¶ What is CyberMesh?
Intelligent Cybersecurity Mesh or CyberMesh is one of the world’s largest and fastest cloud-scale security platforms connecting and protecting your apps, data, devices, and users across a global business fabric. By utilizing the expanding cloud regions and edge sites across Exium's own Global Cloud and other major public clouds, we provide more than 75 percent of global GDP with an experience of sub-40 milliseconds latency.
¶ Traffic Steering to Exium's SASE Platform
Exium offers advanced Traffic Steering capabilities within its Secure Access Service Edge (SASE) platform to optimize user experience and enhance security posture. With three distinct Traffic Steering Modes, organizations can tailor their network traffic management to suit their specific requirements:
|
Traffic Steering Mode |
Description |
Benefits |
|---|---|---|
| Intelligent Traffic Routing (ITR) | ITR represents the optimal performance recommended mode. Within this mode, Exium's SASE Cybermesh leverages a range of sophisticated factors, including policy controls, AI-driven device posture assessments, first packet analysis, SSL/HTTPS protections, and performance metrics to make real-time routing decisions. | By dynamically routing certain web and SaaS traffic directly based on contextual factors, ITR ensures optimal performance, responsiveness, and efficiency while maintaining robust security measures. |
| Conditional Access | This mode empowers organizations to enforce additional security measures by leveraging IP address allowlisting for specified corporate cloud applications. Conditional Access requires organizations to explicitly specify the domain names and/ or IPs of the applications they wish to enable this access control mechanism for. | By implementing Conditional Access, organizations can bolster their security posture and mitigate risks associated with compromised user credentials. This mode adds an extra layer of protection, particularly against threats originating from unauthorized or suspicious IP addresses. |
| Tunnel All Traffic | In this mode, all traffic originating from the endpoints is directed through Exium's SASE Cybermesh, regardless of destination or nature of the traffic. However, this mode is not recommended due to its potential negative impact on user experience. | Tunneling all traffic may lead to increased latency, reduced bandwidth efficiency, and potential performance bottlenecks, adversely affecting user experience and productivity. |
We'll delve deeper into Intelligent Traffic Routing (ITR). For a comprehensive understanding of the Conditional Access method based on Source-IP, please refer to our article Source-IP based Conditional access.
¶ Secure Intelligent Traffic Routing (ITR)
Exium delivers the highest levels of network security and performance with AI-powered intelligent traffic routing as depicted in the figure below.
- Zero-trust Secure Private Access (SPA) traffic is always routed via the mesh
- Secure Internet Access (SIA) provides comprehensive web security with the first packet of each session/ transaction always routed via the mesh for inspection and web security controls. Based on the first packet analysis and additional criteria below, Cybermesh may determine that it is safe to route certain SIA traffic directly to Web/SaaS apps to deliver the highest performance and user experience while maintaining the policy and security controls for the SIA traffic.
The additional criteria for the intelligent traffic routing include: AI-based assessment of the device posture, Web and SaaS destinations (trusted vs untrusted), detailed policy controls, SSL/ https protections for the traffic, and more
¶ Configuring Traffic Steering Mode
In order to deliver the highest performance and user experience while maintaining the policy and security controls, Intelligent Traffic Routing (ITR) is automatically activated when you create a new workspace. To keep ITR active, you do not need to do anything.
You can configure “Conditional Access” or “tunnel all traffic” modes in the central admin portal by following the steps below:
- Navigate to the MSP admin console -> Client Workspace
- Click on “Zero Trust Policies” → Traffic Steering
- Select the Traffic Steering Mode (see the screenshot below)
- If you selected “Conditional Access” , Continue by clicking the "Add App" button to specify the IPs of the apps you wish to enable Conditional Access for.
- If you selected “Tunnel All Traffic” which is not recommended, you have the option to exclude certain apps from going via the CyberMesh. If this is the case, Continue by clicking the "Add App" button to specify the IPs of the apps you wish to exclude.
- For more details on configuration and policies, see Traffic Steering Applications.
¶ Conclusion
Exium's Traffic Steering capabilities empower organizations to optimize network performance, enhance security, and streamline user experience within their SASE environment. By leveraging Intelligent Traffic Routing, Conditional Access controls, or Tunnel All Traffic options, organizations can tailor their traffic management strategies to align with their specific needs, priorities, and security requirements.