In previous blog posts we discussed new security approaches like Zero Trust and behavior-based security, and leveraging Artificial Intelligence (AI), Machine Learning (ML), and Big Data technologies in order to prevent attacks before they even happen, with the motto “never trust, always verify”.
As one of the most renowned vendors in mobile security and a major player in the cybersecurity world, BlackBerry offers BlackBerry Cyber Suite, a comprehensive Unified Endpoint Security (UES) solution to prevent, detect and respond to cybersecurity threats.
Now BlackBerry has released a new add-on product to their suite in response to growing needs from customers to secure access to all their resources, either on-premises or cloud-based – BlackBerry Gateway.
What is BlackBerry Gateway?
BlackBerry Gateway is a next-generation VPN feature that provides privacy-friendly Zero Trust Network Access (ZTNA) to end-users to Software-as-a-Service (SaaS) and on-prem corporate resources, while enhancing the network experience for end users.
Shortcomings of VPN in a Hybrid World
In the past, customers hosted all their corporate content and application servers internally, and remote access was gradually provided using Virtual Private Network (VPN) solutions for desktop users and mobile users.
Then, over the last decade, many customers started moving their infrastructure to the cloud, partially in some cases (hybrid environment, balancing on-prem and cloud-based resources) or even entirely in other cases. The benefits include reducing Total Cost of Ownership (TCO), service availability, and easier management, among others. The same is true for the end-users as they can access their resources from their favorite device, either desktop or mobile, even more easily than before.
However, moving to the cloud can potentially pose a serious security problem as technically anyone can connect to SaaS applications like Microsoft 365 or Salesforce, to name a few. Of course many security mechanisms can be used to ensure only legitimate end-users are able to connect, for example using Multi-Factor Authentication (MFA) technology, and from a safe and secured device using Mobile Threat Defense (MTD) software. But this still potentially represents a very large surface of attack, larger than it used to be when all resources were located internally.
BlackBerry Gateway is here to answer that need to retain control over which corporate resources are accessed, from who, from where, and from what device.
How does it work?
BlackBerry Gateway provides a secure connection to private network resources by encrypting all data in transit using industry-leading tunnel technology.
It also continuously evaluates Internet destinations using Machine Learning, IP reputation, and risk scoring to maintain an ever-evolving list of malicious ones. It will prevent endpoints from connecting to these destinations, sparing the customer the burden of manually compiling and maintaining their own blacklist. It also continuously evaluates user behavior to detect any abnormal, inconsistent behavior that could suggest a possible threat and block the connection.
For SaaS applications, it is also possible to use specific access control policies (if available from vendor) to restrict access only to endpoints connecting through BlackBerry Gateway to ensure these are legit connections from authenticated users on secured and safe devices. BlackBerry can also provide unique IP addresses for every customer Tenant if needed, to restrict and control access even more.
What does this do for end-user?
BlackBerry Gateway offers an enhanced, VPN-like experience to the end-user with a very light footprint, requiring only one piece of software to be installed – a one-time straightforward user enrollment. Users can easily enable Work Mode when they need to access to corporate resources (and disable it later) with a simple click; traffic will automatically be dispatched between either corporate network (via BlackBerry secure network) or directly to the Internet, ensuring a fast connection while preserving privacy.
Not Just for Enterprise
BlackBerry Gateway is scalable so it can fit any customer, whether they are already using other BlackBerry products or not, from Small Office/Home Office (SOHO) customers to Fortune 500 companies. BlackBerry Gateway brings immediate benefits in terms of security, no matter the size and complexity of the infrastructure.
Integration with other cybersecurity features
BlackBerry Gateway can either be used as a standalone product or an extra feature combined with other BlackBerry Unified Endpoint Security (UES) features like BlackBerry Protect, BlackBerry Optics, and BlackBerry Persona, sharing a unique management console and working together to provide an AI-powered solution for Zero Trust Network Access for all networks, endpoints, apps, and users.
As employees now expect the ability to access information from anywhere, the risk of a data breach either by user error or malicious actors is greater than ever.
Blackberry Gateway presents a unique solution to any organization looking to add security to how their employees access work platforms without compromising user experience. ISEC7 is your premier BlackBerry partner that can help you with BlackBerry Gateway deployment, as well as any other BlackBerry Cyber Suite features. Our services span the architecture design, implementation/rollout, and training process. We would be happy to answer any questions you may have about BlackBerry Gateway and implementing this solution for your organization.
Please feel free to contact us with any inquiries.
Contact
(C) Rémi Frédéric Keusseyan, Global Head of Training, ISEC7 Group
