Skyhigh Security enhances SWG, DLP and CASB offerings

Skyhigh will also be making new initiatives on the channel side, including appointing both global and North American channel leaders.

Arnie Lopez, VP of WorldWide Systems Engineering at Skyhigh

Last week, at the RSA Conference 2022, Skyhigh Security, which was spun out of the former McAfee Enterprise’s assets acquired by Symphony Technology Group earlier this year to take their EDR [Extended Detection and Response] offerings to market, announced a major refresh of those offerings, which encompass their Secure Service Edge (SSE) portfolio.

In addition to their portfolio expansion, Skyhigh also highlighted strong analyst reviews that are fueling their global expansion.

“While we did very well in the recent Gartner Magic Quadrant for Security Service Edge, and in the sister report, the Critical Capabilities Report, which is more of a technical deep dive, all of the use cases there had us as number one,” said Arnie Lopez, VP of WorldWide Systems Engineering at Skyhigh. “We’ve made both of those reports available and that has already helped us quite a bit. We are already in the throws of planning for the next evaluation, which is generally in the fall.”

Skyhigh is also building out presence on both the infrastructure and channel side. On the infrastructure side, they are expanding their global SSE POP footprint into all geographical locations to 90+ POPs globally.

“We are particularly active in building out our POPS in Europe, LATAM, and Asia Pacific,” Lopez said.

“With partners, we have been figuring out our channel strategy, and are now searching for a global channel chief and a channel chief for the Americas, with a particular eye towards individuals that our leadership has worked with in the past.,” he added.

“We have assigned CAMs and SEs to partners, and are working on a new certification brand and on the marketing for branding it,” Lopez said. “With distribution we are able to reach down. Right now, it’s more important outside North America because there are countries where we wont have any feet on the street at all. We have stated publicly that we will not build out our own managed services, so our roadmap is not just new capabilities and new features, but APIs so partners can wrap them into what they provide to their customers.”

Likely the most important announcement sees the Secure Web Gateway [SWG] hybrid solution extended to Skyhigh SSE, so that it now includes a fully cloud-managed hybrid offering to enable a global and distributed workforce.

“These SSE hybrid capabilities are a big deal,” Lopez stated. “It’s an important differentiation for us. We are the only SSE vendor that provides a hybrid architecture. In the past, you had to manage an on-prem gateway separate from the cloud. We can now provide the architecture to move in phases and manage it all from the cloud, which is especially attractive for larger customers and the federal market. Being able to manage it all from the cloud in one place is a differentiator for us.”

Lopez said that the other new feature customers are talking about the most is the new Cloud Access Security Broker [CASB] user risk score.

“This one and the SSE hybrid capability are getting a lot of interest as we talk about them,” he added.

The user risk score leverages key data points including policy violations, threats, and anomalies, to categorize a risky user and determine if they require additional access controls.

“We have very robust APIs and analytics on top of the CASB, and we incorporate it all into the user risk score,” Lopez said. We don’t do user training or network segmentation, but this tool will point the user at those ways to harden their entire surface – not to just buy more of our stuff. My systems engineers would rather be more consultative.

“These scores are not a new concept in security work,” Lopez added. “Others have had them for endpoints, like Proofpoint and Symantec. These are the only ones I’m aware of for CASB, however.”

Skyhigh has also unified, best-in-class OCR [optical character recognition] for images across its SWG and CASB technologies, which allows customers to scan and extract text from supported image files and inspect them for sensitive data, through the DLP engineData loss prevention (DLP) for OCR.

Finally, customers will now also be able to find their private applications on the Private Access Launchpad quicker, by allowing them to sort applications by protocol type or simply searching the application catalog for any given application by name.