Zero Trust Remote Access
Pricing
Banyan offers product editions to suit every need, from easy-to-deploy zero trust access for teams, through full-blown enterprise-wide capabilities.
Features:
- Global edge network
- Desktop Banyan app
- One-click access to apps and infrastructure
- Zero Trust policies
- Audit & reporting
- Community support
All Team Edition features, plus:
- Enterprise SSO integration
- Mobile app
- Trust score customization
- Policies for SaaS applications
- SLA and dedicated support
All Business Edition features, plus:
- Self-hosted access tier(s)
- Cloud resource discovery
- UEM/EDR/UEBA integration
- Tunnel
- Zero touch install
- IDP passwordless authentication
Product Editions Comparison
| Team | Business | Enterprise | |
|---|---|---|---|
| Deployment | |||
|
iFlexible Enterprise Edge architecture provides fast and reliable connections to your users around the world
|
✓ | ✓ | ✓ |
| Global Edge Network iUse identity-aware proxies hosted and managed by Banyan Security in our global edge |
✓ | ✓ | ✓ |
| Private Edge iSelf-host Banyan Security's identity-aware proxy in your own datacenters and cloud infrastructure |
✓ | ||
|
iCloud management interface for IT & Security Admins to configure Zero Trust connectivity
|
✓ | ✓ | ✓ |
| Cloud Command Center iCentral management console that you can interact with via the web portal or our RESTful API |
✓ | ✓ | ✓ |
| Private Command Center iCentral management console dedicated to your organization |
add-on | ||
|
iNative support for all your device operating systems
|
✓ | ✓ | ✓ |
| Desktop iCross-platform desktop application for Windows, macOS, and Linux |
✓ | ✓ | ✓ |
| Mobile iMobile app for iOS and Android, downloadable from Apple App Store and Google Play |
✓ | ✓ | |
| Connectivity | |||
|
iConnect to internal HTTP applications using browser-only OpenID Connect flows
|
✓ | ✓ | ✓ |
| Custom Domains iPublish applications using your organization's corporate domains |
✓ | ✓ | ✓ |
| Let's Encrypt Certificates iUse default-browser-trusted certificates issued by a public Certificate Authority |
✓ | ✓ | ✓ |
| Application Authentication iOffload authentication and claims mapping to the identity-aware proxy, simplifying application AuthNZ |
✓ | ✓ | |
| Programmatic Access iUse API tokens (instead of managing fragile IP whitelists) for scripting and automation |
✓ | ✓ | |
| Clientless Desktop Access iLeverage the Apache Guacamole gateway to access your desktops from a web browser |
add-on | ||
|
iConnect to internal TCP services using short-lived X.509 certificates
|
✓ | ✓ | ✓ |
| Catalog and Bundles iOrganize your infrastructure resources and publish them to end users |
✓ | ✓ | ✓ |
| Linux Servers (SSH) iAccess Linux machines using any SSH client |
✓ | ✓ | ✓ |
| SSH AuthNZ & Audit iEnable SSH certificate authentication, AuthorizedPrincipals, and audit logging |
add-on | ||
| Kubernetes API iAccess the Kubernetes API using any Kubernetes client |
✓ | ✓ | ✓ |
| Kubernetes AuthNZ & Audit iEnable Kubernetes OIDC authentication, RBAC authorization, and audit logging |
add-on | ||
| Windows Servers (RDP) iAccess Windows machines from any RDP client |
✓ | ✓ | ✓ |
| Databases iAccess database servers such PostgreSQL and MySQL using their native clients |
✓ | ✓ | ✓ |
|
iEnable network access to private subnets using WireGuard
|
✓ | ✓ | ✓ |
| Private Domains iUse your organization's internal DNS servers |
✓ | ✓ | ✓ |
| Split Tunneling iTunnel specific subnets and domains instead of intercepting all network traffic |
✓ | ✓ | |
|
iEnforce device trust policies for cloud SaaS applications without backhauling traffic onto your corporate network
|
✓ | ✓ | |
| SAML and OIDC Federation iDefine Zero Trust policies for individual, or groups of, SaaS applications |
✓ | ✓ | |
| Identity Provider Cloaking iRestrict Cloud IDP access to registered devices to prevent password-stuffing and MFA-compromise attacks |
✓ | ||
| Operations | |||
|
iProvision access for all users - employees, contractors, vendors, etc. - accessing corporate resources
|
✓ | ✓ | ✓ |
| Local User Management iCreate users, update user information, and deactivate users |
✓ | ✓ | ✓ |
| SSO for Users iUse corporate single sign-on (SSO) with just-in-time (JIT) user creation |
✓ | ✓ | |
| Passwordless Authentication iEnable users to log in via your corporate single sign-on (SSO) provider without entering a username/password (IDP Federation required) |
✓ | ✓ | |
| SSO for Admins iUse corporate single sign-on (SSO) with just-in-time (JIT) user creation for administrator access |
✓ | ||
| Admin RBAC iCreate administrators with different profiles and privileges, such as ReadOnly, PolicyAuthor, etc. |
✓ | ||
|
iVisibility into all devices - both managed and unmanaged - accessing corporate resources
|
✓ | ✓ | ✓ |
| Device Registration iLightweight registration using the Banyan apps, with trusted device certificates issued by Banyan-managed Private PKI |
✓ | ✓ | ✓ |
| Self-Registration Options iEnable certain user populations to register their own devices using the Banyan apps |
✓ | ✓ | ✓ |
| Revocation and Banning iDisable access - temporarily or permanently - for a specific device |
✓ | ✓ | ✓ |
| Unregistered Devices iAllow policy-based access from devices that do not possess a trusted device certificate |
✓ | ✓ | ✓ |
| Zero Touch Install iRoll out the Banyan app to your device fleet without requiring any end-user interaction |
✓ | ✓ | |
| Pre-Installed Device Certificates iUse pre-installed device certificates managed by your corporate endpoint manager |
✓ | ||
|
iUnderstand access patterns across all corporate resources and create Zero Trust scorecards
|
Limited | ✓ | ✓ |
|
iRecord system events for your organization to provide an audit trail and understand platform activity
|
✓ | ✓ | |
|
iProgramatically manage Banyan objects and automate provisioning tasks
|
✓ | ✓ | |
|
iAutomatically discover corporate resources to publish to your users
|
Limited | ✓ | |
| Security | |||
|
iImmediate access revocation when a user and/or their device no longer meets security posture thresholds
|
✓ | ✓ | ✓ |
|
iGranular, flexible least-privilege-access policies based on resource sensitivity
|
✓ | ✓ | ✓ |
|
iQuantify the level of trust and risk associated with your users and devices
|
Limited | Limited | ✓ |
| Device Trust Scoring iAnalyze device security posture, including OS version, firewall, disk encryption, and screen lock status |
✓ | ✓ | ✓ |
| Customizable Trust Factors iConfigure factors based on platform and ownership type. Support for "preferred applications" factor. |
✓ | ✓ | |
| Customizable Remediation iConfigure remediation instructions, such as messaging and links, shown to your end users |
✓ | ✓ | |
| Factors from IDP iIntegrate Identity Provider user and group attributes into Trust Scoring (Okta, AzureAD, OneLogin) |
✓ | ||
| Factors from UEM iIntegrate Endpoint Manager compliance checks into Trust Scoring (Workspace ONE UEM, Intune, Jamf) |
✓ | ||
| Factors from EDR iIntegrate Endpoint Security signals into Trust Scoring (CrowdStrike, Carbon Black, SentinelOne, Microsoft Defender) |
✓ | ||
|
iIntegrate with the various tools in your security stack
|
✓ | ||
| Integration with SIEM iPipe security event stream to your SIEM solution (Splunk, Elastic, Sumo Logic) |
✓ | ||
| Integration with Enterprise PKI iUse certificates issued by your existing Public Key Infrastructure (PKI) solution |
add-on | ||
| Customer Support and Success | |||
| ✓ | ✓ | ✓ | |
| Knowledge Base | ✓ | ✓ | ✓ |
| Banyan Community Membership | ✓ | ✓ | ✓ |
| Email & Help Desk Support | ✓ | ✓ | |
| Limited | ✓ | ||
| Live Chat and Response SLAs | Limited | ✓ | |
| Customer Success Team | add-on | ✓ | |
| Technical Support Team | add-on | ✓ | |
| Early Preview Features | ✓ |
| Pricing | $0 |
$7 user/month |
Call for Quote |
|---|---|---|---|
| Get Team Edition | Contact Sales | Contact Sales |
* All prices expressed per user per month, billed annually.