BlastWave announced the availability of the BlastShield™ SaaS Proxy Agent (SPA) to enable fast and secure access to cloud applications, including Microsoft 365, Microsoft Azure, Box, Dropbox, and Salesforce.com. BlastShield SPA allows IT organizations to use zero-trust network access (ZTNA) methods to set up conditional access to third-party cloud applications. Unlike cloud access security brokerage (CASB) platforms, BlastShield secures cloud application access through a customer-managed gateway installed with BlastShield SPA. BlastShield uses phishing-resistant multi-factor authentication (MFA), data encryption, and device invisibility techniques to make the gateway invisible to the public Internet and unauthenticated users. BlastShield SPA demonstrates that you can’t hack what you can’t see.
BlastWave also introduced Extended Access Logging (EAL) to understand user behavior by logging all activity while logged onto the BlastShield network. With EAL, IT managers can track: date, time, events, port, IP address, and more. These new enhancements expand BlastShield’s Zero-Trust Network Access (ZTNA) capabilities and simplify the security stack while protecting network connectivity for remote access, site-to-site communications, and cloud application access.
BlastShield SPA provides BlastWave’s customers with high-performance IaaS/PaaS/SaaS access that avoids the pitfalls of CASB services that force all traffic through a shared, managed gateway that is prone to performance bottlenecks and third-party risk challenges. To set up secure cloud access, IT administrators simply install the BlastWave SPA software agent onto a physical or virtual server and configure the cloud application with conditional access that only allows connections from the BlastShield SPA. This prevents anonymous connection to BlastShield-protected cloud applications and enables full visibility and event logging.
“We continue to listen to our customers and innovate by adding new features to our ZTNA platform. BlastShield SaaS Proxy Agent (SPA) was requested by our customers who wanted to expand their use of BlastShield beyond accessing private workloads,” said Peter Alm, CTO BlastWave. “This is part of our commitment to simplify the security stack. The days of managing hardware-based VPNs, complex IP sub-netting, and microsegmentation are numbered. We make it simple to secure access to remote repositories, enterprise applications, data, public cloud infrastructure, and now SaaS applications. Customers can now proxy different sets of domains for different users for microsegmentation purposes, restricting unauthenticated access to business-critical cloud applications for internal users.”
The latest enhancements use a peer-to-peer model to proxy secure connections to SaaS services more efficiently, controlling both sides of the authentication “handshake” through unspoofable IP addresses that are cryptographically challenged and verified for every connection. Only authenticated users, continuously verified through the biometrics and FIDO 2 keys of BlastShield’s phishing-resistant MFA, can connect to applications approved by their organization. BlastShield SPA is implemented on a virtual machine, physical or cloud server and provides customers with on-prem and cloud-based orchestration and management.