Overview

What is Turium Zebra Edge?

Turium Zebra for Edge is a data driven security service edge (SSE) product. Zebra Edge delivers zero trust connectivity and data security by leveraging contextual data to make continuous risk-based access decisions. It replaces traditional VPNs, legacy infrastructure, and point products with a consolidated service that improves performance, user experience, and provides higher ROI.

With Zebra Edge, companies can configure highly customised and granular access policies, based on a wide range of user identities and context. Aligned with Gartner’s security service edge (SSE) architecture, Turium Zebra Edge enables zero trust security by serving as an intelligent control panel that securely connects users to applications — internal or external — on any device, over any network.

Turium Zebra combines identity and device posture data with other security contexts to deliver a comprehensive security solution. It integrates with identity providers (IdPs) to gather user and group identity data, endpoint detection and response (EDR) tools to understand device posture, and security information and event management (SIEM) solutions for real-time security- related data analysis. Additionally, it supports mobile device management (MDM) tools.

Turium Zebra Edge offers a range of deployment options to provide secure access to all users and devices:

1. Client application for sanctioned devices

2. Browser extensions (including mobile device support) for employees/contractors with their own devices (BYODs)

3. Reverse proxy for unsanctioned devices

Risk-based access

At its core, Turium Zebra Edge is powered by machine learning (ML)-based behavioral analysis capabilities (UEBA). Turium Zebra Edge collects a vast array of data from users, devices and the network, building a holistic view of user risk factors and what’s happening across the access network. Then applies machine learning algorithms to analyze and learn the typical activity patterns.

Once a baseline of normal behavior is established, Turium Zebra Edge continuously monitors the environment for activities that deviate from this norm, flagging anomalies for further analysis. Each anomaly is accompanied by rich contextual data, such as user, location, and device information. Turium Zebra Edge integrates seamlessly with external SIEM systems or provides SIEM capabilities internally. Additionally, it offers inline SOAR- like capabilities to construct comprehensive risk profiles and execute timely actions on risky users, ensuring robust security measures.

Real-time workflows

Turium Zebra Edge workflows refer to automated verification and action processes, leveraging user behavior, risk, and business policies in real-time, integrated directly within the access flow, enabling secure resource access.

Turium Zebra Edge provides these workflows, facilitating automated user justifications and swift incident response. Users can self-approve or seek admin approval based on predefined policies, enhancing access control efficiency and compliance enforcement.

These advanced capabilities not only slash Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) but also enhance the overall end-user experience. By delivering inline real-time workflows, Turium Zebra Edge revolutionises operational efficiency and security effectiveness, ensuring enterprises stay ahead in today’s dynamic threat landscape. The architecture is a big advancement over typical UEBA tools that require raw data to be modeled then exported out-of-band to a SIEM for detection.

Focused on performance and user experience

There are multiple factors that result in exceptional performance and user experience of Turium Zebra:

1. The client app emphasises easy onboarding for clients, users, and devices, reducing onboarding time from days to hours and offers seamless plug-and-play functionality.

2. Workflows ensure secure, uninterrupted resource access, enhancing user experience, with continuous monitoring and alerting promptly addressing potential issues. Automated response capabilities streamline incident response, reducing IT tickets and enabling faster remediation.

3. Edge provides comprehensive user experience monitoring, including account compromise detection, behavior monitoring, shadow IT identification, device posture assessment, precise location tracking, and web traffic analysis.

Reduced alert noise

Turium Zebra Edge enables security teams to request step-up authentication or out-of-band authentication (OOBA) whenever there is deviation from user’s standard behavior. For instance, a user logs in from a different country or location. Moving the decision closer to the user allows them to validate their location and act accordingly. This additional layer of security reduces alert volume and improves user experience by minimising false positives and reducing the amount of user “thrash” associated with generic block pages.

Secure internet access

Turium Zebra Edge offers DNS reputation, malware detection, and more to provide secure access to the internet. With the ability to detect and block malicious DNS requests and malware threats, it provides a highly secure browsing experience for users. Benefits:

1. Reduced risk of cyber-attacks: With DNS reputation and malware detection provide a comprehensive web security solution that detects and blocks malicious DNS requests and malware threats

2. Increased productivity: Can enforce web filtering policies, preventing users from accessing non-relevant websites

Secure access to private application

Turium Zebra Edge provides always-on, secure, easy access to all private applications — both data center applications and software as a service (SaaS) application — located anywhere, from any device. It also provides support for legacy apps, acting as a virtual private network (VPN) replacement. Edge’s architecture is specifically designed with no legacy footprint in traditional data centers. This model does not rely on tunneling like many legacy architectures and, therefore, has no connectivity and scalability limitations. It offers security through an API-integrated platform. With Turium Zebra Edge, companies can address the security challenges posed by excessive sprawl and increased prevalence of shadow IT. Benefits:

1. Always-on, secure, easy access: Secures all private applications, including internal and SaaS applications, from any device, anywhere.

2. Improved SaaS security: Platform that helps address the security challenges posed by excessive SaaS sprawl and increased use of shadow IT.

Document security

Turium Zebra Edge enables monitoring of documents within commonly used ecosystems like Microsoft Office 365, Google Workspace, and Dropbox. The solution can track who has access to what documents and also model who should have access to them, ensuring that your sensitive information is kept secure. For example, when a user shares an internal document with an external Gmail address, Turium Zebra Edge can immediately detect, alert, and remove this permission.

Benefits:

1. Protection of sensitive information: Immediately detects and alerts unauthorised access and sharing of sensitive documents

2. Improved regulatory compliance: Monitors document access and usage, and can provide reports for compliance purposes

3. Enhanced productivity and efficient workflow: Ability to detect and remove unauthorised access to documents in real-time

Turium Zebra Cyber Architecture Overview

More Than Network Security Monitoring

Logs HTTP requests, TLS certificates, and DNS queries to provide a detailed overview of network activity, enhancing forensic capabilities.​ Utilises a sophisticated signature language to detect known threats, policy violations, and suspicious behavior.​ It is equipped to handle modern threats due to its multi-threaded and scalable architecture, capable of inspecting multi-gigabit traffic​. Automatically detects and applies appropriate logging and detection rules to various protocols such as HTTP, enhancing malware detection and the identification of command and control channels.​

Exploit Prevention

By integrating our proprietary deep learning models, and Large Language Models, Turium Zebra goes from a reactive to a predictive approach to protect against both known and never-seen-before threats using natural language. Our Mixture of Experts Model has consistently outperformed other machine learning models for malware detection with low false positives.​ While there are millions of pieces of malware in existence, and thousands of software vulnerabilities waiting to be exploited, there are only handful of exploit techniques attackers rely on as part of the attack chain – and by taking away the key tools hackers love to use, Turium Zebra stops zero-day attacks before they can get started.​

Linux Specific Fault Tolerance

Turium Zebra for Linux identifies sophisticated attacks as they happen without requiring a kernel module, orchestration, baselining, or system scans. Avoiding costly downtime, overloaded hosts, or stability snafus caused by traditional security tools with a single agent with optimised resource limits (including CPU, memory, and data collection limits). Behavioral and exploit runtime detections identify threats including container escapes, kernel exploits, and privilege escalation.​ Fault tolerance is managed through redundant systems and automatic failover mechanisms that are designed to ensure continuous operation even when individual components fail. Network redundancy, coupled with error-handling and self-healing capabilities, ensures that data transmission and processing continue without interruption. This means data is buffered even during partial and full system outages, during critical periods.​

Data Compression

Our approach to data compression involves using our proprietary machine learning models to dynamically compress and decompress data streams, optimising bandwidth usage without compromising data fidelity. This capability is tried and tested in defence environments where large volumes of data can be hindered by bandwidth limitations, and is particularly beneficial for maintaining threat detection capabilities across geographically dispersed networks.

Interoperability

Interoperability is supported by an API-first and standards-compliant interface that ensures seamless integration with a variety of existing systems with 500+ pre-built connectors, whether they operate on cloud, on-premises, or other edge platforms. This capability allows aerospace systems to integrate diverse data sources and software systems without needing extensive customisation. ​

Generative AI

Zebra Generative AI uses proprietary in-house built LLM and aims to increase the organisation’s efficiency by arming security analysts with an AI engine that can help identify, analyse and report on threats using conversational prompts and interactive dialog.​

Infrastructure specifications

In the critical field of cybersecurity, each second and data point counts. Turium offers two distinct Edge AI deployment models. ​

What is Turium Zebra Edge?