<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom">
    <channel>
        <title>Zenarmor</title>
        <link>https://www.zenarmor.com</link>
        <description>Agile Service Edge Security</description>
        <lastBuildDate>Fri, 17 Jul 2026 06:33:17 GMT</lastBuildDate>
        <docs>https://validator.w3.org/feed/docs/rss2.html</docs>
        <generator>https://github.com/jpmonette/feed</generator>
        <language>en</language>
        <image>
            <title>Zenarmor</title>
            <url>https://www.zenarmor.com/images/zenarmor-social-card.jpg</url>
            <link>https://www.zenarmor.com</link>
        </image>
        <copyright>All rights reserved 2026, Zenarmor</copyright>
        <atom:link href="https://www.zenarmor.com/rss.xml" rel="self" type="application/rss+xml"/>
        <item>
            <title><![CDATA[Zenarmor 2.6 Is Here: Multi-Tenant Governance, Audit Trails, SIEM Streaming, and API Automation – All in One Release]]></title>
            <link>https://www.zenarmor.com/blog#zenarmor-2-6-multi-tenant-governance-audit-trails-siem-streaming-api-automation</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#zenarmor-2-6-multi-tenant-governance-audit-trails-siem-streaming-api-automation</guid>
            <pubDate>Tue, 30 Jun 2026 00:00:00 GMT</pubDate>
            <description><![CDATA[Zenarmor 2.6 ships with six new capabilities built for teams whose security operations are scaling up: a full administrator audit trail, SIEM/SOAR streaming, an organization-based RESTful API, instance tagging, policy backup and restore, and guided onboarding.]]></description>
            <content:encoded><![CDATA[<p>Zenarmor 2.6 ships with six new capabilities built for teams whose security operations are scaling up: a full administrator audit trail, SIEM/SOAR streaming, an organization-based RESTful API, instance tagging, policy backup and restore, and guided onboarding.</p>
<p>As deployments grow, the questions change. It’s no longer just “can we block this threat.” It becomes “who changed this policy and when,” “can our analysts see Zenarmor data in the tools they already use,” and “can we automate this instead of clicking through it.” Version 2.6 answers those questions directly, with a common thread of visibility and operational control.</p>
<h1>What’s New</h1>
<h3>Organization Admin Governance and Audit Trail</h3>
<p><strong>Most relevant to: Mid-market IT/SecOps teams in regulated verticals, and MSPs/MSSPs running multi-admin operations.</strong></p>
<p>As more administrators touch a platform, accountability gets harder, and in regulated environments like healthcare, financial services, and legal that gap becomes a compliance problem. Zenarmor 2.6 introduces a comprehensive audit trail in Zenconsole. Every action, including policy updates, configuration changes, and the addition or removal of instances, is now logged with a name and timestamp, turning “we think it was configured this way” into documented fact and shortening investigations when something goes wrong. For partners with multiple technicians touching client environments, it also answers the “who changed this on which tenant” question that gets harder as the book of business grows.</p>
<h3>External SIEM and SOAR Support</h3>
<p><strong>Most relevant to: Mature mid-market SecOps teams and MSSPs with an established analytics stack.</strong></p>
<p>Security data is only useful where analysts actually work. Many teams have already invested in their own SIEM or SOAR and want Zenarmor data flowing alongside everything else. Zenarmor 2.6 streams session details directly to Elasticsearch and OpenSearch while keeping built-in cloud reporting, so teams can build dashboards, run deeper analysis, trigger automated playbooks, and correlate Zenarmor activity with the rest of their telemetry, inside the stack they already trained on.</p>
<h3>Organization-Based RESTful API</h3>
<p><strong>Most relevant to: MSPs, MSSPs, and ISPs provisioning at scale, plus infrastructure-as-code shops.</strong></p>
<p>Manual configuration doesn’t scale. Zenarmor 2.6 introduces a RESTful API for Zenconsole, letting administrators create gateways and retrieve organization details programmatically, see full docs at <a href="https://developer.zenarmor.com/api">Zenarmor API</a>. Security can now be wired into infrastructure-as-code workflows and onboarding scripts, reducing manual effort and removing a class of configuration mistakes. For partners onboarding new clients and service providers standing up gateways across many sites, it means growing your footprint at the pace of the business rather than the pace of clicking.</p>
<h3>Tag Support for Zenarmor Instances</h3>
<p><strong>Most relevant to: MSPs, MSSPs, and ISPs managing instances across many tenants and sites.</strong></p>
<p>A handful of gateways is easy to manage by name; hundreds are not. Zenarmor 2.6 adds system-defined and custom tags on gateways and endpoints. Administrators can label instances by region, business unit, function, or environment, then use those tags to organize device groups and dynamically provision resources into Zero-Trust networks, so membership follows logical rules instead of manual assignments.</p>
<h3>Backup and Restore for Internet Security Policies</h3>
<p><strong>Most relevant to: MSPs standardizing baselines across clients, lean mid-market teams without spare hands to rebuild config, and regulated organizations that need to evidence policy state.</strong></p>
<p>Security policies are living configurations, and without a way to capture a known-good state, a misstep means rebuilding by hand. Zenarmor 2.6 lets administrators back up and restore internet security policies directly in Zenconsole. Export selected policies to a file or upload a saved configuration to apply multiple policies at once, making it easy to standardize across environments or roll back to a baseline. For compliance, a saved policy set is also a point-in-time record of how controls were configured, the kind of evidence auditors look for and the baseline you can prove you restored to after any change.</p>
<h3>Onboarding Widget for New Users</h3>
<p><strong>Most relevant to: New mid-market admins and MSPs bringing on new clients.</strong></p>
<p>A feature-rich platform can be hard for first-timers to navigate. Zenarmor 2.6 introduces an onboarding widget that offers guided direction through key tasks, from setting up Zero-Trust networks to configuring policies, so new users always know what to do next and reach value faster. For partners, a smoother first experience means quicker time to value and less support overhead with every new client.</p>
<h2>Improvements Worth Noting</h2>
<p><strong>Zenarmor 2.6 also includes a set of improvements that sharpen visibility and smooth daily operations:</strong> faster central reporting on cloud-based BigQuery; SSO awareness without TLS inspection (no internal CA certificate required on client devices); QUIC connections reliably blocked with an ICMP unreachable response on UDP port 443; a mobile-friendly subscription and pricing page; destination IP included in Threat and Activity Alert emails; destination domains in alert CSV attachments rendered as unclickable links; a direct link from alerts to related Live Sessions; fewer false positives as dead sites move from Advanced Security to the Web category; and Zero-Trust network status shown per gateway on the Gateway Dashboard.</p>
<p>A bug fix also resolves an SSO session display issue where a roaming user could incorrectly appear offline when working from an office that enforced SSO authentication.</p>
<h2>Closing Thoughts</h2>
<p>Zenarmor 2.6 is a release for teams whose security operations are growing up. The audit trail answers who did what and when. SIEM and SOAR streaming puts Zenarmor data inside the tools analysts already use. The RESTful API automates what you used to do by hand. Tagging, policy backup and restore, and guided onboarding each remove friction from running security at scale. This is what the Plug.SASE.Everywhere approach looks like as it matures: not only security that deploys anywhere, but security you can see clearly, govern accountably, and operate efficiently at any size.</p>
<h2>Get Started Today</h2>
<p>Zenarmor 2.6 is available now. Existing customers can access these capabilities immediately through Zenconsole, and developers can start building against the new API at <a href="https://developer.zenarmor.com/api">Zenarmor API</a>. For the full release notes, visit <a href="https://www.zenarmor.com/docs/support/release-notes">Release Notes</a>.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-2.6-776_500.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Scheduled Maintenance for Zenconsole]]></title>
            <link>https://www.zenarmor.com/announcements#zenconsole-maintenance-announcement</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#zenconsole-maintenance-announcement</guid>
            <pubDate>Mon, 18 May 2026 00:00:00 GMT</pubDate>
            <description><![CDATA[We would like to inform you about the upcoming scheduled maintenance for Zenconsole, during which the system will be temporarily unavailable.]]></description>
            <content:encoded><![CDATA[<p>We would like to inform you about the upcoming scheduled maintenance for Zenconsole, during which the system will be temporarily unavailable.</p>
<h2>Details:</h2>
<ul>
<li><strong>Date and Time:</strong> Friday, May 22, 2026, from 05:00 am - 05:30 am GMT(Summer Time)  (00:00 am - 00:30 am EDT, Thursday, May 21, 2026, 09:00 pm to 09:30 pm PDT).</li>
<li><strong>Duration:</strong> 30 min</li>
<li><strong>Affected Service:</strong> Zenconsole Cloud Management Portal</li>
<li><strong>Reason for Maintenance:</strong> Resource Upgrade for Zenconsole</li>
</ul>
<p>We thank you for your understanding and patience during this maintenance window and apologize for any inconvenience it may have caused.</p>
<p>Zenarmor Team</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/maintenance-img.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor SASE 2.5 Is Here: Dynamic Policies with CrowdStrike Device Posture Check integration, Real-Time Threat Alerts, and Deployment at Scale]]></title>
            <link>https://www.zenarmor.com/blog#zenarmor-sase-2.5-release</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#zenarmor-sase-2.5-release</guid>
            <pubDate>Tue, 28 Apr 2026 00:00:00 GMT</pubDate>
            <description><![CDATA[Zenarmor 2.5 ships with four new capabilities including CrowdStrike integration for ZTNA device posture checks, bulk gateway provisioning, real-time threat alert notifications, and Docker container endpoint support.]]></description>
            <content:encoded><![CDATA[<p>Every major Zenarmor release tells a story about where enterprise security is heading, and version 2.5 is no different. This release is squarely focused on three things that security and IT leaders have been asking for: deeper integration with the tools already living in their security stack, faster and more scalable deployment operations, and the kind of real-time threat awareness that lets teams act before damage is done.</p>
<p>Zenarmor 2.5 ships with four new capabilities, a meaningful set of platform improvements, and a handful of targeted bug fixes. Whether you are running a lean IT team at a mid-market company or managing a complex distributed environment across hundreds of sites and thousands of endpoints, this release has something that will make your day-to-day operations meaningfully better.</p>
<p>Let’s get into it.</p>
<h2>What’s New in Zenarmor 2.5</h2>
<h3>CrowdStrike Integration for Zero Trust Network Access (ZTNA) Device Posture Check</h3>
<h4>The Challenge</h4>
<p>For years, organizations’s VPN / ZTNA solutions and their endpoint detection and response (EDR) platform operated in separate silos. A device could be flagged as compromised or high-risk in CrowdStrike Falcon, yet that same device would continue to have full access to internal networks and applications because the two systems had no way to communicate with each other. Security teams were left manually correlating data across platforms, often after the fact, and policy enforcement lagged dangerously behind the actual risk posture of devices on the network.</p>
<p>This is not a theoretical problem. In environments where contractors, BYOD devices, and remote workers are the norm, the attack surface exponentially increases as the device count increases. A device that fails a posture check should lose access immediately, not at the next manual review cycle.</p>
<h4>The Zenarmor Solution</h4>
<p>Zenarmor 2.5 introduces CrowdStrike integration for ZTNA device posture checks. Zenarmor now synchronizes device Zero Trust Assessment (ZTA) scores directly from CrowdStrike Falcon continuously. Administrators can build Private Access Policies that use these synchronized ZTA scores as “a dynamic” enforcement criteria, meaning access to private network resources is granted or denied based on continuously updated device health data pulled straight from CrowdStrike.</p>
<p>If a device’s ZTA score falls below a defined threshold, access is automatically restricted without manual intervention. The policy enforces itself.</p>
<h4>Why This Matters</h4>
<p>True Zero Trust is not a static configuration; it is a continuous evaluation loop. By pulling real-time posture data from CrowdStrike Falcon, one of the most widely deployed EDR platforms in the enterprise, Zenarmor ensures that access decisions reflect the device’s actual security state at any given moment.</p>
<p>For organizations already running CrowdStrike as part of their security stack, this is a force multiplier. You are not adding a new tool or a new process. You are connecting two systems you already trust and letting them work together to automatically enforce the access policy. That is the kind of integration that reduces alert fatigue, closes enforcement gaps, and makes your existing security investments work harder.</p>
<h3>Automated Provisioning of Gateways at Scale</h3>
<h4>The Challenge</h4>
<p>Scaling security infrastructure across a distributed environment is one of the more demanding operational challenges IT and security teams face today. Whether an organization is expanding into new branch offices, standing up retail locations, extending to edge computing nodes, or securing cloud-hosted workloads, the pace of that growth demands tooling that can keep up. In environments where speed matters, a new branch office needs to be secured before it goes live, and a new cloud region needs to be protected before workloads are migrated to it. Security must adapt to the pace of the business, not lag behind.</p>
<p>As organizations grow their Zenarmor deployments to match that pace, the natural next step is to enable administrators to provision multiple gateways in a single, coordinated operation rather than sequentially, reducing the time between infrastructure expansion and full security coverage. That is exactly what this update delivers.</p>
<h4>The Zenarmor Solution</h4>
<p>Zenarmor 2.5 updates the one-liner installation script to support bulk gateway operations. Administrators can now install or add multiple gateways in a single operation, dramatically reducing the time and effort required to bring new infrastructure online. What previously required individual attention for each gateway can now be handled in one coordinated step.</p>
<h4>Why This Matters</h4>
<p>Organizations with large branch footprints or who are aggressively expanding their footprint can now attach Zenarmor protection with greater ease and consistency across every gateway in their environment. For MSSPs and partners managing multiple client environments, this is particularly impactful. Onboarding a new client or expanding an existing deployment now happens in a fraction of the time, with the confidence that every gateway is configured correctly from day one.</p>
<p>It also reinforces one of Zenarmor’s core architectural advantages over cloud-only SASE: the ability to instantly deploy security exactly where you need it, on your infrastructure, on your timeline, without waiting for a vendor to provision capacity in a cloud POP that may or may not be geographically optimal for your users.</p>
<h3>Real-Time Threat Alert Notifications for SSE and Higher Subscriptions</h3>
<h4>The Challenge</h4>
<p>Visibility without action is just noise. Security teams are already drowning in data, and the last thing anyone needs is another dashboard to check. The real problem is not a lack of information; it is a lack of timely, targeted, actionable signals. When something important happens on the network, whether it is a spike in blocked malware detections, a command-and-control callback attempt, or a policy violation pattern that suggests a compromised device, security teams need to know about it immediately, not when they happen to log in and run a report.</p>
<p>For distributed organizations where a single administrator might be responsible for monitoring dozens of gateways and hundreds of endpoints, the manual review model simply does not scale. Threats move faster than scheduled check-ins.</p>
<h4>The Zenarmor Solution</h4>
<p>Zenarmor 2.5 introduces automated email-based threat-alert notifications for SSE and SASE-tier subscriptions. Administrators can now define specific criteria, and patterns that matter to their environment, and Zenarmor will automatically send alerts when those conditions are met. This is not a generic notification system. It is a configurable alerting framework that lets administrators focus on the signals that are most relevant to their specific threat model and compliance requirements.</p>
<p>Alerts are designed to drive immediate action, giving administrators the context they need to investigate and respond quickly rather than hunting through logs after the fact.</p>
<h4>Why This Matters</h4>
<p>The gap between detection and response is where breaches happen. By pushing real-time alerts to administrators based on criteria they define, Zenarmor significantly narrows that gap. A security team that knows about a threat within minutes of detection is in a fundamentally different position than one that discovers it hours later during a routine review.</p>
<p>This capability also has real compliance implications. Many regulatory frameworks, including those governing financial services, healthcare, and critical infrastructure, require documented evidence of timely threat detection and response. Automated alerting with configurable thresholds provides both the operational capability and the audit trail to support those requirements.</p>
<p>For lean security teams managing complex environments, this is the difference between being reactive and being proactive. And in security, being proactive wins.</p>
<h3>Zenarmor Endpoint Application on Docker Containers for ZTNA and SASE Subscriptions</h3>
<h4>The Challenge</h4>
<p>Containerized environments present a unique security challenge. As organizations accelerate their adoption of Docker and Kubernetes for application workloads, the security tooling available for those environments has struggled to keep pace. Traditional endpoint agents are designed for operating systems, not containers. Cloud-only SASE solutions can protect traffic leaving the network, but they cannot provide inline security inspection and Zero Trust private access for workloads running inside containerized infrastructure without forcing all traffic out to a cloud POP and back, introducing latency and creating architectural complexity that undermines the efficiency gains containers are supposed to deliver.</p>
<p>For organizations running containerized workloads in on-premises data centers, edge locations, even ephemeral networks or private cloud environments, this creates a genuine blind spot. The workloads are there, the traffic is flowing, but the security coverage is either absent or dependent on a cloud detour that defeats the purpose.</p>
<h4>The Zenarmor Solution</h4>
<p>Zenarmor 2.5 extends the SASE application to Docker containers and is available to ZTNA and SASE subscribers. Organizations can now deploy Zenarmor SASE directly as an endpoint within containerized environments, bringing the full suite of Zenarmor’s security and private access capabilities to Docker workloads without requiring a separate physical or virtual appliance. This means containerized applications can participate in private secure networks, have their traffic inspected and controlled by policy, and be managed through the same Zenconsole interface as every other endpoint in the organization.</p>
<h4>Why This Matters</h4>
<p>This is a natural and important extension of Zenarmor’s Plug.SASE.Everywhere philosophy. Security should follow the workload, not the other way around. As more organizations shift critical workloads to containers, the ability to deploy Zenarmor natively in those environments ensures that security coverage keeps pace with evolving infrastructure.</p>
<p>It also highlights a fundamental limitation of cloud-only SASE architectures. A vendor whose security model depends on routing traffic through their cloud infrastructure cannot protect workloads that should never leave your environment in the first place. Zenarmor’s decentralized, deploy-anywhere model means that containerized workloads in a data center, a manufacturing-floor edge node, or a development cluster receive the same level of protection as a remote worker connecting from a hotel in another country.</p>
<h2>Improvements Worth Noting</h2>
<p>Beyond the headline features, Zenarmor 2.5 ships with several improvements that will make a real difference in day-to-day operations.</p>
<p><strong>Improved Performance on Secure Private Networks.</strong> Latency between secure private network peers has been meaningfully reduced, resulting in faster and more reliable connections. For organizations relying on Zenarmor’s Zero Trust overlay networks for real-time collaboration, voice, or latency-sensitive applications, this is a direct quality-of-life improvement.</p>
<p><strong>Bulk Gateway Updates Across the Organization.</strong> Administrators can now push updates to all gateways in their organization in a single operation. Combined with the bulk provisioning capability introduced in this release, this makes large-scale gateway fleet management significantly more efficient. Consistency across your gateway estate is no longer a manual effort.</p>
<p><strong>Endpoint Application Update via CLI.</strong> For Linux environments and headless deployments, users can now update their endpoint applications directly from the command line with the --update-app helper command. This is a small but meaningful improvement for teams managing endpoints in server or containerized environments where a GUI is not available.</p>
<p><strong>Subscription Expiration Visibility in the Subscriptions List.</strong> An info icon now appears next to subscriptions approaching expiration, giving administrators an at-a-glance warning before service interruption occurs. It is a simple addition, but the kind of operational detail that prevents avoidable disruptions.</p>
<p><strong>Simplified macOS Uninstallation.</strong> Zenarmor endpoint applications on macOS can now be removed by dragging the app to the Trash, with the engine fully uninstalled in the process. Clean, simple, and consistent with how macOS users expect software removal to work.</p>
<p><strong>Subscription-Aware Policy Configuration.</strong> The policy configuration page now displays only the features available under the user’s current subscription tier. This reduces confusion and streamlines the configuration experience, particularly for organizations managing multiple subscription types across their environment.</p>
<h2>Bug Fixes</h2>
<p>Zenarmor SASE 2.5 also resolves several issues that have been affecting specific environments and use cases:</p>
<ul>
<li>Multiple DNS records being generated in Microsoft Active Directory environments for Windows endpoints registered to Secure Private Networks have been resolved.</li>
<li>Category and Signature labels in the blocked sessions details pane within Gateway Live Sessions and Centralized Live Sessions are now fully visible.</li>
<li>Certain CASB applications that could not be blocked are now correctly enforced.</li>
<li>HTML tags displaying incorrectly in warning messages on the OPNsense UI have been fixed.</li>
<li>Applications incorrectly labeled as “Dynamic Classifier” during Live Sessions are now identified correctly.</li>
</ul>
<h2>Closing Thoughts</h2>
<p>Zenarmor SASE 2.5 is a release that rewards organizations that are thinking seriously about how their security infrastructure needs to evolve. The CrowdStrike integration for device posture is a statement about where ZTNA is going: toward continuous, automated, data-driven enforcement that does not depend on manual oversight or static rules. The bulk provisioning and bulk update capabilities are a statement about how security operations need to scale: efficiently, consistently, and without creating a deployment tax that slows down the business. The Docker endpoint support is a statement about the future of the workload: wherever it runs, security follows.</p>
<p>If you are already a Zenarmor customer, updating to 2.5 is fast &amp; straightforward. If you are evaluating Zenarmor for the first time, this release is a strong representation of what the Plug.SASE.Everywhere approach looks like this in practice: instant, simple, comprehensive, flexible, and built for how modern organizations actually operate.</p>
<p>For full release notes, visit <a href="https://www.zenarmor.com/docs/support/release-notes">zenarmor.com/docs/support/release-notes</a>.</p>
<Free Trial>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-2.5-release.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor SASE Named 2026 SD-WAN Product of the Year]]></title>
            <link>https://www.zenarmor.com/blog#zenarmor-sase-named-2026-sd-wan-product-of-the-year</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#zenarmor-sase-named-2026-sd-wan-product-of-the-year</guid>
            <pubDate>Tue, 14 Apr 2026 00:00:00 GMT</pubDate>
            <description><![CDATA[Zenarmor SASE has been named a 2026 INTERNET TELEPHONY SD-WAN Product of the Year Award winner by TMC]]></description>
            <content:encoded><![CDATA[<p>We are excited to share that <strong>Zenarmor SASE has been named a 2026 INTERNET TELEPHONY SD-WAN Product of the Year Award winner by TMC.</strong> 🏆</p>
<p>SD-WAN has become a core part of modern networking, enabling organizations to connect distributed users, sites, and applications with greater agility, visibility, and control.</p>
<p>Zenarmor delivers secure connectivity through a <strong>single-app, single-stack, single-pass architecture</strong> combining networking and security in one platform. This allows organizations and partners to build and operate high-performance, resilient networks without added infrastructure or operational overhead.</p>
<blockquote>
<p>“This year’s winners are trailblazers redefining what’s possible in modern networking.”</p>
<p>— Rich Tehrani, CEO of TMC</p>
</blockquote>
<p>We are proud to be recognized among them.</p>
<p><strong>Thank you to our customers, partners, and team for making this possible.</strong></p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/sd-wan-poty-v2.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor Extends Industry-First Distributed SASE Architecture]]></title>
            <link>https://www.zenarmor.com/announcements#zenarmor-extends-sase-architecture-to-mobile-and-containerized-environments</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#zenarmor-extends-sase-architecture-to-mobile-and-containerized-environments</guid>
            <pubDate>Wed, 18 Mar 2026 00:00:00 GMT</pubDate>
            <description><![CDATA[Advancements to the Zenarmor SASE Anywhere Architecture™ Enable Sovereign SASE Deployments Across Partner- and Customer-operated Infrastructure]]></description>
            <content:encoded><![CDATA[<h3>Advancements to the Zenarmor SASE Anywhere Architecture™ Enable Sovereign SASE Deployments Across Partner- and Customer-operated Infrastructure</h3>
<p>Zenarmor, Inc., the company pioneering a distributed Single-App, Single-Stack, Single-Pass Secure Access Service Edge (SASE) architecture for modern networks, today announced significant new advancements to its platform that expand the Zenarmor SASE Anywhere Architecture™ to support mobile endpoints and containerized environments, while enabling sovereign deployments across partner-operated and customer-controlled infrastructure, including managed service providers, network operators, and enterprise environments. This architecture enables security enforcement to run directly within partner or customer infrastructure rather than relying on centralized cloud inspection points.</p>
<p>These advancements expand Zenarmor’s distributed enforcement model to support modern hybrid workforces and cloud-native infrastructure. Unlike traditional SASE architectures that depend on centralized cloud points of presence (PoPs), Zenarmor enables sovereign SASE deployments where security enforcement runs directly within partner or customer environments. This distributed enforcement model replaces centralized PoP inspection, eliminating traffic backhaul entirely, reducing latency, and preserving operational control over security infrastructure.</p>
<blockquote>
<p>“Service providers need security platforms that integrate directly into their infrastructure without forcing architectural compromises,” said George Burne, Chief Technology Officer at WiLine Networks. “Zenarmor’s latest advancements to its distributed architecture allow us to embed security directly within our network stack, giving customers secure connectivity, full visibility, and operational control rather than relying on external cloud inspection points.”</p>
</blockquote>
<p>As organizations adopt hybrid work models and increasingly distributed application environments, many find that cloud-only SASE architectures can still introduce performance tradeoffs, operational complexity, and reliance on vendor-controlled infrastructure.</p>
<p>The Zenarmor SASE Anywhere Architecture™, built on a Single-App, Single-Stack, Single-Pass design and forming the foundation of the company’s ONE.APP. SASE™ model addresses these challenges by placing security enforcement directly in the traffic path, allowing inspection to occur closer to users, applications, and workloads without relying on centralized cloud inspection points. Zenarmor’s latest platform advancements extend its distributed SASE architecture to mobile endpoints, enabling roaming users to receive the same inspection, policy enforcement, and threat protection regardless of where they connect.</p>
<blockquote>
<p>“Many organizations struggle to introduce modern security capabilities without disrupting existing network deployments,” said Eelco Akker, ICT Consultant overseeing network and security infrastructure at De Hooge Waerder Accountants, a Netherlands-based accounting and advisory firm. “Zenarmor’s latest architecture advancements allow security to be inserted directly into the traffic path with minimal disruption, enabling organizations to strengthen their security posture while maintaining performance and operational continuity.”</p>
</blockquote>
<h2>Mobile Endpoint Security</h2>
<p>Zenarmor gateways now function as both secure internet exit points and comprehensive inspection engines for roaming iOS and Android devices. Mobile users can securely connect to the nearest Zenarmor gateway, where traffic is inspected inline before reaching the internet or corporate resources. This allows organizations to apply the full suite of Zenarmor’s security capabilities to mobile users across any network, including:</p>
<ul>
<li>Application-aware security policies that follow users across networks</li>
<li>Advanced threat protection including malware detection, phishing prevention, and command-and-control blocking</li>
<li>Content filtering and web categorization to prevent access to risky or inappropriate sites</li>
<li>Full visibility into application usage, bandwidth consumption, and security events</li>
<li>Intelligent routing to the nearest Zenarmor gateway for optimal performance</li>
</ul>
<p>Unlike cloud-only SASE providers that require traffic to traverse centralized vendor-operated inspection points, Zenarmor allows organizations to deploy security enforcement wherever it makes operational sense including in their own data centers, branch locations, cloud environments, or directly on user endpoints. Mobile users connect to their organization’s infrastructure, preserving both performance and operational control.</p>
<blockquote>
<p>“SASE was originally envisioned as a way to bring networking and security closer to users and applications, but most implementations have reintroduced centralization through cloud inspection points,” said Murat Balaban, Founder and CEO of Zenarmor. “With Zenarmor, security enforcement runs directly where traffic flows – at the branch, in the cloud, on endpoints, or within partner infrastructure, giving organizations the performance, control, and deployment flexibility that modern distributed networks require.”</p>
</blockquote>
<h2>Containerized Gateway Deployment</h2>
<p>Zenarmor’s latest advancements also introduce containerized gateway deployment, allowing Zenarmor gateways to run as Docker containers across cloud-native environments and edge infrastructure. This enables organizations and service providers to deploy inline security inspection directly within Kubernetes clusters, ephemeral networks, development platforms, and distributed edge locations without requiring dedicated appliances or centralized cloud inspection infrastructure.</p>
<p>Endpoint connectivity and policy enforcement are centrally managed through Zenconsole, allowing organizations to deploy and manage Zenarmor agents across distributed endpoints and gateways. The platform integrates with enterprise device management solutions such as Microsoft Intune and Jamf, enabling organizations to extend consistent Zero Trust policies across corporate laptops, mobile devices, and remote user environments.</p>
<blockquote>
<p>“Traditional SASE architectures introduce integration challenges and operational blind spots due to their dependence on cloud-based PoPs,” said Shamus McGillicuddy, Vice President of Research at Enterprise Management Associates (EMA). “By eliminating PoPs and enabling direct, point-to-point secure connections with inline inspection, Zenarmor’s latest advancements reinforce a next-generation SASE architecture that reduces latency, accelerates deployment, and lowers operational complexity. This differentiated approach is why EMA recognized Zenarmor as a Vendor to Watch.”</p>
</blockquote>
<p>Zenarmor is also developing an integration with the CrowdStrike Falcon® platform to incorporate device posture signals into policy decisions, further enhancing Zenarmor’s Zero Trust enforcement capabilities. This capability is planned for a forthcoming platform release.</p>
<p>By combining distributed enforcement with centralized management and reporting, Zenarmor enables organizations and partners to build scalable SASE deployments that maintain performance, operational flexibility, and data sovereignty.</p>
<blockquote>
<p>“Perimeter-dependent security is an outdated assumption. Users are constantly moving between networks, and security must move with them,” said Mark Weinberger, Client Solutions Director, Spectrum Networks, a leading Australian ISP. “Zenarmor’s latest platform advancements enable us to move beyond gateway-only models to distributed enforcement with centralized visibility and control, a necessary evolution for modern SASE architectures built for today’s distributed workforce.”</p>
</blockquote>
<p>For enterprises and service providers operating modern distributed networks, Zenarmor’s architecture provides a flexible approach that supports partner-operated infrastructure, sovereign security policies, and high-performance security enforcement without centralized traffic backhaul. Zenarmor continues to expand its distributed SASE platform to support enterprises, managed service providers, and network operators delivering modern security services across increasingly complex digital environments.</p>
<h2>Availability</h2>
<p>The latest advancements in Zenarmor SASE are available today. For technical details, visit <a href="https://www.zenarmor.com/blog/zenarmor-2.4-release">Zenarmor 2.4 Release</a>.</p>
<h2>About Zenarmor</h2>
<p>Zenarmor, Inc. delivers ONE.APP. SASE™, a Secure Access Service Edge (SASE) category built on a Single-App, Single-Stack, Single-Pass architecture. Unlike traditional cloud-centric SASE models, Zenarmor performs inline inspection and Zero Trust enforcement directly at the point of access, eliminating forced traffic backhaul, reducing latency, and simplifying security operations.</p>
<p>Built on the Zenarmor SASE Anywhere Architecture™, the platform enables security enforcement to run wherever users, devices, and workloads operate across branch, edge, endpoint, and cloud environments. This distributed approach allows organizations, MSPs, MSSPs, and ISPs to deploy high-performance security within their own infrastructure while preserving privacy, data sovereignty, and operational control. The company is venture backed and headquartered in Cupertino, Calif., with European headquarters in Germany supporting customers and partners globally. For more information, visit <a href="https://www.zenarmor.com/">zenarmor.com</a>.</p>
<p><sub><sup>Zenarmor is a registered trademark of Sunny Valley Cyber Security, Inc.</sup></sub></p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/zenarmor-icon-pp.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor Named as Finalist in the 2026 SC Awards Program]]></title>
            <link>https://www.zenarmor.com/announcements#zenarmor-named-finalist-2026-sc-awards-best-sase-solution</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#zenarmor-named-finalist-2026-sc-awards-best-sase-solution</guid>
            <pubDate>Wed, 11 Mar 2026 00:00:00 GMT</pubDate>
            <description><![CDATA[Zenarmor Named as Finalist in the 2026 SC Awards Program for Best SASE Solution]]></description>
            <content:encoded><![CDATA[<h2>Zenarmor Named as Finalist in the 2026 SC Awards Program for Best SASE Solution</h2>
<h3>Zenarmor SASE Recognized for Its Single-App, Single-Stack, Single-Pass Architecture Delivering Real-World Zero Trust Enforcement Across Any Edge</h3>
<p>Zenarmor, Inc., the company delivering the industry’s only single-app, single-stack, single-pass SASE architecture, today announced it has been named a finalist in the prestigious 2026 SC Awards program. Zenarmor SASE was recognized in the Best SASE Solution category, highlighting the company’s innovation and leadership in modern network security. The SC Awards, now in its 29th year, recognize the solutions, organizations, and individuals that demonstrate outstanding achievement in advancing the security of information systems.</p>
<p>SC Media describes the Best SASE Solution category as: “Efforts by businesses to implement a zero-trust model require effective management of network visibility of user activity and access. Solutions for this category contribute to that effort, offering secure access service edge (SASE) to combine wide area networking, or WAN, and network security services into a single cloud offering. They enable secure, policy-based access to the appropriate application or data regardless of user or device location.”</p>
<blockquote>
<p>“The SC Awards celebrate excellence and innovation in cybersecurity, recognizing the people and technologies driving real progress. Being named a finalist is a mark of credibility and trust – a powerful validation from peers and experts who understand what it takes to deliver real-world security impact.”</p>
<p>— Kelley Damore, Chief Content Officer, CyberRisk Alliance</p>
</blockquote>
<p>Zenarmor delivers omnipresent security that enforces policy consistently across on-premises, cloud, edge, and endpoint environments. Built on a single-app, single-stack, single-pass SASE architecture, Zenarmor runs natively wherever users and applications operate. The platform is centrally managed through Zenconsole™ and deployed on customer-owned or partner-operated infrastructure, preserving data privacy, sovereignty, and full operational control.</p>
<blockquote>
<p>“The SC Awards program is the premier recognition in the cybersecurity industry, and we are honored to be named as a finalist and recognized among the industry’s best SASE solutions. Our architecture enforces security at the point of access while maintaining full visibility and centralized policy control. Because our entire SASE stack runs as a single application, customers can deploy in minutes and achieve consistent Zero Trust enforcement across any edge without redesigning their networks. By eliminating forced backhaul and centralized inspection hops, Zenarmor delivers dramatically lower latency up to 100×–1500× faster than traditional PoP-centric SASE models, effectively transforming every edge into a fully enforced SASE edge.”</p>
<p>— Murat Balaban, Founder and CEO of Zenarmor</p>
</blockquote>
<p>The 2026 SC Awards entries were evaluated across 33 specialty categories by a distinguished panel of judges, comprised of cybersecurity professionals, industry leaders, and members of the CyberRisk Alliance CISO community, representing sectors such as healthcare, financial services, education, and technology. A complete list of 2026 SC Awards finalists is available on <a href="https://www.scworld.com/sc-awards-finalists">SC Media</a>.</p>
<p>Zenarmor delivers a complete SASE stack including Zero Trust Network Access (ZTNA), Secure Internet Access (SSE), and inline traffic inspection without relying on centralized inspection infrastructure. Built on a single-app, single-stack, single-pass architecture, Zenarmor runs natively wherever users and applications operate, including gateways, endpoints, on-premises environments, cloud environments, and edge deployments. Because inspection and enforcement occur directly in the traffic path, organizations achieve consistent security enforcement with significantly lower latency and improved user experience. The platform deploys in minutes as a single application, eliminating the need for complex service chaining, multi-vendor orchestration, or forklift infrastructure upgrades. By enabling inspection within customer-owned or partner-operated infrastructure, Zenarmor allows organizations to meet strict privacy, data residency, and regulatory compliance requirements. Sensitive traffic never leaves the country, region, or customer-controlled environment for inspection. This architecture effectively transforms every edge into a fully enforced SASE edge.</p>
<h2>About CyberRisk Alliance (CRA)</h2>
<p>CyberRisk Alliance provides business intelligence that helps the cybersecurity ecosystem connect, share knowledge, accelerate careers, and make smarter and faster decisions. Through its trusted information brands, network of experts, and more than 250 annual events, CRA delivers actionable insights and serves as a powerful extension of cybersecurity marketing teams. Its brands include SC World, the Official Cybersecurity Summits, Identiverse, InfoSec World, CyberRisk Collaborative, Security Weekly, ChannelPro, ChannelE2E, MSSP Alert, ExecWeb, LaunchTech Communications, and CyberRisk TV. Learn more at <a href="https://www.cyberriskalliance.com">www.cyberriskalliance.com</a>.</p>
<h2>About Zenarmor</h2>
<p>Zenarmor, Inc. delivers ONE.APP. SASE™, a Secure Access Service Edge (SASE) category built on a Single-App, Single-Stack, Single-Pass architecture. Unlike traditional cloud-centric SASE models, Zenarmor performs inline inspection and Zero Trust enforcement directly at the point of access, eliminating forced traffic backhaul, reducing latency, and simplifying security operations.</p>
<p>Built on the Zenarmor SASE Anywhere Architecture™, the platform enables security enforcement to run wherever users, devices, and workloads operate across branch, edge, endpoint, and cloud environments. This distributed approach allows organizations, MSPs, MSSPs, and ISPs to deploy high-performance security within their own infrastructure while preserving privacy, data sovereignty, and operational control. The company is venture backed and headquartered in Cupertino, Calif., with European headquarters in Germany supporting customers and partners globally. For more information, visit <a href="https://www.zenarmor.com/">zenarmor.com</a>.</p>
<p><sub><sup>Zenarmor is a registered trademark of Sunny Valley Cyber Security, Inc.</sup></sub></p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/announcement/sc-awards-2026.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor 2.4 Release: Empowering Distributed Workforces with Enhanced Mobile Security and Flexible Deployment Options]]></title>
            <link>https://www.zenarmor.com/blog#zenarmor-2.4-release</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#zenarmor-2.4-release</guid>
            <pubDate>Thu, 05 Mar 2026 00:00:00 GMT</pubDate>
            <description><![CDATA[Zenarmor 2.4 introduces groundbreaking capabilities including comprehensive iOS and Android mobile security, Docker container deployment for gateways, pool licensing for partners, and automatic endpoint agent updates — extending the "Plug.SASE.Everywhere" philosophy to secure the truly distributed enterprise.
]]></description>
            <content:encoded><![CDATA[<p>Today marks a significant milestone in Zenarmor’s evolution as a comprehensive Secure Access Service Edge (SASE) solution. Released on March 3rd, 2026, <strong>Zenarmor 2.4</strong> introduces groundbreaking capabilities that address the most pressing challenges facing modern distributed enterprises: securing mobile workforces, simplifying deployment across diverse environments, and providing partners with unprecedented flexibility in licensing and client management.</p>
<p>This release represents a fundamental expansion of Zenarmor’s <strong>“Plug.SASE.Everywhere”</strong> philosophy, extending comprehensive internet security and Zero Trust Network Access (ZTNA) capabilities to iOS and Android devices while introducing Docker container deployment options that dramatically reduce time-to-security for organizations of all sizes.</p>
<h2>Introduction: Securing the Truly Distributed Enterprise</h2>
<p>The modern enterprise perimeter has dissolved. Your workforce operates from coffee shops, home offices, airports, and client sites, often switching between networks multiple times per day. Mobile devices have become the primary computing platform for many roles, yet they remain one of the most challenging endpoints to secure effectively.</p>
<p>Traditional cloud-only SASE solutions have attempted to address this challenge, but they often introduce latency, complexity, and dependency on vendor-controlled infrastructure that can create single points of failure.</p>
<p><strong>Zenarmor 2.4 takes a fundamentally different approach</strong>, extending our hybrid architecture to mobile platforms while maintaining the performance, flexibility, and control that distinguish our <strong>ONE.APP. SASE.™</strong> approach.</p>
<h2>What’s New: Seven Game-Changing Capabilities</h2>
<h3>1. Comprehensive Internet Security for iOS and Android Devices While Roaming</h3>
<p><strong>The Challenge:</strong></p>
<p>Mobile workers accessing corporate resources and internet applications from untrusted networks face a perfect storm of security risks: man-in-the-middle attacks, malicious Wi-Fi hotspots, shadow IT applications, and zero visibility for security teams.</p>
<p>Traditional VPNs provide tunnel security but lack application-layer inspection and control. Cloud-only SASE solutions force all traffic through distant cloud POPs, introducing latency that degrades user experience and productivity.</p>
<p><strong>The Zenarmor Solution:</strong></p>
<p>Zenarmor gateways now function as both internet exit gateways and comprehensive inspection points for roaming iOS and Android devices. This means your mobile workforce receives the full suite of Zenarmor’s security capabilities regardless of their location or network:</p>
<ul>
<li>Application-aware security policies that follow users across networks</li>
<li>Advanced threat protection, including malware detection, phishing prevention, and command-and-control blocking</li>
<li>Content filtering and web categorization to prevent access to risky or inappropriate sites</li>
<li>Complete visibility into application usage, bandwidth consumption, and security events</li>
<li>Intelligent routing to the nearest Zenarmor gateway for optimal performance</li>
</ul>
<p><strong>Why This Matters:</strong></p>
<p>Unlike cloud-only SASE providers that lock you into their infrastructure, Zenarmor allows you to deploy gateways where they make sense for your business — whether that’s in your own data centers, at branch locations, or in cloud regions of your choosing. Your mobile users connect to your infrastructure, maintaining the performance and control advantages that define Zenarmor’s approach.</p>
<p>For a sales executive traveling internationally, this means consistent security policies and optimal performance — whether they’re in a hotel in Singapore or a conference center in Frankfurt — all without the “VPN tax” of routing traffic halfway around the world to a vendor’s cloud POP or central VPN concentrator.</p>
<h3>2. Docker Container Deployment for Zenarmor Gateways</h3>
<p><strong>The Challenge:</strong></p>
<p>Speed to security is critical. Organizations need to deploy protection quickly across diverse environments — development clusters, edge computing locations, temporary sites, and cloud-native infrastructures. Traditional appliance-based or VM-only deployment models create friction, requiring procurement cycles, hardware provisioning, or heavyweight virtualization infrastructure.</p>
<p><strong>The Zenarmor Solution:</strong></p>
<p>Zenarmor gateways can now be deployed as Docker containers, enabling instant security deployment in containerized environments. This capability provides:</p>
<ul>
<li>Rapid deployment measured in minutes rather than days or weeks</li>
<li>Infrastructure flexibility to run Zenarmor wherever Docker is supported</li>
<li>Resource efficiency with containerized workloads that consume only the necessary resources</li>
<li>DevOps integration enabling security to be deployed through the same CI/CD pipelines as applications</li>
</ul>
<p><strong>Why This Matters:</strong></p>
<p>This addresses a critical gap in traditional SASE offerings. Cloud-only solutions can’t provide security for on-premises containerized workloads without forcing traffic to exit your network and traverse the internet to their cloud infrastructure.</p>
<p>Zenarmor’s Docker deployment option lets you secure Kubernetes clusters, edge computing nodes, and development environments with the same comprehensive SASE capabilities you deploy elsewhere — while keeping sensitive traffic within your control.</p>
<p>Consider a retail organization with edge computing infrastructure at store locations running inventory management and point-of-sale systems in containers. Zenarmor can now provide comprehensive security and secure connectivity to corporate resources without requiring separate physical or virtual appliances at each location.</p>
<h3>3. Pool Licensing for Partners</h3>
<p><strong>The Challenge:</strong></p>
<p>Managed Security Service Providers (MSSPs), Value-Added Resellers (VARs), and system integrators need licensing flexibility to efficiently serve multiple clients with varying and changing needs. Traditional per-organization licensing creates administrative overhead and can leave partners with stranded capacity or force clients to over-purchase to accommodate growth.</p>
<p><strong>The Zenarmor Solution:</strong></p>
<p>Partners can now purchase Zenarmor licenses in pools, providing unprecedented flexibility to:</p>
<ul>
<li>Allocate licenses dynamically across multiple client organizations</li>
<li>Right-size deployments without over-purchasing for individual clients</li>
<li>Respond quickly to client growth by reallocating pool resources</li>
<li>Optimize license utilization across their entire client base</li>
<li>Simplify procurement with consolidated purchasing</li>
</ul>
<p><strong>Why This Matters:</strong></p>
<p>This licensing model aligns with how modern MSSPs and service providers operate. Rather than managing dozens or hundreds of individual license purchases and renewals, partners can maintain a pool that serves their entire practice, allocating capacity where it’s needed most. This reduces administrative burden, improves cash flow management, and enables partners to be more competitive in their pricing and proposals.</p>
<h3>4. Partner License Assignment to Clients</h3>
<p><strong>The Challenge:</strong></p>
<p>Partners need to maintain clear boundaries between their management role and their clients’ operational independence. Clients want visibility into their subscriptions and the ability to manage their own environments within parameters set by their service provider.</p>
<p><strong>The Zenarmor Solution:</strong></p>
<p>Building on pool licensing, partners can now assign licenses directly to client organizations, enabling clients to:</p>
<ul>
<li>View their subscription details independently through their own Zenconsole access</li>
<li>Manage their deployments within the scope of their assigned licenses</li>
<li>Track usage and capacity for their organization</li>
<li>Maintain clear separation between their environment and other clients</li>
</ul>
<p><strong>Why This Matters:</strong></p>
<p>This creates a true multi-tenant architecture that respects both partner control and client autonomy. Partners maintain oversight and can reallocate licenses as needed, while clients gain transparency and self-service capabilities. This reduces support burden on partners and improves client satisfaction by providing direct visibility into the services they’re paying for.</p>
<h3>5. Mandatory Organization-Wide Reauthentication</h3>
<p><strong>The Challenge:</strong></p>
<p>Security posture degrades over time. Credentials may be compromised, employment status may change, access requirements may evolve, and compliance frameworks may increasingly require periodic verification of user identity. Yet forcing reauthentication can disrupt operations if not managed carefully.</p>
<p><strong>The Zenarmor Solution:</strong></p>
<p>Administrators can now initiate mandatory reauthentication across their entire organization periodically. This capability:</p>
<ul>
<li>Validates user identity at administrator-defined intervals</li>
<li>Detects compromised credentials before they can be exploited</li>
<li>Enforces policy updates by requiring users to reconnect under current policies</li>
<li>Supports compliance requirements for periodic identity verification</li>
<li>Provides audit trails of authentication events organization-wide</li>
</ul>
<p><strong>Why This Matters:</strong></p>
<p>This addresses a critical gap in Zero Trust implementation. True Zero Trust requires continuous verification, not just authentication at initial connection. By enabling administrators to force periodic reauthentication, Zenarmor ensures that access is based on current identity verification rather than potentially stale sessions. This is particularly important for organizations in regulated industries or those handling sensitive data where compliance frameworks mandate periodic identity verification.</p>
<h3>6. Multiple Domain Servers and Search Domains for Secure Private Networks</h3>
<p><strong>The Challenge:</strong></p>
<p>Enterprise networks are complex. Organizations frequently operate multiple Active Directory domains, maintain separate DNS infrastructure for different business units or geographic regions, and need to support varied search domain configurations. Single-domain limitations force workarounds that compromise functionality or security.</p>
<p><strong>The Zenarmor Solution:</strong></p>
<p>Zenarmor now supports multiple domain server instances and search domains, enabling organizations to:</p>
<ul>
<li>Integrate with complex directory structures, including multiple AD forests and domains</li>
<li>Support geographically distributed DNS infrastructure with region-specific domain servers</li>
<li>Maintain separate domains for different business units while providing unified security</li>
<li>Configure appropriate search domains for different user populations or network segments</li>
</ul>
<p><strong>Why This Matters:</strong></p>
<p>This reflects the reality of enterprise IT environments — particularly for organizations that have grown through acquisition or operate across multiple regions. Rather than forcing organizations to flatten their directory structure or implement complex workarounds, Zenarmor adapts to existing infrastructure. This reduces deployment complexity and ensures that secure private network access works seamlessly with existing identity and DNS infrastructure.</p>
<h3>7. Automatic Endpoint Agent Updates</h3>
<p><strong>The Challenge:</strong></p>
<p>Endpoint agent management is a persistent challenge for IT and security teams. Manual update processes are time-consuming, error-prone, and often result in version sprawl across the organization. Outdated agents may lack critical security updates or compatibility with new features, creating security gaps and support burdens.</p>
<p><strong>The Zenarmor Solution:</strong></p>
<p>Administrators can now automatically update all Zenarmor endpoint agents through Zenconsole, ensuring:</p>
<ul>
<li>Consistent version deployment across all endpoints</li>
<li>Automatic security updates without manual intervention</li>
<li>Reduced IT burden by eliminating manual update processes</li>
<li>Immediate feature availability as new capabilities are released</li>
<li>Centralized control over update timing and deployment</li>
</ul>
<p><strong>Why This Matters:</strong></p>
<p>This transforms endpoint management from a reactive, labor-intensive process to a proactive, automated function. Security teams can ensure that every endpoint runs the latest version with current threat definitions and security patches, eliminating the window of vulnerability that exists when updates are deployed manually. For distributed organizations with remote workers, this is particularly critical — IT teams no longer need to rely on users to update their agents or schedule maintenance windows to push updates.</p>
<h2>Improvements Worth Noting</h2>
<p>While the focus of this release is on new capabilities, several improvements enhance the overall Zenarmor experience:</p>
<ul>
<li><strong>Punycode decoding in Reports and Live Sessions</strong> now properly displays internationalized domain names and email addresses, improving visibility for global organizations.</li>
<li><strong>Enhanced Global Deployment dashboard</strong> provides clearer status information for offline endpoints.</li>
<li><strong>Extended licensing options in the one-time installation script</strong> simplify gateway deployment when multiple license types are available.</li>
<li><strong>Enhanced sign-up security</strong> through mandatory OTP verification when linking SSO accounts.</li>
<li><strong>Improved scheduled reporting</strong> now supports sending reports to all users, not just administrators.</li>
</ul>
<h2>Conclusion: Security That Moves at the Speed of Business</h2>
<p>Zenarmor 2.4 represents a significant leap forward in our mission to provide comprehensive, flexible, and high-performance security for distributed enterprises. By extending our SASE capabilities to mobile platforms, simplifying deployment through containerization, and enhancing partner and licensing flexibility, we’re addressing the real-world challenges that organizations face today.</p>
<p>The modern workforce is mobile, distributed, and increasingly reliant on cloud applications and SaaS platforms. Security solutions must adapt to this reality without introducing the latency, complexity, and vendor lock-in that characterize traditional cloud-only SASE approaches.</p>
<p><strong>Zenarmor 2.4 delivers on this promise</strong> — providing enterprise-grade security that follows your users wherever they work, deploys wherever you need it, and scales according to your business requirements.</p>
<h2>Get Started Today</h2>
<p>Zenarmor 2.4 is now available to all users. Existing customers can access these new capabilities immediately through Zenconsole. For partners interested in pool licensing and client management capabilities, contact your Zenarmor representative to discuss how these new features can enhance your service delivery and grow your practice.</p>
<p>Full release note available at: <a href="https://www.zenarmor.com/docs/support/release-notes#24---february-26-2026">Release Notes</a></p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-2.4-release.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor Wins TMCnet Zero Trust Security Excellence Award]]></title>
            <link>https://www.zenarmor.com/announcements#zenarmor-wins-tmcnet-zero-trust-security-excellence-award</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#zenarmor-wins-tmcnet-zero-trust-security-excellence-award</guid>
            <pubDate>Tue, 03 Mar 2026 00:00:00 GMT</pubDate>
            <description><![CDATA[Zenarmor Wins TMCnet Zero Trust Security Excellence Award]]></description>
            <content:encoded><![CDATA[<h3>Zenarmor SASE Recognized for Its Single-App, Single-Stack, Single-Pass Architecture Powering Real-World Zero Trust Enforcement</h3>
<p>Zenarmor, Inc., the company delivering the industry’s only single-app, single-stack, single-pass SASE architecture, today announced it has won the 2025 TMCnet Zero Trust Security Excellence Award from TMC, a global integrated media company, with winners announced Feb. 26, 2026. The award honors leaders and innovators delivering effective, forward-thinking Zero Trust security solutions. This recognition underscores the market shift toward distributed Zero Trust enforcement over centralized cloud inspection models.</p>
<blockquote>
<p>“It gives me great pleasure to honor the recipients of the TMCnet Zero Trust Security Excellence Award,” said Rich Tehrani, CEO of TMC. “The award recognizes solutions providers championing the ‘Trust nothing, verify everything’ mantra of Zero Trust at a time when businesses face increasingly complex and frequent threats. The TMCnet team congratulates this year’s distinguished winners.”</p>
</blockquote>
<p>Zenarmor delivers omnipresent security that enforces policy consistently across on-premises, cloud, edge, and endpoint environments. Built on a single-app, single-stack, single-pass SASE architecture, Zenarmor runs natively wherever users and applications operate. It is centrally managed through Zenconsole™ and deployed on customer-owned or partner-managed infrastructure, preserving data privacy, sovereignty, and operational control.</p>
<blockquote>
<p>“We are honored to be recognized as one of the industry’s top Zero Trust solutions,” said Murat Balaban, Founder and CEO of Zenarmor. “Our architecture enforces security at the point of access while maintaining full visibility and centralized policy control. Because our entire SASE stack runs as a single application, customers deploy in minutes and achieve consistent Zero Trust enforcement across any edge without redesigning their network. By eliminating forced backhaul and centralized inspection hops, Zenarmor delivers dramatically lower latency up to 100× – 1500× improvement compared to traditional PoP-centric SASE models.”</p>
</blockquote>
<p>Zenarmor delivers a complete SASE stack including Zero Trust network access (ZTNA), secure internet access (SSE), and inline inspection without routing traffic through vendor-controlled PoPs. This architecture reduces latency, improves user experience, and ensures consistent enforcement wherever users and applications operate.</p>
<p>Zenarmor deploys in minutes as a single application across gateways, endpoints, on-premises, cloud, and edge environments. Organizations avoid forklift upgrades, complex service chaining, and multi-vendor orchestration, significantly reducing operational overhead.</p>
<p>Because inspection and enforcement occur locally, customers and partners can meet strict privacy, data residency, and compliance requirements. Sensitive traffic never leaves the country, region, or customer-controlled environment for inspection. Zenarmor transforms every edge into a fully enforced SASE edge.</p>
<h2>About TMC</h2>
<p>For over 25 years, TMC has honored technology companies with awards in various categories. These awards are regarded as some of the most prestigious and respected awards in the communications and technology sector worldwide. Winners represent prominent players in the market who consistently demonstrate the advancement of technologies. Each recipient is a verifiable leader in the marketplace.</p>
<p>TMC also provides global buyers with valuable insights to make informed tech decisions through editorial platforms, live events, webinars, and online advertising. Leading vendors trust TMC, thought leadership, and our events for branding, thought leadership, and lead generation. Our live events, like the ITEXPO #TECHSUPERSHOW, deliver unmatched visibility, while custom lead generation programs and webinars ensure a steady flow of sales opportunities. Display ads on trusted sites generate millions of impressions, boosting brand reputations. TMC offers a complete 360-degree marketing solution, from event management to content creation, driving SEO, branding, and marketing success. Learn more at <a href="https://www.tmcnet.com">www.tmcnet.com</a>; follow @tmcnet on Facebook, LinkedIn, and X.</p>
<h2>About Zenarmor</h2>
<p>Zenarmor delivers ONE.APP. SASE™, a next-generation Secure Access Service Edge (SASE) platform built on a Single-App, Single-Stack, Single-Pass architecture. Unlike traditional cloud-centric SASE models, Zenarmor performs inline inspection and Zero Trust enforcement directly at the point of access, eliminating forced backhaul, reducing latency, and simplifying security operations. Designed for distributed, real-world networks, Zenarmor enables organizations, MSPs, MSSPs, and ISPs to deploy high-performance security wherever users, devices, and workloads operate across branch, edge, endpoint, and cloud environments, while preserving privacy, data sovereignty, and operational control. Plug.SASE.Everywhere™. The company is venture backed and headquartered in Cupertino, Calif., with European headquarters in Germany supporting customers and partners globally. For more information, visit <a href="https://www.zenarmor.com/">Zenarmor</a>.</p>
<p><sub><sup>Zenarmor is a registered trademark of Zenarmor, Inc.</sup></sub></p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/announcement/tmc-announcement.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Analyst Recognition]]></title>
            <link>https://www.zenarmor.com/announcements#EMA-names-Zenarmor-a-Vendor-to-Watch</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#EMA-names-Zenarmor-a-Vendor-to-Watch</guid>
            <pubDate>Thu, 26 Feb 2026 00:00:00 GMT</pubDate>
            <description><![CDATA[Enterprise Management Associates (EMA) Names Zenarmor a Vendor to Watch]]></description>
            <content:encoded><![CDATA[<h2>Enterprise Management Associates (EMA) Names Zenarmor a Vendor to Watch</h2>
<h3>Cloud-Free SASE Delivers Performance</h3>
<p>Founded in 2017, Cupertino-based cybersecurity provider Zenarmor offers a unique secure access service edge (SASE) solution that maximizes performance and flexibility through an efficient network architecture.</p>
<p>Most SASE vendors combine a software-defined WAN (SD-WAN) overlay with security services that are delivered via a global network of cloud-based points of presence (PoPs). Traditional SASE architecture requires the installation of gateway devices to establish an SD-WAN overlay, and all traffic must be backhauled from SD-WAN gateways to SASE PoPs for security inspection. This backhaul requirement adds latency to network connections, which can degrade network performance and user experience.</p>
<p>Zenarmor eliminates the need for SASE PoPs and SD-WAN gateways. Via Zenarmor’s central controller, Zenconsole, administrators can deploy lightweight agents on any client device, edge gateway, cloud VPC gateway, or ISP customer premises equipment. These agents have inspection engines designed to run as an application on any operating system, and they offer an equivalent of the traditional SASE security stack, including cloud application security broker, intrusion prevention, next-generation firewall, zero trust network access, and secure web gateway functionality.</p>
<p>Zenarmor’s agents ensure secure internet access without involvement of a SASE PoP. Furthermore, Zenarmor enables a mesh-based secure private access capability in which any two agents can establish an on-demand, point-to-point tunnel with inline traffic inspection. These tunnels allow endpoints to connect to any resources directly without backhaul through a PoP.</p>
<p>Zenarmor can run its agents on Linux, Windows, MacOS, and other operating systems, thus offering increased flexibility. For instance, customers can secure Internet of Things (IoT) devices either by installing Zenarmor agents directly on where they are supported, or by deploying a Zenarmor-enabled gateway onsite. If the agent is running on a resource-constrained device that limits its ability to conduct full local security inspection, administrators can configure that agent to forward traffic to a self-deployed SASE PoP in the customer’s nearest data center or cloud VPC.</p>
<h3>EMA Perspective</h3>
<p>Enterprise Management Associates (EMA) research consistently finds that enterprises struggle with SASE architecture. From an engineering perspective, they often grapple with complex integration of the SD-WAN component and the cloud native security capabilities of SASE (often referred to as security service edge or SSE). Zenarmor eliminates this integration complexity by consolidating connectivity and security into a single agent that can run anywhere.</p>
<p>Enterprises also struggle with the operational complexity that SASE PoPs introduce. Our research shows that these PoPs add latency that is difficulty to manage. They also introduce blind spots, because network observability solutions lose visibility into traffic after it exits a SASE PoP. By eliminating PoPs from SASE architecture, Zenarmor removes these operational challenges.</p>
<p>Zenarmor’s next-generation approach to SASE architecture will appeal to enterprises that are seeking architectural alternatives that remove complexity and reduce network latency. For that reason, <strong>EMA has named Zenarmor a Vendor to Watch</strong>.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/announcement/ema-announcement.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Press Release]]></title>
            <link>https://www.zenarmor.com/announcements#zenarmor-launches-industry-first-architecture-driven-sase-channel-partner-program</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#zenarmor-launches-industry-first-architecture-driven-sase-channel-partner-program</guid>
            <pubDate>Tue, 24 Feb 2026 00:00:00 GMT</pubDate>
            <description><![CDATA[Zenarmor Launches Industry-First Architecture-Driven SASE Channel Partner Program]]></description>
            <content:encoded><![CDATA[<h2>Zenarmor Launches Industry-First Architecture-Driven SASE Channel Partner Program</h2>
<p>Zenarmor, Inc., redefining secure access and network security with the industry’s only single-app, single-stack, single-pass architecture, today launched its global Zenarmor SASE Channel Partner Program.</p>
<p>This partner-first initiative is the industry’s first channel partner program designed to enable MSPs, MSSPs, ISPs, and security-focused partners to deliver, operate, and monetize SASE services without centralized cloud PoPs, service chaining, or architectural lock-in.</p>
<p>The new program formalizes Zenarmor’s distributed SASE go-to-market model and enables partners to deliver omnipresent security that follows users, applications, and data across on-prem, cloud, edge, and remote environments using a single-app, single-stack, single-pass SASE platform that runs natively wherever users and applications operate.</p>
<p>It is centrally managed across customers through Zenconsole, and partners deploy Zenarmor SASE on customer-owned or partner-managed infrastructure, preserving privacy, sovereignty, and control.</p>
<blockquote>
<p>“Zenarmor gives us the ability to deliver SASE as a distributed service without sacrificing performance or control,” said Bugra Gumus, CEO, Silvercloud Security and Technology Solutions, an MSP in Los Angeles. “Eliminating forced backhaul and accelerating deployment has reshaped how we deliver differentiated managed security services to our customers. Because it can be deployed across a wide variety of operating systems, we can establish a seamless security chain that begins at the user’s device and extends all the way to the cloud server. This flexibility, combined with the ability to manage VPN access through granular policies, offers our customers immense ease of use. Ultimately, the agility of the installation process provides a significant time-saving advantage for both our team and the end-users we serve.”</p>
</blockquote>
<p>This announcement represents a fundamental shift in how SASE is delivered through the channel. Most SASE partner programs are built around centralized cloud inspection, vendor-owned PoPs, proxy-based architectures, and service chaining across multiple security services.</p>
<p>Zenarmor’s channel program introduces a distributed, partner-operated SASE delivery model where security enforcement happens at or near the traffic source, partners retain operational control, and customers avoid unnecessary latency, privacy risks, and vendor dependency.</p>
<p>This is especially significant for distributed and hybrid workforces, latency-sensitive applications, regulated industries and regions with strict data residency requirements, and MSPs and MSSPs building differentiated managed security services.</p>
<blockquote>
<p>“Service providers and channel partners often face significant integration and operational challenges when delivering traditional SASE solutions built on SD-WAN overlays and cloud-based PoPs,” said Shamus McGillicuddy, Vice President of Research at Enterprise Management Associates (EMA). “Zenarmor simplifies that model by consolidating connectivity and security into a single-application, distributed architecture that can run across endpoints, gateways, cloud environments, and ISP customer premises equipment, eliminating reliance on centralized PoPs. This approach offers partners greater flexibility, performance, and control in delivering SASE services, which is why EMA recognized Zenarmor as a Vendor to Watch.”</p>
</blockquote>
<blockquote>
<p>“At Spectrum, we are seeing that the biggest risk today is not inside a traditional perimeter, it is in how people work,” said Mark Weinberger, Client Solutions Director, Spectrum Networks, a leading Australian ISP. “Users are remote, mobile, and constantly moving between networks. The old gateway-only model no longer reflects reality. Zenarmor enables us to shift enforcement closer to the endpoint while maintaining full visibility and control, allowing us to offer modern Zero Trust security that fits today’s distributed environments.”</p>
</blockquote>
<p>Zenarmor’s channel program enables partners to deliver full SASE functionality, including Zero Trust access, secure internet access, and inline inspection without routing traffic through centralized PoPs. This results in dramatically lower latency, improved user experience, and consistent security enforcement wherever users and applications operate.</p>
<p>Zenarmor SASE deploys in minutes as a single application across on-prem, cloud, and edge including network edges, gateways, and endpoint devices. Partners can onboard customers rapidly without forklift upgrades, complex service chaining, or multi-vendor orchestration, accelerating time-to-revenue and reducing operational overhead.</p>
<p>Because traffic inspection and policy enforcement occur locally, Zenarmor enables customers and partners to meet strict privacy, data residency, and compliance requirements. Sensitive traffic does not need to leave the country, region, or customer-controlled environment to be secured.</p>
<blockquote>
<p>“For too long, SASE has been synonymous with centralized cloud inspection and vendor-controlled infrastructure,” said Murat Balaban, Founder and CEO of Zenarmor. “We built Zenarmor differently. Our architecture was designed from day one to enforce security wherever users and applications operate, without forcing traffic through external PoPs or service chains. This new channel program aligns our go-to-market with that architectural reality. It empowers partners to deliver the entire SASE stack as a distributed, high-performance service they control. Partners are no longer reselling someone else’s cloud, they are operating their own modern, omnipresent SASE infrastructure.”</p>
</blockquote>
<p>Partners benefit from:</p>
<ul>
<li>The ability to deliver differentiated managed SASE services</li>
<li>Full operational control over service delivery</li>
<li>Faster onboarding and deployment cycles</li>
<li>Predictable recurring revenue models</li>
<li>Higher margins by avoiding PoP resale economics</li>
<li>The ability to extend existing NGFW, networking, and security practices into SASE</li>
<li>The ability for ISPs to turn existing customer-premises equipment into SASE-enabled infrastructure using Zenarmor’s OpenWRT-based deployment model</li>
<li>Centralized, multi-tenant management through Zenconsole, streamlining deployment, monitoring, and policy enforcement for MSPs, MSSPs, and ISPs across customers from a single control plane</li>
</ul>
<p>For ISPs, existing CPE can be transformed into SASE enforcement points using Zenarmor’s native support for open networking platforms such as OpenWRT, eliminating the need for hardware refresh or cloud-based service insertion.</p>
<p>With Zenarmor, partners help their clients realize:</p>
<ul>
<li>Significantly lower latency (100x to 1500x improvement in many real-world scenarios)</li>
<li>Better performance for SaaS, cloud, and real-time applications</li>
<li>Consistent Zero Trust enforcement regardless of user location</li>
<li>Faster deployment without network redesign</li>
<li>Reduced dependency on third-party cloud infrastructure</li>
<li>Greater control over where data is inspected and stored</li>
<li>Improved compliance with data sovereignty mandates</li>
<li>Reduced exposure to cross-border data transfer risks</li>
<li>Greater transparency and auditability</li>
</ul>
<h2>Plug.SASE.Everywhere™</h2>
<p>Unlike traditional SASE solutions, Zenarmor does not require traffic to traverse vendor-controlled infrastructure, does not rely on proxy-based inspection, and does not split networking, security, and access across multiple services.</p>
<p>What Zenarmor offers partners is unique because its complete SASE solution runs as one application, not stitched services; its enforcement happens locally and contextually, not after redirection; and its architecture was designed for distributed enforcement from inception, not retrofitted from legacy VPN, firewall, or proxy platforms.</p>
<p>For more information on the Zenarmor SASE Channel Partner Program, or to become a registered partner, visit <a href="https://www.zenarmor.com/partners">Zenarmor Partners</a>.</p>
<p>The Zenarmor SASE Channel Partner Program is now open for global partner enrollment.</p>
<h2>About Zenarmor</h2>
<p>Zenarmor is the first vendor in the industry to deliver ONE.APP. SASE™, a next-generation Secure Access Service Edge platform built on its proprietary Zenarmor SASE Anywhere Architecture™, based on a Single-App, Single-Stack, Single-Pass architecture.</p>
<p>Unlike traditional SASE models that rely on centralized inspection or service chaining, Zenarmor enforces Zero Trust access and inline security directly at the point of access, eliminating unnecessary latency and architectural complexity.</p>
<p>Built for real-world distributed networks, Zenarmor enables organizations, MSPs, MSSPs, and ISPs to deploy high-performance SASE services wherever users, devices, and workloads operate, across branch, edge, endpoint, and cloud environments.</p>
<p>With centralized, multi-tenant management and flexible deployment across existing infrastructure, Zenarmor empowers partners to operate modern SASE services quickly, efficiently, and at global scale.</p>
<p>The company is venture backed and headquartered in Cupertino, Calif., with European headquarters in Germany supporting customers and partners globally. For more information, visit <a href="https://www.zenarmor.com/">Zenarmor</a>.</p>
<p><sub><sup>Zenarmor is a registered trademark of Zenarmor, Inc.</sup></sub></p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/sase-channel-partner-program.svg" length="0" type="image/svg"/>
        </item>
        <item>
            <title><![CDATA[When Ransomware Meets Regulation: Why Insurance Companies Need Security That Never Turns Off]]></title>
            <link>https://www.zenarmor.com/blog#when-ransomware-meets-regulation-why-insurance-companies-need-security-that-never-turns-off</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#when-ransomware-meets-regulation-why-insurance-companies-need-security-that-never-turns-off</guid>
            <pubDate>Thu, 29 Jan 2026 00:00:00 GMT</pubDate>
            <description><![CDATA[The insurance industry is one of the most attractive targets for cybercriminals. This is because insurance has three things that they look for: regulated personal data, a distributed workforce, and cloud-based networks.
]]></description>
            <content:encoded><![CDATA[<p>The insurance industry is one of the most attractive targets for cybercriminals. This is because insurance has three things that they look for: regulated personal data, a distributed workforce, and cloud-based networks. The insurance industry has claims adjusters in the field, underwriters who work from home, third-party insurance brokers, SaaS systems such as Guidewire and Salesforce, and many APIs who all access the same sensitive customer information. And it is this sensitive customer information which is a gold mine for attackers.</p>
<p>Security strategies often fail to recognize that this environment both expands the attack surface and breaks many of the assumptions that network security was built on. Because of this, insurance networks are under constant risk from ransomware, phishing campaigns, and data extraction software that knows exactly how to attack the weakest points of insurance networks.</p>
<h2>Uncovering the Hidden Exposure Inside Modern Insurance Operations</h2>
<p>Many insurers still rely on legacy access models such as VPNs and PoP-based SASE architectures. In theory, these approaches secure traffic by routing it through centralized cloud gateways. In practice, however, performance sensitivity, unstable mobile connections, and the growing volume of direct-to-SaaS traffic mean that not all activity consistently follows this path. As a result, some connections bypass centralized inspection altogether.</p>
<p>This creates security blind spots where controls are applied inconsistently or only after traffic has already moved beyond the point of enforcement. These gaps are not caused by misuse, but by architectural limitations that were not designed for today’s highly distributed, mobile insurance workflows. Unfortunately, these blind spots are frequently where modern insurance breaches begin.</p>
<p>Attackers no longer need to penetrate a traditional network perimeter. Instead, they exploit moments when access paths fall outside centralized control, or leverage phishing and credential-based attacks against claims processors, adjusters, or partners. From there, they move laterally across SaaS platforms and cloud applications that legacy, perimeter-centric security models were never designed to continuously protect.</p>
<p>In some SASE architectures, this challenge is further amplified. When all traffic must traverse a single inspection point, even minor latency or connectivity fluctuations can impact user experience. Over time, this creates pressure on the architecture itself, where performance and security are placed in tension rather than working together. Any period during which traffic operates outside consistent enforcement increases exposure and compounds risk.</p>
<p>This growing gap between where work happens and where security is enforced has become a significant concern for regulated industries with highly distributed workforces, including insurance. As operations continue to expand across homes, branch offices, disaster sites, and partner environments, maintaining continuous, always-on security has become not just a technical requirement, but a business imperative.</p>
<h2>How Compliance Increases Risk</h2>
<p>Most industries only face financial loss when a breach happens. But the insurance industry also faces regulatory consequences.</p>
<p><strong>GLBA and state-level NAIC model laws</strong> require insurers and other financial institutions to protect customer data through controls, monitoring, and reporting. If data theft occurs, regulators will ask if the organization was enforcing protection everywhere.</p>
<p>Legacy security struggles here. Policies may only be enforced sporadically. Audit trails break down the moment traffic leaves the expected path. Logs are fragmented across numerous tools. For mid-market insurance IT teams, this creates a compounding operational and compliance burden that quickly becomes unmanageable. Most teams only have a handful of people running security, compliance, and operations. Providing detailed, defensible compliance evidence becomes an impossible task.</p>
<h2>Why VPNs No Longer Hold Up</h2>
<p>VPNs were not designed for today’s highly distributed, always-on insurance workflows. When a field adjuster connects from a disaster zone, traffic is routed through a centralized access path, which can introduce latency and create additional points of failure.</p>
<p>Users under time constraints may work around this by disconnecting, moving sensitive data through browsers and APIs that never pass through the encrypted tunnel, putting the information at risk.</p>
<p>As a result, security teams lose continuous visibility, consistent policy enforcement, and ongoing verification of user and device trust. VPNs authenticate users only at the moment of connection, not continuously throughout the session. This loss of continuous verification and inspection often occurs at exactly the moment when risk is highest. That is how phishing leads to ransomware. That is how a single stolen credential becomes a multi-million-dollar incident.</p>
<h2>What a Modern Insurance Security Model Looks Like</h2>
<p>To protect insurance organizations today, three things must be in place.</p>
<p><strong>First, Zero Trust must be enforced at the point of access, not just the network perimeter.</strong> A claims system, underwriting portal, or network must only be reachable after the user, device, and policy all pass continuous verification, instead of simply where the user is located.</p>
<p><strong>Second, threat inspection must happen at the source.</strong> Cybersecurity attacks must be stopped before they ever reach a cloud gateway or PoP.</p>
<p><strong>Third, compliance controls must be uniform.</strong> Logging, access control, and data protection can’t depend on whether a user remembered to connect to a VPN.</p>
<h2>Why Architecture Matters Now</h2>
<p>Zenarmor approaches this problem differently. Instead of relying on PoPs and tunnels, we run a single-app, single-stack SASE engine directly on the endpoint, at the edge, or in the cloud. All inspection, Zero Trust enforcement, and threat prevention happens where the traffic originates.</p>
<p>For insurance teams, this is a game changer.</p>
<p>If a field adjuster clicks a phishing link, Zenarmor inspects and blocks that traffic on their device before it even gets to the internet.</p>
<p>When a broker accesses Guidewire or Salesforce, Zenarmor applies ZTNA policies at the point of connection, ensuring least-privilege access without forcing traffic through a distant gateway.</p>
<p>When auditors visit, Zenarmor’s unified stack has consistent logs and policy records across every user, device, and location that is easy to access and provide.</p>
<h2>Why this Matters for Insurance</h2>
<p>Insurance is under some of the most demanding forces in any industry. Agents, adjusters, and internal staff all need access to sensitive systems. Insurance must also enforce data protection, audit rules, and least-privilege access to comply with GLBA and NAIC rules.</p>
<p>Zenarmor’s endpoint-first SASE model aligns with how insurance actually works.</p>
<ul>
<li><strong>Agents</strong> can securely access claims and underwriting apps without relying on VPNs.</li>
<li><strong>Adjusters</strong> can be granted time-limited access through ZTNA.</li>
<li><strong>Salesforce and Guidewire data</strong> is protected by integrated CASB and secure web controls.</li>
<li><strong>Customer information</strong> is protected by built-in DLP and continuous inspection.</li>
<li><strong>Remote teams and disaster-response teams</strong> stay protected without the need for additional hardware.</li>
</ul>
<p>Zenarmor’s solution is delivered through one unified stack, deployed in minutes, and managed through a single console. Which is exactly what insurance IT teams need.</p>
<h2>Where Insurance Goes Next</h2>
<p>Ransomware and regulatory pressures are not going away. Remote work is here to stay. Cloud and SaaS adoption is accelerating.</p>
<p>Insurance organizations that rely on authenticate-once access models, rather than continuous verification, will find themselves unknowingly increasing their risks for data exposure.</p>
<p>Those that move to an always-on, Zero Trust model will be able to protect agents, data, and systems wherever work happens, without the need to trade robust security for performance.</p>
<p>That shift is more than just following technology trends, but ensuring survival and thriving in a world where one click can trigger a regulatory, financial, and reputational crisis.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/ransomware-meets-regulation.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Zero Trust in the AI Era: Why AI Exposes the Limits of Centralized Zero Trust Models]]></title>
            <link>https://www.zenarmor.com/blog#zero-trust-in-the-ai-era-why-ai-exposes-the-limits-of-centralized-zero-trust-models</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#zero-trust-in-the-ai-era-why-ai-exposes-the-limits-of-centralized-zero-trust-models</guid>
            <pubDate>Thu, 29 Jan 2026 00:00:00 GMT</pubDate>
            <description><![CDATA[Enterprise AI adoption is accelerating at a pace few security architectures were designed to handle. Generative AI, agentic workflows, and non-human identities are rapidly reshaping how applications are built, how data flows, and where computation happens.
]]></description>
            <content:encoded><![CDATA[<p>Enterprise AI adoption is accelerating at a pace few security architectures were designed to handle. Generative AI, agentic workflows, and non-human identities are rapidly reshaping how applications are built, how data flows, and where computation happens. As a result, long-standing assumptions about network security, visibility, and control are breaking down.</p>
<p>Across the industry, there is growing consensus on one point: traditional security models are not sufficient for the AI era. AI traffic behaves differently. It is faster, API-driven, non-human, and deeply contextual. Security teams are struggling to understand where AI is running, how data moves between systems, and which identities, human or machine should be trusted.</p>
<p>This is why Zero Trust has re-emerged as a foundational principle. But as AI becomes more decentralized, not all Zero Trust architectures are created equal.</p>
<h2>AI Is Decentralizing Security, Not Centralizing It</h2>
<p>For years, enterprise security strategies assumed that traffic could be routed through centralized inspection points from cloud gateways, PoPs, or perimeter controls where policies could be applied. That model is increasingly misaligned with reality.</p>
<p>AI workloads are no longer confined to centralized cloud environments. They are being pushed:</p>
<ul>
<li>Closer to users</li>
<li>Into branch locations</li>
<li>Across private data centers</li>
<li>Onto edge infrastructure</li>
<li>Into hybrid and multi-cloud environments</li>
</ul>
<p>As Zenarmor Founder and CEO Murat Balaban recently told CRN, in the context of analyzing AI vendor trends:</p>
<blockquote>
<p>“As enterprises push compute, data and AI workloads closer to the edge, Zenarmor is investing in architectures that securely connect and protect these distributed environments. Enabling low-latency, secure connectivity and inspection across on-prem, cloud and edge infrastructure will be critical as AI workloads become more decentralized.”</p>
<p>— Murat Balaban, <a href="https://www.crn.com/news/ai/2026/the-biggest-ai-agents-trends-from-vendors-in-the-crn-ceo-outlook-2026?page=8">CRN CEO Outlook 2026</a></p>
</blockquote>
<p>This shift has profound implications for Zero Trust.</p>
<h2>Visibility Alone Is Not Zero Trust</h2>
<p>Much of today’s AI security discussion focuses on visibility, discovering AI assets, mapping dependencies, and monitoring usage. While visibility is essential, it is not sufficient.</p>
<p>True Zero Trust requires more than knowing that AI traffic exists. It requires:</p>
<ul>
<li>Continuous verification</li>
<li>Context-aware policy enforcement</li>
<li>Least-privilege access decisions</li>
<li>Immediate inspection and control</li>
</ul>
<p>When enforcement depends on redirecting traffic to centralized inspection layers, organizations introduce latency, architectural complexity, and operational risk. In the AI era where performance, user experience, and real-time decisions matter, these tradeoffs become unacceptable.</p>
<p><strong>Zero Trust cannot be an overlay. It must be embedded.</strong></p>
<h2>The Limits of Centralized Zero Trust Models</h2>
<p>Centralized, PoP-based Zero Trust architectures were designed for a world where:</p>
<ul>
<li>Applications live in clouds</li>
<li>Users connect from predictable locations</li>
<li>Traffic patterns are human-driven and web-centric</li>
</ul>
<p>AI breaks these assumptions.</p>
<p>AI traffic often:</p>
<ul>
<li>Originates inside private networks</li>
<li>Flows laterally between services</li>
<li>Uses non-standard protocols</li>
<li>Involves machine-to-machine communication</li>
<li>Requires sub-millisecond decisions</li>
</ul>
<p>Routing this traffic through distant enforcement points increases latency, complicates troubleshooting, and creates new failure domains. More importantly, it delays enforcement, undermining the very principle of Zero Trust.</p>
<h2>Zero Trust Must Execute Where Traffic Is Created</h2>
<p>As AI decentralizes compute, Zero Trust enforcement must follow.</p>
<p>This is where architectural choices matter. Zero Trust enforcement must occur at the point where traffic is generated including branch, edge, device, and private environments, not after traffic is redirected elsewhere.</p>
<p>True Zero Trust for AI requires both context awareness and immediate enforcement in a single pass without introducing latency, routing changes, or architectural dependency.</p>
<p>Zenarmor approaches Zero Trust differently by delivering enforcement at the point where traffic is created, not after it is redirected. Through the <strong>Zenarmor SASE Anywhere Architecture™</strong>, Zero Trust controls operate consistently across:</p>
<ul>
<li>On-prem environments</li>
<li>Branch locations</li>
<li>Cloud workloads</li>
<li>Edge infrastructure</li>
<li>Remote users/devices</li>
</ul>
<p>All inspection and policy enforcement occur in a single app, single stack, single pass, without dependency on centralized PoPs or traffic backhauling.</p>
<p>This approach enables:</p>
<ul>
<li>Sub-millisecond local inspection</li>
<li>Consistent Zero Trust enforcement for AI and non-AI traffic</li>
<li>Elimination of policy drift</li>
<li>Lower operational complexity</li>
<li>Faster adoption in brownfield environments</li>
</ul>
<h2>AI Security Must Work in the Real World</h2>
<p>Most enterprises are not greenfield AI labs. They operate in complex, regulated, brownfield environments with:</p>
<ul>
<li>Existing networks</li>
<li>Limited security teams</li>
<li>Performance-sensitive applications</li>
<li>Regulatory obligations</li>
</ul>
<p>AI security that requires network redesign, traffic re-architecture, or additional layers of tooling creates friction and slows adoption.</p>
<p><strong>Zero Trust for the AI era must adapt to existing environments, not demand that enterprises adapt to it.</strong></p>
<p>This is especially critical as organizations balance innovation with compliance frameworks such as the <strong>NIST AI Risk Management Framework</strong> and the <strong>EU AI Act</strong>. Governance, reporting, and visibility matter but only when paired with enforcement that is immediate, local, and architecturally simple.</p>
<h2>The Future of Zero Trust Is Decentralized</h2>
<p>AI is forcing a rethinking of security fundamentals. The industry is moving away from perimeter-centric thinking and toward architectures that assume:</p>
<ul>
<li>Distributed compute</li>
<li>Continuous verification</li>
<li>Context-aware enforcement</li>
<li>Performance without compromise</li>
</ul>
<p><strong>Zero Trust is no longer just about access, it is about execution.</strong></p>
<p>As AI workloads continue to decentralize, security architectures must do the same. Those that rely on centralized inspection will struggle to keep pace. Those built to enforce Zero Trust everywhere traffic originates will be positioned to enable AI innovation without sacrificing security, performance, or control.</p>
<p>The AI era doesn’t need more layers. It needs better architecture.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zero-trust-in-ai-era.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Privacy Update]]></title>
            <link>https://www.zenarmor.com/announcements#privacy-update</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#privacy-update</guid>
            <pubDate>Thu, 22 Jan 2026 00:00:00 GMT</pubDate>
            <description><![CDATA[We've updated our list of third-party service providers in accordance with our Privacy Policy and Data Processing Addendum (DPA).]]></description>
            <content:encoded><![CDATA[<p>Dear Zenarmor Community,</p>
<p>We’ve updated our list of third-party service providers in accordance with our Privacy Policy and Data Processing Addendum (DPA).</p>
<p><strong>What’s New?</strong>:</p>
<p>We’ve added G-core to support infrastructure and network services.</p>
<p><strong>Key details</strong>:</p>
<ul>
<li>G-core is contractually bound to meet Zenarmor’s data protection and security requirements.</li>
<li>This update does not change how your data is collected, processed or protected, and does not affect service availability or functionality.</li>
</ul>
<p>You can view the updated list of third-party service providers <a href="https://www.zenarmor.com/third-party-service-providers">here</a>.</p>
<p>Contact us at privacy [at] zenarmor.com if you have any questions or concerns.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/announcement/privacy-update.svg" length="0" type="image/svg"/>
        </item>
        <item>
            <title><![CDATA[Securing Remote Work Without the Slowdown]]></title>
            <link>https://www.zenarmor.com/blog#how-mid-market-companies-can-secure-remote-work-without-slowing-down-their-business</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#how-mid-market-companies-can-secure-remote-work-without-slowing-down-their-business</guid>
            <pubDate>Mon, 19 Jan 2026 00:00:00 GMT</pubDate>
            <description><![CDATA[Mid-market companies have to juggle many things at once. Work is moving away from closed networks and into cloud apps, SaaS platforms, and distributed workforces. While all this is happening, they must also protect sensitive data, prevent cyberattacks, and meet regulatory and customer expectations all while doing it with fewer employees than large companies.
]]></description>
            <content:encoded><![CDATA[<p>Mid-market companies have to juggle many things at once. Work is moving away from closed networks and into cloud apps, SaaS platforms, and distributed workforces. While all this is happening, they must also protect sensitive data, prevent cyberattacks, and meet regulatory and customer expectations all while doing it with fewer employees than large companies.</p>
<p>Most mid-market teams are small. Most of their security stacks are fragmented. And because of latency issues, some of their workers may not stay on secure VPN connections for the entire day. All of this has created a dangerous new reality: security is only as strong as your weakest link.</p>
<p>For mid-market companies, the old way no longer works.</p>
<h2>What Mid-Market Teams Really Need</h2>
<p>Mid-market teams don’t want bells and whistles when it comes to security; they want outcomes.</p>
<p>They want a VPN-free way to secure hybrid employees, a cloud-ready platform that does not slow anyone down, and protection that stays active no matter where or how work happens.</p>
<p>Most mid-market companies have multiple work locations, remote workers, and a mix of cloud and on-premise systems. Often, they have a small IT team, usually two to twenty-five people who have to manage IT and security for the entire company. Not only that, but they have to protect company data against ransomware, phishing attacks, compliance failures, and more.</p>
<h2>Why VPNs Are No Longer the Answer</h2>
<p>Not too long ago, VPNs helped users stay secure when they were outside of the office, which was usually an exception more than the norm. That world no longer exists.</p>
<p>Sales teams now work from home, developers access information from the cloud, and finance teams use SaaS applications. None of this behaves like traffic inside a closed network. VPNs create secure tunnels, but SASE models often force that traffic through centralized cloud gateways, which can hurt performance. When users face latency, they disconnect, and security immediately loses visibility.</p>
<p>When VPNs are turned off, all traditional security stacks are blind. Web traffic goes direct. SaaS sessions bypass inspections. Malicious links slip through into your network before any gateway can stop them.</p>
<p>PoP-based SASE models suffer from the same thing. They depend on traffic being routed to a specific point for inspection. This can lead to a slowdown, and users turning off protection. Every moment spent off-path becomes a possible exposure window.</p>
<h2>Why Mid-Market Teams Feel Stuck</h2>
<p>Large companies can usually absorb this complexity as they have dedicated SecOps teams, big budgets, and layered defenses.</p>
<p>But most mid-market teams don’t have these luxuries.</p>
<p>Mid-market IT and security teams are juggling multiple systems: VPNs, web gateways, CASB tools, and endpoint agents, none of which were made to work with each other. Each application has its own logs, policies, and potential blind spots. Each new user adds to this burden.</p>
<p>These teams are facing more security risks, more compliance pressure, and more customer expectations than ever before. They don’t need more tools, they need faster deployment, and security that works perfectly 100% of the time, even when people do not.</p>
<h2>What Modern Security Looks Like</h2>
<p>To adequately protect mid-market enterprises, security has to do one thing: move closer to the user and the data.</p>
<p>This means that access must be identity-driven. Users must only be given access to the apps and data that they are specifically authorized to use at that given time.</p>
<p>Data inspection must happen at the source and it must be continuous. Threats need to be blocked where they originate, not sent off to a distant tunnel or gateway, and trust cannot stop once a user is initially authenticated. It has to be re-evaluated as context, behavior, and risk change.</p>
<p>Finally, protection must be always on. Security cannot depend on a user’s whim to turn a VPN on or off, or on a PoP being reachable.</p>
<h2>Security Depends on Architecture</h2>
<p>Zenarmor believes something different: security should run where the traffic originates from, not where it is routed.</p>
<p>Instead of stitching together multiple security applications, Zenarmor has a single-app, single-stack architecture that runs directly on the endpoint, at the edge, or in the cloud. All Zero Trust enforcement, threat inspection, and policy controls happens inside one solution.</p>
<p>Inspection happens at the source, so there is no security gap. If a user clicks a phishing link, it is blocked before it leaves their device. When logging into a SaaS session, it is immediately governed by user identity and policy.</p>
<p>This solves the exposure holes that plague legacy security models. Users no longer have to choose between network speed and secure protection.</p>
<h2>A Game-Changer for Mid-Market Teams</h2>
<p>For mid-market teams, a security solution that combines Zero Trust enforcement, threat inspection, and policy controls changes everything.</p>
<p>Remote employees can work from anywhere, and are fully protected at all times. SaaS platforms like Salesforce, Jira, and Microsoft 365 have seamless access and data protection rules.</p>
<p>Developers and contractors get access to only what they need, when they need it, without needing to access the internal network.</p>
<p>Branch offices are now fully secure, without the need for expensive hardware. New team members can be onboarded effortlessly, without needing to rebuild or revamp the network.</p>
<p>And all of this from one lightweight platform that can be deployed in minutes, not months.</p>
<h2>Making Zero Trust Practical</h2>
<p>Zero Trust is the new reality. Most organizations now recognize that it is a critical piece of their security strategy.</p>
<p>But Zero Trust must be enforced everywhere continuously. If it depends on users exhibiting perfect behavior, it will not live up to its promise.</p>
<p>Zenarmor enforces Zero Trust at the endpoint and point of access. Our security checks identity, device, and policy every time, regardless of where the user is or how they are connecting.</p>
<p>The result? Completely secure hybrid work, without any slowdowns.</p>
<h2>Why Traditional SASE Security No Longer Cuts It</h2>
<p>SASE was originally created to bring network security to cloud-first, distributed organizations. The idea was right, but the implementation was based on an outdated model.</p>
<p>PoP-heavy network architectures introduce latency, rising costs, and new security risks. Multi-vendor stacks add complexity.</p>
<p>A single-stack, built for distributed architecture like Zenarmor brings SASE back to its original promise of secure access everywhere work actually happens, with consistent policy enforcement and real-time protection.</p>
<h2>Questions to Ask Vendors</h2>
<p>Mid-market enterprises have unique issues that demand unique answers from network security vendors.</p>
<p>How are your networks protected if users turn off their VPNs? What happens when a user clicks a malicious link? How do you ensure compliance while reducing the need to manage multiple tracking tools? How quickly can your users get access to applications they need to do their jobs?</p>
<p>These questions will allow you to see whether a security platform was designed for how work actually happens, or for a diagram.</p>
<h2>The Future of Mid-Market Security</h2>
<p>Hybrid work, cloud adoption, and distributed workforces are not going away. And attackers are not going away either.</p>
<p>Mid-market companies need network security that aligns with how work actually happens now. This means always-on protection, identity-driven access, and inspection where the data actually lives.</p>
<p>Zenarmor’s single-app, single-stack solution was built for this moment. It removes any VPN gaps, eliminates PoP dependency, and gives small IT teams a robust way to protect their company while reducing the workload.</p>
<p>Zenarmor allows mid-market companies to secure remote work, cloud apps, and their growing workforce without slowing them down or forcing them to become security experts.</p>
<p>The companies that do network security right will be safer, faster, more resilient, and better positioned for whatever the future brings.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/mid-market-secure-remote-work.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Why Distributed Networks Break Traditional SASE Models]]></title>
            <link>https://www.zenarmor.com/blog#why-distributed-networks-break-traditional-sase-models</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#why-distributed-networks-break-traditional-sase-models</guid>
            <pubDate>Mon, 12 Jan 2026 00:00:00 GMT</pubDate>
            <description><![CDATA[Network security has long assumed that networks were distinct places, such as offices, branches, and data centers. This shaped how data flowed and how security protected it. But in today’s distributed reality, what constitutes a network is wherever work is happening.]]></description>
            <content:encoded><![CDATA[<p>Network security has long assumed that networks were distinct places, such as offices, branches, and data centers. This shaped how data flowed and how security protected it. But in today’s distributed reality, what constitutes a network is wherever work is happening.</p>
<p>Remote employees face the same architectural challenges that branch offices once did. They connect from open networks, access multiple cloud and SaaS platforms, and pull critical resources from many places. Each endpoint they access has its own traffic patterns, trust decisions, and risk profile.</p>
<p><strong>The new distributed reality has turned every endpoint into its own network, and security models designed for centralized control can fracture, revealing gaps that attackers can exploit.</strong></p>
<h2>The Myth of the Centralized Network</h2>
<p>Traditionally, network security was built around the concept of control through concentration. Users, applications, and data could be put in a small number of trusted locations, and IT and security teams could inspect traffic and enforce policies from the perimeter. Firewalls, VPNs, and other security software all emerged from this concept.</p>
<p>In this world, a network had an inside and an outside. Users worked from inside offices. Applications lived inside data centers. Security tools protected data from attackers on the outside.</p>
<p><strong>But as cloud services, SaaS platforms, and remote work have become a necessary part of our distributed world, traffic no longer flows through a single chokepoint.</strong> Applications moved to the outside of this perimeter, and <strong>“inside”</strong> lost all meaning.</p>
<p>Many security solutions still cling to this idea of a single chokepoint, forcing distributed activity through a central control that can’t adequately handle a network that no longer has a center.</p>
<h2>From Branch Offices to Infinite Edges</h2>
<p>In our new distributed reality, applications no longer reside in data centers. SaaS platforms are now the default way for collaboration, finance, and operations. Business infrastructure now resides on the cloud. Users, contractors, and third parties access critical systems without ever setting foot inside an office.</p>
<p>What has replaced the traditional branch office is infinite edges, when networks stop having a fixed boundary. Every user, device, and workload is now its own access point, generating traffic that moves in multifaceted, unpredictable paths to the internet, cloud services, and APIs.</p>
<p>Traditional network boundaries have simply dissolved.</p>
<h2>Traditional SASE Was Designed for a Different World</h2>
<p>Secure Access Service Edge (SASE) was developed to modernize security for distributed networks. Instead of scattered endpoints, it promised a unified, cloud-delivered security model. But many assumptions from early SASE architectures came from old, outdated models they were meant to replace.</p>
<p>These models depend on redirected traffic to a centralized, limited number of cloud inspection points, sometimes very far from where these connections originate. <strong>Similar to the old hub-and-spoke model, this has simply moved the data center to the cloud.</strong></p>
<p>This made sense when remote access was the exception and traffic volume was predictable. But today’s distributed-first environments are anything but predictable. With an outdated SASE model, traffic is forced onto indirect paths, where latency and performance issues become a problem.</p>
<p>The other assumption with traditional SASE is that security improved with everything funneled through one location. In distributed networks, this assumption is no longer valid.</p>
<h2>Understanding Latency as a Security Risk</h2>
<p>It is easy to see latency as strictly a performance issue, something separate from security. But in distributed environments, the line separating the two has blurred. <strong>If security controls cause traffic to slow down, that changes how users behave.</strong></p>
<p>Users see friction as a problem, and inevitably seek workarounds. When deadlines loom, they may bypass security tools and move files through unsanctioned tools, or disable protection when possible. What began as a performance issue turns into a policy failure.</p>
<p>Forcing traffic through a centralized inspection point amplifies this risk. This can add delay, especially for SaaS applications and real-time services that demand low-latency connections.</p>
<p><strong>In the new distributed model, security that slows down work gets avoided.</strong></p>
<h2>The Hidden Cost of Forcing All Traffic Through the Cloud</h2>
<p>Routing all traffic through a single centralized cloud inspection point for simplification purposes may indirectly introduce complexity, albeit one that is harder to see until performance and reliability begin to suffer.</p>
<p>Backhauling traffic through a distant inspection point can result in data traveling through indirect paths to reach its destination. Inspection points can turn into bottlenecks, especially during peak usage times, and can cause inconsistent performance for users and applications.</p>
<p><strong>Instead of following the most direct path to a SaaS service or cloud workload, data is forced through one hub that can fail or slow down.</strong></p>
<p>What might appear as centralized and clean on paper often turns into a network quagmire that undermines both performance and security resilience.</p>
<h2>Highly Distributed Environments Change the Threat Model</h2>
<p>When networks were static and centralized, location was used to verify trust. Users inside the office or behind the firewall were inherently trusted. But in distributed environments, location has no meaning. Users connect from anywhere, applications are accessed from the cloud, and traffic is routed through many different locations.</p>
<p>This has scrambled the threat model. <strong>Instead of relying on where a connection comes from, security models now must look at who is making it, under what conditions, and for what purpose.</strong></p>
<p>The distributed model means continuous verification must be enforced. Trust is not established just once; connections must be evaluated dynamically as conditions change and new resources are accessed.</p>
<h2>Why One Remote User is a Network</h2>
<p>Remote access used to be seen as a temporary tunnel to a corporate network. A user logged in, accessed what they needed, and then returned to the in-office topology.</p>
<p>In today’s world where work is distributed, this no longer holds. <strong>Modern architectures understand that networks are no longer fixed locations, but wherever users, devices, and workloads operate from.</strong></p>
<p>Every user engages with multiple devices, multiple apps, cloud services, identity providers, and resources remotely over the internet. Each interaction generates an independent connection point with trust decisions and contextual signals that must be evaluated continuously.</p>
<h2>Security That Assumes Distribution from the Start</h2>
<p>Modern network security understands that work, data, and users are dispersed across multiple regions instead of concentrated behind a single perimeter. Inspection of traffic and policy enforcement must happen where traffic actually flows, at the edge, in the cloud, or right at the endpoint, rather than funneled through a single centralized point.</p>
<p><strong>Locating security controls closer to users and workloads reduces latency and eliminates inefficiencies.</strong> This approach makes it easier for security teams to enforce consistent policies without sacrificing performance.</p>
<p>Adopting a distributed-first mindset paired with identity-centric security means that access decisions are based on who or what is connected, not where they are located.</p>
<h2>The Mid-Market Reality: Small Teams and Limited Budgets</h2>
<p>Most mid-market organizations do not have large, dedicated security teams or unlimited budgets. Network and security issues usually reside with a small group of generalists who already manage many other things for day-to-day operations. Complexity in such an environment is unsustainable.</p>
<p>Network architecture that needs constant tuning and specialized expertise only adds to risk. When tools are hard to deploy and operate, this can lead to partial implementation and enforcement inconsistency.</p>
<p><strong>Security must align with the available resources necessary to run it.</strong></p>
<h2>What to Look For When Evaluating Distributed Security Models</h2>
<p>When evaluating distributed security models, be sure to consider architectural assumptions more than features. Always ask where enforcement actually happens. Models that rely on centralized choke points often cause the same problems they claim to fix.</p>
<p><strong>Find out how identity and context are treated. More effective distributed models evaluate identity and context continuously, rather than relying on network location.</strong></p>
<p>Be sure to consider performance as well. If the architecture introduces latency, it will encourage workarounds that undermines security policy.</p>
<h2>Designing Security for the Network You Actually Have</h2>
<p>You can design security for a centralized network but that doesn’t make your network centralized. Users, applications, and data are already distributed, and architectures that ignore this reality don’t fail loudly. They fail quietly, through latency, blind spots, and inconsistent enforcement.</p>
<p>This is where traditional SASE starts to break down. When security is built around assumptions instead of reality, complexity increases and protection weakens.</p>
<p><strong>When network architecture aligns with how work actually happens, security becomes simpler to use, more consistent to enforce, and stronger where it matters most.</strong></p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/why-distributed-networks-break-traditional-sase-models.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Why Complexity Is the Biggest Security Risk in Distributed Networks]]></title>
            <link>https://www.zenarmor.com/blog#why-complexity-is-the-biggest-security-risk-in-distributed-networks</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#why-complexity-is-the-biggest-security-risk-in-distributed-networks</guid>
            <pubDate>Thu, 08 Jan 2026 00:00:00 GMT</pubDate>
            <description><![CDATA[Today, most organizations have embraced remote work, cloud infrastructure, and hybrid architecture as core to their business operations. As a result, the number of organizational touchpoints has increased exponentially, introducing new layers of operational and security complexity. Each of these touchpoints, whether network storage, applications, or connections becomes an access point where attackers can gain a foothold. This sprawling business environment erodes visibility and makes it difficult to apply the same security controls consistently across users, devices, and locations.
]]></description>
            <content:encoded><![CDATA[<p>Today, most organizations have embraced remote work, cloud infrastructure, and hybrid architecture as core to their business operations. As a result, the number of organizational touchpoints has increased exponentially, introducing new layers of operational and security complexity. Each of these touchpoints, whether network storage, applications, or connections becomes an access point where attackers can gain a foothold. This sprawling business environment erodes visibility and makes it difficult to apply the same security controls consistently across users, devices, and locations.</p>
<h2>The Hidden Cost of Complexity</h2>
<p>As environments expand, maintaining a clear picture of who is accessing what, from where, and under which conditions becomes increasingly difficult. <strong>Complexity increases risk</strong>, and layers of network tools create blind spots and inconsistent policy enforcement across environments. IT spends too much time fine tuning rules and troubleshooting access instead of responding to real threats.</p>
<p>This complexity overwhelms lean IT and security teams, slowing response times and increasing the likelihood of human error. Many moving parts inevitably lead to problems falling through the cracks, increasing exposure and reducing resilience. Over time, <strong>even well-designed controls lose effectiveness</strong> as they become harder to operate and validate.</p>
<h2>From Centralized Perimeters to Distributed Reality</h2>
<p>For many years, network security followed simple principles: users worked inside a closed network, applications lived in centralized data centers, and data flowed in predictable paths. Security controls were placed on the edges and enforced uniformly, making both monitoring and enforcement relatively straightforward.</p>
<p><strong>That model no longer exists.</strong> Networks are now distributed, allowing users to work from home, branch offices, and mobile locations. Applications are accessed from cloud providers and SaaS platforms. Data often flows directly between users and services without touching a corporate network.</p>
<p><strong>This shift fundamentally changes how trust, access, and inspection must work.</strong> Many security architectures still assume a central choke point. They backhaul traffic to data centers, force data through a small number of gateways, or apply controls designed for outdated work environments.</p>
<p>As a result, security models struggle to adapt. Architecture lags behind reality, complexity increases, and risks spread unnoticed until something fails or an incident exposes the gap.</p>
<h2>More Tools Mean More Risk</h2>
<p>Many organizations respond to rising threats by adding more tools. Each challenge, whether remote access, SaaS usage, or cloud adoption, introduces another platform to manage. While this may appear to strengthen protection, it often creates <strong>tool sprawl.</strong></p>
<p>Firewalls, secure web gateways, and cloud security platforms enforce different policies using different assumptions. Traffic may be inspected multiple times in some paths and not at all in others. <strong>Visibility becomes fragmented</strong>, making it difficult to know what should be allowed or blocked at any given point.</p>
<p>Policy fragmentation increases as configurations change across tools. Small adjustments can lead to drift that no one fully understands. Over time, teams lose confidence in how policies interact, and security decisions become reactive rather than deliberate.</p>
<p>Every tool adds operational load: more consoles, more alerts, and more integrations to troubleshoot. For mid-market teams with limited staff, this creates dependence on individual knowledge and manual workarounds. Attackers exploit the gaps between tools, not the tools themselves.</p>
<h2>The Human Impact of Overengineered Security</h2>
<p>Overly complex environments place a heavy burden on IT and security teams. Complex systems require constant attention, deep institutional knowledge, and manual workarounds just to function as intended.</p>
<p>This leads to fatigue, inefficient workflows, and a reactive posture. Teams manage alerts from multiple tools, each with its own priorities and blind spots. Important warnings can be lost among low-value alerts. Response slows as IT determines where issues originated and which control applies.</p>
<p>In fast-moving environments, delays and confusion increase the likelihood of mistakes. Over time, this strain becomes cumulative. Documentation falls out of date. Individuals with deep system knowledge leave, creating internal points of failure that are difficult to replace.</p>
<p><strong>When security is dominated by complexity, teams manage systems instead of risk.</strong> Burnout increases, turnover rises, and organizational resilience erodes gradually rather than through a single visible failure.</p>
<h2>Performance vs Security: A False Trade-Off</h2>
<p>Performance and security are often framed as opposing forces. Stronger security is assumed to slow traffic by adding inspection points and forcing centralized routing. In distributed environments, this introduces latency, sluggish applications, and inefficient network paths.</p>
<p>These performance impacts affect security outcomes. When controls introduce friction, teams look for workarounds. Inspection may be disabled, and exceptions granted to meet deadlines or preserve user experience. Over time, security weakens to keep operations moving.</p>
<p>Backhauling traffic creates single points of failure and overload targets. Performance degrades during peak usage, forcing teams to choose between availability and protection. These trade-offs are not sustainable at scale.</p>
<p><strong>Security that degrades performance is difficult to maintain.</strong> Users lose trust, administrators loosen controls, and risk increases incrementally. Effective security protects traffic without forcing it through distant or fragile inspection points.</p>
<h2>The Mid-Market Reality Few Design For</h2>
<p>Much of today’s security architecture is designed for large enterprises. It assumes dedicated teams and budgets that can absorb complexity and long deployment cycles. <strong>Mid-market organizations operate differently.</strong> Lean teams and overlapping responsibilities leave little time for constant oversight.</p>
<p>Staffing limits how many tools can realistically be managed. Budget pressure means security must work within existing networks, yet many solutions assume extensive redesigns, prolonged migrations, or specialized expertise.</p>
<p>When models do not fit operational reality, teams disable features, delay upgrades, or rely on manual workarounds. Over time, this creates fragile and inconsistent environments that are difficult to secure or scale.</p>
<p>Mid-market organizations need enterprise-grade protection delivered in forms that respect limited staff, distributed users, and the need to keep systems running without disruption.</p>
<h2>Deployment Without Disruption</h2>
<p><strong>Deployment introduces risk.</strong> Large migrations and architecture overhauls reduce visibility while controls are in flux. During transitions, operational strain degrades security even when intentions are sound.</p>
<p>IT teams must support old and new systems in parallel while maintaining uptime. The longer transitions last, the more likely gaps become normalized and overlooked.</p>
<p>Incremental changes without forced redesigns or downtime are easier to manage and validate. They maintain consistent enforcement while adapting to new requirements and reduce exposure during transition periods.</p>
<p><strong>Deployment is part of the security model.</strong> Approaches that minimize disruption reduce risk during one of the most vulnerable phases of any environment.</p>
<h2>Rethinking Unified Security</h2>
<p>“Unified security” often means buying more solutions from fewer vendors. <strong>Consolidation alone does not create coherence.</strong> Packaging tools together does not ensure consistent enforcement or operational clarity.</p>
<p><strong>Real unification is architectural.</strong> Policies are defined once and enforced consistently across environments. Systems behave predictably, allowing teams to understand impact, validate outcomes, and trust decisions.</p>
<p>Vendor consolidation can hide complexity beneath a single interface. Different enforcement points may still operate independently, creating gaps beneath the surface.</p>
<p>Without architectural alignment, unification becomes a marketing label rather than a meaningful improvement.</p>
<h2>Making Simplicity a Security Principle</h2>
<p><strong>Simplicity is a security principle.</strong> Systems that are easier to monitor and defend allow teams to act quickly and confidently.</p>
<p>Uniform policies reduce ambiguity. Centralized visibility replaces scattered dashboards. When incidents occur, teams focus on response instead of investigation and correlation.</p>
<p>Fewer moving parts increase resilience. Changes are easier to test, and knowledge is shared across teams instead of concentrated in specialists.</p>
<p>Simplicity does not reduce protection. It produces architectures that remain enforceable and reliable as networks evolve.</p>
<h2>Complexity Is the Real Attack Surface</h2>
<p>Modern attacks succeed because complexity creates gaps, delays, and uncertainty. As networks distribute, <strong>the real attack surface becomes architectural complexity itself.</strong></p>
<p>Tool sprawl, fragmented enforcement, and operational strain all stem from excessive complexity. Over time, visibility erodes, response slows, and risk increases unnoticed.</p>
<p>For security leaders, <strong>the answer is not more controls, but ensuring existing ones work coherently.</strong> Reducing complexity means building systems teams can understand, operate, and defend effectively.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/why-complexity-is-the-biggest-security-risk-in-distributed-networks.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor 2.2 Expands DNS Integration for Secure Private Networks]]></title>
            <link>https://www.zenarmor.com/blog#zenarmor-2-2-expands-dns-integration-for-secure-private-networks</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#zenarmor-2-2-expands-dns-integration-for-secure-private-networks</guid>
            <pubDate>Sun, 14 Dec 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[Zenarmor 2.2 introduces custom DNS servers and search domains for secure private networks, giving organizations greater control and flexibility for hybrid cloud and multi-domain environments.
]]></description>
            <content:encoded><![CDATA[<p>In previous Zenarmor releases, we introduced built-in DNS integration for secure private networks, a capability that automatically registered every peer (endpoint or gateway) in your organization with Zenarmor’s global DNS infrastructure. This provided seamless identification, monitoring, and real-time visibility across distributed environments.</p>
<p>With the Zenarmor 2.2 release, we’re taking this one step further.</p>
<p>Administrators can now add their own DNS servers and search domains, in addition to using Zenarmor’s built-in DNS services. This new flexibility gives organizations greater control, enhances integration with existing network topologies, and supports advanced use cases, such as hybrid cloud and multi-domain environments.</p>
<h2>Background: DNS Integration for Secure Network Visibility</h2>
<p>Every peer in a Zenarmor secure network is automatically registered with our public DNS service using a standardized record format:</p>
<p><code>${PEER_SLUG}-${NETWORK_SLUG}.{ORG_NAME}.zpeer.net</code></p>
<p>This automatic DNS registration is what makes Zenarmor’s secure private networks so powerful. It provides:</p>
<ul>
<li><strong>Instant peer identification</strong> – every endpoint and gateway can be uniquely identified within the organization.</li>
<li><strong>Seamless visibility</strong> – real-time DNS-based visibility across distributed and remote networks.</li>
<li><strong>Zero-touch configuration</strong> – automatic DNS registration and resolution without manual setup.</li>
</ul>
<h2>What’s New in Zenarmor 2.2</h2>
<p>As of version 2.2, administrators can now define custom DNS servers and search domains for their secure networks. This new capability complements the built-in Zenarmor DNS service, allowing greater flexibility and control.</p>
<p>Key enhancements include:</p>
<ul>
<li><strong>Custom DNS Servers:</strong> Integrate with internal DNS resolvers or Active Directory-integrated namespaces for seamless name resolution between Zenarmor networks and existing infrastructure.</li>
<li><strong>Custom Search Domains:</strong> Add your own search domains alongside Zenarmor’s default *.zpeer.net, enabling consistent naming conventions across your enterprise.</li>
<li><strong>Hybrid Environment Support:</strong> Perfect for organizations running split environments (e.g., part on-premises, part cloud) that need consistent DNS behavior across both.</li>
</ul>
<h2>Benefits of Custom DNS Support</h2>
<p>This enhancement delivers a range of operational and security benefits:</p>
<h3>1. Improved Interoperability</h3>
<p>Integrate Zenarmor’s private overlay networks with existing enterprise DNS systems, Active Directory, or multi-cloud environments. This ensures seamless communication between Zenarmor-managed peers and legacy systems.</p>
<h3>2. Greater Administrative Control</h3>
<p>Organizations can now enforce custom DNS routing policies, align with internal naming conventions, and control where DNS queries are resolved, supporting privacy, compliance, and operational efficiency.</p>
<h3>3. Reduced Operational Overhead</h3>
<p>By allowing administrators to set DNS preferences once within Zenconsole, configurations are automatically propagated across all peers in the secure network, reducing manual configuration effort and preventing misalignment.</p>
<h3>4. Enhanced Security and Privacy</h3>
<p>Custom DNS settings can ensure that sensitive internal queries are resolved only within trusted internal DNS resolvers, preventing potential data leakage through external DNS lookups.</p>
<h2>How It Fits into our mission to deliver ONE.APP.SASE</h2>
<p>Zenarmor continues to redefine how enterprises approach network visibility, control, and zero-trust connectivity. By integrating DNS visibility into every peer and enabling administrators to merge it with existing DNS infrastructure, Zenarmor bridges the gap between network-level awareness and zero-trust simplicity.</p>
<p>This capability reinforces Zenarmor’s commitment to giving enterprises control without compromise, secure, private, and visible networking that can adapt to any environment, whether at the endpoint, edge, or cloud.</p>
<p>With the new DNS customization capability in Zenarmor 2.2, administrators gain the best of both worlds: Zenarmor’s built-in, zero-touch DNS visibility, combined with the flexibility to integrate with internal or hybrid DNS infrastructures.</p>
<p>It’s another step in Zenarmor’s mission to make secure, private networking simple, flexible, and fully visible, anywhere.</p>
<h2>DNS Support for Private Networks</h2>
<p>For full details on custom DNS servers and search domains, along with all other enhancements in this release, see the <a href="https://www.zenarmor.com/docs/releases/2.2">Zenarmor 2.2 Release Notes</a>.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-2-2-dns-integration.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Bringing it All Together: A Unified Experience in Zenconsole]]></title>
            <link>https://www.zenarmor.com/blog#bringing-it-all-together-a-unified-experience-in-zenconsole</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#bringing-it-all-together-a-unified-experience-in-zenconsole</guid>
            <pubDate>Tue, 09 Dec 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[Discover how we redesigned Zenconsole to bring everything together in one place, creating a unified experience that feels simpler, faster, and more connected for all your Zenarmor needs.
]]></description>
            <content:encoded><![CDATA[<p>At Zenarmor, we believe that cybersecurity should feel simple, not complicated. As our platform has grown, so has the way our users interact with it.</p>
<p>Zenconsole became the central place where teams monitored security, policies, and insights. In parallel, account and subscription tools lived in a separate interface built on the same backend platform.</p>
<p>As we listened to customers, one theme became clear: People loved the power of Zenconsole and wanted everything in one seamless flow.</p>
<p>This is the story of why we redesigned Zenconsole to bring everything together in one place, creating a unified experience that feels simpler, faster, and more connected.</p>
<h2>Why We Unified the Experience</h2>
<p>Rather than juggling separate views for operational tasks and account settings, users asked for a single, cohesive home where everything related to their Zenarmor experience lived together.</p>
<p>Our goals became clear:</p>
<ul>
<li>Bring all essential settings directly into Zenconsole</li>
<li>Ensure visual and functional consistency across every interaction</li>
<li>Create a smoother sense of continuity for daily workflows</li>
</ul>
<p>This wasn’t about correcting a flaw, it was about elevating convenience and strengthening the single-dashboard philosophy Zenconsole is known for.</p>
<h2>Our Approach</h2>
<p>We started by mapping the existing user flow for both environments. This helped us visualize the effort required for users to perform simple actions, such as updating their email or checking their subscription.</p>
<p>Once we had this baseline, we designed a new integrated “Profile &amp; Subscription” section inside Zenconsole. Our main design principles were:</p>
<ul>
<li><strong>Consistency:</strong> Reuse Zenconsole’s design system components.</li>
<li><strong>Clarity:</strong> Group profile, security, and subscription details logically.</li>
<li><strong>Continuity:</strong> Keep users in the same visual and functional environment.</li>
</ul>
<p>We also collaborated closely with the product and engineering teams to ensure that the new integration didn’t disrupt existing functionality.</p>
<h2>The Design Outcome</h2>
<p>The result is a unified and more intuitive experience. Now, users can:</p>
<ul>
<li>Update their profile, credentials, and contact information directly inside Zenconsole.</li>
<li>Manage their subscription plans directly within the same environment.</li>
<li>Use the consistent UI patterns, typography, and colors across all touchpoints.</li>
</ul>
<p>What previously operated as two separate windows into the same platform now feels like one seamless, cohesive experience.</p>
<h2>Reflections from the Design Process</h2>
<p>This project created a high-impact improvement that simplifies the daily experience. By bringing these settings into Zenconsole, we reduced friction, improved clarity, and strengthened the overall usability of the product.</p>
<h2>Closing</h2>
<p>We continuously improve Zenconsole based on user feedback and our mission to deliver a smooth, secure, and consistent experience. This is part of our ongoing commitment to making Zenarmor the simplest, most cohesive SASE experience for our users.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/unified-experience-zenconsole.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Introducing Automatic Failover Priority in Zenarmor 2.2: Smarter, Seamless Network Resilience]]></title>
            <link>https://www.zenarmor.com/blog#introducing-automatic-failover-priority-in-zenarmor-2-2</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#introducing-automatic-failover-priority-in-zenarmor-2-2</guid>
            <pubDate>Tue, 02 Dec 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[With Zenarmor 2.2, we introduce automatic failover priority for advertised secure private networks, improving network reliability and uptime across your secure overlay networks with simple, visual, and intuitive redundancy management.
]]></description>
            <content:encoded><![CDATA[<p>With Zenarmor 2.2, we’re excited to introduce automatic failover priority for advertised secure private networks, a significant enhancement that improves network reliability and uptime across your secure overlay networks. This new capability is now available directly within the Secure Networks section of Zenconsole, making redundancy management simple, visual, and intuitive.</p>
<h2>Why Network Resilience is Essential in the Distributed Workplace</h2>
<p>In distributed and hybrid environments, continuous access to private resources is essential. Whether traffic moves between branch offices, cloud workloads, or remote users, a single point of failure can stop productivity, often caused by PoP outages or VPN concentrator problems in traditional cloud-only SASE and VPN solutions, respectively.</p>
<p>Furthermore, without automated redundancy, you rely on manual reconfiguration or failover scripts when a gateway becomes unavailable, adding complexity and delay when uptime matters most.</p>
<p>Zenarmor SASE Anywhere Architecture™ already removes dependency on centralized cloud points of presence or traditional VPN concentrators, allowing direct P2P connectivity amongst peers. The new automatic failover priority feature builds upon this advantage, introducing intelligent route prioritization and dynamic resiliency across your secure private network.</p>
<h2>How It Works</h2>
<p>Within the Secure Networks UI, administrators can now:</p>
<ul>
<li>Advertise networks behind each peer gateway.</li>
<li>Assign failover priorities to those gateways.</li>
<li>Automatically reroute traffic if a higher-priority peer becomes unreachable.</li>
</ul>
<p>If one peer gateway experiences an outage or network disruption, Zenarmor automatically detects the outage and reroutes traffic to the next available peer, without user intervention.</p>
<p>This is achieved through Zenarmor’s lightweight Single-App, Single-Pass SASE engine, which continuously monitors peer health and dynamically adjusts routing paths in real time.</p>
<h2>Benefits of Automatic Failover</h2>
<h3>1. Enhanced Reliability</h3>
<p>Your secure overlay networks now remain resilient against outages. Connections stay alive, ensuring business continuity and a consistent user experience.</p>
<h3>2. Zero Manual Intervention</h3>
<p>Administrators no longer need to modify configurations or execute scripts to restore traffic flow. Zenarmor’s engine handles the transition automatically.</p>
<h3>3. Optimized Performance</h3>
<p>Traffic always follows the most reliable route available, minimizing latency and downtime.</p>
<h3>4. Seamless Multi-Cloud and Hybrid Support</h3>
<p>Whether your gateways reside on-premises, in private clouds, or across multiple providers, Zenarmor maintains a unified routing experience ideal for distributed and multi-cloud enterprises.</p>
<h3>5. Simplified Management</h3>
<p>From within Zenconsole’s single pane of glass, you can visualize peer status, failover order, and real-time network activity, all in one place.</p>
<p>Automatic failover priority in Zenarmor delivers smarter, self-healing connectivity for your secure private networks. It extends the Zenarmor vision of giving organizations complete control and visibility, without reliance on cloud backhauling or complex configurations.</p>
<p>Your secure private network just got more resilient, adaptive, and autonomous, because protection and connectivity shouldn’t stop when a gateway does.</p>
<p>For details of the release please check the documentation: <a href="https://www.zenarmor.com/docs/support/release-notes">Zenarmor SASE 2.2 Release</a></p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/automatic-failover-priority-zenarmor-2-2.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Introducing Enhanced Site-Specific TLS Inspection Control in Zenarmor 2.2]]></title>
            <link>https://www.zenarmor.com/blog#introducing-enhanced-site-specific-tls-inspection-control-in-zenarmor-2-2</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#introducing-enhanced-site-specific-tls-inspection-control-in-zenarmor-2-2</guid>
            <pubDate>Tue, 02 Dec 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[With the release of Zenarmor 2.2, we've expanded our TLS inspection capabilities to give administrators finer-grained control over encrypted traffic. You can now specify individual websites and domains where TLS inspection should be applied.
]]></description>
            <content:encoded><![CDATA[<p>With the release of Zenarmor 2.2, we’ve expanded our TLS inspection capabilities to give administrators finer-grained control over encrypted traffic. You can now specify individual websites and domains where TLS inspection should be applied, building upon our earlier version, which enabled inspection on a per-web-category basis.</p>
<p>This enhancement delivers greater flexibility and precision in securing encrypted traffic while maintaining optimal performance and privacy compliance.</p>
<h2>Background: The Growing Importance of TLS Inspection</h2>
<p>Today, over 95% of web traffic is encrypted. While encryption is vital for protecting data privacy, it also provides a convenient hiding place for cyber threats such as:</p>
<ul>
<li>Malware hidden within encrypted payloads.</li>
<li>Phishing sites use HTTPS to appear legitimate.</li>
<li>Data exfiltration via encrypted channels.</li>
</ul>
<p>Without TLS inspection, these threats remain invisible. TLS inspection allows Zenarmor to securely decrypt, analyze, and re-encrypt traffic in real time, uncovering malicious or policy-violating content before it reaches your users or systems.</p>
<p>Zenarmor’s integrated Secure Web Gateway (SWG) and Content Inspection engine, part of our Single-App, Single-Pass, Single-Stack approach, enable organizations to detect and block threats concealed within encrypted sessions, preserving visibility and control across distributed networks.</p>
<h2>What’s New in Version 2.2</h2>
<p>Previously, TLS inspection in Zenarmor could be applied based on web categories, such as “Social Media,” “Cloud Storage,” or “Finance.”</p>
<p>In version 2.2, administrators gain domain-level precision. You can now:</p>
<ul>
<li>Specify exact websites (e.g., <a href="http://example.com">example.com</a>, <a href="http://crm.company.net">crm.company.net</a>) for TLS inspection</li>
<li>Exclude trusted domains to maintain privacy or comply with regulations.</li>
<li>Create mixed policies that combine both category and site-based rules.</li>
</ul>
<p>This fine-tuned control helps maintain the perfect balance between security, performance, and privacy. For example, you might enable TLS inspection on file-sharing or unknown sites but skip it for banking or healthcare portals where sensitive data should remain untouched.</p>
<p><img src="https://www.zenarmor.com/images/blog/site-specific-tls-inspection-ui.png" alt="Site-Specific TLS Inspection UI within Zenconsole"></p>
<h2>Benefits of Granular TLS Inspection</h2>
<h3>1. Deep Threat Visibility</h3>
<p>Reveal malware, phishing, and data leaks hiding within encrypted traffic, the primary attack vector in modern cyber threats.</p>
<h3>2. Privacy-Aware Control</h3>
<p>Respect regulatory requirements and user privacy by excluding specific domains or services from inspection.</p>
<h3>3. Performance Optimization</h3>
<p>Avoid unnecessary decryption on high-volume, low-risk traffic, keeping inspection focused where it matters most.</p>
<h3>4. Unified Policy Management</h3>
<p>All inspection rules, whether site-based or category-based, are configured and monitored within the Zenconsole dashboard, providing a centralized view and effortless management across all enforcement points.</p>
<h3>5. Seamless Integration within Zenarmor SASE Anywhere Architecture™</h3>
<p>Because Zenarmor performs inspection locally, on the device, edge, or private gateway, there’s no need to backhaul traffic to a cloud POP. This ensures low latency, data sovereignty, and consistent protection everywhere.</p>
<p>Zenarmor’s enhanced TLS inspection capability represents another step in our mission to deliver enterprise-grade security and visibility, on your terms. By empowering administrators to apply inspection at both the category and domain level selectively, Zenarmor ensures you maintain the ideal balance of security, compliance, and user experience.</p>
<p>For details of the release please check the documentation: <a href="https://www.zenarmor.com/docs/support/release-notes">Zenarmor SASE 2.2 Release</a></p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/tls-inspection-zenarmor-2-2.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Introducing Real-Time File Scanning: Instant Protection, Zero Blind Spots]]></title>
            <link>https://www.zenarmor.com/blog#introducing-real-time-file-scanning-instant-protection-zero-blind-spots</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#introducing-real-time-file-scanning-instant-protection-zero-blind-spots</guid>
            <pubDate>Thu, 20 Nov 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[The latest update to Zenarmor's Policy UI brings Real-Time File Scanning, now accessible within the all-new Content Inspection tab. This feature ensures every file that moves through your network is scanned instantly for hidden threats.]]></description>
            <content:encoded><![CDATA[<p>The latest update to Zenarmor’s Policy UI brings a powerful new capability to your fingertips, Real-Time File Scanning, now accessible within the all-new Content Inspection tab. This feature takes Zenarmor’s already advanced inspection engine one step further, ensuring every file that moves through your network, whether it’s downloaded from the web, shared via cloud storage, or transferred internally, is scanned instantly for hidden threats.</p>
<h2>Why Real-Time File Scanning is Important</h2>
<p>As organizations continue to enable distributed work and cloud collaboration, file sharing has become one of the most common infection vectors for ransomware, trojans, and zero-day malware. Traditional security solutions often rely on delayed or periodic scanning, leaving small but critical exposure windows.</p>
<p>Zenarmor’s real-time file scanning closes that gap by analyzing files at the moment of transfer, before the user can open them.</p>
<p>Zenarmor supports the real-time inspection of common file types often used by bad actors to hide malicious payloads, including:</p>
<ul>
<li>PDF</li>
<li>Windows EXE (executable)</li>
<li>Linux ELF (executable)</li>
<li>MacOS Mach-O (executable)</li>
<li>Android Dex (executable)</li>
<li>ZIP</li>
<li>Web Assembly</li>
<li>Shell Script</li>
</ul>
<h2>How It Works</h2>
<p>By selecting the new Content Inspection tab in the policy creation interface in Zenconsole, administrators can easily enable or refine file-scanning policies as part of their broader Secure Web Gateway (SWG) or CASB rules.</p>
<ol>
<li>
<p>When a user initiates a file download, Zenarmor intercepts the transfer at the enforcement point, whether on the endpoint, edge, or cloud workload.</p>
</li>
<li>
<p>The file is scanned against multiple signature and heuristic engines in real time.</p>
</li>
<li>
<p>Suspicious or malicious files are blocked immediately, with the event logged and visible within your Zenconsole dashboard for instant review.</p>
</li>
</ol>
<p><img src="https://www.zenarmor.com/images/blog/real-time-file-scanning-config.png" alt="Real-time File Scanning configuration tab"></p>
<p><em>Figure 1: Real-time File Scanning configuration tab.</em></p>
<h2>Key Benefits</h2>
<ul>
<li>
<p><strong>Instant Threat Detection</strong> Block malware, ransomware, and zero-day payloads the moment they appear in transit.</p>
</li>
<li>
<p><strong>Unified Policy Control</strong> Manage file scanning, content filtering, and threat inspection all within a single, centralized policy UI.</p>
</li>
<li>
<p><strong>Applies Everywhere</strong> Protection follows the user, whether traffic flows through an endpoint, a gateway, or a cloud workload.</p>
</li>
<li>
<p><strong>No Latency Trade-Off</strong> Leveraging Zenarmor’s decentralized Single-App, Single-Pass, Single-Stack inspection model, files are scanned locally or as close to the data source as possible, avoiding cloud backhaul delays common with traditional cloud-only SASE providers.</p>
</li>
<li>
<p><strong>Complete Visibility</strong> Security events, user actions, and file scan results are displayed in real time on the Zenconsole dashboard.</p>
</li>
</ul>
<p>With Real-Time File Scanning, Zenarmor continues to push the boundaries of what’s possible in distributed network security. By integrating advanced content inspection directly into your policy framework, we’re helping security teams detect and stop threats instantly, before they become incidents.</p>
<p>Experience how Zenarmor SASE Anywhere Architecture™ delivers next-generation SASE protection without compromise.</p>
<p>For full details, see the <a href="https://www.zenarmor.com/docs/support/release-notes#21---october-07-2025">SASE 2.1 Release Notes</a>.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/real-time-file-scanning-thumbnail.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor SASE 2.2 Release - The Breakthrough Release for MSPs, MSSPs & ISPs: Delivering Full SASE Edges on Existing Gateways and CPEs]]></title>
            <link>https://www.zenarmor.com/blog#zenarmor-sase-2.2-release-for-msps-mssps-isps</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#zenarmor-sase-2.2-release-for-msps-mssps-isps</guid>
            <pubDate>Wed, 19 Nov 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[Zenarmor SASE 2.2 delivers full SASE edges on existing gateways and CPEs. With OpenWRT support, device posture checks, GEO-aware reporting, and more, this release empowers MSPs, MSSPs, and ISPs to deliver stronger enforcement, better visibility, and simpler operations.
]]></description>
            <content:encoded><![CDATA[<p>Enterprises, mid-market teams, and service providers all face the same challenge: securing more users, devices, and locations without adding more hardware, latency, or operational burden.</p>
<p><strong>Zenarmor SASE 2.2 release</strong> strengthens our SASE Anywhere Architecture&quot; with new capabilities that deliver stronger enforcement, better visibility, and simpler operations especially for MSPs, MSSPs, and ISPs/Telcos.</p>
<h2>1. OpenWRT Support: Turn Routers Into Full SASE Edges</h2>
<p>The headline feature in Zenarmor 2.2 release is native OpenWRT support.</p>
<p>Most ISP-provided routers and CPEs already run OpenWRT or a variant. Zenarmor can now be installed directly on those devices with no new hardware, no PoP dependency, and no traffic rerouting.</p>
<p><strong>For ISPs &amp; Telcos, this unlocks:</strong></p>
<ul>
<li>Offer SASE / cybersecurity as a value-added service on top of existing connectivity</li>
<li>Extend advanced security and reporting to SMB and mid-market customers without shipping a second box</li>
<li>Protect IoT and “unmanaged” devices that sit behind the router and can’t run an agent</li>
<li>Avoid backhauling traffic to a centralized PoP just to inspect it, keeping latency low and UX strong</li>
</ul>
<p><strong>For MSPs/MSSPs:</strong></p>
<p>Easier rollout of managed SASE, secure SD-WAN overlays, and IoT/OT protection on customer sites</p>
<p><strong>Bottom line:</strong> With the Zenarmor SASE Anywhere Architecture&quot;, OpenWRT support turns the already-deployed, widely used, low-cost router platform into a fully capable SASE edge at scale.</p>
<h2>2. Device Posture Check: Real Zero Trust Enforcement</h2>
<p>Traditional ZTNA policies look at who you are and where you are connecting from. Zenarmor 2.2 adds a crucial third dimension: what state your device is in right now.</p>
<p>Zenarmor 2.2 adds device posture verification into access decisions ensuring Zero Trust overlays only establish when the device is healthy and Zenarmor SSE protection is running.</p>
<p>This prevents “trusted but unprotected” endpoints from accessing sensitive environments and gives MSPs and ISPs a differentiated, posture-aware access service something traditional VPN/overlay tools cannot offer.</p>
<h2>3. GEO-Aware Reporting &amp; Data Residency</h2>
<p>Data residency is built-in by design.</p>
<p>When an organization is created, Zenarmor automatically keeps telemetry in-region (EU stays in EU, US stays in US).</p>
<p>This helps enterprises meet sovereignty expectations, and MSPs/ISPs avoid compliance risks across their multi-region customer base.</p>
<h2>4. Scheduled Reporting: One Report, Many Audiences</h2>
<p>Central teams can now generate organization-wide reports and schedule them for the right recipients:</p>
<ul>
<li><strong>Daily or hourly:</strong> Security operations</li>
<li><strong>Daily summaries:</strong> Executives</li>
<li><strong>Weekly/monthly:</strong> Compliance teams</li>
</ul>
<p>Perfect for MSPs/MSSPs managing multiple tenants and ISPs offering bundled security services.</p>
<h2>5. Precision Traffic Control: Site-Specific TLS &amp; Split DNS</h2>
<p>Not every customer wants “decrypt everything” TLS inspection. Many mid-market organizations and service providers want a more surgical approach and this capability was a direct customer request.</p>
<p><strong>Site-Specific TLS Inspection:</strong></p>
<p>Enable deep inspection only for selected domains ideal for high-risk targets or sensitive services without forcing decrypt-everything policies.</p>
<p><strong>Split DNS for ZTPA:</strong></p>
<p>Define internal domains and use internal DNS servers only for those, simplifying ZTNA/ZTPA app access and reducing manual DNS workarounds.</p>
<h2>6. Administrative Lock-Down on Endpoints</h2>
<p>Admins can now control:</p>
<ul>
<li>Whether users can uninstall the agent</li>
<li>Whether inspection can be disabled</li>
<li>Whether temporary bypass is allowed</li>
</ul>
<p>This is critical for MSPs and ISPs delivering managed security, and for mid-market enterprises preventing “shadow exceptions.”</p>
<h2>What Zenarmor 2.2 Means for You</h2>
<p><strong>For Mid-Market &amp; Enterprise:</strong></p>
<p>Stronger Zero Trust access, automatic data residency, role-appropriate reporting, and tamper-resistant endpoints.</p>
<p><strong>For MSPs/MSSPs:</strong></p>
<p>Differentiated SASE/SSE services, centralized reporting, posture-aware access, and controlled agent behavior at scale.</p>
<p><strong>For ISPs/Telcos:</strong></p>
<p>Instant SASE on existing OpenWRT-based CPEs, new revenue opportunities, and SASE benefits without traditional PoP architectures.</p>
<h2>Next Steps</h2>
<p>Existing customers and partners can now enable device posture checks, GEO-aware reporting, and OpenWRT deployments.</p>
<p><strong>MSPs, MSSPs, and ISPs:</strong> Contact our team for lighthouse implementations and packaging options for your customers.</p>
<p>Zenarmor’s ONE.APP. SASE&quot; already runs across every edge whether in the cloud, at the edge, or on endpoints and with the 2.2 release, that reach now extends to the edge gateways and routers already deployed in branches, customer sites, and home or home-office networks, delivering meaningful new value for ISPs, MSPs/MSSPs, and distributed enterprises worldwide.</p>
<p>For details of the release please check the documentation: <a href="https://www.zenarmor.com/docs/support/release-notes">Zenarmor SASE 2.2 Release</a></p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-sase-2.2-release.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Multi-Cloud. Zero Trust. Full Speed: Security Built for the FinTech Workforce]]></title>
            <link>https://www.zenarmor.com/blog#multi-cloud-zero-trust-full-speed</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#multi-cloud-zero-trust-full-speed</guid>
            <pubDate>Mon, 27 Oct 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[For today’s dispersed, hybrid FinTech organizations, existing network security risks are being elevated to an entirely new level.The FinTech revolution has brought incredible agility, but it’s also multiplied exposure.
]]></description>
            <content:encoded><![CDATA[<p>For today’s <strong>dispersed, hybrid FinTech organizations</strong>, existing network security risks are being elevated to an entirely new level.The FinTech revolution has brought incredible agility, but it’s also multiplied exposure.</p>
<p>Teams are distributed, developers are remote, and customers expect instant, friction-free access. Digital payments, embedded finance, and open APIs now connect users, partners, and codebases across every cloud.</p>
<p>This new reality expands the threat surface dramatically when employees work from home networks or developers disable VPNs to avoid latency, multiplying risk.</p>
<p>In 2024, the financial sector saw the <strong>highest average breach cost of any industry, $6.08 million per incident</strong> (IBM Cost of a Data Breach Report).</p>
<p>Performance isn’t just a user-experience issue anymore, it is a compliance and exposure issue.</p>
<h2>⚠️ <strong>Frustrated Users. Exposed Networks.</strong></h2>
<p>Even the most compliant architecture can fail when users lose patience with slow or unstable connections.</p>
<p>When VPNs or PoP-routed SASE paths lag, remote developers and employees often disconnect “just for a few minutes.”
That brief gap is enough to:</p>
<ul>
<li>Expose unencrypted sessions</li>
<li>Leave regulated workloads unmonitored</li>
<li>Create blind spots in SOC 2 / PCI-DSS controls</li>
</ul>
<p><strong>Each disconnect = an exponential jump in risk.</strong></p>
<h2><strong>The Modern FinTech Challenge</strong></h2>
<ul>
<li><strong>Multi-Cloud Sprawl</strong>: AWS, Azure, and GCP environments multiply security complexity.</li>
<li><strong>Remote &amp; Hybrid Teams</strong>: Developers, partners, and contractors connect from anywhere.</li>
<li><strong>Cloud Reliability Gaps</strong>: Outages like the recent AWS failure break relay-based security models.</li>
<li><strong>Regulatory Pressure</strong>: Financial data must remain sovereign and verifiable at all times.</li>
</ul>
<p>FinTech firms need <strong>protection that travels with the user</strong>, not one that collapses when the cloud does.</p>
<h2><strong>Where Zenarmor Redefines FinTech Security</strong></h2>
<p>Zenarmor’s <strong>Single-App, Single-Stack SASE</strong> delivers Zero Trust enforcement <strong>exactly where work happens</strong> at the endpoint, at the edge, and across any cloud.
No PoPs. No traffic leaving your control.</p>
<p><strong>Why it matters for FinTech:</strong></p>
<ul>
<li><strong>Performance without Risk</strong>: Local traffic inspection means users stay protected even during AWS or regional outages.</li>
<li><strong>Privacy by Design</strong>: No third-party routing or mirrored data, full sovereignty across jurisdictions.</li>
<li><strong>Zero Trust that Moves with Developers</strong>: Fine-grained, session-based access keeps APIs and transactions isolated and verified.</li>
<li><strong>Instant Deployment</strong>: Lightweight agents on Windows/macOS or cloud workloads enforce policy in minutes, not months.</li>
</ul>
<h2>🚀 <strong>Security That Keeps Up with FinTech Velocity</strong></h2>
<p>Zenarmor matches FinTech velocity with protection that never blinks.</p>
<p>By unifying ZTNA, FWaaS, CASB, and SWG into one inspection pass, Zenarmor cuts latency by up to 50× versus PoP-routed architectures.</p>
<p>Whether it is real-time fraud detection or trading apps where milliseconds matter, Zenarmor delivers line-rate security without friction.</p>
<p><strong>Zenconsole</strong> provides FinTech IT and compliance teams with:</p>
<ul>
<li>Centralized visibility across AWS, Azure, GCP, on-prem, branch, and remote environments</li>
<li>Pre-mapped policies for PCI DSS, SOC 2, and GLBA</li>
<li>Continuous posture and policy compliance monitoring even when disconnected</li>
</ul>
<h2><strong>Why FinTechs Choose Zenarmor</strong></h2>
<table class="fintechs-table">
  <thead>
    <tr>
      <th>Differentiator</th>
      <th>What It Delivers</th>
    </tr>
  </thead>
  <tbody>
    <tr>
      <td>
        Single-App, Single-Stack Architecture
      </td>
      <td>
        One unified engine for ZTNA + FWaaS + CASB + SWG; no stitching.
      </td>
    </tr>
    <tr>
      <td>
        Zero PoP Dependency
      </td>
      <td>
        Protection stays on even when the cloud goes off.
      </td>
    </tr>    
    <tr>
      <td>
        Bring Your Own Edge
      </td>
      <td>
        Deploy anywhere: remote, branch, or CI/CD environment.
      </td>
    </tr>    
    <tr>
      <td>
        Privacy-First Model
      </td>
      <td>
        All inspection and analytics stay local; data never leaves your control.
      </td>
    </tr>        
    <tr>
      <td>
        Simplified Economics
      </td>
      <td>
        Replace 5–7 tools and cut TCO by up to 50 %.
      </td>
    </tr>        
  </tbody>
</table>
<h2><strong>The Bottom Line</strong></h2>
<p>Remote and hybrid FinTech teams cannot afford to choose between speed and security.
Zenarmor delivers <strong>Zero Trust at full speed</strong> keeping users, data, and code secure wherever they run.</p>
<p><strong>Experience Zenarmor SASE</strong>
Built for FinTech. Designed for performance. Trusted everywhere.</p>
<style>
  
.fintechs-table {
  width: 100%;
  border-collapse: collapse;
  border: 1px solid gray;
}

.fintechs-table thead tr th {
  border: 1px solid gray;
  padding: 8px;
  text-align: left;
  color: #fafafa;
}

.fintechs-table tbody tr td {
  border: 1px solid gray;
  padding: 8px;
  color: #aaafb9;
}
</style>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/838x398-multi-cloud-zero-trust-full-speed.svg" length="0" type="image/svg"/>
        </item>
        <item>
            <title><![CDATA[Eliminating Legacy VPNs: How Zenarmor Powers Zero Trust for Healthcare]]></title>
            <link>https://www.zenarmor.com/blog#how-zenarmor-powers-zero-trust-for-healthcare</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#how-zenarmor-powers-zero-trust-for-healthcare</guid>
            <pubDate>Thu, 16 Oct 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[For years, healthcare organizations have relied on Virtual Private Networks (VPNs) to secure access between users and systems. While VPNs once played an important role by creating encrypted tunnels between endpoints, they were built for a different era, when networks were centralized and most users operated within hospital walls.
]]></description>
            <content:encoded><![CDATA[<p>For years, healthcare organizations have relied on Virtual Private Networks (VPNs) to secure access between users and systems. While VPNs once played an important role by creating encrypted tunnels between endpoints, they were built for a different era, when networks were centralized and most users operated within hospital walls.</p>
<p>Today’s healthcare environment looks very different. Large medical campuses are connected to regional clinics, local doctors’ offices, imaging centers, and remote staff, many of which have limited or no dedicated IT teams. Add in stringent requirements for HIPAA compliance, and it is clear: VPNs can no longer keep up.</p>
<h2>Why Legacy VPNs Put Healthcare at Risk</h2>
<p>Traditional VPNs reinforce the outdated <strong>“castle-and-moat” model</strong>: protect the perimeter, trust what is inside. Once a user or vendor connects via VPN, they often gain broad network access, far beyond what they need.</p>
<p>This creates dangerous vulnerabilities:</p>
<ul>
<li>
<p><strong>Credential compromise = full network exposure</strong>
If VPN credentials are stolen, attackers can move laterally into sensitive systems, from operating rooms to HR databases.</p>
</li>
<li>
<p><strong>Limited visibility</strong>
VPNs provide little to no insight into application-level activities, making threat detection and policy enforcement nearly impossible.</p>
</li>
<li>
<p><strong>Prime ransomware targets</strong>
VPN vulnerabilities accounted for <strong>32.2% of healthcare data breaches involving third-party compromises</strong>.</p>
</li>
<li>
<p><strong>Operational overhead</strong>
Managing hardware, licenses, and multiple VPN instances is costly and complex, especially for smaller clinics with lean IT staff.</p>
</li>
</ul>
<p>In short: VPNs increase compliance risk while draining resources.</p>
<h2>Why Zenarmor’s ZTNA Is the Better Path</h2>
<p>Zenarmor replaces fragile VPNs with <strong>Zero Trust Network Access (ZTNA)</strong>, a modern, integrated approach within our Secure Access <strong>Service Edge (SASE)</strong> solution. Based on the principle of “never trust, always verify”, ZTNA continuously authenticates and authorizes every user, device, and session before granting access.</p>
<p>This ensures HIPAA compliance is baked into every connection, across every site.</p>
<h2>How Zenarmor Strengthens Healthcare Compliance</h2>
<p>Zenarmor’s <strong>single-app, single-stack SASE architecture</strong> with <strong>shift-left security and zero PoP dependence</strong> delivers security where it matters most: close to users, devices, and applications, without forcing traffic through third-party data centers.</p>
<p>Here’s what sets it apart:</p>
<ul>
<li>
<p><strong>Zenarmor Deploy-Anywhere SASE™ Platform</strong>
Deploy Zenarmor at hospitals, clinics, or directly on Windows/Mac endpoints. Smaller sites get enterprise-grade security instantly, no costly appliances or PoP backhauling.</p>
</li>
<li>
<p><strong>Granular, application-specific access</strong>
Users only connect to the specific apps and data they need, aligning with HIPAA’s least-privilege requirements.</p>
</li>
<li>
<p><strong>Micro-segmentation</strong>
Breaks networks into secure zones, limiting lateral movement and shrinking the “blast radius” of any breach, directly supporting new HIPAA security recommendations.</p>
</li>
<li>
<p><strong>End-to-end encryption</strong>
Protects ePHI as it travels between users, devices, and applications, ensuring compliance with HIPAA safeguards for data in transit.</p>
</li>
<li>
<p><strong>Visibility and auditability</strong>
Unlike VPNs, Zenarmor logs and inspects every session. Compliance officers gain real-time visibility, continuous monitoring, and enforceable audit controls.</p>
</li>
</ul>
<h2>The Result: Secure, Compliant, Cost-Effective</h2>
<p>By adopting Zenarmor’s ZTNA as part of a modern SASE strategy, healthcare providers can:</p>
<ul>
<li>Retire outdated VPNs and their operational overhead</li>
<li>Apply consistent security across dispersed facilities</li>
<li>Reduce capital costs while improving compliance posture</li>
<li>Empower even the smallest clinic to be protected in minutes</li>
</ul>
<p>Zenarmor gives healthcare organizations the confidence to scale, connect, and innovate, without compromising compliance or patient safety.</p>
<p><strong>Let Zenarmor power your migration off legacy VPNs.</strong></p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/366x215-how-zenarmor-powers-zero-trust-for-healthcare.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor SASE 2.1 Release: Powerful New Upgrades for Our Partners]]></title>
            <link>https://www.zenarmor.com/blog#zenarmor-sase-2.1-release</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#zenarmor-sase-2.1-release</guid>
            <pubDate>Tue, 07 Oct 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[We are thrilled to announce that the Zenarmor SASE 2.1 release officially went live yesterday, Monday, October 6th, 2025. This release delivers a redesigned Zenconsole, major Zero Trust upgrades, and important backend changes that partners should prepare for.
]]></description>
            <content:encoded><![CDATA[<p>We are thrilled to announce that the <strong>Zenarmor SASE 2.1 release officially went live yesterday, Monday, October 6th, 2025</strong>. This release delivers a redesigned Zenconsole, major Zero Trust upgrades, and important backend changes that partners should prepare for.</p>
<h2>What’s New in the Zenarmor SASE 2.1 Release</h2>
<p>🌐 <strong>Android Support for ZTPA</strong></p>
<p>Zero Trust Private Access now extends to mobile users for secure, seamless connectivity anywhere.</p>
<p>📦 <strong>New ZTPA Subscription Tier</strong></p>
<p>SD-WAN and ZTNA bundled into one streamlined package—simplifying deployment and licensing.</p>
<p>🛠 <strong>Unified Organization Subscription</strong></p>
<p>Run multiple services (SSE, ZTPA, SASE) under a single subscription for easier scaling and centralized control.</p>
<p>🛡 <strong>Inline File Scanning</strong></p>
<p>Real-time malware inspection of downloaded files (SSE and SASE tiers) for stronger protection.</p>
<p>📲 <strong>MDM Deployment Support</strong></p>
<p>Seamless rollout via Microsoft Intune, JAMF, and Chocolatey (SSE and SASE tiers).</p>
<p>🔑 <strong>Enhanced Authentication</strong></p>
<p>“Built-in Authentication” is now <strong>Zenconsole Authentication</strong>, with:</p>
<ul>
<li>Google and Microsoft login options</li>
<li>Two-Factor Authentication (2FA)</li>
<li>Support for multiple org admins and users</li>
</ul>
<h2>A New Zenconsole Experience</h2>
<p>Zenconsole is now management-first:</p>
<ul>
<li><strong>Before</strong>: Users landed on account settings, then clicked into “My Firewalls.”</li>
<li><strong>Now</strong>: Users land directly on the dashboard for firewalls, nodes, and organizations.</li>
</ul>
<p>Account &amp; subscriptions remain accessible under “Account” in the top right.
This change streamlines workflows, making administration faster and more intuitive.</p>
<h2>Backend Update</h2>
<p>With the Zenarmor SASE 2.1 release, support for Elasticsearch 5 and MongoDB backends is discontinued. Customers using these legacy systems must migrate to the supported stack before upgrading.</p>
<p>👉 <strong>Partners</strong>: Please check customer environments and plan migrations early.</p>
<h2>Next Steps for Partners</h2>
<p>To ensure a smooth rollout:</p>
<ul>
<li>Get familiar with the new Zenconsole flow</li>
<li>Highlight Android ZTPA and MDM deployment as key benefits for remote workforces</li>
<li>Emphasize the new authentication options as a major security upgrade</li>
<li>Audit deployments for Elasticsearch 5 or MongoDB and prepare transition paths</li>
</ul>
<h2>Release Availability</h2>
<p>The Zenarmor SASE 2.1 release <strong>went live yesterday, Monday, October 6th, 2025.</strong></p>
<p>Thank you for partnering with us to deliver the Zenarmor Deploy-Anywhere SASE™ Platform experience. For questions, please reach out to your Account Executive or Zenarmor Support.</p>
<p>For details of the release please check the documentation: <a href="https://www.zenarmor.com/docs/support/release-notes">https://www.zenarmor.com/docs/support/release-notes</a></p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/366x215-sase-2.1-release.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[Some Great News! 🎉]]></title>
            <link>https://www.zenarmor.com/blog#sinet16-innovator-award-2025</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#sinet16-innovator-award-2025</guid>
            <pubDate>Fri, 03 Oct 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[We are excited to announce that Zenarmor has advanced to the Final Round of the 2025 SINET16 Innovator Award!🏆
]]></description>
            <content:encoded><![CDATA[<p>We are excited to announce that <strong>Zenarmor has advanced to the Final Round of the 2025 SINET16 Innovator Award!</strong> 🏆</p>
<p>The <strong>#SINET16 Innovator Award</strong> is one of the most prestigious recognitions in cybersecurity, celebrating emerging companies that are driving true innovation in the field. Among hundreds of applicants, Zenarmor was selected to advance to the final round, a powerful testament to the dedication and vision of our team in building something truly unique in the SASE space.</p>
<p>Each year, the SINET16 Innovators are evaluated and selected by an esteemed <strong>SINET Judging Committee</strong>, which consists of <strong>over 100 industry experts</strong>. Companies are chosen based on cumulative scoring associated with:</p>
<ul>
<li><strong>The urgency</strong> in the marketplace for their products and solutions</li>
<li><strong>The innovation and uniqueness</strong> of their technologies</li>
<li><strong>How well their solutions solve</strong> real and significant cybersecurity problems</li>
<li><strong>Competitive advantages</strong> over other offerings</li>
<li><strong>Ability to succeed</strong> based on product readiness, capital, and leadership strength</li>
</ul>
<p>The winners will be revealed <strong>live on stage at #SINET New York on October 7, 2025</strong>. This honor not only validates our approach but also gives us an incredible opportunity to share our mission and story on a global stage.</p>
<p>This milestone is both recognition and inspiration. It shows that our <strong>single-app, single-stack, zero-PoP SASE architecture</strong> is resonating with the industry and we are only getting started. 🚀</p>
<p>👉 Learn more about the #SINET16 Innovator Award and its distinguished judging committee <a href="https://www.security-innovation.org/sinet16-award/steering/" target="_blank">here</a></p>
<p><strong>Join us on this journey and see why Zenarmor is redefining the future of SASE.</strong></p>
<p>#SASE #Cybersecurity #ZeroTrust #Innovation #SINET16</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/366x215-sinet16-innovator-award-2025.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Securing Healthcare in a Dispersed World: Why Compliance Can’t Wait]]></title>
            <link>https://www.zenarmor.com/blog#securing-healthcare-in-a-dispersed-world-why-compliance-cant-wait</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#securing-healthcare-in-a-dispersed-world-why-compliance-cant-wait</guid>
            <pubDate>Thu, 02 Oct 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[Healthcare systems today don’t operate within the walls of a single hospital. They are dispersed networks, spanning large hospital campuses, regional clinics, outpatient centers, imaging facilities, and even physicians’ home offices. Add in mobile nurses, third-party specialists, and remote administrative staff, and you have one of the most complex IT landscapes of any industry.
]]></description>
            <content:encoded><![CDATA[<p>Healthcare systems today don’t operate within the walls of a single hospital. They are dispersed networks, spanning large hospital campuses, regional clinics, outpatient centers, imaging facilities, and even physicians’ home offices. Add in mobile nurses, third-party specialists, and remote administrative staff, and you have one of the most complex IT landscapes of any industry.</p>
<p>This distributed reality brings lifesaving care closer to patients, but it also creates a compliance and security nightmare.</p>
<h2>The Compliance Burden in a Dispersed Environment</h2>
<p>Healthcare is one of the most heavily regulated industries. Standards like <strong>HIPAA, HITECH, and SOC 2</strong> are designed to safeguard protected health information (PHI), but compliance assumes consistent, airtight security controls across the entire system. That is nearly impossible when your environment is fractured.</p>
<p>Here is why:</p>
<ul>
<li>
<p><strong>Every new endpoint is a risk</strong>
Each clinic, laptop, or mobile device connecting into your network must handle PHI securely. One weak link, an unpatched device, a misconfigured VPN, or unsecured Wi-Fi, can put the entire system out of compliance.</p>
</li>
<li>
<p><strong>Legacy VPNs widen the attack surface</strong>
VPNs were built for perimeter security, not for today’s cloud-first, dispersed environments. Once inside, a user (or attacker with stolen credentials) often has broad access across systems, violating the principle of least privilege.</p>
</li>
<li>
<p><strong>Inconsistent security postures</strong>
A major hospital might have advanced intrusion detection, while a small rural clinic relies on consumer-grade firewalls. Regulators don’t care about those differences: if PHI is exposed anywhere, the entire healthcare system is liable.</p>
</li>
<li>
<p><strong>High-value target for attackers</strong>
Patient records fetch up to 10x more on the black market than credit card data. Healthcare systems, especially those with dispersed environments, are irresistible targets.</p>
</li>
</ul>
<h2>The Stakes for Healthcare Organizations</h2>
<p>When compliance fails, the consequences are severe:</p>
<ul>
<li><strong>Financial penalties:</strong> HIPAA fines can exceed $50,000 per violation.</li>
<li><strong>Operational disruption:</strong> Ransomware shutting down access to EMRs or imaging systems can halt patient care.</li>
<li><strong>Reputational damage:</strong> Patients expect their most sensitive data to remain private—any breach erodes trust.</li>
</ul>
<p>For IT and compliance leaders, the dispersed environment is no longer just a logistical challenge. It is the frontline of patient safety and regulatory survival.</p>
<h2>The Zenarmor Difference</h2>
<p>This is where Zenarmor comes in. Healthcare IT no longer has to choose between security, compliance, and care delivery speed.</p>
<p>Zenarmor delivers the industry’s first <strong>single-app, single-stack SASE architecture</strong>, designed to shift-left network security with zero dependence on PoPs. Instead of routing sensitive healthcare traffic through third-party data centers, Zenarmor enforces security and compliance controls as close to the user and device as possible.</p>
<p>What this means for healthcare systems:</p>
<ul>
<li>
<p><strong>Consistent compliance across dispersed sites:</strong> From flagship hospitals to rural clinics, Zenarmor applies uniform policies everywhere, removing the compliance blind spots legacy VPNs leave behind.</p>
</li>
<li>
<p><strong>Granular Zero Trust access:</strong> Clinicians, administrators, and third-party providers get only the access they need, reducing lateral movement risk.</p>
</li>
<li>
<p><strong>Simplified IT operations:</strong> Lean IT teams gain centralized visibility and control without standing up complex infrastructure.</p>
</li>
<li>
<p><strong>No PoP reliance:</strong> Healthcare traffic stays under your governance, reducing latency for critical applications like EMR, PACS, and telehealth.</p>
</li>
</ul>
<h2>The Path Forward</h2>
<p>Dispersed environments aren’t going away in healthcare, they are only expanding. To stay compliant and protect patient trust, organizations need a security model that is as distributed and flexible as their care delivery networks.</p>
<p>Zenarmor’s <strong>single-app, single-stack SASE architecture while uniquely supporting shift-left network security with absolutely zero dependence on PoPs</strong> gives healthcare providers the confidence to scale, connect, and innovate without compromising compliance or patient safety.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/366x215-securing-healthcare-in-a-dispersed-world-why-compliance-cant-wait.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[The Hidden Risks of Cloud SASE Solutions That No One Talks About]]></title>
            <link>https://www.zenarmor.com/blog#the-hidden-risks-of-cloud-sase-solutions-that-no-one-talks-about</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#the-hidden-risks-of-cloud-sase-solutions-that-no-one-talks-about</guid>
            <pubDate>Tue, 22 Jul 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[SASE has gained popularity quickly in recent times, and for good reason. It offers centralized control, cloud delivered security, and seamless security, and. All sounds too good to be true?
]]></description>
            <content:encoded><![CDATA[<p>Why shared infrastructure isn’t always the safe bet it’s made out to be</p>
<p>SASE has gained popularity quickly in recent times, and for good reason. It offers centralized control, cloud delivered security, and seamless security, and. All sounds too good to be true?</p>
<p>Perhaps.</p>
<p>For many businesses, SASE does provide the security they are looking for, at least initially. But the common misconception is that SASE must be cloud-native. The truth - SASE is a framework. And it does not have to be tied to the cloud. Additionally, like with everything else, there is a downside to cloud-only SASE as well.</p>
<h2>Single Point of Failure on the Cloud</h2>
<p>Most mainstream SASE vendors run on shared cloud infrastructure. The downside? When something goes wrong in that shared environment, an outage, misconfiguration, or attack, not just one tenant is affected but potentially thousands. You’re entrusting your data’s safety to systems that others depend upon as well.</p>
<p><strong>This kind of dependency on centralized, multi-tenant infrastructure doesn’t just increase exposure it amplifies the blast radius when things go wrong.</strong></p>
<p>A telling example is the Azure Active Directory outage in 2020. A misconfiguration in Azure AD triggered a system-wide failure that prevented users from accessing key Microsoft services including Azure Portal, Microsoft Teams, Microsoft 365 for nearly three hours. This was not the result of a cyberattack, but a simple technical error within the cloud provider’s shared infrastructure. Yet the consequences were global. Millions of organizations were simultaneously locked out of critical services, demonstrating how a single vendor-side issue can cascade across all tenants.</p>
<p><strong>Zenarmor Plug. SASE. Everywhere. Model: Resilience without the Risks</strong></p>
<p>Zenarmor has a different approach. Each instance runs independently. That way, risk is contained to one tenet/instance and doesn’t travel across the network.</p>
<h2>Shared IPs mean Shared Risks</h2>
<p>Many SASE solutions used shared PoPs with shared public IP addresses. If one customer or system gets flagged for abuse, it results in all customers on the same IP getting affected. This can quickly snowball into something bigger - the entire IP can get blacklisted, you lose access to critical services, web traffic gets throttled, emails bounce - the works. When external services get blocked, you risk reputational harm, and your business loses credibility.</p>
<p>Issues like this disrupts continuity and increase user friction. You end up paying the price for someone else’s mistake, and your business suffers.</p>
<p><strong>Zenarmor gives you control over your network and IP addresses</strong></p>
<p>No matter where you are deployed - cloud, on-premise, or directly on the tenants, you will never have to share public IPs with other tenants. No more risk of your IP getting blocked due to someone else’s actions, and no more business disruptions.</p>
<h2>Centralized inspection creates bottlenecks</h2>
<p>Cloud SASE providers often route all traffic through centralized Points of Presence (PoP). While that sounds efficient, it creates new problems:</p>
<ul>
<li>Latency, because traffic detours through a distant PoP</li>
<li>Dependency, because if the PoP goes down, your security does too</li>
<li>Congestion, as inspection queues get overloaded</li>
</ul>
<p><strong>Zenarmor makes every device its own mini security hub</strong></p>
<p>Routing all traffic through shared infrastructure and centralized Points of Presence (PoP), creating bottlenecks, increasing latency, and introducing potential single points of failure. <strong>Zenarmor takes a different path</strong>. With its <strong>Plug and Secure</strong> approach, Zenarmor delivers full security enforcement at the edge, on-premises, or directly on the endpoint without relying on a centralized cloud architecture. With Zenarmor, <strong>each device or site becomes its own inspection point</strong>. Whether it’s a remote branch or a single endpoint, security happens right there.</p>
<p>This gives you faster performance, stronger isolation, and better resilience.</p>
<h2>Legal and Compliance Issues</h2>
<p>No one wants to be slapped with a regulatory fine. In the current time, regulations like GDPR, HIPAA, CCPA,  are coming down hard on non-compliant organisations. In recent times, many global enterprises have faced regulatory fines, to the tune of many millions - for instance, TD Bank ($3.09B) in US, Meta (€1.2B) and Amazon (€746M) in Europe - these were GDPR fines levied on companies globally, in 2024 for non-compliance.</p>
<p>With traditional SASE, you do not have enough visibility or control over your traffic, leaving you more vulnerable to risks.</p>
<p><strong>Zenarmor processes traffic locally - within your own infrastructure</strong></p>
<p>With Zenarmor, you have full control and visibility over where your traffic is inspected and stored. This makes audits and checks easier and also mitigates risks - related to data security or compliance.</p>
<p>Because Zenarmor is compliant by design, it gives you the following benefits:</p>
<ul>
<li><strong>Data localization</strong>: you decide exactly which region or jurisdiction processes your traffic.</li>
<li><strong>Configurable data retention</strong>: customizable logs and metadata policies to meet specific regulatory or internal compliance needs.</li>
<li><strong>Zero shared infrastructure</strong>: no shared PoPs or IP pools means no unexpected data exposure.</li>
</ul>
<h2>Vendor Lock-ins Limit your Flexibility; Increase Costs</h2>
<p>Choosing a vendor is often a time-consuming and expensive process. Once you have committed to a cloud-SASE solution, it is hard to back out - you have limited flexibility, are tied to their processes, limitations and roadmaps. As a result, it becomes hard to scale, integrate their solutions to your infrastructure and get it running.</p>
<p><strong>Zenarmor is Modular, Flexible and Vendor Agnostic</strong></p>
<p>You can run Zenarmor on any device or any environment, be it your private data center or public cloud. You get full API access and it integrates well with the tools you are already using.</p>
<h2>No Single-Point-of-Failure</h2>
<p>With cloud-only SASE, all networks go through the vendor’s infrastructure, which of course, is risky. Because no matter what ‘uptime’ your vendor guarantees, there is still a possibility of something going wrong - and if something does go wrong with the vendor’s network, your network goes down too. This creates bottlenecks, affects the overall experience, and adds to your ‘hidden cost’ of doing business.</p>
<p><strong>Zenarmor is Distributed by Design</strong></p>
<p>Zenarmor ensures each site or device is handled locally. The security policies and real-time inspection you need, is all built-in, giving you peace of mind. No more relying on external factors for your security and efficiency.</p>
<h2>Cloud-Only SASE is Risky - Zenarmor Gives you the Control you Need</h2>
<p>For all the benefits of centralization that SASE provides, it does expose your organisation to significant risks. Zenarmor flips that model on its head - it helps you achieve all the benefits of SASE - visibility, inspection, policies, without giving up control or reliability.</p>
<p>If you are considering adopting a SASE solution, check out how Zenarmor may do all that, and more. Speak to us today, or <a href="https://dash.zenarmor.com/firewalls/register/new-user">try it out for free</a>, for a limited time.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/366x215-the-hidden-risks-of-cloud-sase-solutions-that-no-one-talks-about.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Managing Zenarmor at Scale with Microsoft Intune and Jamf]]></title>
            <link>https://www.zenarmor.com/blog#managing-zenarmor-at-scale-with-microsoft-intune-and-jamf</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#managing-zenarmor-at-scale-with-microsoft-intune-and-jamf</guid>
            <pubDate>Thu, 17 Jul 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[Managing security across a distributed workforce is a constant challenge. With employees using a mix of macOS and Windows devices from various locations, IT teams need a reliable way to ensure every endpoint is protected and updated without relying on manual installs or user action.
]]></description>
            <content:encoded><![CDATA[<p>Managing security across a distributed workforce is a constant challenge. With employees using a mix of macOS and Windows devices from various locations, IT teams need a reliable way to ensure every endpoint is protected and updated without relying on manual installs or user action.</p>
<p>Zenarmor Deploy-Anywhere SASE™ Platform, now with support for Microsoft Intune, and Jamf, makes flexible, at-scale deployment a reality. It integrates seamlessly into your existing device management workflows, allowing IT teams to push and manage Zenarmor to endpoint devices using the tools they already trust.</p>
<p>An MDM platform does more than simplify device management. It enables security to scale with your organization. As your workforce grows and becomes more distributed, Zenarmor’s integration with MDM tools allows you to deploy advanced network protection across thousands of macOS and Windows devices with ease.</p>
<p><strong>For Windows environments, Zenarmor also supports deployment via Chocolatey</strong>, a popular package manager used by many system administrators to automate software installation at scale.</p>
<p>To help you get started quickly, we’ve created short step-by-step videos showing exactly how to deploy Zenarmor using Microsoft Intune and Jamf:</p>
<p><a href="https://youtu.be/qLReory2I4k">Deploy Zenarmor application to macOS devices using Microsoft Intune MDM</a>{target=“_blank”}</p>
<p><a href="https://youtu.be/rZHQ3IBWSuA">Deploy Zenarmor application to Windows devices using Microsoft Intune MDM</a>{target=“_blank”}</p>
<p><a href="https://youtu.be/o6pgunVP2ZY">How to Deploy Zenarmor on macOS Devices via Jamf MDM</a>{target=“_blank”}</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/366x215-managing-zenarmor-at-scale-with-microsoft-intune-and-jamf.svg" length="0" type="image/svg"/>
        </item>
        <item>
            <title><![CDATA[Regaining Control: How to Restore Visibility in Hyper-Distributed Networks]]></title>
            <link>https://www.zenarmor.com/blog#regaining-control-how-to-restore-visibility-in-hyper-distributed-networks</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#regaining-control-how-to-restore-visibility-in-hyper-distributed-networks</guid>
            <pubDate>Wed, 09 Jul 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[Everyone knows enterprise traffic is no longer confined to data centers or VPN tunnels.
]]></description>
            <content:encoded><![CDATA[<p>Everyone knows enterprise traffic is no longer confined to data centers or VPN tunnels.</p>
<p>It’s dispersed, encrypted, and routed through a complex chain of SaaS platforms, third-party APIs, and devices. But here’s the challenge: security teams haven’t been given the visibility to match this new world.</p>
<h2>Visibility Gap is a Growing Risk</h2>
<p>Traditional security tools were designed for perimeter-based systems. They function well when traffic goes through a few key points, like firewalls, proxies, and gateways. However, in today’s hybrid environments, much of that traffic bypasses IT-controlled infrastructure.</p>
<p>As a result:</p>
<ul>
<li>East-west traffic in distributed environments often goes unnoticed.</li>
<li>Shadow IT, which includes unauthorized apps and services, operates without detection.</li>
<li>Encrypted traffic prevents inspection tools from working effectively.</li>
<li>SaaS usage is increasing rapidly, but there is little clarity on data access and movement.</li>
</ul>
<p>Effectively, <strong>you cannot protect what you cannot see</strong>.</p>
<h2>How Zenarmor Closes the Gap</h2>
<p>Zenarmor is designed to restore visibility in today’s modern, distributed environments. It doesn’t depend on network chokepoints or outdated taps. Instead, it provides inline inspection directly at the endpoint; this way, it captures traffic from its source.</p>
<p>Here are some key technical features that help security teams regain control:</p>
<p><strong>North-South and East-West Visibility</strong></p>
<p>Whether traffic is coming in and out of your network (north-south) or moving between hosts and workloads within your environment (east-west), Zenarmor captures and analyzes it in real time. This is especially important in cloud-first environments where lateral movement is harder to detect.</p>
<p><strong>Application-Aware Traffic Inspection</strong></p>
<p>Zenarmor applies Layer 7 deep packet inspection (DPI) to recognize applications irrespective of port or protocol. This allows you to distinguish approved apps (like Google Drive) from unapproved ones (like personal Dropbox or Telegram sessions), even in encrypted flows.</p>
<p><strong>Shadow IT Discovery</strong></p>
<p>By analyzing app usage at the packet level, Zenarmor finds tools and services that are used outside your approved stack; this includes unauthorized CRM tools, personal cloud storage, or collaboration apps. This gives IT teams the power to enforce policies without limiting productivity.</p>
<p><strong>Granular Policy Enforcement</strong></p>
<p>Visibility is only valuable if you can act on it. Zenarmor allows teams to enforce policies based on app category, location, or protocol; for example, it can block high-risk file-sharing apps, restrict access to known malware domains.</p>
<h2>Why This Matters</h2>
<p>In today’s fragmented security landscape, visibility is not optional, it is essential. Without it, even the best detection and response tools work with blind spots.</p>
<p>Zenarmor helps security teams regain that critical control, regardless of where users are and how they operate.</p>
<p>If you can’t see it, you can’t secure it.</p>
<p>Reach out to us today to know more about Zenarmor, or try it out for yourself.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/regaining-control-how-to-restore-visibility-in-hyper-distributed-networks-v2.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[A Walkthrough of Zenarmor SASE 2.0]]></title>
            <link>https://www.zenarmor.com/blog#walkthrough-of-zenarmor-sase-2-0</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#walkthrough-of-zenarmor-sase-2-0</guid>
            <pubDate>Mon, 30 Jun 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[Secure Access Service Edge, or SASE (pronounced “sassy”) was coined by the research firm Gartner in 2019 to describe a set of solutions to better protect the modern workforce. User traffic patterns shifted from occasional internet usage to being reliant on it for connectivity to the cloud and Software as a Service (SaaS) applications like Microsoft Office 365, Salesforce, Slack, and more.
]]></description>
            <content:encoded><![CDATA[<h2>SASE - What is it and why is it growing so quickly?</h2>
<p>Secure Access Service Edge, or SASE (pronounced “sassy”) was coined by the research firm Gartner in 2019 to describe a set of solutions to better protect the modern workforce. User traffic patterns shifted from occasional internet usage to being reliant on it for connectivity to the cloud and Software as a Service (SaaS) applications like Microsoft Office 365, Salesforce, Slack, and more.</p>
<p>SASE is a combination of previously separate solutions to provide efficiency and security for modern users, like Software Defined WAN (SD-WAN) to intelligently route traffic and multiple security solutions like Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), and more.</p>
<p>Although initial adoption was slow, the onset of the global pandemic in early 2020 dramatically accelerated the need for SASE. Organizations were forced to rapidly adapt to distributed
workforces, making flexible, scalable security frameworks like SASE essential.</p>
<p>In this blog post, we’ll walk you through Zenarmor SASE 2.0, a next-generation implementation of SASE that takes the concept further by eliminating cloud backhauling, supporting distributed inspection, and offering a true plug-and-secure experience anywhere, anytime.</p>
<h2>Early SASE Solution Providers</h2>
<p>As security and connectivity challenges arose in this “new normal”, SASE solution providers helped address the issues that companies and users faced.</p>
<p>As user traffic shifted to the cloud and SaaS, SASE providers provided cloud-based Points of Presence (POPs) to steer user traffic, inspect it, and connect users to their cloud applications.</p>
<p>This allowed SASE providers to provide additional security for remote users and replace older VPN-based solutions, but they also introduced some new challenges and brought new limitations.</p>
<p>With many of the leading SASE solution providers focused on cloud-based connectivity through their own Points of Presence, customers had to send all of their traffic through their SASE provider’s cloud for inspection and routing. This introduced additional latency, added asynchronous (suboptimal) routing paths, and left organizations with limited visibility and control over where their  data was being routed.</p>
<h2>Redefining SASE with Zenarmor Deploy-Anywhere SASE™ Platform: Zenarmor SASE 2.0</h2>
<p>Zenarmor SASE 2.0 represents the next evolution of Secure Access Service Edge, reimagined for a hyper-distributed world. With our <strong>Zenarmor Deploy-Anywhere SASE™ Platform</strong>, Zenarmor brings security and control directly to where your users and devices are, eliminating the need for backhauling traffic through centralized cloud infrastructure. This architecture delivers ultra-low latency, effortless deployment, and complete visibility into your traffic.</p>
<p>Protecting your environment has never been simpler or more effective. Let’s take a closer look at each of the core components of Zenarmor SASE 2.0:</p>
<h2>ZTNA</h2>
<p>Zero Trust Network Access (ZTNA) means that we trust nothing by default. Users and their application access requests must be authenticated and connections are encrypted. With granular access control, your users access only what they need and nothing more. Additionally, potential attackers can’t perform any lateral movement on the network since they won’t be authenticated nor authorized.</p>
<p>Zero Trust Network Access (ZTNA) means that we trust nothing by default. Users and their application access requests must be authenticated and connections are encrypted. With granular access control, your users access only what they need and nothing more. Additionally, potential attackers can’t perform any lateral movement on the network since they won’t be authenticated nor authorized.</p>
<p>Upgrade your security posture from legacy VPNs to a true Zero Trust based architecture in just a few clicks.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/ztna-blog-post-img.png" alt="Create ZTNA architecture in just a few clicks" />
</div>
<ul>
<li>Encrypt traffic from your users to the applications they need</li>
<li>Protect all devices, including IOT and OT</li>
<li>No lateral movement</li>
<li>Context-aware access</li>
</ul>
<br/>
<h2>TLS inspection</h2>
<p>The majority of traffic is encrypted today which can allow a potential attacker to hide malware or phishing attempts. With real-time TLS inspection, Zenarmor SASE 2.0 can look inside encrypted traffic and find potential threats before they get to your users. Zenarmor’s innovative approach allows this TLS inspection to happen on nearly any device instead of just a centralized firewall.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/tls-inspection.png" alt="Zenarmor TLS inspection" />
</div>
<ul>
<li>Ensure all threats can be found, regardless of encryption</li>
<li>Protect against malware, phishing, and other attacks</li>
</ul>
<br/>
<h2>CASB and DLP</h2>
<p>As modern work shifted to cloud-based SaaS applications like Microsoft Office 365 and Google Workspace, many security organizations were unable to secure user traffic that was no longer going back to their data centers. Cloud Access Security Broker functionality that’s built into Zenarmor SASE 2.0 lets you secure your users, regardless of how they’re accessing applications. Data Loss Prevention, or DLP, features can block users attempting to upload company data to unsanctioned cloud storage providers.</p>
<img src="https://www.zenarmor.com/images/blog/casb-and-dlp.png" alt="Zenarmor CASB and DLP section">
<ul>
<li>Protect your SaaS and cloud traffic</li>
<li>Prevent unauthorized uploads of company data</li>
</ul>
<br/>
<h2>SWG</h2>
<p>Secure Web Gateways are an important line of defense for your network and Zenarmor SASE 2.0 allows you to deploy wherever you need protection: Near your users or in the cloud. With real-time TLS inspection, we can shed a light on malware and other threats that could pass through other devices since they’re hiding behind encryption. We can also filter and block zero-day threats, keeping you protected before waiting for signature updates from competing vendors.</p>
<img src="https://www.zenarmor.com/images/blog/swg.png" alt="Zenarmor SWG section">
<ul>
<li>Filter and block malicious traffic before it gets to your network and users, even zero-day attacks</li>
<li>TLS inspection for real-time detection of threats attempting to hide in encrypted traffic</li>
</ul>
<br/>
<h2>Policy-based controls (web filtering, applications)</h2>
<p>Powerful security features can often be difficult to configure. Not with Zenarmor SASE 2.0. Now you can quickly and intuitively create, configure, modify, and apply policies for your sites, departments, networks, and users in a simple, unified interface.</p>
<img src="https://www.zenarmor.com/images/blog/policy-based-controls.png" alt="Zenarmor Policy-based controls (web filtering, applications)">
<ul>
<li>Fine, granular control of allowed URLs</li>
<li>Different levels of control for sites, departments, locations, and more</li>
<li>Control exactly who can access what, enforce least privilege by default</li>
</ul>
<h2>Unified Management for control and visibility</h2>
<p>Power is nothing without control. Zenarmor SASE 2.0 has powerful security features combined with a user-friendly, intuitive interface that lets you quickly configure the security policies and features you need.</p>
<img src="https://www.zenarmor.com/images/blog/unified-management-for-control-and-visibility.png" alt="Zenarmor Unified Management for control and visibility">
<p>Additionally, reports and visualizations provide at-a-glance insights into what’s going on within your network, giving you more visibility than ever.</p>
<img src="https://www.zenarmor.com/images/blog/unified-management-for-control-and-visibility-2.png" alt="Zenarmor Unified Management for control and visibility">
<br/>
<h2>SD-WAN</h2>
<p>Software Defined WAN provides flexible, self-healing network capabilities for all of your underlying circuits. Simply define your locations and let Zenarmor provide secure, reliable routing between your global locations.</p>
<img src="https://www.zenarmor.com/images/blog/sd-wan.png" alt="Zenarmor SD-WAN">
<ul>
<li>Intelligent routing and usage of links</li>
<li>Centralized management and visibility</li>
</ul>
<h2>Zenarmor SASE 2.0 - Deploy-Anywhere SASE™ Platform</h2>
<p>The rise of SASE solution providers helped many organizations solve their security challenges, but unfortunately they also introduced some new problems.</p>
<p>Take back control of your network, your traffic, and your data while eliminating the additional latency that’s introduced by forcing your traffic to the cloud by some SASE vendors.</p>
<p>Quickly and easily deploy close to your users whether that’s near the edge or in the cloud. Secure all your devices, including IOT, OT, medical, and end user devices.</p>
<p>By protecting your users wherever they are, you’ll improve their user experience while simultaneously providing a fully-featured network security solution.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/walkthrough-blog-cover.svg" length="0" type="image/svg"/>
        </item>
        <item>
            <title><![CDATA[What’s New in Plug and Secure Home.: More Devices, More Policies]]></title>
            <link>https://www.zenarmor.com/blog#whats-new-in-zenarmor-home-more-devices-more-policies</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#whats-new-in-zenarmor-home-more-devices-more-policies</guid>
            <pubDate>Mon, 30 Jun 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[What’s New in Plug and Secure Home.: More Devices, More Policies
Zenarmor SASE 2.0 is here and it marks a turning point in how we protect networks across the globe.
]]></description>
            <content:encoded><![CDATA[<p>What’s New in Plug and Secure Home.: More Devices, More Policies</p>
<p>Zenarmor SASE 2.0 is here and it marks a turning point in how we protect networks across the globe.</p>
<p>As we introduce <strong>Zenarmor Deploy-Anywhere SASE™ Platform</strong>, an innovative architecture that enables flexible deployment, to the network security industry, our goal is to meet the evolving needs of businesses, remote teams, and hybrid workforces.</p>
<p>But the impact of this launch goes beyond the enterprise space.</p>
<p><strong>Plug and Secure Home. is evolving too.</strong></p>
<p>From day one, our mission has been to make advanced network security accessible to everyone. And that includes the passionate home users, lab builders, and privacy-conscious individuals who’ve been with us from the start. As we continue to scale, we’re making sure the Home subscription grows with us.</p>
<p>Over the past few months, we’ve received a lot of feedback, especially about the limitations in the Plug and Secure Home. subscription regarding the number of devices and policies. Many of you told us that while you love the power and flexibility Zenarmor offers, the existing limits made it hard to fully secure your increasingly complex home networks, particularly in a time when the number of IoT devices is increasing significantly.</p>
<p>We’ve heard you loud and clear.</p>
<p>Now, we’re making meaningful changes, directly shaped by your feedback, to the <strong>Home subscription</strong>, starting with two of your most requested improvements:</p>
<p><strong>Up to 200 Devices Now Supported</strong></p>
<p>You can now connect up to <strong>200 devices</strong> with your Plug and Secure Home. subscription—double the previous limit. Whether you’re running a smart home setup, a home lab, or managing a tech-savvy household, we’ve got you covered.</p>
<p><strong>Five Policies: One Default, Four Customizable</strong></p>
<p>We’re also expanding the number of customizable policies from 2 to 4.</p>
<p>New 5 policies include:</p>
<ul>
<li><strong>1 Default Policy</strong></li>
<li><strong>4 Fully Customizable Policies</strong></li>
</ul>
<p>This means you can now create tailored security policies for different groups of devices or users, giving you more control and flexibility to secure your home environment the way you want. <strong>To activate these new limits, please make sure to have the latest version of Zenarmor and reinstall your activation key.</strong></p>
<p>At Zenarmor, we’re fortunate to serve a community of highly skilled, tech-savvy users who hold us to high standards. Your feedback continues to shape the product in meaningful ways, and as we grow, we remain committed to evolving Zenarmor in step with your needs.</p>
<p>Thank you for being part of the journey.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/plug-and-secure-home-changes.svg" length="0" type="image/svg"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor Deploy-Anywhere SASE™ Platform: Rethinking SASE for the Real World]]></title>
            <link>https://www.zenarmor.com/blog#plug-and-secure-anywhere-rethinking-sase-for-the-real-world</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#plug-and-secure-anywhere-rethinking-sase-for-the-real-world</guid>
            <pubDate>Fri, 27 Jun 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[If you ask any IT leader today what keeps them up at night, chances are their answer is not just security. It is security at scale. 
As businesses strive to keep up with hybrid work, legacy technologies and remote teams, the traditional boundaries of the network have almost disappeared.
]]></description>
            <content:encoded><![CDATA[<p>If you ask any IT leader today what keeps them up at night, chances are their answer is not just security. It is security at scale.</p>
<p>As businesses strive to keep up with hybrid work, legacy technologies and remote teams, the traditional boundaries of the network have almost disappeared.</p>
<p>That’s where Zenarmor Deploy-Anywhere SASE™ Platform stands out.</p>
<p>While the SASE has become popular with companies, many of those solutions still fall short in flexibility, performance, and real-world conditions. Zenarmor Deploy-Anywhere SASE™ Platform reimagines network security by meeting you wherever you are - on-prem, on cloud, or anywhere in between.</p>
<p>Let’s explore what makes this approach unique.</p>
<p><strong>1 - Instant Deployment Across Any Environment</strong></p>
<p>Security should not be a complex affair.<br>
With Zenarmor, it isn’t.</p>
<p>You don’t need special hardware, or to redesign your entire network. Zenarmor is a software-first product, built to run on almost any platform - Windows, Linux, macOS and others. It just works.</p>
<p>Some vendors claim “lunch break” deployments. With Zenarmor, it is much quicker - quicker than a ‘lunch break’. You can get it up and running within a few minutes - saving your team precious time, and reducing risk in the process.</p>
<p>This kind of speed becomes a strategic edge for your company. For fast-moving IT teams or MSPs dealing with multiple clients, setting up security in minutes can make the difference between proactive security and reactive controls.</p>
<p><strong>2 - No Cloud Backhauling: Performance Without the Pain</strong></p>
<p>Many cloud-based SASE solutions have a secret: backhauling.</p>
<p>When all traffic has to go through a vendor’s cloud PoP for inspection, there are chances of latency. Performance drops. As a result, user experience takes a hit. Users start finding ways around the system - turning off their VPNs, disabling security agents, or even complaining to IT.</p>
<p><strong>Zenarmor Plug. SASE. Everywhere.</strong> eliminates this issue entirely.</p>
<p>Zenarmor’s ‘Inspect locally, Manage centrally’ approach means you do not have to rely on ‘middle’ infrastructure. Users stay protected at all times, security becomes invisible - exactly how it should be.</p>
<p><strong>3 - Centralized Management, Decentralized Enforcement</strong></p>
<p>Deploying security everywhere shouldn’t mean complexity in managing.</p>
<p>Zenconsole gives you centralized control across your entire deployment. Whether you’re managing a fleet of laptops or firewalls, you get one source of truth.</p>
<p>This is critical not only for operational efficiency, but also for security. You can enforce consistent policies without problems, monitor traffic in real time, and troubleshoot issues without switching between tools or portals.</p>
<p><strong>4 - Privacy by Design, Not Just by Policy</strong></p>
<p>Too many SASE solutions rely on shared cloud PoPs, creating a host of compliance concerns.</p>
<p>Zenarmor Deploy-Anywhere SASE™ Platform follows privacy by design principles.</p>
<p>There’s no traffic rerouting. No shared infrastructure. No risk of IP blacklisting. For teams subject to GDPR, HIPAA, or regional data sovereignty regulations, this is a relief.</p>
<p>Your traffic stays where it belongs - under your control.</p>
<p><strong>5 - Scales Without Infrastructure Constraints</strong></p>
<p>Most security tools start lightweight and become bloated. Zenarmor remains lean - even at scale.</p>
<p>Irrespective of how many endpoints you are managing, there’s no need to invest in new servers. Zenarmor’s lightweight engine is designed for high-efficiency enforcement and minimal resource usage.</p>
<p>This makes it suitable not just for enterprises but also for MSPs or mid-sized organizations that need to scale without increasing their costs.</p>
<p><strong>6 - Protects What Cloud-Only SASE Cannot</strong></p>
<p>Cloud-only SASE platforms struggle with devices that cannot (or should not) route traffic through external gateways.</p>
<p>Think security cameras, industrial controls, medical sensors, and other IoT devices.</p>
<p>Zenarmor protects these assets by enforcing policy locally, giving you visibility into east-west
traffic patterns that cloud inspection can’t address. You can identify lateral movement attempts, quarantine compromised nodes, and close gaps that would otherwise go unnoticed.</p>
<p><strong>Legacy Systems: Still Critical, Still Vulnerable</strong></p>
<p>Not every business can switch overnight. Many still rely on legacy applications and systems that are essential but hard to secure in a modern architecture. Their management is also clunky and not
user-friendly, making shifting out a lot more complex</p>
<p>Zenarmor provides a solution. Its flexible deployment model allows you to bring zero trust enforcement and micro-segmentation into environments that cloud-native tools often miss.</p>
<p>Zenarmor Deploy-Anywhere SASE™ Platform is more than a tagline. It’s a product philosophy based on a deep understanding of how modern networks operate - and where traditional SASE models fail.</p>
<p>At a time when enterprises are rethinking what secure connectivity means, Zenarmor offers a refreshing alternative:</p>
<ul>
<li>fast to deploy,</li>
<li>light on infrastructure,</li>
<li>highly efficient, and</li>
<li>designed for the environments that most others overlook.</li>
</ul>
<p>It’s not about discarding the cloud. It’s about taking control (and security) back in your hands.
If you want to learn more about Zenarmor’s Plug. SASE. Everywhere. Approach, reach out to us today.</p>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/QwC91wzodhg?si=RUFc1yumG8ZKIhPk" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/plug-and-secure-anywhere.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Scheduled Maintenance for Zenconsole]]></title>
            <link>https://www.zenarmor.com/announcements#maintenance-announcement</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#maintenance-announcement</guid>
            <pubDate>Wed, 25 Jun 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[We would like to inform you about the upcoming scheduled maintenance for Zenconsole, during which the system will be temporarily unavailable.]]></description>
            <content:encoded><![CDATA[<p>We would like to inform you about the upcoming scheduled maintenance for Zenconsole, during which the system will be temporarily unavailable.</p>
<h2>Details:</h2>
<ul>
<li><strong>Date and Time:</strong> Saturday, June 28, 2025, from 05:00 am - 06:00 am GMT(Summer Time)  (00:00 am - 01:00 am EDT, Sunday, June 27, 2025 9:00 pm to 10:pm PDT).</li>
<li><strong>Duration:</strong> 1 hour</li>
<li><strong>Affected Service:</strong> Zenconsole Cloud Management Portal</li>
<li><strong>Reason for Maintenance:</strong> OS Migration for Zenconsole Infrastructure</li>
</ul>
<p>We thank you for your understanding and patience during this maintenance window and apologize for any inconvenience it may have caused.</p>
<p>Zenarmor Team</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/maintenance-img.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Beyond the Buzzword: Why Traditional SASE Falls Short and Zenarmor Excels]]></title>
            <link>https://www.zenarmor.com/blog#why-traditional-sase-falls-short-and-zenarmor-excels</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#why-traditional-sase-falls-short-and-zenarmor-excels</guid>
            <pubDate>Mon, 23 Jun 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[Over the past few years, a large number of tools and technologies have emerged that promise to ‘revolutionize network security’. The modern hybrid work landscape has brought Secure Access Service Edge (SASE) into the conversation too.]]></description>
            <content:encoded><![CDATA[<p>Over the past few years, a large number of tools and technologies have emerged that promise to ‘revolutionize network security’. The modern hybrid work landscape has brought Secure Access Service Edge (SASE) into the conversation too.</p>
<p>While SASE represents a big change in how organizations approach network security, traditional SASE implementations often fall short of their requirements.</p>
<p>The SASE market is booming. It is projected to reach USD 44.20 billion in 2024 and grow at an 11.2% CAGR through 2032. This growth reflects a real need for integrated and scalable security.</p>
<p>Many “traditional” SASE solutions however, often fall short of expectations. Many are not built as unified platforms from the start, which leads to complexities and limitations.</p>
<p>This is where Zenarmor comes in, not just as an alternative but as a solution that directly addresses these issues.</p>
<p>Let’s explore where traditional SASE struggles and how Zenarmor excels in solving your data security challenges.</p>
<h2>Limitations of Traditional SASE and the Zenarmor Advantage</h2>
<p>Zenarmor addresses traditional SASE issues with a practical, high-performance, and cost-effective approach. Here are some drawbacks of traditional SASE and how  Zenarmor scores over the same.</p>
<p><strong>Complexity and Disjointed Management</strong></p>
<p>Traditional SASE will often have you managing multiple dashboards and multiple policies. This fragmented approach is because traditional SASE was not conceived as a cohesive platform. This complexity increases operational burdens and raises the chances of misconfigurations.</p>
<p><strong>Zenarmor Advantage: True Unified Management and Simplicity</strong></p>
<p><a href="https://www.zenarmor.com/docs/support/release-notes">Zenarmor SASE 2.0</a> delivers true unified security management, whether you’re deploying on-prem, in the cloud, or directly to endpoints. Unlike traditional solutions tied to specific hardware or OS, Zenarmor is fully agnostic. That means you get the flexibility to secure any infrastructure. Through Zenconsole, you gain centralized, single-pane-of-glass control across all deployments, enabling consistent policy enforcement and dramatically reducing operational complexity</p>
<p><strong>Performance Bottlenecks and Latency Issues</strong></p>
<p>Cloud-native SASE typically reroutes traffic to central Points of Presence (PoPs) for inspection, causing significant delays. Cloud backhauling for security services can worsen this issue. Moreover, relying on shared PoPs introduces risks: outages can disrupt services, and shared IP addresses can lead to your organization getting blacklisted, and eventually harm your reputation.</p>
<p><strong>Zenarmor Advantage: Edge-Centric Performance and Resilience</strong></p>
<p>Zenarmor operates directly within your existing network infrastructure and enforces security right at the network edge. This way, you can avoid the need to reroute traffic, and reduce delays, thereby optimizing performance. By not depending on shared PoPs, you avoid the risks of outages and blacklisting, enhancing your network’s reliability and reputation.</p>
<p><strong>High Costs and Hidden Fees</strong></p>
<p>While SASE aims to reduce costs, many traditional vendors charge high subscription fees and impose bandwidth limitations. Overages or unexpected traffic spikes can lead to high bills overall. Additionally, egress fees for data leaving the vendor’s cloud can quietly drain your budget.</p>
<p><strong>Zenarmor Advantage: Transparent Costs and Unrestricted Scaling</strong></p>
<p>Zenarmor SASE Anywhere Architecture™ eliminates the need for expensive cloud infrastructure by performing inspection locally—on the edge, on the device, or on-premises. This approach removes egress fees entirely and avoids bandwidth throttling. It runs on your existing hardware, reducing initial setup costs and allowing you to scale without worrying about hidden charges or unpredictable cloud expenses.</p>
<p><strong>Limited Visibility and Shadow IT Blind Spots</strong></p>
<p>Traditional SASE often manages well with North-South traffic visibility (traffic entering or leaving your network) but lacks insight into East-West traffic (internal communications). This critical oversight allows Shadow IT and internal threats to go unnoticed, leaving your network vulnerable.</p>
<p><strong>Zenarmor Advantage: Comprehensive Visibility: North-South and East-West</strong></p>
<p>Zenarmor excels in Deep Packet Inspection (DPI) and application-layer control, giving you detailed command over thousands of applications. Importantly, it offers full visibility, covering both North-South and East-West traffic. This capability allows you to spot and manage Shadow IT, internal threats, and lateral movements, closing essential security gaps.</p>
<p>In addition, Zenarmor provides <strong>Zero Trust Network Access (ZTNA)</strong> and <strong>Secure Service Edge (SSE)</strong> capabilities on a <strong>single platform</strong>, enabling granular access control and threat mitigation - all from a unified management layer.</p>
<p><strong>Vendor Lock-in and Restrictive Architectures</strong></p>
<p>Choosing a traditional SASE vendor often results in significant vendor lock-in. Their proprietary systems and inflexible architectures make it hard and costly to change providers or customize the solution to your needs, which stifles agility and innovation.</p>
<p><strong>Zenarmor Advantage: Unmatched Flexibility without Vendor Lock-in:</strong></p>
<p>Zenarmor ensures transparency and prevents vendor lock-in. It is an extremely versatile platform, as it works across OPNsense, various Linux distributions, FreeBSD, and cloud environments. You can deploy it wherever you need it, adapting to your network architecture rather than the other way around.</p>
<p><strong>Choosing Wisely in the SASE Era</strong></p>
<p>The shift to SASE is an important step towards a more resilient cybersecurity posture. With over 60% of organizations moving to hybrid or fully remote work, secure and seamless connectivity is crucial. While complete SASE implementation is still developing, 32% of organizations are already in progress, and 24% plan to implement it in the next 12 months.</p>
<p>However, selecting the right SASE solution is key. Don’t let the lure of consolidation distract you from the potential complexities, performance issues, hidden costs, and visibility gaps of traditional options.</p>
<p>Zenarmor offers a compelling, agile, effective, and clear approach. It fulfills the SASE promise while removing the drawbacks, helping you to truly protect your network without compromise.</p>
<p>Ready to discover a modern way to secure your network that eliminates the weaknesses of traditional SASE? <a href="https://www.zenarmor.com/">Learn more</a> about Zenarmor and <a href="https://dash.zenarmor.com/firewalls/register/new-user">try it for yourself</a> today.
Zenarmor offers a user-friendly trial policy of 15 days for regular users, and 3 months for partners.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/why-traditional-sase-falls-short-and-zenarmor-excels.svg" length="0" type="image/svg"/>
        </item>
        <item>
            <title><![CDATA[Traditional VPNs are Slowing you Down - And Leaving you Exposed. Here’s a Better Alternative.]]></title>
            <link>https://www.zenarmor.com/blog#challenges-of-vpn-and-alternatives</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#challenges-of-vpn-and-alternatives</guid>
            <pubDate>Thu, 19 Jun 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[Let’s face it - the way most companies handle secure access now, doesn’t cut it any more. Old school VPNs were dependable at a time when everyone worked from the office, and cloud applications weren’t a thing.
]]></description>
            <content:encoded><![CDATA[<p>Let’s face it - the way most companies handle secure access now, doesn’t cut it any more. Old school VPNs were dependable at a time when everyone worked from the office, and cloud applications weren’t a thing.</p>
<p>However, working styles have changed fast. Now, VPNs are at best an outdated security system that not just have glaring gaps, but also increase friction in everyday operations.</p>
<p>Traditional VPNs are no longer adequate to handle the security requirements of the modern organization. This is especially true if your organization is undergoing digital transformation, has remote workers or if you work with cloud applications.</p>
<p>Here are some reasons why traditional VPNs do not suffice the security requirements of the modern organization:</p>
<h2>Centralized ‘choke’ points</h2>
<p>Imagine redirecting all cars in a city traffic through one lane, during rush hour. The result? Everything is slowed down, and there is chaos. VPNs send all your traffic through a single gateway, which is usually at HQ. If the gateway crashes, everyone is stuck.</p>
<p><strong>Zenarmor Solution: Peer-to-peer mesh connectivity using ZTNA</strong></p>
<p>Zenarmor helps connect each user directly and securely to the information they need. Zenarmor’s ZTNA implementation creates encrypted, point-to-point tunnels between the endpoint and the target application or server without detouring through a VPN hub or a data centre. This helps your organization significantly:</p>
<ul>
<li>Eliminates centralized network congestion</li>
<li>Limits the attack surface for bad actors and improves security</li>
<li>Improves scalability and flexibility through an easily adaptable solution (ZTNA)</li>
</ul>
<h2>Dependence on VPN Gateway</h2>
<p>If your VPN application or cloud PoP has issues, your users get kicked out or rerouted through slower routes. This means network lags, session drops, frustrated users, and your IT teams getting calls throughout the day.</p>
<p><strong>Zenarmor Solution: Endpoint based inspection</strong></p>
<p>Zenarmor flips the script - Zenarmor runs right on your device, eliminating any issues of gateway getting choked. This means security checks happen locally - no need for a VPN, no detours or bottlenecks. As a result? Smoother and safer remote work for everyone, and IT teams are not burdened with calls throughout the day.</p>
<ul>
<li>Improved performance due to minimal reliance on centralized infrastructure (20-1500 times faster than traditional VPN or SD-WAN solutions)</li>
<li>Consistent, reliable connections with no ‘single-point-of-failure’</li>
<li>True Zero Trust Security with unlimited micro-segmentation</li>
</ul>
<h2>Threat surface increases significantly - including all systems on the network</h2>
<p>Once a VPN connection is active, a compromised device can open the floodgates to the entire network. Think about it - when a laptop gets infected with malware or falls victim to a phishing attack (quite common), the attacker has the same network access as your employees. What should ideally be an isolated instance on one remote worker’s device, quickly becomes a company-wide security nightmare.</p>
<p><strong>Zenarmor Solution: Microsegmented ZTNA + Default-Deny Access</strong></p>
<p>With Zenarmor, the control is in your hands. You can restrict access to per user and per application. Every connection is explicitly granted, giving you full visibility into access. Even if a device is compromised, access is blocked by default, which means bad actors cannot move laterally.</p>
<ul>
<li>Peer-to-peer secure connectivity, minimizing exposure and bottlenecks</li>
<li>Default-Deny Access model as an approach to enforce Zero Trust Security</li>
<li>Granular control of applications and user access to reduce exposure and risk</li>
</ul>
<h2>The Bottom Line</h2>
<p>Traditional VPNs were built for a different era and were useful long back. The modern environment of remote teams, distributed workforces, and evolving threats needs a more modern approach to security.</p>
<p>Zenarmor is built on a fundamentally modern approach - on Zero Trust, endpoint intelligence, and peer-to-peer connectivity. The result? Faster, safer, and more resilient access, without the usual bottlenecks and breakdowns. It’s time to give your network security a fresh, new upgrade it deserves. <a href="https://www.zenarmor.com/contact">Talk to us today</a> to learn how Zenarmor can help strengthen your security posture.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/challenges-of-vpn-and-alternatives.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor SASE 2.0 is Here: Plug. SASE. Everywhere. for the Modern Workforce]]></title>
            <link>https://www.zenarmor.com/blog#zenarmor-sase-2.0</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#zenarmor-sase-2.0</guid>
            <pubDate>Thu, 12 Jun 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[Today is an important day for us here at Zenarmor.]]></description>
            <content:encoded><![CDATA[<p>After months of hard work — building, refining, testing, listening to feedback — I’m proud to share that <strong>Zenarmor 2.0 is now generally available</strong>.</p>
<p>It means more than just a version number update. It’s the result of a vision we’ve been pursuing for some time: a unified SASE platform that truly matches how businesses operate today — instant, simple, flexible, fast, and built for an agile, mobile and distributed world.</p>
<p>I wanted to take a few minutes to share with you why this release matters — not only for us, but for any organization navigating the new realities of work and security.</p>
<h2>The Way We Work Has Changed — For Everyone</h2>
<p>Five years ago, work looked very different. Employees worked at fixed office locations, connected to internal company networks, using company owned desktops. Data lived safely inside on-premises data centers. The network perimeter was clear.</p>
<p>But that world is gone — for <strong>everyone</strong>.</p>
<p>Today, workforces are mobile. Teams work from home, cafés, client sites, on the road, using laptops, smartphones, tablets and accessing sensitive data from anywhere.</p>
<p>This shift has not only happened to large enterprises or tech firms.</p>
<p>It’s just as true for <strong>small businesses</strong> such as law firms, architecture firms, real estate agencies constantly moving between offices, client locations, and remote workspaces.</p>
<p>Agility and mobility are now how business is done in <strong>every industry</strong>, at <strong>every size</strong>.</p>
<p>Yet traditional network security models, perimeter-based products and VPNs, were not designed for this environment. They can’t fully protect users who are mostly off-network.</p>
<p>We are not the only ones noticing this shift and recognize there needs to be a fresh approach.</p>
<p>Recognizing this shift, the industry moved toward a new framework: <strong>Secure Access Service Edge (SASE)</strong>, first defined by Gartner.</p>
<p>This initial version of SASE, which we call cloud-only SASE, was a good step in the right direction. However it spawned new challenges.</p>
<h2>Cloud-only SASE Challenges</h2>
<p>Below are some of the common complaints we’ve heard:</p>
<ul>
<li><strong>High costs</strong> → Cloud infra and data egress fees</li>
<li><strong>Performance issues</strong> → Latency from routing all traffic through vendor clouds</li>
<li><strong>Complex setup</strong> → Fragmented licensing, heavy vendor lock-in</li>
<li><strong>Privacy concerns</strong> → Sensitive traffic handed off to vendor clouds</li>
<li><strong>IoT &amp; legacy gaps</strong> → Poor support for hybrid environments</li>
</ul>
<p>It became clear: businesses of <strong>all sizes</strong> need a better way to secure their distributed, cloud-first, mobile workforces; and cloud-only SASE needed to be improved as well.</p>
<h2>Introducing: Plug. SASE. Everywhere.</h2>
<p>With <strong>Zenarmor 2.0</strong>, we’re redefining SASE to become faster, simpler and even more agile.</p>
<p><strong>Plug. SASE. Everywhere.</strong> — because security inspection should happen <strong>where it makes the most sense</strong>:</p>
<ul>
<li><strong>Edge gateway</strong></li>
<li><strong>Cloud VPC gateway</strong></li>
<li><strong>Endpoint</strong> (desktop or laptop)</li>
</ul>
<p>The benefits:</p>
<ul>
<li><strong>No cloud backhauling</strong> → Lower latency, lower cost</li>
<li><strong>No POP outages or</strong> IP blacklisting</li>
<li><strong>Local inspection &amp; enforcement</strong></li>
<li><strong>Deploy in minutes</strong></li>
<li><strong>Unified Zenconsole</strong> management</li>
<li><strong>IdP integration</strong> + API support</li>
</ul>
<h2>What’s in Zenarmor 2.0</h2>
<p><strong>Zenarmor SASE</strong> is built on two core components:</p>
<ol>
<li><strong>Secure the Internet</strong> — with <strong>Secure Service Edge (SSE)</strong></li>
<li><strong>Secure Access to Private Networks</strong> — with <strong>Zero Trust Network Access (ZTNA)</strong></li>
</ol>
<p>Together:</p>
<p><strong>SSE + ZTNA = SASE</strong> → Secure all user traffic (public &amp; private) from anywhere</p>
<ul>
<li>→ <strong>Consistent policies &amp; full visibility</strong></li>
<li>→ <strong>Zero Trust architecture</strong> — no VPN dependence</li>
</ul>
<h2>Built for Real-World Use Cases</h2>
<p>Our initial customers — from <strong>small businesses</strong> to <strong>large organizations</strong> — are using <strong>Zenarmor 2.0</strong> to:</p>
<ul>
<li>Secure remote workforces (with or without network hardware)</li>
<li>Replace MPLS / SD-WAN / VPN</li>
<li>Enable ZTNA access to private networks</li>
<li>Protect branch and school edges</li>
<li>Protect cloud workloads</li>
<li>Support IoT and legacy infrastructure</li>
<li>Gain Shadow IT visibility and control</li>
</ul>
<h2>Available Now</h2>
<p><strong>Zenarmor 2.0</strong> is <strong>available today</strong>.</p>
<p>We’re proud to deliver this unique, industry-first SASE platform built for how businesses of <strong>every size</strong> operate today — instant, simple, fast, flexible, and secure.</p>
<p><strong>That’s Plug. SASE. Everywhere. That’s Zenarmor.</strong></p>
<p>To find out more, please visit our website: <a href="https://www.zenarmor.com">https://www.zenarmor.com</a></p>
<p><strong>Murat Balaban</strong>
Founder &amp; CEO, Zenarmor</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor2.0.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor’s Network Security stack now natively supports macOS]]></title>
            <link>https://www.zenarmor.com/announcements#zenarmor-network-security-stack-now-natively-supports-macos</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#zenarmor-network-security-stack-now-natively-supports-macos</guid>
            <pubDate>Sat, 15 Feb 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[We’re excited to announce that Zenarmor is now deployable to macOS devices! With this latest expansion, Zenarmor continues providing seamless network security for distributed workforces, ensuring that organizations can protect their users no matter where or what device they use.]]></description>
            <content:encoded><![CDATA[<p>We’re excited to announce that Zenarmor is now deployable to macOS devices! With this latest expansion, Zenarmor continues providing seamless network security for distributed workforces, ensuring that organizations can protect their users no matter where or what device they use.</p>
<h2>Bridging the Gap: How Zenarmor Secures macOS Devices</h2>
<p>In contrast to conventional Security Service Edge (SSE) solutions that necessitate routing network traffic to the vendor’s cloud for inspection, Zenarmor’s pioneering <strong>Plug. SASE. Everywhere. approach</strong> delivers the complete SSE stack directly to your macOS endpoint. Consequently, inspection and control are now conducted locally on the device interface, irrespective of the network to which the device is connected.</p>
<p>With the rise of remote and hybrid work environments, maintaining security across various operating systems is increasingly vital. Zenarmor has already delivered a complete, lightweight SSE stack to Windows endpoints, and now, by extending support to macOS devices, Apple users can enjoy the same high level of network security.</p>
<p><strong>Zenarmor Deploy-Anywhere SASE™ Platform</strong>: Just like our Windows agent, the new macOS agent is now included with the SSE subscription. Existing SSE users automatically receive macOS protection without any additional steps.</p>
<p><strong>AI-Powered Threat Detection</strong>: Get real-time, advanced threat protection against malware, phishing, and other cyber threats.</p>
<p><strong>Comprehensive Web Filtering</strong>: Block malicious websites and enforce acceptable usage policies across macOS devices.</p>
<p><strong>Centralized Policy Management</strong>: Manage and enforce security policies for both Windows and macOS devices from a single, unified dashboard.</p>
<p><strong>Zero Trust Security Approach</strong>: Ensure that every connection is authenticated and authorized before access is granted.</p>
<h2>Secure Your Entire Workforce – No Matter the Device</h2>
<p>The Zenarmor macOS agent is available exclusively for SSE and upper-tier subscriptions, reinforcing our commitment to comprehensive endpoint security. If you’re interested in securing your macOS endpoints, we invite you to start an SSE trial and experience the full capabilities of Zenarmor SASE Anywhere Architecture™.</p>
 <div class="cta-button">
    <a href="https://dash.zenarmor.com/register/free-edition?utm_source=blog&utm_medium=web&utm_campaign=blog-cta" role="button" class="button orange" rel="noopener">Get Started Today</a>
</div>
<style>
    .cta-button {
        margin-block: 2.5rem;
        display: flex;
        justify-content: center;
    }
</style>
<p>In addition to supporting macOS, Zenarmor offers comprehensive protection across various platforms, including <strong>Windows, Linux, FreeBSD, and OPNsense/pfSense firewalls</strong>. Whether your organization utilizes Windows, macOS, or a combination of various platforms, Zenarmor guarantees that your workforce remains safeguarded regardless of the network they are connected to.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-macos-announcement.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor Achieves SOC 2 Certification: A Milestone in Data Security]]></title>
            <link>https://www.zenarmor.com/announcements#zenarmor-achieves-soc2-certification</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#zenarmor-achieves-soc2-certification</guid>
            <pubDate>Wed, 29 Jan 2025 00:00:00 GMT</pubDate>
            <description><![CDATA[We are pleased to announce that Zenarmor has achieved SOC 2 Compliance Certification, a globally recognized standard for ensuring data security, availability, and confidentiality. This certification reflects our commitment to maintaining the highest standards for protecting your information.]]></description>
            <content:encoded><![CDATA[<p>We are pleased to announce that Zenarmor has achieved <strong>SOC 2 Compliance Certification</strong>, a globally recognized standard for ensuring data security, availability, and confidentiality. This certification reflects our commitment to maintaining the highest standards for protecting your information.</p>
<p>With over 20,000 deployments worldwide, Zenarmor safeguards hundreds of thousands of users, delivering innovative and reliable network security solutions. SOC 2 certification further strengthens this mission, providing users with added confidence that their data is managed securely and responsibly.</p>
<p>This milestone comes as Zenarmor prepares to launch its <strong>new SASE product</strong>, a groundbreaking innovation that extends security to the <strong>user endpoint level</strong> through our <strong>Zenarmor Deploy-Anywhere SASE™ Platform</strong>. This transformative method redefines network security by enabling seamless, comprehensive protection wherever your users are. By simplifying deployment and management, our Zenarmor Deploy-Anywhere SASE™ Platform empowers organizations to maintain robust security across diverse environments easily.</p>
<p>SOC 2 certification marks another step in our journey to empower users with world-class security and peace of mind as we continue to innovate and expand.</p>
<p>Are you curious to learn more about our commitment to security and what’s next for Zenarmor?</p>
<p><a href="https://www.zenarmor.com/roadmap">Read more about Zenarmor’s innovations and roadmap.</a></p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/announcement/zenarmor-achieves-soc2-certification.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Why Zenarmor 1.18 is a Game-Changer in Boosting  Revenue for MSPs and MSSPs]]></title>
            <link>https://www.zenarmor.com/blog#zenarmor-1-18-for-msp-and-mssp</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#zenarmor-1-18-for-msp-and-mssp</guid>
            <pubDate>Thu, 12 Dec 2024 00:00:00 GMT</pubDate>
            <description><![CDATA[Endpoint devices like laptops and desktops often operate beyond the traditional security perimeter, exposing organizations to increased risks. Employees frequently connect to unsecured public WiFi networks. While VPNs are usually deployed to mitigate this, they come with limitations, including performance bottlenecks, poor user experiences, and the risk of being entirely bypassed. These gaps leave businesses vulnerable, creating a growing demand for more effective, seamless security solutions.]]></description>
            <content:encoded><![CDATA[<p>Endpoint devices like laptops and desktops often operate beyond the traditional security perimeter, exposing organizations to increased risks. Employees frequently connect to unsecured public WiFi networks. While VPNs are usually deployed to mitigate this, they come with limitations, including performance bottlenecks, poor user experiences, and the risk of being entirely bypassed. These gaps leave businesses vulnerable, creating a growing demand for more effective, seamless security solutions.</p>
<p>This evolving landscape presents a significant opportunity for MSPs and MSSPs. With businesses seeking better ways to protect remote workforces and manage endpoint security, there’s a clear need for solutions beyond traditional approaches. Zenarmor 1.18 offers an industry-first “Plug. SASE. Everywhere.” capability that allows native deployment directly on Windows (and MacOS, which will soon be available) devices.</p>
<p>Not to be mistaken for traditional EDR/XDR or antimalware solutions, Zenarmor can now be installed directly on Windows devices such as laptops and desktops. All of Zenarmor’s protective features and benefits are now available locally directly on the Windows device, eliminating the need to backhaul traffic via a VPN to an onsite Zenarmor gateway for inspection. This effectively secures the network traffic regardless of the user and device location.</p>
<p>In addition to endpoint deployment, Zenarmor 1.18 also includes advanced identity and access management capabilities, allowing seamless integration with popular platforms like Azure Entra ID, Google Workspaces, and Okta. Combined with Zenarmor’s multi-tenant, organization-focused dashboard, managing policies and reporting across multiple clients or environments has never been easier. These features enable granular user and group-based policies, offering unparalleled flexibility and visibility into network activity.</p>
<p>Moreover, Zenarmor’s software-only architecture ensures easy deployment without additional hardware investments. Its ability to inspect network traffic locally provides enhanced security while reducing latency and performance issues often associated with backhauling traffic through VPNs. With features like <a href="https://www.zenarmor.com/docs/policies/tls-inspection-rules">Full TLS Inspection</a> and Cloud Access Security Broker (<a href="https://www.zenarmor.com/docs/policies/cloud-access-rules">CASB</a>) included in its SSE subscription, Zenarmor 1.18 is a comprehensive solution for securing modern, distributed networks.</p>
<p>By integrating Zenarmor at the endpoint level, service providers can address critical client pain points:</p>
<ul>
<li>
<p><strong>Comprehensive protection for remote devices</strong>: Zenarmor eliminates the need to backhaul traffic through VPNs, providing secure, local network traffic inspection without compromising performance or usability.</p>
</li>
<li>
<p><strong>Cost-effective deployment</strong>: This software-only solution enables providers to serve clients who operate without physical offices or those unwilling to invest in expensive gateway appliances.
Enhanced user experience: By removing reliance on traditional VPNs, Zenarmor significantly improves performance and ease of use, ensuring employees remain secure without frustrating delays or interruptions.</p>
</li>
<li>
<p><strong>Enhanced user experience</strong>: By removing reliance on traditional VPNs, Zenarmor significantly improves performance and ease of use, ensuring employees remain secure without frustrating delays or interruptions.</p>
</li>
<li>
<p><strong>Expanded client reach</strong>: Businesses previously constrained by traditional security architectures can now adopt Zenarmor’s advanced features, opening up new market segments.</p>
</li>
</ul>
<p>These benefits address pressing cybersecurity challenges and create pathways for MSPs and MSSPs to generate recurring revenue by delivering cutting-edge solutions that clients truly need.</p>
<h2>Revenue Opportunities for MSPs and MSSPs</h2>
<p>Zenarmor’s new capabilities open doors to multiple revenue streams:</p>
<ol>
<li>
<p><strong>Targeting Remote-First and Hybrid Businesses</strong></p>
<p>Offer a security solution for clients operating without physical offices or those unable to invest in gateway appliances. Zenarmor’s software-only approach is ideal for businesses with fully remote teams.</p>
</li>
<li>
<p><strong>VPN Alternative</strong></p>
<p>Position Zenarmor as a next-generation alternative to VPNs for secure traffic inspection, especially for clients solely relying on VPNs for security.</p>
</li>
<li>
<p><strong>Centralized Multi-Tenant Dashboard</strong></p>
<p>Zenarmor’s centralized, multi-tenant dashboard makes managing multiple client organizations easy. Included in the dashboard is the ability to control your clients access based on roles such as administrator, contributors and viewers. Moreover, if your client makes use of an existing identity providers (IdP) such as Google Workspaces, Azure Entra ID or Okta, Zenarmor can easily integrate using the all new <a href="https://www.zenarmor.com/docs/organization-management/configuring-authentication-method">Identity &amp; Access Management</a> feature, all from the same central dashboard, allowing you to easily build policies around existing users and groups.</p>
</li>
<li>
<p><strong>Full TLS Inspection and CASB in One Solution</strong></p>
<p>Zenarmor’s advanced features, including Full TLS Inspection, Cloud Access Security Broker (CASB), and centralized reporting, bring enterprise-grade protection to businesses of all sizes. These capabilities, part of <a href="https://www.zenarmor.com/zenarmor-secure-service-edge">Zenarmor’s cutting-edge SSE subscription</a>, provide unparalleled visibility into encrypted traffic, robust threat prevention, and centralized management.</p>
</li>
</ol>
<h2>Start Free Trial</h2>
<p>Zenarmor 1.18  combined with a Zenarmor SSE subscription is more than just an update—it’s a shift in how endpoint security is delivered.</p>
<p>As an MSP or MSSP, you can now offer your clients cutting-edge security with unparalleled flexibility, empowering them to secure their endpoints wherever they operate.</p>
<p>If you’re ready to explore how Zenarmor can transform your security offerings and unlock new revenue opportunities, <a href="https://form.typeform.com/to/LMf31F1x?typeform-source=p9iuwu4spdy.typeform.com">start your free trial of Zenarmor SSE today</a>.</p>
<p>Have questions or need a deeper dive into Zenarmor’s features? Contact our sales team at <span><img src="https://www.zenarmor.com/images/sales-at-zenarmor.svg" alt="sales-at-zenarmor" /></span>.</p>
<p>Together, let’s redefine cybersecurity.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-1-18-for-msp-and-mssp.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor + OpenWRT: Turn Millions of Existing ISP & CPE Routers Into Full SASE Edges]]></title>
            <link>https://www.zenarmor.com/blog#zenarmor-openwrt-sase-edges</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#zenarmor-openwrt-sase-edges</guid>
            <pubDate>Sun, 08 Dec 2024 00:00:00 GMT</pubDate>
            <description><![CDATA[Zenarmor SASE 2.2 now installs directly on OpenWRT, the world's most widely used CPE/router platform, instantly converting existing gateways into fully capable SASE enforcement points. A game-changer for ISPs, MSPs/MSSPs, and distributed enterprises.]]></description>
            <content:encoded><![CDATA[<p>Service providers, MSPs, and distributed enterprises all share a universal bottleneck: you cannot deploy advanced security everywhere if every location requires new hardware, complex tunnels, or constant backhauling through PoPs.</p>
<p><strong>Zenarmor SASE 2.2 release changes that.</strong></p>
<p>Zenarmor now installs directly on OpenWRT, the world’s most widely used CPE/router platform, instantly converting existing gateways into fully capable SASE enforcement points.</p>
<p>This is a game-changer for ISPs, MSPs/MSSPs, and any organization with distributed edges.</p>
<h2>Why OpenWRT Matters</h2>
<p>OpenWRT isn’t just “router firmware.”</p>
<p>It is the de facto operating system running on millions of ISP-provided routers and CPEs across homes, remote offices, and SMB branches.</p>
<p>By running Zenarmor directly on OpenWRT, service providers can now deliver:</p>
<ul>
<li>SASE-powered internet protection</li>
<li>IoT and unmanaged device security</li>
<li>Branch/home-office visibility</li>
<li>DNS, TLS, and traffic inspection</li>
<li>Real-time Zero Trust enforcement</li>
</ul>
<p>All without shipping new hardware or rerouting traffic to PoPs.</p>
<h2>For ISPs: New Revenue, Zero Hardware</h2>
<p>ISPs can now offer: <strong>“SASE-as-a-service on your existing gateway.”</strong></p>
<p>Key benefits:</p>
<ul>
<li>No truck rolls</li>
<li>No additional appliance</li>
<li>No bandwidth tax</li>
<li>No reliance on centralized PoPs</li>
</ul>
<p>Security happens on the path to the internet, inside the customer’s existing router. This dramatically improves performance, reduces operational overhead, and creates premium service tiers instantly.</p>
<h2>For MSPs/MSSPs: True SASE on CPEs You Already Manage</h2>
<p>Most MSP networks rely on OpenWRT-based gateways. With Zenarmor on the device:</p>
<ul>
<li>You can extend SASE and SSE into any small office or remote location</li>
<li>You can enforce Zero Trust even when you cannot touch the endpoint</li>
<li>You can protect IoT and OT networks that cannot run agents</li>
</ul>
<p>This turns “dumb edge routers” into smart security nodes with no forklift upgrades.</p>
<h2>For Enterprises &amp; Mid-Market: Powerful, Agentless Edge Protection</h2>
<p>OpenWRT support means:</p>
<ul>
<li>Remote sites, contractors, and small branches get full SASE protection</li>
<li>IoT-heavy environments gain instant inspection and filtering</li>
<li>Zero Trust policy enforcement happens before traffic ever leaves the site</li>
</ul>
<p>And because Zenarmor is single-app, single-stack, single-pass, the performance impact is minimal compared to traditional security appliances.</p>
<h2>Why This Is Better Than Traditional PoP-Based SASE</h2>
<p>Most traditional SASE vendors require:</p>
<ul>
<li>Backhauling all traffic</li>
<li>Sending it through central inspection points</li>
<li>Paying for bandwidth and compute in the vendor’s cloud</li>
</ul>
<p><strong>Zenarmor on OpenWRT does the opposite:</strong></p>
<ul>
<li>No backhaul</li>
<li>No cloud dependency</li>
<li>No PoP bottlenecks</li>
<li>No degraded UX</li>
</ul>
<p>Security lives at the edge, not in someone else’s cloud.</p>
<h2>OpenWRT + Zenarmor = SASE Everywhere</h2>
<p>This integration clearly demonstrates the power of Zenarmor’s SASE Anywhere Architecture™:</p>
<p><strong>One App. One Stack. One Pass.</strong></p>
<p>Every edge becomes a SASE edge.</p>
<p>Whether it is a home user, a micro-branch, a retail location, or a multi-tenant ISP environment, Zenarmor delivers consistent protection without new infrastructure.</p>
<h2>Next Steps</h2>
<p>Service providers, MSPs, and distributed enterprises can begin deploying Zenarmor on OpenWRT immediately.</p>
<p>Lighthouse opportunities are now available for early implementers.</p>
<p>With the Zenarmor SASE 2.2 release, OpenWRT support turns the world’s most widely deployed router platform into a full SASE edge at scale, bringing true SASE-as-a-service to your existing gateway and removing the need for expensive hardware refreshes.</p>
<p>For details of the release please check the documentation: <a href="https://www.zenarmor.com/docs/support/release-notes">Zenarmor SASE 2.2 Release</a></p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-openwrt-sase-edges.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor Expands Global Presence with New Office in Frankfurt]]></title>
            <link>https://www.zenarmor.com/announcements#european-office-in-frankfurt</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#european-office-in-frankfurt</guid>
            <pubDate>Wed, 30 Oct 2024 00:00:00 GMT</pubDate>
            <description><![CDATA[Founded in 2017, Zenarmor has rapidly grown to serve over 20,000 active edge deployments in 158 countries across 7 continents, protecting networks ranging from homelab networks to large enterprises.]]></description>
            <content:encoded><![CDATA[<p>Founded in 2017, Zenarmor has rapidly grown to serve over 20,000 active edge deployments in 158 countries across 7 continents, protecting networks ranging from homelab networks to large enterprises.</p>
<p>While 40% of Zenarmor’s customers are located in North America, another 40% are located in the EU region.</p>
<p>And to better serve our customers in the EU region, we have recently opened a new office in Frankfurt, Germany!</p>
<p>As Europe continues to lead the way in digital transformation, from smart cities to industrial automation, information security has become a critical concern for businesses and governments alike. Regulations like the General Data Protection Regulation (GDPR) have set a high standard for data protection, making cybersecurity a top priority across the continent. In this dynamic landscape, ensuring the safety of data and network infrastructures is more important than ever.</p>
<p>Zenarmor already protects a wide range of customers across Europe, from French educational institutions to Italian ports, along with many other organizations. Our new Frankfurt office will enable us to accelerate this expansion, meeting the growing demand for omni-present network security anywhere and anytime across the EU region and supporting Europe’s digital transformation.</p>
<p>Zenarmor’s industry-first, unique “Plug. SASE. Everywhere.” technology is designed to meet the needs of today’s agile enterprises, offering advanced threat detection and prevention anywhere and anytime. Whether protecting complex hybrid workforces, cloud environments or securing on-premise networks, our solutions continue to set the standard for network security globally.</p>
<p>With our new office at <strong>Meisengasse 13-15, 60313 Frankfurt am Main</strong>, we’re excited to be closer than ever to our European customers. This location will allow us to connect and collaborate more closely with partners and businesses across the region, enhancing network defenses and supporting Europe’s journey in cybersecurity innovation.</p>
<p>Stay tuned for more updates as we continue to innovate and grow in Europe and beyond!</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/announcement/new-office-in-germany.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor 1.18 is here, ready to secure your distributed, remote workforce]]></title>
            <link>https://www.zenarmor.com/blog#zenarmor-1-18-is-here-ready-to-secure-your-distributed-remote-workforce</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#zenarmor-1-18-is-here-ready-to-secure-your-distributed-remote-workforce</guid>
            <pubDate>Thu, 24 Oct 2024 00:00:00 GMT</pubDate>
            <description><![CDATA[Zenarmor 1.18 has arrived, and it is one of the most feature-packed releases yet! In this release, we are one step closer to achieving our goal of delivering a truly remarkable Secure Access Service Edge (SASE) product to help address the security concerns of an ever-expanding hyper-distributed, remote workforce making use of our industry-first Plug. SASE. Everywhere. approach to network security.]]></description>
            <content:encoded><![CDATA[<p>Zenarmor 1.18 has arrived, and it is one of the most feature-packed releases yet! In this release, we are one step closer to achieving our goal of delivering a truly remarkable Secure Access Service Edge (SASE) product to help address the security concerns of an ever-expanding hyper-distributed, remote workforce making use of our industry-first Plug. SASE. Everywhere. approach to network security.</p>
<p>To achieve this, Zenarmor 1.18 has become more organization-focused and user-centric with the ability to create central organization-based security policies not just around device categories or networks but also around the users and groups assigned to these devices. To achieve this, we have introduced new Identity &amp; Access Management (I&amp;AM) and Single Sign-On (SSO) capabilities and an all-new organization dashboard giving you complete control and visibility of your gateway and endpoint deployments.</p>
<p>Speaking of endpoint deployments, as of this release, you will now be able to deploy Zenarmor natively on Microsoft Windows devices, affording you additional deployment possibilities. Users can now benefit from Zenarmor’s great protection locally on their Windows endpoint, regardless of which network they are connected to, true on-the-go security without being tethered to a VPN,  more to come on this shortly.</p>
<p>So without further ado, let’s jump straight into the details.</p>
<h2>All-New Organization Dashboard and Reporting</h2>
<p>A truly great SASE product is nothing without a single, fully integrated, and intuitive dashboard. As of Zenarmor 1.18, for all subscribers with an SSE license and above, you will now be able to enroll your organization into Zenconsole to make use of this dashboard. The <a href="https://www.zenarmor.com/docs/organization-management/accessing-organization-dashboard">organization dashboard</a> offers a birds-eye view of your global organization deployment. This dashboard has been designed to give you a high-level overview of your gateway and endpoint deployments, as well as the ability to use it to identify any immediate high-level threats that may be actively impacting a specific gateway, endpoint, or region, allowing you to act quickly to investigate the potential threat further.</p>
<p>In addition to this high-level network visibility, we have further enhanced our built-in reporting functionality to be more user-centric, meaning you will be able to view reports around specific users and user groups and not just devices as seen in previous releases.</p>
<p>Because this release allows for multiple gateway and endpoint deployments within a single organization, we have included a means for all gateways and endpoints, regardless of their location, to stream reporting data back to Zenconsole, where a consolidated organization-wide report is made available, including all the great filtering capabilities you should already be accustomed to, giving you complete visibility of your network and users regardless of how distributed your organization may be.</p>
<p>If you are an MSP/MSSP the new organization dashboard delivers enhanced multi-tenancy capabilities where you can enroll multiple organizations under one account and manage each organization on an individual basis through Zenconsole. You also have the ability to invite administrators from each organization, respectively, and provide them with roles that define the level of control they have over the organization.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/organization-selection-menu.png" alt="Organization selection menu" />
</div>
<p>Figure 1: Organization selection menu</p>
<p>While we understand that our latest SSE subscription, which includes TLS inspection, CASB, and now our new organization dashboard, may not be for everyone, rest assured that for those on Business, Home, and Free subscriptions, your Zenconsole experience will remain unchanged. We do, however, encourage you to reach out and <a href="https://www.zenarmor.com/zenarmor-secure-service-edge">try our SSE subscription</a>; we have a lot to offer.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/the-organization-dashboard.png" alt="The Organization Dashboard" />
</div>
<p>Figure 2: The Organization Dashboard</p>
<h2>Enhanced Identity &amp; Access Management Capabilities</h2>
<p>Exploring the new organization dashboard further, we have included a new settings menu that allows you to not only manage basic organization settings, like users and groups, but also includes our latest Identity &amp; Access Management capabilities. As mentioned before, this release is all about creating security policies around signed-in users and their groups, and to make this possible, we have included the following new <a href="https://www.zenarmor.com/docs/organization-management/configuring-authentication-method">authentication methods</a>:</p>
<ol>
<li>
<p><strong>Built-In Authentication</strong>: This is a basic user/password-based authentication built into Zenconsole and is ideal for smaller organizations that don’t make use of identity providers like Azure Entra ID, Okta, and Google Cloud Identity, etc.</p>
</li>
<li>
<p><strong>Generic SAML 2.0</strong>: This is for bigger organizations that make use of Azure Entra ID and other SAML 2.0 capable identity providers. Right now we only support Entra ID, Okta, and Google providers; however, more customizable options will follow in future releases.</p>
</li>
<li>
<p><strong>Google Cloud Identity</strong>: For organizations that make use of the Google Workspace ecosystem, Zenarmor 1.18 is fully integrated with Google and allows for not only the authentication of users but also the importing of users and groups into Zenconsole. SCIM and LDAP functionality will be implemented for other providers in a future release.</p>
</li>
</ol>
<p>Using one of the above authentication methods, you can easily enforce network control based on users and groups. As of this release, you can enforce <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-sso">SSO</a> before a user accesses the network either through a browser-based, agentless authentication process initiated by your gateways or if you are using the native Windows Zenarmor application, users will need to sign in to the application before accessing the network.</p>
<p>Both of these enforcement mechanisms can be used simultaneously across endpoints and gateways, giving you the ultimate control over your organization’s users and groups.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/identity-and-access-management-settings.png" alt="Identity & Access Management Settings" />
</div>
<p>Figure 3: Identity &amp; Access Management Settings</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/generic-saml-settings.png" alt="Generic SAML 2.0 settings configured using Azure Entra ID as the IdP." />
</div>
<p>Figure 4: Generic SAML 2.0 settings configured using Azure Entra ID as the IdP.</p>
<h2>Organization-based policies for Gateways and Endpoints</h2>
<p>Now that we have covered the new organization dashboard as well as Zenarmor’s latest user authentication capabilities, it only makes sense to introduce Zenarmor’s latest organization-based policies.</p>
<p>In order to accommodate Zenarmor’s latest Windows endpoint application as well as our user-focused enforcement approach, some slight changes needed to be made to how we create policies in Zenconsole. All policies are now created at an organizational level and not at a gateway level, as seen in previous releases. These <a href="https://www.zenarmor.com/docs/policies/central-policy-management-in-organizations">organization policies</a> can then be applied to either all gateways or all endpoints, or select gateways or select endpoints, or all gateways and all endpoints combined. That was a mouthful, however, I am sure by now that you can tell you have a lot of flexibility as to how you deploy your policies.</p>
<p>You will also notice in this release some slight UI changes in the policy menu with an added focus on creating policies around users and groups, additional filtering capabilities, etc., however, rest assured all the previous matching criteria are still available.</p>
<p><img src="https://www.zenarmor.com/images/blog/organization-policy-creation-menu.png" alt="Organization policy creation menu."></p>
<p>Figure 5: Organization policy creation menu.</p>
<p><img src="https://www.zenarmor.com/images/blog/new-policy-configuration-menu.png" alt="New policy configuration menu."></p>
<p>Figure 6: New policy configuration menu.</p>
<h2>Deploying Zenarmor on Windows Endpoints</h2>
<p>Dashboards, SSO, and policies aside, we have saved the best new capability of this release for last, the all-new Windows native Zenarmor application! We have taken all the greatness of the Zenarmor engine and ported it to run on Windows.</p>
<p>This means that you now have the ability to carry the Zenarmor engine and the great security we offer on your Windows laptop. Regardless of the network you are connected to, you will be secured because the Zenarmor engine performs all inspection locally on the Windows endpoint, which also means you no longer have to backhaul all your traffic via a VPN to have an on-prem Zenarmor gateway inspect your network traffic.</p>
<p>In some cases, you may choose not to deploy Zenarmor on a perimeter gateway considering that all inspection and control is now available on your endpoints, which opens additional deployment options that were never possible with previous releases of Zenarmor.</p>
<p>So you may be asking, How do you control Windows endpoint deployments? All configurations are done via your Zenconsole organization dashboard, and policies are automatically pushed to all targeted endpoints. Reporting data is streamed back from each endpoint to Zenconsole. It’s really as simple as that.</p>
<p>As part of our Plug and Secure approach to SASE and how we intend to secure distributed and remote workforces, <a href="https://updates.zenarmor.net/repo/desktop?platform=windows&amp;architecture=x86_64&amp;mime_type=msi&amp;dl=true">Zenarmor’s Window application</a> is a major step forward in bringing the network edge closer than ever before to endpoints without the shortcomings often associated with cloud-only SASE solutions, such as additional latency, PoP outages, and other unnecessary complexities that degrade the overall user experience.</p>
<p>If you are a Mac user and feeling left out, don’t worry, a native Zenarmor application for MacOS is coming soon, we are just ironing out the bugs.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/zenarmor-native-windows-application.png" alt="Zenarmor Native Windows Application running on Windows 11 Pro." />
</div>
<p>Figure 7:  Zenarmor Native Windows Application running on Windows 11 Pro.</p>
<h2>Wrapping things up.</h2>
<p>We have been working really hard behind the scenes to bring you this latest major release of Zenarmor 1.18, and we truly hope that you enjoy using it as much as we enjoyed creating it. We appreciate every single one of you that have supported us and helped us get to this point in our long development journey.</p>
<p>If you would like to see a full list of all the additions, changes, and bug fixes, please feel free to have a look at our <a href="https://www.zenarmor.com/docs/support/release-notes">release notes</a>.</p>
<p>We encourage you to follow us on social media and keep an eye on your mail as we have some exciting new additions planned for our next release, including Zero-Trust Network Access (ZTNA) as a VPN replacement and MacOS support, to name a few.</p>
<p>We wish you all the best!</p>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/zPmDuZqSE5A?si=-PuAqOa28qET0uiP" title="Zenarmor 1.18 is here, ready to secure your distributed, remote workforce." frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-1-18-thumbnail.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Scheduled Maintenance for Zenconsole]]></title>
            <link>https://www.zenarmor.com/announcements#scheduled-maintenance-for-zenconsole</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#scheduled-maintenance-for-zenconsole</guid>
            <pubDate>Fri, 18 Oct 2024 00:00:00 GMT</pubDate>
            <description><![CDATA[We want to inform you about an upcoming scheduled maintenance for Zenconsole.]]></description>
            <content:encoded><![CDATA[<p>Hello Beloved Zenarmor users,</p>
<p>We want to inform you about an upcoming scheduled maintenance for Zenconsole, during which the system will be temporarily unavailable.</p>
<p><strong>Details:</strong></p>
<ul>
<li>
<p><strong>Date and Time</strong>: Wednesday, October 23, 2024 from 9:00 pm to 10:pm PT (00:00 am - 01:00 am ET, 04:00 am - 05:00 am GMT).</p>
</li>
<li>
<p><strong>Duration</strong>: 1 hour</p>
</li>
<li>
<p><strong>Affected Service</strong>: Zenconsole Cloud Management Portal</p>
</li>
<li>
<p><strong>Reason for Maintenance</strong>: Zenconsole v1.18 major upgrade</p>
</li>
</ul>
<p>We appreciate your understanding and patience during this maintenance window and apologize for any inconvenience caused.</p>
<p>Stay tuned for more updates on the exciting new features coming with Zenconsole v1.18!</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/announcement/scheduled-maintenance-for-zenconsole.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Your Voice Matters: What you wanted and what's in the works]]></title>
            <link>https://www.zenarmor.com/announcements#your-voice-matters-what-you-wanted-and-what-is-in-the-works</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#your-voice-matters-what-you-wanted-and-what-is-in-the-works</guid>
            <pubDate>Wed, 16 Oct 2024 00:00:00 GMT</pubDate>
            <description><![CDATA[Our customers are some of the best in the field, and they demand the best from us. This is precisely why our customers love Zenarmor’s home subscription. It’s widely regarded as the top solution on the market that delivers enterprise-grade protection, even for home and home lab environments. However, this also presents us with a unique challenge: how do we continue offering enterprise-level protection at a home-lab price point while ensuring that the home lab tier is used solely for personal, non-commercial purposes?]]></description>
            <content:encoded><![CDATA[<p>At Zenarmor, one of the things we take great pride in is the unique privilege of serving a highly sophisticated, tech-savvy customer base. Our users know their stuff and consistently set high standards for the quality and performance they expect from Zenarmor.</p>
<p>Even within our home lab tier, it’s not unusual for Zenarmor’s support team to assist a subscriber running a home network setup that rivals enterprise data centers. We’re talking active-active hypervisors, firewalls in high-availability configurations, Active Directory servers, NAS systems—you name it.</p>
<p>Our customers are some of the best in the field, and they demand the best from us.</p>
<p>This is precisely why our customers love Zenarmor’s home subscription. It’s widely regarded as the top solution on the market that delivers enterprise-grade protection, even for home and home lab environments.</p>
<p>However, this also presents us with a unique challenge: how do we continue offering enterprise-level protection at a home-lab price point while ensuring that the home lab tier is used solely for personal, non-commercial purposes?</p>
<h2>The Unique Challenge</h2>
<p>For the past few years, we have been trying to maintain this “delicate balance”. I can say we have been successful to some extent.</p>
<p>Having said that, listening to some of our customer’s feedback, it became even more apparent that our customers wanted more from the product.</p>
<h2>The Homelab Survey: We Hear You—and We’re Taking Action</h2>
<p>At Zenarmor, we take great pride in listening to our community. Recently, we conducted a survey among our home subscribers. This wealth of feedback will play a vital role in shaping the future of our home/personal tier; and will ensure that we continue delivering the best possible security experience for your home network.</p>
<h2>We’re Grateful to You, Our Community</h2>
<p>First and foremost, we want to express our deep gratitude to the hundreds of users who took the time to share their thoughts. Your responses show us that you care deeply about Zenarmor, and it’s heartening to see the strong emotional connection our users have with the product. . This sense of community drives us to improve and deliver an even better Zenarmor for you.</p>
<h2>Key Take-aways and What We’re Doing About Them</h2>
<h3>Performance and User Experience—Overwhelming Satisfaction</h3>
<p>We’re absolutely thrilled that <strong>94%</strong> of you are satisfied with Zenarmor’s protection and performance, and a similar percentage expressed satisfaction with the overall user experience. While <strong>5%</strong> of you reported some performance issues, we deeply appreciate the detailed feedback you’ve shared, and our team is already working to resolve these concerns.</p>
<h3>Configurable Policies—Room for Improvement</h3>
<p>When we asked, <strong>“Are you satisfied with the number of configurable policies available in your Plug and Secure Home. subscription?”</strong> The responses were a bit divided: <strong>50%</strong> said yes, but a significant <strong>42%</strong> expressed desire for more policies. We understand this is an important  capability for many of you, as we’ve seen on social media as well. While it’s encouraging that over half of the respondents are content with the current options, we are committed to addressing the requests of those who aren’t. Stay tuned for upcoming changes—we’re on it!</p>
<h3>Device Limits—Preparing for IoT Growth</h3>
<p>The growing use of IoT devices is becoming a major consideration for many of our users. Currently, <strong>65%</strong> of respondents are satisfied with the <strong>100-device limit</strong>, but we’re already anticipating the increased demand for more devices, especially as homes become more connected through IoT. Well noted.</p>
<h3>More Enterprise Capabilities: Encrypted Threats Prevention, CASB  and More!</h3>
<p>It’s exciting to see that nearly <strong>half of the respondents</strong> would like to  pay a premium for enterprise capabilities like <strong>Full TLS Inspection, CASB and ZTNA</strong>.</p>
<p>Many respondents also expressed a strong desire to bring Zenarmor’s Plug. SASE. Everywhere. capabilities to their workplaces—provided they could first test those advanced features in their home lab environments.</p>
<p>This further encourages us to explore ways to be able to do so…</p>
<p>We understand that  such capabilities are regarded as a game-changer by many users.</p>
<h3>Shaping the Future—Together</h3>
<p>We’d like to wrap up by saying that your feedback plays a critical role in shaping the future of Zenarmor’s home subscription service. Rest assured, we are working tirelessly to create an even better Zenarmor for you, focusing on alternative subscription plans and features that align with our commitment to bringing enterprise-level security into your “home datacenters” 😉.</p>
<p>Together, we’re building a stronger, safer, and more connected Zenarmor experience. Thank you for being an essential part of our journey—we can’t wait to share more updates with you soon!</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/your-voice-matters.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Why conventional Secure Access Service Edge Solutions (SASE) are not so sassy after all]]></title>
            <link>https://www.zenarmor.com/blog#why-conventional-sase-solutions-fail</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#why-conventional-sase-solutions-fail</guid>
            <pubDate>Wed, 14 Aug 2024 00:00:00 GMT</pubDate>
            <description><![CDATA[You’ve been working from home for a few years now, enjoying the flexibility and comfort it offers. But imagine this: your manager announces that the company is shifting back to a pre-COVID working style, meaning you’ll need to return to the office. Who would be happy about this change? Surprisingly, among the few colleagues who might welcome the idea, the security team stands out.]]></description>
            <content:encoded><![CDATA[<p>You’ve been working from home for a few years now, enjoying the flexibility and comfort it offers. But imagine this: your manager announces that the company is shifting back to a pre-COVID working style, meaning you’ll need to return to the office. Who would be happy about this change? Surprisingly, among the few colleagues who might welcome the idea, the security team stands out.</p>
<p>Why? Because when everyone is working from the office, the threat landscape is much more contained and manageable. However, as the workforce becomes increasingly distributed, with employees logging in from various locations and devices, securing the organization becomes a far more complex challenge.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/why-conventional-sase-solutions-fail.webp" alt="Secure Access Service Edge Solutions" />
</div>
<h2>THE SHIFT TO REMOTE WORK</h2>
<p>Home office, or working from home, is not a new phenomenon. Even before the pandemic, companies allowed employees to work outside the company premises occasionally. Some personnel chose to continue their tasks from home for various reasons (we won’t judge their work-life balance). Security teams could handle this scenario for several reasons.</p>
<p>Firstly, the extent to which teams used home office was not that high, making it manageable. Measures like Virtual Private Networks (VPNs) were sufficient to ensure that remote connections remained secure. Employees would connect to the company network through VPNs, creating a secure tunnel for their data and maintaining the integrity of the corporate network.</p>
<p>Secondly, it was considered an acceptable risk. The limited time workers spent vulnerable to attacks was manageable. Security teams assessed that the likelihood of a significant breach during these sporadic remote working periods was low. With most employees working from secure office environments, the occasional remote connection posed a relatively low threat.</p>
<p>However, the landscape has drastically changed. The pandemic accelerated the shift towards remote and hybrid working models, making it a permanent fixture in many organizations. Suddenly, a significant portion of the workforce was outside the protective bubble of the corporate network. The traditional security measures which were once sufficient started to show their limitations. According to recent statistics, one in five workers are now working remotely in the US, a figure that has profound implications for work culture, productivity, and of course cybersecurity. This shift is challenging pre-existing norms and opening doors to new and context-aware security strategies.</p>
<p>Looking ahead, the future of remote work seems promising. According to Upwork, by 2025, an estimated 32.6 million Americans will be working remotely, which equates to about 22% of the workforce. This projection suggests a continuous, yet gradual, shift towards remote work arrangements.</p>
<h2>THE RISE OF CLOUD COMPUTING</h2>
<p>As the increasing trend of remote work presents a significant challenge to conventional firewall solutions, another trend has gone hand in hand with remote working: the rise of cloud computing. With <a href="https://www.zenarmor.com/docs/network-basics/what-is-cloud">cloud computing</a>, companies have started enjoying the agility and scalability it brings. Traditional firewall appliances, with their limited capacity and lengthy deployment processes, struggle to keep pace with these advancements. Not only has the workforce become decentralized, but so has the data, spreading across various cloud environments globally. Additionally, companies now manage hundreds of networks spread across the world, further complicating security management. Each employee’s home has effectively turned into a company branch, requiring appropriate security measures to ensure the integrity and security of corporate data. This decentralization of both workforce and data underscores the need for a robust and well-functioning Secure Access Service Edge (<a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-secure-access-service-edge-sase">SASE</a>) solution to protect these distributed assets effectively. As we delve deeper, we will see why conventional SASE solutions often fail to meet these critical needs.</p>
<p>Security vendors recognized the need to address this completely new threat landscape environment. They tried to tackle the emerging problems with the same old solutions. As the saying goes, extraordinary times need extraordinary measures. However, many security companies merely attempted to solve the problem by creating better, faster, and stronger versions of old solutions, which were designed to overcome the security challenges of pre-COVID times. These revamped solutions were improvements, but they still operated on the same fundamental principles that were becoming increasingly obsolete in the face of modern threats and the radically changed work environment. Some companies even went as far as sending home routers to their employees to ensure a sufficient level of security was guaranteed. While these measures provided some immediate relief, they ultimately highlighted the inadequacy of relying on traditional methods to secure a modern, distributed workforce. This approach has proven insufficient for the dynamic and dispersed nature of today’s workforce and data distribution, necessitating a truly innovative shift in security strategy.</p>
<h2>THE PROMISE OF SASE</h2>
<p>This is where the concept of SASE comes into play. First introduced by Gartner analysts in 2019, SASE represents a transformative shift in network security architecture. Gartner recognized that the growing reliance on cloud services, the increased mobility of users, and the decentralization of data required a new approach—one that could combine networking and security functions into a single, cloud-native service model.</p>
<p>SASE was envisioned to address the complexities of modern IT environments by converging wide area networking (WAN) and network security services, such as secure web gateways, cloud access security brokers (<a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-casb">CASB</a>), firewalls, and zero-trust network access (<a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-zero-trust-network-access-ztna">ZTNA</a>), into a unified, flexible, and scalable solution. This convergence allows organizations to deliver secure access to applications and data, regardless of where users, devices, or resources are located.</p>
<p>Gartner’s vision for SASE was driven by the understanding that the traditional perimeter-based security models were no longer sufficient in a world where the perimeter itself had become fluid and boundaryless. By integrating security and networking in the cloud, SASE promises to provide the agility, control, and protection needed in today’s rapidly evolving digital landscape.</p>
<h2>THE REALITY OF SASE</h2>
<p>As companies rushed to offer SASE solutions following the Gartner report, the mentality behind these offerings largely remained unchanged. Most conventional SASE solutions are simply improved versions of older approaches rather than true innovations.For example, Gartner’s SASE vision proposed increasing the number of Points of Presence (PoPs) to reduce latency and improve network performance. In response, many vendors have implemented this by opening more data centers. However, this isn’t a breakthrough change that addresses the fundamental problems of the new security context.  While the increase in PoPs may help to some extent, the underlying issue of latency remains largely unresolved. Despite these efforts, many organizations continue to experience performance bottlenecks, especially when users are far from the nearest PoP. The latency challenge persists, undermining the overall effectiveness of SASE in delivering seamless and responsive network access.</p>
<p>In fact, it introduces its own risks—new data centers can become single points of failure. For instance, in a real-life case, a company receiving security services from a SASE vendor lost internet connectivity when the SASE provider changed the PoP handling their internet traffic. The PoP change resulted in a new IP address, causing all connectivity to be lost for the company. This example highlights the vulnerability and potential disruption that can occur with these conventional SASE implementations. As companies become more dependent on the vendor’s infrastructure, it is likely to cause severe problems that adversely impact business continuity. Such disruptions can lead to significant costs for companies, both in terms of reputation and finances, and may also create legal problems.</p>
<h2>FINANCIAL IMPLICATIONS AND HIDDEN CHALLENGES</h2>
<p>Furthermore, the cost of implementing SASE solutions can become a substantial issue for companies. Since all internet traffic passes through the vendor’s infrastructure in the cloud, the costs associated with this can be significant. Vendors typically reflect these costs to their customers in two ways: either by directly passing on the costs or by limiting internet bandwidth. The latter is particularly problematic in the digital age, where unrestricted internet access is crucial for business operations. Additionally, as highlighted in the <a href="https://assets.publishing.service.gov.uk/media/664f2556993111924d9d3aa8/240521_-_Egress_Fees__.pdf">report on egress fees</a> by the Competition and Markets Authority, these costs are exacerbated when transferring data out of cloud environments, making it even more expensive for companies to manage their data and maintain flexibility in their operations. Such <a href="https://www.zenarmor.com/docs/network-security-tutorials/disadvantages-limitations-of-sase">limitations</a> not only hinder business efficiency but also raise the risk of incurring high costs related to egress fees, further complicating the financial and operational challenges companies face in this new security landscape.</p>
<p>While the concept of SASE marks a significant step forward, the current implementations often fall short of addressing the complex challenges presented by modern IT environments. The persistence of issues like latency, the risks associated with centralized Points of Presence (PoPs), and the financial burden of cloud-based traffic routing highlight the gaps that still exist. To truly secure the distributed workforce of the future, more innovation and novel approaches are needed. The industry must move beyond simply improving existing solutions and instead, embrace new paradigms that can effectively safeguard data and networks in an increasingly decentralized and dynamic world.</p>
<p>There is still much work to be done, and the journey toward a fully executed SASE vision is only just beginning.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/why-conventional-sase-solutions-fail.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[Important annoucement: Changes in Terms of Service, Terms of Use, and Privacy Policy]]></title>
            <link>https://www.zenarmor.com/announcements#important-changes-in-legal-documents</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#important-changes-in-legal-documents</guid>
            <pubDate>Thu, 23 May 2024 00:00:00 GMT</pubDate>
            <description><![CDATA[We've made some updates to our Privacy Policy, Website Terms of Use, Terms of Service, and more, designed to clarify our practices.]]></description>
            <content:encoded><![CDATA[<p>Dear Zenarmor Community,</p>
<p>At Zenarmor, we are committed to maintaining transparency and ensuring that our policies reflect the evolving needs of our users and the dynamic landscape of network security.</p>
<p>We’ve made some updates to our Privacy Policy, Website Terms of Use, Terms of Service, and more, designed to clarify our practices.</p>
<p>Here are the highlights:</p>
<p><strong>Company Address</strong>:
Please note that our company address has been updated. New address is: 10080 N. Wolfe Rd. Ste SW3-200 Cupertino, CA 95014</p>
<p><strong>Domain Names</strong>:
All domain names associated with our previous names have been replaced by Zenarmor.</p>
<p><strong>Prohibited Conduct</strong>:
We have also included a clause that prohibits the use of the Website, Platform, or Software for any other purpose than what is described in the product or service description. This includes using a different edition of any of the foregoing that is not included in your service order/description.</p>
<p><strong>Privacy Policy Updates</strong>:
We have updated our Privacy Policy to include new domains and changes to the third-party processors we use.</p>
<p>These changes are made to ensure the proper use of our services.</p>
<p>Please take a moment to review the updated Privacy Policy, Terms of Service and Terms of use on our website.</p>
<ul>
<li>Privacy Policy: <a href="https://www.zenarmor.com/legal/privacy-policy">https://www.zenarmor.com/legal/privacy-policy</a></li>
<li>Terms of Service: <a href="https://www.zenarmor.com/legal/terms-of-service">https://www.zenarmor.com/legal/terms-of-service</a></li>
<li>Terms of Use: <a href="https://www.zenarmor.com/legal/terms-of-use">https://www.zenarmor.com/legal/terms-of-use</a></li>
</ul>
<p>For any questions or further information, please do not hesitate to reach out to us via <span><img src="https://www.zenarmor.com/images/privacy-at-zenarmor.svg" width="200" alt="privacy-at-zenarmor" /></span></p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/announcement/changes-legal-documents.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor 1.17 TLS Inspection Statement]]></title>
            <link>https://www.zenarmor.com/blog#zenarmor-1-17-tls-inspection-statement</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#zenarmor-1-17-tls-inspection-statement</guid>
            <pubDate>Mon, 20 May 2024 00:00:00 GMT</pubDate>
            <description><![CDATA[We have noticed some chatter about our latest release of Zenarmor 1.17 across various social channels. While it has been received well by the large majority of our customers, we have noted some concerns or confusion about our newly added Security Service Edge (SSE) subscription as well as the Full TLS Inspection capabilities made available in this release. We would like to take the opportunity to provide some clarity about this and our future roadmap.]]></description>
            <content:encoded><![CDATA[<p>We have noticed some chatter about our latest release of Zenarmor 1.17 across various social channels. While it has been received well by the large majority of our customers, we have noted some concerns or confusion about our newly added Security Service Edge (SSE) subscription as well as the Full <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-tls-inspection">TLS Inspection</a> capabilities made available in this release. We would like to take the opportunity to provide some clarity about this and our future roadmap.</p>
<p>Firstly, our Free, Home, SOHO, and Business subscription plans remain as is for the foreseeable future, you will continue to receive regular updates, improvements, and the great security capabilities you have come to know and love from Zenarmor, so rest assured, you are covered.</p>
<p>As for our newly added SSE subscription, it has been part of the Zenarmor <a href="https://www.zenarmor.com/roadmap">roadmap</a> for some time already, where we have strived to bring even more advanced security functionality to our product, like Full TLS Inspection and Cloud Access Security Broker (<a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-casb">CASB</a>) capabilities, and as of this release, we have achieved this and is the starting point as we venture more so into the business and enterprise world where Security Service Edge (<a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-security-service-edge-sse">SSE</a>) and Secure Access Service Edge (<a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-secure-access-service-edge-sase">SASE</a>) solutions are desired to tackle the security challenges faced by companies with a hyper distributed, remote workforce.</p>
<p>Some have noticed that we have not listed the pricing for our SSE plan, whereas our other plans have pricing listed,  the main reason for this is that we would like the opportunity to create a tailormade, personalized solution and experience for our customers, and is a common practice across most providers in the SSE/SASE space. Rest assured, it’s not because pricing is astronomical or complex, in fact, we remain highly competitive in the SSE/SASE marketplace.</p>
<p>Regarding Full TLS Inspection, we acknowledge that this capability has both strong proponents and opponents, and there are definitely pros and cons to using it. The fact of the matter is that Full TLS Inspection is required in order to deliver more advanced security and reporting features like CASB, DLP, Sandboxing, etc which are all common capabilities in all fully-featured SSE/SASE solutions. Furthermore, some industries and educational institutions require Full TLS Inspection to meet compliance requirements.</p>
<p>With Zenarmor we have made TLS Inspection simple to implement and you have the following options:</p>
<ol>
<li>
<p>Simply keep it disabled and continue using our current SNI-Based TLS Inspection which does not decrypt the payload, you can still benefit from web and application control and reporting capabilities as enjoyed with your current Zenarmor deployment to date.</p>
</li>
<li>
<p>Enable Full TLS Inspection partially by selecting the categories of traffic or custom web content you wish to inspect while disabling inspection on sensitive traffic like banking or medical-related services.</p>
</li>
<li>
<p>Enable Full TLS Inspection on all categories or for particular device groups or networks/VLANS, with granular controls for exclusions of apps or web content that may have certificate pinning-related issues.</p>
</li>
</ol>
<p>To cater to everyone’s unique needs or stance about TLS Inspection, Zenarmor’s TLS Inspection has been designed to be flexible giving you the option and control over its use on your network. With a proper implementation strategy in place, Full TLS Inspection can help improve your overall security posture by identifying what bad actors are hiding in encrypted packets.</p>
<p>Some closing and final thoughts, Zenarmor as you know it is not going anywhere, we are just getting better. If you are a home user or a business that does not need full TLS Inspection, simply don’t use it, we have plenty of current and future features on our roadmap that you can still enjoy. If you are shopping around for an SSE/SASE solution, give us a try, you will be pleasantly surprised as to what is on offer and is included in our roadmap.</p>
<p>Finally, if you are an IT or Security pro by day and, “homelaber” by night we have created the Zenarmor Tinkerer Club where you can be one of the first to experience the latest Zenarmor has to offer. If you would like to contribute and help shape Zenarmor this club is for you, feel free to <a href="https://forms.gle/BykxS6ik42xfaRwY8">sign up</a> today.</p>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/f4p7bAKodbw?si=EvK4YY8RK1kZZ4hg" title="Full TLS Inspection" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/tls-inspection-statement.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Clarifying the Road Ahead: Zenarmor's Strategic Vision and Product Roadmap]]></title>
            <link>https://www.zenarmor.com/blog#zenarmors-strategic-vision-and-product-roadmap</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#zenarmors-strategic-vision-and-product-roadmap</guid>
            <pubDate>Wed, 15 May 2024 00:00:00 GMT</pubDate>
            <description><![CDATA[Recent updates, particularly with the release of Zenarmor 1.17 and the integration of new advanced capabilities like full TLS inspection, have sparked discussions among our partners and users regarding Zenarmor's commitment to supporting open-source firewalls and its evolution within the network security landscape. This blog post aims to dispel any confusion about our product roadmap, reaffirm our commitment to delivering top-tier security solutions, and address any concerns our loyal community may have.]]></description>
            <content:encoded><![CDATA[<p>Recent updates, particularly with the release of Zenarmor 1.17 and the integration of new advanced capabilities like full TLS inspection, have sparked discussions among our partners and users regarding Zenarmor’s commitment to supporting open-source firewalls and its evolution within the network security landscape. This blog post aims to dispel any confusion about our product roadmap, reaffirm our commitment to delivering top-tier security solutions, and address any concerns our loyal community may have.</p>
<h2>Expanding Platform Support</h2>
<p>A significant point of discussion has been the adaptability of Zenarmor across various platforms. The inquiry specifically questioned whether Zenarmor’s Zero Trust Network Access <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-zero-trust-network-access-ztna">(ZTNA)</a> solutions could extend beyond OPNsense to  several platforms.</p>
<p>Rest assured, our expansion into new capabilities does not mean leaving our foundational users behind. We continue to support and update our solutions for open-source firewalls, ensuring that your trusted setups remain robust against emerging threats.</p>
<h2>Innovation Can’t Stand Still</h2>
<p>At Zenarmor, we are proud of our origins as a Next-Generation Firewall (NGFW) plugin for open-source firewalls and deeply understand the importance of continuing to support these platforms. However, in response to the rapidly evolving threat landscape, we recognize that innovation cannot stand still. Constant innovation is in our DNA, it’s essential for staying ahead of threats and ensuring our users’ networks are secure and efficient. Therefore, we are expanding our capabilities to provide our advanced security features instantly on any device with network connectivity.</p>
<p>We are committed to “Plug. SASE. Everywhere.” solutions that extend our reach beyond traditional boundaries. With the recent launch of Zenarmor 1.17 and the integration of new advanced features like Full <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-tls-inspection">TLS Inspection</a>, we’re not just maintaining our standards—we’re elevating them. Our mission goes beyond being an NGFW plugin; we aspire to deliver these cutting-edge security solutions on any device with network connectivity. This commitment to innovation is underscored by our focus on enhancing security features that empower organizations to stay ahead in a complex digital landscape.</p>
<h2>Looking Forward</h2>
<p>The discussion further emphasizes how Zenarmor is enhancing its security offerings to include full visibility and granular access controls, alongside Layer 7 inspection capabilities within a Zero Trust Network. These comprehensive security measures are crucial for organizations navigating the intricate threats in today’s digital environment. By implementing these robust features, Zenarmor will provide detailed insights and control over both public and private network activities without compromising performance.</p>
<p>The enthusiasm from our partners and long time users is a strong indicator of the potential market demand for Zenarmor’s expanded capabilities. As Zenarmor continues to innovate,
our core mission remains unchanged: to deliver powerful, flexible, and immediate security solutions that provide for the evolving needs of modern networks. We are excited about the future and invite our community to stay tuned as we roll out these groundbreaking features.</p>
<p>We understand the importance of clear and open communication with our community and appreciate our users who interact with us which helps shape our path forward. We value your feedback as we navigate this path of innovation. Please share your thoughts and let us know how these changes can better serve your security needs.</p>
<p>Thank you for being a part of our journey towards redefining network security.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-strategic-vision-and-roadmap.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor 1.17 Highlights: From TLS Inspection to SSO]]></title>
            <link>https://www.zenarmor.com/announcements#zenarmor-1-17-highlights-from-tls-inspection-to-sso</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#zenarmor-1-17-highlights-from-tls-inspection-to-sso</guid>
            <pubDate>Thu, 25 Apr 2024 00:00:00 GMT</pubDate>
            <description><![CDATA[The latest update from Zenarmor is here, and it’s packed with powerful features and enhancements that promise to strengthen network security. Release 1.17 introduces critical capabilities such as Full TLS Inspection, enhanced Elasticsearch 8 support, and expanded platform compatibility with ARM 64-bit on FreeBSD 13.x, alongside the Single Sign-On (SSO) feature for Microsoft accounts to Zenconsole.]]></description>
            <content:encoded><![CDATA[<p>The latest update from Zenarmor is here, and it’s packed with powerful features and enhancements that promise to strengthen network security. Release 1.17 introduces critical capabilities such as Full TLS Inspection, enhanced Elasticsearch 8 support, and expanded platform compatibility with ARM 64-bit on FreeBSD 13.x, alongside the Single Sign-On (SSO) feature for Microsoft accounts to Zenconsole.</p>
<h2>Full TLS Inspection: Balancing Security and Privacy</h2>
<p>Zenarmor 1.17 introduces Full TLS Inspection to enhance security by providing visibility into encrypted traffic, a critical need as cyber threats evolve. This feature effectively uncovers hidden threats, ensuring encrypted data does not become a security blind spot. Understanding the potential legal concerns of decrypting sensitive communications, Zenarmor offers both options. This allows users to exclude specific traffic, such as medical or financial information, ensuring legal compliance and data confidentiality. For more insights on the ethical and legal aspects of TLS inspection, please refer to <a href="https://www.zenarmor.com/blog#what-to-expect-in-zenarmor-1-17">our detailed blog post on TLS inspection ethics and legality.</a></p>
<p>Read more: <a href="https://www.zenarmor.com/docs/guides/tls-inspection-deployment-guide">A Guide for a Successful TLS Inspection Deployment</a></p>
<h2>Elasticsearch 8 Support: Optimized for Efficiency</h2>
<p>To enhance the way businesses store, search, and analyze their large volumes of data efficiently, Zenarmor 1.17 now supports built-in Elasticsearch 8 in addition to Elasticsearch 5 and remote Elasticsearch 8. This integration means improved scalability and faster search capabilities, allowing for real-time insights that are essential for dynamic threat detection and system management.</p>
<h2>ARM 64-bit Support on FreeBSD 13.x: Broadening Horizons</h2>
<p>Recognizing the diverse infrastructure needs of modern enterprises, Zenarmor has extended its support to ARM 64-bit architectures on FreeBSD 13.x platforms. This development significantly broadens the scope of deployment options and paves the way for Zenarmor’s features that can now be used across a wider range of devices and environments including Rasberry Pi and Banana Pi.</p>
<p>Below you can find the list of new platforms you can use Zenarmor 1.17:</p>
<ul>
<li>ESPRESSObin</li>
<li>Gem5</li>
<li>HiKey</li>
<li>MACCHIATObin</li>
<li>Allwinner based boards</li>
<li>Rockchip based boards</li>
<li>Raspberry Pi 3 + 4 ( RPI3 + RPI4 + RPI400 )</li>
</ul>
<h2>Single Sign-On using Microsoft Accounts: Simplifying Access</h2>
<p>Streamlining user authentication across corporate networks, Zenarmor 1.17 introduces Single Sign-On for Microsoft accounts to Zenconsole. This feature simplifies the login process, reduces password fatigue, and enhances the user experience while maintaining high-security standards.</p>
<p><a href="https://www.zenarmor.com/docs/support/release-notes#117">You can read more on 1.17 Release Notes</a></p>
<p>As we continue to innovate, Zenarmor remains committed to providing cutting-edge solutions that meet the evolving needs of modern IT environments.</p>
<p>Stay tuned for further updates 😉</p>
<div class="cta-button">
    <a href="https://dash.zenarmor.com/register/free-edition?utm_source=blog&utm_medium=web&utm_campaign=blog-cta" role="button" class="button orange-light" rel="noopener">Get Started with Zenarmor Today</a>
</div>
<style>
    .cta-button {
        margin-block: 2.5rem;
        display: flex;
        justify-content: center;
    }
</style>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/f4p7bAKodbw?si=EvK4YY8RK1kZZ4hg" title="Full TLS Inspection" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-1-17.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor’s all-new Full TLS Inspection Capability - What to Expect in Zenarmor 1.17]]></title>
            <link>https://www.zenarmor.com/blog#what-to-expect-in-zenarmor-1-17</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#what-to-expect-in-zenarmor-1-17</guid>
            <pubDate>Thu, 18 Apr 2024 00:00:00 GMT</pubDate>
            <description><![CDATA[If the title was not enough to give it away, the long-awaited full TLS inspection capability will be officially launched in Zenarmor 1.17 and is our latest enterprise-focused capability for users with existing business subscriptions.]]></description>
            <content:encoded><![CDATA[<p>If the title was not enough to give it away, the long-awaited full TLS inspection capability will be officially launched in Zenarmor 1.17 and is our latest enterprise-focused capability for users with existing business subscriptions.</p>
<p>Before we go any further, let’s start by first addressing the elephant in the room, full TLS inspection, you either love it or you hate it. TLS inspection has been the center of many debates where those who are pro-security argue that without it, you can’t sufficiently secure network traffic because you are blind to the many threats that hide within encrypted traffic, considering that <a href="https://transparencyreport.google.com/https/overview?hl=en" nofollow>according to Google</a> roughly 96% of traffic is encrypted, leaves a considerable blind spot to worry about.</p>
<p>On the other hand, you get the pro-privacy user who argues that by using TLS inspection their privacy can be violated because full <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-tls-inspection">TLS inspection</a> allows for the encrypted payload to be decrypted, inspected, and encrypted again before it is passed upstream, which has very little technical difference to a man-in-the-middle type “attack” a bad actor may attempt to perform.</p>
<p>Both these arguments can be true. With this said, we find ourselves in a catch-22 situation because encryption benefits both the user and the business but at the same time also benefits the bad actors by giving them a place to hide, however, as soon as we implement TLS inspection we can expose the bad actor’s nefarious ways, while at the same time potentially violating the user’s privacy, so where do we begin? How do we reach a compromise?</p>
<p>To address these questions, for the remainder of this article, we are first going to briefly explore TLS inspection, looking at some of the pros and cons. Secondly, we will provide a general overview of how TLS inspection is implemented by Zenarmor and provide some steps to get you started with TLS Inspection. Finally, we will discuss some TLS Inspection caveats that you may encounter and how to overcome them.</p>
<p>We are hoping that by the end of this read, you will have all the necessary information you need to make confident decisions as to how you will implement Zenarmor’s latest TLS inspection capabilities in your network.</p>
<h2>What is full TLS inspection and the pros and cons?</h2>
<p>Let’s start at the beginning, what is TLS inspection in the Zenarmor product ecosystem? If you are familiar with the previous versions of Zenarmor it won’t be the first time that you would have seen us mention TLS inspection in our products or marketing materials. Up until now, the TLS inspection we offered was only Certificate/SNI-based TLS inspection, where Zenarmor inspects the SNI (Server Name Indication) information located in the TLS certificate which is in clear text, and through this, we can determine the hostname of the service the user is attempting to access.</p>
<p>Combining this with other information like port numbers, DNS enrichment, IP addresses, etc, we can categorize the application or services with a high degree of accuracy. SNI-based TLS inspection, unlike full TLS inspection, does not decrypt the encrypted payload, so private information remains intact. For the remainder of this article, let’s call the current SNI-based TLS inspection “lite” TLS inspection moving forward.</p>
<p>If we consider the new enterprise-focused Full TLS Inspection capabilities of Zenarmor, this takes TLS inspection even further where we cannot only categorize the application or service with greater accuracy but also inspect the encrypted payload for any nasty things a bad actor may be hiding there.</p>
<p>A very simple explanation as to how Zenarmor achieves this is that Zenarmor acts as an intermediary between the client endpoint and the web server, basically as the trusted “man-in-the-middle.”</p>
<ol>
<li>The client endpoint initiates a connection request which is intercepted by Zenarmor.</li>
<li>Zenarmor then forwards the request to the original web server or resource that the client endpoint is requesting.</li>
<li>The server responds with its certificate to Zenarmor and a secure connection is formed.</li>
<li>Zenarmor then inspects the payload and re-encrypts the content with a certificate that is signed by Zenarmor.</li>
<li>Zenarmor then responds to the client endpoint with the original request.</li>
</ol>
<div>
  <img src="https://www.zenarmor.com/images/blog/how-zenarmor-performs-tls-inspection.png" alt="How Zenarmor performs TLS Inspection" />
</div>
*Figure 1: How Zenarmor performs TLS Inspection*
<p>In a nutshell, two TLS negotiations are taking place here, one between the client endpoint and Zenarmor, and another between Zenarmor and the web server resource. Zenarmor is then able to decrypt the payload, inspect it, and then re-encrypt it before passing it to the client endpoint.</p>
<p>For this to work correctly the client endpoint needs to trust Zenarmor and this is achieved by installing the Zenarmor trusted root CA certificate on the endpoint.</p>
<p>While “lite” TLS inspection is powerful and may be all that you require to satisfy your unique security requirements, full TLS inspection, gives you extra <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-network-visibility">visibility</a> into your network traffic which can take your network security to a whole new level.</p>
<p>Some pros of full TLS inspection are:</p>
<ol>
<li>
<p>Full visibility of your network traffic even if it’s encrypted, which is a requirement for more advanced security functions such as:</p>
<ul>
<li>
<p>Cloud Access Security Broker (<a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-casb">CASB</a>) offering granular control of cloud applications where you can limit actions like uploads or downloads, changing settings, and almost every aspect of the cloud app.</p>
</li>
<li>
<p>Data Loss Prevention (<a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-dlp">DLP</a>) to prevent sensitive or private data from leaving your network through unsanctioned uploads to cloud apps like Dropbox or via standard email or IM messages.</p>
</li>
<li>
<p>Preventing users from using their work credentials to sign up with unsanctioned services or apps.</p>
</li>
<li>
<p>Remote Browser Isolation (<a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-remote-browser-isolation-rbi">RBI</a>) and <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-sandboxing">Sandboxing</a> where webpages can be rendered on the firewall or files can be opened in an isolated secure sandbox drastically reducing the possibility of infecting the endpoint from embedded threats.</p>
</li>
<li>
<p>In-stream Antivirus, Malware, Phishing, Ransomware, and Spyware scanning capabilities.</p>
</li>
</ul>
</li>
<li>
<p>Finally, the ability to meet certain compliance requirements that some enterprises, industries, or educational institutions are required to uphold.</p>
</li>
</ol>
<p>These advanced security functions would otherwise not be possible without full TLS Inspection. Without implementing full TLS inspection you are potentially opening a large gap in your overall security posture which is easily pluggable with Zenarmor.</p>
<p>To remain transparent and to empathize with all our users, we acknowledge that full TLS inspection is not for everyone and comes with its own risks and challenges:</p>
<ol>
<li>
<p>If used incorrectly, has the potential to violate user privacy and is likely the biggest challenge of full TLS inspection.</p>
</li>
<li>
<p>Potential performance drawbacks due to the decryption and re-encryption process as described earlier in the article.</p>
</li>
<li>
<p>Potential legal issues depending on the country or region you are located in.</p>
</li>
<li>
<p>The potential to cause some applications or websites to function incorrectly, mainly due to certificate pinning issues.</p>
</li>
</ol>
<p>So now that you have a better understanding of the two types of TLS inspection functionality available with Zenarmor, the next step is to talk about how Zenarmor can be used in a flexible way to improve your overall security posture.</p>
<h2>A general overview of the full TLS inspection capabilities in Zenarmor</h2>
<p>The Full TLS inspection capabilities will be available to everyone with a Zanarmor SSE subscription. If you are an existing, qualified business subscription user, you can upgrade to SSE free of charge for a limited time, so be sure to check your mail explaining the process, or alternatively, contact our sales team for more information.</p>
<p>With licensing out the way, in your Zenarmor policies menu, for each policy, you will see the new “<a href="https://www.zenarmor.com/docs/opnsense/policies/tls-inspection-rules">TLS Controls</a>” option. This is where you will apply TLS Inspection on a policy-by-policy basis. Please note that this is the first iteration of TLS Inspection that has been made publicly available, so keep a lookout for further improvements and additional features in the coming months.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/default-policy-menu-with-the-edition-of-the-tls-controls.jpg" alt='The default policy menu showing the usual Zenarmor controls, with the edition of the “TLS Controls”'/>
</div>
<p><em>Figure 2: The default policy menu showing the usual Zenarmor controls, with the edition of the “TLS Controls”</em></p>
<p>While some of the options in the TLS Controls menu are self-explanatory, some may not be as straightforward, so let’s look at what each new TLS option does referring to Figure 2 above:</p>
<ol>
<li>
<p>The first toggle, <strong>“Enable full TLS inspection”</strong> is one of those self-explanatory options. This simply enables full TLS inspection for the policy. Keep in mind, that Zenarmor offers an easy and flexible way to create and manage policies, and the same applies to full TLS inspection where you can choose exactly which devices, device categories, VLAN, networks, users, or groups you want to apply TLS Inspection for and exclude others should you wish.</p>
</li>
<li>
<p>The second toggle allows for the exclusion of whitelisted websites or apps, including those with pinned certificates which are known to prevent full TLS encryption from functioning correctly. Here you can create your whitelist or add to the database of already defined apps with known pinned certificates, giving you complete control over the exclusion of web URLs and apps you don’t wish to apply full TLS inspection to.</p>
 <div>
   <img src="https://www.zenarmor.com/images/blog/menu-to-manage-pinned-sites-and-application-exclusions.png" alt="Menu to manage pinned sites and application exclusions" />
 </div>
<p><em>Figure 3: Menu to manage pinned sites and application exclusions.</em></p>
</li>
<li>
<p>The fourth toggle as stated, allows you to exclude traffic flows without hostnames, so pure IP address traffic only will be excluded from TLS Inspection and is once again optional.</p>
</li>
<li>
<p>The final toggles available in the menu allow you to either apply TLS inspection to all web traffic or select the category of web traffic you are interested in.</p>
</li>
</ol>
<p>Another new addition in this release of Zenarmor is <strong>URL Blocking</strong> which works hand in hand with TLS inspection and is located under the <strong>“Web Controls”</strong> menu in your policies. This new functionality allows you to block URLs at a more granular level with the ability to use (*) wildcard options in your URL to target specific subdomains or paths globally.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/url-blocking-option-located-in-the-web-controls-section-of-the-policy.jpg" alt="URL Blocking option located in the Web Controls section of the policy." />
</div>
<p><em>Figure 4: URL Blocking option located in the Web Controls section of the policy</em></p>
<p>In addition to the policies menu changes, you will also notice that TLS Inspection has been included in the <strong>Zenarmor Settings Menu</strong> giving you an alternative place to manage your TLS Inspection Bypass settings for Website and Applications. You will also have the option here to manage and set Zenarmor Certificate Authority settings. You can also download your Root CA certificate here in the preferred format which will need to be installed on your endpoints for full TLS Inspection to work correctly.</p>
<p>You also have the ability to import an intermediate CA certificate if you have already installed a certificate authority in your organization that is trusted by your endpoints.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/tls-settings-menu-located-in-the-general-zenarmor-settings-menu.png" alt="TLS Settings menu located in the general Zenarmor settings menu" />
</div>
<p><em>Figure 5: TLS Settings menu located in the general Zenarmor settings menu</em></p>
<div>
  <img src="https://www.zenarmor.com/images/blog/certificate-authority-menu.png" alt="Certificate Authority menu allowing you to manage and download your Root CA certificate required for TLS Inspection."/>
</div>
<p><em>Figure 6: Certificate Authority menu allowing you to manage and download your Root CA certificate required for TLS Inspection.</em></p>
<h2>How to get started with Zenarmor TLS inspection</h2>
<p>Now that you have a better understanding of what the new TLS Inspection capabilities look like in Zenarmor, let’s talk about a high-level overview of how to get started with your implementation.</p>
<h3>Overcoming the privacy and legal issues</h3>
<p>The first step to deploying TLS inspection should be to overcome any privacy or legal issues in your organization. It may make sense at this point to start involving people from the legal department, people responsible for privacy and compliance, the security department as well as any workers’ union representatives if applicable.</p>
<p>The key to this first step is to create full transparency between everyone involved in the organization and to make sure everyone’s concerns are addressed. At this stage, you may also need to review any fair usage or privacy policies your organization may have as they will likely need to be updated to reflect the implementation of TLS inspection.</p>
<p>It may also be advisable to hold staff or user training sessions to explain exactly what TLS Inspection is, how it will be implemented, and what they as users can expect from using this technology to secure the organization’s networks.</p>
<h3>Root Certificate Deployment</h3>
<p>The second major step is making sure that Zenarmor is set up as a trusted root certificate authority (CA) on any endpoints that will be secured by TLS inspection to avoid any connection or certificate warning messages in the browser.</p>
<p>For smaller deployments, this may be as simple as distributing the certificate generated by Zenarmor to all endpoints. For larger deployments, on the other hand, you may already have your own certificate authority setup with your endpoints preloaded with your root CA certificate. In this case, you may want to create an intermediate CA certificate and import this to Zenarmor instead. The choice is ultimately yours.</p>
<h3>Enabling TLS Inspection</h3>
<p>Enabling TLS Inspection is best done in a phased or controlled manner. It’s best to establish a pilot group of users or devices other than those operated by IT or security teams as usually, these users will have the means to work around issues and fail to report them successfully. Their work environment may also differ from that of general users in the organization, which may interfere with the accuracy of initial testing. Communication and reporting of issues are important in the early stages of your implementation to ensure that the initial bugs are ironed out before the implementation is made available company-wide.</p>
<p>It’s best that you select your pilot group from a closed set of users, preferably with a diverse set of applications or devices in use so that you can thoroughly test if TLS inspection is functioning correctly. It’s important to once again communicate with this user group and encourage them to report any issues they are experiencing so that they can be investigated thoroughly before TLS bypassing is put in place as a last resort.</p>
<p>If a phased approach like this is followed potential interruptions can be controlled and minimized should they arise. It is generally encouraged that TLS inspection is applied network-wide where possible to ensure your organization benefits the most from its additional security.</p>
<p>For more information on this be sure to have a look at our <a href="https://www.zenarmor.com/docs/guides/tls-inspection-deployment-guide">TLS Inspection Implementation Guide</a>.</p>
<h2>TLS Inspection caveats and how to handle them</h2>
<p>TLS Inspection unfortunately comes with a few caveats and other considerations that are important to understand. Not all traffic can be inspected which mainly has to do with the following reasons:</p>
<ol>
<li>
<p><strong>Certificate Pinning</strong> - mainly used by applications and some websites to force the client to use a pre-defined certificate built into the application which will reject all other certificates. This was created to prevent man-in-the-middle attacks and because TLS inspection follows a similar process these applications won’t function correctly. The choices you have here are to bypass these applications from TLS Inspection only under extreme circumstances or apply Zenarmor ‘lite” TLS encryption, or if you need Full TLS inspection, find an alternative application that does not use certificate pinning. The industry has moved in some cases to deprecate certificate pinning due to these and other issues and is important to understand when enabling TLS Inspection as this is most likely the biggest issue you will face.</p>
</li>
<li>
<p><strong>QUIC Transport Protocol</strong> - Google and other popular application developers have started to use the QUIC protocol which is mainly used to improve speed and accomplishes this by skipping the TCP handshake by using UDP instead. Because TLS is TCP-based and is relied on for TLS Inspection, It is advised that when using TLS Inspection you block the QUIC protocol on your network. If QUIC is blocked, the services will fall back to TCP/TLS which can be inspected and secured. If you favor security over minimal speed improvements, this is an important consideration.</p>
</li>
<li>
<p><strong>Special Circumstances</strong> - in some cases, for legal reasons, you may not be able to apply TLS inspection on banking, financial, healthcare, or other sensitive applications or content that could open your organization to security threats. In these special circumstances you may not have any choice but to bypass TLS inspection or you may also choose to potentially block all applications and content like this from the network depending on its importance to your daily operations and your overall stance on security.</p>
</li>
</ol>
<p>When dealing with TLS Inspection and its caveats, it’s important to weigh up the security risks, pros, and cons on a case-by-case basis to determine whether bypassing TLS inspection is justified or if an alternative more secure approach can be followed.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/best-practices-for-zenarmor-tls-inspection.jpg" alt="Best Practices for Zenarmor TLS Inspection" />
</div>
<p><em>Figure 7: Best Practices for Zenarmor TLS Inspection</em></p>
<h2>Next Steps…</h2>
<p>You should now have a pretty good understanding of TLS Inspection and how it’s implemented in Zenarmor 1.17 as well as its caveats. It’s now time to start your TLS Inspection journey.</p>
<p>If you are an existing partner or business user with an annual business license, you can take advantage of a free-of-charge upgrade to our new Secure Service Edge (SSE) subscription by reaching out to your account manager or our sales team <span><img src="https://www.zenarmor.com/images/sales-at-zenarmor.svg" alt="sales-at-zenarmor" /></span> before July 17 2024 to initiate the upgrade. Please note that this process is not automatic and you will need to reach out to us to communicate your interest.</p>
<p>We look forward to hearing from you and are ready to introduce you to a world of advanced cyber security, let us help you get started with your Secure Service Edge (SSE) journey today.</p>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/f4p7bAKodbw?si=EvK4YY8RK1kZZ4hg" title="Full TLS Inspection" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/what-to-expect-in-zenarmor-1-17.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[The Ideal Duo: OPNsense and Zenarmor for Enterprises]]></title>
            <link>https://www.zenarmor.com/announcements#the-ideal-duo-opnsense-and-zenarmor-for-enterprises</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#the-ideal-duo-opnsense-and-zenarmor-for-enterprises</guid>
            <pubDate>Thu, 28 Mar 2024 00:00:00 GMT</pubDate>
            <description><![CDATA[In a recent webinar collaboration between OPNsense and Zenarmor, Ad Schellevis, the CIO of OPNsense, and Lyal Saayman, the product manager at Zenarmor, took center stage as presenters. Schellevis, one of the founders of the OPNsense project, and Saayman, representing Zenarmor, emphasized the collaborative nature of the webinar, aiming to provide insights into how their companies work together.]]></description>
            <content:encoded><![CDATA[<p>In a recent webinar collaboration between OPNsense and Zenarmor, Ad Schellevis, the CIO of OPNsense, and Lyal Saayman, the product manager at Zenarmor, took center stage as presenters. Schellevis, one of the founders of the OPNsense project, and Saayman, representing Zenarmor, emphasized the collaborative nature of the webinar, aiming to provide insights into how their companies work together.</p>
<p>The agenda for the webinar was clearly outlined, indicating a duration of approximately 35 to 45 minutes, followed by a Q&amp;A session. It covered high-level introductions to OPNsense and Zenarmor, discussing their origins, hardware options, flexibility, and extensibility. Additionally, the agenda included topics such as reporting and monitoring, remote work, VPNs, advanced protection, and central management for both products.</p>
<h2>Key takeaways from the discussion about OPNsense and Zenarmor included:</h2>
<ul>
<li>
<p><strong>Introduction to OPNsense:</strong> Schellevis introduced OPNsense as an open-source firewall solution founded in 2014, emphasizing its transparent development process, large user base, and frequent releases with new features and security patches.</p>
</li>
<li>
<p><strong>Enterprise Features:</strong> The presenters elaborated on OPNsense’s enterprise-grade features, including routing, firewall rules, VPN technologies, traffic shaping, and intrusion detection/prevention.</p>
</li>
<li>
<p><strong>Flexibility &amp; Extensibility:</strong> Schellevis discussed how OPNsense offers flexibility and extensibility through community-developed plugins, citing examples like WireGuard integration and support for third-party solutions like Zenarmor.</p>
</li>
<li>
<p><strong>Compatibility &amp; Hardware Options:</strong> It was mentioned that OPNsense runs on x86 hardware and supports various virtualization platforms, offering its own hardware appliances tailored for firewall use.</p>
</li>
<li>
<p><strong>Reporting &amp; Monitoring:</strong> Schellevis detailed OPNsense’s comprehensive tools for network diagnostics, traffic analysis, and real-time monitoring, allowing users to track network issues, bandwidth usage, and security events.</p>
</li>
<li>
<p><strong>Advanced Protection:</strong> The presenters described how OPNsense provides advanced protection using Suricata with various rule sets and how Zenarmor enhances security with advanced threat intelligence.
Remote Work (VPN): Schellevis covered OPNsense’s support for various VPN technologies for remote work scenarios and discussed how Zenarmor complements this by providing traffic monitoring and control for remote users.</p>
</li>
<li>
<p><strong>Central Management:</strong> The presenters discussed OPNsense Business Edition’s OPN Central for centralized firewall management and mentioned Zenarmor’s Zenconsole for cloud-based management.</p>
</li>
</ul>
<h2>Insights from the Q&amp;A session highlighted:</h2>
<ul>
<li>
<p><strong>Strategic Deployment of Security Tools:</strong> Participants explored the optimal placement of tools like Suricata and Zenarmor within network infrastructure, emphasizing flexibility.</p>
</li>
<li>
<p><strong>Transitioning to Business Editions:</strong> Discussions centered around migrating from community versions to business editions of security software, with considerations provided on managing version disparities and leveraging the latest features.</p>
</li>
<li>
<p><strong>Empowering Learning:</strong> Attendees were encouraged to explore various learning resources, including YouTube tutorials and free trial options, to deepen their understanding of OPNsense and Zenarmor functionalities.</p>
</li>
<li>
<p><strong>Future Roadmap and Enhancements:</strong> Participants gained insights into upcoming features and enhancements, underscoring the commitment to continuous improvement.</p>
</li>
<li>
<p><strong>Support and Collaboration:</strong> The importance of robust support channels and collaboration opportunities was emphasized for nurturing a vibrant security community.</p>
</li>
</ul>
<p>Overall, the webinar provided valuable insights into network security integration, offering perspectives on fortifying security posture in an evolving digital landscape.</p>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/3YhqbLrHoMg?si=fImkI8OBDM_2mjhX" title="The Ideal Duo: OPNsense and Zenarmor for Enterprises" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/announcement/zenarmor-opnsense-webinar.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Why CASB is a need for Businesses?]]></title>
            <link>https://www.zenarmor.com/blog#why-casb-is-a-need-for-businesses</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#why-casb-is-a-need-for-businesses</guid>
            <pubDate>Mon, 26 Feb 2024 00:00:00 GMT</pubDate>
            <description><![CDATA[Cloud has emerged as a transformative technology for all businesses regardles of their size and area of operation, as it provides access to sophisticated tools and capabilities needed to gain a technological edge without requiring substantial capital investment. However, along with this opportunity, there's also the hidden danger of security.]]></description>
            <content:encoded><![CDATA[<p>Cloud has emerged as a transformative technology for all businesses regardles of their size and area of operation, as it provides access to sophisticated tools and capabilities needed to gain a technological edge without requiring substantial capital investment. However, along with this opportunity, there’s also the hidden danger of security. As businesses access the cloud and leverage its benefits, they stand exposed to a wide range of online threats, from data breaches to ransomware attacks. Moreover, the limited resources of businesses make it difficult to take extensive steps to protect against these security threats.</p>
<p>As a business, you must strike a balance between leveraging the power of the cloud and protecting your data and resources from cyber threats. This is where <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-casb">CASB</a> for businesses can help.</p>
<p>Cloud Access Security Broker (CASB) is a practical solution to protect your business from cloud-based threats, as it sits between the cloud users and the applications they access.</p>
<p>Read on to learn how CASB can safeguard your applications and data from cyberattacks and breaches, and discover Zenarmor’s CASB integration coming soon.</p>
<h2>Shadow IT and Data on the Loose</h2>
<p>Shadow IT is any application or resource used by an employee without the explicit approval or knowledge of the IT department. The hidden danger is that the IT department doesn’t know about these applications and, hence, doesn’t monitor them for security risks. As a result, shadow apps can be exploited by hackers to steal sensitive company data. Moreover, they can steal the credentials used in this application to access other critical applications like customer databases. It is estimated that 76% of SMBs found a moderate to severe cybersecurity threat to their business due to the presence of <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-shadow-it">shadow IT</a>.</p>
<h3>Data Slips Through the Cracks: Accidental Leaks and Insider Risks</h3>
<p>Besides the security risks, shadow IT can allow data to slip through the cracks. Accidental data leaks happen when employees unknowingly expose sensitive information, to any of the cloud services. Additionally, insider risks can arise from intentional or accidental security missteps by your employees. These human errors are impactful and make it challenging for businesses to maintain control over the use of data and applications.</p>
<h3>CASB Brings Order to Chaos: See What’s Happening, Control Access, and Protect Your Data</h3>
<p>Large organizations use a wide variety of tools to address the issues that come with shadow IT. However, as a business, it’s difficult to monitor and prevent the use of shadow IT, given your limited resources. CASB brings order to this chaos by continuously monitoring your cloud activities. It provides visibility into employee activities and allows you to enforce security policies uniformly. More importantly, CASB protects your data from unauthorized access.</p>
<h2>More Than Just Data Breaches</h2>
<p>A report by Thales Group shows that 39% of small businesses have experienced a data breach in their cloud environment, with human error accounting for more than 55% of these <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-data-breach">data breaches</a>.  The causes of some of these security issues are:</p>
<ul>
<li>Data breaches often occur when employees unknowingly open a phishing email or other malicious content on the Internet.</li>
<li>A related attack is account hijacking, where a cybercriminal steals an employee’s credentials through phishing or brute-force methods and uses them to access your organization’s sensitive information.</li>
<li>Insider attacks can occur due to intentional or accidental security missteps by employees.</li>
<li>Insecure APIs allow hackers to access an organization’s cloud data and applications.</li>
</ul>
<p>It is hard for businesses to stay on top of every employee’s actions, and this is where CASB security for businesses can be a game-changer.</p>
<p>A CASB solution can monitor all the cloud applications and services to help you identify and stop threats quickly. It can detect unusual behavior and identify ransomware attacks before they impact your business. Some CASB platforms can even automatically remediate impending attacks by blocking unauthorized access.</p>
<p>Overall, CASB watches for trouble online, detects threats, fights back, and keeps you safe.</p>
<h2>Keeping Up with the Rules</h2>
<p>Complying with the ever-changing regulations is one of the biggest operational challenges for businesses. With few resources and employees, it’s hard to continuously stay on top of regulatory changes and adapt your operations to meet them. This is where CASB for businesses can help.</p>
<h3>Automated Reports, Easier Audits, and Less Risk of Fines</h3>
<p>CASB generates automated reports that contain detailed information about the compliance status of all your cloud applications and services. Based on this report, you can review the apps and address the existing gaps, if any. Undoubtedly, your audit process becomes easier, and you have complete control and visibility into the status of your cloud apps.</p>
<p>More importantly, CASB allows you to check if your security policies align with your country’s and industry’s regulations. Such a proactive approach ensures that there’s no compliance blindspot and reduces the risk of costly fines that can be imposed due to non-compliance.</p>
<h2>CASB Makes Life Easier</h2>
<p>Businesses face many challenges while navigating cloud security. CASB can be a tool for simplifying this monitoring process while enhancing the effectiveness of your security strategies.</p>
<h3>One Tool to Rule Them All: Manage cloud security in one place</h3>
<p>CASB consolidates multiple security aspects like authentication, tokenization, logging, sending notifications, malware and ransomware detection, authorization, and more. With such wide-ranging capabilities, you can manage <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-cloud-security">cloud security</a> in one place.</p>
<h3>Saves You Money: No Need to Buy Lots of Different Tools</h3>
<p>Since CASB combines so many capabilities, you don’t have to invest in multiple tools. This cost-effective approach helps businesses, often operating with limited budgets, efficiently manage cloud security without the financial strain of acquiring and maintaining various tools.</p>
<h3>Get Smarter About Your Cloud Use: Learn how to use the cloud better</h3>
<p>With the right CASB for businesses, you can better understand what’s happening with your cloud applications and get smarter about your cloud usage. Furthermore, you can optimize and secure your cloud resources for the best outcomes.</p>
<h2>Zenarmor’s Cloud Game Strong: CASB Capabilities Coming Soon</h2>
<p>The CASB feature, which will be available to businesses with the 1.17.2 release of Zenarmor, is about to change the game when it comes to cloud security. As businesses increasingly rely on cloud services, Zenarmor takes a proactive stance that can help businesses make the most of all that the cloud has to offer without worrying about the associated security issues.</p>
<p>With this CASB integration, Zenarmor positions itself as a reliable ally for businesses looking to balance cloud accessibility and security. Recognizing the hurdles that businesses encounter in navigating the complexities of the cloud, Zenarmor extends its security reach by employing CASB. This proactive approach reflects the company’s readiness to tackle specific security concerns associated with cloud usage. More importantly, it reflects the company’s commitment to creating an enhanced and secure digital experience for all business owners and employees. With Zenarmor, businesses can securely and confidently embrace cloud apps.</p>
<p>This move not only protects business interests on the cloud but also enables businesses to fully leverage the benefits offered by the cloud for their operations. As Zenarmor integrates CASB, it is a transformative solution that not only enhances security but also empowers businesses to thrive in the dynamic digital landscape, making it a must-have tool for every business owner.</p>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/jKiSZYoWc-E?si=g8RPK-LsJ0ZXfRdk" title="Cloud Access Security Broker" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/casb-thumbnail.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor Device Identification and Access Control - A Practical Guide]]></title>
            <link>https://www.zenarmor.com/blog#zenarmor-device-identification-and-access-control</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#zenarmor-device-identification-and-access-control</guid>
            <pubDate>Wed, 14 Feb 2024 00:00:00 GMT</pubDate>
            <description><![CDATA[Device Identification and Access Control were introduced along with other new capabilities in  Zenarmor 1.16, and are available with all paid subscription plans. This capability was built keeping in mind the importance of IT asset management (ITAM) in any organization and is our simple approach to this process, which can sometimes be a mammoth task to accomplish without the correct tools. Since its introduction, this new Zenarmor engine capability has been received well by the general Zenarmor community.]]></description>
            <content:encoded><![CDATA[<p>Device Identification and Access Control were introduced along with other <a href="https://www.zenarmor.com/announcements#not-just-an-update-zenarmor-1-16">new capabilities in  Zenarmor 1.16</a>, and are available with all paid subscription plans. This capability was built keeping in mind the importance of IT asset management (<a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-it-asset-management-itam">ITAM</a>) in any organization and is our simple approach to this process, which can sometimes be a mammoth task to accomplish without the correct tools. Since its introduction, this new Zenarmor engine capability has been received well by the general Zenarmor community.</p>
<p>Some of the immediate benefits you will receive by using Device ID and Access Control are:</p>
<ul>
<li>
<p><strong>Enhanced network visibility</strong> - Devices are now tracked in real-time as they connect to your network, which means you can easily, “weed out” the potentially risky untrusted, or rouge devices in between the trusted devices on your network.</p>
</li>
<li>
<p><strong>Policy Enforcement &amp; Access Control</strong> - Taking things a step further, you will not only be able to identify the devices, but also through Zenarmor policies, be able to control their access to your network resources which we will discuss in more detail in this article.</p>
</li>
</ul>
<p>If you would like a more in-depth read about Zenarmors Device ID capabilities and a breakdown of additional benefits, please check out a previous article titled, <a href="https://www.zenarmor.com/blog#the-core-of-network-security-device-identification-defined">“The Core of Network Security: Device Identification Defined”</a>.</p>
<p>As promised in the title, the remainder of this article is a practical guide and we will be showcasing how Zenarmor Device ID and Access Control can be used to secure your network.</p>
<p>So without further ado, let’s get started.</p>
<h2>The Devices Dashboard - A Quick Walkthrough</h2>
<p>If you are on one of the Zenarmor <a href="https://www.zenarmor.com/plans">paid subscription plans</a>, the Devices menu option will be hard to miss. By simply clicking on it, the device management dashboard will be displayed which is designed to be intuitive. At first glance, the dashboard is broken down as follows:</p>
<p><img src="https://www.zenarmor.com/images/blog/the-zenarmor-device-identification-dashboard.jpg" alt="The Zenarmor Device Identification dashboard">
<em>Figure 1: The Zenarmor Device Identification dashboard</em></p>
<ol>
<li>The <strong>Devices</strong> menu option is visible to all Zenarmor paid subscribers.</li>
<li><strong>Device Categories</strong> - A convenient way to sort through devices by type and their status.</li>
<li><strong>Device List</strong> - All the detected devices on your network will be listed here when they are discovered in real time. These can be arranged in a list or tiled view with various filtering options to suit your needs.</li>
<li><strong>Device details menu</strong> - Here you can see detailed information about the device you selected with the option to rename and recategorize it to your choosing. In this menu, you also can “star” the device as a favorite, “hide” it, and select if it’s “trusted” or “untrusted”.</li>
</ol>
<p>All devices identified by Zenarmor will by default be untrusted until such a time you choose to trust the device. This default behavior is useful when using the Zenarmor policies to enforce device network access.</p>
<h2>Policy Enforcement and Access Control</h2>
<p>Building on this default behavior, one of the simplest ways you can start enforcing device access to your network is by using the built-in Zenarmor default policy and simply enabling the <strong>“Block Untrusted Devices”</strong> option. By doing this, any new device that joins the network will immediately have all its traffic blocked until such a time you decide to trust it.</p>
<p>This offers some immediate security benefits, let’s picture the following scenario, an employee brings their personal laptop or device to work and connects it to the corporate network without notifying IT about it, perhaps they figured out the Wifi password or plugged into an open LAN port in the office that someone in IT forgot to disable. Without Zenarmor access control policies in place, this device could have full internet and network access which could lead to productivity issues or worse, if that device has unknown malware “calling home” it could open a door for a potential bad actor to access the corporate network.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/zenarmor-default-policy-to-block.jpg" alt="Zenarmor default policy to block all untrusted devices by default." />
</div>
<p><em>Figure 2: Zenarmor default policy to block all untrusted devices by default.</em></p>
<p>Stepping this up a gear, policy enforcement, and access control does not end here. Zenarmor also has the ability to create individual policies around certain devices or categories of your choosing.</p>
<p>To put it into a practical scenario let’s say you want to control all the mobile devices on your network blocking certain applications they are allowed access to. This is very simple to achieve with Zenarmor, you will simply need to create a “Mobile Device Policy” and under the criteria add the individual device or device category as depicted in the image below.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/creating-a-policy-defined-around-device.jpg" alt="Creating a policy defined around device categories or individual devices" />
</div>
<p><em>Figure 3: Creating a policy defined around device categories or individual devices.</em></p>
<p>Once this has been done, you can simply add other security, app, and web controls to this policy, the choice is yours. Like in most firewalls, policies are processed from top to bottom, and this is exactly the case in Zenarmor. Remember to place your policies in the stack in the correct order to be matched correctly.</p>
<p>Creating policies around devices and categories is as simple as that, however, this is not the only place where device identification is useful in Zenarmor.</p>
<h2>Live Session and Reporting enhancements leveraging Zenarmor Device Identification</h2>
<p>Device integration functionality has also been carried through into the Zenarmor Live Session and Reporting dashboards and at a glance you can easily identify the traffic for each device or category in near real-time. In addition to this, you can also easily filter by devices or device categories giving you ultimate visibility of your network traffic.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/live-session-view-showing-device.jpg" alt="Live Session view showing device and device category columns with the ability to filter on these devices or respective categories." />
</div>
<p><em>Figure 4: Live Session view showing device and device category columns with the ability to filter on these devices or respective categories.</em></p>
<p>If we head over to the Reports dashboard, you will notice that device identification has also been integrated into this dashboard. Here you can easily view Top devices and their respective device categories talking over your network. Filtering options have also been included here to help you easily drill down on individual devices giving you complete and granular information about which applications and websites they are accessing via your network.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/reporting-dashboard-showing-top-devices.jpg" alt="Reporting dashboard showing top devices and device categories with controls to filter each respectively giving you ultimate network visibility." />
</div>
<p><em>Figure 5: Reporting dashboard showing top devices and device categories with controls to filter each respectively giving you ultimate network visibility.</em></p>
<p>So to wrap things up, we encourage you to get creative and start building your own policies around the devices attached to your network. Not only is this capability powerful it’s also easy to implement. If you are a freemium user or new to our community and would like to explore <a href="https://www.zenarmor.com/docs/opnsense/devices/device-identification-overview.jpg">Zenarmor device identification</a> as well as all the other amazing security capabilities on offer, we highly encourage you to try it on a free 15-day business edition trial that includes all this great functionality.</p>
<p>Alternatively, feel free to contact Zenamor at <span><img src="https://www.zenarmor.com/images/hi-at-zenarmor.svg" alt="hi-at-zenarmor"></span> and ask for assistance getting your free trial set up and started today. We’d love to hear from you!</p>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/lqsyr9kLUQc?si=5nLt_7aZ_yVyA8fx" title="Device Identification and Device Access Control" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-device-identification-thumbnail.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[The Challenge of Balancing Security and Productivity]]></title>
            <link>https://www.zenarmor.com/blog#the-challenge-of-balancing-security-and-productivity</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#the-challenge-of-balancing-security-and-productivity</guid>
            <pubDate>Wed, 17 Jan 2024 00:00:00 GMT</pubDate>
            <description><![CDATA[Balancing cybersecurity with efficient workflow is a critical challenge in many organizations. Firewalls, while crucial for safety, can sometimes block access to websites needed for work. Zenarmor offers a practical solution to this problem through its bypass codes. These PIN codes are designed to grant users access to specific websites blocked by the firewall, ensuring that productivity is not hindered by security measures. This post will explore how Zenarmor’s bypass codes effectively bridge the gap between maintaining robust security and facilitating uninterrupted work.]]></description>
            <content:encoded><![CDATA[<p>Balancing cybersecurity with efficient workflow is a critical challenge in many organizations. Firewalls, while crucial for safety, can sometimes block access to websites needed for work. Zenarmor offers a practical solution to this problem through its bypass codes. These PIN codes are designed to grant users access to specific websites blocked by the firewall, ensuring that productivity is not hindered by security measures. This post will explore how Zenarmor’s bypass codes effectively bridge the gap between maintaining robust security and facilitating uninterrupted work.</p>
<!-- ![](/images/blog/bypass-codes-thumbnail.jpg) -->
<div>
  <img src="https://www.zenarmor.com/images/blog/bypass-codes-on-zenarmor.jpg" alt="Block Bypass Codes on Zenarmor" />
</div>
<p><em>Figure 1. Block Bypass Codes on Zenarmor</em></p>
<h2>Flexible Secure Access Solution: Bypass Codes</h2>
<p>Security policies and tools can interfere with the productivity and convenience of users, who may need to access legitimate websites and resources that are blocked by default. How can organizations balance security and productivity without compromising either one? One strategic solution is to use bypass codes, temporary or permanent passcodes that can be entered on a blocked landing page to access the website.</p>
<p>Bypass codes offer several benefits, such as:</p>
<h3>a. Reduced Helpdesk Burden</h3>
<p>Bypass codes offer a major perk by easing the load on helpdesk support. Typically, when users hit blocked sites, they contact the help desk for access or report false positives. This flood of inquiries can backlog tickets, wasting precious time and resources. Enter bypass codes—they put the power in users’ hands, allowing them to self-service access by inputting a code on the blocked page, granting instant entry. This solution is a win-win, slashing time and hassle for users and helpdesk teams. It improves efficiency across the organization, freeing up valuable resources for more critical tasks.</p>
<h3>b. Enhanced Control</h3>
<p>Bypass codes have an added advantage: they grant administrators precise control over access. These codes allow admins to craft and allocate them to particular users, policies, or domains, tailoring their duration and reach. For example, a permanent bypass code for a trusted site that’s typically blocked or a temporary one for a potentially risky site ensures a one-time entry. Furthermore, admins can revoke or modify these codes anytime and track their usage and behavior. This level of control empowers administrators to fine-tune security measures, adjusting access flexibly yet securely. Essentially, bypass codes offer a dynamic tool for administrators to manage access intricately, enhancing the overall security posture of the system.</p>
<h3>c. Improved User Experience</h3>
<p>Bypass codes offer a significant plus: they enhance the user experience. Getting stopped by blocked sites is a major annoyance for users, especially when they need access for work or personal tasks. With bypass codes, users gain a bit of control—they can sidestep security measures when needed. It’s about allowing them to reach essential websites without sacrificing security or work efficiency. This autonomy provided by bypass codes goes a long way in boosting user satisfaction and involvement. Moreover, it cultivates a culture of trust and responsibility within the organization. By empowering users to navigate security barriers when warranted, bypass codes ultimately contribute to a smoother user experience.</p>
<h3>d. Prevention of Unauthorized Access</h3>
<p>A significant benefit of bypass codes lies in their ability to protect against unauthorized access. These codes are fortified with superior encryption and authentication mechanisms, ensuring they are used exclusively by the people they are intended for. Administrators have the capability to impose expiration deadlines or usage constraints on these codes, creating a robust two-tiered defense system. Such measures ensure that access to restricted areas is closely monitored and controlled, preventing unapproved entry. By leveraging bypass codes, organizations fortify their security and compliance measures, erecting a robust defense against cyber threats and potential data breaches. Ultimately, these codes act as a shield, ensuring that access to sensitive or blocked content remains strictly controlled and safeguarded from unauthorized entry, bolstering the organization’s overall security posture.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/using-block-bypass-code-for-access.png" alt="Using Block Bypass Code for Accessing a Website" />
</div>
<p><em>Figure 2. Using Block Bypass Code for Accessing a Website</em></p>
<h2>The Intersection: Using Whitelists and Bypass Codes Together</h2>
<p>Whitelists and bypass codes serve as a dynamic duo in access control, each playing a crucial role. <a href="https://www.zenarmor.com/docs/opnsense/policies/exclusions">Whitelists</a> are like exclusive VIP lists, granting automatic access to predetermined websites. Bypass codes, on the other hand, are akin to secret keys that open doors to otherwise blocked sites. Together, they create a flexible and secure access framework tailored to meet the specific needs of an organization. Their adaptability is a key feature, enabling organizations to modify these tools in response to changing scenarios and preferences, seamlessly blending security with productivity. By leveraging both, organizations create a seamless approach that doesn’t compromise. They can confidently navigate the delicate balance between robust security measures and enabling smooth, efficient work processes. The flexibility to adjust these tools according to evolving demands ensures that organizations stay ahead, securing their networks while facilitating the necessary access for productivity. Essentially, it’s a strategic dance between the trusted and the unlockable, ensuring a harmonious blend that benefits both security and productivity.</p>
<h2>Types of Bypass Codes: Admin vs. User</h2>
<p>Zenarmor introduces a flexible approach to website access within secure networks through its implementation of bypass codes by providing these codes in two distinct role-based forms: admin and user. Bypass codes work like special keys, granting entry to websites that are usually off-limits. Zenarmor has two <strong>types of bypass codes:</strong> admin and user. Admin bypass codes, managed by administrators, permanently whitelist a website for all network users and devices. They’re perfect for widely used, trusted sites that admins give the green light. On the flip side, user bypass codes are like limited-time passes, also set up by admins, but they temporarily unlock a website just for the specific device using the code. These are used for rare, individual site visits, especially for potentially risky or unverified sites. Mixing these admin and user codes gives organizations a precise, adaptable way to control who can access what, flexibly catering to security and productivity needs.</p>
<h2>Managing Bypass Codes: A Simple and Efficient Process</h2>
<p><strong>Managing bypass codes</strong> is straightforward and efficient, done either manually or programmatically. Admins can manually create, modify, or remove bypass codes via the Zenarmor Settings page interface. They’re in control, able to tailor codes for specific users, policies, and domains, setting expiry dates and usage limits as needed. They can also closely monitor usage and activity for monitoring and auditing purposes. <a href="https://www.zenarmor.com/docs/opnsense/configuring/bypass-code-management">Bypass codes</a> offer a secure and adaptable method for access control, striking the right balance between security and productivity.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/adding-block-bypass-code-on-zenarmor.jpg" alt="Adding Block Bypass Code on Zenarmor" />
</div>
<p><em>Figure 3. Using Block Bypass Code for Accessing a Website</em></p>
<h2>Zenarmor: Empowering Users, Enhancing Security</h2>
<p>This article has explored the functionalities of Zenarmor, a software-based firewall solution, and its integrated feature of bypass codes. Zenarmor provides robust network protection, catering to enterprise-level security needs. The addition of bypass codes within this system allows for controlled access to otherwise restricted websites, striking a balance between maintaining security and facilitating productivity.</p>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/B9ViEtbSi4U?si=0dAk0_4JJCDU3CtL" title="Customizable Block Notification Page" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/bypass-codes-thumbnail.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Convergence with Purpose: Zenarmor and Threat Intelligence Unite for Unmatched Security]]></title>
            <link>https://www.zenarmor.com/announcements#zenarmor-and-threat-intelligence-unite-for-unmatched-security</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#zenarmor-and-threat-intelligence-unite-for-unmatched-security</guid>
            <pubDate>Mon, 15 Jan 2024 00:00:00 GMT</pubDate>
            <description><![CDATA[In this article, we'll look at how CTI enhances Zenarmor's risk detection and prevention abilities and how it supports businesses in adopting a unified, comprehensive cybersecurity strategy that is in line with their beliefs and business objectives.]]></description>
            <content:encoded><![CDATA[<p>Cybersecurity doesn’t end once you install firewalls and antivirus software. The rules for protecting digital assets change daily, requiring constant vigilance and adaptation. Cyber Threat Intelligence (CTI) is therefore essential for every business that wishes to safeguard its information, resources, and good name.
In this article, we’ll look at how CTI enhances Zenarmor’s risk detection and prevention abilities and how it supports businesses in adopting a unified, comprehensive cybersecurity strategy that is in line with their beliefs and business objectives.</p>
<p>Discover the power of proactive cybersecurity with Zenarmor. Visit our extensive library of cybersecurity concepts to learn more about how we can protect your network with purpose-driven security solutions.</p>
<h2>What is Cyber Threat Intelligence (CTI)?</h2>
<p><strong>Cyber Threat Intelligence</strong> (CTI) assists companies in staying updated about emerging threats to defend themselves. <strong>Threat intelligence</strong> can be defined as cyber security specialists compiling, evaluating, and improving the information they collect about attacks to learn from it and better defend enterprises.
The <strong>types of threat intelligence</strong> are defined by sources, which can be put into three categories: open source, closed source, and internal source. Each source has its strengths and weaknesses, and you need to take advantage of them to gain a complete picture. <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-cyber-threat-intelligence-cti">CTI</a> aids in lowering costs, maximizing efficiency, preventing financial loss, and lowering risk. Your security stance, resilience, and preparedness against cyberattacks may all be improved with CTI. It is an essential tool for every business that prioritizes security rather than considering it an optional addition.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/cti-engines-of-zenarmor.jpg" alt="CTI Engines of Zenarmor" />
</div>
<h2>Zenarmor Cyber Threat Intelligence</h2>
<p>Zenarmor CTI, utilizing AI-based threat intelligence from Zenarmor’s Cloud Threat Intelligence System, safeguards networks against threats from over 300 million websites. Business Edition subscribers get access to BrightCloud Threat Intelligence, offering advanced protection with an additional 1+ billion domains and 4+ billion IP addresses. BrightCloud, a leading cybersecurity provider, evaluates over 48 billion domains, providing high-quality threat intelligence daily. This collaboration involves a global network of 140+ cybersecurity vendors using BrightCloud Threat Intelligence.</p>
<p>Zenarmor’s Cloud Threat Intelligence (CTI) is a key component of its security features and web categorization capabilities. It continuously updates and categorizes over 300 million websites (for the business edition 1B website), safeguarding networks against a wide range of threats. This AI-based classification system automatically identifies and inhibits new and sophisticated threats, enhancing network security by preventing emerging outbreaks and mitigating the most recent and dangerous security threats effectively. Zenarmor’s Advanced Security profiles, available through Zenarmor Premium Subscriptions, provide Advanced Threat Protection against the latest malware, viruses, and phishing attacks by blocking websites known to host such threats.</p>
<div class="cta-button">
    <a href="https://dash.zenarmor.com/register/free-edition?utm_source=blog&utm_medium=web&utm_campaign=blog-cta" role="button" class="button orange-light" rel="noopener">Get Started with Zenarmor Today</a>
</div>
<h3>Bright Cloud Threat Intelligence: An Overview</h3>
<p>In cybersecurity, having a trustworthy ally for top-notch threat intelligence (TI) solutions is crucial. That’s where Bright Cloud steps in. They’re a leading threat intelligence and cyber security provider dedicated to safeguarding your network, data, and reputation from cyber risks.</p>
<p>Zenarmor CTI uses BrightCloud® at the backend. Zenarmor Business Edition provides users with enhanced protection, including an additional 1+ billion categorized domains and 4+ billion recorded IPv4/6 addresses. In addition, Business Edition users gain access to a global threat intelligence network comprised of over 140 leading cyber security vendors utilizing BrightCloud® Threat Intelligence to enhance and expand their threat detection solutions. Therefore, you can breathe easy knowing that you have access to the highest quality threat intelligence available. BrightCloud® has evaluated more than 48 billion domains to date and adds to this database daily by analyzing approximately 25,000 threats and URLs.</p>
<p>Bright Cloud follows a robust approach to TI, focusing on four key aspects: collecting, analyzing, sharing, and using information. They gather TI data from diverse sources—open, closed, and internal—and then use advanced algorithms and machine learning to offer precise, timely, and pertinent insights into potential hazards. Bright Cloud shares this valuable TI data with you across multiple feeds like IP reputation, URL reputation, file reputation, and mobile reputation. Finally, they apply this intelligence to fortify your security infrastructure, bolstering your hazard detection and prevention capabilities.</p>
<h2>The Convergence of Zenarmor and Cyber Threat Intelligence</h2>
<p>Zenarmor integrates with Bright Cloud threat intelligence (TI) feeds to enhance its threat detection and prevention capabilities. The integration with Bright Cloud, a leading TI provider, empowers Zenarmor users with enhanced protection, including access to a global threat intelligence network comprised of over 140 cybersecurity vendors.</p>
<p>By utilizing TI data from these integrated feeds, Zenarmor significantly strengthens its cybersecurity posture. The TI data is used to provide real-time security threat intelligence, website categorization, and site reputation and ranking. This empowers Zenarmor to safeguard networks against a wide range of threats, including phishing attacks, malware infections, and data exfiltration. The comprehensive and timely TI data provided by Bright Cloud enables Zenarmor to offer advanced threat protection against the latest cybersecurity threats, making it an invaluable asset for organizations seeking to bolster their security defenses.</p>
<h2>Who Benefits From Cyber Threat Intelligence?</h2>
<p>Threat intelligence (TI) proves indispensable across diverse industries, providing proactive defense against the evolving cyber threat landscape. Critical infrastructure entities, such as power grids and transportation systems, leverage TI to identify and thwart cyber threats targeting their vital services. Financial institutions rely on TI to detect and prevent fraud, malware infections, and data breaches, safeguard sensitive financial data, and ensure operational integrity. Healthcare providers utilize TI to protect patient data from cyberattacks that could disrupt care delivery, while government agencies defend against cyber threats to critical infrastructure and classified information, reinforcing national security. Retail, e-commerce, media, and entertainment sectors also benefit from TI by preventing data breaches, protecting online transactions, and mitigating risks to brand reputation.
Notably, the advantages of TI extend beyond large corporations, proving especially valuable for small and medium-sized businesses (SMBs). SMBs face increasing cyber threats due to perceived security resource limitations. TI for SMBs reduces risk by enabling early detection and prevention of cyberattacks, offering cost-effective protection through open-source and tailored threat intelligence feeds, and enhancing overall security posture by prioritizing vulnerabilities and implementing targeted security controls. In conclusion, TI emerges as a universal tool, empowering organizations of all sizes and industries to fortify their cybersecurity defenses, protect critical assets, and maintain operational resilience.</p>
<h2>Advantages for Zenarmor Users</h2>
<p>We are a top-of-the-line platform that joins Bright Cloud TI feeds, granting users a suite of advantages for fortified network security. Some of these <strong>Zenarmor threat intelligence benefits are</strong>:</p>
<ol>
<li>
<p><strong>AI-Based Classification System:</strong> Zenarmor employs an AI-based classification system to classify and update web categories in real-time, enhancing network security by automatically identifying and inhibiting new and sophisticated threats.</p>
</li>
<li>
<p><strong>Advanced Security Profiles:</strong> Zenarmor provides three predefined Advanced Security profiles, including Permissive, Moderate Control, and High Control options available through Zenarmor Premium Subscriptions, offering Advanced Threat Protection against the latest malware, viruses, and phishing attacks.</p>
</li>
<li>
<p><strong>Continuous Threat Intelligence Data Feeds:</strong> Zenarmor’s threat intelligence tools continuously feed the most up-to-date threat intelligence data to security systems such as endpoints, firewalls, APIs, and IPSs, enabling security teams to focus on analysis and planning.</p>
</li>
<li>
<p><strong>Cloud Reputation and Threat Intelligence:</strong> The Zenarmor Cloud, a huge database consisting of reputation and security information for over 1 billion websites, provides real-time security threat intelligence, website categorization, and site reputation and ranking, safeguarding networks against a wide range of threats.</p>
</li>
</ol>
<div>
  <img src="https://www.zenarmor.com/images/blog/cloud-threat-intelligence-settings-on-zenarmor.jpg" alt="Cloud Threat Intelligence Settings on Zenarmor" />
</div>
<p><em>Figure 1 : Cloud Reputation and Threat Intelligence Settings on Zenarmor</em></p>
<h2>Advanced Threat Detection and Prevention</h2>
<p>It isn’t just a firewall—it’s a powerhouse that links up with threat intelligence (TI) feeds from Bright Cloud, empowering advanced threat detection. By monitoring DNS traffic within your network, you can cross-reference requested domains and IP addresses with TI data from Bright Cloud. It promptly flags any matches as malicious and notifies you. Employing machine learning and anomaly detection, you can stay vigilant for irregular network behavior like unusual traffic spikes, unauthorized access attempts, or data breaches. It promptly identifies and alerts you to potential threats. We help you proactively shield your network from cyber threats before they even strike. Integrated with intelligence (TI) feeds from Bright Cloud, it helps to be ahead by identifying malicious domains and phishing attempts and blocking them. It employs robust encryption, authentication, and firewall rules to fortify your network, thwarting unauthorized access and intrusion. Capable of preventing a range of cyber attacks—from phishing to DNS tunneling and more—we stand as a vital ally in securing your network, data, and reputation. Zenarmor offers a watchful defense against evolving cyber threats with enhanced prevention capabilities.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/advanced-security-controls-on-zenarmor.jpg" alt="Advanced Security Controls on Zenarmor" />
</div>
<p><em>Figure 2 : Advanced Security Controls on Zenarmor</em></p>
<h2>Reporting and Analysis</h2>
<p>Zenarmor exceeds traditional firewall roles—it detects and prevents cyber threats and reports and analyzes them. Integrated with Bright Cloud intelligence feeds, <a href="https://www.zenarmor.com/zenarmor-next-generation-firewall">Zenarmor NGFW</a> taps into threat trends, attacker behaviors, and vulnerabilities. This data crafts detailed reports on your network’s landscape, security posture, and incidents. These insights into cyber vulnerabilities empower your security team to make informed decisions, fortify defenses, and optimize security strategies. TI-driven reporting and analysis elevate your security game, offering more than just protection—it provides strategic guidance for enhanced network defense.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/threats-report-on-zenarmor.jpg" alt="Threats Report on Zenarmor" />
</div>
<p><em>Figure 3 : Threats Report on Zenarmor</em></p>
<h2>Conclusion</h2>
<p>In cybersecurity, staying protected isn’t a one-time fix—it’s an ongoing commitment demanding continuous adaptation. This is where Zenarmor comes in, offering more than mere protection. It’s your ally, offering security information, cutting-edge threat detection and prevention, insightful reporting, and proactive identification. It synchronizes with Bright Cloud threat intelligence feeds, delivering precise, timely data.</p>
<p>By safeguarding your network, data, and reputation from cyber concerns, you are having advocates for convergence—a unified, holistic cybersecurity approach aligning seamlessly with your business goals and values. It’s a purpose-driven solution dedicated to your security needs. <a href="https://www.zenarmor.com/free-edition-plan">Experience our comprehensive protection</a> and foresighted defense. Explore how we can safeguard your network with purpose-driven cybersecurity. <a href="https://www.zenarmor.com/contact">Connect with us</a> to learn more about how we can assist you. Whether you are a small business or a large enterprise, our team is ready to collaborate with you to enhance your cybersecurity posture and address your specific challenges. Embrace a proactive stance against cyber threats with Zenarmor as your trusted partner in safeguarding digital assets and ensuring a resilient cybersecurity infrastructure.</p>
<div class="cta-button">
    <a href="https://dash.zenarmor.com/register/free-edition?utm_source=blog&utm_medium=web&utm_campaign=blog-cta" role="button" class="button orange-light" rel="noopener">Get Started with Zenarmor Today</a>
</div>
<br/>
<style>
    .cta-button {
        margin-block: 2.5rem;
        display: flex;
        justify-content: center;
    }
</style>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/cti-engines-of-zenarmor.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Enhance Network Security with Zenarmor's TLS Inspection Feature]]></title>
            <link>https://www.zenarmor.com/blog#enhance-network-security-with-zenarmor-tls-inspection-feature</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#enhance-network-security-with-zenarmor-tls-inspection-feature</guid>
            <pubDate>Wed, 10 Jan 2024 00:00:00 GMT</pubDate>
            <description><![CDATA[In today’s digital world, data security is more important than ever. Network security becomes challenging as more websites and applications use encryption to protect their data in transit. How can you ensure that the encrypted traffic on your network is not hiding malicious content or activities? The answer is TLS inspection.]]></description>
            <content:encoded><![CDATA[<p>In today’s digital world, data security is more important than ever. Network security becomes challenging as more websites and applications use encryption to protect their data in transit. How can you ensure that the encrypted traffic on your network is not hiding malicious content or activities? The answer is TLS inspection. This feature lets you decrypt and inspect encrypted traffic in real-time without compromising encryption. In this blog post, you will explore what TLS inspection is, why you need it, and how you can benefit from Zenarmor’s TLS inspection feature.</p>
<p>Zenarmor is a next-generation firewall (NGFW) that provides comprehensive network security with a suite of features, including the <strong>TLS inspection feature</strong>, advanced threat intelligence, machine learning, and more.</p>
<h2>Understanding TLS Inspection</h2>
<p>TLS inspection empowers security systems to scrutinize and encrypt data without compromising encryption integrity. It decrypts and inspects incoming and outgoing TLS traffic, enabling robust threat detection and prevention. By unveiling encrypted content, advanced security measures like IDS/IPS, URL filtering, and virus detection can effectively identify and thwart sophisticated threats. This process strengthens network defense by allowing for comprehensive monitoring, threat identification, and control over encrypted communications, ensuring that malicious content hiding within encrypted data flows doesn’t bypass security measures.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/zenarmor-tls-inspection-feature.png" alt="Zenarmor's TLS Inspection Feature" />
</div>
<h2>The Need for TLS Inspection</h2>
<p>As the use of TLS encryption increases so does the risk of cyberattacks that exploit it. These threats include malware, phishing attacks, data exfiltration, and more. Traditional firewalls cannot inspect encrypted traffic because they do not have the keys to decrypt it. They can only see the metadata, such as the source and destination IP addresses, ports, and protocols. They cannot detect or block malicious content or activities hidden in encrypted traffic. This is where <strong><a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-tls-inspection">TLS inspection</a> for network security</strong> comes in. By doing so, the firewall can gain visibility into the content and behavior of encrypted traffic and apply security policies and rules accordingly.</p>
<h2>Benefits of Zenarmor’s TLS Inspection Feature</h2>
<p>Zenarmor is an NGFW that offers a powerful TLS inspection feature along with a comprehensive suite of network security features. <strong>Zenarmor’s TLS inspection feature for network security</strong> provides the following benefits:</p>
<h3>Enhanced visibility into encrypted traffic for comprehensive threat detection</h3>
<p>Zenarmor’s TLS inspection feature allows you to see the details of encrypted traffic, such as the URL, the content type, the file name, the user agent, and more. This enables you to detect and block threats hidden in encrypted traffic, such as malware, phishing attacks, and other malicious content.</p>
<h3>Protection against malware, phishing attacks, and other malicious content</h3>
<p>Zenarmor leverages its advanced threat intelligence and machine learning capabilities to analyze decrypted traffic and identify malicious content. The threat intelligence is updated in real-time with data from multiple sources, such as the cloud, endpoints, network sensors, and third-party feeds. Zenarmor’s machine learning algorithms can detect unknown, zero-day threats and strange, suspicious behavior.</p>
<h3>Enforcement of security policies and compliance with industry regulations</h3>
<p><strong>Zenarmor’s TLS inspection</strong> feature allows you to enforce security policies and rules on encrypted traffic, such as blocking or allowing access to certain websites or applications, filtering or modifying content, or logging. The TLS inspection feature also helps you comply with industry <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-cybersecurity-laws-and-regulations">regulations</a>, such as PCI DSS, HIPAA, GDPR, and more, by ensuring encrypted traffic is secure and auditable.</p>
<h3>Improved network performance by optimizing encrypted traffic flow</h3>
<p>Zenarmor’s TLS inspection feature improves network performance by optimizing encrypted traffic flow. Zenarmor’s TLS inspection feature also supports selective decryption, which allows you to choose which traffic to decrypt and which to bypass based on your security needs and preferences.</p>
<h2>How Zenarmor’s TLS Inspection Works</h2>
<p>Zenarmor’s TLS inspection operates in two modes, prioritizing transparency while ensuring robust security measures:</p>
<ul>
<li>
<p><strong>Lightweight Analysis:</strong> Zenarmor captures early-stage TLS session details without decryption. It extracts essential information like remote hostnames and web categories, maintaining encryption integrity.</p>
</li>
<li>
<p><strong>Full Inspection (As of v1.17):</strong> Zenarmor will decrypt, inspect, and re-encrypt traffic. This comprehensive analysis, powered by advanced threat intelligence and machine learning, ensures security without compromising end-to-end encryption.</p>
</li>
</ul>
<p>Implementing TLS Inspection in Zenarmor NGFW involves:</p>
<ol>
<li><strong>Configuration:</strong> Access Zenarmor’s dashboard and enable TLS inspection settings.</li>
<li><strong>Certificate Management:</strong> Import and manage SSL/TLS certificates to facilitate decryption (for full inspection mode).</li>
<li><strong>Policy Setup:</strong> Define inspection policies based on security needs, specifying which traffic undergoes analysis.</li>
<li><strong>Monitoring and Analysis:</strong> Access reports to view TLS traffic insights, identifying potential threats or anomalies.</li>
</ol>
<p>This process ensures that while Zenarmor deeply inspects traffic for security threats, it maintains the confidentiality of data through a transparent and vigilant inspection methodology.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/tls-controls.jpg" alt="TLS Controls" />
</div>
<h2>Real-World Scenarios</h2>
<p>TLS inspection can be useful in various real-world scenarios where network security is a priority. Here are some examples of how Zenarmor’s TLS inspection feature can help you protect your network from different types of threats and risks:</p>
<h3>Scenario 1: Preventing Data Breaches and Leaks</h3>
<p>If you are handling sensitive or confidential data, such as customer information, financial records, or intellectual property, you must ensure that no unauthorized or malicious parties can access or steal your data. Zenarmor’s TLS inspection can help you monitor and control the data transmitted over encrypted channels like email, cloud services, or file-sharing platforms. Zenarmor can detect and block any attempts to exfiltrate or leak your data, such as phishing emails, ransomware attacks, or rogue employees.</p>
<h3>Scenario 2: Enhancing Web Filtering and Application Control</h3>
<p>If you manage a network with multiple users, devices, or locations, you must ensure that your network resources are used efficiently and securely. Zenarmor’s TLS inspection can help you filter and control the web and application traffic that flows through your network, such as social media, streaming, gaming, or messaging. Zenarmor can identify and categorize the websites and applications that your users access and apply granular policies and rules based on your needs and preferences. Zenarmor can block, allow, or limit access to specific web categories, applications, users, groups, or devices, enhancing your network’s productivity, performance, and security.</p>
<h2>Security and Privacy Considerations</h2>
<p>Zenarmor NGFW prioritizes privacy while inspecting encrypted traffic for security. It upholds stringent privacy protocols by implementing selective decryption, ensuring only necessary inspection occurs. Personal or sensitive data remains confidential, with Zenarmor focusing solely on threat identification within encrypted content. This approach safeguards privacy by balancing robust security measures with a commitment to preserving the integrity of encrypted communications, mitigating potential risks without compromising user confidentiality.</p>
<h2>Zenarmor - Protecting Privacy, Detecting Threats, and Defending Networks</h2>
<p>TLS inspection is a vital security feature in today’s security landscape, where encrypted traffic is prevalent and often used by attackers to hide their malicious activities. TLS inspection allows you to gain visibility and control over your encrypted traffic without compromising the security and privacy of your network. <a href="https://www.zenarmor.com/zenarmor-next-generation-firewall">Zenarmor NGFW’s</a> TLS inspection feature offers you a powerful and flexible solution that can help you protect your network from various types of threats and risks while enhancing the productivity and performance of your network. Zenarmor NGFW’s TLS inspection feature is easy to set up and use and integrates seamlessly with your existing security infrastructure.</p>
<p>Discover Zenarmor’s TLS inspection feature to elevate your network security defenses today!</p>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/f4p7bAKodbw?si=EvK4YY8RK1kZZ4hg" title="Full TLS Inspection" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-tls-inspection-feature-thumbnail.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[The Core of Network Security: Device Identification Defined]]></title>
            <link>https://www.zenarmor.com/blog#the-core-of-network-security-device-identification-defined</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#the-core-of-network-security-device-identification-defined</guid>
            <pubDate>Thu, 04 Jan 2024 00:00:00 GMT</pubDate>
            <description><![CDATA[In this blog post, we will explore the definition and role of device identification in network security, the risks of unidentified devices, and how device identification empowers security with various controls. We will also give you a sneak peek at Zenarmor’s device identification feature, which is available in paid editions to enhance your network security.]]></description>
            <content:encoded><![CDATA[<p>Network security is a complex and dynamic field that requires constant vigilance and adaptation. One of the key aspects of network security is device identification, which is the process of recognizing and categorizing the devices that connect to a network. Device identification ensures that only authorized and trusted devices can access network resources and data.</p>
<p>In this blog post, we will explore the definition and role of device identification in <a href="https://www.zenarmor.com/docs/network-security-tutorials/network-security">network security</a>, the risks of unidentified devices, and how device identification empowers security with various controls. We will also give you a sneak peek at Zenarmor’s device identification feature, which is available in paid editions to enhance your network security.</p>
<h2>Understanding Device Identification</h2>
<p>A Device­ ID is pretty straightforward. It’s something that says ‘hey, this is who I am’ to a ne­twork. It could be a computer, a phone, a tablet, a printer, or even an IoT device. What does it share? Lots of info! The name, the model, who made it, the operating system it’s using, what software and hardware it has, and its IP and MAC addresses. These attributes are used to create a unique fingerprint or profile of the device, distinguishing it from other devices on the network. In network security, identifying devices entails categorizing them based on function, purpose, ownership, and location. This approach comprehends device behaviors and their interactions within the network and infrastructure, enhancing overall security measures.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/zenarmor-device-identification-thumbnail.png" alt="Zenarmor Device Identification" />
</div>
<h2>The Risks of Unidentified Devices</h2>
<p>Unidentified or unauthorized devices seriously threaten network security, as they can compromise the confidentiality, integrity, and availability of network resources and data. Some of the potential risks and vulnerabilities associated with unidentified devices are as follows:</p>
<ul>
<li>
<p><strong>Data breaches:</strong> Unidentified devices can be used to steal, leak, or tamper with sensitive or confidential data, such as personal information, financial records, intellectual property, etc. For example, in 2017, Equifax, one of the largest credit reporting agencies in the US, suffered a massive <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-data-breach">data breach</a> that exposed the personal data of 147 million customers. The breach was caused by a vulnerability in a web application running on an unidentified device that was not adequately scanned or patched.</p>
</li>
<li>
<p><strong>Network attacks:</strong> Unidentified devices can be used to launch various types of network attacks, such as denial-of-service (DoS), distributed denial-of-service (DDoS), man-in-the-middle (MITM), ransomware, etc. These attacks can disrupt or damage the network operations, performance, and availability and cause significant losses or damages. For example, in 2016, a massive DDoS attack was launched against Dyn, a major DNS provider, using a botnet of millions of infected IoT devices. The attack affected many popular websites and services, such as Twitter, Netflix, Spotify, etc., and caused widespread internet outages.</p>
</li>
</ul>
<h2>Empowering Security with Device Identification</h2>
<p>Device identification is not only a defensive measure but also a proactive and strategic one. It enables the organization to implement various security controls to enhance network security posture and resilience. Some of the security controls that device identification supports are outlined below:</p>
<h3>Access Control</h3>
<p>Access control determines who or what can tap into network resources and data. It depends on who the user is, what device they’re using, and what they’re allowed to do. This key security step keeps unwanted guests out and makes sure only approved users and devices reach the network. Identifying a device is important because it gives all the information needed to check, confirm, and apply access rules, which is a crucial step in stopping anomalies like fake identities or unapproved access. Leveraging device identification, organizations can adopt diverse <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-access-control">access control</a> models like RBAC (Role Based Access Control), ABAC (Attribute Based Access Control), or <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-zero-trust-network-access-ztna">ZTNA</a> (Zero Trust Network Access Control), tailoring security measures to specific needs while fortifying against impersonation or brute-force attacks.</p>
<h3>Policy Enforcement</h3>
<p>Policy enforcement assures adherence to organizational security standards, which is crucial for maintaining network integrity and curbing potential risks. Identifying devices is a key tool, bringing clarity and accuracy to manage and apply network safety rules accurately while offering careful tracking, control, and use of relevant safety settings, which aid in checkups for compliance and fixes when rule violations occur.  Encouraging the use of various safety rules, covering device­ configurations, updates, encryption, firewalls, and the like, helps maintain a regular safety position while­ reducing discrepancies via proactive steps and complete reports.</p>
<h3>Incident Response</h3>
<p>Incident response tackles security breaches, malware attacks, and data breaches, which are pivotal for minimizing their impact and restoring network functionality. Device identification expedites responsive actions by furnishing crucial insights to pinpoint incident origins, assess severity, and isolate affected devices. It aids in thorough investigation, identifying root causes, and swiftly executing necessary remedial steps. Leveraging device identification, organizations align with <a href="https://www.zenarmor.com/docs/network-security-tutorials/incident-response-plan">incident response</a> frameworks like NIST or SANS, streamlining actions for effective resolution. It’s instrumental in swiftly addressing security incidents, containing their effects, and executing precise measures for recovery and mitigation, ensuring a prompt return to normalcy in network operations.</p>
<h3>BYOD Security</h3>
<p>Securing personally used devices for network access, known as BYOD (Bring Your Own Device) security, poses challenges due to varied device security levels and potential vulnerabilities. Managing these devices within a <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-bring-your-own-device-byod">BYOD</a> framework demands control and visibility, addressed through device identification. It classifies and enforces security policies, safeguarding data and privacy while averting potential leaks. Device identification is key in implementing BYOD security solutions like MDM (Mobile Data Management), MAM (Mobile Application Management), or MTD (Mobile Threat Defense), ensuring comprehensive management and defense against threats across personal devices accessing the network. Device ID is essential to mitigate risks associated with diverse devices and fortify network security within a BYOD environment.</p>
<h3>Network Visibility</h3>
<p>Network visibility is gaining insight and understanding into the network infrastructure, devices, traffic, and activities. Network visibility is significant for network security, as it helps optimize network performance and efficiency and detect and prevent security threats or anomalies. Device identification enhances <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-network-visibility">network visibility</a> by providing comprehensive and detailed information about the connected devices, locations, and activities. It also helps generate and analyze various network metrics and indicators, such as device inventory, device health, device utilization, device behavior, etc., by enabling the organization to leverage various network visibility tools, like network monitoring, analysis, forensics, or intelligence.</p>
<h3>Regulatory Compliance</h3>
<p>Meeting cybersecurity regulations like GDPR, HIPAA, or PCI DSS is imperative for safeguarding data and maintaining trust. Device identification is pivotal in ensuring compliance by furnishing essential data to validate device security levels and adherence to relevant controls. It facilitates evidence provision by aiding in demonstrating <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-cybersecurity-compliance">compliance</a> and rectifying any gaps. Organizations align with frameworks like ISO/IEC 27001 or NIST through device identification, ensuring sustained adherence to regulatory standards. It’s instrumental in upholding data privacy, mitigating legal risks, and preserving the organization’s reputation by promptly maintaining consistent compliance and addressing any regulatory shortcomings.</p>
<h2>Zenarmor’s Device Identification</h2>
<p>Device identification is a core and critical component of network security, and it offers many benefits and advantages for enhancing your network security posture and resilience. However, device identification is not an easy or simple task, and it requires a robust and reliable solution that can handle the complexity and diversity of the devices and the network environment. For this reason, we are ecstatic to introduce you to the revolutionary <a href="https://www.zenarmor.com/docs/devices/device-identification-overview">device identification feature of Zenarmor</a>, which will transform your network security.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/zenarmors-device-identification.png" alt="Devices Report on Zenarmor" />
</div>
<p><em>Figure 1: Devices Report on Zenarmor</em></p>
<p>The Zenarmor platform offers a Device Identification feature that autonomously detects and classifies all network-connected devices, providing a comprehensive summary of their characteristics, including hardware vendor, operating system, name, hostname, IP addresses, and MAC addresses. This feature is available in the <a href="https://www.zenarmor.com/plans">Zenarmor Paid Editions</a> and helps improve network visibility and overall network security by maintaining a current list of all connected devices and furnishing comprehensive data regarding every device linked to the network. Additionally, it allows users to group devices into their respective categories and provides real-time tracking to ensure that IT teams always know what new devices have been added to the network.</p>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/lqsyr9kLUQc?si=5nLt_7aZ_yVyA8fx" title="Device Identification and Device Access Control" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-device-identification-thumbnail.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Not Just an Update, Zenarmor 1.16: A Major Leap Forward in Enterprise and MSSP Network Management]]></title>
            <link>https://www.zenarmor.com/announcements#not-just-an-update-zenarmor-1-16</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#not-just-an-update-zenarmor-1-16</guid>
            <pubDate>Tue, 19 Dec 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[We have reached the end of another successful year at Zenarmor, with the third and final major release of Zenarmor for 2023 ready for you to download. Like with all the previous major releases this year, Zenarmor 1.16 includes new, fresh capabilities and tools that will ultimately help you create a formidable defense against bad actors and improve your overall network security posture, regardless of where you choose to deploy Zenarmor, on-prem or in the cloud.]]></description>
            <content:encoded><![CDATA[<p>We have reached the end of another successful year at Zenarmor, with the third and final major release of Zenarmor for 2023 ready for you to download. Like with all the previous major releases this year, Zenarmor 1.16 includes new, fresh capabilities and tools that will ultimately help you create a formidable defense against bad actors and improve your overall network security posture, regardless of where you choose to deploy Zenarmor, on-prem or in the cloud.</p>
<p>In this release, we are proud to introduce a new device identification and management capability, giving you improved visibility and control of the devices using your network, as well as Community ID flow hashing support to easily correlate device logs with connection logs, giving you full end-to-end visibility of the process on the device initiating the connection on your network to its final destination on the internet.</p>
<p>In addition, almost every module of Zenarmor has had an improvement or general bug fix, so let’s take a closer look at what you can expect from this feature-packed edition of Zenarmor 1.16.</p>
<div class="cta-button">
    <a href="https://dash.zenarmor.com/register/free-edition?utm_source=blog&utm_medium=web&utm_campaign=blog-cta" role="button" class="button orange-light" rel="noopener">Get Started with Zenarmor Today</a>
</div>
<h2>Enhanced Visibility and Security with Device Identification and Access Control</h2>
<p>The engine is the heart of Zenarmor, and in this release, device identification is now available, where Zenarmor automatically detects the devices attached to your network, providing an overview of their details, such as hardware vendor, operating system, name, hostname, IP and MAC addresses, with the ability to group these devices into their respective categories. The device identification feature provides valuable insights into the IT ecosystem, enhancing your network visibility and overall network security. The following are the principal benefits of utilizing the Zenarmor device identification function:</p>
<ul>
<li>
<p><strong>Maintaining an up-to-date device inventory:</strong> Zenarmor keeps an up-to-date list of all connected devices, so you don’t have to keep track of them manually, ensuring no devices are missed.</p>
</li>
<li>
<p><strong>Enhanced network visibility:</strong> Zenarmor provides detailed information about each device connected to the network, which can be useful to IT teams when investigating their infrastructure, providing an easy means to spot “rogue” or risky devices attached to the network.</p>
</li>
<li>
<p><strong>Real-time device tracking:</strong> Zenarmor continuously scans the network for new devices. This real-time tracking ensures that IT teams always know what new devices have been added to their network, once again providing a powerful means to protect the network against rogue or unauthorized devices.</p>
</li>
</ul>
<p>It must be noted that this is the first implementation of the Zenarmor device identification feature, and while it’s highly capable of detecting most devices on your network, there may be some cases where minor inconsistencies or erroneous information is observed, which may require manual user correction and input. This is because, without <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-tls-inspection#how-zenarmor-performs-transport-layer-security-tls-inspection">full TLS inspection</a>, only partial device information is obtained when inspecting the network traffic. The good news is that as of Zenarmor 1.17, expected to ship in the first quarter of 2024, full TLS inspection will be available, which will improve device identification as well as enhance the overall network inspection capabilities of Zenarmor as a whole.</p>
<p>Taking device identification functionality further, device access control has been integrated where detected devices can be categorized as trusted or untrusted, and through your Zenarmor policies, you can choose to restrict untrusted devices from accessing the network. This essentially empowers IT teams with more granular control over the devices attached to the network, enhancing overall network security and preventing potential data breaches by blocking unauthorized device access In addition to this, this feature also simplifies IT asset management <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-it-asset-management-itam">(ITAM)</a> by enabling IT teams to centrally control devices through a single pane of glass. To drill down into this feature’s use cases a bit further, IT teams can:</p>
<ul>
<li><strong>Set Access Rules:</strong> That inform devices what resources they can reach and how they can connect to the network.</li>
<li><strong>Prevent Unauthorized Access:</strong> Zenarmor can prevent devices that aren’t trusted from connecting to the network. This stops users from gaining access without permission and plays a part in your zero-trust strategy, ultimately lowering your risk.</li>
<li><strong>Enforce Device Compliance:</strong> IT teams can ensure that all devices meet certain security standards before they can connect to the network by enforcing device compliance rules.</li>
</ul>
<div>
  <img src="https://www.zenarmor.com/images/blog/new-zenarmor-device-identification-and-management-dashboard.jpg" alt="New Zenarmor device identification and management dashboard" />
</div>
<p><em>Figure 1: New Zenarmor device identification and management dashboard</em></p>
<h2>Community ID Support for Advanced Threat Hunting</h2>
<p>Another great addition to this release is Community ID flow hashing support. Community ID, in a nutshell, creates a unique hash identifier for each connection made through the network, derived from the network connection’s source/destination port, source/destination IP address, seed, and transport protocol (TCP/UDP). This unique hash identifier can then be used while correlating log data between your systems to give more context to the flow of traffic. This gives you full end-to-end visibility of the process on the device initiating the connection to its final destination on the internet. If you are interested in learning more about this, please have a look at the previous article we published, where we demonstrated a basic <a href="https://www.zenarmor.com/docs/guides/threat-hunting-with-zenarmor-community-id-feature">threat-hunting exercise using the Community ID Network Flow Hashing capabilities built into Zenarmor and ELK (Elasticsearch, Logstash, and Kibana)</a> to correlate the log data between Zenarmor and a Windows 11 device using Sysmon.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/reporting-and-data-settings-menu-to-toggle-community-id-in-zenarmor.jpg" alt="Reporting and Data Settings menu to toggle Community ID support in Zenarmor" />
</div>
<p><em>Figure 2: Reporting and Data Settings menu to toggle Community ID support in Zenarmor</em></p>
<div>
  <img src="https://www.zenarmor.com/images/blog/zenarmor-and-a-windows-11-client-using-a-kibana-dashboard.jpg" alt="An example of how Community ID can be used to correlate log data between Zenarmor and a Windows 11 client using a Kibana dashboard" />
</div>
<p><em>Figure 3: An example of how Community ID can be used to correlate log data between Zenarmor and a Windows 11 client using a Kibana dashboard</em></p>
<h2>Additional advanced security features including DNS Tunneling Attack Detection, Botnet DGA protection, and Internal CA Support</h2>
<p>At Zenarmor, we strive to improve our feature set based on industry standards and client feedback, and we are dedicated to providing you with the best network security possible. With this update, you can now enjoy additional enhanced security controls that provide advanced threat-prevention capabilities, including:</p>
<ul>
<li>
<p>Improved threat detection and data exfiltration prevention capabilities by identifying <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-dns-tunneling">tunnels over the DNS</a> protocol.</p>
</li>
<li>
<p>Internal CA certificates are now supported, enhancing security in packet inspection.</p>
</li>
<li>
<p>Enhanced security with Botnet DGA (domain generation algorithm) detection and prevention making it harder for botnets and malware to use these advanced attack techniques to evade detection.</p>
</li>
</ul>
<p>We encourage you to try these exciting new additions today to truly experience their benefits.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/enabling-botnet-dga-and-dns-tunneling-protection-in-the-advanced-security-configurations.jpg" alt="Enabling Botnet DGA and DNS Tunneling Protection in the Advanced Security Configurations" />
</div>
<p><em>Figure 4: Enabling Botnet DGA and DNS Tunneling Protection in the Advanced Security Configurations.</em></p>
<h2>Reporting improvements and new functionality</h2>
<p>Zenarmor comes standard with 60+ reports, giving you a complete overview of your network. In light of the addition of device identification and management features, reporting has now become more powerful. In this release:</p>
<ul>
<li>
<p>By popular request, a previous feature has returned from the old Zenarmor OPNsense UI, where you can once again access the Live Session Explorer with a single click on the piechart or by selecting the piechart names followed by the ellipsis icon to explore the traffic details.<br><br></p>
  <div>
    <img src="https://www.zenarmor.com/images/blog/by-clicking-the-pie-charts.png" alt="By clicking the pie charts, you can now access the Live Session Explorer, back by popular request" />
  </div>
<p><em>Figure 5: By clicking the pie charts, you can now access the Live Session Explorer, back by popular request</em><br><br></p>
</li>
<li>
<p>You can conveniently access the device details by clicking on the device column in Live Sessions Explorer or by clicking on the device-related charts, like Top Devices, in Reports.<br><br></p>
  <div>
    <img src="https://www.zenarmor.com/images/blog/viewing-device-details-by-selecting-the-device-name-in-the-live-session-explorer.jpg" alt="Viewing device details by selecting the device name in the Live Session Explorer" />
  </div>
  <br><br>
<p><em>Figure 6: Viewing device details by selecting the device name in the Live Session Explorer</em><br><br></p>
</li>
<li>
<p>We added the “Show only blocked connections” option to view blocked connections exclusively in Live Session Explorer, aiding in threat analysis.</p>
</li>
<li>
<p>Direct access to “Detected” and “Blocked Threats” reports from the firewall dashboard streamlines traffic analysis and threat hunting.</p>
</li>
</ul>
<p>In addition to this, a few other improvements have been made to the existing reports, giving you a more streamlined user experience.</p>
<h2>UX Enhancements and new features</h2>
<p>Through Zenarmor’s partnership with OPNsense, you are already offered a well-integrated user experience, and as of <a href="https://www.zenarmor.com/announcements#introducing-zenarmor-1-14-opnsense-interface-improvements-through-zenconsole-integration">Zenarmor 1.14 released earlier this year</a>, the Zenarmor dashboard was completely rewritten and designed to give you an identical look and feel to what you may have experienced using the Zenconsole dashboard.</p>
<p>As of this release, this integration has been enhanced further, where you can now download internal CA certificate files in CRT format via the “Block Notification Page” and “Certificate Authority” settings pages, which is more convenient.</p>
<p>In addition to this, the user experience is improved with a newly implemented and intuitive Zenarmor user interface. The updated fonts and color scheme ensure a seamless and enjoyable experience. Moreover, if you make use of High Availability (HA) in your deployment, this has been improved, offering better synchronization on the OPNsense UI with additional configuration options.</p>
<p>Other minor improvements include general UI enhancements and bug fixes.</p>
<h2>Filtering, Application Control, and Threat Intelligence enhancements</h2>
<p>Zenarmor’s web and application filtering, driven by the creation of policies, has just gotten better. Filtering management capabilities have been enhanced, with the option to allow or block based on Security categories via Live Sessions Explorer through Zenconsole.</p>
<p>In addition to this, to support the new device identification and management features, the “Device” and “Device Category” options are now available in the policy configuration settings, allowing you to filter by device type or category. This functionality can be powerful when you have to treat certain device types differently. e.g., IoT devices may need a more restrictive policy, so you can now easily target those devices independently with a unique policy. For more thoughts on this, feel free to check out the article, <a href="https://www.zenarmor.com/blog#iot-data-security-in-a-connected-world">IoT Data Security in a Connected World: The Necessity of SASE in IoT Data Protection.</a></p>
<p>Other improvements in this release include better identification of WireGuard applications through improved fingerprinting of these applications.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/you-can-create-policies-around-devices-or-device-categories.jpg" alt="The addition of device management controls, where you can create policies around devices or device categories"/>
</div>
<p><em>Figure 7: The addition of device management controls, where you can create policies around devices or device categories</em></p>
<h2>Zenconsole and Agent improvements and additions</h2>
<p>If you prefer using Zenconsole to manage your Zenarmor deployments, you will be pleased to know that this has also been improved in this release. You can now add more charts to your scheduled reports, and as previously mentioned, you can now download internal CA certificate files in CRT format via the “Block Notification Page” and “Certificate Authority” settings pages.</p>
<p>Various other UI and functional improvements, as well as bug fixes, make Zenconsole more streamlined and powerful than ever. For more information about these minor improvements, please check out the release notes.</p>
<p><img src="https://www.zenarmor.com/images/blog/dashboard-view-showing-the-ability-to-download-ca-certificates-in-the-crt-format.jpg" alt="Dashboard view showing the ability to download CA certificates in the CRT format. This is now available in both the OPNsense and Zenconsole dashboards"></p>
<p><em>Figure 8: Dashboard view showing the ability to download CA certificates in the CRT format. This is now available in both the OPNsense and Zenconsole dashboards</em></p>
<h2>Improved platform support</h2>
<p>Zenarmor is versatile and can be installed on multiple Linux or Unix-based platforms other than OPNsense, including Ubuntu, FreeBSD, Amazon Linux, pfSense CE, and CentOS. This is necessary to support the deployment of Zenarmor as a <a href="https://www.zenarmor.com/blog#how-will-zenarmor-swg-as-a-policy-driven-cloud-egress-traffic-filtering-and-control-solution-improve-your-network-security">Secure Web Gateway (SWG)</a> part of a SASE architecture or if you are unable to run OPNsense in your environment.</p>
<p>As of this release, Zenarmor now fully supports Ubuntu 23.04 Lunar Lobster. In addition to this, Dynamic Kernal Module Support (DKMS) has been shipped, allowing for Netmap module improvements and a simplified installation process. If you are interested in learning more about Netmap and the important role it plays in making Zenarmor packet filtering possible, please check out this article that discusses Zenarmor’s <a href="https://www.zenarmor.com/blog#towards-a-device-agnostic-netmap-in-the-freebsd-kernel">mission towards a device-agnostic Netmap in the FreeBSD kernel</a> and emulated Netmap support.</p>
<h2>Some closing thoughts…</h2>
<p>So as you can tell, we have had another productive year at Zenarmor, finishing up the year with a bang and announcing the release of Zenarmor 1.16, with even more exciting new developments planned for 2024.</p>
<p>We would just like to take this opportunity to thank everyone who is part of the Zenarmor community for their support, and we would like to wish everyone who is taking time off a safe and happy holiday.</p>
<p>If you are new to our community and would like to explore Zenarmor, we highly encourage you to try it on a free 15-day business edition trial that includes all this great functionality.</p>
<p>Alternatively, feel free to contact Zenamor at <span><img src="https://www.zenarmor.com/images/hi-at-zenarmor.svg" alt="hi-at-zenarmor"></span> and ask for assistance getting your free trial set up and started today. We’d love to hear from you!</p>
<div class="cta-button">
    <a href="https://dash.zenarmor.com/register/free-edition?utm_source=blog&utm_medium=web&utm_campaign=blog-cta" role="button" class="button orange-light" rel="noopener">Get Started with Zenarmor Today</a>
</div>
<br/><br/>
<style>
    .cta-button {
        margin-block: 2.5rem;
        display: flex;
        justify-content: center;
    }
</style>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/8dV7ueymzJE?si=Sp6jSZXPK-gZNejo" title="Zenarmor 1.16: Your Ultimate Weapon for Unbeatable Cyber Security Protection" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-1-16-thumbnail.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Getting Ready for Zenarmor 1.16]]></title>
            <link>https://www.zenarmor.com/announcements#getting-ready-for-zenarmor-1-16</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#getting-ready-for-zenarmor-1-16</guid>
            <pubDate>Thu, 14 Dec 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[Zenarmor 1.16 will be available soon, introducing significant key capabilities like Device Identification, Device Access Control, and Community ID flow hashing, enhancing network security.]]></description>
            <content:encoded><![CDATA[<p>We are delighted to hear about your enthusiasm for our upcoming release and are excited to share it with you. Rest assured, the wait will be rewarding. Our dedicated team has devoted countless hours to perfecting this new version, ensuring that it exceeds your expectations. Prepare to be amazed by the significantly improved functionality, performance, and user experience.</p>
<p>While the software is still in the final stages of development, we are almost ready to bring you a product filled with innovative features that will surely enhance your experience. Additionally, this release will introduce fundamental features of a next-generation firewall, marking a significant step forward in our technology. Stay tuned for the imminent arrival of our most advanced and user-friendly version yet!</p>
<p>The upcoming release of Zenarmor 1.16, with its advanced features like Device Identification, Device Access Control, and Community ID flow hashing, promises to elevate network security; however, to leverage these enhancements fully and mitigate potential misconfiguration issues, this guide outlines essential best practices for administrators to effectively implement and optimize the new configuration settings.</p>
<p>From policy configuration simplicity to device examination and security rule enforcement, these practices cover essential aspects. Additionally, insights into IoT device protection, virtual environment considerations, and efficient reporting strategies are outlined. The guide concludes with recommendations for seamless integration with packet-filtering firewalls, VPN security enhancements, and the advantages of cloud-based management.</p>
<p><img src="https://www.zenarmor.com/images/blog/zenarmor-1-16-devices.jpg" alt="Zenarmor 1.16 Devices"></p>
<p><em>Figure 1. Zenarmor 1.16 Devices</em></p>
<p>To aid you in maximizing the capabilities of the Zenarmor next-generation firewall and averting misconfiguration complications, we establish best practice principles for Zenarmor configuration:</p>
<ol>
<li>
<p><strong>Using minimal criteria:</strong> Define your policy configuration as simply as possible.  When multiple criteria are specified for a policy, it is applied exclusively to network packets that satisfy each of the specified criteria.<br><br></p>
<p>Please note that the <strong>‘AND’</strong> logical operator is used to evaluate all policy criteria in Policy Configuration, not the <strong>‘OR’</strong> logical operator. So, for a particular type of traffic to match a specific policy, all criteria must be met. For instance, if you’ve created a policy and specified VLAN ID, IP, and username criteria, a session must match all of those. The only exceptions to this rule are Devices and MAC addresses, where they can be used interchangeably.</p>
<ul>
<li>
<p>For example, in the case where a policy configuration specifies the “Mobiles” device category and the 10.0.0.0/24 network, these should all be identical. Upon observing a transmission originating from the “Mobiles” device with the IP address 10.11.11.11, this flow will fail to comply with the specified policy.</p>
</li>
<li>
<p>As another example, adding a detected device, <em>CEO_laptop</em>, and a user, <em>CEO</em>, to the policy named <em>CEO_Rules</em> would ensure that the policy would only be triggered when a user whose login identity is <em>CEO</em> utilized the <em>CEO_laptop</em> to connect to the network. When another user account utilizes this device to connect to the network, the <em>CEO_Rules</em> policy is not implemented on its network traffic.</p>
</li>
</ul>
</li>
<li>
<p><strong>Device Examination:</strong> Once Zenarmor 1.16 has been installed on your firewall, proceed to examine devices on your network by navigating to the Zenarmor Devices page, and then verify them as trusted. Zenarmor defines all newly detected devices as untrusted by default. <em>Suspicious or unknown devices should be left <ins>untrusted</ins>.</em><br><br></p>
</li>
<li>
<p><strong>Give Zenarmor some time and a chance for more accurate device identification:</strong> It should be noted that this is the initial iteration of the Zenarmor Device Identification function. Although it demonstrates exceptional capability in identifying the majority of devices connected to your network, certain instances may arise where minor inconsistencies or inaccurate data are detected, necessitating manual user intervention for correction and input. This is because, when examining network traffic in the absence of a complete TLS inspection, only incomplete device information is obtained. The good news is that a full TLS inspection will be available with Zenarmor 1.17, which is scheduled for release in the first quarter of 2024. This enhancement will not only improve device identification but also the network inspection capabilities of Zenarmor in its entirety.<br>
<br>
The more network packets inspected and the more information they provide, the more accurate device identification. Device identification is an ongoing process until you stop it intentionally. Zenarmor continuously examines network flow to find detailed information about devices and to catch updates on them. To ensure that all devices are accurately displayed on your Zenarmor interface, allow Zenarmor some time and opportunity to detect them.
<br><br></p>
</li>
<li>
<p><strong>Default Policy Configuration:</strong> Although the <strong>“Default”</strong> policy configuration is mostly static and you can configure a limited set of parameters depending on your subscription, it is advised to enable the <strong>“Block Untrusted Devices”</strong> option in this policy. This will prevent rogue devices from accessing your network for harmful activities.<br><br></p>
<p><img src="https://www.zenarmor.com/images/blog/block-untrusted-devices.png" alt="Block Untrusted Devices in Default Policy"></p>
<p><em>Figure 2. Block Untrusted Devices in Default Policy</em>
<br><br></p>
</li>
<li>
<p><strong>Block Untrusted Devices:</strong> It is recommended to enable <strong>Block Untrusted Devices</strong> on policies whose criteria match a broad range of endpoints, such as networks and VLANs, to prevent unauthorized access to your network by unknown devices.<br><br></p>
</li>
<li>
<p><strong>Descriptive Naming for Static IPs:</strong> For a static IP address definition in DHCP configuration, it is better to type a descriptive name for the device. Zenarmor automatically detects and displays the name of a device. Such a device name is displayed in device details and reports. This will enhance the visibility of your network, facilitating more effective threat monitoring.<br><br></p>
</li>
<li>
<p><strong>MAC Address Criteria in Policies:</strong> There is no requirement to include MAC address criteria for <em>Device-</em> or <em>Device Category-based</em> policies. Caution is advised, as this particular policy applies solely to devices whose MAC addresses are explicitly specified within the policy. Inaccurate policy configuration due to improperly designed policies results in unforeseen packet filtering and package mismatching.<br><br></p>
<p><img src="https://www.zenarmor.com/images/blog/adding-device-in-policy.png" alt="Adding Device in Policy"></p>
<p><em>Figure 3. Adding Device in Policy</em>
<br><br></p>
</li>
<li>
<p><strong>Enable Essential and Advanced Security Rules:</strong> To safeguard your IT resources from potential malicious connections and prevent any suspicious network activities, it’s recommended to enable all <strong>Essential</strong> and <strong>Advanced Security</strong> Rules by selecting the <em>High Control</em> option in the upper right corner of the Security Rules page. In case you encounter false positive issues, you can effectively resolve them by creating exclusions through Live Sessions Explorers.<br><br></p>
<p><img src="https://www.zenarmor.com/images/blog/enabling-predefined-security-profiles.png" alt="Enabling Predefined Security Profiles"></p>
<p><em>Figure 4. Enabling Predefined Security Profiles</em>
<br><br></p>
</li>
<li>
<p><strong>Be Careful with Whitelisting:</strong> Beware that exclusions take precedence over all your Security, Application Control, and Web Control rules. Particularly when adding a whitelist to a security category, exercise caution, as an erroneous definition could compromise your network.<br><br></p>
</li>
<li>
<p><strong>Device Categorization and Policy Creation:</strong> From the policy configuration page, you can select device categories such as <em>IoT</em>, <em>Multimedia</em>, <em>Smart Glasses/Watches</em>, <em>TVs</em>, <em>Gaming Consoles</em>, and <em>Vehicles</em> to create a policy and safeguard your IoT devices. Note that while Zenarmor’s device identification feature will automatically recognize most of your IoT devices, it may not identify all of them. In such cases, you might need to manually identify the rest of your devices to ensure comprehensive protection.<br><br></p>
<p><img src="https://www.zenarmor.com/images/blog/adding-device-category-in-policy.jpg" alt="Enabling Adding Device Category in Policy"></p>
<p><em>Figure 5. Adding Device Category in Policy</em>
<br><br></p>
</li>
<li>
<p><strong>Network Segmentation for IoT Devices:</strong> By separating your IoT devices from valuable IT assets using separate VLANs/networks and subsequently activating the <strong>Exempted VLANs &amp; Networks</strong> option, you can prevent your devices from exceeding the device limitations specified in your purchased license. Exempted VLANs and Network addresses are circumvented by Zenarmor processing. There will also be no activity reported for these devices in the reports.<br><br></p>
</li>
<li>
<p><strong>Updating Device Details:</strong> You can manually update automatically detected device details, such as name and device category. User-defined settings have higher priority than the settings automatically detected by Zenarmor. For instance, when a user changes the detected name or category of a device, Zenarmor device database is updated, and detected values are ignored. Values set by the user manually are displayed.<br><br></p>
</li>
<li>
<p><strong>Drill-down:</strong> For streamlined data analysis, like you used to on the previous Zenarmor UI, you can now access the Live Session Explorer with a single click on the chart pies or by selecting the pie names followed by the ellipsis icon to delve down to traffic details.<br><br></p>
<p><img src="https://www.zenarmor.com/images/blog/drill-down.png" alt="Drill-Down"></p>
<p><em>Figure 6. Drill-down</em>
<br><br></p>
</li>
<li>
<p><strong>Considerations for Virtual Environments:</strong> Since resources in virtual environments are typically shared among guest systems, we do not advise deploying Zenarmor as a virtual guest if the sustained WAN bandwidth exceeds 500 Mbps and the number of active devices exceeds 500.<br><br></p>
</li>
<li>
<p><strong>Optimal Reporting Database Selection:</strong> Select the best reporting database option that meets your needs. Elasticsearch appears to be a superior backend database option for large enterprise networks with hundreds of devices. A minimum of 8GB of RAM is required to operate ES in conjunction with Zenarmor. Additionally, you may transfer your data to a remote Elasticsearch database. In the case of residential networks or tiny networks, SQLite can adequately facilitate efficient reporting. SSD drives are suggested for optimal reporting performance.<br><br></p>
</li>
<li>
<p><strong>Policy Processing Order:</strong> Zenarmor policies are processed in order, beginning from top to bottom. The most frequently matching rule should be placed at the top of the rule list for better performance, reducing unnecessary processing.<br><br></p>
</li>
<li>
<p><strong>Enable Community ID Flow Hashing:</strong> Enable <strong>Community ID</strong> flow hashing to easily correlate network security events generated by other security tools on your network, like Suricata and Snort. This correlation provides a more comprehensive view of network activities and aids in the identification and response to potential threats. Enabling Community ID flow hashing ensures a synchronized and unified approach to network security across different tools, contributing to a more robust defense against various cyber threats.<br><br></p>
<p><img src="https://www.zenarmor.com/images/blog/enabling-community-id-flow-hashing-in-policy.png" alt="Enabling Community ID Flow Hashing in Policy"></p>
<p><em>Figure 7. Enabling Community ID Flow Hashing in Policy</em>
<br><br></p>
</li>
<li>
<p><strong>Stream Reporting Data to Syslog or SIEM:</strong> Enable <em>“stream reporting data”</em> to your Syslog server or SIEM tool, such as Wazuh, Splunk, or Datadog, for unified security and powerful monitoring.<br><br></p>
<p>This capability ensures unified security across your network and empowers you with powerful monitoring capabilities. By seamlessly integrating reporting data into your chosen Syslog or SIEM solution, you gain valuable insights, enhance threat detection, and streamline the management of security events. This proactive approach contributes to a more resilient and responsive security infrastructure.
<br><br></p>
</li>
<li>
<p><strong>Configure Reporting Data Period:</strong> Configure the <em>reporting data period</em> in accordance with the hardware specifications and reporting database of your choice. Zenarmor includes the optimal reporting data period for your database type by default.<br><br></p>
</li>
<li>
<p><strong>Efficient Real-time Network Activity Management:</strong> By utilizing the Actions icon while examining real-time network activities in Live Session Explorer, one can efficiently permit or prohibit connections according to various criteria such as hostname, application, application category, web category, or security category.<br><br></p>
<p><img src="https://www.zenarmor.com/images/blog/blocking-a-connection-via-live-session-explorer.png" alt="Blocking a connection via Live Session Explorer"></p>
<p><em>Figure 8. Blocking a connection via Live Session Explorer</em>
<br><br></p>
</li>
<li>
<p><strong>Operational Independence:</strong> It should be noted that the principles of Zenarmor and a packet-filtering firewall operate independently of one another.  Initially, incoming packets are processed by the Zenarmor engine. If the engine permits them to pass, they are then processed by the L4 firewall platform, such as pfSense or OPNsense, on which Zenarmor is operating. Outgoing packets, conversely, are initially processed by your L4 firewall. When the packet-filtering firewall grants access to the outgoing packets, the Zenarmor engine proceeds to analyze them. In order to be permitted through, a network communication must not violate any rule specified on either the L4 firewall or Zenarmor.<br><br></p>
<p>It is advisable to independently configure Zenarmor to enable L7 filtering and configure your firewall for L4 filtering.<br><br></p>
</li>
<li>
<p><strong>NIC Compatibility:</strong> We recommend using Intel adapters, as they are known to have good compatibility with Netmap. Try to utilize <em>emulated network driver mode</em> with Zenarmor for Ethernet interfaces that are incompatible with <em>Netmap</em>. This should help you overcome the compatibility issues and ensure a smooth experience. The emulated mode has been enhanced to deliver superior performance.<br><br></p>
</li>
<li>
<p><strong>VPN Security Enhancement:</strong> Deploy <em>tap</em> interfaces in your OpenVPN implementation for packet inspection and safeguarding the VPN clients against malicious traffic.<br><br></p>
</li>
<li>
<p><strong>Cloud-Based Management:</strong> Register your node to the Zenconsole and enable the cloud management portal to administer all of your firewalls from the cloud and through a single pane of glass. Sharing firewall administration and establishing centralized, location-independent policies is incredibly beneficial, particularly for MSSPs and enterprises with multiple Zenarmor deployments.<br><br></p>
</li>
</ol>
<div class="cta-button">
    <a href="https://dash.zenarmor.com/register/free-edition?utm_source=blog&utm_medium=web&utm_campaign=blog-cta" role="button" class="button orange-light" rel="noopener">Get Started with Zenarmor Today</a>
</div>
<br/>
<style>
    .cta-button {
        margin-block: 2.5rem;
        display: flex;
        justify-content: center;
    }
</style>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/getting-ready-for-zenarmor-1-16.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor 102: Securing Your Network]]></title>
            <link>https://www.zenarmor.com/announcements#zenarmor-102-securing-your-network</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#zenarmor-102-securing-your-network</guid>
            <pubDate>Wed, 06 Dec 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[The recent webinar "Zenarmor 102 Technical Demo and Configuration Tips" was a pivotal event that offers participants a deep dive into the technical intricacies of Zenarmor.]]></description>
            <content:encoded><![CDATA[<p>In the ever-evolving landscape of cybersecurity, staying ahead requires an in-depth understanding of cutting-edge technologies. The recent webinar on <strong>“Zenarmor 102 Technical Demo and Configuration Tips”</strong> was a pivotal event in this journey, offering participants a deep dive into the technical intricacies of Zenarmor. Hosted by Toby, the webinar brought together two distinguished experts: Salih Yılmaz, QA and Support Engineer at Zenarmor, and Lyal Simon, Solution Architect and Founder of Digisync Technology Solutions.</p>
<p>Building upon the success of the “<a href="https://www.youtube.com/watch?v=hybhKyLNjoc&amp;t=2351s">Zenarmor 101: Components and Benefits</a>” webinar, this session continued to unravel the advanced functionalities of Zenarmor, providing valuable insights and configuration tips for cybersecurity enthusiasts and professionals alike.</p>
<p><strong>1. Introduction to Zenarmor:</strong></p>
<ul>
<li><strong>Overview</strong>: Zenarmor is a comprehensive network security solution providing granular control over traffic, applications, and websites.</li>
<li><strong>Dashboard Overview</strong>: Complete visibility and control over network activities, including traffic, apps, and websites.</li>
<li><strong>Exclusions Option</strong>: Manage exclusions efficiently, allowing whitelisting of blocked websites.</li>
<li><strong>Settings Menu</strong>: All settings are conveniently placed in one menu for easy configuration and maintenance.</li>
</ul>
<p><strong>2. Deep Dive into Zenarmor Features:</strong></p>
<ul>
<li><strong>Data Management</strong>: Zenarmor can stream reporting data through a CIS log or external elastic search for integration with SIM or SIEM solutions.</li>
<li><strong>Active Directory Integration</strong>: Integration with Active Directory allows the creation of policies based on user groups, enabling a least privilege environment.</li>
<li><strong>TLS Inspection</strong>: Current light TLS inspection with plans for full TLS inspection in the upcoming release (February 2024).</li>
<li><strong>Threat Intelligence</strong>: Utilizes BrightCloud threat intelligence database and plans to support custom threat intelligence databases, including local databases.</li>
<li><strong>Application Filtering</strong>: Recognizes applications based on fingerprint information, IP addresses, or domain names.</li>
<li><strong>Deployment Modes and Netmap</strong>: Various deployment modes, including routed mode, passive mode, and bridge mode, use Netmap for packet grabbing.</li>
<li><strong>High Availability (HA)</strong>: Zenarmor reads the OPNsense HA configuration and operates as OPNsense when traffic switches to the passive device.</li>
<li><strong>Logging and Privacy Settings</strong>: Configurable system logs, rotation dates, and log levels, with privacy settings like anonymizing IP addresses.</li>
<li><strong>License and Subscription Management</strong>: Supports license management, including a 50% discount for educational and nonprofit organizations.</li>
<li><strong>Device Identification (Upcoming)</strong>: Version 1.16 will introduce device identification, counting devices instead of unique IP addresses for licensing purposes.</li>
</ul>
<p><strong>3. Q&amp;A Session:</strong></p>
<ul>
<li><strong>Filtering WireGuard/OpenVPN Traffic</strong>: Zenarmor supports OpenVPN, and WireGuard support for kernel mode is almost finished and planned for the next release.</li>
<li><strong>RDP Service Support</strong>: Zenarmor uses the last login information from Active Directory, and it can recognize different users with Microsoft’s remote IP virtualization.</li>
<li><strong>Functional Differences in Security Zones</strong>: Advice on configuring interfaces correctly to avoid confusion in reports</li>
<li><strong>Discounts for Educational and Nonprofit Organizations</strong>: Offers a 50% discount for educational and nonprofit organizations.</li>
</ul>
<h2>Watch Now</h2>
<p>You can find detailed information on the</p>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/JhjHDBgkeDQ?si=aBWRThcPLpp4rVN7" title="Zenarmor 102: Technische Demo und Konfigurationstipps" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/announcement/zenarmor-thomas-krenn-webinar-2.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[How Zenarmor Can Help Manufacturing Organizations Overcome Cybersecurity Challenges]]></title>
            <link>https://www.zenarmor.com/blog#how-zenarmor-solves-manufacturing-cybersecurity-issues</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#how-zenarmor-solves-manufacturing-cybersecurity-issues</guid>
            <pubDate>Tue, 28 Nov 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[Cybersecurity has emerged as a critical concern in today's highly interconnected manufacturing domain. As manufacturing organizations embrace digital transformation, they face heightened vulnerabilities and sophisticated cyber threats. From safeguarding critical systems and IoT devices to defending against intellectual property theft, they must adopt effective security solutions to protect their operations and assets.]]></description>
            <content:encoded><![CDATA[<div>
  <img src="https://www.zenarmor.com/images/blog/how-zenarmor-solves-manufacturing-cybersecurity-issues.png" alt="" />
</div>
<p>Cybersecurity has emerged as a critical concern in today’s highly interconnected manufacturing domain. As manufacturing organizations embrace digital transformation, they face heightened vulnerabilities and sophisticated cyber threats. From safeguarding critical systems and IoT devices to defending against intellectual property theft, they must adopt effective security solutions to protect their operations and assets. One such solution is Zenarmor, a next-generation firewall plugin that provides real-time visibility, swift threat detection, and simplified compliance. This article delves into how Zenarmor is a solid defense mechanism, safeguarding sensitive industrial systems and data from malicious intrusions to address <strong>manufacturing organizations’ <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-cybersecurity">cybersecurity</a> challenges</strong>.</p>
<p>We’ll explore key areas where Zenarmor excels. Discover how Zenarmor’s comprehensive suite of security features can be the shield against cyber threats for your organization today!</p>
<h2>Real-Time Visibility and Swift Threat Detection</h2>
<p>Real-time visibility and swift threat detection are essential for manufacturing organizations to protect their networks from cyberattacks. Without <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-network-visibility">network visibility</a>, <strong>manufacturing cybersecurity</strong> teams cannot monitor their network traffic and spot any suspicious or malicious activities. This can leave them vulnerable to cyberattacks that can cause serious consequences, such as disrupting manufacturing processes, damaging equipment, compromising data, and causing financial losses. Zenarmor provides real-time visibility into network traffic, enabling manufacturing organizations to detect and respond to cyber threats promptly.</p>
<ul>
<li>
<p><strong>Advanced artificial intelligence and machine learning</strong>: Zenarmor utilizes cutting-edge <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-ai-ml-and-dl-effects-on-cybersecurity">AI and ML</a> to scrutinize network traffic, detecting anomalies, potential vulnerabilities, and malicious activities.</p>
</li>
<li>
<p><strong>Real-time threat detection and reporting</strong>: Manufacturing organizations benefit from the real-time threat detection and advanced reporting capabilities of Zenarmor for swift action against cyber risks.</p>
</li>
<li>
<p><strong>Enhanced network security</strong>: By leveraging Zenarmor, manufacturing entities strengthen their security posture, preventing cyberattacks from disrupting operations and compromising assets.</p>
</li>
<li>
<p><strong>Latest cybersecurity technologies</strong>: Zenarmor’s swift threat detection relies on state-of-the-art cybersecurity research and technologies, ensuring up-to-date protection.</p>
</li>
</ul>
<h2>Safeguarding Critical Systems and IoT Devices</h2>
<p>Manufacturing organizations rely on critical systems, such as industrial control systems (ICS) and IoT devices, to run their operations. These systems and devices are often connected to the internet, making them vulnerable to cyberattacks. Cyberattacks on these systems and devices can cause physical damage, operational downtime, safety hazards, and data breaches. Zenarmor can help simplify and secure complex IT/OT environments by providing a unified security platform that can protect many devices and systems, including legacy systems, ICS, and <a href="https://www.zenarmor.com/docs/network-basics/what-is-iot">IoT</a> devices.</p>
<p><strong>Comprehensive network traffic management</strong>: Zenarmor monitors and controls network traffic for these devices, preventing unauthorized access, data breaches, and malicious commands.</p>
<p><strong>Application of security policies</strong>: Zenarmor enforces security policies and rules, ensuring adherence to industry standards and best practices across devices and systems within the IT/OT environment.</p>
<p><strong>Simplified and secured IT/OT integration</strong>: Utilizing Zenarmor streamlines and strengthens the integration of complex IT/OT environments, safeguarding diverse devices while ensuring compliance and security standards are met.</p>
<h2>Cost-Effective Cloud-Based Security Solutions</h2>
<p>Cost-effective cloud-based security solutions are an excellent option for cybersecurity <strong>manufacturing companies</strong> with limited resources to invest in. Traditional cybersecurity solutions can be expensive and complex, requiring hardware installation, software updates, and maintenance. These tasks can consume a lot of time and money, which can be better spent on other aspects of the business. Zenarmor offers cost-effective cloud-based cybersecurity solutions, ideal for organizations with limited resources.</p>
<ul>
<li>
<p><strong>Hassle-free deployment</strong>: Eliminating hardware installation, software updates, and maintenance, Zenarmor operates as an Internet-delivered service, ensuring seamless access without technical concerns.</p>
</li>
<li>
<p><strong>Accessibility and reliability</strong>: Organizations enjoy round-the-clock access to security features from any location, free from worries about technical glitches or downtime.</p>
</li>
<li>
<p><strong>Flexible, scalable pricing</strong>: Zenarmor offers adaptable pricing plans, enabling organizations to pay based on usage and scale security provisions as their needs evolve.</p>
</li>
<li>
<p><strong>Savings in time and money</strong>: By leveraging Zenarmor, manufacturing entities streamline operations, save costs, and enhance cybersecurity efficiency without compromising performance.</p>
</li>
</ul>
<h2>Overcoming Limited Cybersecurity Resources</h2>
<p>Resource-efficient cybersecurity solutions are necessary for manufacturing organizations with limited resources to invest in a robust cybersecurity program. They may lack the cybersecurity staff, skills, or infrastructure to implement and manage effective security measures. This can expose them to cyber threats and compliance issues, jeopardizing their operations and reputation. Zenarmor is a resource-efficient solution, allowing organizations to maintain their security posture without requiring extensive cybersecurity staff or infrastructure.</p>
<ul>
<li>
<p><strong>Effortless deployment and usability</strong>: With no technical expertise required, Zenarmor offers easy deployment and user-friendly operation, backed by 24/7 support for expert guidance.</p>
</li>
<li>
<p><strong>Automation and simplification</strong>: Zenarmor streamlines security processes, reducing workload and complexity and effectively managing cybersecurity.</p>
</li>
<li>
<p><strong>Insights and recommendations</strong>: Providing valuable insights, Zenarmor assists in enhancing security awareness and skill sets within manufacturing organizations.</p>
</li>
<li>
<p><strong>Overcoming resource limitations</strong>: Zenarmor empowers organizations to transcend restricted cybersecurity resources, boosting capabilities and confidence in their security measures.</p>
</li>
<li>
<p><strong>User-friendly interface</strong>: Featuring an intuitive interface, Zenarmor ensures ease of use for all levels of staff within manufacturing organizations, promoting widespread adoption and utilization.</p>
</li>
</ul>
<h2>Defending Against Intellectual Property Theft</h2>
<p>Protecting intellectual property from theft is a crucial cybersecurity challenge for manufacturing organizations. Intellectual property, such as trade secrets and product designs, is a valuable asset, as it gives them a competitive edge and drives innovation. Intellectual property theft can result in revenue loss, reputation damage, and legal consequences, as competitors or adversaries can use the stolen information to gain an advantage or cause harm. Zenarmor helps protect against intellectual property theft with features like <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-dlp">data loss prevention</a> and content filtering, critical for safeguarding proprietary information.</p>
<ul>
<li>
<p><strong>Data protection measures</strong>: Zenarmor blocks sensitive data, thwarting unauthorized transfers or email communications to maintain data integrity.</p>
</li>
<li>
<p><strong>Content filtering for security</strong>: Zenarmor filters and blocks malicious content like phishing emails, malware, and spyware, fortifying defenses against threats that jeopardize data security.</p>
</li>
<li>
<p><strong>Defending innovation and competitiveness</strong>: Utilizing Zenarmor, organizations fortify defenses to safeguard intellectual property, preserving their competitive edge and innovative potential.</p>
</li>
<li>
<p><strong>Incident response capabilities</strong>: Zenarmor enables swift and effective incident response, minimizing the impact of security breaches and ensuring a proactive approach to managing cybersecurity incidents.</p>
</li>
</ul>
<h2>Simplified Compliance with Regulations</h2>
<p>Complying with industry-specific regulations is a vital cybersecurity challenge for manufacturing organizations. Regulations like the <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-nist-cybersecurity-framework">NIST Cybersecurity Framework (CSF)</a> provide guidelines and best practices for improving cybersecurity and reducing cyber risks. Compliance with these regulations can be challenging and complex, as it involves meeting various requirements and standards, such as identifying, protecting, detecting, responding, and recovering from cyber incidents. Integrating <strong>manufacturing cybersecurity with Zenarmor</strong> aids organizations in complying with industry-specific regulations, simplifying the process of meeting these requirements.</p>
<ul>
<li>
<p><strong>Evidence of adherence</strong>: Through generated reports, audits, and logs, Zenarmor furnishes tangible evidence showcasing organizations’ adherence to regulatory requirements and security performance.</p>
</li>
<li>
<p><strong>Guidance for improvement</strong>: Zenarmor offers recommendations and feedback, enhancing security performance and aligning with regulatory expectations for manufacturing organizations.</p>
</li>
<li>
<p><strong>Simplified compliance processes</strong>: Utilizing Zenarmor streamlines compliance efforts, reducing cyber risks and simplifying adherence to industry-specific regulations.</p>
</li>
<li>
<p><strong>Customized compliance controls</strong>: Zenarmor allows customization of controls to align with specific regulatory requirements, ensuring tailored compliance measures for different industry standards.</p>
</li>
</ul>
<h2>Zenarmor Solution For Manufacturing Organizations Cybersecurity Challenges</h2>
<p>In addressing the multifaceted cybersecurity landscape of manufacturing, Zenarmor emerges as an all-in-one safeguarding solution. From strengthening against threats and protecting intellectual property to simplifying compliance and securing complex environments, it stands as a comprehensive defender. It’s the shield manufacturing organizations need, blending cutting-edge technology with user-friendly adaptability.</p>
<p>Explore how <a href="https://www.zenarmor.com/zenarmor-next-generation-firewall">Zenarmor</a> can revolutionize your cybersecurity approach—reach out today for a tailored solution that ensures uninterrupted production, preserves innovation, and shields your assets.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/how-zenarmor-solves-manufacturing-cybersecurity-issues-thumbnail.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Upgrade Your Cloud Experience with Premium Management]]></title>
            <link>https://www.zenarmor.com/announcements#upgrade-your-cloud-experience-with-premium-management</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#upgrade-your-cloud-experience-with-premium-management</guid>
            <pubDate>Thu, 02 Nov 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[Are you getting the most out of your cloud security solution? If you are using the free edition of Zenarmor, you might be missing out on some powerful features that can take your cloud experience to the next level. Zenarmor is an appliance-free, all-software, lightweight, next-generation firewall that provides comprehensive security for your network.]]></description>
            <content:encoded><![CDATA[<div>
  <img src="https://www.zenarmor.com/images/blog/upgrade-your-cloud-experience-wtih-premium-management.png" alt="Upgrade Your Cloud Experience with Premium Management" />
</div>
<p>Are you getting the most out of your cloud security solution? If you are using the free edition of Zenarmor, you might be missing out on some powerful features that can take your cloud experience to the next level. Zenarmor is an appliance-free, all-software, lightweight, next-generation firewall that provides comprehensive security for your network. But what if you want to enjoy premium benefits such as advanced threat intelligence, unlimited web filtering, user-based policies, and more? That’s where Zenarmor’s premium plans come in.</p>
<p>Discover the enhanced features you’ve been missing in the free version and take your cloud experience to the next level with Zenarmor’s premium management.</p>
<h2><strong>Centralized Reporting</strong>: Uncovering the Full Picture</h2>
<p>Imagine you are managing multiple cloud resources across different platforms and regions. You want to track how they perform, how much they cost, and how secure they are. How do you get a clear and consistent view of your <strong>cloud management platform</strong>? That’s where centralized reporting comes in. The centralized reporting feature offered by Zenarmor streamlines cloud resource monitoring, offering a consolidated view through a single dashboard. This feature grants users access to in-depth insights regarding network activity, security incidents, web filtering, and user policies, among other aspects.</p>
<p>Its flexibility allows personalized report customization, tailoring the information to individual preferences and requirements. This empowers users to understand their cloud resources comprehensively, facilitating informed decision-making to enhance resource optimization and bolster overall network security. Zenarmor’s centralized reporting is a pivotal tool for efficiently managing and safeguarding digital assets in today’s dynamic and complex cloud environments.</p>
<div class="cta-button">
    <a href="https://dash.zenarmor.com/register/free-edition?utm_source=blog&utm_medium=web&utm_campaign=blog-cta" role="button" class="button orange-light" rel="noopener">Get Started with Zenarmor Today</a>
</div>
<style>
    .cta-button {
        margin-block: 2.5rem;
        display: flex;
        justify-content: center;
    }
</style>
<h2><strong>Centralized Policies</strong>: Streamline Security, Amplify Control</h2>
<p>Imagine you are a cloud security administrator for a large organization with multiple cloud nodes across different platforms and regions. You have to manage diverse security policies across cloud nodes, such as firewall rules, web filtering rules, user access rules, and more. How do you ensure your policies are consistent and effective across all your cloud nodes?</p>
<p>The answer lies within centralized policies. Centralized policies are a feature of Zenarmor that allows you to standardize your security policies effortlessly. You can create, edit, and apply your policies via a single dashboard that is accessible from anywhere. You can also sync your policies across all your cloud nodes with one click. Using centralized policies, you can streamline your security management and enhance your control over your cloud resources.</p>
<h2><strong>Cloud Scheduled Reports</strong>: Your Insights, Your Schedule</h2>
<p>If you are a busy professional who needs to keep track of their cloud security performance, you know how tedious and time-consuming it can be to generate reports manually. You must log in to your dashboard, select the desired data, export the report in your preferred format, and then share it with your stakeholders. And you have to do this every day, week, or month, depending on your needs. Wouldn’t it be nice if you could automate this process and get your reports delivered to your inbox or cloud storage without any hassle? That’s what cloud-scheduled reports can do for you. This is a dedicated feature of Zenarmor that allows you to schedule your reports tailored to your preferences and needs. You have the freedom to choose your reports’ frequency, format, recipients, and destination. With cloud-scheduled reports, you can save time and effort and stay informed effortlessly.</p>
<h2><strong>Unlock Collaboration</strong>: Multiple Admins, Limitless Potential</h2>
<p>Managing a firewall can be complex and challenging, especially when doing it alone. You might have to deal with multiple cloud nodes, platforms, regions, and user groups. You might have to handle different security policies, events, alerts, and reports. You must balance security and performance, compliance and flexibility, speed and accuracy. How can you make your firewall management more efficient and effective? The answer is collaboration. Collaboration is working with others on a common goal or project. With Zenarmor’s premium plans, you can unlock collaboration by having multiple admins in your account. With multiple administrators, you can enhance your workflow efficiency and delegation of responsibilities.</p>
<p>Utilizing the skills and expertise of your team presents a valuable opportunity to fine-tune and enhance the performance and security of your firewall infrastructure. This approach involves capitalizing on your team’s knowledge to delve into the intricacies of firewall management, enabling them to make informed decisions and implement customized configurations.</p>
<h2><strong>Role-based Firewall Management</strong>: Precision in Your Hands</h2>
<p>One of the challenges of managing a cloud environment is controlling user access and permissions to your firewall. To do so, you need the ability to grant or restrict the access of different types of users to certain features, functions, or data. You should also comply with your organization’s or industry’s security and privacy regulations. This can be achieved through role-based firewall management without compromising your firewall performance or security.</p>
<p>Role-based firewall management is a feature of Zenarmor that allows you to create and assign customized roles to your users. While you have the flexibility to customize the roles based on your specific needs and preferences, you can also modify or delete the roles as needed. With role-based firewall management, you will be in a position to enhance your security and compliance by giving each user the right level of access and permission.</p>
<p>What is more, you can also simplify your firewall management by reducing the complexity and confusion around user roles. This entails streamlining the organization and specifications of user roles within your firewall system. By doing so, you will be creating greater clarity and transparency in allocating responsibilities and permissions, ultimately leading to a more efficient and straightforward management process.</p>
<h2><strong>Upgrade Today</strong>: Unleash Your Cloud’s Full Potential</h2>
<p>Zenarmor is the most advanced cloud firewall solution that provides complete protection, performance, and control over your network. You can take a closer look and compare the different plans and prices that Zenarmor offers, like the Home, SOHO, and Business options. Now, you are ready to upgrade your cloud experience and unleash your cloud’s full potential. How do you do that? It’s simple. Just follow these steps:</p>
<ol>
<li>
<p>Visit Zenarmor’s website and click on the <strong>“Upgrade”</strong> button. This will refer you to a site where you can check out each Zenarmor plan and feature. You can evaluate the plans to find out which one best meets the needs of your finances. You can also see the pricing and billing options for each plan.</p>
</li>
<li>
<p>Pick the option that best meets your requirements and price range. You may also choose to test out the product before purchasing. Once you have decided on your project, click the “<strong>Start Free Trial</strong>” or “<strong>Buy Now</strong>” button. You can confirm your purchase overview and activate any available promo vouchers or discounts.</p>
</li>
<li>
<p>Proceed to make the payment by any means suitable to you. You can pay with your card of choice, PayPal, or other means accessible in your area. You can also choose to pay monthly or annually.</p>
</li>
<li>
<p>Enjoy your premium <strong>cloud management</strong> features and benefits. You will also be able to access your dashboard and start using your premium features and benefits right away. You can manage your policies, reports, users, admins, and more via a single dashboard that is easy to use and customize. You can also contact Zenarmor’s support team anytime for help or guidance.</p>
</li>
</ol>
<p>That’s it. You have successfully upgraded to premium <strong>cloud management software</strong> with Zenarmor. With this upgrade, you’ve unlocked a wealth of advanced features and capabilities that will empower you to optimize and secure your cloud resources with even greater efficiency and effectiveness. Congratulations! You are now on your way to achieving cloud excellence.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/upgrade-your-cloud-experience-wtih-premium-management.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Mastering Network Control with Advanced Policy-Based Filtering]]></title>
            <link>https://www.zenarmor.com/blog#mastering-network-control-with-advanced-policy-based-filtering</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#mastering-network-control-with-advanced-policy-based-filtering</guid>
            <pubDate>Wed, 01 Nov 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[Network control and security are vital for any organization that wants to protect its data and resources from cyber threats. However, traditional firewalls and network devices are often limited in their ability to handle the complexity and diversity of modern network traffic. How can you achieve granular and flexible control over your network without compromising performance or usability? The answer is advanced policy-based filtering.]]></description>
            <content:encoded><![CDATA[<div>
  <img src="https://www.zenarmor.com/images/blog/advanced-policy-based-filtering-thumbnail.png" alt="Mastering Network Control with Advanced Policy-Based Filtering" />
</div>
<p>Network control and security are vital for any organization that wants to protect its data and resources from cyber threats. However, traditional firewalls and network devices are often limited in their ability to handle the complexity and diversity of modern network traffic. How can you achieve granular and flexible control over your network without compromising performance or usability? The answer is advanced policy-based filtering.</p>
<p>Policy-based filtering is an effective strategy for defining and enforcing distinct security policies and procedures for different categories of traffic. In this blog post, we will show you how you can master network control with advanced policy-based filtering using Zenarmor.</p>
<h2>Understanding Policy-Based Filtering</h2>
<p>Policy-based filtering is a technique that allows you to control and manage your network traffic based on different criteria and rules. It is crucial for network management because it helps you to:</p>
<ul>
<li>Enhance network security by blocking or allowing specific applications, web categories, users, IP addresses, VLANs, etc.</li>
<li>Optimize network performance by prioritizing and shaping traffic based on your business needs.</li>
<li>Simplify network administration using a centralized and user-friendly interface to create and monitor policies across all your network devices.</li>
</ul>
<p>Policy-based filter matches traffic flows with predefined policies and applies the corresponding actions. A policy is a set of conditions defining what type of traffic to match and what actions to take.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/zenarmor-policy-configuration.png" alt="Zenarmor Policy Configuration" />
</div>
<p><em>Figure 1. Zenarmor Policy Configuration</em></p>
<p>Here is a step-by-step guideline to show how it actually works:</p>
<p><strong>Step 1</strong>: Define the criteria for matching traffic. You can use various parameters, such as applications, web categories, users, IP addresses, VLANs, etc. For example, you can create a criterion that matches all the traffic from social media applications, such as Facebook, Twitter, Instagram, etc.</p>
<p><strong>Step 2</strong>: Define the actions for the matched traffic. You can use various actions, such as block, allow, log, etc.</p>
<p><strong>Step 3</strong>: To create a policy, integrate the requirements and the actions. You may give the policy an identifier and an explanation.</p>
<p><strong>Step 4</strong>: Arrange the policies in descending order of significance. You can reorganize the policies by dragging and dropping them. The first relevant policy is applied to the traffic after all of the policies have been thoroughly examined.</p>
<p><strong>Step 5</strong>: Set the policies to be rendered applicable only during specific periods or days. You can use a calendar and a clock to specify when the policies are active or inactive.</p>
<p>These are the steps involved in creating and applying policy-based filters for your network traffic. You can use Zenarmor to implement advanced policy-based filtering using a cloud-based management interface or the OPNsense WebUI.</p>
<h2>Unleashing the Power of Advanced Policy-Based Filtering</h2>
<p>Advanced policy-based filtering is a feature that allows premium users to leverage the full capacity of Zenarmor and gain more control and flexibility over their network security. Premium users can achieve the following thanks to the advanced policy-based filtering:</p>
<ol>
<li>
<p><strong>Defining policies based on IP, MAC, and Network addresses</strong>: You can customize your security rules for different devices, users, and groups on your network. For example, you can block social media for some devices, allow streaming for some users, and restrict access for some groups.</p>
</li>
<li>
<p><strong>Fine-tuning web security to match unique requirements</strong>: This feature allows you to adjust your web filtering settings to suit your specific needs. For example, you can block gambling and adult sites for your network, allow educational and news sites for your students, and whitelist some domains or URLs for your staff.</p>
</li>
<li>
<p><strong>Flexible security options, including exempted Networks and VLANs</strong>: With Premium, you can choose to bypass filtering for trusted sources or isolate sensitive segments on your network. For example, you can exempt some networks or VLANs from filtering, such as your VPN or your servers.</p>
</li>
<li>
<p><strong>Enhanced network segmentation</strong>: This feature allows you to create separate zones with different levels of access and protection on your network. For example, you can create a public zone for your guests, a private zone for your employees, and a secure zone for your administrators.</p>
</li>
<li>
<p><strong>Granular control over network traffic</strong>: This feature allows you to inspect, block, or shape any application or protocol on your network. For example, you can inspect encrypted traffic with TLS inspection, and block malicious or unwanted applications with application control.</p>
</li>
</ol>
<h2>Benefits and Outcome</h2>
<p>You may increase the degree of control and flexibility over your network security with advanced policy-based filtering. By implementing advanced policy-based filtering, you can expect the following benefits and outcomes:</p>
<ol>
<li><strong>Enhanced security</strong>: You can block or allow specific applications, web categories, users, IP addresses, VLANs, etc., based on your security needs. You can inspect encrypted traffic and block malicious or unwanted applications and websites. This helps you protect your data and resources from cyber threats and prevent data breaches.</li>
<li><strong>Better network performance</strong>: You can prioritize and shape traffic based on your business needs. You can isolate specific networks or VLANs from each other to create separate zones for different purposes. This helps you optimize network efficiency and reduce network congestion and latency.</li>
<li><strong>Compliance with regulatory requirements</strong>: You can create policies that match the regulatory standards and best practices for your industry or region. You can log or alert you to traffic events and generate reports for auditing purposes. This helps you comply with legal and ethical obligations and avoid penalties or fines.</li>
<li><strong>Simplified network management</strong>: You can use Zenconsole, a cloud-based management interface, to control and monitor the security policies and traffic across all the deployments. You can also use the OPNsense WebUI to configure and manage policies for Zenarmor. This helps simplify network administration and reduce operational costs and complexity.</li>
</ol>
<p>This heightened level of control, combined with the ability to inspect encrypted traffic and block malicious elements, serves as a robust defense against cyber threats, effectively safeguarding your data and resources. Zenarmor’s advanced policy-based filter presents a holistic and practical approach to network security, setting the stage for a strong and efficient network infrastructure.</p>
<h2>Zenarmor - Empowering Your Network Security</h2>
<p>Achieving comprehensive network control and security is essential in today’s ever-evolving digital landscape. Traditional methods may fall short when dealing with the complexities of modern network traffic. This is where advanced policy-based filtering, as exemplified by Zenarmor, comes into play. By mastering policy-based filtering, you can enhance your network’s security, optimize its performance, streamline administration, and ensure compliance with regulatory requirements.</p>
<p>Implementing advanced policy-based filtering can seem like a daunting task for some. That’s where Zenarmor’s user-friendly approach and extensive capabilities truly shine. Zenarmor guides you toward a robust, efficient, and user-friendly solution to bolster your network security. With Zenarmor, you can leverage the full potential of advanced policy-based filtering to secure your network and optimize your web performance.</p>
<p>So, don’t hesitate to take the leap and explore Zenarmor for yourself. With advanced policy-based filtering, your network will be more secure, perform at its best, and simplify administration, all while safeguarding your data and resources from cyber threats.</p>
<p>If you haven’t already tried our free trial version, where you can test all the advanced features, you can now test our advanced policy-based filtering feature. If you are using the free trial and decide to upgrade to premium, you can easily upgrade your license from the subscription page.</p>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/bmyx7GWqaR4?si=CR44vb1HrGTP4GAy" title="Advanced Policy Based Filtering" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/advanced-policy-based-filtering-thumbnail.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Transparent Security: How Web Blocking Explanations Enhance Online Safety]]></title>
            <link>https://www.zenarmor.com/blog#insightful-web-blocking-explanations</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#insightful-web-blocking-explanations</guid>
            <pubDate>Fri, 27 Oct 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[Web blocking explanations, an indispensable component of network security, play a pivotal role in safeguarding digital ecosystems. In an increasingly interconnected world, understanding the significance of these explanations is paramount. Web blocking explanations serve as the digital sentinels, elucidating the 'why' and 'how' behind the prohibition of certain web content. This transparency not only empowers administrators and end-users with insight but also aids in fostering a secure online environment.]]></description>
            <content:encoded><![CDATA[<p>Web blocking explanations, an indispensable component of network security, play a pivotal role in safeguarding digital ecosystems. In an increasingly interconnected world, understanding the significance of these explanations is paramount. Web blocking explanations serve as the digital sentinels, elucidating the “why” and “how” behind the prohibition of certain web content. This transparency not only empowers administrators and end-users with insight but also aids in fostering a secure online environment.</p>
<p>Organizations can bolster their cybersecurity posture by shedding light on the rationale behind web access restrictions, identifying potential threats, and mitigating risks effectively. Such elucidations promote accountability and ethical usage, ensuring a balance between privacy and protection. In this blog, we embark on a journey to dissect the critical role of web-blocking explanations, shedding light on their profound impact on network security. To learn more about how Zenarmor can help you with <a href="https://www.zenarmor.com/docs/configuring/configuring-block-notification-page-on-zenconsole">web blocking and custom landing pages</a> you can visit the page.</p>
<h2>Why Custom Landing Pages Matter</h2>
<p>A custom landing page is a web page that appears when a user tries to access a blocked website or web content. A custom landing page can inform the user about the reason for the block, the policy or rule that applies, and the options or actions the user can take. Custom landing pages are essential for website blockers because they can:</p>
<ul>
<li>Enhance the user experience and satisfaction by providing clear and helpful information and guidance.</li>
<li>Increase user compliance and trust by explaining the rationale and benefits of the web-blocking policy.</li>
<li>Reduce user frustration and confusion by offering alternative resources or solutions.</li>
<li>Improve network security and performance by preventing users from bypassing the block or accessing malicious web content.</li>
</ul>
<div>
  <img src="https://www.zenarmor.com/images/blog/block-notification-message.png" alt="Block Notification Message for  accessing a webpage or application" />
</div>
<p><em>Figure 1: Block Notification Message for  accessing a webpage or application</em></p>
<p>Organizations should pay attention to this feature and design custom landing pages that are relevant, informative, and engaging for their users. One way to create custom landing pages for web blocking is to use Zenarmor to block and control unauthorized or misbehaving applications and websites and display custom landing pages informing users why certain web content is blocked.</p>
<h2>Benefits of Using Custom Landing Pages</h2>
<p>Custom landing pages are crucial to network security, providing transparency and compliance enforcement. They educate users about website blocker policies, reduce frustration, and enhance security awareness. By empowering users with knowledge and options, these pages bridge the gap between security measures and user understanding, ultimately strengthening the organization’s cybersecurity framework.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/customizing-block-notification-page.jpg" alt="Customizing Block Notification Page" />
</div>
<p><em>Figure 2: Customizing Block Notification Page</em></p>
<p>Here are the benefits custom landing pages offer:</p>
<h3>Enhanced Security Awareness</h3>
<p>Custom landing pages can inform the users about the reason for the block, the policy or rule that applies, and the options or actions they can take. By doing so, custom landing pages can educate users about the potential risks and threats on the web and how to avoid or mitigate them. Custom landing pages can also provide tips and best practices for safe and responsible web browsing. Custom landing pages can contribute to a more informed and security-conscious user base, improving overall network security and performance.</p>
<h3>Transparent Compliance</h3>
<p>Custom landing pages can help organizations communicate and enforce compliance policies effectively by explaining the rationale and benefits of the web-blocking policy. It can also provide the users with relevant legal or regulatory information, such as the laws or rules that apply, the consequences of violating them, and the rights and responsibilities of the users. Custom landing pages can help users understand and accept the website blocker policy and avoid any disputes or conflicts arising. Custom landing pages can promote transparent <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-cybersecurity-compliance">compliance</a> and trust between organizations and users.</p>
<h3>Reduced User Frustration</h3>
<p>User frustration is a common negative emotion that can arise when users encounter web blocking, especially if they do not understand why or how it happens. This can lead to dissatisfaction, anger, stress, or even attempts to bypass the block. Custom landing pages can alleviate user frustration by providing precise and informative messages or pages that explain why certain web content is blocked and what the user can do about it. It can also offer alternative resources or solutions to help users achieve their goals or needs.</p>
<h3>Risk Education</h3>
<p>Custom landing pages can be used to educate users about the potential security risks and threats they may encounter on the web. Custom landing pages can inform users about the type, source, impact, and prevention of blocked web content, such as malware, phishing, ransomware, etc. By doing so, custom landing pages can help users understand and avoid security risks, making them more security-conscious. Custom landing pages can improve the security awareness and behavior of users.</p>
<h3>Permanent Bypass</h3>
<p>Permanent bypass is a feature of custom landing pages that allows users to access blocked web content without entering a password or a code every time. It creates a cookie on the user’s browser that remembers their preference and authorization for particular web content. Permanent bypass can benefit users by saving them time and hassle and by giving them more control and flexibility over their web browsing.</p>
<h3>Reduced Downtime</h3>
<p>Downtime is when a user cannot access web content or services due to technical or security issues. Downtime can cause frustration, inconvenience, and loss of productivity for the user. Custom landing pages can contribute to reduced downtime by helping users quickly understand and address web access issues. By providing this information, custom landing pages can help users resolve their web access issues faster and easier and reduce the negative impact of downtime. Custom landing pages can improve the user experience and satisfaction during downtime.</p>
<h3>Reduced IT Burden</h3>
<p>Custom landing pages can reduce the IT burden by decreasing the workload on IT support and helpdesk teams. It provides users with self-service options and solutions, reducing the number of requests or complaints sent to the IT support or helpdesk teams. It also educates users about the website blocker policy and the security risks, such as malware, phishing, or ransomware. This can increase user compliance and awareness and prevent users from bypassing the block or accessing malicious web content.</p>
<h3>User Empowerment</h3>
<p>User empowerment is another benefit of custom landing pages for web blocking. Custom landing pages empower users with knowledge, making them responsible internet users within the organization. Custom landing pages provide users with clear and helpful information and guidance about the blocked web content, such as the reason, the policy, the options, and the solutions. It gives users more control and flexibility over their web browsing, such as permanent bypass, alternative resources, or contact information. This can help users make informed and rational decisions about their web access and behavior.</p>
<h2>Zenarmor - Empowering Security</h2>
<p>Custom landing pages play a pivotal role in network security and user communication. By enhancing security awareness, promoting transparent compliance, reducing user frustration, and facilitating risk education, these pages are integral to a well-rounded security strategy. To create custom landing pages for your network, you may want to check out Zenarmor. This software-based next-generation firewall provides comprehensive security for your network. With Zenarmor, you can effectively block and manage unauthorized or problematic applications and websites while seamlessly integrating custom landing pages to inform users about content restrictions. This combination of security measures is fundamental to a holistic security strategy in the ever-evolving digital landscape. Explore the unique features and get started with Zenarmor for free.</p>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/B9ViEtbSi4U?si=F9rjqrGqL2qN-2cd" title="Customizable Block Notification Page" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/insightful-web-blocking-explanations.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Step into Zenarmor's Integration Galaxy: Your Passport to Advanced Security]]></title>
            <link>https://www.zenarmor.com/blog#maximizing-security-insights-with-integrations</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#maximizing-security-insights-with-integrations</guid>
            <pubDate>Thu, 26 Oct 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[The digital landscape of today is fast-evolving, and comprehensive security insights are not just a luxury but have become an absolute necessity. Cyber threats evolve in complexity every day, making it vital for organizations to stay one step ahead. This is where integration comes into play.]]></description>
            <content:encoded><![CDATA[<p>The digital landscape of today is fast-evolving, and comprehensive security insights are not just a luxury but have become an absolute necessity. Cyber threats evolve in complexity every day, making it vital for organizations to stay one step ahead. This is where integration comes into play.</p>
<p>Imagine a world where your organization can streamline data flow and centralize insights effortlessly. Integrations provide that very opportunity. They act as the bridge that connects your security systems, enabling seamless data exchange and real-time monitoring.</p>
<p>Why are these comprehensive security insights so crucial? Simply put, they offer a 360-degree view of your network’s health. From the moment a potential threat is detected to the actions taken to mitigate it, a centralized system enhances your ability to detect, respond to, and prevent security incidents.</p>
<p>This blog will explore the significance of these insights in our ever-connected world. Let Zenarmor take you through the realm of integrations, where the power of data, streamlined flow, and heightened security converge to protect your digital assets.</p>
<h2>The Need for Robust Security Insights</h2>
<p>In today’s digital age, the importance of maximizing security insights cannot be overstated. These insights are crucial for several key reasons:</p>
<ul>
<li>
<p><strong>Complex Threat Landscape</strong>: Cyber threats are continually evolving and growing in sophistication. Consequently, traditional security measures become insufficient to safeguard against these dynamic risks.</p>
</li>
<li>
<p><strong>Preventive Measures</strong>: Security insights offer a proactive approach to security. By continuously monitoring networks and systems, they ensure companies can detect and prevent potential threats before dire consequences occur.</p>
</li>
<li>
<p><strong>Data Protection</strong>: Comprehensive security insights ensure data protection, making it easier for businesses to comply with data protection regulations such as GDPR, HIPAA, and PCI DSS.</p>
</li>
<li>
<p><strong>Total Visibility</strong>: They provide organizations with total visibility into their systems and networks, allowing for quicker and more effective detection and response to security incidents.</p>
</li>
<li>
<p><strong>Predictive Analytics</strong>: By leveraging predictive analytics, security insights can identify potential threats before they occur, helping businesses stay vigilant and secure in the face of increasing threats.</p>
</li>
</ul>
<h3>Challenges Organizations Face Without a Centralized Insight System</h3>
<p>Let’s take a look at the various challenges faced by organizations without a centralized insight system:</p>
<ul>
<li>
<p><strong>Fragmented Security</strong>: Critical security information is scattered across various tools and systems, resulting in fragmented security management.</p>
</li>
<li>
<p><strong>Delayed Threat Detection</strong>: The lack of cohesion leads to delayed threat detection, making it challenging to respond swiftly to potential breaches.</p>
</li>
<li>
<p><strong>Ineffective Risk Assessment</strong>: The absence of a centralized insight system hinders proactive risk assessment, increasing the likelihood of data breaches.</p>
</li>
<li>
<p><strong>Financial and Reputational Damage</strong>: These challenges can result in significant financial and reputational damage in the event of a security incident.</p>
</li>
</ul>
<p>In this dynamic digital landscape, the integration of advanced security insight services and centralized systems is the solution to these challenges. These insights empower organizations to protect against the ever-evolving threat landscape while ensuring peace of mind and security for their digital assets.</p>
<h2>Streamlining Data Flow with SYSLOG Integration</h2>
<p>Streamlining data flow through SYSLOG integration is a game-changer in the realm of security insight integration. This integration offers a trifecta of benefits that organizations simply cannot afford to overlook:</p>
<ul>
<li>
<p><strong>Real-Time Monitoring</strong>: SYSLOG integration provides the capability for real-time monitoring of your network and systems. This means that as data is generated, it’s immediately transmitted to SYSLOG servers, allowing security teams to keep a constant watchful eye on the system. With this quick response capability, threats can be nipped in the bud.</p>
</li>
<li>
<p><strong>Log Management Simplification</strong>: You no longer need to spend hours sifting through endless log files. With SYSLOG integration, reporting data is seamlessly collected and centralized, making log management a breeze. This ensures that critical security data is easily accessible when needed, and it’s very time-efficient.</p>
</li>
<li>
<p><strong>Immediate Threat Detection</strong>: The ability to detect threats as they happen is a priceless advantage. <a href="https://www.zenarmor.com/docs/configuring/streaming-reporting-data">SYSLOG integration</a> enables immediate threat detection by providing real-time visibility into activities within your network. Suspicious activities can be flagged, investigated, and addressed promptly, minimizing potential damage.</p>
</li>
</ul>
<p>The battle against cybersecurity issues and threats is hard, and SYSLOG integration is a crucial tool. It empowers organizations with real-time insights, simplifies log management, and ensures immediate threat detection. The result? Enhanced security, faster response times, and ultimately, peace of mind.</p>
<h2>Integrations for SOHO and Business Users</h2>
<p>The beauty of integrations lies in their versatility, benefiting small office/home office (SOHO) setups and larger businesses alike. Here’s how these integrations offer scalability and cost-effectiveness, regardless of the scale of your operation:</p>
<p>For small offices and home-based businesses, scalability is often a prime concern. Integrations can start small and grow with your needs. They adapt to the size of your operation, ensuring that even the tiniest of setups can access advanced <strong>insight security</strong>. Larger organizations require robust scalability. Integrations seamlessly accommodate the growing data flow and security demands of businesses, providing a flexible solution that scales effortlessly as the organization expands.</p>
<p>Budget constraints are common for SOHO setups. Integrations offer a cost-effective solution by minimizing the need for extensive hardware and personnel. In short, you obtain maximized security at a very reasonable price.  Cost-effectiveness is equally vital for businesses. Integrations reduce operational costs by streamlining processes, optimizing resource utilization, and enhancing threat detection. This results in better resource allocation and cost savings.</p>
<p>Whether you’re running a small office or a large enterprise, integrations offer the perfect synergy of scalability and cost-effectiveness. They adapt to your needs and budget, ensuring that every business, regardless of size, can access advanced security insights tailored to their requirements.</p>
<h2>Third-Party Security Tools Integration</h2>
<p>Zenarmor takes security insights to the next level through seamless integration with various third-party security tools, enhancing your defense against cyber threats. Here’s how these integrations work:</p>
<h3>Open-Source Firewalls</h3>
<p>Zenarmor collaborates effortlessly with <a href="https://www.zenarmor.com/docs/network-security-tutorials/best-open-source-firewalls">open-source firewalls</a> like <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-opnsense">OPNsense</a> and <a href="https://www.zenarmor.com/docs/network-security-tutorials/pfsense">pfSense</a> both built on FreeBSD. This integration bolsters your network security by combining the power of Zenarmor’s insights with the robust firewall capabilities of these open-source solutions. It results in a potent combination for safeguarding your network from threats.</p>
<h2>Security Information and Event Management (SIEM) Systems</h2>
<p>Zenarmor’s integration with <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-siem">SIEM</a> systems is a pivotal step in enhancing your security posture. By collecting and analyzing security logs, Zenarmor ensures that critical data is shared with SIEM systems like <a href="https://www.zenarmor.com/docs/guides/integrating-zenarmor-with-splunk-enterprise">Splunk</a>, LogRhythm, QRadar, <a href="https://www.zenarmor.com/docs/guides/integrating-zenarmor-with-datadog">Datadog</a>, and  Wazuh. This collaboration enables in-depth analysis, correlation, and alerting to identify potential threats promptly.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/datadog-integration-with-zenarmor.jpg" alt="Datadog Integration with Zenarmor" />
</div>
<p><em>Figure 1: Datadog Integration with Zenarmor</em></p>
<p>Wazuh and Zenarmor can be integrated to provide a more comprehensive security solution. When integrated, Wazuh can collect security events from Zenarmor and use these events to generate alerts, identify threats, and investigate security incidents. You can find more information about the <a href="https://www.zenarmor.com/docs/guides/integrating-zenarmor-with-wazuh">Wazuh and Zenarmor integration</a> in our YouTube video.</p>
<h3>Network Traffic Analysis (NTA) Systems</h3>
<p>The integration between Zenarmor and <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-network-traffic-analysis-nta">NTA</a> systems such as NetFlow Analyzer and Suricata empowers organizations to monitor and analyze network traffic comprehensively. This real-time analysis detects anomalies and potential security threats, ensuring a proactive approach to safeguarding your network.</p>
<h3>Authentication and DB Systems</h3>
<p>For username resolution, Zenarmor supports Active Directory and <a href="https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-captive-portal-on-opnsense">OPNsense Captive Portal</a>. If you have an Active Directory, you can integrate it with Zenarmor to obtain information about user logins and groups. Policies can be defined for AD groups and users.</p>
<p>Please see the <a href="https://www.zenarmor.com/docs/opnsense/configuring/ad-integration">Active Directory Integration Guide</a> for more information on how to integrate AD with Zenarmor.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/active-directory-agent-for-zenarmor.png" alt="Active Directory agent for Zenarmor" />
</div>
<p><em>Figure 2: Active Directory agent for Zenarmor</em></p>
<p>If your OPNsense Captive Portal is operational, Zenarmor can obtain username information from it as well by <a href="https://www.zenarmor.com/docs/guides/user-based-filtering-using-opnsense-captive-portal">integrating Zenarmor and OPNsense Captive Portal</a>.</p>
<p>Zenarmor can be integrated with the following database systems:</p>
<ul>
<li>MongoDB</li>
<li>SQLite</li>
<li>Elasticsearch</li>
</ul>
<p>MongoDB is a NoSQL document database that is known for its scalability and performance. SQLite is a lightweight relational database that is embedded in Zenarmor. <a href="https://www.zenarmor.com/docs/guides/remote-elasticsearch-zenarmor-reporting">Elasticsearch</a> is a search engine and analytics engine that is based on the Apache Lucene project.</p>
<h2>Take Your Security to the Next Level with Zenarmor</h2>
<p>In a world where cyber threats evolve daily, security insights and integrations are your best allies. They provide threat monitoring and detection and cost-effective solutions. With Zenarmor’s third-party integrations, you gain an edge against evolving threats. And don’t forget to consider integrating your Active Directory. This integration empowers you to manage user identities and permissions seamlessly, enhancing overall security. Don’t wait; explore these integration options today, bolster your security, and protect your digital assets. Stay secure; stay ahead.</p>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/zqPNLYqHDWQ?si=nWQLW3czR49ygrKG" title="Integration" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/maximizing-security-insights-with-integrations.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Streamline Enterprise Firewall Management with RESTful API]]></title>
            <link>https://www.zenarmor.com/blog#streamline-enterprise-firewall-management-with-restful-api</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#streamline-enterprise-firewall-management-with-restful-api</guid>
            <pubDate>Wed, 25 Oct 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[Imagine you are a network administrator who needs to monitor and control the network activity of hundreds or thousands of users in your organization. You want to ensure that your network is secure, compliant, and efficient, but you also want to respect the privacy and preferences of your users. How can you achieve this balance without spending hours on tedious manual tasks or compromising performance and reliability?]]></description>
            <content:encoded><![CDATA[<p>Firewalls act as vigilant gatekeepers, monitoring and controlling incoming and outgoing network traffic. They ensure that only authorized connections are allowed, protecting organizations from malicious intrusions, data breaches, and cyberattacks. Neglecting firewall management can lead to catastrophic security vulnerabilities, making it crucial for businesses to implement rigorous strategies.</p>
<p>However, as enterprises expand and diversify their networks, the complexity of managing multiple firewalls grows exponentially. Configuring, updating, and monitoring these devices becomes a daunting task. This often results in:</p>
<ul>
<li><strong>Operational Inefficiency</strong>: Manual configurations are time-consuming and error-prone.</li>
<li><strong>Inconsistencies</strong>: Managing numerous firewalls separately can lead to configuration inconsistencies.</li>
<li><strong>Limited Agility</strong>: Rapidly adapting to evolving threats becomes challenging.</li>
<li><strong>High Costs</strong>: Maintenance and management costs escalate with the number of firewalls.</li>
</ul>
<p>To tackle these issues, modern enterprises turn to RESTful APIs, a technology that offers a solution to streamline firewall management, enhance security, and maximize operational efficiency. In the following sections, we will delve into the significance of <strong>RESTful APIs</strong> in enterprise software architecture and explore Zenarmor’s RESTful API as a robust tool for firewall management.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/zenarmor-restful-api.png" alt="Zenarmor  RESTful API" />
</div>
<p><em>Figure 1: Zenarmor  RESTful API</em></p>
<h2>Understanding RESTful API</h2>
<p><strong>RESTful API Meaning</strong>: Representational State Transfer <strong>API</strong> (<strong>A</strong>pplication <strong>P</strong>rogramming <strong>I</strong>nterface)</p>
<p><strong>RESTful API Definition</strong>: RESTful API is an interface that two computer systems use to exchange information securely over the internet.</p>
<p>RESTful APIs excel due to their simplicity, scalability, and adaptability. They rely on HTTP requests for essential data operations - Create, Read, Update, Delete (CRUD), making them accessible and universally embraced.</p>
<p>RESTful APIs function as universal interpreters, enabling communication between diverse software systems:</p>
<ul>
<li>
<p><strong>Client-Server Relationship</strong>: This clear division between <a href="https://www.zenarmor.com/docs/network-basics/what-is-client-server-network">clients and servers</a> allows independent growth and scalability.</p>
</li>
<li>
<p><strong>Uniform Interface</strong>: RESTful APIs maintain consistent server responses, enhancing user-friendliness through hypermedia and eliminating the need for separate languages.</p>
</li>
<li>
<p><strong>Statelessness</strong>: These APIs don’t retain client session data, ensuring self-contained requests and lightening the server’s load.</p>
</li>
<li>
<p><strong>Cacheability</strong>: Caching data efficiently reduces server workload and boosts performance.</p>
</li>
<li>
<p><strong>Layered System</strong>: RESTful APIs organize complex systems into distinct layers, ensuring efficient interaction between them.</p>
</li>
<li>
<p><strong>Code-on-Demand (Optional)</strong>: This feature allows clients to request executable code from the server, enhancing dynamic content execution.</p>
</li>
</ul>
<h2>Zenarmor’s RESTful API for Firewall Management</h2>
<p>Zenarmor’s RESTful API emerges as a game-changing solution for enterprise firewall management. It is the key that unlocks unparalleled simplicity and efficiency in an otherwise complex landscape.</p>
<p>Configuring and managing multiple firewalls can be an arduous task. Zenarmor’s RESTful API simplifies these intricate processes. It transforms convoluted operations into straightforward commands, reducing the time and effort required. With intuitive endpoints and methods, you can easily create, read, update, and delete firewall rules, making it a breeze to adapt to evolving security needs.</p>
<p>Efficiency is the driving force behind Zenarmor’s RESTful API. Centralized management of multiple firewalls from a single location empowers administrators to exert control effortlessly. Bulk changes to firewall configurations can be executed seamlessly, saving precious time. Automated responses to security threats allow for rapid countermeasures, reinforcing your organization’s security posture.</p>
<p>Zenarmor’s RESTful API ensures that enterprise cybersecurity is no longer hindered by the complexities of firewall management. It offers an elegant solution that transforms your security infrastructure into a well-oiled machine. With time and effort savings, reduced risk of errors, enhanced scalability, and improved security, <a href="https://www.zenarmor.com/docs/developers/zenarmor-restful-api">Zenarmor’s RESTful API</a> is your key to mastering the art of firewall management. It’s time to elevate your enterprise security game with Zenarmor.</p>
<h2>Key Use Cases</h2>
<p>Zenarmor’s RESTful API isn’t just a concept; it’s a practical solution that transforms enterprise cybersecurity. Let’s explore real-world scenarios to understand how it can revolutionize your security management:</p>
<h3>Automating Deployment and Configuration</h3>
<p>Imagine onboarding new firewalls effortlessly. Zenarmor’s API allows you to automate the deployment and configuration of these security gateways. This saves time and guarantees consistent, error-free setups across your network. Whether you’re adding one or a dozen firewalls, the process remains streamlined and stress-free.</p>
<h3>Centralized Management</h3>
<p>In a sprawling enterprise network, managing multiple firewalls scattered across various locations can be a logistical nightmare. Zenarmor’s RESTful API simplifies this by providing centralized management. From a single control point, you can oversee and control all your firewalls, no matter where they’re deployed. This promotes efficiency and control in your security infrastructure.</p>
<h3>Bulk Configuration Changes</h3>
<p>Security needs to evolve, and so should your firewall configurations. With Zenarmor’s API, making bulk changes to firewall rules becomes straightforward. Whether it’s updating access policies, blocking threats, or adjusting traffic rules, you can enact these changes across multiple firewalls simultaneously, ensuring consistent and up-to-date security.</p>
<h3>Programmatically Responding to Threats</h3>
<p>Security threats don’t wait, and neither should your responses. Zenarmor’s RESTful API empowers your security team to respond programmatically. When a threat is detected, automated responses can be initiated instantly. It’s like having an army of digital guards ready to thwart intruders, minimizing response time and potential damage.</p>
<p>Zenarmor’s RESTful API isn’t just a tool; it’s a transformation. It streamlines complex security tasks, providing your enterprise with automation, centralized control, bulk configuration changes, and lightning-fast threat responses. It’s time to fortify your cybersecurity with Zenarmor’s API.</p>
<h2>Benefits of Using Zenarmor’s RESTful API</h2>
<p>Choosing Zenarmor offers you multiple benefits of the RESTful API for firewall management and configuration:</p>
<h3>Time and Effort Savings</h3>
<p>Zenarmor’s RESTful API simplifies the most intricate firewall management tasks. It automates processes that would otherwise demand extensive manual labor. This not only reduces workload but also accelerates critical operations. With Zenarmor, you’ll need mere minutes to accomplish something that would take hours otherwise.</p>
<h3>Reduced Risk of Configuration Errors</h3>
<p>Manual configurations are notorious for introducing errors, leaving vulnerabilities in your security infrastructure. Zenarmor’s RESTful API minimizes this risk by offering a structured and consistent approach to firewall management. The standardized process reduces the chances of human error, fortifying your defenses.</p>
<h3>Enhanced Scalability and Flexibility</h3>
<p>In the ever-evolving landscape of enterprise cybersecurity, the ability to scale and adapt swiftly is crucial. Zenarmor’s API centralizes the management of multiple firewalls, ensuring that your network can expand and adjust without complications. It’s a tool that grows with your needs, providing the flexibility essential for modern security.</p>
<h3>Improved Security Posture</h3>
<p>The ultimate goal of firewall management is to bolster security. Zenarmor’s RESTful API empowers your organization to respond rapidly to emerging threats. Automated threat responses, bulk configuration changes, and centralized control enhance your security posture. Your defenses become proactive, reducing vulnerabilities and ensuring that your network stays one step ahead of potential threats.</p>
<p>Zenarmor’s RESTful API is more than a tool; it’s a strategic advantage. It saves time and effort, mitigates risks, enhances flexibility, and fortifies your security posture. In an age where security is paramount, Zenarmor’s API is your ally in safeguarding your enterprise.</p>
<h2>Getting Started with Zenarmor’s RESTful API</h2>
<p>Embarking on your journey with Zenarmor’s RESTful API is seamless. Our comprehensive array of resources will provide a smooth on-ramp to harness the power of streamlined <strong>RESTful API firewall management</strong>. Coupled with our user-friendly interface and extensive documentation, you’ll find that integrating it into your firewall management processes is a breeze.</p>
<p>Also, you can watch our brief  Zenarmor RESTful API video.</p>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/dRsrK9MoBoE?si=hwCcreFzeYWGDJBh" title="Zenarmor API Management" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
<p><br><br></p>
<h2>Zenarmor - Choose the right solution</h2>
<p>The paramount importance of effective firewall management remains constant in the ever-evolving landscape of cybersecurity. Zenarmor’s RESTful API simplifies intricate tasks, reduces risks, and enhances your organization’s security posture. It’s a strategic ally, ensuring that your enterprise stays one step ahead of potential threats. Streamline your security management and embark on a journey of efficiency and control today.</p>
<p>To take full advantage of Zenarmor’s advanced firewall management capabilities and ensure comprehensive protection for your organization, we recommend upgrading to our paid <a href="https://www.zenarmor.com/plans">subscription plans</a>. Our premium offerings provide additional features and support to enhance your cybersecurity defenses. Don’t miss out on the next level of security – make the switch to a paid subscription today and safeguard your enterprise effectively.</p>
<p>Whether you’re new to APIs or a seasoned pro, our user-friendly documentation, other relevant resources, and support ensure you’re up and running in no time. Implement unmatched efficiency and control - get started with Zenarmor for free.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-with-restful-api-thumbnail.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Empower Your Network Security with User-Based Reporting]]></title>
            <link>https://www.zenarmor.com/blog#empower-your-network-security-with-user-based-reporting</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#empower-your-network-security-with-user-based-reporting</guid>
            <pubDate>Tue, 24 Oct 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[Imagine you are a network administrator who needs to monitor and control the network activity of hundreds or thousands of users in your organization. You want to ensure that your network is secure, compliant, and efficient, but you also want to respect the privacy and preferences of your users. How can you achieve this balance without spending hours on tedious manual tasks or compromising performance and reliability?]]></description>
            <content:encoded><![CDATA[<p>Imagine you are a network administrator who needs to monitor and control the network activity of hundreds or thousands of users in your organization. You want to ensure that your network is secure, compliant, and efficient, but you also want to respect the privacy and preferences of your users. How can you achieve this balance without spending hours on tedious manual tasks or compromising performance and reliability?</p>
<p>Here is where User-Based filtering and reporting come into play, a powerful feature of Zenarmor. In this blog, let’s understand how you can empower your network security with User-Based reporting. Whether you are a network administrator, a security analyst, or a business owner, User-Based reporting can help you achieve a higher level of security, compliance, and efficiency for your network.</p>
<h2>Understanding User-Based Filtering</h2>
<p>User-based filtering is a feature that allows you to create and enforce security policies based on the identity and role of each user in your network rather than just their IP address or device. User-based filtering is essential for network security. Because it enables you to:</p>
<ul>
<li>
<p><strong>Block and control unauthorized or misbehaving applications and websites</strong> that may threaten your network or violate your organizational standards.</p>
</li>
<li>
<p><strong>Prevent data leakage and malware infections</strong> by restricting access to sensitive or malicious content based on the user’s clearance level and need-to-know basis.</p>
</li>
<li>
<p><strong>Optimize bandwidth usage and network performance</strong> by prioritizing or limiting the traffic of specific users, groups, or departments according to your business objectives and network capacity.</p>
</li>
<li>
<p><strong>Comply with regulatory and organizational standards</strong> by applying consistent and auditable security policies across your network, regardless of the user’s location, device, or connection type.</p>
</li>
</ul>
<h3>How does User-Based Filtering work?</h3>
<p>Zenarmor’s user-based filter elevates network security with precision and transparency. User-based filtering integrates with popular user directory databases such as <a href="https://www.zenarmor.com/docs/opnsense/configuring/ad-integration">Microsoft Active Directory (MS AD)</a>. These databases store information about the users in your organization, such as their name, email, password, group membership, and role. Zenarmor can synchronize with these databases and use them as the source of truth for user authentication and authorization. Zenarmor can also <a href="https://www.zenarmor.com/docs/guides/user-based-filtering-using-opnsense-captive-portal">integrate with OPNsense Captive Portal</a>, a feature that lets you capture users’ credentials who connect to your network through a web browser. This way, you can identify and apply security policies to users not registered in your user directory database, such as guests or contractors.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/policy-configuration-on-zenarmor.png" alt="Policy configuration for user-based filtering on Zenarmor" />
</div>
<p><em>Figure 1: Policy configuration for user-based filtering on Zenarmor</em></p>
<h3>Benefits of Premium User-Based Filtering</h3>
<p>You might be wondering what benefits you can get from upgrading to the premium version of Zenarmor. Premium user-based filtering offers you several advantages that can enhance your network security and efficiency. Here are some of the benefits offered to maximize the efficiency of your control over your network security:</p>
<ol>
<li>
<p><strong>Unlimited filtering capabilities</strong>: With Premium, you can create as many user-based security policies as you need without any limitations on the number of rules, criteria, or actions. You may also change the level of importance and sequence of the regulations depending on your unique requirements and preferences.</p>
</li>
<li>
<p><strong>Enhanced reporting features</strong>: With premium user-based filtering, you can access more advanced and detailed reports and dashboards showing the network activity and security events of each user, group, or department in your organization. You can also schedule automatic reports and alerts for your email or other channels.</p>
</li>
<li>
<p><strong>Improved network security</strong>: You can leverage the AI-based cloud threat intelligence of Zenarmor to protect your network from advanced zero-day attack campaigns that use encryption or other techniques to evade detection.</p>
</li>
<li>
<p><strong>Better content control</strong>: You can block and control unauthorized or misbehaving applications and websites that may threaten your network or violate your organizational standards. You can also use application control and policy-based web filtering to manage the access and usage of various applications and websites.</p>
</li>
<li>
<p><strong>Time-saving and efficiency</strong>: With Premium, you can save time and resources by automating and simplifying your network security management. You can easily integrate Zenarmor with your existing user directory database, such as MS AD, and use it as the source of truth for user authentication and authorization. You can also use the <a href="https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-captive-portal-on-opnsense">OPNsense Captive Portal</a> to capture the credentials of users who connect to your network through a web browser.</p>
</li>
</ol>
<p>It is vital that we equip ourselves with the latest network security measures to protect our digital environment from rapidly evolving threats. Premium user-based filtering can help you take your network security to the next level with granular control and visibility.</p>
<h2>Exclusive Integration with MS AD and OPNsense</h2>
<p>Zenarmor’s exclusive integration with MS AD and OPNsense is a game-changer for network security. It allows you to:</p>
<ol>
<li>
<p><strong>Identify and authenticate users</strong> across your network with ease and accuracy. You can use MS AD as the source of truth for user identity and role, and OPNsense Captive Portal to capture the credentials of web-based users.</p>
</li>
<li>
<p><strong>Enforce consistent and auditable security policies</strong> across your network with flexibility and efficiency. You can create and apply user-based policies based on various criteria and actions and customize the priority and order of the policies.</p>
</li>
<li>
<p><strong>Monitor and analyze each user’s network activity and security events</strong> with clarity and detail. You can generate user-based reports and dashboards that show you the data in various formats and schedule automatic reports and alerts.</p>
</li>
</ol>
<p>This integration gives you a complete and comprehensive solution for user-based filtering and reporting that can enhance your network security and efficiency.</p>
<h2>How to Get Started with User Based Filtering</h2>
<p>To get started with user-based filtering, you need to upgrade to the premium version of Zenarmor.</p>
<p>Here are the steps to do that:</p>
<ol>
<li>Choose the <a href="https://www.zenarmor.com/plans">plan</a> that best fits your needs and expenditure after comparing the features and plans. Three plans are available: Home, SOHO, and Business. You must select Business for MS Active Directory or Captive Portal integration to get the benefits of user-based filtering.</li>
</ol>
<div>
  <img src="https://www.zenarmor.com/images/blog/zenarmor-plans-page.jpg" alt="Zenarmor Plans Page" />
</div>
<p><em>Figure 2: Zenarmor Plans Page</em></p>
<ol start="2">
<li>
<p>Under the plan you would like to invest in, click the Buy Now option. Once you submit the necessary billing information and payment approach, you will be taken to a safe checkout page.</p>
</li>
<li>
<p><a href="https://www.zenarmor.com/docs/configuring/managing-zenarmor-subscriptions#manage-subscriptions">Activate your license key</a> by entering it in Zenarmor’s web interface. You will see a confirmation message that your license is valid and activated.</p>
</li>
<li>
<p>Also, you can upgrade your existing subscription via Zenconsole.</p>
</li>
<li>
<p>Enjoy the Business features of user-based filtering and reporting. You can access the user-based filter settings from the Policy Configuration menu in Zenarmor’s web interface.</p>
</li>
</ol>
<h2>Zenarmor - Network Security with Precision and Control</h2>
<p>Zenarmor’s User-Based filtering and reporting offer an effective solution for network administrators and business owners seeking enhanced security, compliance, and efficiency. With its seamless integration with Microsoft Active Directory and OPNsense, as well as the option to upgrade to the premium version for advanced features, it empowers users to achieve granular control and comprehensive visibility over their network.  This robust tool equips them with the tools necessary to tackle evolving cybersecurity challenges.</p>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/4JASo_q6WKc?si=wTR7CB6npBAqmkVt" title="User-based Filtering and Reporting" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/empower-your-network-security.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Beyond the Shadows: Why You Need Better Reporting Against Cyber Threats]]></title>
            <link>https://www.zenarmor.com/blog#uncover-hidden-threats-and-trends-with-zenarmor-advanced-reporting</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#uncover-hidden-threats-and-trends-with-zenarmor-advanced-reporting</guid>
            <pubDate>Mon, 23 Oct 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[In network security, information is power. Enterprises rely on comprehensive data and insights to make informed decisions, enhance their security postures, and swiftly respond to emerging threats. This is precisely where our advanced security solution truly shines.
<br>
In this blog, we embark on a journey to explore the capabilities of advanced reporting with Zenarmor, shedding light on how they can empower organizations to bolster their cybersecurity strategies.
]]></description>
            <content:encoded><![CDATA[<p>Information is power, also in network security. Enterprises rely on comprehensive data and insights to make informed decisions, enhance their security postures, and swiftly respond to emerging threats. This is precisely where our advanced security solution truly shines.</p>
<p>In this blog, we embark on a journey to explore the capabilities of advanced reporting with Zenarmor, shedding light on how they can empower organizations to bolster their cybersecurity strategies.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/zenconsole-advanced-reporting-on-opnsense.jpg" alt="Zenconsole Advanced Reporting on OPNsense" />
</div>
<p>Our primary aim is to illuminate our advanced reporting features. We’ll delve into how these features can be harnessed to strengthen your organization’s cybersecurity posture. As we explore various aspects of our reporting capabilities, we’ll demonstrate how they enable proactive threat detection, efficient incident response, and compliance adherence.</p>
<h2>The World of Custom Reports</h2>
<p>In the ever-changing world of network security, having the right information is crucial. Custom reports are essential tools for network administrators and security experts. They give a personalized way to look at and understand data. These reports give a detailed view of network activity, threats, and user behavior. They help organizations get specific insights into their own security situation.</p>
<p>Custom reports let users sift through the data generated and extract the specific information that matters most to their operations.</p>
<p>The value of customized reports should not be overlooked. They are critical in making solid cybersecurity decisions. Premium users of Zenarmor are granted access to this powerful feature, enabling them to design reports that align with their organization’s specific needs and objectives. With custom reports, users can spot unusual patterns, see new threats, and check whether security rules work.</p>
<p>The benefits of custom reports extend beyond just data analysis. They help proactively mitigate threats with efficient incident response and optimizing security resources. With threats changing quickly and evolving daily, there are lots of risks. Custom reports provide the clarity and precision needed to navigate complex cybersecurity issues. Ultimately, they help organizations stay ahead of attackers, safeguard their assets, and protect their digital systems.</p>
<p>Data-driven decision-making is a crucial aspect of modern business and cybersecurity practices. It provides:</p>
<ul>
<li><strong>Informed Decision-Making</strong>: Data-driven decisions are based on concrete facts and statistics rather than gut feelings or intuition. This leads to more informed and rational choices, reducing the risk of making costly mistakes.</li>
<li><strong>Optimized Resource Allocation</strong>: By analyzing data, organizations can identify patterns and trends in cyber threats and attacks. This allows them to allocate resources more efficiently, focusing on areas of higher vulnerability or potential impact, which can lead to cost savings.</li>
<li><strong>Proactive Threat Mitigation</strong>: Data-driven decision-making enables organizations to identify potential security threats and vulnerabilities before they are exploited by attackers. This proactive approach enhances cybersecurity by allowing for quicker response times and mitigation strategies.</li>
<li><strong>Continuous Improvement</strong>: Regular data analysis allows organizations to monitor the effectiveness of their cybersecurity measures. By identifying areas that need improvement, they can continuously enhance their security posture and adapt to evolving threats.</li>
<li><strong>Measurable Outcomes</strong>: Data-driven decisions can be quantified and measured, making it easier to track the effectiveness of security measures over time. This not only provides accountability but also helps in demonstrating ROI (Return on Investment) in cybersecurity initiatives.</li>
</ul>
<p>In the context of Zenarmor’s advanced reporting capabilities, data-driven decision-making can be enhanced by providing clear and concise reports that offer insights into an organization’s cybersecurity landscape. These reports can help security professionals make more informed decisions to protect their digital assets effectively.</p>
<h2>Revealing Insights with Reverse DNS Lookup</h2>
<p>In the complex world of network security and management, understanding the origins of network traffic and the entities behind it is extremely important. This is where the reverse DNS lookup feature comes in handy. Essentially, a reverse <a href="https://www.zenarmor.com/docs/network-basics/what-is-dns">DNS</a> lookup maps an IP address to its corresponding domain name. This may sound technical, but it’s a big deal.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/zenconsole-dns-enrichment-for-reports.png" alt="Zenconsole Advanced Reporting on OPNsense" />
</div>
<p>Zenarmor’s reverse DNS lookup feature provides a unique perspective on network users. It allows users to view both numerical IP addresses and their corresponding domain names. This seemingly minor shift in perspective yields valuable insights into the origins and activities of network users, offering a better understanding of their behavior and sources. This feature becomes a powerful tool for discerning where users originate and their online activities, enhancing network administrators’ ability to monitor and secure their network effectively.</p>
<p>Organizations can better understand who uses their network resources using a reverse DNS lookup. This tool allows network administrators to identify the traffic source, distinguish between trusted and untrusted domains, and keep an eye on what users are up to. This information is super useful for enhancing security measures, pinpointing potential threats, and ensuring that network resources are utilized efficiently.</p>
<p>A reverse DNS lookup helps organizations connect the dots between IP addresses and easy-to-read website names. It transforms raw data into actionable intelligence, empowering network professionals to make informed decisions. With a <a href="https://www.zenarmor.com/docs/configuring/configuring-dns-for-reports">reverse DNS lookup</a>, the hidden folks in the network background show who they are and what they’re doing, ultimately strengthening security and network management.</p>
<h2>Sharing Success with Exportable Report Views</h2>
<p>When it comes to network security and making decisions based on data, it’s crucial to share insights and data with the right people. <a href="https://www.zenarmor.com/docs/opnsense/reporting-analytics/report-view-configuration#exporting-reports">Zenarmor’s exportable report</a> views feature emerges as a powerful tool. It lets users take valuable information and present it in a way that’s informative and actionable for a better and more secure security infrastructure.</p>
<ul>
<li>
<p><strong>Enhanced Data Sharing</strong>: The exportable report views offer a powerful solution for sharing critical insights and data within the organization. Users can effortlessly convert data into formats like PDF or CSV, facilitating seamless sharing with colleagues, supervisors, and external partners.</p>
</li>
<li>
<p><strong>Streamlined Collaboration</strong>: This feature simplifies the sharing of important information, promoting efficient collaboration and communication among stakeholders. Quick and informed decision-making is essential in an era of ever-evolving cybersecurity threats. Exportable report views enable users to present network activity, threats, and trends clearly and succinctly, fostering improved transparency and alignment in security strategy discussions.</p>
</li>
<li>
<p><strong>Facilitating Transparency</strong>: By making it easier to share data, exportable report views contribute to greater transparency in security operations. All parties involved can gain a shared understanding of security challenges and risk mitigation strategies. This alignment is crucial for effective security management and risk reduction.</p>
</li>
<li>
<p><strong>Demonstrating Effectiveness</strong>: Exportable report views play a pivotal role in demonstrating the effectiveness of security measures. Security professionals and administrators can effortlessly export and share reports showcasing security strategies’ success. This includes highlighting reductions in security incidents, achievements in compliance, and overall progress tracking.</p>
</li>
<li>
<p><strong>Celebrating Achievements</strong>: These views enable organizations to celebrate their security wins. Whether it’s acknowledging a decrease in security incidents or showcasing compliance milestones, exportable report views help in showcasing accomplishments, which can boost morale and encourage continuous improvement in security strategies.</p>
</li>
</ul>
<h2>Elevate Your Insights with Zenarmor Premium</h2>
<p>Zenarmor Premium is not just a subscription; it’s an opportunity to take your network security and reporting capabilities to the next level. With advanced reporting, the Premium offers a suite of benefits that can truly transform the way you manage and safeguard your network.</p>
<p>The key benefits of advanced reporting are clear and compelling. From instantaneous traffic monitoring to trend data, users receive access to a multitude of data insights. You can detect risks ahead of time, optimize security measures, and maintain compliance with industry requirements. As data remains a critical component of good cybersecurity, exportable report views are a vital tool for enterprises looking to maximize the effectiveness of their security efforts. Zenarmor Premium empowers you to tailor your reports to your unique needs, providing granular control over the information you receive.</p>
<p>If you’re currently using the free version, it’s time to consider the advantages of upgrading to Zenarmor Premium. The enhanced reporting capabilities alone can significantly impact your network security strategy. With premium features, you can uncover hidden threats, make data-driven decisions, and efficiently manage your security resources.</p>
<p>Don’t miss out on the opportunity to explore the full potential of our solutions. Upgrade to Zenarmor Premium today and unlock a range of insights to help you fortify your cybersecurity defenses, protect your digital assets, and stay one step ahead of evolving threats. Elevate your network security game with Zenarmor Premium and experience the difference. Your network’s security and performance are worth the investment.</p>
<p>To explore the full potential of Zenarmor Advanced Reporting capabilities, you can watch our Advanced Reporting video.</p>
<h2>Watch Now</h2>
<iframe width="100%" height="315" src="https://www.youtube.com/embed/6KvpPilIYvU?si=cxC3tU6ZHoAN5_9f" title="Advanced Reporting Capabilities" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-advanced-reporting.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor 101: Components and Benefits]]></title>
            <link>https://www.zenarmor.com/announcements#zenarmor-101-components-and-benefits</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#zenarmor-101-components-and-benefits</guid>
            <pubDate>Mon, 23 Oct 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[In a world increasingly dominated by digital interactions, cybersecurity is paramount. Among the many tools available to safeguard your network, Zenarmor stands out as a powerful add-on to OPNsense, an open-source firewall and routing platform. A recent webinar shed light on this dynamic duo, showcasing how Zenarmor enhances OPNsense and fortifies network security. Here's a recap of the crucial takeaways and why this webinar matters.]]></description>
            <content:encoded><![CDATA[<p>In a world increasingly dominated by digital interactions, cybersecurity is paramount. Among the many tools available to safeguard your network, Zenarmor stands out as a powerful add-on to OPNsense, an <a href="https://www.zenarmor.com/docs/network-security-tutorials/best-open-source-firewalls">open-source firewall</a> and routing platform. A recent webinar shed light on this dynamic duo, showcasing how Zenarmor enhances OPNsense and fortifies network security. Here’s a recap of the crucial takeaways and why this webinar matters.</p>
<p>Key Presenters: The webinar was a collaboration between two experts in the field:</p>
<ul>
<li><a href="https://www.linkedin.com/in/muratbalaban/">Murat Balaban</a>: CEO and founder of Zenarmor, joined from the United States.</li>
<li>Thomas Niedermeier, Senior Solution Engineer, OPNsense, Thomas-Krenn joined from Germany</li>
</ul>
<h2>Webinar Highlights:</h2>
<p>Zenarmor seamlessly integrates with OPNsense, enhancing its capabilities with features such as intrusion prevention, application-level control, cloud-based threat intelligence, and advanced reporting and analytics, providing comprehensive insights into network traffic and top talkers for effective network security management.</p>
<ul>
<li>
<p><strong>Benefits of Open Source Firewalls</strong>: Open-source firewalls offer advanced capabilities in packet filtering, port inspection, and application layer 7 filtering, making them a powerful choice for network security.</p>
</li>
<li>
<p><strong>Single, Unified Application</strong>: Zenarmor is a comprehensive security solution in one package, unlike some competitors that rely on multiple separate software packages.</p>
</li>
<li>
<p><strong>TLS Decryption and Inspection</strong>: Zenarmor provides TLS decryption and inspection to detect encrypted threats, a crucial component of modern cybersecurity.</p>
</li>
<li>
<p><strong><a href="https://www.zenarmor.com/docs/opnsense/policies/application-control-rules">Application Control</a></strong>: The tool allows the creation of policies for network traffic control and filtering based on applications, a feature vital for business productivity and security.</p>
</li>
<li>
<p><strong><a href="https://www.zenarmor.com/docs/opnsense/configuring/cloud-threat-intelligence">Cloud Threat Intelligence</a></strong>: Zenarmor integrates seamlessly with cloud-based threat intelligence services to defend against zero-day attacks, emerging phishing campaigns, and evasive threats.</p>
</li>
<li>
<p><strong>Partnership with  Thomas-Krenn</strong>: The strategic partnership aims to deliver a top-end firewall solution by combining  Thomas-Krenn hardware, OPNsense, and Zenarmor for comprehensive network security.</p>
</li>
<li>
<p><strong><a href="https://www.zenarmor.com/plans">Licensing Options</a></strong>: Zenarmor licenses can be easily obtained through their online shop, offering various editions and configurations. Discounts are available for additional licenses, and customization options are accommodated.</p>
</li>
<li>
<p><strong><a href="https://www.zenarmor.com/docs/introduction/hardware-requirements">Hardware Sizing</a></strong>: To ensure stable system performance, sufficient RAM is essential. Three different hardware scenarios were presented, emphasizing the importance of adequate resources.</p>
</li>
<li>
<p><strong>Virtual Environment Compatibility</strong>: It’s entirely possible to install OPNsense and Zenarmor in a virtual environment. Popular hypervisors like KVM, VirtualBox, and Microsoft Hyper-V are supported. The hardware requirements include a minimum of two CPU cores and four gigabytes of RAM. For optimal performance, using an ElasticSearch database is recommended.</p>
</li>
</ul>
<h2>Watch Now</h2>
<p>You can find detailed information on the Zenarmor 101: Komponenten und Vorteile (Components and Benefits)  webinar video</p>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/hybhKyLNjoc?si=SSjh4lMEdktBai-O" title="Zenarmor 101: Komponenten und Vorteile" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/announcement/zenarmor-thomas-krenn-webinar.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor Advanced Security Rules: Staying Ahead of Emerging Threats]]></title>
            <link>https://www.zenarmor.com/blog#zenarmor-advanced-security-rules</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#zenarmor-advanced-security-rules</guid>
            <pubDate>Fri, 20 Oct 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[The digital landscape that we are navigating today is ever-evolving. Staying ahead of emerging cyber threats is paramount for organizations of all sizes. As the sophistication of malicious intruders continues to grow, so must our defenses. This is where advanced security rules come into play; they are the frontline of defense in safeguarding your network, applications, and sensitive data.]]></description>
            <content:encoded><![CDATA[<p>The digital landscape that we are navigating today is ever-evolving. Staying ahead of emerging cyber threats is paramount for organizations of all sizes. As the sophistication of malicious intruders continues to grow, so must our defenses. This is where advanced security rules come into play; they are the frontline of defense in safeguarding your network, applications, and sensitive data.</p>
<p>Let’s understand the advanced security rules’ crucial role in fortifying your cybersecurity posture. We’ll explore how these rules go beyond conventional measures, enabling you to proactively detect, mitigate, and respond to emerging threats. Whether it’s zero-day vulnerabilities, evolving malware strains, or novel attack vectors, advanced security rules are your shield against the unknown.</p>
<p>To illustrate these concepts, we’ll spotlight Zenarmor’s advanced security features. We’ll take a closer look at Zenarmor’s paid plans, which provide access to cutting-edge security capabilities to keep your organization one step ahead of cyber adversaries. From real-time threat intelligence to deep packet inspection and AI-driven defenses, Zenarmor’s advanced security features are a force to be reckoned with. To learn more about how to fortify your cybersecurity space, visit <a href="https://www.zenarmor.com/zenarmor-next-generation-firewall">Zenarmor</a> today.</p>
<h2>Exploring Zenarmor’s Advanced Security Rules</h2>
<p><a href="https://www.zenarmor.com/docs/policies/security-rules#advanced-security">Zenarmor’s Advanced Security Rules</a>, available in its premium paid plan, represent a formidable arsenal in the battle against cyber threats. These rules empower organizations to fortify their defenses with comprehensive security measures:</p>
<ol>
<li>
<p><strong>Real-Time Threat Intelligence</strong>: The Advanced Security Rules provide real-time threat intelligence, enabling automatic blocking of emerging threats. This proactive approach ensures that your network remains resilient and protected.</p>
</li>
<li>
<p><strong>Malicious and Phishing Server Filtering</strong>: Zenarmor excels in filtering out malicious and phishing servers, offering protection against new malware, viruses, and phishing outbreaks. This vigilant stance ensures that even the latest threats are effectively mitigated.</p>
</li>
<li>
<p><strong>Blocking Newly Registered, Recovered, or Dynamic DNS Sites</strong>: By blocking access to newly registered, recovered, or dynamic DNS sites, Zenarmor closes off potential entry points for cybercriminals, bolstering your defense against various attack vectors.</p>
</li>
<li>
<p><strong>Preventing DNS Tunneling</strong>: The advanced security measures include the prevention of DNS tunneling, a sophisticated technique employed by threat actors to evade detection and infiltrate networks.</p>
</li>
</ol>
<div>
  <img src="https://www.zenarmor.com/images/blog/zenarmor-advanced-security-options.png" alt="Zenarmor Advanced Security Options" />
</div>
<p><em>Figure 1: Zenarmor Advanced Security Options</em></p>
<p>Get started with Zenarmor for free by exploring our advanced security rules and comprehensive network security tutorials. Enhance your cybersecurity posture and protect your network against emerging threats. Visit our <a href="https://www.zenarmor.com/docs/">documentation</a> page to get started today!</p>
<h3>Cutting-Edge Zero-Day Attack Protection</h3>
<p>Zero-day attacks are among the most insidious and unpredictable cybersecurity threats, exploiting unknown vulnerabilities to software developers and security experts. These attacks strike swiftly, taking advantage of this “zero-day” window before patches or fixes are available. Zenarmor’s paid plan stands as a bulwark against such threats. It employs cutting-edge <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-zero-day-attack">zero-day attack</a> protection mechanisms, harnessing real-time threat intelligence to identify and thwart these emerging dangers.</p>
<p>Zenarmor employs cutting-edge technology to meticulously analyze network traffic, dissecting files at the packet level as they traverse through your network infrastructure. By leveraging advanced algorithms and extensive data resources, Zenarmor can swiftly identify a wide range of threats, including polymorphic malware and zero-day exploits. This rapid detection capability allows Zenarmor to take immediate action, either blocking malicious files or flagging them for deeper scrutiny, providing you with real-time protection against evolving cyber threats. Unlike traditional sandboxing methods, Zenarmor’s use of machine learning and vast datasets enables it to make lightning-fast threat assessments in mere milliseconds, offering a level of security that far surpasses conventional approaches.</p>
<p>Having a strong defense like Zenarmor is crucial for protecting sensitive data, infrastructure, and business continuity in today’s digital landscape where cybercriminals are enamored with zero-day vulnerabilities.</p>
<h3>Protection Against New Malware, Virus, and Phishing Outbreaks</h3>
<p>Protection against new malware, viruses, and phishing outbreaks is a paramount concern in today’s digital landscape, where cyber threats continuously evolve in sophistication and scale. Zenarmor, within its premium-paid plan, offers a robust defense mechanism to shield organizations from these ever-emerging dangers. The significance of this proactive protection cannot be overstated. Zenarmor stays vigilant around the clock, leveraging real-time threat intelligence and advanced security rules to detect and block the latest malware strains, viruses, and <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-are-phishing-attacks">phishing</a> campaigns.</p>
<p>In a world where cybercriminals constantly devise new tactics to breach defenses, Zenarmor’s ability to swiftly adapt and defend against the freshest threats is invaluable. It ensures that your organization remains resilient and unyielding in the face of the most recent and potent cyberattacks. With Zenarmor’s proactive approach to security, you can fortify your digital defenses, reduce the risk of compromise, and maintain the trust of customers, partners, and stakeholders. In an era where the digital threat landscape is ever-evolving, Zenarmor’s commitment to blocking the latest outbreaks is a shield of assurance for your organization’s cybersecurity.</p>
<h3>Automatic Botnet Filtering</h3>
<p>Automatic Botnet Filtering is an essential component of modern cybersecurity, given botnets’ pervasive and nefarious nature. These networks of compromised devices, controlled by malicious actors, pose a severe threat to organizations by enabling various malicious activities, including DDoS attacks, data theft, and malware distribution. Zenarmor’s advanced security rules, available in its premium paid plan, include an automatic <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-botnet">botnet</a> filtering mechanism to thwart these threats.</p>
<p>Zenarmor leverages cutting-edge AI-based cloud threat intelligence to provide real-time protection against zero-day malware, phishing attacks, and the instantaneous detection and blocking of emerging botnets. In the ever-evolving landscape of cyber threats, Zenarmor’s advanced capabilities extend beyond traditional IP, port, and DNS-based filtering by incorporating deep content inspection to thwart evasive threats.</p>
<p>Botnets, formidable armies of compromised devices, present a grave threat to the digital realm, capable of executing devastating DDoS attacks, orchestrating data breaches, and propagating malware. Zenarmor recognizes the critical need to combat this menace and fortify network security. By automatically identifying and obstructing communication between your network and known botnet <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-command-and-control-c2">command and control</a> servers, Zenarmor’s Botnet C&amp;C feature acts as a stalwart guardian. This defensive layer shields your data, devices, and online operations, ensuring uninterrupted cybersecurity in an increasingly perilous digital landscape.</p>
<p>Benefits of Automatic Botnet filtering:</p>
<ul>
<li>
<p>Automatic botnet filtering offered by Zenarmor prevents your devices from being recruited into malicious botnets, thereby safeguarding the integrity of your network.</p>
</li>
<li>
<p>This feature effectively mitigates the risks associated with botnet-driven attacks, including Distributed Denial of Service (DDoS) assaults that can severely disrupt your operations.</p>
</li>
<li>
<p>Zenarmor’s proactive botnet filtering ensures business continuity by preventing disruptions caused by botnet attacks. It helps protect critical data and maintains the trust of customers and partners.</p>
</li>
<li>
<p>By automatically blocking botnet threats, Zenarmor provides a robust layer of defense to protect your organization’s digital assets from compromise and unauthorized access.</p>
</li>
<li>
<p>Botnets are a prevalent cybersecurity concern, but Zenarmor’s automatic botnet filtering strengthens your overall cybersecurity posture, reducing the likelihood of falling victim to botnet-related threats.</p>
</li>
</ul>
<h3>Blocking DNS Tunnels</h3>
<p>Blocking DNS Tunnels is a crucial aspect of modern cybersecurity, given the stealthy and evasive nature of DNS tunneling. These tunnels are covert channels cybercriminals use to exfiltrate data or execute malicious commands, often bypassing traditional security measures. DNS tunneling involves embedding unauthorized data within DNS queries and responses, exploiting the inherently trusted nature of DNS traffic. The potential risks posed by DNS tunnels are significant, including data breaches, command and control for malware, and data exfiltration.</p>
<p>Zenarmor’s advanced security rules, available in its premium paid plan, incorporate robust DNS tunneling detection and prevention mechanisms. Zenarmor can identify and block illegitimate DNS tunneling attempts by scrutinizing DNS traffic in real time. This proactive approach ensures that DNS tunnels cannot be exploited as a covert communication channel for cyberattacks.</p>
<p>DNS tunneling attacks can have dire consequences, from enabling data theft to facilitating the stealthy operation of malware within a compromised network. By effectively blocking these tunnels, Zenarmor bolsters an organization’s security posture, reducing the risk of data breaches and other malicious activities. We live in a day and age where cyber threats are becoming increasingly sophisticated and evasive. However, Zenarmor’s capability to thwart DNS tunneling is critical to safeguarding sensitive data and network integrity.</p>
<h2>Upgrade for Proactive Security</h2>
<p>In cybersecurity, where threats evolve incessantly, the need for proactive security has never been more critical. As we conclude our exploration of the vital components that fortify your digital defenses, it’s clear that Zenarmor’s Premium plan emerges as a stalwart safeguard against emerging threats. Our journey has highlighted the importance of advanced security rules, zero-day attack protection, malware/virus/phishing outbreak prevention, automatic botnet filtering, and DNS tunnel blocking. These elements within Zenarmor’s Premium plan collectively form a formidable shield, keeping your organization one step ahead of cyber adversaries.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/comparison-of-zenarmor-plans.png" alt="Comparison of Zenarmor Plans" />
</div>
<p><em>Figure 2: Comparison of Zenarmor Plans</em></p>
<p>To truly fortify your security posture and remain resilient in the face of the unknown, consider upgrading to <a href="https://www.zenarmor.com/plans">Zenarmor’s Premium plan</a>. Its advanced security features are your frontline defense against the ever-evolving threat landscape. The consequences of a breach can be devastating, encompassing data compromise, financial losses, and reputational damage. A proactive stance is non-negotiable when cyber threats are relentless.</p>
<p>So, take the next step in securing your digital assets and operations. Upgrade to Zenarmor’s Premium plan and empower your organization to tackle emerging threats. Stay protected, stay vigilant, and stay ahead of evolving cybersecurity challenges. Your digital future depends on it.</p>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/Vf2G6sb-YSY?si=enWRYGb75c5m66BQ" title="Advanced Security Controls" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-advanced-security-rules-thumbnail.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Gain Granular Control Over Web Access with Zenarmor Custom Web Profiles]]></title>
            <link>https://www.zenarmor.com/blog#gain-granular-control-over-web-access-with-zenarmor-custom-web-profiles</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#gain-granular-control-over-web-access-with-zenarmor-custom-web-profiles</guid>
            <pubDate>Thu, 19 Oct 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[In the dynamic field of cybersecurity, the importance of tailored solutions cannot be overstated. As digital threats grow in complexity and diversity, organizations must have the tools to adapt and strengthen their defenses. This is precisely where the significance of custom web profiles in network security comes into play, offering a dynamic means of safeguarding digital landscapes against cyber threats.]]></description>
            <content:encoded><![CDATA[<p>In the dynamic field of cybersecurity, the importance of tailored solutions cannot be overstated. As digital threats grow in complexity and diversity, organizations must have the tools to adapt and strengthen their defenses. This is precisely where the significance of custom web profiles in network security comes into play, offering a dynamic means of safeguarding digital landscapes against cyber threats.</p>
<p>Web profiles are the linchpin between an organization’s overarching security strategy and the intricate web of online content and applications its users interact with daily. These profiles serve as the initial stage for access control, filtering, and monitoring, allowing network administrators to precisely set boundaries.</p>
<p>Zenarmor takes this concept of web profiles to new heights with its custom web profile feature. In a domain where one-size-fits-all security solutions fall short in the face of rapidly evolving threats, they offer a tailored approach that lets organizations customize security policies to their unique needs.</p>
<p>The core of this innovation lies in the ability to modify security measures that overcome generic frameworks. They help adapt to the nuances of an organization’s web traffic, user behavior, and security objectives. Whether the aim is to safeguard against malicious content, enforce strict access control, or monitor user activities, these custom profiles serve as the vanguards of digital fortresses.</p>
<p>From content filtering to access control, from real-time threat detection to comprehensive reporting, we unlock the benefits of custom web profiles in Zenarmor, equipping you with the knowledge and tools to secure your digital space.</p>
<p>Explore Zenarmor’s comprehensive solutions, unlock the power of data-driven security, and take your network security to the next level. Visit our website now to learn more and get started on your journey to a safer and more secure network environment!</p>
<h2>Why you need Custom Web Profiles</h2>
<p>While predefined web profiles serve as valuable templates in network security, it’s essential to acknowledge their limitations and recognize scenarios where their application might fall short.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/custom-web-profiles.jpg" alt="Custom Web Profiles" />
</div>
<p><em>Figure 1: Custom Web Profiles</em></p>
<h3>The key to fine-grained web filtering and content security</h3>
<p>Predefined web profiles provide a convenient starting point for web filtering and content security. However, their inherent limitation lies in their one-size-fits-all approach. These profiles broadly categorize websites that may not align with the specific and nuanced requirements of modern organizations. This lack of granularity can result in over-blocking or under-blocking, impacting productivity and security. To truly meet the diverse needs of today’s digital landscape, organizations must complement predefined profiles with custom web profiles in Zenarmor that align precisely with their unique security policies and objectives.</p>
<h3>Zenarmor enables organizations to tailor web filtering</h3>
<p>While effectively categorizing web content into broad categories like social media or gaming, predefined web profiles frequently fall short of accommodating individual organizations’ specific and nuanced needs. Consider the contrast between educational institutions and creative agencies: the former often necessitates stringent controls over social media access to maintain focus on learning, whereas the latter relies on these platforms for marketing. Such differences highlight the limitations of predefined profiles, underscoring the importance of custom web profiles in Zenarmor that allow organizations to tailor <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-web-filtering">web filtering</a> to their unique requirements.</p>
<h3>To ensure robust protection in the ever-evolving digital landscape</h3>
<p>Relying solely on predefined profiles can leave organizations vulnerable to evolving web threats and emerging content categories. Cybercriminals continually develop new strategies and create malicious websites that these static profiles may not cover. Organizations may inadvertently expose themselves to zero-day threats and evolving cyber risks without timely updates and adaptability. To maintain robust protection, it’s imperative to complement predefined profiles with proactive measures, such as custom web profiles in Zenarmor and timely updates, ensuring that security policies remain aligned with the ever-changing digital threat landscape.</p>
<h3>Zenarmor offers tailored solutions to ensure strict adherence to sector-specific requirements.</h3>
<p>Highly regulated sectors such as healthcare and finance operate under stringent compliance standards. They must also adhere to internal policies that demand precision in content filtering and data protection. Predefined profiles, designed for general use cases, often fall short of fully aligning with these sector-specific requirements. Consequently, organizations within these domains must implement customized content filtering and data protection measures tailored to their unique compliance needs. This custom web profile in Zenarmor ensures that every aspect of web access and content handling adheres meticulously to the specific rules and guidelines governing these heavily regulated industries.</p>
<h4>Proactively customize and fine-tune to meet evolving threats and unique operational needs.</h4>
<p>Predefined web profiles offer a solid foundation for web content filtering and security policies. However, customization is paramount in today’s dynamic digital landscape, where threats constantly evolve and organizations possess diverse security, compliance, and operational needs. Organizations must be proactive and ready to augment these profiles with finely tuned configurations and policies that align precisely with their unique requirements. This adaptability of custom web profiles in Zenarmor empowers organizations to stay ahead of emerging threats, ensure compliance, and maintain a secure and efficient digital environment for their users.
While predefined web profiles offer convenience in the initial setup, they should be seen as a starting point rather than a comprehensive solution. To effectively secure their networks, organizations should supplement these profiles with customized configurations and policies that address their specific requirements and keep pace with evolving cyber threats.</p>
<h2>Safe Search Enforcement</h2>
<p>Safe Search Enforcement is vital to upholding online safety and protecting users. This is particularly true in environments where content filtering is a big concern, such as schools and households with children. In today’s digital age, where the internet offers plenty of information, images, and videos, it is paramount to ensure that users, especially minors, are protected from potentially harmful or explicit content.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/enabling-safe-search-enforcement.png" alt="Enabling Safe Search Enforcement on Zenarmor Web Controls" />
</div>
<p><em>Figure 2: Enabling Safe Search Enforcement on Zenarmor Web Controls</em></p>
<p>This is where Zenarmor, with its robust capabilities, plays a pivotal role. Zenarmor enables Safe Search Enforcement by implementing strict controls over popular search engines like Google, Bing, and Yahoo. This enforcement ensures that when users perform web searches, the results are filtered to display only safe and appropriate content, effectively blocking access to explicit or sensitive materials. <a href="https://www.zenarmor.com/docs/policies/web-control-rules#enablingdisabling-safe-search">Safe Search Enforcement</a> feature becomes invaluable for schools as it helps maintain a secure online learning environment, shielding students from inappropriate content and preserving a focused and educational digital space.</p>
<p>Likewise, for parents, Zenarmor’s Safe Search Enforcement becomes a powerful tool for parental control, offering peace of mind by safeguarding their children from exposure to unsuitable material during online searches. The benefits extend beyond the educational realm, as organizations and households can use Zenarmor’s Safe Search Enforcement to promote a safer and more controlled online experience for users of all ages. By enabling this feature, Zenarmor empowers administrators and parents to proactively mitigate the risks associated with unrestricted web access, reinforcing their ability to protect users from objectionable content and fostering a secure digital environment.</p>
<h2>Benefits of Custom Web Profiles</h2>
<p>Adopting custom web profiles within a network security framework offers many advantages that empower organizations to tailor their web filtering and content security policies with precision:</p>
<ul>
<li>
<p>Custom web profiles empower organizations to create finely tuned security policies that align with their specific requirements. Unlike one-size-fits-all solutions, these profiles offer granular control over web content filtering, enabling precise enforcement of access policies tailored to organizational needs.</p>
</li>
<li>
<p>They shine in real-world scenarios where predefined profiles fall short. For example, educational institutions can craft profiles that allow access to educational resources while blocking distracting content, ensuring an optimal learning environment.</p>
</li>
<li>
<p>They provide the flexibility to align web filtering policies with industry-specific <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-cybersecurity-compliance">compliance</a> standards. Healthcare organizations, for instance, can enforce strict content filtering to adhere to patient data privacy regulations.</p>
</li>
<li>
<p>By crafting custom profiles, organizations can proactively address emerging threats and categories of malicious content. This agility is vital in countering evolving cyber risks that predefined profiles may not cover adequately.</p>
</li>
<li>
<p>They optimize network resources by allowing administrators to prioritize traffic based on business-critical needs. This ensures that essential applications and services receive the bandwidth they require.</p>
</li>
<li>
<p>Custom profiles help identify and curb <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-shadow-it#what-are-the-cyber-attacks-related-to-shadow-it">Shadow IT</a> activities within an organization. By monitoring web activity and enforcing policies, organizations can minimize the use of unapproved applications and services, enhancing security and compliance.</p>
</li>
<li>
<p>With robust reporting and monitoring capabilities, these features provide insights into user activities, helping organizations make data-driven decisions, spot anomalies, and respond to security incidents promptly.</p>
</li>
<li>
<p>They enable user-centric controls, allowing organizations to define policies based on user roles or groups. This ensures that different departments or teams have access to the web resources essential for their tasks, enhancing productivity and security.</p>
</li>
</ul>
<div>
  <img src="https://www.zenarmor.com/images/blog/custom-web-profile-on-zenarmor.png" alt="Custom Web Profile on Zenarmor" />
</div>
<p><em>Figure 3: Custom Web Profile on Zenarmor</em></p>
<h2>Take Control of Your Web Filtering Experience</h2>
<p>Custom web profiles within Zenarmor represent a potent tool for organizations aiming to fortify their web filtering and content security strategies. The ability to create, fine-tune, and adapt web filtering policies according to specific requirements is invaluable in the ever-evolving landscape of cybersecurity. As we’ve explored, custom web profiles offer precision that predefined profiles simply cannot match. From educational institutions to enterprises, from content control to compliance enforcement, it empowers administrators to exercise comprehensive control over web access while safeguarding users from online threats.</p>
<p>The key takeaway is clear: customization is the key to an efficient web filtering experience. It enables organizations to align their security measures with their unique needs, whether maintaining a focused learning environment in schools or ensuring compliance with industry regulations in businesses.</p>
<p>For those looking to take control of their web filtering experience and leverage the full potential of this solution, Zenarmor offers a seamless solution. By upgrading to advanced web filtering capabilities, users can unlock enhanced control, real-time threat protection, and comprehensive reporting. The journey to a safer, more productive online environment begins with custom web profiles, and Zenarmor is here to empower you every step of the way. It’s time to harness the full potential of web filtering, starting with us.
Upgrade your <a href="https://www.zenarmor.com/plans">Zenarmor plan</a> today for a safer and more secure online experience.</p>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/rAim48AG5d4?si=PDeJUPbTXmdzOhjy" title="Zenarmor Custom Web Profiles" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/gain-granular-control-thumbnail.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[End-of-Life (EOL) Notice for Zenarmor Support]]></title>
            <link>https://www.zenarmor.com/announcements#end-of-life-eol-notice-for-zenarmor-support</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#end-of-life-eol-notice-for-zenarmor-support</guid>
            <pubDate>Wed, 11 Oct 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[We wish to bring to your attention important end-of-life information concerning Zenarmor support for FreeBSD 11, OPNsense 20.1, Debian 9, and Ubuntu 18.04]]></description>
            <content:encoded><![CDATA[<p>We wish to bring to your attention important end-of-life information concerning Zenarmor support for <strong>FreeBSD 11</strong> , <strong>Debian 9</strong>, and <strong>Ubuntu 18.04</strong>.</p>
<p>With these platforms having reached their respective end-of-life statuses, we regret to announce that Zenarmor will consequently be withdrawing support for these platforms effective November 10, 2023 which marks both the Last Ship Date and the Last Support Date for them under the Zenarmor environment.</p>
<h2>What Does This Mean For You?</h2>
<p>Post November 10, 2023, there will be a termination of availability for new Zenarmor packages on these legacy platforms.</p>
<p>Users who are currently running Zenarmor on any of these listed platforms must proactively take steps to upgrade their systems to versions that are actively supported by Zenarmor.</p>
<p><a href="https://www.zenarmor.com/docs/installing/installation">You can find the list of supported versions here.</a></p>
<p>We highly recommend users of <strong>FreeBSD 11</strong>, <strong>Debian 9</strong>, and <strong>Ubuntu 18.04</strong> to initiate planning for an upgrade of their operating platforms at the earliest opportunity to ensure alignment with Zenarmor’s best practices.</p>
<p>Should you have any questions or need assistance with upgrading your platforms, please do not hesitate to reach out to our support team at <img src="https://www.zenarmor.com/images/support-at-zenarmor.svg" alt="support-at-zenarmor" />.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/announcement/end-of-life-notice-for-zenarmor-support.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Strengthen Your Security Posture with Multiple Policies]]></title>
            <link>https://www.zenarmor.com/blog#strengthen-your-security-posture-with-multiple-policies</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#strengthen-your-security-posture-with-multiple-policies</guid>
            <pubDate>Fri, 06 Oct 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[In cybersecurity, where threats get complicated, it's important to be flexible and strengthen your defenses. This article examines an essential way to improve your cybersecurity strategy: implementing multiple security policies. Like a secure web gateway (SWG) such as Zenarmor, which can be a key part of a DIY Secure Access Service Edge (SASE) setup, having different security rules in your organization's plan can boost its overall resilience.]]></description>
            <content:encoded><![CDATA[<p>In cybersecurity, where threats get complicated, it’s important to be flexible and strengthen your defenses. This article examines an essential way to improve your cybersecurity strategy: implementing multiple security policies. Like a secure web gateway (SWG) such as Zenarmor, which can be a key part of a DIY Secure Access Service Edge (SASE) setup, having different security rules in your organization’s plan can boost its overall resilience.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/zenarmor-policies-dashboard.png" alt="Zenarmor Policies Dashboard" />
</div>
<p><em>Figure 1: Zenarmor Policies Dashboard</em></p>
<p>In this discussion, we’ll talk about the idea of using multiple security policies to make your defense stronger. We will explore how this approach lets organizations customize their security to their needs, effectively mitigating risks and responding to emerging threats. By the end of this article, you’ll understand how strategic deployment of multiple policies can help your organization be more flexible, adapt to changes, and stay on top of cybersecurity initiatives.</p>
<h2>Challenges of a Single Default Policy: Breaking Through Security Limitations</h2>
<p>In cybersecurity, using a single default security policy is a common practice, often serving as a baseline for network protection. But this approach has its drawbacks. A single default policy typically covers the essentials of network protection, such as blocking known threats and adhering to compliance standards. While that’s important, it often can’t adapt to modern organizations’ unique and evolving security needs.</p>
<p>Imagine a company that relies only on one default rule for its network security. It might give reasonable protection against known threats, but it could unintentionally limit what users can do that’s legitimate. For instance, stringent <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-web-filtering">web filtering</a> might block access to essential resources or applications required for specific job functions, affecting productivity. Also, this one-size-fits-all approach might not work well against emerging threats or sophisticated attacks that bypass conventional security measures. The limitations of a single default policy become evident when organizations require tailored security measures to safeguard critical assets and adapt to the evolving threat landscape.</p>
<h2>Empower Your Security: Advantages of Multiple Policies</h2>
<p>Relying only on a single default security policy can pose challenges in today’s cybersecurity landscape. Fortunately, a flexible solution to overcome these limitations is to use multiple security policies. Moving from the constraints of a single policy to a more diverse approach opens up many possibilities to strengthen your organization’s security. Organizations can adjust their security to their needs and adapt swiftly to emerging threats. The benefits of adopting multiple security policies are numerous and will be discussed further in the upcoming sections.</p>
<h3>Crafting Time-Based Policies: Flexibility Tailored to Needs</h3>
<p>Time-based policies provide a level of flexibility tailored to specific organizational needs. This feature can adjust security rules based on different timeframes dynamically. Imagine a scenario where an organization needs to bolster security during non-business hours while allowing more relaxed access during the workday. Time-based policies enable this customization, allowing administrators to automatically tighten security measures during off-hours and ease restrictions during peak productivity periods. Implementing this feature typically involves defining and associating timeframes with corresponding security rules, ensuring that security adapts seamlessly to the organization’s operational schedule, and enhancing protection without sacrificing efficiency.</p>
<h3>Varied Policies for Different Users: Security Tailored to Requirements</h3>
<p>One of the key advantages of implementing multiple security policies is the ability to create distinct policies for different user groups, thus tailoring security measures to meet specific requirements. Organizations often consist of various departments and roles, each with unique responsibilities and access needs. Organizations can ensure that security protocols align with individual roles and responsibilities by crafting varied policies for different user groups. This approach allows for fine-tuning security levels, granting access to the right users while maintaining a robust overall security posture. Such customization enhances protection and minimizes the risk of over-restricting or under-protecting specific user segments.</p>
<h3>Device-Specific Policies: Isolation and Enhanced Protection</h3>
<p>Varied policies for device-specific security offer a significant advantage in cybersecurity. In today’s digital landscape, organizations often rely on many devices for their operations, each with unique security needs. A one-size-fits-all approach is ineffective in addressing these diverse requirements. Crafting device-specific policies enables organizations to isolate and enhance protection as needed. For instance, stricter controls can be placed on servers to safeguard data integrity while allowing more lenient smartphone access to maintain user flexibility. This approach ensures that each device receives tailored security measures, optimizing protection while accommodating diverse organizational roles. By embracing this level of customization, organizations can strengthen their defenses, ensuring that security aligns with the specific demands of each device in their network.</p>
<h2>Create Your Own Security Policies: Step-by-Step Guide</h2>
<p>Creating your own security policies empowers you to take control of your organization’s cybersecurity strategy. This step-by-step guide will walk you through crafting tailored security policies that align with your unique needs and priorities. By the end of this walkthrough, you will have the confidence and expertise to design security policies that bolster your defenses and adapt seamlessly to the evolving threat landscape.</p>
<h3>Crafting Time-Based Policies: Policies Aligned with Specific Timeframes</h3>
<p>Crafting time-based policies is crucial to aligning your security measures with specific timeframes and enhancing your organization’s cybersecurity strategy. These policies enable you to adjust your security rules dynamically based on different periods of the day or week. For instance, you can tighten security during non-business hours to ward off potential threats while easing restrictions during peak operational times.</p>
<p>For a practical example of implementing time-based policies, consider Zenarmor, a robust cybersecurity solution. Zenarmor allows you to <a href="https://www.zenarmor.com/docs/opnsense/policies/configuring-policy#time-schedule-configuration">create time schedules within your policies</a> to control when those policies are active. Here’s how you can use time schedules with Zenarmor:</p>
<ul>
<li>Creating a New Schedule:
<ul>
<li>In the Zenarmor interface, click on the “+Add New Schedule” button in the Time Schedules pane.</li>
<li>A dialog box will open where you can name the schedule. For instance, you can name it “Non-Business Hours.”</li>
<li>Enter the name and click the “Add” button to add the new schedule to the Time Schedules list.</li>
</ul>
</li>
<li>Defining Active Days and Hours:
<ul>
<li>Select the specific days you want this schedule to apply to. Selected days will be displayed with a solid blue checkmark icon.</li>
<li>Specify the starting and stopping hours for which the policy will be effective. For example, you might set it to be active from 6:00 PM to 6:00 AM.</li>
</ul>
</li>
<li>Managing Schedules:
<ul>
<li>All added time schedules are listed in the Time Schedules pane for your reference.</li>
<li>You can easily update the existing time schedule by adjusting the start/stop hours and selecting deselecting the days as needed.</li>
<li>If you need to remove a schedule, simply click on the “Remove” button with a trash icon and confirm the removal when prompted.</li>
</ul>
</li>
</ul>
<p><img src="https://www.zenarmor.com/images/blog/time-scheduled-policy-configuration.png" alt="Time Scheduled Policy configuration with on Zenarmor"></p>
<p><em>Figure 2: Time Scheduled Policy configuration with on Zenarmor</em></p>
<p>By incorporating time schedules into your policies with Zenarmor, you can tailor your security rules to align with your organization’s operational schedule. For instance, you can apply stricter security measures during non-business hours when the network may be more vulnerable and relax these rules during peak operational times to ensure smooth workflow. This dynamic approach to cybersecurity helps keep your organization protected precisely when and where it’s needed most.</p>
<h3>Designing Policies for Different Users: Customized User Groups</h3>
<p>Designing policies for different users and user groups is a crucial aspect of customizing your organization’s cybersecurity strategy. Zenarmor offers user-based policy filtering, which allows you to create policies tailored to specific users or groups. This capability is essential because organizations often have diverse departments and roles, each with distinct responsibilities and access requirements.</p>
<p>Here’s how you can enhance your cybersecurity strategy using <a href="https://www.zenarmor.com/docs/guides/user-based-filtering-using-opnsense-captive-portal">Zenarmor user-based policy</a> features with MS Active Directory or OPNsense Captive Portal integration:</p>
<ul>
<li>User-Based Policies:
<ul>
<li>Navigate to the Configuration page of the policy you want to customize.</li>
<li>Click on the “+ Add user” button to associate a specific user with the policy.</li>
<li>Enter the username you wish to apply this policy to.</li>
<li>Click the “Add” button to confirm the association.</li>
</ul>
</li>
</ul>
<p><i>For example, for the finance department, you can create a policy that enforces stringent access controls for users handling sensitive financial data.</i></p>
<ul>
<li>Group-Based Policies:
<ul>
<li>Similarly, you can create policies based on user groups.</li>
<li>Click on the “+ Add group” button in the policy configuration.</li>
<li>Enter the group name you want to associate with the policy.</li>
<li>Click the “Add” button to confirm the group association.</li>
</ul>
</li>
</ul>
<p><i>For instance, marketing teams may require policies with more relaxed restrictions to encourage creativity and collaboration.</i></p>
<ul>
<li>Fine-Tuning Security:
<ul>
<li>Once you’ve associated users or groups with policies, these policies can have specific security rules that cater to their unique needs.</li>
</ul>
</li>
</ul>
<p>By implementing user and group-based policies, you can ensure that security measures are aligned with individual roles and responsibilities within your organization. This approach allows you to:</p>
<ul>
<li>Grant the appropriate level of access to users, ensuring that sensitive data remains protected.</li>
<li>Customize security settings based on department requirements, promoting flexibility and productivity.</li>
<li>Maintain a robust overall security infrastructure while accommodating the diverse needs of your organization.</li>
</ul>
<p>Zenarmor’s user-based policy filtering empowers you to create a cybersecurity strategy that is not only effective but also tailored to the specific requirements of different users and user groups within your organization.</p>
<h3>Tailoring Policies for Various Devices: Comprehensive and Adaptable Protection</h3>
<p>In the ever-evolving landscape of technology, adapting security rules to cater to different devices is paramount to achieving comprehensive and flexible protection. Zenarmor, a software-based firewall, excels in this regard by offering device identification and asset discovery features. These capabilities enable Zenarmor to effectively block and filter devices based on their unique characteristics, including MAC addresses, IP addresses, and network attributes.</p>
<p>Here’s how Zenarmor enhances your cybersecurity strategy with its device-based blocking capabilities:</p>
<ul>
<li>IP / Networks Policies:
<ul>
<li>Zenarmor allows you to create policies that are specifically applied to IPv4/IPv6 addresses.</li>
<li>You can input single IP addresses.</li>
<li>Additionally, you have the flexibility to include descriptions for these entries, making it easier to recall the purpose of each IP address.</li>
</ul>
</li>
<li>MAC Addresses Policies:
<ul>
<li>Zenarmor empowers you to establish policies that target devices based on their MAC addresses.</li>
<li>You can assign descriptions to these entries, ensuring clarity about which device each MAC address belongs to.</li>
</ul>
</li>
</ul>
<p>We’re also excited to announce that Zenarmor is actively developing an advanced device identification feature that will soon be available to enhance your network security. Stay tuned for its upcoming release as we continue to prioritize your cybersecurity needs.</p>
<p><img src="https://www.zenarmor.com/images/blog/zenarmor-device-identification-dashboard.jpg" alt="Zenarmor Device Identification Dashboard"></p>
<p><em>Figure 3: Zenarmor Device Identification Dashboard</em></p>
<p>By leveraging Zenarmor’s device identification and policy customization capabilities, organizations can effectively address the specific security needs and vulnerabilities of various devices within their network. This approach offers several advantages:</p>
<ul>
<li>Tailored Protection: Security rules can be fine-tuned to match the unique features and requirements of different devices, such as smartphones, laptops, and IoT devices.</li>
<li>Threat Mitigation: Device-specific policies allow organizations to address vulnerabilities and weaknesses unique to each device type, bolstering defenses against potential threats.</li>
<li>Resource Optimization: By customizing security rules, organizations can allocate security resources efficiently, ensuring that devices with higher security needs receive the appropriate level of protection.</li>
</ul>
<p>Zenarmor’s device-based blocking capabilities enable organizations to craft a flexible and comprehensive <a href="https://www.zenarmor.com/docs/network-security-tutorials/what-is-cybersecurity">cybersecurity</a> strategy. This strategy ensures that security measures are precisely aligned with the characteristics and security needs of individual devices, ultimately enhancing the overall security posture of the organization.</p>
<p><img src="https://www.zenarmor.com/images/blog/device-based-filtering-using-mac-address.png" alt="Device-based filtering using MAC Address on Zenarmor"></p>
<p><em>Figure 4: Device-based filtering using MAC Address on Zenarmor</em></p>
<h2>Understanding Policy Allocation: How Many Policies Does Each Plan Include?</h2>
<p>We understand that as your digital infrastructure expands, the need for flexibility in policy allocation becomes crucial. In today’s dynamic landscape, organizations must tailor their security measures to meet evolving needs while staying within the bounds of their subscription plans. To clarify policy allocation, Zenarmor offers various subscription plans, each with a distinct policy allocation structure. These plans are designed to cater to different organizational sizes and requirements. By visiting the <a href="https://www.zenarmor.com/plans">plans page</a>, you can explore the detailed breakdown of policy allocation for each plan, making it easier to choose the one that best suits your organization’s needs. With this information at your fingertips, you can make informed decisions about policy allocation and ensure that your cybersecurity strategy aligns seamlessly with your evolving digital environment. Zenarmor’s commitment to transparency empowers you to optimize your security policies while staying within your chosen plan’s policy limits.</p>
<h2>Transition Today for Enhanced Security and Freedom!</h2>
<p>We emphasize the significance of transitioning today to embrace the power of multiple policies for enhanced security and freedom. By taking action and upgrading to a plan that aligns with your organization’s needs, you can empower yourself with a robust cybersecurity strategy that adapts to your unique requirements. This transition bolsters your defenses against evolving threats and affords you the flexibility to customize security measures to match your digital landscape. It’s a step towards a safer, more secure, and more agile future. So, don’t wait—make the transition today and experience the empowerment and peace of mind that come with knowing your organization is well-prepared to navigate the complex cybersecurity challenges of the modern world.</p>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/Wyiz0SJ8Ty4?si=qGUGNAlRaibY0dzv" title="Creating Additional Policies in Zenarmor" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-multiple-policies.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Advanced Security, Simplified Experience: Zenarmor’s Agile Approach to Safeguarding UK Students Online]]></title>
            <link>https://www.zenarmor.com/blog#advanced-security-simplified-experience-zenarmors-agile-approach-to-safeguarding-uk-students-online</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#advanced-security-simplified-experience-zenarmors-agile-approach-to-safeguarding-uk-students-online</guid>
            <pubDate>Mon, 02 Oct 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[In today's interconnected digital age, school environments are no longer just physical spaces. They are also vast, intricate digital networks where students engage and learn.
<br><br>
However, as the children navigate this space with youthful curiosity, they face a barrage of risks that can often be invisible to the untrained eye. From harmful content like racism and extremist ideologies to insidious threats like phishing scams and online gambling, the online world presents challenges that can impact their mental, emotional, and even physical well-being
]]></description>
            <content:encoded><![CDATA[<p>In today’s interconnected digital age, school environments are no longer just physical spaces. They are also vast, intricate digital networks where students engage and learn.</p>
<p>However, as the children navigate this space with youthful curiosity, they face a barrage of risks that can often be invisible to the untrained eye. From harmful content like racism and extremist ideologies to insidious threats like phishing scams and online gambling, the online world presents challenges that can impact their mental, emotional, and even physical well-being.</p>
<p>For IT professionals in the UK education sector, the imperative is clear: robust cybersecurity is not just about protecting data; it is about safeguarding the mental and emotional well-being of students.</p>
<p>In this article, we explore the capabilities of Zenarmor and how it supports the mission of providing children’s online safety in UK educational institutions.</p>
<p>Its sophisticated filtering, vigilant monitoring, and comprehensive reporting features are tailored to address the unique challenges these establishments encounter.</p>
<div class="edu-discount-container">
  <p class="edu-discount-text">
    Unlock a 50% discount on Zenarmor subscriptions designed to safeguard your students’ online experience. Act fast, secure your school's digital future at half the price!
  </p>
  <div class="cta-button">
  <a href="https://www.zenarmor.com/edu-discount?utm_source=edu_uk&utm_medium=web&utm_campaign=edu_discount" role="button" class="button success" rel="noopener">Claim Your 50% Discount Now!</a>
  </div>
</div>
<style>
  .edu-discount-container {
    display: flex;
    flex-direction: column;
    justify-content: center;
    align-items: center;
    /* max-width: 750px; */
    margin: 0 auto;
    padding: 28px;
    background-color: rgba(130, 182, 240, 0.3);
    border-radius: 8px;
  }

  .edu-discount-text {
    font-size: 22px !important;
    /* color: #4158d0 !important; */
    color: #444 !important;
    text-align: center;
    margin-bottom: 0 !important;
    line-height: 1.8rem !important;
    /* padding: 0 12px; */
    max-width: 775px;
  }

  .cta-button {
    padding: 1rem 1rem 0;
    display: flex;
    justify-content: center;
  }
</style>
<p>To ensure a solution that aligns seamlessly with the highest standards, we have thoroughly referenced authoritative national documents such as “<a href="https://www.gov.uk/government/publications/keeping-children-safe-in-education--2">Keeping Children Safe in Education</a>” by the Department for Education as well as “<a href="https://www.nen.gov.uk/wp-content/uploads/2022/11/NEN-MAT-Standard-Network-Design-v2.1.pdf">NEN Tecnichal Standards for Multi-Academy Trusts</a>” by the NEN, The Education Network.</p>
<p>It’s noteworthy that Zenarmor collaborates with Bright Cloud, a dedicated member of the <a href="https://www.iwf.org.uk/">Internet Watch Foundation</a> (IWF). This partnership amplifies Zenarmor’s commitment to <strong>combating online child abuse</strong>, making it a reliable partner for educational institutes. By leveraging Bright Cloud’s <strong>extensive database of harmful websites</strong>, Zenarmor enhances its capability to provide a safe online experience for students.</p>
<h2>Crafting Harmful Content-Free Digital Spaces: Proactive and Effective Content Filtering for Students</h2>
<p>A pressing concern for educational institutions is the ease with which students can inadvertently stumble upon or be targeted with harmful content. These can range from inappropriate material such as pornography to alarming content that promotes racism, misogyny, or self-harm. Equally concerning is the rise of fake news, which can distort a child’s worldview, and extremist content that pushes radical ideologies.</p>
<p>As it was addressed in the statutory guidance on Keeping Children Safe in Education, the harmful content is categorized as one of four areas of risk:</p>
<p><em>content: being exposed to illegal, inappropriate, or harmful content, for example: pornography, fake news, racism, misogyny, self-harm, suicide, anti-Semitism, radicalization, and extremism.</em></p>
<p>Safeguarding children in schools from this vast and ever-evolving array of issues is a significant challenge, necessitating advanced technological solutions, including robust filtering mechanisms.</p>
<h2>AI-Based Security Policies for 300 Million+ Web Sites</h2>
<p><strong>Filtering</strong> is akin to setting boundaries in the digital world. By curating the content that students can access, schools can effectively reduce exposure to <strong>harmful and inappropriate material.</strong> Not only does this provide a safer online environment, but it also aids in shaping a focused and <strong>distraction-free digital learning space.</strong> Furthermore, with the <strong>UK’s diverse cultural fabric</strong>, it’s essential that these filters are sensitive to the needs of all students, ensuring a digital experience that’s both inclusive and secure.</p>
<p>Integrated into this dynamic safety framework is Zenarmor’s standout feature: <strong>AI-based threat intelligence</strong>. This feature, included in all subscription levels from the Free to the Business Edition, affords robust safeguarding for your network against a <strong>vast digital frontier</strong> comprising over <strong>300 million websites and domains.</strong> Such comprehensive coverage ensures a sophisticated layer of protection, diligently screening out harmful content falling under <strong>60 distinct categories.</strong> This means that educational institutions can effortlessly implement <strong>security policies</strong> across a colossal array of websites, <strong>fortifying the digital boundaries</strong> for students.</p>
<p>With Zenarmor, the once formidable challenge of safeguarding students from harmful or inappropriate online content while delivering a top-tier internet experience is now seamlessly manageable. Zenarmor eliminates <strong>the need for additional software installations on individual devices</strong>, enabling you to swiftly establish detailed <strong>access policies.</strong> Its prowess is further underpinned by an AI-enhanced, <strong>cloud-based web categorization database, offering real-time classifications for hundreds of millions of sites</strong>. Impressively, even unknown sites get categorized in under five minutes. Zenarmor goes beyond simple categorization; it allows institutions to block or control unauthorized applications, regardless of their port numbers. Customizable web and application <strong>categories for blacklisting or whitelisting</strong> can be crafted effortlessly. All of this is bolstered by a comprehensive application database packed with signatures for thousands of applications, ensuring that educators wield a state-of-the-art defense mechanism.</p>
<h2>The Silent Watchdog: Prioritizing Monitoring for a Secure Educational Cyberspace</h2>
<p>The digital realm is not just laden with inappropriate or harmful content; it also harbors a myriad of more covert threats that can subtly entangle the unsuspecting. Among these are the lures of
online gambling, designed to tempt students into a spiral of addictive behavior and potential financial ruin. But it does not end there. Inappropriate advertising can pop up without warning, pushing products or services that are unsuitable or even harmful for younger audiences.</p>
<p>More sinister still are phishing attempts and financial scams. Crafted to deceive, these threats prey on the inexperienced, seeking to extract personal and financial information for malicious ends. Phishing attacks represent a significant risk to UK educational establishments. A recent audit conducted by the National Cyber Security Center (NCSC) disclosed that an alarming <a href="https://www.infosecurity-magazine.com/news/three-quarters-uk-schools-cyber/#:~:text=Including%20insights%20from%20more%20than,compared%20to%2069%25%20in%202019.">73% of UK schools</a> have been targeted by phishing attempts.</p>
<p>In the face of these multifaceted threats, both filtering and monitoring stand as a school’s guardian duo. Filtering acts as the proactive gatekeeper, blocking access to gambling sites, screening out unsavoury ads, and thwarting malicious domains. Monitoring, on the other hand, serves as the vigilant watchdog, keeping a real-time eye on network activities. It not only detects potential threats and irregular behaviours but also raises timely alerts for swift intervention.</p>
<p>For UK educational IT professionals, integrating these two powerful tools is not just a technological tactic—it’s a comprehensive approach to digital safety, ensuring every student’s online experience remains secure, genuine, and educationally enriching.</p>
<p>As it is underlined in the <a href="https://www.nen.gov.uk/wp-content/uploads/2022/11/NEN-MAT-Standard-Network-Design-v2.1.pdf">relevant document</a> by <a href="https://www.nen.gov.uk/">NEN</a></p>
<p><em>“All access to the internet should be filtered through an educationally relevant internet filtering system such that pupil access is filtered and monitored in accordance with the ‘Keeping Children Safe in Education’ document, paragraphs 140 – 147 (2022 document). This should be achieved using a product which meets the requirements and should ensure granular control of internet access for all users.”</em></p>
<p>In light of these stringent and necessary guidelines set forth by NEN, and in recognition of the paramount importance of each student’s online safety, Zenarmor emerges not merely as a tool but as an ally for UK educational IT professionals. Its advanced features offer not only adherence to the prescribed standards but go above and beyond, delivering a nuanced and secure digital experience tailored for both students and staff alike.</p>
<p>Zenarmor’s capability to implement <strong>user and group-specific access controls</strong> ensures a tailor-made online experience for every student and staff member. Through <strong>seamless integration</strong> with platforms like <strong>Microsoft Active Directory or OPNsense Captive Portal</strong>, Zenarmor provides granular filtering, striking the right balance between access and safety. Beyond mere access control, its <strong>advanced algorithms</strong> are adept at detecting any <strong>deviations from typical user behaviors</strong>, ensuring that potential threats or misuses are promptly identified and mitigated. For educational establishments striving for a secure and efficient digital environment, Zenarmor proves to be a cornerstone.</p>
<p>Zenarmor addresses also the risk of students inadvertently accessing unregulated content through <strong>proxy servers</strong> and <strong>anonymous browsing sites</strong>. These platforms often bypass established safeguards, exposing young users to potential online dangers. Our feature proactively blocks access to such sites and applications including those using circumvention tactics like web translation platforms to skirt filters or monitors.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/zenarmor-dashboard-app-controls-proxy.png" alt="Zenarmor Dashboard App Controls" />
</div>
<div>
  <img src="https://www.zenarmor.com/images/blog/zenarmor-dashboard-app-controls-vpn.png" alt="Zenarmor Dashboard App Controls" />
</div>
<p>In an evolving cyber threat landscape, Zenarmor stands as a reliable ally for UK schools, offering advanced, user-friendly cyber security solutions. Seize exclusive 50% discount on Zenarmor subscriptions to arm your institutions with AI-based threat intelligence, precise filtering, and vigilant monitoring, ensuring a safe, inclusive online learning environment for all students.</p>
<p>Unparalleled online safety for your students is just a click away at an unbeatable price.</p>
<div class="cta-button">
  <a href="https://www.zenarmor.com/edu-discount?utm_source=edu_uk&utm_medium=web&utm_campaign=edu_discount" role="button" class="button success" rel="noopener">Secure Your 50% Discount - Act Now!</a>
</div>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/parental-control.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Introducing Zenarmor 1.15: New full-featured role-based multi-tenancy support and UI enhancements for an improved enterprise and MSSP user experience]]></title>
            <link>https://www.zenarmor.com/announcements#introducing-zenarmor-1-15-new-zenconsole-dashboard-features-and-improvements-for-a-better-enterprise-and-mssp-user-experience</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#introducing-zenarmor-1-15-new-zenconsole-dashboard-features-and-improvements-for-a-better-enterprise-and-mssp-user-experience</guid>
            <pubDate>Wed, 20 Sep 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[Zenarmor 1.15 has just been released, offering some important new and improved capabilities with a focus on providing a better-performing dashboard experience overall while introducing useful features that enterprises and MSSPs can leverage to more efficiently manage administrative users and their roles across multi-tenant and large enterprise Zenarmor NGFW deployments.]]></description>
            <content:encoded><![CDATA[<p>Zenarmor 1.15 has just been released, offering some important new and improved capabilities with a focus on providing a better-performing dashboard experience overall while introducing useful features that enterprises and MSSPs can leverage to more efficiently manage administrative users and their roles across multi-tenant and large enterprise Zenarmor NGFW deployments.</p>
<p>A brief list of the updates included in this release are as follows:</p>
<ul>
<li>Full-featured role-based multi-tenancy support, including account and project sharing.</li>
<li>An improved and more performant dashboard frontend built using the Vue.js 3 JavaScript framework.</li>
<li>The addition of new web and application filtering categories.</li>
<li>General bug fixes and minor UI improvements.</li>
</ul>
<p>When you are ready, let’s unpack and talk about these new capabilities in a bit more detail.</p>
<h2>Why is Zenarmor’s full-featured role-based multi-tenancy support advantageous in enterprise environments?</h2>
<p>Multi-tenant architecture is prevalent across enterprise environments and is seen frequently in SaaS and other cloud-based applications. The implementation of a full-featured role-based multi-tenancy architecture into Zenarmor makes sense because it’s likely that in a large enterprise deployment, you will have multiple Zenarmor instances across multiple locations deployed, or in the case of an MSSP you may have multiple clients running Zenarmor instances that you are managing on their behalf, which all require varying levels of administrative user access.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/1-15-share-project.png" alt="Zenarmor 1.15 Dashboard" />
</div>
<p>As of this release, managing multiple administrative users and their roles is a simple task. Zenconsole now supports role-based sharing for projects, enabling users to control and customize project access and collaboration based on specific roles and permissions. A project in terms of Zenconsole, is basically a container or folder in the platform that allows you to group Zenarmor firewall instances. If you are an enterprise, you could <a href="https://www.zenarmor.com/docs/configuring/managing-project#creating-project">create a project</a> for each branch site or office, whereas an MSSP could create a project for each of their clients, the choice is yours.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/1-15-invite-people-for-sharing.png" alt="Zenarmor 1.15 Dashboard" />
</div>
<p>Users can now be assigned the roles of owner, admin, operator, and viewer with an account session and full audit log feature, empowering administrators to view and manage active sessions with ease while monitoring all session information about the user, including platform, browser, IP address, location, login, last seen, and remotely terminating sessions.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/1-15-my-account-sessions.png" alt="Zenarmor 1.15 Dashboard" />
</div>
<p>In addition to this, should a user make changes to a Zenarmor instance or policy setting, the changes are reflected in real-time across all active user sessions, which mitigates any potential configuration inconsistencies if multiple administrators or operators are present.</p>
<h2>Why making use of the Vue.js 3 frontend framework in the Zenconsole dashboard UI is beneficial</h2>
<p>Vue.js is a popular JavaScript development framework used for frontend web development that is not only lightweight but also offers incredible speed and performance, which is made possible by the framework’s ability to make use of virtual document object models (DOM) and two-way bindings, which eliminates the need to keep re-rendering the entire DOM, perhaps better understood as the components or objects that make up the web application that you interact with, like text, buttons, tables, etc., every time there is an update. This makes Vue.js ideal for applications that need to display real-time data and updates, like in the case of the Zenconsole dashboard.</p>
<p>To avoid diving too deep into the world of frontend web development, these combined Vue.js capabilities basically allow the Zenconsole frontend development team to give you the best possible dashboard experience by making sure that all real-time data like live connection sessions, informational graphs, etc. are updated and displayed as quickly as possible while maintaining a snappy user experience navigating between dashboard menus and settings overall.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/1-15-reports.jpg" alt="Zenarmor 1.15 Dashboard" />
</div>
<h2>Some new web and application categories included in this release.</h2>
<p>Several new web and application filtering categories have been introduced that are fairly self-explanatory including:</p>
<ul>
<li>THC/Cannabis Products</li>
<li>Generative AI</li>
</ul>
<p>In addition to this, you can now seamlessly import and export custom web category lists, making it easier to maintain and share custom web category configurations. Further enhancement ensures that custom web category content is accurately displayed in the exclusion list, allowing for better overall control and customization.</p>
<h2>Other noteworthy additions in this release</h2>
<ul>
<li>
<p>Zenconsole reporting capabilities are enhanced by adding new chart types that are already available on OPNsense web UI, like Top Destination Locations Heatmap, Table of Local Assets, Table of Remote Hosts, TLS/DNS/Web-Top Egress/Ingress Users,  providing improved visualization options for a richer monitoring experience.</p>
</li>
<li>
<p>Zenarmor’s Web UI menu has been seamlessly integrated into the OPNsense user privilege system.</p>
</li>
<li>
<p>Improved subscription management and other minor UI improvements.</p>
</li>
</ul>
<div>
  <img src="https://www.zenarmor.com/images/blog/1-15-top-destination-locations-heatmap.png" alt="Zenarmor 1.15 Dashboard" />
</div>
<h2>Are you ready to try Zenarmor 1.15 for yourself?</h2>
<p>If you answered yes to this question, and you are an existing Zenarmor customer, head over to either Zenconsole or your OPNSense dashboard and apply the 1.15 update.</p>
<p>Alternatively, If you are new to Zenarmor and would like to explore the great capabilities that Zenarmor has to offer, you can simply sign-up and start your Zenarmor Business Edition 15-day trial, with no credit cards required.</p>
<p>Alternatively, feel free to contact Zenarmor at <span><img src="https://www.zenarmor.com/images/hi-at-zenarmor.svg" width="150" alt="hi-at-zenarmor" /></span> and ask for assistance getting your free trial setup and started today. We’d love to hear from you!</p>
<div class="cta-button">
    <a href="https://dash.zenarmor.com/register/free-edition?utm_source=blog&utm_medium=web&utm_campaign=blog-cta" role="button" class="button orange-light" rel="noopener">Get Started with Zenarmor Today</a>
</div>
<br/>
<style>
    .cta-button {
        margin-block: 2.5rem;
        display: flex;
        justify-content: center;
    }
</style>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/psFNeuTRcug?si=WdFnEegb_S6OeBU0" title="Zenarmor 1.15 just released- New features and UI improvements!" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/1-15-release-thumbnail.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Introducing Zenarmor 1.14: OPNsense interface improvements through Zenconsole integration]]></title>
            <link>https://www.zenarmor.com/announcements#introducing-zenarmor-1-14-opnsense-interface-improvements-through-zenconsole-integration</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#introducing-zenarmor-1-14-opnsense-interface-improvements-through-zenconsole-integration</guid>
            <pubDate>Thu, 31 Aug 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[Zenarmor 1.14 has just arrived offering some modern visual and functional GUI improvements made to the built-in OPNsense dashboard. At first glance, you will notice a familiar design language and layout that has been carried through from Zenconsole, including all the functionality that we have all come to know and love.
<br><br>
In this article, we will be discussing why this change was necessary and we will also take a quick look at what the new interface has to offer, we do however encourage you to download Zenamor 1.14 and experience it for yourself.
]]></description>
            <content:encoded><![CDATA[<p>Zenarmor 1.14 has just arrived offering some modern visual and functional GUI improvements made to the built-in OPNsense dashboard. If you are familiar with the Zenconsole cloud-based dashboard that we have extensively showcased in some of my previous articles, you will feel right at home with the dashboard changes made to OPNsense. At first glance, you will notice a familiar design language and layout that has been carried through from Zenconsole, including all the functionality that we have all come to know and love.</p>
<p>In this article, we will be discussing why this change was necessary and we will also take a quick look at what the new interface has to offer, we do however encourage you to download Zenamor 1.14 and experience it for yourself.</p>
<h2>Why did Zenarmor make this change?</h2>
<p>Over the past few months, there have been a number of improvements and some changes at Zenarmor including the <a href="https://www.zenarmor.com/announcements#what-is-in-a-name-from-sunny-valley-networks-to-zenarmor-our-journey-of-rebranding">recent rebranding and official name change</a> from Sunny Valley Networks to Zenarmor. In order to continue with this momentum, it was decided to do away with the dated OPNsense Zenarmor interface and was totally rewritten to share some design and functional elements of its more modern and intuitive counterpart the Zenconsole dashboard part of Zenarmor’s free-to-use cloud-based firewall management platform that some of you may already be familiar with. These changes now provide an identical experience to Zenconsole, giving administrators options as to how they would like to manage Zenarmor on their OPNSense firewalls.</p>
<p>Putting modernism and aesthetics aside, the interface changes introduced in Zenarmor 1.14 also offer some functional advantages. By creating a unified user experience across both OPNsense and Zenconsole, a sense of consistency and standardization across the software ecosystem is now established, which means regardless of what platform you are on, OPNsense or Zenconsole, you will have a familiar workflow experience. This in itself is advantageous to you as the end-user, meaning a reduced learning curve between different platforms, but also advantageous to the Zenarmor development team, as only one user interface will need to be developed and maintained. This in turn will allow the development team to refocus the resources that would otherwise be spent on maintaining the old OPNsense dashboard to other more important functional improvements to the Zenarmor product as a whole.</p>
<h2>How do the changes look?</h2>
<p>We have mentioned it before and will mention it again, we highly encourage you to download or update to Zenarmor 1.14 to explore this new interface for yourself, however, if you are slightly impatient like me or hesitant, whatever the case, and would like a sneak peek of the new interface before you fully commit to it, we have included a few screenshots below to get your feet wet.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/main-dashboard-view-of-zenarmor-within-opnsense.jpg" alt="Zenarmor 1.14 Dashboard on OPNsense" />
</div>
<p><em>Figure 1: Main dashboard view of Zenarmor within OPNSense with identical layout, styling, and functionality as seen in Zenconsole</em></p>
<div>
  <img src="https://www.zenarmor.com/images/blog/the-reporting-dashboard-of-zenarmor-within-opnsense.jpg" alt="Zenarmor 1.14 Dashboard on OPNsense" />
</div>
<p><em>Figure 2: The reporting dashboard included more modern and intuitive graphs giving you complete visibility as to what is happening in your network</em></p>
<div>
  <img src="https://www.zenarmor.com/images/blog/the-live-session-view-of-zenarmor-within-opnsense.webp" alt="Zenarmor 1.14 Dashboard on OPNsense" />
</div>
<p><em>Figure 3: The live session view, this part of the dashboard is incredibly useful when it comes to exploring the live traffic traversing your network</em></p>
<div>
  <img src="https://www.zenarmor.com/images/blog/the-activity-explorer-of-zenarmor-within-opnsense.jpg" alt="Zenarmor 1.14 Dashboard on OPNsense" />
</div>
<p><em>Figure 4: The activities explorer is a new addition to the dashboard that allows you to quickly view the Applications and Web Traffic traversing your network and totals the number of sessions observed allowing you to easily identify the top-talkers on your network</em></p>
<div>
  <img src="https://www.zenarmor.com/images/blog/the-policy-configuration-menu-of-zenarmor-within-opnsense.jpg" alt="Zenarmor 1.14 Dashboard on OPNsense" />
</div>
<p><em>Figure 5: The policy configuration menu now has the same clean look as what is seen in Zenconsole</em></p>
<div>
  <img src="https://www.zenarmor.com/images/blog/the-settings-menu-of-zenarmor-within-opnsense.jpg" alt="Zenarmor 1.14 Dashboard on OPNsense" />
</div>
<p><em>Figure 6: The settings menu shows all of Zenarmor’s settings accessible from one intuitive menu</em></p>
<div>
  <img src="https://www.zenarmor.com/images/blog/the-notifications-menu-of-zenarmor-within-opnsense.jpg" alt="Zenarmor 1.14 Dashboard on OPNsense" />
</div>
<p><em>Figure 7: The all-new built-in notifications dashboard, now included on OPNsense</em></p>
<h2>Change summary and some noteworthy mentions</h2>
<p>Below we have included a few changes that we have cherry-picked and feel are noteworthy, however, for a more comprehensive list please refer to the changelogs for this release:</p>
<ol>
<li>
<p>The Zenarmor status panel has now moved to the main dashboard giving you a single pane of glass to view your Zenarmor installation, including health status, NICs, engine status, etc, you will be familiar with this if you have used Zenconsole, see figure 1 above.</p>
</li>
<li>
<p>The default deployment mode is now set to <strong>Routed L3 mode with emulated netmap drivers.</strong> If you have followed recent articles published in this blog, you may have seen an article titled, <a href="https://www.zenarmor.com/blog#towards-a-device-agnostic-netmap-in-the-freebsd-kernel">Towards a device-agnostic netmap in the FreeBSD kernel</a> which explains Zenarmor’s financial contribution and involvement in developing an emulated netmap driver to overcome hardware support limitations. We suggest that If you have not already read that article you go check it out as it details the reasons for the much-needed move to the emulated netmap driver.</p>
</li>
<li>
<p>New notification features have been built into OPNsense as well as the ability to provide feedback and submit log files easily through a dedicated feedback section. <br><br></p>
</li>
</ol>
<div>
  <img src="https://www.zenarmor.com/images/blog/added-feedback-link-to-opnsense.png" alt="Zenarmor 1.14 Dashboard on OPNsense" />
</div>
    ![Zenarmor 1.14 Dashboard on OPNsense](/images/blog/added-feedback-link-to-opnsense.png)
    <br><br>
    *Figure 8: A newly added feedback link that opens a menu that allows you to submit feedback and log files easily to Zenarmor during the troubleshooting process*
    <br><br>
<ol start="4">
<li>All of the Zenarmor settings options have been moved to the OPNSense sidebar to provide the user with a quick means to access them following a typical OPNsense style workflow instead of having these options buried deep in the dashboard.</li>
</ol>
<h2>Final thoughts…</h2>
<p>So are you ready for Zenarmor 1.14? If you would like to get your feet wet and explore the new and improved Zenarmor and OPNsense dashboard, simply update your Zenarmor installation, it will only take a few minutes. If you are new to Zenarmor, head over to your plugins and install the Zenarmor plugin and try Zenarmor for free on a 15-day trial, with no credit cards required, and give your security posture a boost.</p>
<p>Alternatively, feel free to contact Zenamor at <span><img src="https://www.zenarmor.com/images/hi-at-zenarmor.svg" width="150" alt="hi-at-zenarmor" /></span> and ask for assistance getting your free trial set up and started today. We’d love to hear from you!</p>
<div class="cta-button">
    <a href="https://dash.zenarmor.com/register/free-edition?utm_source=blog&utm_medium=web&utm_campaign=blog-cta" role="button" class="button orange-light" rel="noopener">Get Started with Zenarmor Today</a>
</div>
<br/>
<style>
    .cta-button {
        margin-block: 2.5rem;
        display: flex;
        justify-content: center;
    }
</style>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/Bi7JSaeAdDM?si=xKLt-sIFZMeCdpyX" title="Introducing Zenarmor 1.14: OPNsense interface improvements through Zenconsole integration" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-1-14-thumbnail.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Best Practices for Upgrading Zenarmor to v1.14]]></title>
            <link>https://www.zenarmor.com/announcements#best-practices-for-upgrading-zenarmor-to-v1-14</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#best-practices-for-upgrading-zenarmor-to-v1-14</guid>
            <pubDate>Thu, 03 Aug 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[Even though it has been rigorously tested by the Zenarmor team and upgrading to Zenarmor is a simple procedure that allows you to upgrade your system without incident, it is best to be prepared for Murphy. It is crucial to proceed with caution to avoid disruptions and data loss.
<br>
In this post, we will give you a hand in upgrading your Zenarmor NGFW smoothly. If you follow the advice below, the process can be relatively straightforward and have minimal impact on your business.
]]></description>
            <content:encoded><![CDATA[<p>Zenarmor v1.14 features an improved and more intuitive user interface for OPNsense users. Not only does it have a brand-new user interface, but also a brand-new backend service. Almost every line of backend code is written from afresh, and all <code>sensei</code> system paths are replaced with <code>zenarmor</code>.</p>
<p><ins>Zenarmor v1.14 is a significant upgrade.</ins> This is why we’ve prepared this guide to help you navigate this upgrade smoothly.</p>
<p><img src="https://www.zenarmor.com/images/blog/zenarmor-1-14-dashboard-on-opnsense.jpg" alt="Zenarmor 1.14 Dashboard on OPNsense"></p>
<p><em>Figure 1: Zenarmor 1.14 Dashboard on OPNsense</em></p>
<p>Even though it has been rigorously tested by the Zenarmor team and upgrading to Zenarmor is a simple procedure that allows you to upgrade your system without incident, it is best to be prepared for Murphy. It is crucial to proceed with caution to avoid disruptions and data loss.</p>
<p>Sometimes unfortunate events occur when we least expect them or are least prepared for them. With each software update, there is a small chance of data loss. Software upgrades can be difficult, time-consuming, and hazardous if not performed correctly.  Occasionally, significant feature changes necessitate the reorganization of data during the revision procedure. Upgrade flaws, process interruptions, and unique use cases can all lead to software update corruption. Worse still, entire sections of the software may become corrupted. In uncommon but not unheard-of instances, the entire installation may become corrupt.</p>
<p>In this post, we will give you a hand in upgrading your Zenarmor NGFW smoothly.</p>
<h2>What are the Tips for Zenarmor Upgrade?</h2>
<p>Software upgrades can be challenging, but if you follow the advice below, the process can be relatively straightforward and have minimal impact on your business. Here are the best practices that you may follow to upgrade your Zenarmor safely:</p>
<ol>
<li>
<p><strong>Create Snapshot:</strong> Before beginning the upgrade procedure, create a snapshot of your virtual machine if you are operating your firewall in a virtual environment, such as Proxmox VE. So that you can rapidly deploy and operate your firewall system by minimizing downtime in the event of a problem.</p>
</li>
<li>
<p><strong>Backup Zenarmor:</strong> To be prepared for the worst-case scenario, <a href="https://www.zenarmor.com/docs/opnsense/configuring/backup-restore">backup your Zenarmor</a> configuration and policies. If you do have to roll back with a fresh installation of Zenarmor, you may rapidly recover from the failure by restoring your next-generation firewall.</p>
</li>
<li>
<p><strong>Note License Key:</strong> If you need a fresh installation of Zenarmor, you may be required to activate your subscription key. For expedited subscription activation, note your Zenarmor license key in a safe place. Navigate to Zenarmor &gt; Configuration &gt; About &gt; View Subscription to access the license key. Additionally, you can view your license key through your Zenconsole account.</p>
</li>
<li>
<p><strong>Test in a Staging Environment:</strong> Whenever possible, test the upgrade in a staging or test environment that closely mimics your production setup. This allows you to identify and resolve any compatibility or performance issues before deploying the upgrade in the production environment.</p>
</li>
<li>
<p><strong>Ensure Your Connection is Reliable:</strong> Ensure that you have a secure and reliable network connection to download the firmware update.</p>
</li>
<li>
<p><strong>Schedule Appropriate Time:</strong> To reduce service interruption and cybersecurity risks, schedule an appropriate time for your business. Establish a maintenance window that does not interfere with prime operation hours or periods of heavy network traffic. Weekend or nighttime hours are typically optimal for significant system upgrade operations. Do not enhance your system during office hours; instead, conduct a thorough analysis to determine when an upgrade or prospective rollback will have the least impact on your business.</p>
</li>
<li>
<p><strong>Get Approval:</strong> It is essential to understand who has the authority to make upgrade decisions and who makes the final “Go” or “No-Go” determination. Share your plan for an upgrade with your manager or approval committee and obtain their approval. Maintain an open line of communication with your manager regarding why you’re upgrading, what you’re upgrading, and when. Open channels of communication contribute significantly to the success of an upgrade: between departments impacted by the upgrade, between front-line staff and decision-making management, and, if necessary, between your organization and external partners and visitors.</p>
</li>
<li>
<p><strong>Prefer Zenarmor UI:</strong> It may be better to use Zenarmor &gt; Status page to update your Zenarmor in a more controlled and safe way.</p>
</li>
<li>
<p><strong>Fresh Install and Restore Backup:</strong> If you are unable to upgrade Zenarmor NGFW and cannot resolve the issue, you can attempt a fresh installation and restore from your most recent backup.</p>
</li>
<li>
<p><strong>Test:</strong> Create a test scenario and verify that everything is functioning as anticipated. If a problematic update must be reinstalled, testing will save you a tremendous amount of time and effort. You must examine the firewall’s functionality, efficacy, stability, and compatibility. Check the Zenarmor notification page. Notifications enable you to be notified of critical Zenarmor firewall events. If you encounter any problems or errors, you must promptly identify and correct them, or revert to the previous state if necessary.</p>
</li>
<li>
<p><strong>Document and Review:</strong> It is essential to document the entire process of the upgrade. You must document the update’s specifics and procedures, including the date, time, source, version, and modifications made. You must also document any problems or errors that arose, as well as how they were resolved or avoided. You must assess the efficacy, efficiency, and customer contentment of the update or revision, as well as review the process and the outcomes. In addition to sharing your findings and lessons learned with your stakeholders, you must also provide feedback and recommendations for future updates or enhancements. This information should be recorded in a readily accessible location so that you can enhance your process next time.</p>
</li>
<li>
<p><strong>Contact Zenarmor Team:</strong> Never forget that Zenarmor is always by your side. You can communicate with them at any time. If you are experiencing issues with your next-generation firewall, do not hesitate to contact the <a href="https://www.zenarmor.com/docs/support">support team</a>.</p>
</li>
</ol>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/best-practices-for-zenarmor-to-1.14.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[What’s in a Name? From Sunny Valley Networks to Zenarmor: Our Journey of Rebranding]]></title>
            <link>https://www.zenarmor.com/announcements#what-is-in-a-name-from-sunny-valley-networks-to-zenarmor-our-journey-of-rebranding</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#what-is-in-a-name-from-sunny-valley-networks-to-zenarmor-our-journey-of-rebranding</guid>
            <pubDate>Tue, 06 Jun 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[As companies evolve and grow, it's natural to reassess your brand identity to better reflect your values and mission. That's why we're excited to announce that we're rebranding Sunny Valley Networks to Zenarmor. This change comes after careful consideration and reflection on our company's journey and what we want to represent moving forward.]]></description>
            <content:encoded><![CDATA[<p>As companies evolve and grow, it’s natural to reassess your brand identity to better reflect your values and mission. That’s why we’re excited to announce that we’re rebranding Sunny Valley Networks to Zenarmor. This change comes after careful consideration and reflection on our company’s journey and what we want to represent moving forward.</p>
<h2>The History of Our Company</h2>
<p>Sunny Valley Networks was founded in 2017 with a mission to provide enterprise-quality network security solutions to home users and small to medium-sized businesses. Our initial product, Sensei, provided home and small business users with an intuitive and easy-to-use software platform that helped protect their networks from cyber threats.</p>
<p>As our company grew, we realized that our original product name, Sensei, no longer fully captured the essence of our mission and values. After careful consideration, we decided to rebrand our product as Zenarmor, which better reflects our focus on providing holistic, balanced, and robust security solutions to our customers of all sizes.</p>
<h2>The Meaning Behind Zenarmor</h2>
<p>Zenarmor represents the combination of two powerful concepts: “zen” and “armor.” Zen is a practice that promotes balance, focus, and calmness, while armor represents protection, strength, and resilience. These two concepts perfectly capture the essence of our product and new company name, and the values we strive to embody in everything we do.</p>
<h2>Our New Company Identity</h2>
<p>Along with the new name comes a new company identity. We’ve updated our logo, color palette, and visual language to better reflect our brand identity and values. Our new logo features a simple, yet powerful, design that incorporates both the “zen” and “armor” concepts. The new color palette represents the balance between calmness and protection, while the visual language reflects the strength and resilience of our products.</p>
<h2>The Benefits of Rebranding</h2>
<p>We believe rebranding our company name from Sunny Valley Networks to Zenarmor will help us better communicate our focused mission, values, and product offering to our customers globally. By aligning our company and product names, we hope to increase market awareness and improve brand recognition. Our new identity will help us differentiate ourselves from our competitors and establish ourselves as a leader in the network security industry.</p>
<h2>Delivering on the Promise of SASE</h2>
<p>At Zenarmor, we are committed to delivering the latest innovations in network security to our customers. One of the most promising trends in the industry is the emergence of Secure Access Service Edge (SASE), a cloud-native approach to network security that consolidates and simplifies networking and security functions. With SASE, businesses can provide secure access to their networks from any location or device, while also reducing complexity and improving performance.</p>
<p>We believe that SASE represents the future of network security, and we are committed to delivering on its promise to our customers. Our Zenarmor product has been designed from the ground up to support SASE, with a software only cloud-native architecture that enables us to deliver network security solutions that are uniquely agile, scalable, and highly effective.</p>
<h2>Moving Forward</h2>
<p>We are excited to embark on this new chapter in our company’s history. While the company name may have changed in our marketing, our commitment to providing innovative network security solutions remains the same since the business was founded. With our new company identity and our continued commitment to delivering on the promise of SASE, we believe that Zenarmor is well-positioned to help businesses and academic institutions of all sizes protect both their networks and users.</p>
<p>Thank you for your continued support as we transition from doing business as Sunny Valley Networks to Zenarmor. We can’t wait to see what the future holds!</p>
<div class="cta-button">
    <a href="https://dash.zenarmor.com/register/free-edition?utm_source=blog&utm_medium=web&utm_campaign=blog-cta" role="button" class="button orange-light" rel="noopener">Get Started with Zenarmor Today</a>
</div>
<br/><br/>
<style>
    .cta-button {
        margin-block: 2.5rem;
        display: flex;
        justify-content: center;
    }
</style>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/XH6ETsC4oDI" title="CEO Murat Balaban announces official rebranding to Zenarmor" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/rebranding-of-zenarmor.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[Towards a device-agnostic netmap in the FreeBSD kernel]]></title>
            <link>https://www.zenarmor.com/blog#towards-a-device-agnostic-netmap-in-the-freebsd-kernel</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#towards-a-device-agnostic-netmap-in-the-freebsd-kernel</guid>
            <pubDate>Thu, 01 Jun 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[As some might have already noticed, OPNsense’s 23.1.6 release has delivered some important kernel updates to the netmap subsystem. The goal of this blog post is to provide some insights into what we’ve been up to and what we’re planning to do in the future in the context of improving device driver support for the netmap subsystem in the FreeBSD kernel.]]></description>
            <content:encoded><![CDATA[<p>As some might have already noticed, OPNsense’s 23.1.6 release has delivered some important kernel updates to the netmap subsystem:</p>
<p>From <a href="https://forum.opnsense.org/index.php?topic=33643.msg162672#msg162672">OPNsense 23.1.6 Release Notes:</a></p>
<blockquote>
<p>The other honorable mention is the netmap work we have been doing with Zenarmor and Klara on the FreeBSD kernel side which brings bridge device support as well as a considerable improvement to the emulated mode where several packet stalls and mbuf leaks have been identified and subsequently fixed.  This should have an operational impact on Suricata (IPS mode) and Zenarmor.  The state is much better now but please do not hesitate to contact us about issues that you might still be having with netmap-based packet flows as the topic is a rather complex one.</p>
</blockquote>
<p>The goal of this blog post is to provide some insights into what we’ve been up to and what we’re planning to do in the future in the context of improving device driver support for the netmap subsystem in the FreeBSD kernel.</p>
<h2>Background</h2>
<p>As the Zenarmor team, in the past, we sponsored several development efforts for the netmap project. The goal of those projects was to improve the stability of the netmap support for some specific drivers. Although the work was limited to a few widely used drivers, those developments have proved to be helpful for both Zenarmor users and Suricata and Snort IPS user community who had been using that software on the FreeBSD operating system.</p>
<h2>Problem</h2>
<p>Although the developments were a huge step forward for some specific ethernet adapters, the netmap and ethernet driver compatibility still continued to be an issue for the majority of the ethernet drivers.</p>
<p>Since Zenarmor, Suricata (IPS mode), and Snort (IPS mode) rely heavily on the netmap subsystem to function properly, any issues related to this netmap driver compatibility continued to cause issues in certain configurations, impacting the user experience for the aforementioned user community at large.</p>
<p>The underlying reason is that netmap mangles heavily with device drivers to be able to make maximum use of their capabilities and speed. This totally makes sense from a performance perspective; and for the original use-cases netmap has been developed for in the first place. However, this approach is very hard to maintain for use cases where portability is more important than attaining the best possible wire-speed packet performance. The reason is any single driver-specific update requires a review/update on the netmap side. Additionally, any newly introduced ethernet adapter or chipset could not be used with the IPS tools unless proper netmap support is specifically developed for the driver.</p>
<p>Having sponsored two netmap projects prior, it became apparent to us that trying to maintain netmap compatibility on an individual driver basis was not a sustainable solution for use-cases where portability is more important than attaining best possible packet per second performance.</p>
<h2>Possible Solutions</h2>
<p>We needed a mechanism that would work driver-agnostic and would perform reasonably equally well for all the ethernet drivers.</p>
<p>We have entertained several ideas to see if we can extend the functionality of an existing kernel mechanism to achieve what we want:</p>
<ol>
<li>Improve the performance of <a href="https://man.freebsd.org/cgi/man.cgi?divert">divert sockets</a></li>
<li>Improve and extend packet <a href="https://man.freebsd.org/cgi/man.cgi?query=pfil&amp;sektion=9">filter hooks</a></li>
<li>Improve the stability and performance of the netmap-emulated driver</li>
<li>Implement a brand new kernel mechanism for this goal (BSD version of eBPF)</li>
</ol>
<h2>Teaming up for the optimal solution: netmap emulated driver</h2>
<p>We’ve discussed these ideas with the OPNsense (Deciso) team and have decided to team up with Klara Systems to assess the situation and decide on and implement the best solution together.</p>
<p>After evaluating the options with Allan Jude and Tom Jones of Klara Systems, <strong>netmap emulated driver</strong> stood out as the best foundation to move forward. Netmap’s emulated driver was already driver-agnostic and we would not need any additional developments on the application side of things (Zenarmor, Suricata, Snort) since these security tools already had the netmap support built in.</p>
<p>On the other hand, people were reporting packet stalls or performance issues related to the emulated driver. These need to be addressed.</p>
<p>So it was decided that we would go with the netmap-emulated driver and the project.</p>
<h2>The Project</h2>
<p>After some discussion, we’ve decided to approach the project in two phases and improve the netmap emulated driver in two phases and have the below deliverables:</p>
<ol>
<li>Phase 1:
<ul>
<li>Improving the reliability and stability of the emulated mode for all ethernet devices</li>
<li>Add emulated mode support for bridge(4), VLAN(4), lagg(4) and tun(4) pseudo interfaces</li>
</ul>
</li>
<li>Phase 2:
<ul>
<li>Improving the performance so that its performance compares reasonably well when compared to native netmap drivers.</li>
</ul>
</li>
</ol>
<p>The project has been financially sponsored by <strong>Zenarmor</strong> and <strong>OPNsense</strong>; and the technical analysis and implementation have been done by <strong>Mark Johnson, Tom Jones, and Allan Jude of Klara Systems</strong>.</p>
<p>In the first phase of the project, a performance and functional analysis of netmap interfaces in emulated mode (also referred to as generic mode interfaces) revealed some functional issues which could lead to failure to complete transmission of packets, leaked memory, or complete stalls of network interfaces when using certain devices.</p>
<h2><em>Buffer recycling stall</em></h2>
<p>Emulated mode interfaces attempt to perform zero-copy transmission when sending packets. An in-kernel ring buffer is populated with mbuf headers to which netmap buffers are attached. When transmitting the mbuf reference count is set to 2, once this has been decremented to 1 netmap infers that the driver has freed the mbuf as part of a transmission and the transmission can be considered to be complete allowing the memory backing the mbufs to be released back to the pool. This scheme fails when software pseudo interfaces are used with netmap (such as if_lagg or if_bridge). With software interfaces the underlying hardware interface is relied on to free the mbuf during transmission completion, however, drivers are allowed to hold a small number of mbufs indefinitely. If such a buffer ends up at the tail of a netmap transmit ring further transmissions can be blocked indefinitely leading to a stall to all traffic for that netmap software interface.</p>
<p>To resolve this problem, a change was upstreamed to FreeBSD which removes the attempted zero-copy behavior (commit ce12afaa6fff).</p>
<p>As part of this change, an issue where the pkthdr field was not correctly cleared when a mbuf is released for reuse was also addressed. Before this change, some software interfaces such as if_vlan could set fields in the mbuf header which persisted when the mbuf was reused.</p>
<h2><em>Leaking Packets</em></h2>
<p>The networking layer is able to send packets to interfaces in batches of multiple packets by linking them together through the m_nextpkt pointer. netmap interfaces in generic mode do not handle this and when linked batches of packets were sent only the first packet from the batch would be transmitted. The remaining packets from the batch would be leaked triggering a memory leak when using interfaces in generic mode. This issue was fixed by walking the mbuf chain during transmission (commit 5f6d37787f1e).</p>
<h2>Phase I Results:</h2>
<p>Problems with these scenarios have been fixed.  Emulated support for the mentioned pseudo ethernet adapters has been implemented.</p>
<p>OPNsense shipped all of these improvements with its <a href="https://forum.opnsense.org/index.php?topic=33643.msg162672#msg162672">23.1.6 Release.</a></p>
<p>In the meantime, all of the work has been upstreamed to FreeBSD in an effort to make all of these improvements available to the wider FreeBSD community:</p>
<table>
<thead>
<tr>
<th>Commit Hash</th>
<th style="text-align:left">Commit Message</th>
</tr>
</thead>
<tbody>
<tr>
<td><a href="https://cgit.freebsd.org/src/commit/?id=d862b165a6d3436d01c8ae63ab7879d17a5d143a">d862b165a6d3</a></td>
<td style="text-align:left">bridge: Add support for emulated netmap mode</td>
</tr>
<tr>
<td><a href="https://cgit.freebsd.org/src/commit/?id=110ce09c90dc452fa5669874535e1f3984e166f9">110ce09c90dc</a></td>
<td style="text-align:left">if_lagg: Allow lagg interfaces to be used with netmap</td>
</tr>
<tr>
<td><a href="https://cgit.freebsd.org/src/commit/?id=a7ba32e6bcb99176fdb042b9f26b2e1158d33d12">a7ba32e6bcb9</a> <br> <a href="https://cgit.freebsd.org/src/commit/?id=fe701c39e8aa270a71b5010a1eb4b488a80dcae5">fe701c39e8aa</a> <br> <a href="https://cgit.freebsd.org/src/commit/?id=cef7ab70ff44955b97e543fd03e664c89ce05bc3">cef7ab70ff44</a></td>
<td style="text-align:left">The patch with if_tun support for netmap is available in <a href="https://reviews.freebsd.org/D37437">https://reviews.freebsd.org/D37437</a> but this solution does not offer a generic enough interface to allow any netmap application to work with if_tun in all possible modes. Tests were committed to upstream FreeBSD to better support changes and regression detection for tun: <br> tun tests: Fix cleanup definitions <br> if_tun: Add basic connectivity test with nc tun support <br> netcat: Allow nc to be an if_tun tunnel broker</td>
</tr>
<tr>
<td><a href="https://github.com/freebsd/freebsd-src/commit/5f6d37787f1e6aaf9b18392e8cff65ed4e094f2c">5f6d37787f1e</a></td>
<td style="text-align:left">netmap: Handle packet batches in generic mode</td>
</tr>
<tr>
<td><a href="https://cgit.freebsd.org/src/commit/?id=ce12afaa6fff46c9027eb6b2bd515a4e46ecefc9">ce12afaa6fff </a></td>
<td style="text-align:left">netmap: Fix queue stalls with generic interfaces</td>
</tr>
<tr>
<td><a href="https://github.com/freebsd/freebsd-src/commit/df40e30c9786ccbf51e3acdf936d5c0e20815652">df40e30c9786</a></td>
<td style="text-align:left">netmap: Try to count packet drops in emulated mode</td>
</tr>
<tr>
<td><a href="https://github.com/freebsd/freebsd-src/commit/539437c8281d24450bacded3734276acd9983e90">539437c8281d</a></td>
<td style="text-align:left">netmap: Fix a queue length check in the generic port rx path</td>
</tr>
<tr>
<td><a href="https://github.com/freebsd/freebsd-src/commit/56c438fcd4a755f0abe8254779c39a0c4b530c75">56c438fcd4a7</a></td>
<td style="text-align:left">netmap: Tell the compiler to avoid reloading ring indices</td>
</tr>
</tbody>
</table>
<br>
<h2>Future Work for Phase II: Improve emulated netmap performance</h2>
<p>Further analysis has identified a couple of areas for future work to improve the performance of <a href="http://info.iet.unipi.it/~luigi/netmap/">netmap</a> and generic mode interfaces.</p>
<p>Following areas have been identified for future exploration. Work in these areas may be able to lead to higher performance for netmap in FreeBSD, however, higher performance might only show for certain types of network workloads or patterns of traffic.</p>
<h2><em>Memory Allocation</em></h2>
<p>One area to explore to improve netmap performance potentially is memory allocation. netmap offers two interfaces for memory allocation for applications:</p>
<ol>
<li>The application can mmap /dev/netmap</li>
<li>The application can provide pages for netmap to use which it has allocated already using a sparsely documented feature called extmem</li>
</ol>
<p>In the first case, netmap handles memory allocation for the buffers used to pass packets between the kernel and userspace. In this situation, it appears that netmap will always use 4KB mappings while aiming to always make mappings physically contiguous. This mechanism should enable the kernel to promote mappings to superpages when it can.</p>
<p>In the second case, the application has control over how the pages are allocated. This can potentially enable an application to use superpages for mappings, but the application has to be modified to support this.</p>
<p>Netmap’s allocator could be modified to be aware of superpages, enabling it to better size allocations to the available page sizes on a system. In certain workloads, it is possible for superpage aware handling of network data to offer a significant performance benefit. However, this benefit is highly dependent on the network traffic workload.</p>
<h2><em>Buffer Management</em></h2>
<p>Another area for exploration related to Netmap’s memory management is its use of buffers for storing packets. Currently, netmap takes control of an interface by hooking the ifnet’s if_input routine with generic_rx_handler. Generic_rx_handler puts received packets into a linked list which is then processed by the application when it makes a rxsync call. It is possible that this linked list isn’t cache-friendly and there could be performance advantages to moving to other data structures such as a ring buffer.</p>
<h2>Next Steps</h2>
<p>Memory allocation and buffer management changes are likely to offer a benefit to netmap applications.</p>
<p>Taking the feedback of the community into consideration; we’ll continue to monitor the performance of Zenarmor and Suricata applications with the emulated driver and assess whether the current state of the netmap emulated mode meets the reliability and performance requirements of the deployment scenarios.</p>
<p>Zenarmor will enable netmap Emulated Mode as the default deployment mode in one of the upcoming Zenarmor releases (Most likely 1.15; but a small probability exists that it can be shipped with 1.13.2).</p>
<h2>Thanks</h2>
<p>As Zenarmor and OPNsense teams, we would like to extend our special thanks and gratitudes to the OPNsense community and the wider FreeBSD community at large for testing the patches and providing feedback.</p>
<p>Additionally, special thanks goes to Mark Johnson, Tom Jones, Allan Jude of Klara Systems for their technical guidance and implementation;
Vincenzo Maffione from the Netmap team for providing precious feedback, code review and guidance; and for and to Sabina Anja for her ongoing support during the course of the project.</p>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/c6VeSws1hrA" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/freebsd-post-thumbnail.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Introducing Zenarmor 1.13: An MSSP and Enterprise decision-makers Guide to how these new and improved capabilities can enhance overall cyber security]]></title>
            <link>https://www.zenarmor.com/announcements#introducing-zenarmor-1-13-an-mssp-and-enterprise-decision-makers-guide-to-how-these-new-and-improved-capabilities-can-enhance-overall-cyber-security</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#introducing-zenarmor-1-13-an-mssp-and-enterprise-decision-makers-guide-to-how-these-new-and-improved-capabilities-can-enhance-overall-cyber-security</guid>
            <pubDate>Thu, 04 May 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[The greatly anticipated release of Zenarmor 1.13 has just arrived and offers important new and improved capabilities that both technical and business decision-makers will find helpful when implementing security solutions to strengthen their overall enterprise cyber security posture. Let's deep dive into the details of Zenarmor 1.13 and how these new improvements will benefit your business!]]></description>
            <content:encoded><![CDATA[<div>
<img src="https://www.zenarmor.com/images/blog/1-13-release-new.webp" alt="Release 1.13 Blog"/>
</div>
<br/><br/>
<p>The greatly anticipated release of Zenarmor 1.13 has just arrived and offers important new and improved capabilities that both technical and business decision-makers will find helpful when implementing security solutions to strengthen their overall enterprise cyber security posture.</p>
<p>A brief overview of the updates included in this release are:</p>
<ul>
<li>User PIN codes to bypass blocked content via the blocked content landing page</li>
<li>Policy-based SafeSearch enforcement</li>
<li>Scheduled advanced reporting</li>
<li>BrightCloud® Threat Intelligence Integration</li>
<li>Enhanced RESTful API and improved API endpoints</li>
<li>General bug fixes and performance improvements</li>
</ul>
<p>So when you are ready, let’s dive in and take a closer look at these new capabilities.</p>
<h2>User and Admin PIN codes to bypass and whitelist blocked websites.</h2>
<p>In the previous release of Zenarmor, the ability to create custom blocked landing pages was implemented. These landing pages are presented to users explaining why access to a website has been restricted either as part of a corporate internet usage policy or when protecting a user from a threat detected by Zenarmor’s real-time monitoring.</p>
<p>Zenarmor 1.13 enhances this capability by giving your security team the ability to create and issue PIN codes that end-users can input on the custom blocked landing page to bypass and whitelist the webpage. This provides an alternative, yet still controlled method of whitelisting websites, without having a member of the security team manually modify the whitelist using Zenconsole.</p>
<p>Two types of PIN codes can be issued, the first being a global admin PIN code, which when used, whitelists the blocked website for all users and endpoints on the network. The second bypass PIN code type is a user specific code, that is issued to a single user allowing only that single endpoint access to the restricted website.</p>
<p>Both bypass PIN code types can be set up to expire after a certain amount of time. This capability can be useful to end-users and IT security team members alike, by providing a quick and controlled means to whitelist websites on the fly, which reduces end-user frustration typically associated with users waiting for IT to manually whitelist the website. At the same time, IT helpdesk staff can offer quick turnaround times by simply providing a PIN code, alleviating the cybersecurity technical staff responsible for managing the organization’s firewall, while still maintaining control.</p>
<div>
<img src="https://www.zenarmor.com/images/blog/pin-codes-to-bypass-and-whitelist-blocked-websites.webp" alt="[PIN codes to bypass and whitelist blocked websites" />
</div>
<h2>Policy-based SafeSearch enforcement</h2>
<p>SafeSearch functionality provides a means to filter out offensive or inappropriate content from presented search engine results and is available for most of the popular search engines including Google, Bing, Duckduckgo, Yahoo, and Yandex. Usually, this feature is activated on a per-user/endpoint basis. However, with Zenarmor 1.13 you can activate SafeSearch enforcement on a per-policy basis for all users on your network. This capability is perfect for use in school networks where students can have SafeSearch activated by default, whereas teachers and other staff don’t have SafeSearch enabled. This feature provides IT departments with a convenient and efficient means to control SafeSearch globally throughout the network.</p>
<p>Just as a side note, if you are interested in how Zenarmor can be used to secure and filter content in an educational environment, please check out my previous article: <br/>
<a href="https://www.zenarmor.com/blog#why-is-zenarmor-the-perfect-content-filtering-solution-for-educational-institutions">Why is Zenarmor the perfect content-filtering solution for educational institutions?</a></p>
<br/>
<div>
<img src="https://www.zenarmor.com/images/blog/policy-based-safesearch-enforcement.png" alt="[PIN codes to bypass and whitelist blocked websites" />
</div>
<br/>
<h2>Customizable, scheduled advanced reports for all audiences</h2>
<p>Comprehensive and customizable advanced reporting has always been one of the great capabilities offered by Zenarmor. With Zenarmor 1.13, reporting functionally gets an upgrade allowing security teams to automate the scheduled sending of reports. This functionality is useful when it comes to creating and sending reports to multiple recipients at the frequency they need. For example, one way to use this feature is to send management and business decision-makers more high-level business-oriented reports monthly.Alternatively, you could send daily technical reports to your cyber security team, the choice is yours. Regardless of your reporting requirements, Zenarmor now ensures your reports are delivered on time, in PDF format, to their exact audiences with no fuss.</p>
<p>To make this service even better, you don’t have to waste time setting up your own email service and settings to deliver reports, Zenarmor includes a built-in email delivery service with this release.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/advanced-reports-for-all-audiences.webp" alt="Advanced Reports for all Audiences" />
</div>
<br/>
<h2>Increased threat coverage by leveraging BrightCloud® Threat Intelligence</h2>
<p>Zenarmor’s existing AI-based threat intelligence protecting your network against over 300M+ websites and domains is without a doubt an impressive standard capability giving you advanced protection and is included in all Zenarmor subscriptions ranging from the Free to Business Edition of Zenarmor.</p>
<p>As of the release of Zenarmor 1.13, through Zenarmor’s partnership with BrightCloud®, Business Edition, users will benefit from extended protection that includes an additional 1+ billion categorized domains and 4+ billion recorded IPv4/6 addresses. In addition to this, you will also benefit from being a part of a global threat intelligence network made up of over 140 top cyber security vendors using BrightCloud® Threat Intelligence to enrich and extend their threat detection solutions. So rest assured,  knowing you have access to the very best threat intelligence available. To date, BrightCloud® has evaluated over 48+ billion domains and adds to this database by analyzing roughly 25,000 threats and URLs daily.</p>
<p>If you are already a Zenarmor Business Edition subscriber, you will automatically benefit from the BrightCloud® Threat Intelligence database powered by sixth-generation machine learning, which provides your business maximum protection at all times. If you are on a Free, Home, or SOHO subscription, don’t worry, you can still depend on the great threat intelligence that you know and love provided by Zenarmor as standard.</p>
<p>If you are interested in learning more about BrightCloud® please check out the official partnership <a href="https://www.zenarmor.com/announcements#zenarmor-adds-brightcloud-database-to-its-threat-intelligence-platform-to-further-increase-threat-protection-coverage">announcement</a>, or alternatively head over to <a href="https://www.brightcloud.com/">https://www.brightcloud.com/</a></p>
<h2>Enhanced RESTful API</h2>
<p>Zenarmor has included RESTful API functionality in previous Zenarmor releases for some time already. However, as of Zenarmor 1.13, the RESTful API has been enhanced by providing developers and integrators with more API endpoints so that they can leverage more of Zenarmor’s functionality, similar to the functionality already provided in Zenconsole.</p>
<p>The API allows for improved integrations with popular MSSP automation platforms like ConnectWise and Kaseya or even existing SIEM and XDR solutions that you may already have deployed in your environment.</p>
<h2>Are you ready to experience Zenarmor 1.13 for yourself?</h2>
<p>If you answered yes to this question, and you are an existing Zenarmor customer, head over to either Zenconsole or your OPNSense dashboard and apply the 1.13 update. If you are new to Zenarmor and would like to explore the great capabilities that Zenarmor has to offer, you can simply sign-up and start your Zenarmor Business Edition 15-day trial, with no credit cards required.</p>
<p>Alternatively, feel free to contact Zenarmor at <span><img src="https://www.zenarmor.com/images/hi-at-zenarmor.svg" alt="hi-at-zenarmor" /></span> and ask for assistance getting your free trial setup and started today. We’d love to hear from you!</p>
<div class="cta-button">
    <a href="https://dash.zenarmor.com/register/free-edition?utm_source=blog&utm_medium=web&utm_campaign=blog-cta" role="button" class="button orange-light" rel="noreferrer noopener">Get Started with Zenarmor Today</a>
</div>
<br/><br/>
<style>
    .cta-button {
        margin-block: 2.5rem;
        display: flex;
        justify-content: center;
    }
</style>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/tzwfDDiekGM" title="What's new in Zenarmor 1.13 - An MSP & Enterprise decision-makers guide" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/1-13-release-thumbnail.jpg" length="0" type="image/jpg"/>
        </item>
        <item>
            <title><![CDATA[Zenconsole is Moving to its New Domain - dash.zenarmor.com]]></title>
            <link>https://www.zenarmor.com/announcements#zenconsole-is-moving-to-its-new-domain</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#zenconsole-is-moving-to-its-new-domain</guid>
            <pubDate>Thu, 13 Apr 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[We’re excited to let out customers know that Zenconsole has moved to its new domain with new improvements to provide advanced cybersecurity]]></description>
            <content:encoded><![CDATA[<p>Dear valued customers,</p>
<p>We’re excited to announce that our Zenconsole firewall management console has a new domain, <a href="https://dash.zenarmor.com/">https://dash.zenarmor.com/</a>. Plus, for a limited time, you can still access and manage your Zenarmor nodes via the old domain, <a href="https://sunnyvalley.cloud/">https://sunnyvalley.cloud/</a>. In the future, all access requests to the former domain will be redirected to the new domain, <a href="https://dash.zenarmor.com/">https://dash.zenarmor.com/</a>. Rest assured that all user accounts, data, and settings have been smoothly transferred to the new site, so you can keep using our services without any interruptions.</p>
<p>We understand that change can sometimes be daunting, but we’re here to make this transition as seamless as possible for you. Additionally, we’ve made significant improvements to the Zenconsole, including enhanced security features and improved user interface, to ensure that your experience with our platform is better than ever before. If you have any questions or concerns, our support team is available to assist you at <a href="https://help.zenarmor.com/hc/en-us">https://help.zenarmor.com/hc/en-us</a> or via support -at- <a href="http://sunnyvalley.io">sunnyvalley.io</a> email.</p>
<p>Thank you for your continued trust and support. We couldn’t have done this without you!</p>
<p>Best regards,
Your friends at Zenarmor</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/announcement/zenconsole-is-moving-to-its-new-domain.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[Why is Zenarmor the perfect content-filtering solution for educational institutions?]]></title>
            <link>https://www.zenarmor.com/blog#why-is-zenarmor-the-perfect-content-filtering-solution-for-educational-institutions</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#why-is-zenarmor-the-perfect-content-filtering-solution-for-educational-institutions</guid>
            <pubDate>Tue, 04 Apr 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[It’s a necessity that educational institutions implement proper cyber security and access control measures, not only to protect their systems, teachers and administrators, but most importantly, the bright and impressionable minds accessing these systems and internet services. In this article, we are going to unpack the benefits and capabilities of Zenarmor and look at how it provides a formidable content filter, protecting minors and students alike from inappropriate online content and online threats.]]></description>
            <content:encoded><![CDATA[<div>
  <img src="https://www.zenarmor.com/images/blog/why-is-zenarmor-the-perfect-content-filtering.webp" alt="Why is Zenarmor the perfect content-filtering solution" />
</div>
<p>It is no secret that the internet is a dangerous place filled with all kinds of threats ranging from malware to phishing attacks, to inappropriate content or themes that enterprises go to great lengths to defend against daily.</p>
<p>But what about educational institutions like schools, universities, and other public places like libraries where minors and young adults have internet access? Are these environments truly as safe as they can be? Too often they’re not. Educational institutions, small businesses and even large enterprises do share many technical similarities. They all rely on networks connecting desktop and laptop computers, and wireless mobile devices including smartphones, tablets, and smart boards used in the classroom, all with access to the Internet. And let’s not forget the various servers used by the academic organization which are also connected to the same network. Unlike large enterprises, academic institutions have a different and some might argue more important imperative.  It’s a necessity that educational institutions implement proper cyber security and access control measures, not only to protect their systems, teachers and administrators, but most importantly, the bright and impressionable minds accessing these systems and internet services.</p>
<p>Zenarmor understands the importance and unique security needs of educational institutions. Today, throughout the world, hundreds of academic institutions depend on Zenarmor and the enterprise-grade security it provides. For the remainder of this article, we are going to unpack the benefits and capabilities of Zenarmor and look at how it provides a formidable content filter, protecting minors and students alike from inappropriate online content and online threats. We’ll also cover how Zenarmor helps to satisfy governmental regulatory compliance requirements such as the Children’s Internet Protection Act (CIPA) and supports educational institutions that want to qualify for the E-Program financial programs offered by the US Government.</p>
<h2>A brief background about content filtering, and why using Zenarmor is a superior solution.</h2>
<p>Content filtering, in a nutshell, is the process of screening or completely blocking objectionable websites, emails, applications, or links that may be inappropriate, offensive, or even outright malicious to the user or system accessing the content. The main goal of implementing content filtering controls in your network is to prevent the users and systems from accessing this questionable content, which could jeopardize your overall network security or expose the users to inappropriate or productivity-hindering websites that go against network usage or school’s policies.</p>
<p>Generally, content filtering is deployed on the perimeter firewall which monitors all outbound internet traffic against a predefined Access Control List (ACL) or policy. Popular ways of implementing ALC’s often involve the usage of a Squid proxy server integrated with the SquidGuard extension or in other cases DansGuardian which intercepts the outgoing traffic and checks it against the ACLs. This popular approach is effective and has been used to filter content over the years. However, it comes with some challenges that are often difficult for academic institutions to address: it requires the network administrator to create all the ACLs rules manually, and periodically perform manual updates, which becomes very time-consuming to maintain. This is especially true if the network is large, or complex or has changing policy requirements.</p>
<p>Zenarmor, on the other hand, addresses these administration issues by providing network administrators an intuitive web-based management dashboard called Zenconsole. Policy management is made easy with 60+ predefined web and application categories, covering thousands of application signatures that can enforce policy requirements without requiring client-based agents or proxy configurations. Furthermore, Zenarmor operates in a fully transparent mode, meaning that unlike proxy based security approaches which require altering the network traffic flow, Zenarmor does not require any changes to the network content or architecture to provide its protection, making deployment straightforward.</p>
<p>Importantly, Zenarmor utilizes AI-powered cloud-based web categorization that provides real-time classifications covering over 1 billion  domains. This approach not only eliminates the time-consuming process of manually creating and updating ACLs, but is far more comprehensive than what network administrators can ever achieve on their own, no matter how motivated they are.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/zenconsole-includes-60plus-categories.webp" alt="Zenconsole Includes 60+ Categories" />
</div>
<p><em>Figure 1: Zenconsole includes 60+ predefined web and application categories</em></p>
<h2>More reasons why Zenarmor is the most complete content filtering solution.</h2>
<p>Using Zenarmor certainly makes content filtering much easier compared with traditional approaches. However, its capabilities in protecting the organization don’t end there. Unlike other approaches, Zenarmor also provides advanced security features by combining AI-based cloud threat intelligence with deep packet inspection. The result is that Zenarmor is also able to block botnets, prevent sophisticated zero-day malware campaigns and phishing attacks, all in real-time. By comparison, these attacks can otherwise easily bypass traditional IP address, port number, or DNS based filtering techniques.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/zenconsole-essential-and-advanced-sec-options.webp" alt="Zenconsole Essential and Advanced security options" />
</div>
<p><em>Figure 2: Zenconsole Essential and Advanced security options</em></p>
<h2>But my organization consists of Administrators, Teachers and Students. How can I manage the policies for all of these groups independently to deliver human-centric security?</h2>
<p>To efficiently manage users, groups, and resources accessing the network, most educational institutions already have directory services deployed like Microsoft Active Directory. Zenarmor is easily integrated with Active Directory. This allows network administrators to associate content filter policies with established users or groups, regardless of the device or IP address they are using.</p>
<p>This is a tremendously powerful combination because often in an educational environment, you will find that there is a need for varying levels of access. For example; perhaps one class group is doing a study about drugs. The network administrator could easily relax restrictions to this otherwise prohibited category for a particular class group only for the duration of their research. At the same time, all other users remain protected from this content. A similar approach could apply to a staff group; they could have more relaxed policies in comparison to the student population.</p>
<h2>How does Zenarmor support compliance reporting?</h2>
<p>Zenarmor’s policies are both powerful and flexible. They can also be set up to operate on a schedule. With little effort, a network administrator can allow a different social media or recreational internet access after school hours while automatically resuming restrictions during daytime classes. Zenconsole also makes the management of these policies very easy through the automatic synchronization across all Zenarmor firewalls protecting the school’s network.</p>
<p>No great content filtering solutions would be complete without analytics and reporting. Zenarmor offers best-in-class analytics and reporting. This provides network administrators complete visibility of their network traffic including real-time connection information and access to 60+ predefined reports. Importantly, these reports also provides school administrators with the documentation they need to substantiate their efforts to protect their students and organization.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/zenconsole-predefined-reporting-view.webp" alt="Zenconsole predefined reporting view" />
</div>
<p><em>Figure 3: Zenconsole predefined reporting view</em></p>
<h2>I am interested in deploying Zenarmor to protect my school network. So how do I get started?</h2>
<p>Because Zenarmor is a software-defined solution with zero hardware dependency it provides network administrators multiple cost effective deployment options to consider. Zenarmor can easily be deployed on most off-the-shelf hardware or virtualized environments. It supports all the most popular Unix/Linux-based operating systems like Ubuntu, RedHat, and FreeBSD to name a few. Perhaps your institution has already invested in a firewall solution like pfSense or OPNsense. If so, you are already more than halfway to completing your Zenarmor deployment! Both pfSense and OPNsense make it incredibly easy to install Zenarmor through a plugin. If you are building your firewall and Zenarmor deployment from scratch using one of the many other supported operating systems, the installation is equally as easy. In most cases, you can have Zenarmor deployed in under 10 minutes using a simple CURL command.</p>
<h2>How affordable is a content filtering solution like this?</h2>
<p>Compared to commercial enterprises, educational institutions often have a smaller IT budget which may restrict these institutions’ access to the more sophisticated enterprise-grade content-filtering products on the market. To address this constraint, Zenarmor offers special pricing for educational institutions, allowing them to provide enterprise-grade security at a price they can afford.</p>
<h2>A side note for MSSPs reading this article.</h2>
<p>If you are an MSSP who has found this article informative and is looking to create new services or improve your offering for educational institutions, bundling Zenarmor into your current solution is an excellent way to provide immediate value to your clients. If you are interested in learning more about this, check out my previous article:
<a href="https://www.zenarmor.com/blog#how-mssps-can-leverage-zenarmor-combined-with-open-source-firewalls-to-increase-the-value-of-their-offered-services">How MSSPs can leverage Zenarmor combined with open-source firewalls to increase the value of their offered services</a></p>
<h2>Next Steps…</h2>
<p>If you would like to get your feet wet and explore the many great capabilities of Zenarmor and how it can be used to protect your students, staff, and network, <a href="https://www.zenarmor.com/free-edition-plan">try Zenarmor on a 15-day trial</a>, no credit cards required. Visit <a href="https://www.zenarmor.com/education">Zenarmor Education</a> page to learn more about how Zenarmor will upgrade your institution’s network security.</p>
<h2>Or…</h2>
<p>Contact Zenarmor at <span><img src="https://www.zenarmor.com/images/hi-at-zenarmor.svg" alt="hi-at-zenarmor"></span> and ask for assistance getting your free trial setup and started today</p>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/3l6CC8yt_Wc" title="How to Block Youtube on OPNsense" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/why-is-zenarmor-the-perfect-content-filtering-thumbnail.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor Adds BrightCloud™ Database to its Threat Intelligence Platform to further increase Threat Protection Coverage]]></title>
            <link>https://www.zenarmor.com/announcements#zenarmor-adds-brightcloud-database-to-its-threat-intelligence-platform-to-further-increase-threat-protection-coverage</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#zenarmor-adds-brightcloud-database-to-its-threat-intelligence-platform-to-further-increase-threat-protection-coverage</guid>
            <pubDate>Thu, 30 Mar 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[On top of Zenarmor's already existing AI-based Threat Intelligence that covers more than 300M+ sites instantly, BrightCloud® will add the threat intelligence for an additional number of 1+ Billion domains, evaluate 43+ Billion URLs and recognize and block malicious URLs and IPs, bringing advanced cyber protection for Business Edition users.]]></description>
            <content:encoded><![CDATA[<div>
  <img src="https://www.zenarmor.com/images/announcement/zenarmor-incorporates-brightcloud.webp" alt="Zenarmor Incorporates Brightcloud" />
</div>
<p>Today, in our quest to provide the best network security for MSSPs, businesses and enterprises anywhere and anytime, we’re pleased to announce that we are teaming up with BrightCloud® - the world’s leading cyber threat intelligence gathering / sharing community consisting of the industry’s top cybersecurity vendors.</p>
<p>Starting March 20, 2023, Zenarmor’ customers using Zenarmor Business Edition will receive enhanced cyber protection for their multi-branch organization networks. BrightCloud® will extend Zenarmor’s existing AI-based Threat Intelligence that covers more than 300M+ sites instantly by an additional 1+ Billion domains, and support the evaluation of 43+ Billion URLs to recognize and block malicious URLs and IPs. With the introduction of Zenarmor’s TLS inspection capability, we’re looking forward to introducing real-time scanning of malicious activity inside files and mobile apps by incorporating  BrightCloud’s near-real-time threat intelligence source.</p>
<p>The BrightCloud threat Intelligence service is integrated into many of the industry’s top firewall vendors, providing them with real-time web intelligence to block access to malicious URLs, IPs, files and mobile apps. This integration allows for a seamless and effective way for organizations to secure their network and protect against cyber threats.</p>
<blockquote>
<p>As a respected leader in their field, Zenarmor joins over 140 other top cybersecurity vendors using BrightCloud Threat Intelligence to enrich their solutions,” said Dena Buckman, VP Product Engineering, OpenText Cybersecurity. “Integration of BrightCloud Threat Intelligence Services with Zenarmor enables Zenarmor to provide a proactive, automated security solution to their customers for even greater threat protection.</p>
</blockquote>
<h3>How will this benefit your organization’s network security?</h3>
<p>Zenarmor Business Edition, like the rest of our products, has been developed by keeping the best interests of our partners and customers in mind. If you’re a Business Edition user, in addition to RESTful API integration, cloud-central firewall management through Zenconsole, and advanced reporting capabilities, you now have access to the world’s leading threat intelligence database powered by sixth-generation Machine Learning to keep your organization’s network protected at maximum capacity at all times.</p>
<p>Zenarmor customers using Business Edition will automatically start benefiting from the additional layer of security provided with the integration. You do not need to do anything at all. It’s fully automatic.</p>
<p>Zenarmor customers who are using Free Edition or Home/SOHO subscription tiers will continue to be protected against malicious attacks by Zenarmor’s existing Threat Intelligence (excluding the BrightCloud Database) covering 300+ Million active and 200+ Million passive domains.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/announcement/zenarmor-incorporates-brightcloud-thumbnail.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor is excited to set forth our partnership with PICOPC to bring Cybersecurity Solutions and contribute towards more robust Data Security & Protection]]></title>
            <link>https://www.zenarmor.com/announcements#zenarmor-is-excited-to-set-forth-our-partnership-with-picopc-to-bring-cybersecurity-solutions-and-contribute-towards-more-robust-data-security-and-protection</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#zenarmor-is-excited-to-set-forth-our-partnership-with-picopc-to-bring-cybersecurity-solutions-and-contribute-towards-more-robust-data-security-and-protection</guid>
            <pubDate>Wed, 22 Mar 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[PICOPC & Zenarmor Partnership Announcement]]></description>
            <content:encoded><![CDATA[<div>
  <img src="https://www.zenarmor.com/images/announcement/picopc-announcement.webp" alt="PICOPC & Zenarmor Partnership Announcement" />
</div>
<p>We are very excited to welcome PicoPC to our Global Partners Network as our new Hardware Partners.</p>
<p>UK based tech company PicoPC is one of the technology leaders in the server, small firewalls, embedded industrial PCs, HPC, storage and memory markets. They are best known for their 1U, desktop mini firewalls and embedded solutions that offer high-performance computing at affordable prices to their customers. PicoPC provides its customers with devices that serve end-to-end green computing solutions to the Cloud Computing, Telecom, Datacentres, AI (High Performance Computing) COM-HPC, Industrial Automation, In-Vehicle Systems Edge Computing, Cyber Security, IOT and IIOT markets.</p>
<p>This brand new partnership between Zenarmor and Picopc will allow users to get the best of both worlds by using the advanced cyber protection features of  Zenarmor NGFW on top of
PicoPc’s high-tech devices.</p>
<p><a href="https://picopc.co/">To celebrate the partnership, all Zenarmor customers will get a 10% discount on all PicoPC appliances!</a></p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/announcement/picopc-announcement.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[How MSSPs can leverage Zenarmor combined with open-source firewalls to increase the value of their offered services]]></title>
            <link>https://www.zenarmor.com/blog#how-mssps-can-leverage-zenarmor-combined-with-open-source-firewalls-to-increase-the-value-of-their-offered-services</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#how-mssps-can-leverage-zenarmor-combined-with-open-source-firewalls-to-increase-the-value-of-their-offered-services</guid>
            <pubDate>Tue, 14 Mar 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[There has never been a more exciting time for MSSPs. With more businesses adopting the cloud and staff working remotely from anywhere, it can be challenging for organizations to navigate this new territory, especially when it comes to providing and managing their cybersecurity requirements. Here are all the ways Zenarmor favors MSSPs.]]></description>
            <content:encoded><![CDATA[<div>
  <img src="https://www.zenarmor.com/images/blog/how-msps-can-leverage-zenarmor.webp" alt="How MSSPs can leverage Zenarmor" />
</div>
<p>If you are aspiring to run your own managed security services provider (MSSP) business or already operate one, there has never been a more exciting time for MSSPs than present. With more businesses adopting the cloud and staff working remotely from anywhere, it can be challenging for organizations to navigate this new territory, especially when it comes to providing and managing their cybersecurity requirements. Naturally, businesses are going to seek reliable and knowledgeable partners to help them navigate the challenging path of constantly fending off phishing and ransomware attacks, blocking malware, dealing with other nasty online threats in their efforts to remain compliant and keep their staff productive. This is where your services come in.</p>
<p>While MSSPs generally offer a number of bundled services to their clients, in this article we are going to focus on security services and how Zenarmor combined with well-known open-source firewalls such as OPNsense or pfSense software can help MSSPs differentiate and increase the value of their bundled services.</p>
<h2>Why is using Zenarmor with your open-source firewall a good idea?</h2>
<p>If you’ve been in the IT industry for a while, you have likely already come across or even deployed open-source firewalls such as pfSense and OPNsense for your clients, which is great. These firewalls provide many standard features businesses require to maintain their ongoing operations like VPN capabilities, IDS/IPS services, web filtering, etc. so you may be thinking; What more do I need?  Well, by simply installing the Zenarmor plugin, you have now unlocked next-generation firewall (NGFW) capabilities such as real-time deep-packet inspection, AI-powered Threat Intelligence, application/web controls and reporting which is typically only available with expensive enterprise firewall appliances. With Zenarmor, you can immediately offer these features and increase value and security to your clients with little additional effort.</p>
<h2>Why zero hardware dependency is a game changer for MSSPs?</h2>
<p>Because Zenarmor is totally software-defined, there is zero hardware dependency, meaning that you can essentially deploy Zenarmor on most off-the-shelf hardware or in the cloud across a wide choice of supported operating systems, not only limited to OPNsense or pfSense. You can also install Zenarmor on popular Unix/Linux-based operating systems like Ubuntu, RedHat, FreeBSD, and even Amazon Linux to name a few. There is no need for expensive hardware appliances and with Zenarmor’s software-defined architecture you can rapidly spin-up security services in under 10 minutes, anywhere you may need it, on-prem or in the cloud to provide immediate value to your clients. With this hardware-independent solution, even small or resource-constrained businesses can now benefit from enterprise-grade security without the need to pay high upfront costs for security appliances or commit to pricy maintenance contracts.</p>
<h2>How does an MSSP manage its clients’ Zenarmor deployments?</h2>
<p>So you may be thinking this sounds great! Providing almost instant security wherever it’s needed, and unlocking additional value from my pre-existing OPNSense or PfSense deployments all makes perfect sense, but how do I efficiently manage all these firewalls? The short answers by using Zenconsole. Zenconsole is a cloud based manager that allows MSSPs to govern all aspects of administering their clients’ Zenarmor firewall deployments including; subscriptions, upgrades, activations, and removals. Additionally, all firewall policies and configurations are managed on the clients behalf using a cloud based, single-pane of glass approach. Role-based, granular access controls are included so that you can assign individual members of your network management team the appropriate permissions needed to efficiently manage all your clients’ firewalls. Best of all, this functionally comes at no additional cost.</p>
<h2>Can Zenarmor be integrated with existing MSSP platforms and systems?</h2>
<p>Speed and efficiency of service delivery are key for any MSSP’s success and are most often achieved through the automation of tasks and workflows. Zenarmor’s RESTful API provides the ability to integrate with popular MSSP automation platforms like ConnectWise or Kaseya, allowing you to optimize billing, monitoring, and policy management via these familiar platforms. Some MSSPs may already be offering monitoring and logging services to their clients. The  good news is that Zenarmor is also capable of easily integrating with existing SIEMs, syslog, and XDR solutions by allowing all log data collected by the firewall to be streamed to these services. Zenarmor is also capable of integrating with Microsoft Active Directory and 3rd party captive portals (such as the one included in OPNsense) which allows MSSPs to define firewall policies around individual users and groups that already exist within your organization, regardless of the IP address or device they are using to access the network. Through these integrations, MSSPs can almost instantly unlock additional value for their clients with minimal effort.</p>
<h2>What other features does Zenarmor have that allow MSSP to create value?</h2>
<p>Because some of the day-to-day services offered by MSSPs are carried out in the background, the real value of the services provided may go unnoticed by the client. With Zenarmor, MSSPs have the ability to highlight their value-add  by  providing their customers with intuitive, easy-to-read reports that can be quickly customized depending on the targeted audience, so that no matter who is reading the report, anyone can understand why certain types of content were restricted or blocked entirely. The reports can also be helpful in identifying user patterns and can be used as a means to identify unwanted applications being used on the network, helping the MSSP take control over shadow IT. Automated reporting can be scheduled daily, weekly, or monthly helping MSSPs to communicate the ongoing value provided to their clients.</p>
<p>Another means of reinforcing the value the MSSP provides to its clients’ customers is through Zenarmor’s ability to create and share custom blocked landing pages. These web pages are presented to a user whenever they access a website or app that is restricted due to threats or business policies via an easy to understand landing page. The page is presented to the end user explaining why the service or content that they are attempting to access is being blocked, including an explanation of why it is a potential cyber security threat to the organization. This approach not only helps to educate the end user about potential threats but also reduces the number of support tickets created by end users querying these issues, freeing up technical help desk staff so they can focus on important tasks and requests.</p>
<h2>What does all this cost and how do MSSPs bundle these services into existing packages?</h2>
<p>So if you have made it this far, the extra value MSSPs are able to provide to their clients using Zenarmor should be pretty clear. But what does all this cost, and how does an MSSP charge its clients for these services? Fortunately, with Zenarmor this is very straightforward. Zenarmor offers a subscription-based pricing model, where an MSSP can purchase individual firewalls, each with a pool of licenses covering the number of devices connected to the network that requires Zenarmor’s protection. These licenses can be dynamically allocated throughout the organization where they are needed. Because the licenses are offered on a per-user device model, MSSPs can easily factor in these costs when creating service packages for their clients with no unexpected hidden costs or fluctuations. Licenses are offered as an annual or  multi-year subscription which helps to make the ROI calculations straightforward. As an added benefit, should an MSSP unfortunately lose a client for unforeseen reasons, licenses can easily be reallocated to another customer minimizing the financial impact to the MSSP.</p>
<h2>Some final thoughts…</h2>
<p>Zenarmor truly provides one of the most feature-rich firewall solutions for the MSSP market. With enterprise class security, zero hardware dependency, cloud-based, single pane of glass management, API integrations, and reporting, all made available through an easy to use and cost effective subscription-based model, it’s difficult not to recognize the significant value an MSSP is able to create by utilizing Zenarmor.  Don’t leave your clients unprotected. After all, they are looking to your organization to ensure the efficient and uninterrupted IT operations their business depends on.</p>
<p><a href="https://www.zenarmor.com/free-edition-plan">Try Zenarmor on a 15-day trial</a>, no credit cards required, and enjoy all the Business Edition features on offer, set up in 10 minutes or less. You’ll be glad you did.</p>
<p>Visit this page to learn more about how Zenarmor will empower <a href="https://www.zenarmor.com/managed-security-service-provider">MSSPs</a></p>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/uQbcwu-f9B0" title="Improve your cyber security using Zenarmor - an MSPs guide to creating value & income streams" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/how-msps-can-leverage-zenarmor-thumbnail.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[Changes To Our Legal Documents]]></title>
            <link>https://www.zenarmor.com/announcements#changes-to-our-legal-documents</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#changes-to-our-legal-documents</guid>
            <pubDate>Thu, 09 Mar 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[We, at Sunny Valley Cyber Security, Inc. (dba Zenarmor) have made changes to our Privacy Policy, Terms of Use, and Terms of Conditions and wanted to share the update with you.]]></description>
            <content:encoded><![CDATA[<p>Dear Users,</p>
<p>We, at Sunny Valley Cyber Security, Inc. (dba Zenarmor) have made changes to our Privacy Policy, Terms of Use, and Terms of Conditions and wanted to share the update with you.</p>
<p>Here is a summary of our key changes:</p>
<p><ins>For Privacy Policy</ins>:</p>
<p>These changes were made to comply with the latest requirements under the General Data
Protection Regulation (GDPR) regarding Standard Contractual Clauses for transfer of Personal
Data. We also have updated our business information such as our physical and email addresses for receiving notices including for DMCA, and third-party service providers list, have more clearly defined personal information, and how we notify you of changes to the policy.</p>
<p><ins>For Terms of Use</ins>:</p>
<p>These changes were made to update our business information such as our physical and email
addresses for receiving notices including for DMCA and how we notify you of changes to the
terms.</p>
<p><ins>For Terms of Service</ins>:</p>
<p>These changes were made to update our business information such as our physical and email
addresses for receiving notices including for DMCA and how we notify you of changes to the
Terms.</p>
<p>The updated Privacy Policy, Terms of Use, and Terms of Service become effective on <strong>March 9, 2023</strong>. You can access the updated documents here:</p>
<ul>
<li>Privacy Policy: <a href="https://www.zenarmor.com/legal/privacy-policy">https://www.zenarmor.com/legal/privacy-policy</a></li>
<li>Terms of Service: <a href="https://www.zenarmor.com/legal/terms-of-service">https://www.zenarmor.com/legal/terms-of-service</a></li>
<li>Terms of Use: <a href="https://www.zenarmor.com/legal/terms-of-use">https://www.zenarmor.com/legal/terms-of-use</a></li>
</ul>
<p>We encourage you to visit the links and review the new Privacy Policy, Terms of Use, and Terms of Service.</p>
<p>Notwithstanding if you continue to use our services, you are bound by these new changes to the
Privacy Policy, Terms of Use, and Terms of Service.</p>
<p>If you have any questions, please do not hesitate to contact us by sending an email to <span> <img src="https://www.zenarmor.com/images/privacy-at-zenarmor.svg" alt="privacy-at-zenarmor"> </span></p>
<p>Thank you for being part of our team.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/announcement/changes-legal-documents.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[How will Zenarmor SWG as a policy-driven cloud egress traffic filtering and control solution improve your network security?]]></title>
            <link>https://www.zenarmor.com/blog#how-will-zenarmor-swg-as-a-policy-driven-cloud-egress-traffic-filtering-and-control-solution-improve-your-network-security</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#how-will-zenarmor-swg-as-a-policy-driven-cloud-egress-traffic-filtering-and-control-solution-improve-your-network-security</guid>
            <pubDate>Mon, 13 Feb 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[In this article we are going to explore why Zenarmor SWG should be the first product to come to mind, when looking for a rapid-to-deploy, low-cost, cloud egress traffic filtering and control solution, with the ability to control all Zenarmor SWG deployments from a centralized control panel.]]></description>
            <content:encoded><![CDATA[<div>
  <img src="https://www.zenarmor.com/images/blog/policy-driven-cloud-egress-traffic-filtering.webp" alt="Policy Driven Cloud Egress Traffic Filtering" />
</div>
<p>In a previous article, I introduced Zenarmor SWG as part of a Secure Access Service Edge (SASE) architecture and we briefly discussed how Zenarmor SWG can be used to filter and control the traffic originating from cloud assets destined for the internet. In this article, we are going to drill down into this topic, and explore why Zenarmor SWG should be the first product to come to mind, when looking for a rapid-to-deploy, low-cost, cloud egress traffic filtering and control solution, with the ability to control all Zenarmor SWG deployments from a centralized control panel.</p>
<h2>Why do we need egress traffic filtering and control for cloud-based assets?</h2>
<p>Simply put, cloud assets with unrestricted internet access can potentially put your environment at risk of being attacked by opening the environment to:</p>
<ol>
<li>Easily enabling threat actors, that potentially gain a foothold on one of your cloud assets, to establish reverse shells or to call home to their remote command-and-control infrastructure.</li>
<li>Potentially enabling the exfiltration of precious and confidential company data.</li>
<li>Not being able to satisfy organizational and regulatory compliance requirements such as PCI-DSS, HIPPA, and SOC2.</li>
<li>Potentially allowing unknown or unapproved cloud applications originating from the cloud assets access to the internet, is known as shadow IT and is undesirable in most cases.</li>
<li>Not having proper visibility of egress network connections or the ability to easily monitor and log cloud egress traffic.</li>
</ol>
<p>To add further complications to this scenario, most cloud service providers, out of the box, don’t offer a comprehensive or granular means to manage and control traffic leaving the VPC or VNET via their internet gateways. Usually, these gateways filter on an IP address basis only, not being aware of FQDNs. If you have multiple VPCs or VNETS across your environment or even as part of a multi-cloud provider deployment, these filter policies will need to be replicated across all these environments which could open security gaps in your infrastructure, due to human error or negligence, and in general, could become a management nightmare for security and operations teams.</p>
<h2>How can Zenarmor SWG combined with the Zenconsole dashboard secure your cloud environment by filtering and controlling cloud egress traffic?</h2>
<p>The Zenarmor Secure Web Gateway (SWG) was specifically designed to provide an almost instant means to deploy and provide security against zero-day web-based threats, filter web content, and block ransomware, social engineering threats, and malware, wherever you may need it.</p>
<p>Through Zenarmor’ agile software-driven approach to cybersecurity, Zenarmor can easily be installed on most of the popular Unix-based operating systems, including Amazon Linux with a simple CURL command. All Zenarmor SWG instances are managed through Zenconsole, a single pane of glass dashboard, allowing for easy centralized policy management and synchronization between all your deployments. Reporting and seamless integration with SIEMs and Active Directory come standard with the business plan. Speaking about subscription plans, there is one for everyone, ranging from Free to Business, and there are no complex licenses or activations.</p>
<p>Let’s consider the below multi-cloud network architecture, and see how Zenarmor SWG can be used to secure this environment:</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/cloud-egress-traffic.webp" alt="Cloud Egress Traffic" />
</div>
<p>The architecture consists of three different cloud service providers, Azure, AWS, and DigitalOcean. Each VPC/VNET has Zenarmor SWG at the edge filtering cloud egress traffic originating from each respective network. Because Zenarmor has zero dependencies on vendor-specific hardware and is totally software-based, I have decided to show its versatility by installing an instance on Ubuntu Server, Amazon Linux, and lastly on FreeBSD.</p>
<p>All the Zenarmor SWG instances are managed through the Zenconsole dashboard which is free to use regardless of which subscription plan you are on. Zenconsole makes policy management across all Zenarmor instances easy.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/zenconsole-dashboard-home-default-view.webp" alt="Zenconsole dashboard - Home default view" />
</div>
<p><em>Figure 1: Zenconsole dashboard - Home default view</em></p>
<p>You have the choice of creating unique policies on an instance-by-instance basis or you can deploy centralized policies that synchronize to all Zenarmor SWG instances in your network, a blanket type policy essentially. Zenconsole also gives you the ability to clone policies and export/import them for reuse with other secure web gateways in your network. Another great feature is the ability to create restore points for your policies, allowing you to easily revert to a previous version of the policy if you run into any issues. All policies are synchronized in real-time.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/policy-configuration-view.webp" alt="Policy configuration view" />
</div>
<p><em>Figure 2: Policy configuration view</em></p>
<p>In this multi-cloud architecture, I have chosen to assign a unique egress policy to each Zenarmor SWG instance because each network has its own unique filtering requirements based on the APIs and update servers that require access, everything that is not explicitly allowed will be blocked by Zenarmor.</p>
<p>Now that you have a better understanding of the above network architecture, let’s readdress the security issues I described at the beginning of the article, and how we can mitigate these issues by deploying Zenarmor SWG into our network.</p>
<ol>
<li>
<p>By making use of the security and app controls built into Zenarmor, we can disable the threat actors’ ability to communicate with their command-and-control infrastructure by denying remote access like secure shell or telnet.<br><br></p>
 <div>
   <img src="https://www.zenarmor.com/images/blog/egress-policy-view.webp" alt="Egress Policy view - App Controls" />
 </div>
<p><em>Figure 3: Egress Policy view - App Controls - blocking remote access services</em><br><br></p>
</li>
<li>
<p>The threat of data exfiltration can be minimized by denying access to popular file transfer applications and services using similar app controls targeting those categories.</p>
</li>
<li>
<p>Organizational and regulatory compliance can now be satisfied by safeguarding your cloud assets using Zenarmor SWG.</p>
</li>
<li>
<p>We now have ultimate control over shadow IT, by once again using the built-in app controls in Zenarmor we can block any unauthorized application traffic from leaving our network, rendering them useless.<br><br></p>
 <div>
   <img src="https://www.zenarmor.com/images/blog/egress-policy-categories-view.webp" alt="Egress Policy view - App Controls - Categories View" />
 </div>
<p><em>Figure 4: Egress Policy view - App Controls - Categories View</em><br><br></p>
</li>
<li>
<p>While Zenarmor has a very comprehensive list of already builtin app and web control categories, there may come a time when you need to create your own exclusions or inclusions in your policy, for this, Zenarmor allows you to create black and white lists, where you can filter by an FQDN or IP address.<br><br></p>
 <div>
   <img src="https://www.zenarmor.com/images/blog/egress-policy-exclusions.webp" alt="Egress Policy view - Exclusions - White/Black List" />
 </div>
<p><em>Figure 5: Egress Policy view - Exclusions - White/Black List</em><br><br></p>
</li>
<li>
<p>Finally, not having proper visibility of your network traffic is now a thing of the past, with Zenarmor, you have the ability to view all live network sessions traversing the network. There are also comprehensive reporting features included, giving you app breakdowns, threat detections, and top blocked connections to name a few.<br><br></p>
 <div>
   <img src="https://www.zenarmor.com/images/blog/live-sessions-view.webp" alt="Live sessions view - active traffic traversing the network" />
 </div>
<p><em>Figure 6: Live sessions view - active traffic traversing the network</em></p>
<p><br><br></p>
 <div>
   <img src="https://www.zenarmor.com/images/blog/reporting-view.webp" alt="Reporting view - Blocked Traffic over time" />
 </div>
<p><em>Figure 7: Reporting view - Blocked Traffic over time</em></p>
</li>
</ol>
<p>With many enterprises relying on the cloud to remain competitive, threat actors are increasingly ready to take advantage of security gaps in this modern business landscape. Zenarmor offers a zero CAPEX subscription model, with no upfront capital expenses or exorbitant hardware or annual maintenance contracts. Simply get up and running in minutes by deploying Zenarmor on the UNIX platform of your choice, and benefit immediately from the cybersecurity on offer.</p>
<p>Can you really afford to not secure your cloud workloads using Zenarmor SWG? Try <a href="https://www.zenarmor.com/zenarmor-secure-web-gateway">Zenarmor SWG</a> for free for 15 days, with full access to the business plan, <a href="https://www.zenarmor.com/free-edition-plan">sign up</a> today!</p>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/uQbcwu-f9B0" title="Improve your cyber security using Zenarmor - an MSPs guide to creating value & income streams" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/policy-driven-cloud-egress-traffic-filtering-thumbnail.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[How to use a cloud-deployed Zenarmor SWG to secure cloud resources and users in a DIY SASE architecture]]></title>
            <link>https://www.zenarmor.com/blog#how-to-use-a-cloud-deployed-zenarmor-swg-to-secure-cloud-resources-and-users-in-a-diy-sase-architecture</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#how-to-use-a-cloud-deployed-zenarmor-swg-to-secure-cloud-resources-and-users-in-a-diy-sase-architecture</guid>
            <pubDate>Sun, 15 Jan 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[If you're an enterprise or MSSP, you can now easily deploy Zenarmor as a Secure Web Gateway solution to keep your network safe and clean from malicious attacks on the internet.]]></description>
            <content:encoded><![CDATA[<div>
  <img src="https://www.zenarmor.com/images/blog/cloud-deployed-zenarmor-swg.webp" alt="Cloud-Deployed Zenarmor SWG" />
</div>
<p>With the official announcement of Zenarmor 1.12 came a few exciting and important new capabilities for MSSP’s and Enterprise, including the ability to easily and quickly deploy Zenarmor as a Secure Web Gateway (SWG) with support for multiple unix platforms including FreeBSD, Amazon Linux, Ubuntu, CentOS and not to forget the all to familiar OPNsense firewall.</p>
<p>If you have been part of the OPNsense firewall community, it is likely that you have already come across Zenarmor, the next-generation firewall (NGFW) plugin, and its ability to inspect and control applications and web traffic traversing your network, while offering real-time protection against threats. So you may be asking yourself, how does a Secure Web Gateway (SWG) deployment differ from this? The simple answer being: it depends on where Zenarmor is deployed in your network.</p>
<p>In a traditional on-premise deployment, Zenarmor lives on your OPNSense or similar firewall, and all traffic originating from your LAN heading towards the internet is inspected and filtered. On the other hand, when we use Zenarmor as a Secure Web Gateway (SWG) we are moving our security stack away from the on-premises data center into the cloud edge, allowing us to inspect and filter egress cloud traffic as it leaves our virtual cloud network towards the internet.</p>
<p>Secure Web Gateway (SWG) solutions like Zenarmor, are described by Gartner as a solution that <em><strong>“filters unwanted software/malware from user-initiated Web/Internet traffic and enforces corporate and regulatory policy compliance. These gateways must, at a minimum, include URL filtering, malicious-code detection and filtering, and application controls for popular Web-based applications.”</strong></em> Generally, SWG solutions forms a part of the Secure Access Service Edge (SASE) network architecture, a concept also coined by Gartner in 2019, in response to the work-from-anywhere approach a lot of organization began to adopt, which unexpectedly became the new norm for a lot of organizations when the world was hit by the COVID-19 pandemic.</p>
<p>In a traditional work environment, users would be based in an office space and connect to the LAN where they can enjoy the benefits of the on-premises security stack. On the other hand, in a work-from-anywhere or work-from-home remote environment, users have little to no security as they access various SaaS services or online resources which could potentially expose the organization to unwanted cybersecurity threats.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/traditional-on-prem-network-topology-title.png" alt="Traditional On-Prem Network" />
</div>
<div>
  <img src="https://www.zenarmor.com/images/blog/traditional-on-prem-network-topology.webp" alt="Traditional On-Prem Network" />
</div>
<p>You could argue, what if I gave my remote workers VPN access to the HQ data center? The image above is a depiction of a typical solution that some organizations may have adopted, where they force all their branch network and remote worker traffic via the HQ’s data center, essentially backhauling or hairpinning traffic via the security stack implemented in the DC. This can work, however, the overall user experience can become degraded, introducing latency issues and can become a manageability and security nightmare for network administrators. This poor user experience may tempt remote workers to circumvent the VPN rather connecting directly to the SaaS services, in turn, leaving those users and your enterprise unknowingly vulnerable to cybersecurity threats as they go about their day-to-day business.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/secure-access-service-edge.webp" alt="Secure Access Service Egde Architecture" />
</div>
<p>So this is where SASE comes in, as depicted in the diagram above. All the security stack and services are moved to the cloud edge. Instead of a traditional VPN, a zero trust access network or ZTNA is used to give users limited access to the resources they need to carry out their jobs, based on least privileged principles. There are also other elements to a SASE architecture like cloud access service brokers (CASB), Data Loss Prevention etc., however, in this article our primary focus is going to be on the Secure Web Gateway and the benefits of using Zenarmor to filter egress cloud based traffic as part of the SASE architecture.</p>
<p>Now that you have a better idea of where Zenarmor SWG fits in, let’s talk about why we need to use egress filtering in our cloud environment to secure and monitor our cloud resources when they access the internet.</p>
<p>To make this concept easier to visualize, I have created the below cloud topology, which includes Zenarmor SWG on the cloud edge. In addition to this I have included some internal virtual machines simulating some workloads, and to provide identity and access management, I am using Azure AD with Azure Active Directory Domain Services to provide single-sign on (SSO). Zenarmor has also been integrated with Azure AD so that we can assign users and groups to our policies created in Zenconsole. This allows us to filter and control traffic uniquely on a per user or group basis.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/virtual-cloud-network.webp" alt="Virtual Cloud Network" />
</div>
<p>To bring the Zero Trust Network Access element into the solution, I have used Zerotier to build a private overlay network which has also been integrated with Azure AD to provide SSO. When a user connects to the network they will need to provide their Azure AD username and password and go through the multi-factor authentication (MFA) process to join the Zerotier overlay  network. Zerotier also provides a rule engine which allows us to control traffic flow within the overlay network, so for each connected device we could use a policy to only provide access to resources that individual users need to carry out their  job, which further satisfies least privilege principles.</p>
<p>I designed this to be simple and easy enough for anyone to replicate with limited resources. All of the Azure services are covered by the $200 credit you receive when signing up an account. Zenarmor has a 15-day Business Edition trial and Zerotier charges $5 per user per month for the SSO integration.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/zero-trust-overlay-network.webp" alt="Zero Trust Overlay Network" />
</div>
<p>So let’s consider the following scenario based on the above network, and the benefits of using Zenarmor SWG to filter the cloud egress traffic destined for the internet. We have virtual servers running our internal accounting and engineering departments workloads, however, these servers don’t need to access any internet resources other than the update servers to download periodic updates.</p>
<ol>
<li>
<p>The first benefit of using Zenarmor SWG in this case, is we can easily create a policy in Zenconsole to control this process, by essentially blocking all traffic except traffic to the approved update servers.</p>
</li>
<li>
<p>The second benefit of this approach is, let’s imagine these servers were compromised by a threat actor, because we are blocking all other traffic, the threat actor won’t be able to leave the network, set up a reverse shell, or call home to their C2 infrastructure or even exfiltrate data.</p>
</li>
<li>
<p>The third benefit, by using least privilege and zero-trust principles in this network architecture, is we are able to limit the threat actors ability to move laterally through the network and we can minimize the impact or ‘blast radius’ of any damages caused.</p>
</li>
<li>
<p>The fourth benefit of this approach is that Zenarmor SWG has comprehensive reporting features and the ability to view real-time connections. In this case we would be able to easily observe the egress traffic, helping us to identify any unexpected traffic trying to leave the network, giving us some insight that the server may have been compromised.</p>
</li>
</ol>
<p>Let’s consider an alternative scenario, we have remote workers accessing the cloud network resources using the Zerotier overlay network. Once they have signed in using their Azure AD accounts, each user can access the internal cloud resources needed to carry out their work based on least privileged access principles. All the users’ egress internet traffic will also be routed via the overlay network through Zenarmor SWG. The benefits of this are:</p>
<ol>
<li>
<p>All cloud egress traffic coming from the users devices can now be inspected by Zenarmor SWG, and users can benefit from the real-time threat protection against zero-day malware, ransomware, phishing attacks and botnets while leveraging Zenarmors deep packet inspection and AI-driven cloud threat intelligence. This is a far superior means of providing security to remote users in comparison to them connecting directly from their home, mobile or public networks, which in most cases has little to no security.</p>
</li>
<li>
<p>Like in the previous scenario, we can easily create policies for user groups based on their AD credentials, group or IP address and control their egress traffic using the granular web and application controls offered by Zenarmor, ultimately eliminating websites and apps that are deemed inappropriate for the workplace or are against company policy.</p>
</li>
<li>
<p>In addition to this, by leveraging Zenarmor SWG’s comprehensive reporting and real-time connection viewing capabilities, we could easily identify the applications leaving the gateway, and use this feature as a means to identify any unapproved or untrustworthy applications the users may be accessing, this is known as Shadow IT, and from the users perspective may seem innocent, however, from a security point of view ideally we don’t want users utilizing apps and services that have not been vetted and pre-approved by IT.</p>
</li>
</ol>
<p>Zenarmor SWG, is an agile software-driven approach, perfectly fulfilling the Secure Web Gateway (SWG) component of the Gartner described Secure Access Service Edge (SASE) framework, giving you the ability to easily and quickly deploy enterprise grade security anywhere in your network or cloud without the burden of managing complex licensing or expensive network appliances. Easily manage all your Zenarmor SWG deployments through a single Zenconsole dashboard, synchronizing all your policies regardless of where your Zenarmor SWG deployments are located.</p>
<p>With remote working becoming the new norm and threat actors taking advantage of your
staff, often the weakest link in your cybersecurity architecture, can you truly afford not to give them the best cybersecurity possible?</p>
<p>Try <a href="https://www.zenarmor.com/zenarmor-secure-web-gateway">Zenarmor SWG</a> on the platform of your choice with a 15-day business trial, <a href="https://www.zenarmor.com/free-edition-plan">sign up today!</a></p>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/lQhB5emRbt4" title="How to benefit from Zenarmor NGFW protection anywhere using OPNSense and Zerotier" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/cloud-deployed-zenarmor-swg-thumbnail.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor Founder & CEO Murat Balaban will set the stage for Telecom Council Roundtable with his opening presentation on the future of SASE]]></title>
            <link>https://www.zenarmor.com/announcements#zenarmor-founder-and-ceo-murat-balaban-will-set-the-stage-for-telecom-council-roundtable</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#zenarmor-founder-and-ceo-murat-balaban-will-set-the-stage-for-telecom-council-roundtable</guid>
            <pubDate>Tue, 10 Jan 2023 00:00:00 GMT</pubDate>
            <description><![CDATA[Telecom Council Roundtable will welcome major players from the technology community including Verizon, Ericsson, Orange Telecom, and Deutsche Telekom. Presentation on the future of SASE and the opportunities for innovation will be presented by Zenarmor’s Founder & CEO Murat Balaban.]]></description>
            <content:encoded><![CDATA[<div>
  <img src="https://www.zenarmor.com/images/announcement/telecom-council.webp" alt="Zenarmor CEO on Telecom Council Roundtable" />
</div>
<p>Since its announcement by Gartner in late 2019, SASE has been the focus of attention, and there needs to be more clarity around the term. To shed light on the current and future state of SASE, the Telecom Council of Silicon Valley, a telecoms think-tank whose members represent the majority of the telecoms industry, is organizing a 'Roundtable on SASE .’ SRI Headquarters in Menlo Park will host the gathering.</p>
<p>In a post-pandemic ‘borderless’ business landscape, where remote work is the new norm, organizations must take necessary measures to ensure their company network is protected at maximum capacity at all times, even with the various and sometimes unknown devices that have access to the company cloud.</p>
<p>The modern workforce is scattered, almost solely digital patterns pave the way for critical cyber-attacks and create huge security vulnerabilities in enterprise networks. The need for state-of-the-art network security has gone beyond the office buildings and has become a matter of 'anywhere, anything, anytime.</p>
<p>With organizations’ ever-growing need for advanced network security, SASE (Secure Access Service Edge) has been introduced by Gartner and is considered, by many, the future of cyber security.</p>
<p>SASE is a cloud-based network security solution that integrates networking functions and security to secure mobile and remote access, defend against threats, and ensure secure connections for users and devices.</p>
<p>Telecom Council Roundtable will welcome major players from the technology community including Verizon, Ericsson, Orange Telecom, and Deutsche Telekom. Presentation on the future of SASE and the opportunities for innovation will be presented by Zenarmor’s Founder &amp; CEO Murat Balaban.</p>
<p>Murat will discuss the confusion around the term, which he believes is created by the incumbent network and cloud security vendors. He will try to demystify the original promise of SASE, the need to deliver enterprise network security anywhere, anytime.</p>
<p>The following panel will discuss how SASE should be enhancing cyber protection for enterprises through an integrated technology suite like Zero Trust, Identity Driven protection mechanisms and significantly lower costs for a high-quality service. Ways organizations can improve agility with SASE technology will also be among the discussion topics with industry-specific tips and best practices.</p>
<p>Last but not least, Murat will also talk about the company vision and the future of Zenarmor SASE, as well as some key features of the product, such as instant deployments, fast updates, and cloud-based easy management that will eventually take any organization’s network security to the next level.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/announcement/telecom-council.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor CEO Murat Balaban joins Cloudfence CTO Julio Camargo]]></title>
            <link>https://www.zenarmor.com/announcements#why-does-an-open-source-firewall-provide-the-best-next-generation-firewall</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#why-does-an-open-source-firewall-provide-the-best-next-generation-firewall</guid>
            <pubDate>Wed, 16 Nov 2022 00:00:00 GMT</pubDate>
            <description><![CDATA[Zenarmor CEO Murat Balaban joins Cloudfence CTO Julio Camargo to deep dive into the subject 'Why does an open source firewall provide the best Next Generation Firewall?' in Cyber & Cloud Expo Portugal.]]></description>
            <content:encoded><![CDATA[<p>Long time Zenarmor partner Cloudfence CTO Julio Camargo and Zenarmor CTO Murat Balaban shared the webinar stage on Cyber &amp; Cloud Expo Portugal to talk about open source firewalls and how they benefit the cyber protection of large enterprises and smaller home networks. Murat and Julio touched on the most common challenges faced within the cybersecurity industry, and explained how open source firewalls manage to overcome them, while providing advanced network security for networks of all sizes.</p>
<div>
  <img src="https://www.zenarmor.com/images/announcement/cloudfence-event.webp" alt="Cloudfence & Zenarmor" />
</div>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/announcement/cloudfence-event.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[Introducing Zenarmor 1.12: Important New Capabilities for MSSPs and Enterprises]]></title>
            <link>https://www.zenarmor.com/announcements#zenarmor-1-12-release-for-mssps-and-enterprises</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#zenarmor-1-12-release-for-mssps-and-enterprises</guid>
            <pubDate>Fri, 28 Oct 2022 00:00:00 GMT</pubDate>
            <description><![CDATA[The latest release of Zenarmor is here, delivering a whole new level of network security for your business. Without further ado, let us introduce…]]></description>
            <content:encoded><![CDATA[<div>
  <img src="https://www.zenarmor.com/images/blog/1-12-release-new.webp" alt="Release 1.12 Blog"/>
</div>
<br/><br/>
<h2><strong>Transparent Policy Enforcement for your Employees: <br>Customizable Landing Pages for HTTPS Blocked Responses</strong></h2>
<p>With Zenarmor 1.12, whenever content is blocked the user is presented with a landing page explaining why access to certain HTTPS encrypted websites has been restricted, either by policy or Threat Intelligence.</p>
<p>For cyber security programs to be effective, it is essential for employers to limit or block access to certain HTTPS websites while also protecting the organization’s and individual employee’ confidentiality at the highest level possible. Zenarmor’s Custom Landing Pages (CLP)  helps make everyone more knowledgeable about potential threats to their organization, and at the same time reassures them that they are protected.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/customized-landing-pages-for-tls-blocks2.png" alt="Customized Landing Pages (CLP) for TLS Blokcs"/>
</div>
<p>As the Zenarmor NGFW owner you now have the ability to create Custom Landing Pages, helping employees to understand why certain HTTPS pages are blocked because they do not comply with company policies, how they could be potentially harmful, or unintentionally introduce cyber risks to your organization. This feature also has the benefits of  eliminating related calls to the helpdesk and user frustration in not understanding why they cannot access certain web content.</p>
<p>With Zenarmor1.12’s new Customizable Landing Pages, organizations can now be fully transparent about organizational policies, while delivering a safe and protected environment for everyone on your network.
<br/><br/></p>
<h2><strong>Secure Web Gateway (SWG) Solution For Enterprises</strong></h2>
<p>If you’re an enterprise network administrator, you can now deploy Zenarmor as a Secure Web Gateway on supported Linux platforms including OPNsense, FreeBSD, Amazon Linux, Ubuntu and CentOS to establish secure connections between any two devices to protect both your company and your employees against online threats.</p>
<p>Since the solution utilizes the same product infrastructure, by deploying  Zenarmor Secure Web Gateway, you will have the unmatched agility and flexibility to instantly provide secure service edge (SSE) connectivity for wherever you might have any network access.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/linux-l2-bridge-support-v2.webp" alt="Linux L2 Bridge Support"/>
</div>
<p>For Cloud workloads, the ability to  instantly deploy Zenarmor’s SWG on the platform of your choice and start enjoying Outbound or Egress controls, preventing unauthorized access by internal resources to possibly dangerous endpoints out there in the wilds of the internet.</p>
<p>Zenarmor’s NGFW and SWG solutions deliver using a zero CAPEX subscription model, resulting in significant savings by eliminating capital expenditures related to purchasing combined software and hardware firewalls with expensive annual maintenance contracts.</p>
<p>Having zero dependency on vendor specific hardware is not just beneficial during the initial deployment, but also extremely efficient and flexible for future updates. Zenarmor gives you complete control over the timeline and the costs associated with updating your firewall hardware to improve performance without additional licensing costs for your NGFW. Need to move your subscription to take advantage of  faster hardware? Simply contact us and we’ll issue a new key.</p>
<p>Need faster throughput? Reallocate your platform resources, and off you go! No changes to software licenses or subscriptions required!</p>
<h4><strong>Why are SWGs crucial for multibranch enterprises?</strong></h4>
<p>As your workforce grows, the more your organization becomes exposed to dangerous cyber activity. Increasing the number of employees connecting to the internet accessing cloud based servers increases the number of potential security gaps that can be reached through multiple devices. Zenarmor SWG lets you easily apply company policies across all connected devices to protect your servers against online attacks in real-time.</p>
<p>To remain competitive, business landscapes are changing at an ever increasing rate, with borders being removed or redefined to take advantage of the latest technology or online services.  To keep pace with these changes, leading companies are already taking the actions necessary to secure their resources and support this new and flexible way of working by deploying Zenarmor’ Secure Web Gateways.
<br/><br/></p>
<h2><strong>More Good News for MSSPs: Role-based, Granular Access Controls for Managing Customer Firewalls as a Team</strong></h2>
<p>Zenarmor is, without a doubt, the most flexible and cost effective solution for MSSPs of any size to provide next generation firewall services to their customers. Zenconsole allows you to manage all your firewall instances through a single pane of glass and save you the time and effort of going back and forth between multiple systems, logins and building scripts in an attempt to manage firewall policies across your customer’s networks.</p>
<p>Zenarmor 1.12 now offers role-based, granular access controls for firewall management. This allows you to not only share different firewalls with particular customers but also provides the ability to assign individuals with permissions for specific roles aligned with their specific needs and level of authorization.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/advanced-firewall-share.webp" alt="Advanced Firewall Share"/>
</div>
<p>Through Role-based Firewall Sharing, different customer’s employees (or partners) can now have  the delegated  ability to create policies, rulesets, schedule reports and manage firewall instances as they please without having to request permissions or ask for the changes to be made, resulting in the MSSP saving significant operational costs.</p>
<p>If you’re an MSSP interested in Zenarmor, please visit our <a href="https://www.zenarmor.com/managed-security-service-provider">Managed Security Service Providers</a> page to learn more about how our solutions support MSSPs businesses and how MSSPs can extend their service offering to their customers with a cybersecurity solution provided by Sunny Valley Network.  Or better yet, contact <a href="http://sales-at-zenarmor.com">sales-at-zenarmor.com</a> to discuss how we can help your business grow!
<br/><br/></p>
<h2><strong>Concerned about Privacy of your Zenarmor NGFW Deployment? <br/>Easily Manage your Privacy Settings</strong></h2>
<p>Everyone from Home to Government users has the ability to manage all aspects of their Zenarmor firewall deployments. Zenconsole’s cloud based management privacy settings allows users to restrict or share information about their deployment.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/management-privacy-settings.webp" alt="Management Privacy Settings"/>
</div>
<br/><br/>
<h2><strong>Working with Amazon Web Services (AWS)? <br/>Zenarmor has you covered, as well!</strong></h2>
<p>If you’re a network administrator working with Amazon Web Services, we have very good news for you!  <u>You can now install Zenarmor on Amazon Linux to benefit from advanced NGFW features for your organization.</u></p>
<p>The installation is as simple as it gets and takes less than a minute to deploy. With Zenarmor NGFW running on Amazon Linux you can ensure your delivering the best  possible cyber security for your organization by utilizing Zenarmor’s NGFW features or utilizing our SWG solution to make sure the online presence of your company and workforce is protected at all times.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/platform-amazon-linux-support3.webp" alt="Platform Amazon Linux Support3"/>
</div>
<p>If you are looking for Egress / Outbound filtering for your AWS VPC assets, you can now deploy industry’s best and most efficient solution in minutes. Instantly deploy Zenarmor on your VPC gateway and you’re all set.</p>
<div class="cta-blog">
    <a href="https://www.zenarmor.com/free-edition-plan" role="button" class="button orange-light" rel="noreferrer noopener">Start Using Zenarmor NGFW NOW</a>
</div>
<br/><br/>
<style>
    .cta-blog {
        margin-block: 2.5rem;
        display: flex;
        justify-content: center;
    }
</style>
<h2><strong>Experience the Best: 15-Day Zenarmor Business Edition Free Trial</strong></h2>
<p>Everyone who deploys Zenarmor and logs into their Zenconsole can now experience all the features Zenarmor has to offer via a 15-Day Free Trial of Zenarmor Business Edition, without having to fill in credit card details.</p>
<p>Once your initial configuration of Zenarmor is completed, you will be offered a free trial key to experience all the great features included in Zenarmor Business Edition that are loved by small offices to multi-branch enterprises, including:</p>
<ul>
<li>Protection against Malware, Phishing and Virus outbreaks</li>
<li>Advanced Analytics,</li>
<li>Automated Botnet Filtering</li>
<li>Centralized Reporting and so much more</li>
</ul>
<div>
  <img src="https://www.zenarmor.com/images/blog/free-subscription-trials2.webp" alt="Free Subscription Trials2"/>
</div>
<p>If you haven’t done so already, why not get going right away by simply logging  into your <a href="https://dash.zenarmor.com/login">Zenconsole</a> or <a href="https://dash.zenarmor.com/register/newuser">create an account</a> to start your 15-day Business Edition Free Trial today!.</p>
<div class="cta-button">
    <a href="https://dash.zenarmor.com/register/free-edition?utm_source=blog&utm_medium=web&utm_campaign=blog-cta" role="button" class="button orange-light" rel="noopener">Get Started with Zenarmor Today</a>
</div>
<br/><br/>
<style>
    .cta-button {
        margin-block: 2.5rem;
        display: flex;
        justify-content: center;
    }
</style>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/8YoOO4VrYKc?si=gFRxfjxgXI5os4ps" title="Zenconsole Cloud Management Portal" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/1-12-release-thumbnail.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[Your network security has just become stronger than ever with Zenarmor's new 1.11 release]]></title>
            <link>https://www.zenarmor.com/announcements#introducing-our-latest-release-zenarmor-1-11</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#introducing-our-latest-release-zenarmor-1-11</guid>
            <pubDate>Thu, 31 Mar 2022 00:00:00 GMT</pubDate>
            <description><![CDATA[Based on customer input, we’re very pleased to announce the release of Zenarmor 1.11. Let’s take a quick look at the new features included in Zenarmor 1.11.]]></description>
            <content:encoded><![CDATA[<h2><strong>You asked and we delivered!</strong></h2>
<p>Based on customer input, we’re very pleased to announce the release of Zenarmor 1.11.  This release includes great new features that benefit all Zenarmor users, no matter how large or small the network they’re protecting.</p>
<p>Let’s take a quick look at the new features included in Zenarmor 1.11.</p>
<h2><strong>Install Zenarmor on your Operating System of choice!</strong></h2>
<p><img src="https://www.zenarmor.com/images/blog/zenarmor_oschoice.webp" alt="Zenarmor OS Choice"></p>
<p>Building on our tradition of providing Network Administrators with the ability to deploy our Next Generation Firewall (NGFW) on their preferred OS, wherever and whenever it is needed, the latest release of Zenarmor offers users even more deployment options. This latest Zenarmor release now includes support for Ubuntu 21, world’s most popular open-source desktop operating system and the Debian 11 “bullseye” operating system which is suitable for many different use cases from netbooks to cluster systems.</p>
<p>Most firewall providers require expensive proprietary hardware that is costly to purchase and maintain. As a software provider, Zenarmor gives you the freedom of choice to deploy on the latest hardware available, or repurpose your existing servers to create high performance NGFWs. By providing support for multiple ethernet interfaces in this release,  Zenarmor’s Linux OS based NGFWs delivers state of the art network security utilizing the distribution preferred by your organization. We’ve delivered that functionality to our customers who have deployed Zenarmor with OPNsense for some time and are very pleased to provide the same capabilities to our customers running Linux.</p>
<h2><strong>Set it and Forget it: Real-time Policy Synchronization from the Cloud</strong></h2>
<p><img src="https://www.zenarmor.com/images/blog/real-time-policy-synchronization.webp" alt="Real-time Policy Synchronization"></p>
<p>Enterprise customers, as well as home and business users can now easily implement changes to their security policies from the cloud. Zenarmor 1.11 now automatically synchronizes policy changes across all Zenarmor NGFW instances deployed on your networks. Simply enable the real-time sync option from your Zenconsole (formerly Cloud Portal)  and avoid spending time manually updating and syncing policy changes ever again!!</p>
<h2><strong>Faster, Easier and More Efficient NGFW Management For Partners</strong></h2>
<p><img src="https://www.zenarmor.com/images/blog/more-efficient-ngfw.webp" alt="More Efficient NGFW"></p>
<p>No matter which open source firewall or OS you’ve made the decision to deploy, eg. OPNSense,  FreeBSD, Debian, etc., Managed Security Service Providers (MSSP’s) can now administer Zenarmor on behalf of their customers without having to interact with individual Zenarmor instances deployed across their network. Simply login to the cloud based Zenconsole and easily deliver the latest and consistent set of security policies across the network you manage for your customer.</p>
<h2><strong>Real-time Botnet Command and Control (C&amp;C) Blocking</strong></h2>
<p><img src="https://www.zenarmor.com/images/blog/real-time-botnet-cc.webp" alt="Real-time Botnet CC"></p>
<p>The increased popularity of IoT devices used in both home and corporate networks present a new set of Cybersecurity challenges. Any IoT device connected to the internet is exposed to Botnet attacks, which in turn puts all your online assets at risk.</p>
<p>With our latest release, Botnet Detection, auto-blocking is now available to help secure your network utilizing the latest cloud-based real-time Threat Intelligence database covering more than 300M sites. Zenarmor 1.11 instantly detects malicious Botnet activity and blocks them instantly across all ports and devices.</p>
<p>To enable this feature, simply head to Advanced Security, and toggle the “Botnet C&amp;C” button. It’s that easy!</p>
<h2><strong>Smart IP Detection</strong></h2>
<p>With the 1.11 release, Zenarmor can now detect, sort, analyze and block IP sources utilizing  threat intelligence. We now cover both domains and the IP addresses that are linked to them as well to identify potential malicious activity.</p>
<p>Unlike DNS based firewalls, Zenarmor effectively protects your network against encrypted DNS traffic hiding behind HTTPS encryption at the domain level. With this newly improved network security, you can easily block specific IP addresses to minimize your organizations cybersecurity risks.</p>
<h2><strong>We have more Good News for SoHo and Home Users!</strong></h2>
<h2>Less is More, especially if you’re an OPNSense user: the SQLite relational database backend is now supported!</h2>
<p><img src="https://www.zenarmor.com/images/blog/less-is-more.webp" alt="Less Is More"></p>
<p>The development team at Zenarmor is in a constant quest to provide Enterprise  grade network security capabilities even to the most resource constrained environments. Zenarmor 1.11 now provides users an option to deploy utilizing Sqlite as the relational database backend!</p>
<p>By supporting SQLite (the most widely used database engine in the world) on OPNSense, Zenarmor now delivers enterprise-grade network security for smaller environments, including home or small office networks, by eliminating the need for expensive hardware typically associated with network security.</p>
<p>SQLite provides all of the advanced analytics and reporting functionalities needed in a home or small office environment, while at the same time providing all the advantages of being a  light-weight database compared to the alternative Mongodb backend.</p>
<p>If you are a home or small business with less than 100 devices we think you’ll really appreciate this option.</p>
<p>For a deeper dive into all the new functionality included in this release, please take a look at our <a href="https://www.zenarmor.com/docs/support/release-notes">New Release Notes</a>.  While you’re at it, please be sure to <a href="https://www.linkedin.com/company/svnzenarmor/">follow us on linkedin</a> and stay up to date on the latest developments at Zenarmor!</p>
<p>Give Zenarmor 1.11 a try and let us know what you think! We’d love to hear from you.</p>
<p>If you’re not yet a Zenarmor customer, you can start your 15-day free trial with all the Business Features by clicking below.</p>
<div class="cta-blog">
    <a href="https://dash.zenarmor.com/register/free-trial" role="button" class="button orange-light" rel="noreferrer noopener">Start Your Free Trial</a>
</div>
<style>
    .cta-blog {
        margin-block: 2.5rem;
        display: flex;
        justify-content: center;
    }
    .nuxt-content p:nth-of-type(3) img{
        border:2px solid #e3e3e3 !important;
        border-radius: 5px;
    }
</style>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/jpXn3PyF6SQ" title="How to Install Zenarmor & Upgrade Your BSD/Linux to NGFW in 5 minutes" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor_1.11_release.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[William Thomas has been named Vice President of Sales.]]></title>
            <link>https://www.zenarmor.com/announcements#william-thomas-has-been-named-vice-president-of-sales</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#william-thomas-has-been-named-vice-president-of-sales</guid>
            <pubDate>Tue, 15 Feb 2022 00:00:00 GMT</pubDate>
            <description><![CDATA[Sunny Valley Cyber Security, Inc., a leading provider of network security announced today that William Thomas has been named Vice President of Sales.]]></description>
            <content:encoded><![CDATA[<p>Sunnyvale, CA - (February 15, 2022) - Sunny Valley Cyber Security, Inc., a leading provider of network security announced today that William Thomas has been named Vice President of Sales. Mr. Thomas brings more than 20+ years of sales and operations experience including most recently, launching Signavio’s (SAP) introduction to the US market as Vice President of Sales.</p>
<p>“Will has a successful track record of accelerating enterprise sales growth based on delivering positive customer outcomes. He will be instrumental in leading the development of our Sales organization, while also ensuring alignment with the Marketing and Technology teams in support of Sunny Valley’s growth initiatives,” said Murat Balaban, CEO of Sunny Valley Cyber Security, Inc.</p>
<p>I’m excited to join Sunny Valley Cyber Security and contribute to the growth of the company. Organizations need the ability to digitally transform business operations without compromising their cyber security. Traditional approaches to enterprise network security are not keeping pace with today’s rate of change in cloud-based services and supply chains. Sunny Valley’s Zenarmor® enables organizations to meet these complex challenges while also supporting the employee’s ability to work securely from any location or any device.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/announcement/will-thomas-announcement.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Landitec is now the official distributor of Zenarmor’ NGFW Plug-In]]></title>
            <link>https://www.zenarmor.com/announcements#landitec-is-now-the-official-distributor-of-zenarmor-ngfw-plug-in</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#landitec-is-now-the-official-distributor-of-zenarmor-ngfw-plug-in</guid>
            <pubDate>Thu, 20 Jan 2022 00:00:00 GMT</pubDate>
            <description><![CDATA[The German network equipment distributor Landitec® officially announces its partnership with the Californian network security solution provider Zenarmor, extending the range of high-quality open source firewall services for customers.]]></description>
            <content:encoded><![CDATA[<p>The German network equipment distributor Landitec® officially announces cooperation with the Californian network security solution provider Zenarmor, extending the range of high-quality open source firewall services for customers. By announcing this collaboration, Landitec® and Zenarmor professionally implement the fusion of high performance as well as reliable network hardware with the powerful and highly efficient Zenarmor NGFW Plug-In, resulting in providing seamless and ready-to-use enterprise-grade network security solutions. “As an experienced VAD of network equipment, we constantly strive for best possible state-of-the-art products and services in terms of network performance and security for our clients. To continuously provide these, cooperation with professional and enthusiastic business partners are indispensable. Therefore, we are proud to announce our partnership with Zenarmor and look forward to merging each other’s strengths as well as extending them together in the field of IT security”, says Yasin Imren, member of Landitec’s board of directors.</p>
<p>Extending product range for OPNsense® based firewall deployments – an essential mission for Landitec® as official OPNsense® Platinum Partner</p>
<p>Recent observations and statistics of IT technology developments clearly show that security threats and potential attacks on digital networks increase continuously with the global growth of IT infrastructures. Considering this fact, providing reliable, contemporary as well as user-friendly network security solutions is a persistent challenge Landitec® has been solving conscientiously and professionally for over fifteen years now and will continue to do so. By being official OPNsense® Platinum Partner and now also officially cooperating with Zenarmor, customers profit on demand from exclusive features and services such as: preinstalled software installation including one year OPNsense® Business Edition license without additional charge, all features of Zenarmor’ NGFW Plug-In – containing, among others, L2-L7 packet filtering, application control, user/device-based filtering, policy-based filtering, web filtering and DNS security – enabling companies to deploy firewalls on demand and secure their networks quick and easily.</p>
<p>The collaboration of Landitec® and Zenarmor is further evidence for the increasing importance and demand of secure, convenient and highly efficient firewall solutions. The long-term experience of both companies in the IT security field is going to ensure an overall satisfying product and service experience all customers can look forward to.</p>
<p>Murat Balaban, founder and CEO of Zenarmor, said “Built upon the open source heritage; and its field-proven reliability and stability, OPNsense® is a very powerful enterprise-grade firewall already offering many features available in commercial counterparts. Our idea to integrate Zenarmor™ with OPNsense® was to join two huge forces: fueling the open source legacy with the advantages of the commercial world. With such a powerful distributor like Landitec®, this will be a nuclear fusion, creating tremendous synergy. We firmly believe this partnership will disrupt the European UTM market.”</p>
<h2>About Zenarmor</h2>
<p>Actively backed by Arché Assets International, Zenarmor is a leading Secure Access Service Edge (SASE) vendor, poised to radically change how network security is being delivered. It’s all-software, lightweight and powerful packet inspection technology is an industry-first. The company boasts to provide “instant network security” for today’s perimeter-less, hyper-distributed, post-Covid world.</p>
<p><a href="https://www.zenarmor.com">https://www.zenarmor.com</a></p>
<h2>About Zenarmor</h2>
<p>Zenarmor is a versatile NGFW Plug-In solution developed by Zenarmor. Zenarmor’s lightweight and powerful technology allows organizations to launch instant firewalls on demand and easily secure environments as small as home networks or scale to multi-cloud deployments. Packet inspection core is powerful enough to protect against encrypted threats while also being so lightweight and nimble that it can even fit in very resource-constrained environments. Zenarmor is software-defined and is compatible with various applications as a Plug-In solution.</p>
<p><a href="https://www.zenarmor.com/zenarmor-next-generation-firewall">https://www.zenarmor.com/zenarmor-next-generation-firewall</a></p>
<h2>About Landitec Distribution GmbH</h2>
<p>Landitec® Distribution GmbH is a specialized distributor for network equipments located in Kamen, Germany. Landitec’s product portfolio consists of hardware solutions which are designed for purposes such as digital signage, industrial solutions, In-Vehicle appliances and embedded boxes with wide temperature range. In addition, Landitec® cooperates with well-known software companies with focus on firewall, NG firewalls, network monitoring, NAC, SD-WAN, SDN, load-balancing and more. Furthermore, supporting open source software projects is a part of Landitec’s business philosophy. The combination of high-performance hardware and open source software is enriched by Landitec’s quality management, extensive service and deep engineering experience.</p>
<p><a href="https://www.landitec.com">https://www.landitec.com</a></p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/announcement/alan-hurt-jr-unsplash.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Apache log4j Status Update]]></title>
            <link>https://www.zenarmor.com/announcements#apache-log4j-status-update</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#apache-log4j-status-update</guid>
            <pubDate>Sun, 19 Dec 2021 00:00:00 GMT</pubDate>
            <description><![CDATA[Latest information about the Apache Log4j RCE and if and how it affects Zenarmor]]></description>
            <content:encoded><![CDATA[<p>Latest information about the Apache Log4j bugs and if and how it affects Zenarmor® are explained below.</p>
<p><strong><u>Last Update:</u> December 19 1:00pm Pacific Time</strong></p>
<p>This advisory addresses the <strong>Zenarmor on OPNsense firewall</strong>. For other platforms, Zenarmor does not directly manage the installation of Elasticsearch. Please consult with your database administrators on how to take proper actions.</p>
<h2><strong>TLDR;</strong></h2>
<p>If you’re using Zenarmor with the Elasticsearch Reporting Backend (other reporting backends are not affected) on OPNsense firewall, please update your Elasticsearch packages to the <strong>5.6.8_7</strong> release. The new package updates the log4j library with the fixed, recommended version <strong>(2.17.0)</strong>, providing the final solution.</p>
<p>Just head to <em>System -&gt; Firmware -&gt; Updates</em>. Click on Check Updates. You’ll see an elasticsearch update reported (From 5.6.8_5 to 5.6.8_<strong>7</strong>). Run the update and restart the Elasticsearch service from <em>Zenarmor -&gt; Status</em>.</p>
<p>Please read on below if you would like to learn more details.</p>
<h2><strong>Background</strong></h2>
<p>Several vulnerabilities (<code>CVE-2021-44228</code>, <code>CVE-2021-45046</code>,<code>CVE-2021-45105</code> ) impacting multiple versions of the <a href="https://logging.apache.org/log4j/2.x/"><span style="color:#31beb1">Apache Log4j 2</span></a> utility was disclosed publicly on December 9 through December19, 2021. <code>Log4j</code> is a standard logging library used by many Java applications.</p>
<h2><strong>Is Zenarmor Affected?</strong></h2>
<p><strong><em>Core Product</em>:</strong>  <span style="color:#31beb1">Not affected</span><br>Not employing Java</p>
<h3>Reporting Backends:</h3>
<p><em><strong>Mongodb Backend:</strong></em>  <span style="color:#31beb1">Not affected</span><br>Not employing Java</p>
<p><em><strong>Sqlite Backend:</strong></em> <span style="color:#31beb1">Not affected</span><br>Not employing Java</p>
<p><ins><em><strong>Elasticsearch Backend:</strong></em> <span style="color:#ff9b08">Affected, Elasticsearch package update recommended.</span><br>Since Elasticsearch is coded in Java and utilizing the aforementioned log4j library, we’re closely monitoring the official updates from the <a href="http://Elastic.co">Elastic.co</a>.</ins></p>
<p><strong><u>Update:</u> December 19 1:00pm PT</strong></p>
<p>Another DoS vulnerability was discovered in log4j library. We’ve updated the Elasticsearch package to 5.6.8_7 handling all these reported CVEs. Please read below to learn how to update your Elasticsearch Reporting Backend.</p>
<p><strong><u>Update:</u> December 16 8:00am PT</strong></p>
<p>Elasticsearch updated its advisory, citing Elasticsearch 5.x as also vulnerable. Please read below to learn how to update your Elasticsearch Reporting Backend.</p>
<p><strong><u>Update:</u> December 13 2:00pm PT</strong></p>
<p>As of now (December 13, 2021), the official announcement is as such:</p>
<blockquote>
<p>“Elasticsearch is not susceptible to remote code execution with this vulnerability due to our use of the Java Security Manager, however we are making a fix available for an information leakage attack also associated with this vulnerability.”</p>
</blockquote>
<p><em>Source</em>: <a href="https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476">https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476</a></p>
<h4><strong>Final Solution:</strong></h4>
<p>We advise the following course of action.</p>
<p>We’ve shipped an updated build of Elasticsearch. Please update your Elasticsearch packages to the <strong>5.6.8_7</strong> release. The new package updates the log4j library with the fixed, recommended version <strong>(2.17.0)</strong>, providing the final solution.</p>
<p>This update handles all three reported CVEs.  (<code>CVE-2021-44228</code>, <code>CVE-2021-45046</code>, <code>CVE-2021-45105</code>)</p>
<p>Steps to update (on OPNsense):</p>
<ol>
<li>Head to <em>System -&gt; Firmware -&gt; Updates</em>. Click on Check Updates. You’ll see an elasticsearch update reported (From 5.6.8_5 to 5.6.8_<strong>7</strong>). Run the update.</li>
<li>Restart the Elasticsearch service from <em>Zenarmor -&gt; Status</em></li>
</ol>
<p>You’re done.</p>
<h3>FAQ:</h3>
<p><u>Does this update handle all three CVEs?</u></p>
<p>Yes. This update handles all three reported CVEs.  (<code>CVE-2021-44228</code>, <code>CVE-2021-45046</code>, <code>CVE-2021-45105</code>)</p>
<p><u>Are you going to switch to Elasticsearch 7.x?</u></p>
<p>Starting with OPNsense 22.1 and/or Zenarmor 1.11, new installations will automatically default to installing Elasticsearch 7.x. For those who have data on Elasticsearh 5.x, we’re planning to maintain the Elasticsearch 5.6.x release series for shipping security updates for a year more (till January 2023). Please stay in touch for updates.</p>
<div class="cta-button">
    <a href="https://dash.zenarmor.com/register/free-edition?utm_source=blog&utm_medium=web&utm_campaign=blog-cta" role="button" class="button orange-light" rel="noopener">Get Started with Zenarmor Today</a>
</div>
<br/><br/>
<style>
    .cta-button {
        margin-block: 2.5rem;
        display: flex;
        justify-content: center;
    }
</style>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/apache-log4j.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor 1.10 A Much Better Cloud Portal!]]></title>
            <link>https://www.zenarmor.com/announcements#zenarmor-better-cloud-management</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#zenarmor-better-cloud-management</guid>
            <pubDate>Sat, 16 Oct 2021 00:00:00 GMT</pubDate>
            <description><![CDATA[After a four-month marathon, we’re super excited to announce the public availability of Zenarmor 1.10 release. Managing your Zenarmor instances becomes a lot easier thanks to the new capabilities introduced with the Cloud Management Portal.]]></description>
            <content:encoded><![CDATA[<blockquote>
<p>After a four-month marathon, we’re super excited to announce the public availability of Zenarmor 1.10 release. Managing your Zenarmor instances becomes a lot easier thanks to the new capabilities introduced with the Cloud Management Portal.</p>
</blockquote>
<p>Also important to note, you are now able to deploy Zenarmor as an L2 Filtering Bridge. Please read on to learn more about all the new exciting features 1.10 is bringing to you.</p>
<h2>Cloud Central Management</h2>
<p>With Zenarmor, our mission is to &quot;bring network security closer to wherever you have networking”. In accomplishing this goal, central management is a key piece. With this release, we’ve taken a huge step to provide the foundation for managing hundreds and even thousands of firewalls from a single pane of glass.</p>
<h3>Cloud Agent has been re-written from scratch. Long live Golang!</h3>
<p>The new cloud agent is now benefitting from the unmatched performance, concurrent processing, and resource-preserving capabilities of the Golang programming language. Golang supports a long list of platforms, which makes it a lot easier for us to be able to support additional platforms in the future. With 1.10, you’ll notice that the cloud agent is consuming a lot less CPU and memory.</p>
<h3>Cloud Alerts &amp; Notifications</h3>
<p>Customizable notifications allow you to be notified of important Zenarmor events on your firewalls. Central notifications can be delivered through the Portal UI and/or via e-mail.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/zenarmor-notifications.webp" alt="Zenarmor Notifications" />
</div>
<p><strong>Figure 1.</strong> <em>Zenarmor Notifications</em></p>
<h3>All Firewalls Dashboard</h3>
<p>This is a bird’s eye view of all your connected firewalls displaying their system statuses, threat levels, and top bandwidth consumer hosts and applications.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/all-firewalls-dashboard.webp" alt="All Firewalls Dashboard" />
</div>
**Figure 2**. *All Firewalls Dashboard*
<h3>Subscriptions are now available for the new platforms</h3>
<p>If you are on one of the newly introduced platforms (FreeBSD, Linux) and want to use Zenarmor’s advanced paid features on them, you can do it now through the Cloud Portal. Just head to My Firewalls -&gt; Select your firewall -&gt; Settings -&gt; Subscriptions. Enter your activation key and you’ll be done in seconds. You can move your key between firewalls on different platforms. Just make sure a single key is only activated on a single firewall.</p>
<h2>Transparent Filtering Bridge (L2 Deployment Mode)</h2>
<p>Deploy your Zenarmor as a Secure Web Gateway alongside another firewall (L2 Bridge)</p>
<p>Manage it either through the OPNsense Web UI or centrally through the Zenarmor Cloud Portal.</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/all-firewalls-dashboard.webp" alt="Zenarmor Configuration" />
</div>
**Figure 3.** *Zenarmor Configuration*
<h2>MAC Address based policies</h2>
<p>Device-based filtering is now possible with MAC Address based policies. This allows you to filter devices independent of their IPv4 / IPv6 addresses. Reports also display the device hardware addresses. Drill down to filter reports and view them with per-device granularity.</p>
<h2>NFQUEUE deployment mode (Linux-only)</h2>
<p>If you’re on a Linux system and do not want to use netmap for the packet I/O interface, you can now select NFQUEUE as the deployment mode. Since NFQUEUE is pretty standard in all Linux systems, it’s a very convenient way to do filtering &amp; reporting.</p>
<h3>Lots of more features on the Release Notes</h3>
<p>Feel free to have a look at <a href="https://www.zenarmor.com/docs/support/release-notes#110----oct-14-2021">1.10 Release Notes</a> which discusses all the new features, improvements and bug-fixes that are shipping with 1.10.</p>
<p>Let’s keep in touch</p>
<p>Follow us on social media and join the conversation in Zenarmor’s Reddit channel and OPNsense forums:</p>
<ul>
<li><a href="https://twitter.com/zenarmor">Twitter</a></li>
<li><a href="https://www.reddit.com/r/zenarmor/">Reddit</a></li>
<li><a href="https://forum.opnsense.org/index.php?board=38.0">OPNsense forums</a></li>
</ul>
<p>All the best from your Zenarmor team</p>
<p>Enjoy!</p>
<div class="cta-button">
    <a href="https://dash.zenarmor.com/register/free-edition?utm_source=blog&utm_medium=web&utm_campaign=blog-cta" role="button" class="button orange-light" rel="noopener">Get Started with Zenarmor Today</a>
</div>
<br/><br/>
<style>
    .cta-button {
        margin-block: 2.5rem;
        display: flex;
        justify-content: center;
    }
</style>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/YKF95aO9vbI" title="How to Register OPNsense Node to Zenportal in a Minute" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-1-10.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[Sensei is now Zenarmor]]></title>
            <link>https://www.zenarmor.com/announcements#sensei-is-now-zenarmor</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#sensei-is-now-zenarmor</guid>
            <pubDate>Tue, 14 Sep 2021 00:00:00 GMT</pubDate>
            <description><![CDATA[As of today we're thrilled to announce that we'll be rebranding Sensei as Zenarmor. We’ll be getting a new logo with a new brand name, but our beloved next generation firewall plug-in will remain the same.]]></description>
            <content:encoded><![CDATA[<p>As of today we’re thrilled to announce that we’ll be rebranding Sensei  as  <strong>Zenarmor</strong>.  We’ll be getting a new logo with a new brand name, but our beloved next generation firewall plug-in will remain the same.</p>
<!--more-->
<p>You’ve known and loved Sensei as the popular Next Generation Firewall plug-in for the OPNsense open source firewall. As the creators of Sensei, we’ve been fortunate enough to have been providing the product to the elite OPNsense community. Working with you, we’ve received tons of precious feedback which eventually helped Sensei grow as one of the most promising solutions in the world today.</p>
<p>Over the last few months, we have poured our hearts and souls into creating a new name that would more accurately depict who we are and what we are born to accomplish:</p>
<p><strong>“Delivering enterprise-grade network security at agile speeds. Anywhere and Anytime.”</strong></p>
<p>With the new name, we wanted to convey that the product you’ve been using with love is a peaceful, light-weight, agile and yet powerful protector of your digital assets.</p>
<p>Choosing a name that can tell all about this with a single word was not an easy task. It was as hard as creating the product itself!</p>
<p>We were lucky. <strong>Zenarmor</strong> stood out as the perfect match with our mission!</p>
<h2>New name, new logo – same product you know and love</h2>
<p>The product has a new name and logo. The rest stays the same, even better. Most of the changes you’ll notice are cosmetic, including</p>
<ul>
<li>
<p>A new logo</p>
</li>
<li>
<p>New brand name</p>
</li>
<li>
<p>Some updates on our website, subscription plans, documents and communication tools</p>
</li>
</ul>
<p>In the spirit of rebranding, we will continue to commit to our customers and provide the same, or better, level of professionalism you have experienced. We’d like to take the opportunity to thank our loyal customers and business partners for your trust and friendship in business.</p>
<h2>Next Episode</h2>
<p>With Zenarmor<span class="registered">®</span> 1.10 (ex. Sensei), you’l notice that OPNsense menu bar displays both names as “Sensei (Zenarmor)”, and all the other Sensei name references have been replaced with the new brand name.</p>
<p>All functional parts stay the same <strong>(including the os-sensei-* packages).</strong></p>
<h2>We want to hear from you</h2>
<p>As stated, changes have been kept at the cosmetic level so that while you are enjoying <strong>Zenarmor</strong>, your experience will be staying the same if not better. For now, all you need to do is to stay in touch :)</p>
<p>As you notice changes in our branding, signs, and promotions, we would certainly love to connect with you. Feel free to reach out with any thoughts, requests, or compliments. If you enjoy social media, please connect with us.</p>
<p>You can follow our announcements through our Blog, social channels; or just feel free to shoot an email to <span><img src="https://www.zenarmor.com/images/hi-at-zenarmor.svg" alt="hi-at-zenarmor" /></span> with your comments and suggestions. Your opinion means a lot to us.</p>
<ul>
<li><a href="https://www.zenarmor.com/blog">Sunny Valley Blog</a></li>
<li><a href="https://twitter.com/sunnyvalley">Sunny Valley Twitter</a></li>
<li><a href="https://forum.opnsense.org/index.php?board=38.0">Zenarmor Board at OPNsense Forums</a></li>
<li><sup style="color:#FF3467">NEW</sup> <a href="https://twitter.com/zenarmor">Zenarmor Twitter</a></li>
<li><sup style="color:#FF3467">NEW</sup> <a href="https://www.reddit.com/r/zenarmor">Zenarmor Reddit</a></li>
</ul>
<p>Enjoy!.</p>
<p>Best</p>
<p>Your Zenarmor team at <a href="https://www.zenarmor.com">Zenarmor</a>!</p>
<p><sub><sup><em>Photo by <a href="https://unsplash.com/@shikhamajhi">Shikha Majhi</a> on <a href="https://unsplash.com/photos/YylwH0qWMz4">Unsplash</a></em></sup></sub></p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/announcement/sensei-is-now-zenarmor.png" length="0" type="image/png"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor is recommended by the Regulatory Authority of the Republic of Lithuania]]></title>
            <link>https://www.zenarmor.com/announcements#regulatory-authority-of-the-republic-of-lithuania-recommends-zenarmor</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#regulatory-authority-of-the-republic-of-lithuania-recommends-zenarmor</guid>
            <pubDate>Tue, 15 Dec 2020 00:00:00 GMT</pubDate>
            <description><![CDATA[Regulatory Authority of the Republic of Lithuania (RRT) recommends Zenarmor as the go-to network protection solution for all nationwide academic institutions like schools, colleges, universities and libraries.]]></description>
            <content:encoded><![CDATA[<div>
  <img src="https://www.zenarmor.com/images/blog/rrt-blog-image.webp" alt="RRT Recommend Zenarmor" />
</div>
<p>The internet has not only significantly changed communication styles, but it has also redefined the entire education system. Students and learners do not have to get lost in encyclopedias any longer, instead, they have a new way of doing research, the ability to think critically to compare resources of information and the opportunity to come up with authentic ways to express themselves.</p>
<p>Unfortunately, the internet can also be a gateway to harmful and inappropriate content, especially for young people. School safeguarding policies are crucial to keep students safe both online and offline. Most countries enforce legislations which require schools to have an appropriate content filtering and monitoring service that controls what kind of websites students can access through the schools’ networks.</p>
<p>Safer Internet Section of the Communications Regulatory Authority of the Republic of Lithuania (RRT), conducts a strict evaluation system to decide which content filtering services are suitable to be officially recommended for educational institutions within the Republic of Lithuania.</p>
<p>The RRT starts by identifying potentially appropriate content filtering providers, and performing virtual tests that focus on crucial aspects for school network protection such as Web Based Proxy sites, Application Control, and Web Categorization.</p>
<p>A powerful content filtering system applies specific parameters to content that is being received through the internet, and makes the decision to restrict or allow access to certain materials on websites or in emails. It is usually a part of a firewall.</p>
<p>During the evaluation of Zenarmor, virtual machines were put to use. Two virtual clients were connected to the virtual OPNsense Firewall / Router with Zenarmor to assess the content filtering and web categorization functionalities of the product.</p>
<p>After a thorough analysis, RRT now officially recommends Zenarmor as a suitable content filtering provider for all nationwide academic institutions like schools, colleges, universities and libraries.</p>
<p>Find the official statement from Communications Regulatory Authority of the Republic of Lithuania approving Zenarmor <a href="https://www.rrt.lt/wp-content/uploads/2020/10/Aprobavimo_isakymas_2020-10-23_SENSEIsuOPNsense_nuorasas.pdf">here</a>.</p>
<p>Looking to secure your school network? Find out more about what Zenarmor has to offer for the EDU landscape <a href="https://www.zenarmor.com/education">here</a>.</p>
<div class="cta-button">
    <a href="https://dash.zenarmor.com/register/free-edition?utm_source=blog&utm_medium=web&utm_campaign=blog-cta" role="button" class="button orange-light" rel="noopener">Get Started with Zenarmor Today</a>
</div>
<br/><br/>
<style>
    .cta-button {
        margin-block: 2.5rem;
        display: flex;
        justify-content: center;
    }
</style>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/lithuania-blog-images.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[Status on the netmap improvement efforts for OPNsense 20.7]]></title>
            <link>https://www.zenarmor.com/announcements#status-on-the-netmap-improvement-efforts-for-opnsense-20-7</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#status-on-the-netmap-improvement-efforts-for-opnsense-20-7</guid>
            <pubDate>Sat, 25 Jul 2020 00:00:00 GMT</pubDate>
            <description><![CDATA[Status on the netmap improvement efforts for OPNsense 20.7]]></description>
            <content:encoded><![CDATA[<p>As some of you already know, Zenarmor is sponsoring a second round of improvement efforts on the upstream project and FreeBSD side. OPNsense 20.7 is expected to be released <a href="https://forum.opnsense.org/index.php?topic=18227.0">next week (July 30, 2020)</a>. So, we get many questions from Zenarmor® and Suricata users with regard to the status of our netmap improvement efforts and whether they landed on OPNsense 20.7.</p>
<p>Latest Update: July 31, 2020 12.10 pm</p>
<h2>TL;DR – Q<strong>strong text</strong>uick Answer</h2>
<p>Unfortunately not yet.</p>
<h2>So, what’s the netmap status with OPNsense 20.7 stock kernel?</h2>
<p>OPNsense 20.7 is based on HardenedBSD/FreeBSD 12.1. In the overall, we saw improvements with some drivers while experiencing regressions with some. For some drivers, the situation seems to be the same. See below table for a detailed overview. If you’re using Zenarmor and/or Suricata with any of the problematic drivers, you should be careful:</p>
<table>
<thead>
<tr>
<th>Drivers</th>
<th>Interface</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Drivers tested and in working condition</strong></td>
<td>igb, ix, ixl, mlx4en</td>
</tr>
<tr>
<td><strong>Drivers that are in partial working condition</strong></td>
<td>em (VLANs do not work)</td>
</tr>
<tr>
<td><strong>Drivers that needs testing and verification</strong></td>
<td>bge, xn, hn, re (without VLANs ok, needs VLAN testing)</td>
</tr>
<tr>
<td><strong>Drivers that FAIL to work</strong></td>
<td>vtnet, vmx (Kernel race condition leading to panic)</td>
</tr>
<tr>
<td><strong>Drivers not supported</strong></td>
<td>tun, lagg, bridge</td>
</tr>
</tbody>
</table>
<p>OPNsense 20.7 (FreeBSD 12.1) netmap status</p>
<h2>So, where are we now? When can we expect improvements with regard to problematic/unsopported drivers?</h2>
<p>We’ve already started the work on the upstream project side: <a href="https://github.com/luigirizzo/netmap/issues/706">netmap</a>. The project has two main objectives:</p>
<ol>
<li>
<p>Quickly fixing reported bugs in such a manner that they are quickly made available for FreeBSD -&gt; HardenedBSD -&gt; OPNsense.</p>
</li>
<li>
<p>Improving device-driver support for netmap. We’ll be focusing on providing netmap support for tun, lagg and bridge interfaces.</p>
</li>
</ol>
<p>The former will increase netmap stability and reliability to a great deal, while the latter will provide the long-awaited capability to be able to protect VPN (OpenVPN, Zerotier, Wireguard etc), Bridge and LAGG interfaces.</p>
<p>Thanks to netmap maintainers being fast to respond and fix, our first two reported problems are now fixed in the upstream project. vtnet crash fix has already been integrated into FreeBSD 12-STABLE. em VLAN patch is awaiting review and it’s highly likely that it’ll land on 12-STABLE soon.</p>
<p>You can view the current project status here: <a href="https://docs.google.com/spreadsheets/d/1RVj8K3XOzWi-Bkjq6hUxWudu7Cxd8FFTqjLiBMzZWEM/edit#gid=0">Google Docs – Netmap status as of OPNsense 20.7 RC1</a></p>
<h2>When can we test / use the enhanced netmap support?</h2>
<p>We hope to provide a netmap test kernel around late August / September this year. But it’s highly likely that OPNsense will start landing them on the project starting with OPNsense 20.7.1 or 20.7.2.</p>
<h2>How can I help?</h2>
<p>Testing the stock / test netmap kernel with different drivers and providing feedback through either:</p>
<ol>
<li>
<p><a href="https://forum.opnsense.org/index.php?topic=17363.45&amp;msg=new">OPNsense Forum</a></p>
</li>
<li>
<p><a href="https://docs.google.com/spreadsheets/d/1RVj8K3XOzWi-Bkjq6hUxWudu7Cxd8FFTqjLiBMzZWEM/edit#gid=0">Google Docs Worksheet – Netmap status as of OPNsense 20.7 RC1</a></p>
</li>
<li>
<p>Sunny Valley Support Portal: <a href="https://help.zenarmor.com/hc/en-us">Zenarmor Support Portal</a></p>
</li>
</ol>
<p>This would be of great help since we need to spot problems to be able to start fixing them. Your help is much appreciated.</p>
<div class="cta-button">
    <a href="https://dash.zenarmor.com/register/free-edition?utm_source=blog&utm_medium=web&utm_campaign=blog-cta" role="button" class="button orange-light" rel="noopener">Get Started with Zenarmor Today</a>
</div>
<br/><br/>
<style>
    .cta-button {
        margin-block: 2.5rem;
        display: flex;
        justify-content: center;
    }
</style>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/c6VeSws1hrA" title="Zenarmor INSIDER NEWS - Netmap driver improvements & why the company changed its name" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/sensei-1-7.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[How OPNsense and Zenarmor Next Generation Firewalls Help Schools Optimize their Networks and Increase Security]]></title>
            <link>https://www.zenarmor.com/blog#how-opnsense-and-zenarmor-next-generation-firewalls-help-schools-optimize-their-networks-and-increase-security</link>
            <guid isPermaLink="false">https://www.zenarmor.com/blog#how-opnsense-and-zenarmor-next-generation-firewalls-help-schools-optimize-their-networks-and-increase-security</guid>
            <pubDate>Thu, 21 May 2020 00:00:00 GMT</pubDate>
            <description><![CDATA[Typical educational institution computer networks, from K-12 to College and Universities, are much like enterprise networks. Devices ranging from mobile phones to tablets, desktop computers,…]]></description>
            <content:encoded><![CDATA[<p>Typical educational institution computer networks, from K-12 to College and Universities, are much like enterprise networks. Devices ranging from mobile phones to tablets, desktop computers, and servers for school districts and colleges can number at least 500 to 1000 and need network security as well as proper access controls, similar to enterprise networks. Both enterprise and school networks also need the following IT resources as Next Generation Firewalls features:</p>
<ol>
<li>Routing and Firewalls</li>
<li>Traffic Shaping and Bandwidth Quotas</li>
<li>Virtual Private Network (VPN)</li>
<li>Captive Portal</li>
<li>IPS-based protection</li>
<li>Realtime protection against emerging threats</li>
<li>Active Directory or LDAP Integration</li>
<li>Web content filtering</li>
<li>Url filtering</li>
<li>High Availability</li>
</ol>
<p>Schools however have additional internet security needs and legal liabilities that include the <a href="https://www.fcc.gov/consumers/guides/childrens-internet-protection-act">Children’s Internet Protection Act</a> (CIPA), enacted by Congress in 2000 to address concerns about children’s access to obscene or harmful content over the Internet. CIPA requires that Internet safety policies are in place that includes technology protection measures that must block or filter Internet access to pictures including: (a) obscene; (b) child pornography; or © harmful to minors (for computers that are accessed by minors).</p>
<p>And although the technology requirements are similar between enterprises and schools, the budgets are not. With OPNsense and Zenarmor, however, school districts and colleges now have a solution that can meet all of these requirements yet still have the protection of a Next Generation Firewalls at under $1 per device.</p>
<h2>Solution: OPNsense + Zenarmor</h2>
<p>OPNsense is one of the best open-source firewalls out. It is an easy-to-use HardenedBSD-based firewall and routing platform that includes most of the features available in expensive commercial firewalls, and more in many cases. It brings the rich feature set of commercial offerings with the benefits of open and verifiable sources. The operating system is based on HardenedBSD, which is a security-hardened version of FreeBSD. FreeBSD is the operating system that you’ll find lying under the hood for companies such as Netflix and Yahoo!</p>
<p>The Firewall implementation for FreeBSD is pf and IPFW packet filters, both are considered two of the most mature packet filtering systems. OPNsense also provides its users with a powerful packet shaping and bandwidth management system called ALTQ, which is again courtesy of the strong underlying operating system.</p>
<p>OPNSense has an IDS/IPS capability fused into the product. The underlying technology is Suricata, which is what you’ll see if you unbox many commercial products that are on the market today. They even offer free and paid versions of the Emerging Threats ruleset.</p>
<p>With OPNsense, you’re also not limited to one solution for VPN access. You have several options like IPSec, OpenVPN, and the newly introduced Wireguard without user limits.</p>
<p>Installing, configuring, and using OPNsense is a no-brainer thanks to its intuitive interface. You will never need to access the “black console” to do maintenance or operation. Everything can be done over the beautifully designed web interface.</p>
<p>Finally, OPNsense is a live project that ships two major updates as well as a dozen minor updates every year. Because of its security-centric approach, critical security vulnerabilities also get patched within a very short time.</p>
<h2>What about Next Generation Firewalls (NGFW)?</h2>
<p>OPNsense also has a very flexible plugin architecture that makes it easy for developers to add new functionality to the firewall. Leveraging OPNsense’s architecture, Zenarmor has developed an easy-to-install plug-in that empowers OPNsense with Next Generation Firewalls features.</p>
<p>Zenarmor Free Edition is made available at no cost to OPNsense users. The Premium Subscription offers more advanced features and can be purchased through the Zenarmor web user interface.</p>
<p>Because the Premium Subscription is not priced as a complete firewall, the OPNsense + Zenarmor combination is the best solution on the market in terms of price and value.</p>
<p>The technology behind Zenarmor is a very powerful packet analysis engine that can also provide protection against encrypted cyber-attacks.</p>
<h2>Key Zenarmor features include:</h2>
<ul>
<li>Commercial grade web/content filtering and ad blocking for 140+ million sites</li>
<li>Auto-filtering against emerging malware, virus, and phishing attacks</li>
<li>User/Group based security with Microsoft Active Directory or OPNsense LDAP integration.</li>
<li>User access control with Captive Portal</li>
<li>Application-based filtering</li>
<li>Best-in-class network reporting and analytics</li>
<li>Policy-based filtering</li>
<li>Encrypted attacks protection</li>
</ul>
<h3>What Our Customers Have to Say:</h3>
<blockquote>
<p>We have been using Sunny Valley’s Zenarmor with our OPNsense Firewall
Cluster for 3 months now and are very excited about the performance.
Thanks to the additional features such as “Web Security &amp; Cloud App
Controls” or “User-based filtering”, our firewall now acts as a
complete Next Generation Firewall. Thanks to the fair price model, a
professional solution like the Zenarmor Plugin is now also accessible to
schools with a limited budget. The professional team at Sunny Valley
knows how to help at any time.</p>
</blockquote>
<p>“<em>Kantonsschule Frauenfeld (Cantonal School Frauenfeld)”</em></p>
<h2>Conclusion</h2>
<p>While firewall technology requirements for educational institutions are similar to enterprises, school budgets are not. With OPNsense and Zenarmor, school districts and colleges now have a solution that can not only meet all of an educational institution’s requirements but also have the protection of a Next Generation Firewall with amazing filtering capabilities like content filtering etc. all at under $1 per device.</p>
<p>More information about SunnyValley Networks and Zenarmor can be found here:</p>
<p>Web: <a href="https://www.zenarmor.com">Zenarmor</a>
Apply for Edu Discount: <a href="https://www.zenarmor.com/edu-discount">Zenarmor Edu Discounts</a></p>
<h2>Watch Now</h2>
<iframe width="100%" height="515" src="https://www.youtube.com/embed/Hvz1qhNBZdo" title="How to Install Zenarmor and Upgrade Your OPNsense to NGFW in 5 Minutes" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/mimi-thian-unsplash-scaled.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor Premium Features Guide released]]></title>
            <link>https://www.zenarmor.com/announcements#zenarmor-premium-features-guide-released</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#zenarmor-premium-features-guide-released</guid>
            <pubDate>Sat, 04 Jan 2020 00:00:00 GMT</pubDate>
            <description><![CDATA[Zenarmor Premium Features extend the capabilities of OPNsense to include advanced security and threat protection with near-real-time threat feeds]]></description>
            <content:encoded><![CDATA[<p>Zenarmor Premium Features extend the capabilities of OPNsense to include advanced security and threat protection with near-real-time threat feeds, web, user and policy-based filtering, SIEM data integration, API access, reporting, and compliance capabilities as well as 24/7 help desk support. The features highlighted below extend the functionality of OPNsense to provide true Next-Generation Firewall (NGFW) protection.</p>
<p>The complete guide can be found on the <a href="https://help.zenarmor.com/hc/en-us/articles/360041204433">Zenarmor Premium Features Guide</a>.</p>
<h2>Security</h2>
<p><strong>Advanced Threat Protection</strong></p>
<p>Zenarmor Premium provides Advanced Threat Protection against the latest malware, viruses and phishing attacks by blocking websites that are known to host malware and viruses and launch phishing attacks. With SunnyValley’s Advanced Threat Protection feed, users are provided with near-real-time commercial-grade threat tracking and protection.</p>
<p><strong>Suspicious Domain Blocking</strong></p>
<p>Zenarmor Premium blocks suspicious domains including expired domains, hacked and newly registered domains (NRDs) favored by threat actors for launching malicious campaigns. Research shows that NRDs, for example, are risky, revealing malicious usage of NRDs for phishing, malware, and online scams. In addition, Sense Premium also blocks any expired DynDNS sites.</p>
<h2>Reporting</h2>
<p><strong>Customized Reporting</strong></p>
<p>Zenarmor Premium provides you with the capabilities to create your own reporting views.</p>
<p><strong>PDF Export</strong></p>
<p>With a single click, you can export reports and charts as PDF files.</p>
<h2>Filtering &amp; Compliance</h2>
<p>Customized Landing Pages for Blocked Sessions</p>
<p>With Zenarmor Premium, IT administrators can create custom response web pages that are displayed when a user tries to access a blocked URL. With custom HTML pages, messages are displayed when a user requests a web page or file.</p>
<p><strong>Web and URL Filtering</strong></p>
<p>Zenarmor Premium lets administrators create customizable web filtering profiles and policies based on a cloud-based web categorization of 140+ Million web sites under 60+ categories.</p>
<p><strong>Policy-based Filtering</strong></p>
<p>Policy-based controls let users create an unlimited number of policies to customize filtering and controls for different groups of users. With Zenarmor Premium, an unlimited number of policies can be created based on Network Interfaces, VLANs, Subnet / IP addresses and users/groups. All policies are controlled via the Policy Wizard.Filtering Policies by Interface/VLAN and IP/Network Address.</p>
<p>Enter the VLAN number and IP/Network Address.Users and Groups and Schedule Filtering</p>
<p>By enabling Captive Portal or installing the Zenarmor Active Directory Agent on an Active Directory server, users can be added to OPNsense for user-based filtering.</p>
<h2>Integrations</h2>
<p>Zenarmor Premium can stream data to external, remote Elasticsearch or MongoDB servers for log parsing and Security Information and Event Management (SIEM) system integration. In the <strong>Configuration</strong> section of the Zenarmor OPNsense portal select the <strong>Reporting and Data tab.</strong></p>
<h2>API Access</h2>
<p>Zenarmor Premium provides API access for Zenarmor engine configuration and management. Rest API Security Tokens can be created by navigating to Configuration and scrolling down to REST API Security Tokens.</p>
<h2>Support</h2>
<p>Premium Support provides access to the Zenarmor Help Desk. Through the Help Desk, users can access configuration and access information, create high-priority support tickets for SVN engineers that are available 24/7.</p>
<div class="cta-button">
    <a href="https://dash.zenarmor.com/register/free-edition?utm_source=blog&utm_medium=web&utm_campaign=blog-cta" role="button" class="button orange-light" rel="noopener">Get Started with Zenarmor Today</a>
</div>
<br/><br/>
<style>
    .cta-button {
        margin-block: 2.5rem;
        display: flex;
        justify-content: center;
    }
</style>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-premium-features.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[Zenarmor HOME Subscription Now Available for OPNSense]]></title>
            <link>https://www.zenarmor.com/announcements#zenarmor-home-subscription-now-available-for-opnsense</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#zenarmor-home-subscription-now-available-for-opnsense</guid>
            <pubDate>Fri, 29 Nov 2019 00:00:00 GMT</pubDate>
            <description><![CDATA[Zenarmor Home brings advanced security to OPNsense Home users. You can easily subscribe to the Home Edition via the Zenarmor User Interface.]]></description>
            <content:encoded><![CDATA[<p>Sooner than we promised, we are happy to announce that the Zenarmor Home Subscription for Home Users is available with Zenarmor 1.2, released today. Priced at $9.99 per month or $99 per year, Zenarmor Home brings advanced security to OPNsense Home users. You can easily subscribe to the Home Edition via the Zenarmor User Interface. Below is the list of all new features that are shipping with Zenarmor 1.2</p>
<h2>Zenarmor Home Subscription</h2>
<p>Priced $9.99/month or $99/year, Zenarmor Home Subscription is available for OPNsense Home users. Until December 31, 2019, Zenarmor Home will be available for up to 50 devices.</p>
<p>With in-app purchase option, you can now purchase Zenarmor Home easily through Zenarmor User Interface:</p>
<div>
  <img src="https://www.zenarmor.com/images/blog/upgrade-to-premium-subscription.png" alt="Upgrade to Premium Subscription" />
</div>
<h3>Performance:</h3>
<ul>
<li>UI responsiveness has been increased considerably</li>
</ul>
<h3>Reporting:</h3>
<ul>
<li>
<p>Fully Customizable Dashboard. You can now choose which Charts gets displayed in your Zenarmor Dashboard</p>
</li>
<li>
<p>Scheduled Reports are now available for Mongodb backend</p>
</li>
<li>
<p>Security Reports: “Block Message” added as a filter for Security Reports</p>
</li>
<li>
<p>Bug-fix: Mongodb auto start problem resolved</p>
</li>
<li>
<p>Bug-fix: Mongodb backend: Top Destinations Heatmap</p>
</li>
<li>
<p>Bug-fix: OPNsense Zenarmor Dashboard Widget fixed to handle an error condition</p>
</li>
</ul>
<h3>Other:</h3>
<ul>
<li>
<p>Shortcut to Contact Zenarmor Team directly and easily from Zenarmor User Interface</p>
</li>
<li>
<p>A better and user friendly notification and warning interface</p>
</li>
<li>
<p>Bug-fix: Handle Hardware Check falsely reporting a low-device in some cases</p>
</li>
<li>
<p>Other performance and reliability improvements support</p>
</li>
</ul>
<h3>Updating:</h3>
<p>Zenarmor automatically gets updated to the recent release when you do a OPNsense update. If you want to update Zenarmor only, you can do that. Just navigate to status page. Click on “Check for Updates” for the engine. You’ll be guided for the rest.</p>
<h3>Installing Zenarmor:</h3>
<p>You can install Zenarmor via OPNsense Plugins page (System &gt; Firmware &gt; Plugins). You need to install os-sunnyvalley and afterwards os-sensei plugins. Check below links for more details:</p>
<ul>
<li>
<p><a href="https://www.zenarmor.com/free-edition-plan">Zenarmor installation</a></p>
</li>
<li>
<p><a href="https://opnsense.org/download/">OPNsense download</a></p>
</li>
</ul>
<p>Enjoy 🙂</p>
<p>Your Zenarmor team</p>
<div class="cta-button">
    <a href="https://dash.zenarmor.com/register/free-edition?utm_source=blog&utm_medium=web&utm_campaign=blog-cta" role="button" class="button orange-light" rel="noopener">Get Started with Zenarmor Today</a>
</div>
<br/><br/>
<style>
    .cta-button {
        margin-block: 2.5rem;
        display: flex;
        justify-content: center;
    }
</style>]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/blog/zenarmor-home-subscription-now-available.webp" length="0" type="image/webp"/>
        </item>
        <item>
            <title><![CDATA[SpiceWorld selects Zenarmor amongst top 10 hot startups]]></title>
            <link>https://www.zenarmor.com/announcements#spiceworld-selects-zenarmor-amongst-top-10-hot-startups</link>
            <guid isPermaLink="false">https://www.zenarmor.com/announcements#spiceworld-selects-zenarmor-amongst-top-10-hot-startups</guid>
            <pubDate>Mon, 15 Oct 2018 00:00:00 GMT</pubDate>
            <description><![CDATA[SpiceWorld selects Zenarmor amongst top 10 hot startups]]></description>
            <content:encoded><![CDATA[<div>
  <img src="https://www.zenarmor.com/images/announcement/spiceworld.jpg" alt="SpiceWorld" />
</div>
<p><strong>It’s a pleasure to share this news</strong>: Zenarmor has been selected for the SpiceWorld Startup Zone, featuring top ten hot startups from the tech scene.</p>
<p><strong>Selected startups span the IT spectrum – from hardware &amp; software management and storage/backup to cyber security and messaging/chat.</strong></p>
<p>SpiceWorld is “the most happenin’ tech conference in North America”. This event brings together thousands of IT pros and vendors and hundreds of tech marketers for 3 jam-packed days of learning and networking.</p>
<p><strong>Conference will be held on October 8-10 at Austin Convention Center, Austin, TX.</strong>
More information from the SpiceWorks web site: <a href="https://community.spiceworks.com/topic/2153837-introducing-the-spiceworld-startup-zone">The Spiceworld Startup Zone</a></p>
<p>There, we’ll be doing our official launch for <a href="https://www.zenarmor.com/zenarmor-next-generation-firewall">Zenarmor</a>, our next generation plugin for firewalls.</p>
<p>Zenarmor empowers your existing firewall with state of the art features like Application Control, Drill-down network visibility, Web Security, Encrypted Threats Prevention and Cloud Threat Intelligence.</p>
<p>Come join us at SpiceWorld; and see how Zenarmor turns your L4 firewall into a next generation one in just minutes!  Meet us around the Startup Zone.</p>
]]></content:encoded>
            <enclosure url="https://www.zenarmor.com/images/announcement/spiceworld.jpg" length="0" type="image/jpg"/>
        </item>
    </channel>
</rss>