
Broad protection.
Safeguard against growing threats of cyberattacks, magnified in remote and hybrid work environments.
T-MOBILE SASE SOLUTIONS
KEY BENEFITS
Cyberattacks are on the rise. And as your business turns more to the cloud and remote or hybrid work models, your risk increases. You need a way to protect your business while providing your employees and remote devices with the access they need to do their work, from wherever.
KEY FEATURES
Safeguard data traffic across devices and employees with a comprehensive set of security and network management services—all on one simple, scalable, and cost-effective platform.
Get automatic access and protections, per policy, without the need for a device client. T-SIMsecure uses the T-Mobile SIM to authorize the device when on the T-Mobile network. Ideal for devices that cannot load a client, such as IoT.
Client-based access authorization and SASE protections on any Wi-Fi or cellular network or wireless carrier.
Highly secure, direct connectivity ensures users and their devices can access corporate apps and data—in the cloud or at the data center.
Least privileged access, based on Zero Trust Network Access (ZTNA) principles, ensures only authorized users gain access.
Micro-segmentation provides granular control and limits user access and application visibility to authorized users only.
Direct access to cloud-hosted applications from the SASE gateway reduces latency because it avoids the need to send data to the enterprise data center first.
Secure web gateway (SWG) provides an integrated, comprehensive set of advanced security capabilities to protect users and their devices from web-based internet threats while enforcing corporate security policy.
Next generation firewall (NGFW) inspects web traffic between the user and the internet to block or filter out unsafe content. It can also block risky or unauthorized user behavior.
Advanced threat protection offers anti-ransomware, anti-malware, and antivirus protection plus intrusion detection and prevention.
URL/web filtering restricts access to websites, reducing threats from a user visiting out-of-compliance or malicious sites.
Cloud access security broker (CASB) cloud-based app monitors all data flowing between users and cloud apps to ensure compliance with corporate and regulatory requirements. (Coming soon.)
SASE is pronounced like "sassy," and it stands for Secure Access Service Edge. It is designed to safeguard data, devices, and applications in the face of new realities such as cloud services, public networks, remote/hybrid work, IoT, etc.—while helping businesses maintain uninterrupted network access for their employees, no matter where or how they work. SASE combines security services like CASB, Firewall-as-a-Service (FWAAS), and Zero Trust Network Access (ZTNA) with network management such as SD-WAN and delivers it as a single, integrated service. It can offer organizations flexibility, cost savings, threat prevention, data protection, reduced complexity, and better network and business performance.
T-SIMsecure builds simplicity and security into T-Mobile devices by using the T-Mobile SIM to authenticate users and authorize privileges. T-SIMsecure, automatically extends protection and access to devices and employees when on the T-Mobile network. It is ideal for devices that cannot load a client, such as IoT sensors, routers, and other connected devices. It is also ideal for workers in roles where using a client may be too cumbersome such as field services, frontline, or service employees—especially workers that share a device—and that work mostly on the T-Mobile network.
The SASE device client extends T-Mobile SASE protections to any device capable of loading a client and works on any network (Wi-Fi or cellular), regardless of carrier. It also enables additional endpoint security and authentication checks.
Zero Trust Network Access (ZTNA) provides secure remote access based on zero trust security principles, and in particular, the principle of least-privileged access. Under zero trust, users and devices are, by default, not trusted. Instead, ZTNA allows each user access to specific applications on a case-by-case basis, authenticated through pre-defined, role-based controls and contextual data such as IP address, location, or even time—without exposing other network resources to risk. Least privileged access grants authentication based on credentials and context. Users get only the granular access they qualify for based on identity, device, and location. More secure than a VPN, ZTNA can help safeguard your IT network by providing only the specific permissions that the user has been explicitly granted, while it helps maintain flexible and responsive connections with your digital systems, branch locations, remote workers, and trusted partners.
IT organizations traditionally build a VPN, or virtual private network, to encrypt and safeguard internet connections between two networks or devices, usually to provide secure access to a distributed workforce. A VPN encrypts internet traffic and routes it to the secure VPN IP address to mask the user’s identity, safeguard data, and allow perimeter-based security applications to inspect all network traffic, wherever it comes from—and deliver a user experience similar to a direct network connection. But as cloud-based services grow and new remote and hybrid work models evolve, businesses might need solutions like SASE and/or ZTNA to help augment or replace traditional VPNs.
ZTNA expands on the capabilities of a VPN and simultaneously resolves some inherent VPN vulnerabilities. In general, ZTNA offers more customizable, more specific—and more secure—authentication, simplifying users’ access to network resources. Put simply, ZTNA delivers application-based access that keeps users from seeing or using resources they shouldn’t. By switching from default trust to default verify, you can use ZTNA to ensure every request is authorized, no matter where it came from—and it’s easier to use than a VPN.