Empowering Secure User Experiences
In today's dynamic threat landscape, organizations need robust security solutions to safeguard users from malicious content and inappropriate websites. Exium SASE delivers a comprehensive content filtering and web security solution that enforces security policies while offering unparalleled visibility and control for administrators.
¶ Multi-Layered Defense:
Exium SASE protects users through a layered approach:
- Policy-Based Content Filtering: Block access to websites and content categories that violate organizational policies. This ensures user productivity and compliance with regulations.
- Threat Intelligence-Powered Threat Blocking: Leverage industry-leading threat intelligence feeds to identify and block access to malicious websites known to harbor malware, phishing attacks, and other cyber threats. This proactive approach safeguards users from emerging threats.
¶ Enhanced Visibility and Control:
Exium SASE empowers administrators with:
|
Granular Block Reporting |
Simplified Policy Management |
Real-Time Threat Response |
|---|---|---|
| Search and identify blocked threats within the intuitive admin console. Gain insights into the types of threats encountered and user activity. | Whitelist essential applications and websites with a single click. | Isolate users experiencing excessive block events for investigation and potential remediation. This helps prevent incidents and minimize disruption. |
¶ Benefits:
|
Item |
Key Benefits of Multi-Layered Content & Threat Protection |
|---|---|
| 1 |
Reduced Risk of Malware and Phishing Attacks
|
| 2 |
Improved User Productivity
|
| 3 |
Enhanced Compliance
|
| 4 |
Simplified Management
|
| 5 |
Faster Threat Response
|
¶ Types of Blocked Threats/Policies
Exium SASE blocks domains/URLs and IP addresses based on different type of Threats and Policies configuration. Following description is about these types of Threats and Policies which you see on admin console.
|
Item |
Type of Threat |
Description |
|---|---|---|
| 1 | DNS Security | is DNS domain accessed by end user and blocked by Exium SASE as this domain is marked as Malicious from Exium’s Threat Intelligence platform (TIP). Exium’s TIP Platform constantly gets updates from different types of threat sources and updates the DB in Cybersecurity Mesh in real time. Some of these sources include MISP feeds, Blocklist, Abuse.ch etc., |
| 2 | Web Category Filtering | is URL accessed by end user and blocked by Exium SASE as this URL is part of Web Category which is marked as BLOCK by administrator part of web category policies. Exium supports identification of all the high level IAB categories and few subcategories as well. Administrator can BLOCK different categories for different user groups. |
| 3 | Web Domain Filtering | is URL/Domain/App accessed by end user and blocked by Exium SASE as this URL/Domain/App is part of policy which is marked as BLOCK by administrator. Administrator can define different policies for different user groups. |
| 4 | Firewall | is IP (Port) accessed by end user and blocked by Exium SASE as this IP is part of firewall policy which is marked as BLOCK by administrator. Administrator can define different firewall policies for different user groups. |
| 5 | Geo Outward (Egress) | is URL/IP (Port) accessed by end user and blocked by Exium SASE as this URL/IP is hosted in a country which is blocked part of Egress Geo policies. |
| 6 | Geo Inward (Ingress) | is a user device owned by a end user and blocked by Exium SASE as this device is trying to connect from a country which is blocked part of Ingress Geo Policies. |
¶ Managing Blocked Threats/ Policies
To manage Blocked Threats/ Policies, follow the steps below:
- Navigate to the MSP admin console -> Client Workspace
- Click on SASE Dashboards → Blocked Threats/ Policies
All the details are as below
- Timestamp: Indicates the timestamp when this event is observed
- Username: Indicates the username of the user for which the event is observed
- Device Type and Name: Indicates the device type (Mac, Windows, IOS, Android, CGW) and name of the user for which the event is observed
- Type: Indicates the type of threat/policy the event belongs to. (as explained in previous section)
- Content: Indicates the exact blocked URL/Domain/IP
- Policy Name: Indicates the policy or malicious list name because of which this is blocked
- Status: Indicates the open/close status of the event if this partner account is integrated with CW/AT PSA
- PSA Ticket: Indicates the PSA ticket details if this partner account is integrated with CW/AT PSA
- Actions: Indicates the different possible actions for admin (explained in detail in later section)
¶ Blocked Threats/Policies - DNS Security
Following reference screenshot represents alerts related to DNS Security (Malicious lists)
¶ Blocked Threats/Policies - Web Domain/Category Filtering
Following reference screenshot represents alerts related to Web Domain or Web Category Filtering policies
¶ Blocked Threats/Policies - Geo Policies
Following reference screenshot represents alerts related to Geo Policies
¶ Blocked Threats/ Policies - Actions
Workspace admin can take different actions based on the type of blocked threat/policy. Following is the detailed description of type of actions.
- Isolate User: When this action is performed, all the connected devices of the user will be isolated/blocked from network access.
- Add Allow Policy: When this action is performed, there will be a exception policy is added against that user/group/workspace based on selection
- Report Wrong Category: When this action is performed, there will be a support ticket raised to exium about the wrong category details.
¶ Blocked Threats/Policies Actions - Isolate User
If the workspace admin decides to isolate the user because of a particular threat/policy is getting accessed by that user, he can do so by clicking on Isolate User action
- Click on Isolate User action
- Press OK on confirmation dialogue
The user (and all his devices) will be blocked until further action of unblocking the user.
¶ Blocked Threats/Policies Actions - Add Allow Policy
If the workspace admin decides to add exception rule to provide access to a URL/Domain/URL to a user/group/workspace, he can do so by clicking on Add Allow Policy action
- Click on Add Allow Policy action
- Enable User and/or Group and/or workspace to Yes and then click on Submit
The allow policy will be created at user or group or workspace level so that particular domain/IP will be accessible for that user/group/workspace.
¶ Blocked Threats/Policies Actions - Report Wrong Category (only for Web Categories)
If the workspace admin decides to report that a domain is wrongly categorised and wrongly blocked, he can report the same to Exium by raising a service ticket.
- Click on Report wrong category action
The service ticket will be raised with Exium and Exium team will do necessary validations and research before correcting the category mapping.
¶ Summary
Exium SASE provides a comprehensive solution for protecting users by blocking inappropriate and malicious content and websites based on organizational policies and advanced threat intelligence. With enhanced visibility into blocked content, powerful search capabilities, streamlined administrative controls, and user isolation features, Exium SASE ensures robust security while maintaining operational efficiency. This makes it an ideal solution for organizations aiming to safeguard their digital environments against evolving threats.
To learn more about implementing SASE / XDR / IAM products for your organization and explore tailored solutions that meet your unique requirements, contact Exium at partners@exium.net for a consultation or demonstration.