Architecture: BlackBerry Gateway
BlackBerry Gatewayis a cloud-based service that provides zero trust network access to provide your users with access to your extended network perimeter and protect devices and your extended network from threats.
Identity risk engine
The identity risk engine uses machine learning to continuously evaluate user behavior and provide adaptive response to network anomaly events.. Network anomaly events are detected when a
Gatewayuser's network usage pattern is not consistent with past behavior. If the percentage of anomalous events exceeds a set threshold,
Gatewaycan dynamically override the user's network access control policy to block network access and require the user to authenticate before they can continue.
The cloud-based management console allows you to set up, manage, and monitor
BlackBerry Gatewayand the connections made through it. The management console shared by all
BlackBerryUnified Endpoint Security products.
BlackBerry Infrastructureis a global private data network distributed across multiple regions that enables and secures data in transit between thousands of organizations and millions of users around the world. It is designed to efficiently manage the transport of data between BlackBerry services and end-user devices.
BlackBerry Infrastructureregisters user information for device activation, validates licensing information, and maintains a trusted connection with on-premises BlackBerry components installed behind the firewall and with user's devices inside and outside the firewall.
Gateway Connectoris an optional component that you can install behind your firewall and in and in private cloud networks to establish a secure tunnel between the
BlackBerry Infrastructureand your private network. The
Gateway Connectorallows users to communicate with content and application servers behind your firewall using
BlackBerry Gatewayinstead of a traditional VPN.
BlackBerry Connectivity Node
BlackBerry Connectivity Nodeis an optional component that allows
BlackBerry Gatewayto synchronize users and groups with your on-premises
Microsoft Active Directoryor LDAP directory.
BlackBerry Gatewaycan synchronize users and groups with
Active Directorywithout the
BlackBerry Connectivity Node.
This version of
macOSdevices. An agent installed on the device, sends Internet traffic through a secure tunnel to the
BlackBerry Infrastructure. Users can enable and disable work mode to specify whether data traffic uses the tunnel to the
Software-as-a-Service applications provide cloud-based enterprise software, making apps and data available to users on multiple devices. Applications and data reside mostly on cloud-based servers managed by the vendor, easing deployment and reducing on-premises infrastructure costs, but requiring security measures that extend beyond firewalls and other perimeter-based security methods.
BlackBerry Gatewaycan help secure user access to SaaS applications without requiring traffic to route through your organization's VPN.
Public Internet destinations include any web site, SaaS application, or other entity with an IP address that a client app can connect to over the Internet.
BlackBerrymaintains an ever-growing list of destinations know to be malicious.
BlackBerry Gatewaycan block apps on devices from connecting to destinations on the list.
If you enable split tunneling, traffic between devices and safe public sites that you specify can go directly over the Internet instead of through