TECHNICAL OVERVIEW AND ARCHITECTURE

InstaSafe is the only integrated security solution on the market that leverages the power and flexibility of a cloud computing platform with the delivery of complete

multi-layered protection. It does so through the integration of three critical security technologies that cover all users in any locations around the globe.

V1.0

_Apr

il’16

IntroductionThe shift of corporate security controls from on-premise appliances and software to cloud-delivered services is in no dispute. Already, over 35% of all email security is delivered through the cloud, and 18% of Web security. This fundamental shift in how security solutions are delivered started with email security and is now expanding to other security services that are making use of the benefits offered by cloud computing services, such as the ability to detect attacks and threats in the cloud long before they reach the corporate network.

Another major benefit of delivering security solutions through the cloud is the ability to rapidly detect and block new malware outbreaks by correlating threat information across different security services. This is substantially easier and more effective when you are delivering your security services through the same cloud service, with a common set of integrated policies. With the release of InstaSafe Cloud Security, this kind of powerful correlated security is now possible.

InstaSafe is the only integrated security solution on the market that leverages the power and flexibility of a cloud computing platform with the delivery of complete multi-layered protection. It does so through the integration of three critical security technologies that cover all users in any locations around the globe.

This combination of cloud delivery, multi-layered security and integrated policies ensures InstaSafe Cloud Security keeps pace with the changing nature of threats, blocks those threats before they ever get to an organization’s endpoints, and keeps users protected wherever they are on all their devices from Windows PCs to Macs.

InstaSafe Cloud Security delivers a single consolidated user interface for installation, configuration and reporting, across all three security solutions.

V1.0

_Apr

il’16

Traditional Endpoint Security SuitesInstaSafe scans Web and email traffic in the cloud, long before it gets to the customer’s network, providing a clean pipe into the organization. This is critical, given that over 90% of all malware infections occur through Web traffic alone. This cloud-based scanning happens in combination with cloud management of the malware scanning, which occurs at the endpoint.

This is a significantly more secure approach than legacy endpoint anti-malware solutions, which perform email & Web traffic scanning on the endpoint, after the malware and malicious content have reached the user’s endpoint device. Providing cloud-based Web and email malware scanning, coupled with endpoint-based malware scanning and application controls, results in an effective multi-layered security model with all three solutions working together

to eliminate malicious attacks

PERFORMANCE

InstaSafe cloud architecture

Any cloud-delivered security service is only as good as its delivery network, and in this regard the backbone network is a core benefit of InstaSafe Cloud Security, which is built from the ground up to provide fast, low latency performance for users on a global basis. InstaSafe Cloud Security delivers uncompromising security with no degradation of the user experience.

The backend network and infrastructure hosting the InstaSafe Cloud Security services have been designed to optimize the user experience and performance by utilizing a 3.5 Tbps private backbone with more than 900 ingress points around the world. This private backbone enables the InstaSafe cloud to deliver a more consistent Web browsing experience because it minimizes the traffic actually sent across the public Internet, ensuring that the private backbone is used as much as possible.

In this way it is highly possible that a user could actually enjoy a faster and more responsive Web browsing experience through the InstaSafe cloud, compared to being directly connected to the Internet.

V1.0

_Apr

il’16

Global Cloud Network

THE InstaSafe CLOUD is comprised of a global backbone network, which is located in more than 27 geographies with over 900 access points, and Data Centers that house Central Authority servers and Policy Application nodes, which are located in 19 cities across 12 countries.

Note: The InstaSafe Cloud is continually expanding and evolving to meet customer demand.

The POLICY APPLICATION NODES act as the initial proxy server for the incoming request and policy decision; they also decide how content is going to be delivered back to the user. The Policy Application node handling the client request could also change depending on the location of the requested website content.

V1.0

_Apr

il’16

How The InstaSafe Cloud Web Service WorksAs previously stated, the design of the backbone network is crucial to Web security performance. This infrastructure is less important for email security, which is a store-and-forward technology that has lower performance expectations for users. Likewise, the endpoint service is essentially a management and update service to the locally installed endpoint client.

Understanding how this combination of components works for Web security is easiest to explain by looking at the process which occurs when a user browses the Internet.

Imagine our user was located in Irvine, California. The closest access point to the InstaSafe cloud backbone network is in Los Angeles, so the user’s web content will travel over the public internet up to Los Angeles, and then within the InstaSafe cloud backbone from there onwards depending on the location of the requested site content.

1 When the user tries to access the Internet, a global DNS load-balancing decision is made to locate the user’s closest available and highest

performing Policy Application Nodes and Central Authorities.

2 The selected Policy Application Node receives the initial HTTP request. If the request is going to be denied, then the text

content for the block page is sent from the Central Authority server and the graphical components are sent from the Policy Application node. Both parts come together in the client browser, and the complete block page is displayed to the user. This separation of content occurs because typically the Central Authority server is going to respond slightly slower than the Policy Application node. While this may seem insignificant, all these small savings add up to a significantly better experience for the user.

3 If the request is going to be allowed, the requested Web page content is retrieved from the hosting Web server and scanned

through the selected Policy Application node. But as much traffic as possible is sent through the InstaSafe cloud backbone network at all times. For example, if the hosting Web server was located in Atlanta, then the returning traffic would only travel on the public Internet until it got to the closest network access point, after which it would be routed through the private backbone.

Careful planning of network locations and hosting partners for the InstaSafe Cloud Data Centers results in the Policy Application nodes being located on the same local networks as the majority of the hosting servers that provide the requested Web content,

which further accelerates performance.

4 Performance calculations are made every step of the way. For example, if a Web request is to be allowed, then another

decision is made based on the geographic location of the hosting Web server. This is done to determine if performance could be improved by routing traffic through an alternate regional data center, based on

the final web destination.

This entire process takes microseconds to perform and it is offset by the enhanced performance inherent within the private backbone network and the location of the Policy Application nodes. Thus, users who are in nearby geographic proximity to their closest InstaSafe cloud access point may well notice faster Internet performance than when connecting directly to the Internet. As the InstaSafe cloud backbone is a global network with over 900 ingress points, it is able to offer this same performance optimization on a worldwide basis.

V1.0

_Apr

il’16

Availability: InstaSafe Data CentersThe InstaSafe Cloud Data Centers are currently located in 19 CITIES COVERING 12 COUNTRIES with further

expansion planned to meet demand.

Current Locations

NORTH AMERICA:San Jose, Seattle, Chicago, Dallas, Atlanta, Ashburn, New York, Washington DC

SOUTH AMERICA:Lima, Sao Paulo

EUROPE:London, Paris, Frankfurt, Amsterdam

ASIA:Tokyo, Hong Kong, Singapore

AUSTRALIA:Sydney

AFRICA:Cape Town

Users located within these countries receive the full benefits of the InstaSafe cloud based security services, including Web acceleration and real-time threat protection.

Users roaming outside of these countries are automatically connected to their nearest InstaSafe Data Center. These users will receive the full policy and security protection of the InstaSafe services, but they may not receive full Web acceleration performance, depending on their proximity to the closest InstaSafe Data Center.

Every InstaSafe Data Center hosts multiple Policy Application nodes that automatically scale up to meet current demand. Several data centers also host Central Authority clusters which run in an Active-Active mode and are fully synchronized with the other Central Authority clusters in different geographic locations to ensure the highest level of availability.

The InstaSafe cloud architecture is also fully multi-tenanted, with each customer’s specific data such as policies, directory information, email quarantine/email archive and logging data kept in their own separate encrypted realms.

uu u

uu u

V1.0

_Apr

il’16

THE DIAGRAM BELOW SHOWS THE INTERNAL DESIGN OF A MASTER DATA CENTER, RUNNING MULTIPLE POLICY APPLICATION NODES AS WELL AS A CENTRAL AUTHORITY CLUSTER.

MULTITENANT: Customers are not tied to a data center - multiple offices, road warriorsSHADOW POLICY: User-specific policy always enforcedIMMEDIATE UPDATE of all TDIPAN nodes globally for all threatsLOGBRIDGE TECHNOLOGY: Logs consolidated and correlated in real-time

DELIVERS RAPID RESPONSE TIME (ultra-low latency) & HIGH RELIABILITY

The InstaSafe Data Centers are hosted or located within world-class carriers, many of which already house the majority of the servers that provide the most commonly requested Web content. These data centers meet InstaSafe’s stringent requirements and the minimum certification standards as follows:

ISO 27001: ISO 27001 is an international information security management standard. It defines how to design, implement, and maintain an Information Security Management System (ISMS). InstaSafe requires this certification to help ensure that our security policies and processes are effective in mitigating identified risks and certify the management of information security in the operations of our data center facilities.

SSAE 16 and ISAE 3402 (Previously SAS 70 Type II): SSAE 16 (Statement on Standards for Attestation Engagements No. 16) is an internationally recognized auditing standard used to assess the controls in place at a third-party service organization.

An SSAE 16 Type II audit, along with the completed audit report, provides assurance that InstaSafe’s carrier partners comply with externally validated and unbiased information about the nature and effectiveness of the controls in place at their operations.

ISAE 3402 is the international version of SSAE 16. Together they replace the SAS 70 auditing standard. The enforcement of these minimum certifications requirements ensures that InstaSafe Cloud Security customers enjoy a smooth, consistent and available range of security services.

u

u

u

u

V1.0

_Apr

il’16

Competitive DifferentiatorsThe advantages of InstaSafe’s cloud architecture are gaining attention and other solutions will no doubt claim cloud functionality, whether they have it or not. However, InstaSafe Cloud Security stands out based on the following factors which are unmatched in the industry.

TRUE MULTI-LAYERED SECURITY FUNCTIONALITYInstaSafe Cloud Security is the only solution that fully integrates:

1) Advanced endpoint anti-malware and application controls2) Web filtering and malware protection, and3) Email security in one solution.

With today’s multi-layered threats, and industry reports showing that most malware is now emanating from the Web, multi-layered security is a “must have.”

COMMON POLICY MANAGEMENT ACROSS SECURITY TECHNOLOGIES AND ENDPOINT DEVICES

InstaSafe is the only cloud based integrated security solution that provides comprehensive, granular policy controls across endpoint, Web and email security functions, and which can be used across all devices.

SCALABLE AND PROVEN

InstaSafe Cloud Security was designed from the ground-up as a scalable cloud service and was architected for one of the world’s largest telecommunications providers. Its global data center network has over 900 points of presence, enabling world-wide user access and roaming, and ensuring very low latency and high reliability.

1

2

3

V1.0

_Apr

il’16

Other Key Features & Benefits

EASE OF USE

• Powerful and intuitive Web console, with flexible “drag & drop” configurability

• Full integration with all major directory services - for hassle-free set-up and group/user maintenance

• Comprehensive and configurable reporting across all policies, security vectors and directory elements

• Policy enforcement through real-time reporting and alerting

• Lightweight endpoint anti-malware software agent deployable on all current version of Windows, Mac and Linux

COMPREHENSIVE SECURITY CONTROLS

• Highly configurable content filtering, based on InstaSafe’s proprietary URl database and real-time dynamic page classification - ensuring that acceptable use policies are enforced

• Highly flexible application controls, enabling policy enforcement for application permissions

• Bandwidth controls, enabling management of bandwidth usage through policy

• Data leak protection for data-in-motion across both Web and email transport layers, to ensure that sensitive

corporate information is kept secure

ADDITIONAL BENEFITS

• Email archiving for 90 days, and e-discoverability

• Multi-tenant management framework and dashboard, enabling management of deployment, policies and reporting for MSPs, VARs and distributed organizations through an integrated Web-based console

V1.0

_Apr

il’16

At InstaSafe, our commitment to our customers is the driving force behind everything we do. That’s why InstaSafe goes beyond the standard customer service functions at competitive companies by assigning a designated Security Specialist specifically to you.

InstaSafe is the only Internet security company that provides a trained, knowledgeable single point of contact whose job is to guide you and keep you informed about the best ways to protect your most critical asset, your data.

Our Security Specialists provide an additional layer of service and support. They are trained to advise you in this new era of cybercrime, and they are

dedicated to both customers and partners based on your locations.

Your Security Specialists Can:

• Design a security solution customized to meet the needs of your business

• Provide full security assessments as well as demos and trials of our solutions

• Engage and manage any tech support, license or account management questions

• Provide the latest info on current threats

• Help select the right channel partner for your specific needs

• Provide you with the highest levels of personal service in the industry

• Develop a Cloud Security Strategy

• Share Product Road Maps and Future Release schedules

• Provide competitive pricing , references and Free Trial copies upon request

InstaSafe Security Specialists

V1.0

_Apr

il’16

Instasafe Technologies (www.instasafe.com) is a leading Cloud based Security-as-a-Service solution provider delivering comprehensive and uncompromising protection to mobile and remote workers enabling them to safely and securely access enterprise apps, email and web from anywhere on any network.

Instasafe’s flagship product, Instasafe Secure Access (ISA) offers a hardware free, zero configuration, self-service style, fully redundant, Security-as-a-Service solution that can be deployed in minutes and scaled instantly as per customer requirement. Instasafe Web Security (IWS) offers a hardware free, cloud based security solution that is easy to deploy and manage, is scalable and helps you control your bandwidth consumption while protecting your organisation from web threats.

Free Trial

InstaSafe’s services can be easily and freely evaluated. Just provide us with some simple details via an online sign-up form and we can have a free 15-day trial of InstaSafe Cloud Security up and running for you within 24 hours. There is no obligation to subscribe and it is quick and easy to disconnect the service if you don’t wish to continue.

Sign up now at Instasafe.com/signup

InstaSafe Resources

CLOUD SECURITY OVERVIEW www.instasafe.com/product/cloud-web-security

CUSTOMER CASE STUDIES www.instasafe.com/resources/case-studies

FREE TRIAL www.instasafe.com/signup

WHITEPAPERS www.instasafe.com/resources/whitepapers

About InstaSafe

Some of our customers:

Did we get you interested?

hello@instasafe.com

facebook.com/instasafe @instasafe linkedin.com/company/instasafe

+91 8880220044 www.instasafe.com

Recognitions: