Empowering Secure User Experiences
In today's dynamic threat landscape, organizations need robust security solutions to safeguard users from malicious content and inappropriate websites. Exium SASE delivers a comprehensive content filtering and web security solution that enforces security policies while offering unparalleled visibility and control for administrators.
¶ Multi-Layered Defense:
Exium SASE protects users through a layered approach:
- Policy-Based Content Filtering: Block access to websites and content categories that violate organizational policies. This ensures user productivity and compliance with regulations.
- Threat Intelligence-Powered Threat Blocking: Leverage industry-leading threat intelligence feeds to identify and block access to malicious websites known to harbor malware, phishing attacks, and other cyber threats. This proactive approach safeguards users from emerging threats.
¶ Enhanced Visibility and Control:
Exium SASE empowers administrators with:
|
Granular Block Reporting |
Simplified Policy Management |
Real-Time Threat Response |
|---|---|---|
| Search and identify blocked threats within the intuitive admin console. Gain insights into the types of threats encountered and user activity. | Whitelist essential applications and websites with a single click. | Isolate users experiencing excessive block events for investigation and potential remediation. This helps prevent incidents and minimize disruption. |
¶ Benefits:
|
Item |
Key Benefits of Multi-Layered Content & Threat Protection |
|---|---|
| 1 |
Reduced Risk of Malware and Phishing Attacks
|
| 2 |
Improved User Productivity
|
| 3 |
Enhanced Compliance
|
| 4 |
Simplified Management
|
| 5 |
Faster Threat Response
|
¶ Types of Blocked Threats/Policies
Exium SASE blocks domains/URLs and IP addresses based on different type of Threats and Policies configuration. Following description is about these types of Threats and Policies which you see on admin console.
|
Item |
Type of Threat |
Description |
|---|---|---|
| 1 | DNS Security | is DNS domain accessed by end user and blocked by Exium SASE as this domain is marked as Malicious from Exium’s Threat Intelligence platform (TIP). Exium’s TIP Platform constantly gets updates from different types of threat sources and updates the DB in Cybersecurity Mesh in real time. Some of these sources include MISP feeds, Blocklist, Abuse.ch etc., |
| 2 | Web Category Filtering | is URL accessed by end user and blocked by Exium SASE as this URL is part of Web Category which is marked as BLOCK by administrator part of web category policies. Exium supports identification of all the high level IAB categories and few subcategories as well. Administrator can BLOCK different categories for different user groups. |
| 3 | Web Domain Filtering | is URL/Domain/App accessed by end user and blocked by Exium SASE as this URL/Domain/App is part of policy which is marked as BLOCK by administrator. Administrator can define different policies for different user groups. |
| 4 | Firewall | is IP (Port) accessed by end user and blocked by Exium SASE as this IP is part of firewall policy which is marked as BLOCK by administrator. Administrator can define different firewall policies for different user groups. |
| 5 | Geo Outward (Egress) | is URL/IP (Port) accessed by end user and blocked by Exium SASE as this URL/IP is hosted in a country which is blocked part of Egress Geo policies. |
| 6 | Geo Inward (Ingress) | is a user device owned by a end user and blocked by Exium SASE as this device is trying to connect from a country which is blocked part of Ingress Geo Policies. |
¶ Managing Blocked Threats/ Policies
To manage Blocked Threats/ Policies, follow the steps below:
- Navigate to the MSP admin console -> Client Workspace
- Click on SASE Dashboards → Blocked Threats/ Policies
- You can use the “Search Threat Table” to find Blocked Threats/Policies by entering relevant keywords. For instance, if the site
slackb.comis blocked, you can search using the keyword “slack.”
Details on the Blocked Threats/ Policies are provided below:
| Item | Description | |
|---|---|---|
| 1 | Timestamp: | Shows when the event was observed. |
| 2 | Username: | Shows the username associated with the observed event. |
| 3 | Device Type and Name: | Shows the type and name of the device (Mac, Windows, IOS, Android, CGW) linked to the event. |
| 4 | Type: | Shows the category of threat/policy the event is associated with (as explained in the previous section). |
| 5 | Content: | Shows the specific blocked URL/Domain/IP. |
| 6 | Policy Name: | Shows the policy or malware list responsible for the block. |
| 7 | Status: | Shows whether the event is open or closed, particularly if the partner account is linked with CW/AT PSA. |
| 8 | PSA Ticket: | Shows the details of the PSA ticket if the partner account is linked with CW/AT PSA. |
| 9 | Actions: | Shows the various potential actions available for the admin (detailed in a later section). |
¶ Blocked Threats/Policies - DNS Security
Following reference screenshot represents alerts related to DNS Security (Malicious lists)
¶ Blocked Threats/Policies - Web Domain/Category Filtering
Following reference screenshot represents alerts related to Web Domain or Web Category Filtering policies
¶ Blocked Threats/Policies - Geo Policies
Following reference screenshot represents alerts related to Geo Policies
¶ Actions for Blocked Threats/Policies
Workspace admins have various options for responding to blocked threats or policies. Below is a detailed explanation of these actions.
Isolate User: Selecting this action will result in all of the user's connected devices being isolated or blocked from accessing the network.
Add Allow Policy: This action creates an exception policy for the selected user, group, or workspace, allowing access where it might otherwise be blocked.
Report Wrong Category: Choosing this option raises a support ticket with Exium regarding incorrect categorization details.
¶ Isolating a User Due to a Threat/Policy
If a workspace admin opts to isolate a user because they are accessing a particular threat or policy, they can do so by following these steps:
- Click on the "Isolate User" action.
- Confirm the selection by pressing "OK" in the confirmation dialog.
- The user and all their devices will remain blocked until an action is taken to unblock them.
¶ Actions for Blocked Threats/Policies - Add Allow Policy
If a workspace admin decides to create an exception rule to grant access to a specific URL/Domain/IP for a user, group, or workspace, they can do so by using the Add Allow Policy action:
- Click on the "Add Allow Policy" action.
- Set "Enable User," "Group," and/or "Workspace" to "Yes," then click "Submit."
This action creates an allow policy at the user, group, or workspace level, ensuring the specified domain/IP is accessible for that user, group, or workspace.
¶ Actions for Blocked Threats/Policies - Report Wrong Category (Web Categories Only)
If a workspace admin identifies that a domain has been incorrectly categorized and blocked, they can report this issue to Exium by raising a service ticket:
- Click on the "Report Wrong Category" action.
This will generate a service ticket with Exium, and the Exium team will carry out the necessary validations and research before adjusting the category mapping.
¶ Summary
Exium SASE provides a comprehensive solution for protecting users by blocking inappropriate and malicious content and websites based on organizational policies and advanced threat intelligence. With enhanced visibility into blocked content, powerful search capabilities, streamlined administrative controls, and user isolation features, Exium SASE ensures robust security while maintaining operational efficiency. This makes it an ideal solution for organizations aiming to safeguard their digital environments against evolving threats.
To learn more about implementing SASE / XDR / IAM products for your organization and explore tailored solutions that meet your unique requirements, contact Exium at partners@exium.net for a consultation or demonstration.