasafe:

Login to the Instasafe Admin Console.
Go to the IDP section in Identity management.

In choose IDP, select the application type as SAML.

Enter the IDP name as zoho

Enter the SP Entity ID or Issuer
Enter the ACS URL : Enter the IDP entity ID
Click on Next to proceed further.

In the Attribute Mapping tab configure the following attributes as shown in the image below.

Application set up in InstaSafe console

In the Instasafe admin console.
Go to applications in perimeter management.
Create the Zoho application and add the logo if needed.

Set up the Access policy for the application access

In the access policy create an policy for Zoho access
Enter the policy name
Choose the expiry date as per requirement.
Click on the next button

Click on the add button and add the user or user group to whom you want to give access to the Zoho application.

Add the zoho application

Save the access policy

Configure Single Sign-on (SSO) in Zoho Admin Account

Go to the Zoho Account, in the side navigation go to Organisation > SAML Authentication and click on Set up Now.

In the SAML Authentication popup, enter the SAML Login URL in Sign-in URL field and SAML Logout URL in Sign Out URL field.
In X.509 Certificate field, upload the certificate file downloaded in the previous step.

Click Submit. Instasafe as an IDP is configured successfully.

Test SSO Configuration

Try signing in to a Zoho application (for example, Zoho CRM) using a user present in the Zoho.

After entering the Email Address registered in Zoho, the user will be redirected to the user store for authentication in the Instasafe portal. If the user is authenticated successfully, they will be redirected back to the Zoho application as a logged-in user.

Conclusion

Securing your Zoho application is crucial to protecting your business data and maintaining the integrity of your workflows. By implementing strong user access controls, network security measures, and leveraging InstaSafe’s Secure Access solution with SSO and MFA, you can ensure that your Zoho instance remains secure, user-friendly, and protected from potential threats.

Secure Access for GitHub

Instasafe — Tue, 11 Jun 2024 09:28:24 GMT

GitHub has become an essential tool for developers and organizations worldwide, providing a platform for collaboration, code sharing, and project management. Given its critical role, securing access to your GitHub repositories is paramount. This article explores various methods to enhance the security of your GitHub environment, emphasizing Single Sign-On (SSO), Multi-Factor Authentication (MFA), and other best practices to safeguard your code and data.

Introduction to GitHub Security

Securing your GitHub application involves implementing several layers of protection. These include managing user access, configuring network security, enabling logging and monitoring, and integrating with security tools. Let's delve into these strategies to enhance the security of your GitHub environment.

1. Managing User Access

a. Use Strong Password Policies

Implementing strong password policies is the first step in securing user accounts. Ensure all users follow best practices for password creation:

Use a mix of upper and lower case letters, numbers, and special characters.
Avoid common passwords and patterns.
Change passwords regularly and avoid reuse.

b. Enable Two-Factor Authentication (2FA)

Two-Factor Authentication adds an additional layer of security by requiring users to provide a second form of verification. GitHub supports 2FA through various methods such as SMS, authenticator apps, and hardware tokens.

c. Implement Role-Based Access Control (RBAC)

GitHub's RBAC allows you to assign roles to users based on their responsibilities. By limiting access to certain functionalities, you can minimize the risk of unauthorized actions:

Read: Can view the repository.
Write: Can push to the repository.
Admin: Can manage repository settings and user permissions.

2. Configuring SAML single sign-on for your enterprise

Enterprise owners can enable SAML SSO and centralized authentication through a SAML IdP across all organizations owned by an enterprise account. After enabling SAML SSO for enterprise account, SAML SSO is enforced for all organizations owned by enterprise account. All members will be required to authenticate using SAML SSO to gain access to the organizations where they are a member, and enterprise owners will be required to authenticate using SAML SSO when accessing an enterprise account.

To access each organization's resources on GitHub Enterprise Cloud, the member must have an active SAML session in their browser. To access each organization's protected resources using the API and Git, the member must use a personal access token or SSH key that the member has authorized for use with the organization. Enterprise owners can view and revoke a member's linked identity, active sessions, or authorized credentials at any time.

For detailed configuration, please refer this LINK

Prerequisites

GitHub Administrator account is required to do the configuration and setup SAML Single Sign-on (SSO)
GitHub Enterprise Gold plan is required. Other GitHub plans like Developer or Team do not support SAML Single Sign-on (SSO)
Note - Make sure you do not enable SSO for all users before testing and getting the Single Sign-on (SSO) recover codes from GitHub

Github enterprise edition

GitHub Enterprise Edition offers enhanced security with advanced vulnerability scanning and compliance tools, including the exclusive option of single sign-on (SSO). It supports large-scale operations with robust infrastructure and customizable workflows. Enterprises benefit from dedicated support and guaranteed service-level agreements (SLAs). Collaboration is improved through advanced code review and project management tools, and flexible deployment options include cloud-hosted, self-hosted, and hybrid setups.

Github Single sign-on (sso)

GitHub SAML Single Sign-On (SSO) for enterprise cloud solution by Instasafe provides secure Single Sign-On access to GitHub & multiple On-Premise and Cloud Applications using a single set of login credentials. With Instasafe IDP service you can SSO login to multiple applications using a single Github username and password. Github Single Sign-On (SSO) can also be enabled if your users are in any of the third-party Identity Providers and you want your users to log into Github using existing IdP credentials, you can easily allow them to SSO into Github in a secure manner.

With Instasafe github SSO, you can

Enable your users to automatically login to Github
Have centralized and easy access control of the users
Connect easily with any external identity source like Azure AD, LDAP.

Supported SSO features

Instasafe Github SAML integration supports the following features:

SP Initiated SSO Login: Users can access their Github account via a URL or bookmark. They will automatically be redirected to the Instasafe portal for login. Once they've signed on, they'll be automatically redirected and logged into Github.
IdP Initiated SSO Login: Users need to login to the Instasafe first , and then click on the Github icon on the applications dashboard to access Github.

Step-by-step guide given below for GitHub SAML Single Sign-On (SSO) for your organization

Configure github in Instasafe:

Login to the Instasafe Admin Console.
Go to the IDP section in Identity management.

In choose IDP, select the application type as SAML.

Enter IDP Name as GitHub.

Enter the SP Entity ID or Issuer : https://github.com/enterprises/
Enter the ACS URL : https://github.com/enterprises//saml/consume
Enter the IDP entity ID
Click on Next to proceed further.

In the Attribute Mapping tab configure the following attributes as shown in the image below.

Application set up in Instasafe console

In the instasafe admin console.
Go to applications in perimeter management.
Create the github application and add the logo if needed.

Set up the Access policy for the application access

In the access policy create an policy for github access
Enter the policy name
Choose the expiry date as per requirement.
Click on the next button

Click on the add button and add the user or user group to whom you want to give access to the github application.

Add the github application.

Save the access policy

Configure SSO in github enterprise

Navigate to the top right corner of GitHub.
Click your profile photo >> then click your Enterprises.

In the Enterprises account sidebar, click on Settings >> Authentication security.
Under SAML single sign-on, enable the checkbox Require SAML authentication.

Enter the required details.

Sign on URL	Enter the SAML Login URLs for single sign-on requests.
Issuer	Enter the IdP Entity ID or Issuer. This verifies the authenticity of sent messages.
Publi certificate	Paste the X.509 Certificate to verify SAML responses

Under public certificate, to the right of the current signature and digest methods, click on edit.

Select the Signature Method and Digest Method from the dropdown, then click the hashing algorithm used by your SAML issuer.
Before saving SAML SSO for your enterprise, click Test SAML configuration to ensure that the information you've entered is correct.

Click Save SAML settings.

3. Enabling Logging and Monitoring

a. Enable Auditing

Auditing logs are crucial for tracking and investigating security incidents. GitHub provides auditing features to log important events such as login attempts, changes to user permissions, and modifications to critical settings.

b. Monitor User Activity

Monitoring user activity helps in identifying unusual or unauthorized actions. Implement monitoring tools that provide insights into user behavior and alert you to potential security threats.

4. Integrating with InstaSafe for Enhanced Security

a. Single Sign-On (SSO)

InstaSafe Secure Access enables seamless and one-click access to GitHub applications using Single Sign-On. With SSO, users authenticate once and gain access to multiple applications without needing to sign in repeatedly. This not only enhances user convenience but also improves security by reducing the risk of password fatigue.

b. Multi-Factor Authentication (MFA)

c. Device Authentication

InstaSafe ensures that only authorized and compliant devices can access your GitHub instance. By enforcing device authentication, you significantly reduce the chances of data breaches and ensure that only the right users with the right devices are accessing your application.

Benefits of InstaSafe Secure Access for GitHub

1. Granular Access Controls

2. Complete Visibility

Gain complete visibility of user activity with InstaSafe’s detailed insights. This visibility helps in monitoring user behavior, detecting anomalies, and improving overall security posture.

3. Enhanced Security with Seamless User Experience

By integrating MFA and SSO, InstaSafe provides an enhanced security layer while maintaining a seamless user experience. Users enjoy easy access without compromising on security.

4. Easy to Deploy

InstaSafe Secure Access can be set up in minutes, making it easy to get started. The straightforward deployment process ensures that your GitHub instance is quickly secured without extensive configuration.

Conclusion

Securing your GitHub application is crucial to protecting your code and sensitive information. By implementing strong user access controls, network security measures, and leveraging InstaSafe’s Secure Access solution with SSO and MFA, you can ensure that your GitHub instance remains secure, user-friendly, and protected from potential threats.

Secure Access for Jira

Instasafe — Tue, 11 Jun 2024 09:20:21 GMT

With InstaSafe, enterprises can now provide users with secure access to Jira using InstaSafe Single Sign On (SSO) and Multi Factor Authentication (MFA)

As organizations increasingly rely on Jira for project management and issue tracking, ensuring the security of this critical application becomes paramount. This article explores various methods to secure access to your Jira instance, emphasizing Single Sign-On (SSO), Multi-Factor Authentication (MFA), and other best practices to safeguard your data.

Introduction to Jira Security

Securing your Jira application involves implementing several layers of protection. These include managing user access, configuring network security, enabling logging and monitoring, and integrating with security tools. Let's delve into these strategies to enhance the security of your Jira environment.

1. Managing User Access

a. Use Strong Password Policies

Implementing strong password policies is the first step in securing user accounts. Ensure all users follow best practices for password creation:

Use a mix of upper and lower case letters, numbers, and special characters.
Avoid common passwords and patterns.
Change passwords regularly and avoid reuse.

b. Enable Two-Factor Authentication (2FA)

Two-Factor Authentication adds an additional layer of security by requiring users to provide a second form of verification. Jira supports 2FA through various methods such as SMS, authenticator apps, and hardware tokens.

c. Implement Role-Based Access Control (RBAC)

Jira's RBAC allows you to assign roles to users based on their responsibilities. By limiting access to certain functionalities, you can minimize the risk of unauthorized actions:

Viewer: Can view projects and issues.
Reporter: Can create and view issues but cannot modify them.
Developer: Can work on issues but cannot manage project settings.
Admin: Can manage project settings and user permissions.

2. Configuring SAML SSO for Jira

SAML for single sign-on (SSO) allows your customers to authenticate through your organization's identity provider when they log in to your Jira Service Management help center. Customers only need to log in one time to access multiple portals for one help center during an active session.

For detailed configuration, please refer this LINK

3. Enabling Logging and Monitoring

a. Enable Auditing

Auditing logs are crucial for tracking and investigating security incidents. Jira provides auditing features to log important events such as login attempts, changes to user permissions, and modifications to critical settings.

b. Monitor User Activity

Monitoring user activity helps in identifying unusual or unauthorized actions. Implement monitoring tools that provide insights into user behavior and alert you to potential security threats.

4. Integrating with InstaSafe for Enhanced Security

a. Single Sign-On (SSO)

InstaSafe Secure Access enables seamless and one-click access to Jira applications using Single Sign-On. With SSO, users authenticate once and gain access to multiple applications without needing to sign in repeatedly. This not only enhances user convenience but also improves security by reducing the risk of password fatigue.

b. Multi-Factor Authentication (MFA)

c. Device Authentication

InstaSafe ensures that only authorized and compliant devices can access your Jira instance. By enforcing device authentication, you significantly reduce the chances of data breaches and ensure that only the right users with the right devices are accessing your application.

Benefits of InstaSafe Secure Access for Jira

1. Granular Access Controls

2. Complete Visibility

Gain complete visibility of user activity with InstaSafe’s detailed insights. This visibility helps in monitoring user behavior, detecting anomalies, and improving overall security posture.

3. Enhanced Security with Seamless User Experience

By integrating MFA and SSO, InstaSafe provides an enhanced security layer while maintaining a seamless user experience. Users enjoy easy access without compromising on security.

4. Easy to Deploy

InstaSafe Secure Access can be set up in minutes, making it easy to get started. The straightforward deployment process ensures that your Jira instance is quickly secured without extensive configuration.

Conclusion

Securing your Jira application is crucial to protecting your project data and maintaining the integrity of your workflows. By implementing strong user access controls, network security measures, and leveraging InstaSafe’s Secure Access solution with SSO and MFA, you can ensure that your Jira instance remains secure, user-friendly, and protected from potential threats.

Secure Access for Gitlab

Instasafe — Mon, 10 Jun 2024 09:56:07 GMT

Securely Access Your Gitlab repo with InstaSafe SSO and MFA

Implement additional layer of security with InstaSafe Single Sign On (SSO) and Multi-Factor Authentication to secure your Gitlab code repository

Understanding Gitlab Application

GitLab is an open-source web-based DevOps lifecycle management tool that provides a Git repository manager for managing source code repositories, version control, and DevOps lifecycle with features like issue tracking, CI/CD (Continuous Integration/Continuous Deployment), and more.

Current Challenges with Secure Access for Gitlab Application

Risk of unauthorized access by outsider- Gitlab repositories often contain proprietary source code and other confidential information such as user credentials, API keys and other configuration files. Provisioning direct access to Gitlab repository over internet can have pertinent risks of unauthorized access.
Risk of unauthorized access by insider - In case a employee leaves the organization, often the IT admin forgets / take few additional days to remove the access. The departing employee can have access to gitlab repository posing significant risks
Lack of strong authentication mechanism - Current authentication methods involve password as primary authentication and OTP as secondary authentication (which is optional).

With InstaSafe Secure Access for Gitlab, You can

Hide your applications from public internet with self managed Gitlab deployment

Self managed Gitlab instance will only be accessed through InstaSafe agent after the user is authenticated and provisioned. Gitlab instance will not be available to access through direct URL thereby eliminating any risks of data breach.

Seamless and one-click access of Gitlab applications using Single Sign-On (SSO)

With Single Sign-On, gets authenticated once and seamless access application. No need to sign in frequently and remember different credentials for different applications.

Multi-factor authentication (MFA) for additional security

Use additional authentication methods such as OTP, T-OTP, push notifications, Biometrics notifications, Hardware token to eliminate the risks arising from password breaches

Enforce device authentication to ensure only authorized device gets access

Ensure only authorized and compliant devices provided by organization is able to access to application after proper authentication. Device identity is key to significantly reducing the chances of data breaches and ensuring right user with right device is accessing application

Once InstaSafe SSO is configured, here is the scenario for accessing self managed Gitlab without / with InstaSafe

Step by Step Guide for configuring SAML Single Sign On for Self Managed Gitlab

Cloud provider for hosting Gitlab

Various cloud providers, including AWS, Google Cloud Platform, Microsoft Azure, DigitalOcean, and others, offer robust infrastructure options for deploying self-hosted GitLab instances. Each provider supports scalable virtual machines, managed databases, and Kubernetes services, providing flexibility and customization for organizations seeking control over their DevOps environments.

AWS

To set up GitLab on AWS following your specifications, here's a step-by-step explanation:

Instance Selection: Choose an appropriate instance type depending on your usage requirements, such as r6i.large. This instance type provides sufficient resources for GitLab's operations.

VPC and Subnet Configuration:

Ensure you have a Virtual Private Cloud (VPC) set up in AWS.
Choose an availability zone within your preferred region for high availability.
Select a subnet within the chosen VPC and availability zone where the GitLab instance will reside.

Elastic IP Configuration:

Allocate an Elastic IP (EIP) address to your instance to ensure a static public IP that persists even if the instance is stopped and restarted.

Security Group Configuration:

Create or modify a security group to allow inbound traffic on ports 443 for GitLab access via InstaSafe ZTAA.
Configure outbound rules to allow all traffic from the instance to communicate with external services and repositories.

Instance Launch and Setup:

Launch the instance with the chosen specifications (instance type, subnet, security group).
Connect to the instance using SSH or AWS Systems Manager Session Manager.

GitLab Installation and Configuration:

Update the instance and install the necessary packages (e.g., Docker, GitLab dependencies).
Follow GitLab's official installation guide or use Docker to deploy GitLab.
Configure GitLab settings, including domain name configuration, SSL certificates (using Let's Encrypt or your own certificates for HTTPS access), and GitLab administrative settings.
Set up repositories, users, and permissions as per your organization's requirements.

Once GitLab is successfully hosted on AWS or any other cloud provider, the administrator can proceed to configure access via the InstaSafe portal with the following steps:

In the perimeter management navigate to applications and create a gitlab application and give the self hosted gitlab url.
Save the configuration settings for the GitLab application.

Navigate to the "Access Policy".
Create a new policy specifically for GitLab access.
Add the relevant users or user groups who require access to GitLab.
Include the GitLab application within the application configuration.
Update and save the policy settings to apply the access controls.

Add the application behind the gateway in InstaSafe portal.

Once the setup in the portal is done.
The user can go to the self hosted Gitlab page and can login to Gitlab using the InstaSafe Single Sign On.

The user can connect to the InstaSafe ZTAA agent and access the gitlab.

When the agent is disconnected, the user will not be able to access the gitlab.

Directly accessing Gitlab from Browser

Above image shows that after SSO configuration, directly accessing self managed Gitlab instance is not possible directly from the browser. Only using InstaSafe agent and accessing through InstaSafe secure browser, Gitlab instance is accessible

Benefits of InstaSafe Secure Access for Gitlab

Granular Access controls - Provision user or user groups based on their role on who can access
Complete visibility - Get complete visibility of user activity for better insights
Better Security - MFA and SSO provides enhanced security with seamless user experience
Easy to Deploy - Secure Access can be set up in minutes and easy to get started.

Complement our other Solution Stack

Single Sign On: Validation and Authentication from a single dashboard, using a single set of credentials, gives you access to all authorized applications, whether on-premise or on the cloud

Multi Factor Authentication: Add additional layer of authentication with OTP, T-OTP, PIN, Biometrics or push notification.

Contextual Access: Leverage IP based Access, Time based Access, Geolocation based access and Device based access for added flexibility and agility

Secure Identity Cloud: Comprehensive identity and access management solution to manage and control access to digital resources

To book a demo, please visit https://instasafe.com/book-a-demo

InstaSafe Solutions

InstaSafe Stick - Access using USB

Why InstaSafe Stick?

How does it work?

Features and Benefits

Secure Access for Outlook Web Access (OWA)

Secure Access for Google Workspace

Limitations of Traditional Security Models

Zero Trust: A Modern Approach to Securing Google Workspace

The InstaSafe Advantage for Google Workspace

Securing Access for IceWarp Email

Challenges with Traditional Email Security

Zero Trust: The Future of Email Security

The InstaSafe Advantage for IceWarp Email

Securing Access for Microsoft 365

Securing Access to Microsoft 365 with InstaSafe Zero Trust

Why Traditional Security Models Fall Short

Zero Trust: The Foundation of Secure Access

The InstaSafe Advantage

Documentation - Secure Web Gateway

Introduction

System Requisites

Hardware Requirements

Recommended Hardware

Installation and Activation

Get Product Activation Key

Download Installation Package

Basic Setup

How to integrate AD or OpenLDAP with InstaSafe

Overview

Tutorial Goals

Prerequisites

Integration of Microsoft Active Directory

Simple Authentication

SSO Authentication

Preferred Linux distribution: Setup Your Secure Web Gateway on your preferred Linux distribution

How to setup virtualization environment for InstaSafe with VirtualBox.

Setup HTTPS Inspection

Integrate a Linux Host with a Windows AD for Kerberos SSO authentication

Block Personal Gmail And Allow Google Corporate Accounts

Data Leakage Prevention

Controlling Uploads

Block Virus Uploads And Downloads

Block Anonymous Proxies

Block Advertisements And Banners

Block Third Party Cookies

Block Particular User Login To Facebook Or Gmail

Profiled Internet Access

Enforce Safe Searches On Gateway

FAQs

What is InstaSafe SWG?

Why should I use InstaSafe?

Which Operating Systems does InstaSafe support?

What is the minimal hardware required for InstaSafe?

What is InstaSafe Appliance Builder?

Where should I get the latest version of InstaSafe to upgrade?

What is InstaSafe for Windows?

Where should I get a product activation key?

What is InstaSafe Self Service portal?

Whom should we permit to access the InstaSafe Web GUI?

How do I know InstaSafe product is activated?

Where should I get license details?

Why am I getting "Proxy Access Denied?"

Does InstaSafe inspect HTTPS traffic?

When should I enable HTTPS Inspection?

When should I bypass HTTPS Inspection?

What are the benefits of HTTPS inspection in InstaSafe?

What is an SSL certificate?

Where can I get an SSL certificate?

Can I use my SSL certificates generated from my Enterprise CA?

Can I integrate an LDAP service like Microsoft Active Directory or OpenLDAP with InstaSafe?

What is InstaSafe SSO Authentication?

If my SSO authentication fails is LDAP fail over functionality available in InstaSafe?

When should I bypass authentication?

Can I use InstaSafe Captive portal to monitor internet usage traffic?

What is InstaSafe Captive portal?

Does InstaSafe supports transparent proxy?

Why should I enable WCCP?

Can I prevent user to access Social networking sites?

Can I prevent users to upload confidential data?