Pricing
Zero Trust Access and Internet Threat Protection for Every Organization
Included features:
- Legacy VPN replacement
- Global Edge Network
- One-click access to applications and networks
- Basic Zero Trust policies
- Audit & reporting
All features in Team, plus:
- Enterprise single sign-on
- Self-hosted Private Edge
- Granular Zero Trust policies
- Customizable trust factors
- Resource discovery
- Automation workflows
All features in Business, plus:
- Policies for SaaS applications
- Zero Touch deployment
- Integration with UEM/EDR
- Threat prevention
- Dedicated support
* Per user/month, billed annually
Team
Free
Sign Up |
Business
Call
Contact Sales |
Enterprise
Call
Contact Sales |
|
|---|---|---|---|
| Deployment | |||
 Flexible Edge architecture provides fast and reliable connections to your users around the world |
 |
 |
 |
| Global Edge Network Use identity-aware gateways hosted and managed by Banyan in our global edge |
|
|
|
| Private Edge Self-host Banyan's identity-aware gateway in your own datacenters and cloud infrastructure |
|
|
|
|
Cloud management interface for Operations & Security admins to configure Zero Trust connectivity |
|
|
|
| Cloud Command Center Central management console that you can interact with via the web portal or the RESTful API |
|
|
|
| Private Command Center Central management console dedicated to your organization |
add-on | ||
|
Native support for all your device operating systems |
|
|
|
| Desktop Cross-platform desktop application for Windows, macOS, and Linux |
|
|
|
| Mobile Mobile app for iOS and Android, downloadable from Apple App Store and Google Play Store |
|
|
|
| Connectivity | |||
|
Enable network access to private subnets using WireGuard VPN |
|
|
|
| Private Networks Provide access to private subnets (RFC-1918 ranges) and private domains (internal DNS servers) |
|
|
|
| Split Tunneling Select specific subnets and domains (private or public) that need to be tunneled |
|
|
|
| Full Tunneling Tunnel all network traffic from devices |
|
|
|
| Site-to-Site Tunnels Connect multiple private networks together to be accessed as a single flat network |
Add-on | ||
|
Connect to internal HTTP applications using browser-only OpenID Connect flows |
|
|
|
| Custom Domains Publish applications using your organization's corporate domains |
|
|
|
| Let's Encrypt Certificates Use default-browser-trusted certificates issued by a public Certificate Authority |
|
|
|
| Application Authentication Offload authentication and claims mapping to the identity-aware proxy, simplifying application authNZ |
|
||
| Programmatic Access Use API tokens (instead of managing fragile IP whitelists) for scripting and automation |
|
||
| Clientless Desktop Access Leverage the Apache Guacamole gateway to access your desktops from a web browser |
add-on | ||
|
Connect to internal TCP services using short-lived X.509 certificates |
|
|
|
| Catalog and Bundles Organize your infrastructure resources and publish them to end users |
|
|
|
| Linux Servers (SSH) Access Linux machines using any SSH client |
|
|
|
| SSH AuthNZ & Audit Enable SSH certificate authentication, AuthorizedPrincipals, and audit logging |
add-on | ||
| Kubernetes API Access the Kubernetes API using any Kubernetes client |
|
|
|
| Kubernetes AuthNZ & Audit Enable Kubernetes OIDC authentication, RBAC authorization, and audit logging |
add-on | ||
| Windows Servers (RDP) Access Windows machines from any RDP client |
|
|
|
| Databases Access database servers, such PostgreSQL and MySQL, using their native clients |
|
|
|
|
Enforce device trust policies for cloud SaaS applications using SAML/OIDC federation and certificate authentication |
|
||
| SAML and OIDC Federation Define Zero Trust policies for individual, or groups of, SaaS applications |
|
||
| Identity Provider Cloaking Restrict Cloud IDP access to registered devices to prevent password-stuffing and MFA-compromise attacks |
|
||
| Security | |||
|
Granular, flexible least-privilege-access policies based on resource sensitivity |
|
|
|
| Trust Based Access Controls Continuous authorization based on user and device context; real-time session revocation |
|
|
|
| User Roles Create policies based on user attributes such as department and IDP group |
|
|
|
| Device Roles Create policies based on device attributes such as Platform, Ownership, and Registration |
|
|
|
| API-level Policies Create Layer-7 policies to manage API access (hosted websites) |
|
||
| Network Policies Create Layer-4 policies to manage network access (Service Tunnels) |
|
||
|
Quantify the level of trust and risk associated with your users and devices |
 |
 |
|
| Device Trust Scoring Analyze posture of a device, such as firewall, disk encryption, screen lock, OS version, etc. Control the effect when factors are not met. |
|
|
|
| Customizable Remediation Configure remediation instructions, such as messaging and links, shown to your end users |
|
|
|
| Trust Profiles Customize factors and policy effects based on groups of users and devices |
|
|
|
| Factors from EDR Integrate endpoint security signals into trust scoring (CrowdStrike, Carbon Black, SentinelOne, Microsoft Defender) |
|
||
| Factors from IDP Integrate Identity Provider user and group attributes into trust scoring (Okta, Azure AD, OneLogin) |
|
||
| Factors from UEM Integrate endpoint manager compliance checks into trust scoring (Workspace ONE UEM, Intune, Jamf) |
|
||
|
Gain a complete view into user and device risk for security and regulatory compliance |
|
|
|
| Device Posture Reporting Track all devices – managed and unmanaged – accessing corporate resources, as well as their security posture |
|
|
|
| Private Application Discovery Discover private applications accessed by your users; publish using zero trust policies |
|
|
|
| IaaS Resource Discovery Discover IaaS cloud resources used by your organization; publish using zero trust policies |
|
||
| SaaS Application Discovery Discover SaaS applications accessed by your users; understand risk due to unsanctioned "shadow IT" apps |
|
||
| Admin Activity Reporting Record all admistrator activity in the Cloud Command Center |
|
||
|
Block malicious websites and enforce acceptable use policy |
|
||
| DNS Layer Security Block domains with malware, phishing, botnet, or other high risk items |
|
||
| TLS Decryption Security Proxy and inspect web traffic by decrypting TLS; filter by category, threat level, and more |
|
||
| Integrate with existing SWG Route internet-bound traffic to a third-party Secure Web Gateway |
|
||
|
Integrate with tools in your security stack |
|
||
| Integration with SIEM Pipe security event stream to your SIEM solution (Splunk, Elastic, Sumo Logic) |
|
||
| Integration with Enterprise PKI Use certificates issued by your existing Public Key Infrastructure (PKI) solution |
add-on | ||
| Operations | |||
|
Provision access for all users - employees, contractors, vendors, etc. - accessing corporate resources |
|
|
|
| Local User Management Create users, update user information, and deactivate users |
|
|
|
| SSO for Users Use corporate single sign-on (SSO) with just-in-time (JIT) user creation |
|
|
|
| Passwordless Authentication Enable users to log in via your corporate single sign-on (SSO) provider without entering a username/password (IDP Federation required) |
|
|
|
| SSO for Admins Use corporate single sign-on (SSO) with just-in-time (JIT) user creation for administrator access |
|
||
| Admin RBAC Create administrators with different profiles and privileges, such as ReadOnly, PolicyAuthor, etc. |
|
||
|
Maintain an inventory of all devices - managed and unmanaged - accessing corporate resources |
|
|
|
| Device Registration Lightweight registration using the Banyan app, with trusted device certificates issued by Banyan-managed Private PKI |
|
|
|
| Self-Registration Options Enable certain user populations to register their own devices using the Banyan app |
|
|
|
| Revocation and Banning Disable access - temporarily or permanently - for a specific device |
|
|
|
| Unregistered Devices Allow policy-based access from devices that do not possess a trusted device certificate |
|
|
|
| Zero Touch Install Roll out the Banyan app to your device fleet without requiring any end-user interaction |
|
||
| Pre-Installed Device Certificates Use pre-installed device certificates managed by your corporate endpoint manager |
|
||
|
Programatically manage Banyan objects and automate provisioning tasks |
|
|
|
| Banyan API RESTful endpoint to configure Banyan objects |
|
|
|
| pyBanyan Python library and command-line interface to interact with the Banyan API |
|
|
|
| Terraform Terraform provider to interact with the Banyan API |
|
|
|
|
Understand access patterns across all corporate resources and create Zero Trust scorecards |
|
|
|
| Real-time Event Stream Monitor a real-time stream of user and device activity |
|
|
|
| Reporting Dashboards Analyze access activity patterns across your users, devices, and services |
|
|
|
| Certificate Logs Record all certificate issuance, rotation, and revocation |
|
||
| Service Monitoring Continuous monitoring and service statistics from your identity-aware gateways |
add-on | ||
| Customer Support and Success | |||
| Community | |
|
|
| Knowledge Base | |
|
|
| Banyan Community Membership | |
|
|
| Email & Help Desk Support | |
|
|
|
|||
| Live Chat and Response SLAs | Limited | |
|
| Customer Success Team | add-on | |
|
| Technical Support Team | add-on | |
|
| Early Preview Features | |
* All prices expressed per user per month, billed annually.
Free
|
|
|---|---|
| Deployment | |
|
Flexible Edge architecture provides fast and reliable connections to your users around the world |
|
| Global Edge Network Use identity-aware gateways hosted and managed by Banyan in our global edge |
|
| Private Edge Self-host Banyan's identity-aware gateway in your own datacenters and cloud infrastructure |
|
|
Cloud management interface for Operations & Security admins to configure Zero Trust connectivity |
|
| Cloud Command Center Central management console that you can interact with via the web portal or the RESTful API |
|
| Private Command Center Central management console dedicated to your organization |
|
|
Native support for all your device operating systems |
|
| Desktop Cross-platform desktop application for Windows, macOS, and Linux |
|
| Mobile Mobile app for iOS and Android, downloadable from Apple App Store and Google Play Store |
|
| Connectivity | |
|
Enable network access to private subnets using WireGuard VPN |
|
| Private Networks Provide access to private subnets (RFC-1918 ranges) and private domains (internal DNS servers) |
|
| Split Tunneling Select specific subnets and domains (private or public) that need to be tunneled |
|
| Full Tunneling Tunnel all network traffic from devices |
|
| Site-to-Site Tunnels Connect multiple private networks together to be accessed as a single flat network |
|
|
Connect to internal HTTP applications using browser-only OpenID Connect flows |
|
| Custom Domains Publish applications using your organization's corporate domains |
|
| Let's Encrypt Certificates Use default-browser-trusted certificates issued by a public Certificate Authority |
|
| Application Authentication Offload authentication and claims mapping to the identity-aware proxy, simplifying application authNZ |
|
| Programmatic Access Use API tokens (instead of managing fragile IP whitelists) for scripting and automation |
|
| Clientless Desktop Access Leverage the Apache Guacamole gateway to access your desktops from a web browser |
|
|
Connect to internal TCP services using short-lived X.509 certificates |
|
| Catalog and Bundles Organize your infrastructure resources and publish them to end users |
|
| Linux Servers (SSH) Access Linux machines using any SSH client |
|
| SSH AuthNZ & Audit Enable SSH certificate authentication, AuthorizedPrincipals, and audit logging |
|
| Kubernetes API Access the Kubernetes API using any Kubernetes client |
|
| Kubernetes AuthNZ & Audit Enable Kubernetes OIDC authentication, RBAC authorization, and audit logging |
|
| Windows Servers (RDP) Access Windows machines from any RDP client |
|
| Databases Access database servers, such PostgreSQL and MySQL, using their native clients |
|
|
Enforce device trust policies for cloud SaaS applications using SAML/OIDC federation and certificate authentication |
|
| SAML and OIDC Federation Define Zero Trust policies for individual, or groups of, SaaS applications |
|
| Identity Provider Cloaking Restrict Cloud IDP access to registered devices to prevent password-stuffing and MFA-compromise attacks |
|
| Security | |
|
Granular, flexible least-privilege-access policies based on resource sensitivity |
|
| Trust Based Access Controls Continuous authorization based on user and device context; real-time session revocation |
|
| User Roles Create policies based on user attributes such as department and IDP group |
|
| Device Roles Create policies based on device attributes such as Platform, Ownership, and Registration |
|
| API-level Policies Create Layer-7 policies to manage API access (hosted websites) |
|
| Network Policies Create Layer-4 policies to manage network access (Service Tunnels) |
|
|
Quantify the level of trust and risk associated with your users and devices |
|
| Device Trust Scoring Analyze posture of a device, such as firewall, disk encryption, screen lock, OS version, etc. Control the effect when factors are not met. |
|
| Customizable Remediation Configure remediation instructions, such as messaging and links, shown to your end users |
|
| Trust Profiles Customize factors and policy effects based on groups of users and devices |
|
| Factors from EDR Integrate endpoint security signals into trust scoring (CrowdStrike, Carbon Black, SentinelOne, Microsoft Defender) |
|
| Factors from IDP Integrate Identity Provider user and group attributes into trust scoring (Okta, Azure AD, OneLogin) |
|
| Factors from UEM Integrate endpoint manager compliance checks into trust scoring (Workspace ONE UEM, Intune, Jamf) |
|
|
Gain a complete view into user and device risk for security and regulatory compliance |
|
| Device Posture Reporting Track all devices – managed and unmanaged – accessing corporate resources, as well as their security posture |
|
| Private Application Discovery Discover private applications accessed by your users; publish using zero trust policies |
|
| IaaS Resource Discovery Discover IaaS cloud resources used by your organization; publish using zero trust policies |
|
| SaaS Application Discovery Discover SaaS applications accessed by your users; understand risk due to unsanctioned "shadow IT" apps |
|
| Admin Activity Reporting Record all admistrator activity in the Cloud Command Center |
|
|
Block malicious websites and enforce acceptable use policy |
add-on |
| DNS Layer Security Block domains with malware, phishing, botnet, or other high risk items |
|
| TLS Decryption Security Proxy and inspect web traffic by decrypting TLS; filter by category, threat level, and more |
|
| Integrate with existing SWG Route internet-bound traffic to a third-party Secure Web Gateway |
|
|
Integrate with tools in your security stack |
|
| Integration with SIEM Pipe security event stream to your SIEM solution (Splunk, Elastic, Sumo Logic) |
|
| Integration with Enterprise PKI Use certificates issued by your existing Public Key Infrastructure (PKI) solution |
|
| Operations | |
|
Provision access for all users - employees, contractors, vendors, etc. - accessing corporate resources |
|
| Local User Management Create users, update user information, and deactivate users |
|
| SSO for Users Use corporate single sign-on (SSO) with just-in-time (JIT) user creation |
|
| Passwordless Authentication Enable users to log in via your corporate single sign-on (SSO) provider without entering a username/password (IDP Federation required) |
|
| SSO for Admins Use corporate single sign-on (SSO) with just-in-time (JIT) user creation for administrator access |
|
| Admin RBAC Create administrators with different profiles and privileges, such as ReadOnly, PolicyAuthor, etc. |
|
|
Maintain an inventory of all devices - managed and unmanaged - accessing corporate resources |
|
| Device Registration Lightweight registration using the Banyan app, with trusted device certificates issued by Banyan-managed Private PKI |
|
| Self-Registration Options Enable certain user populations to register their own devices using the Banyan app |
|
| Revocation and Banning Disable access - temporarily or permanently - for a specific device |
|
| Unregistered Devices Allow policy-based access from devices that do not possess a trusted device certificate |
|
| Zero Touch Install Roll out the Banyan app to your device fleet without requiring any end-user interaction |
|
| Pre-Installed Device Certificates Use pre-installed device certificates managed by your corporate endpoint manager |
|
|
Programatically manage Banyan objects and automate provisioning tasks |
|
| Banyan API RESTful endpoint to configure Banyan objects |
|
| pyBanyan Python library and command-line interface to interact with the Banyan API |
|
| Terraform Terraform provider to interact with the Banyan API |
|
|
Understand access patterns across all corporate resources and create Zero Trust scorecards |
|
| Real-time Event Stream Monitor a real-time stream of user and device activity |
|
| Reporting Dashboards Analyze access activity patterns across your users, devices, and services |
|
| Certificate Logs Record all certificate issuance, rotation, and revocation |
|
| Service Monitoring Continuous monitoring and service statistics from your identity-aware gateways |
|
| Customer Support and Success | |
| Community | |
| Knowledge Base | |
| Banyan Community Membership | |
| Email & Help Desk Support | |
| Live Chat and Response SLAs | |
| Customer Success Team | |
| Technical Support Team | |
| Early Preview Features | |
* All prices expressed per user per month, billed annually.
$7
|
|
|---|---|
| Deployment | |
|
Flexible Edge architecture provides fast and reliable connections to your users around the world |
|
| Global Edge Network Use identity-aware gateways hosted and managed by Banyan in our global edge |
|
| Private Edge Self-host Banyan's identity-aware gateway in your own datacenters and cloud infrastructure |
|
|
Cloud management interface for Operations & Security admins to configure Zero Trust connectivity |
|
| Cloud Command Center Central management console that you can interact with via the web portal or the RESTful API |
|
| Private Command Center Central management console dedicated to your organization |
|
|
Native support for all your device operating systems |
|
| Desktop Cross-platform desktop application for Windows, macOS, and Linux |
|
| Mobile Mobile app for iOS and Android, downloadable from Apple App Store and Google Play Store |
|
| Connectivity | |
|
Enable network access to private subnets using WireGuard VPN |
|
| Private Networks Provide access to private subnets (RFC-1918 ranges) and private domains (internal DNS servers) |
|
| Split Tunneling Select specific subnets and domains (private or public) that need to be tunneled |
|
| Full Tunneling Tunnel all network traffic from devices |
|
| Site-to-Site Tunnels Connect multiple private networks together to be accessed as a single flat network |
|
|
Connect to internal HTTP applications using browser-only OpenID Connect flows |
|
| Custom Domains Publish applications using your organization's corporate domains |
|
| Let's Encrypt Certificates Use default-browser-trusted certificates issued by a public Certificate Authority |
|
| Application Authentication Offload authentication and claims mapping to the identity-aware proxy, simplifying application authNZ |
|
| Programmatic Access Use API tokens (instead of managing fragile IP whitelists) for scripting and automation |
|
| Clientless Desktop Access Leverage the Apache Guacamole gateway to access your desktops from a web browser |
|
|
Connect to internal TCP services using short-lived X.509 certificates |
|
| Catalog and Bundles Organize your infrastructure resources and publish them to end users |
|
| Linux Servers (SSH) Access Linux machines using any SSH client |
|
| SSH AuthNZ & Audit Enable SSH certificate authentication, AuthorizedPrincipals, and audit logging |
|
| Kubernetes API Access the Kubernetes API using any Kubernetes client |
|
| Kubernetes AuthNZ & Audit Enable Kubernetes OIDC authentication, RBAC authorization, and audit logging |
|
| Windows Servers (RDP) Access Windows machines from any RDP client |
|
| Databases Access database servers, such PostgreSQL and MySQL, using their native clients |
|
|
Enforce device trust policies for cloud SaaS applications using SAML/OIDC federation and certificate authentication |
|
| SAML and OIDC Federation Define Zero Trust policies for individual, or groups of, SaaS applications |
|
| Identity Provider Cloaking Restrict Cloud IDP access to registered devices to prevent password-stuffing and MFA-compromise attacks |
|
| Security | |
|
Granular, flexible least-privilege-access policies based on resource sensitivity |
|
| Trust Based Access Controls Continuous authorization based on user and device context; real-time session revocation |
|
| User Roles Create policies based on user attributes such as department and IDP group |
|
| Device Roles Create policies based on device attributes such as Platform, Ownership, and Registration |
|
| API-level Policies Create Layer-7 policies to manage API access (hosted websites) |
|
| Network Policies Create Layer-4 policies to manage network access (Service Tunnels) |
|
|
Quantify the level of trust and risk associated with your users and devices |
|
| Device Trust Scoring Analyze posture of a device, such as firewall, disk encryption, screen lock, OS version, etc. Control the effect when factors are not met. |
|
| Customizable Remediation Configure remediation instructions, such as messaging and links, shown to your end users |
|
| Trust Profiles Customize factors and policy effects based on groups of users and devices |
|
| Factors from EDR Integrate endpoint security signals into trust scoring (CrowdStrike, Carbon Black, SentinelOne, Microsoft Defender) |
|
| Factors from IDP Integrate Identity Provider user and group attributes into trust scoring (Okta, Azure AD, OneLogin) |
|
| Factors from UEM Integrate endpoint manager compliance checks into trust scoring (Workspace ONE UEM, Intune, Jamf) |
|
|
Gain a complete view into user and device risk for security and regulatory compliance |
|
| Device Posture Reporting Track all devices – managed and unmanaged – accessing corporate resources, as well as their security posture |
|
| Private Application Discovery Discover private applications accessed by your users; publish using zero trust policies |
|
| IaaS Resource Discovery Discover IaaS cloud resources used by your organization; publish using zero trust policies |
|
| SaaS Application Discovery Discover SaaS applications accessed by your users; understand risk due to unsanctioned "shadow IT" apps |
|
| Admin Activity Reporting Record all admistrator activity in the Cloud Command Center |
|
|
Block malicious websites and enforce acceptable use policy |
|
| DNS Layer Security Block domains with malware, phishing, botnet, or other high risk items |
|
| TLS Decryption Security Proxy and inspect web traffic by decrypting TLS; filter by category, threat level, and more |
|
| Integrate with existing SWG Route internet-bound traffic to a third-party Secure Web Gateway |
|
|
Integrate with tools in your security stack |
|
| Integration with SIEM Pipe security event stream to your SIEM solution (Splunk, Elastic, Sumo Logic) |
|
| Integration with Enterprise PKI Use certificates issued by your existing Public Key Infrastructure (PKI) solution |
|
| Operations | |
|
Provision access for all users - employees, contractors, vendors, etc. - accessing corporate resources |
|
| Local User Management Create users, update user information, and deactivate users |
|
| SSO for Users Use corporate single sign-on (SSO) with just-in-time (JIT) user creation |
|
| Passwordless Authentication Enable users to log in via your corporate single sign-on (SSO) provider without entering a username/password (IDP Federation required) |
|
| SSO for Admins Use corporate single sign-on (SSO) with just-in-time (JIT) user creation for administrator access |
|
| Admin RBAC Create administrators with different profiles and privileges, such as ReadOnly, PolicyAuthor, etc. |
|
|
Maintain an inventory of all devices - managed and unmanaged - accessing corporate resources |
|
| Device Registration Lightweight registration using the Banyan app, with trusted device certificates issued by Banyan-managed Private PKI |
|
| Self-Registration Options Enable certain user populations to register their own devices using the Banyan app |
|
| Revocation and Banning Disable access - temporarily or permanently - for a specific device |
|
| Unregistered Devices Allow policy-based access from devices that do not possess a trusted device certificate |
|
| Zero Touch Install Roll out the Banyan app to your device fleet without requiring any end-user interaction |
|
| Pre-Installed Device Certificates Use pre-installed device certificates managed by your corporate endpoint manager |
|
|
Programatically manage Banyan objects and automate provisioning tasks |
|
| Banyan API RESTful endpoint to configure Banyan objects |
|
| pyBanyan Python library and command-line interface to interact with the Banyan API |
|
| Terraform Terraform provider to interact with the Banyan API |
|
|
Understand access patterns across all corporate resources and create Zero Trust scorecards |
|
| Real-time Event Stream Monitor a real-time stream of user and device activity |
|
| Reporting Dashboards Analyze access activity patterns across your users, devices, and services |
|
| Certificate Logs Record all certificate issuance, rotation, and revocation |
|
| Service Monitoring Continuous monitoring and service statistics from your identity-aware gateways |
|
| Customer Support and Success | |
|
|
| Knowledge Base | |
| Banyan Community Membership | |
| Email & Help Desk Support | |
| Live Chat and Response SLAs | Limited |
| Customer Success Team | add-on |
| Technical Support Team | add-on |
| Early Preview Features | |
* All prices expressed per user per month, billed annually.
Call
|
|
|---|---|
| Deployment | |
|
Flexible Edge architecture provides fast and reliable connections to your users around the world |
|
| Global Edge Network Use identity-aware gateways hosted and managed by Banyan in our global edge |
|
| Private Edge Self-host Banyan's identity-aware gateway in your own datacenters and cloud infrastructure |
|
|
Cloud management interface for Operations & Security admins to configure Zero Trust connectivity |
|
| Cloud Command Center Central management console that you can interact with via the web portal or the RESTful API |
|
| Private Command Center Central management console dedicated to your organization |
add-on |
|
Native support for all your device operating systems |
|
| Desktop Cross-platform desktop application for Windows, macOS, and Linux |
|
| Mobile Mobile app for iOS and Android, downloadable from Apple App Store and Google Play Store |
|
| Connectivity | |
|
Enable network access to private subnets using WireGuard VPN |
|
| Private Networks Provide access to private subnets (RFC-1918 ranges) and private domains (internal DNS servers) |
|
| Split Tunneling Select specific subnets and domains (private or public) that need to be tunneled |
|
| Full Tunneling Tunnel all network traffic from devices |
|
| Site-to-Site Tunnels Connect multiple private networks together to be accessed as a single flat network |
add-on |
|
Connect to internal HTTP applications using browser-only OpenID Connect flows |
|
| Custom Domains Publish applications using your organization's corporate domains |
|
| Let's Encrypt Certificates Use default-browser-trusted certificates issued by a public Certificate Authority |
|
| Application Authentication Offload authentication and claims mapping to the identity-aware proxy, simplifying application authNZ |
|
| Programmatic Access Use API tokens (instead of managing fragile IP whitelists) for scripting and automation |
|
| Clientless Desktop Access Leverage the Apache Guacamole gateway to access your desktops from a web browser |
add-on |
|
Connect to internal TCP services using short-lived X.509 certificates |
|
| Catalog and Bundles Organize your infrastructure resources and publish them to end users |
|
| Linux Servers (SSH) Access Linux machines using any SSH client |
|
| SSH AuthNZ & Audit Enable SSH certificate authentication, AuthorizedPrincipals, and audit logging |
add-on |
| Kubernetes API Access the Kubernetes API using any Kubernetes client |
|
| Kubernetes AuthNZ & Audit Enable Kubernetes OIDC authentication, RBAC authorization, and audit logging |
add-on |
| Windows Servers (RDP) Access Windows machines from any RDP client |
|
| Databases Access database servers, such PostgreSQL and MySQL, using their native clients |
|
|
Enforce device trust policies for cloud SaaS applications using SAML/OIDC federation and certificate authentication |
|
| SAML and OIDC Federation Define Zero Trust policies for individual, or groups of, SaaS applications |
|
| Identity Provider Cloaking Restrict Cloud IDP access to registered devices to prevent password-stuffing and MFA-compromise attacks |
|
| Security | |
|
Granular, flexible least-privilege-access policies based on resource sensitivity |
|
| Trust Based Access Controls Continuous authorization based on user and device context; real-time session revocation |
|
| User Roles Create policies based on user attributes such as department and IDP group |
|
| Device Roles Create policies based on device attributes such as Platform, Ownership, and Registration |
|
| API-level Policies Create Layer-7 policies to manage API access (hosted websites) |
|
| Network Policies Create Layer-4 policies to manage network access (Service Tunnels) |
|
|
Quantify the level of trust and risk associated with your users and devices |
|
| Device Trust Scoring Analyze posture of a device, such as firewall, disk encryption, screen lock, OS version, etc. Control the effect when factors are not met. |
|
| Customizable Remediation Configure remediation instructions, such as messaging and links, shown to your end users |
|
| Trust Profiles Customize factors and policy effects based on groups of users and devices |
|
| Factors from EDR Integrate endpoint security signals into trust scoring (CrowdStrike, Carbon Black, SentinelOne, Microsoft Defender) |
|
| Factors from IDP Integrate Identity Provider user and group attributes into trust scoring (Okta, Azure AD, OneLogin) |
|
| Factors from UEM Integrate endpoint manager compliance checks into trust scoring (Workspace ONE UEM, Intune, Jamf) |
|
|
Gain a complete view into user and device risk for security and regulatory compliance |
|
| Device Posture Reporting Track all devices – managed and unmanaged – accessing corporate resources, as well as their security posture |
|
| Private Application Discovery Discover private applications accessed by your users; publish using zero trust policies |
|
| IaaS Resource Discovery Discover IaaS cloud resources used by your organization; publish using zero trust policies |
|
| SaaS Application Discovery Discover SaaS applications accessed by your users; understand risk due to unsanctioned "shadow IT" apps |
|
| Admin Activity Reporting Record all admistrator activity in the Cloud Command Center |
|
|
Block malicious websites and enforce acceptable use policy |
add-on |
| DNS Layer Security Block domains with malware, phishing, botnet, or other high risk items |
add-on |
| TLS Decryption Security Proxy and inspect web traffic by decrypting TLS; filter by category, threat level, and more |
add-on |
| Integrate with existing SWG Route internet-bound traffic to a third-party Secure Web Gateway |
add-on |
|
Integrate with tools in your security stack |
|
| Integration with SIEM Pipe security event stream to your SIEM solution (Splunk, Elastic, Sumo Logic) |
|
| Integration with Enterprise PKI Use certificates issued by your existing Public Key Infrastructure (PKI) solution |
add-on |
| Operations | |
|
Provision access for all users - employees, contractors, vendors, etc. - accessing corporate resources |
|
| Local User Management Create users, update user information, and deactivate users |
|
| SSO for Users Use corporate single sign-on (SSO) with just-in-time (JIT) user creation |
|
| Passwordless Authentication Enable users to log in via your corporate single sign-on (SSO) provider without entering a username/password (IDP Federation required) |
|
| SSO for Admins Use corporate single sign-on (SSO) with just-in-time (JIT) user creation for administrator access |
|
| Admin RBAC Create administrators with different profiles and privileges, such as ReadOnly, PolicyAuthor, etc. |
|
|
Maintain an inventory of all devices - managed and unmanaged - accessing corporate resources |
|
| Device Registration Lightweight registration using the Banyan app, with trusted device certificates issued by Banyan-managed Private PKI |
|
| Self-Registration Options Enable certain user populations to register their own devices using the Banyan app |
|
| Revocation and Banning Disable access - temporarily or permanently - for a specific device |
|
| Unregistered Devices Allow policy-based access from devices that do not possess a trusted device certificate |
|
| Zero Touch Install Roll out the Banyan app to your device fleet without requiring any end-user interaction |
|
| Pre-Installed Device Certificates Use pre-installed device certificates managed by your corporate endpoint manager |
|
|
Programatically manage Banyan objects and automate provisioning tasks |
|
| Banyan API RESTful endpoint to configure Banyan objects |
|
| pyBanyan Python library and command-line interface to interact with the Banyan API |
|
| Terraform Terraform provider to interact with the Banyan API |
|
|
Understand access patterns across all corporate resources and create Zero Trust scorecards |
|
| Real-time Event Stream Monitor a real-time stream of user and device activity |
|
| Reporting Dashboards Analyze access activity patterns across your users, devices, and services |
|
| Certificate Logs Record all certificate issuance, rotation, and revocation |
|
| Service Monitoring Continuous monitoring and service statistics from your identity-aware gateways |
add-on |
| Customer Support and Success | |
|
|
| Knowledge Base | |
| Banyan Community Membership | |
| Email & Help Desk Support | |
|
|
| Live Chat and Response SLAs | |
| Customer Success Team | |
| Technical Support Team | |
| Early Preview Features | |
* All prices expressed per user per month, billed annually.
Questions? Answers.
How do you calculate the number of users? What happens when I exceed the limit?
In the Banyan Cloud Command Center, the Users tab shows users who are registered and authenticated.
Banyan communicates a quarterly “true-up” for our Business and Enterprise customers.
How many devices are included in my license?
Banyan is priced per user, with no limits placed on the number of devices.
Why should I upgrade from Business to Enterprise?
Upgrading to Enterprise brings numerous benefits for little incremental cost. Enterprise features include secure SaaS application access, threat detection, integrations, and premium support, to name a few.
The Enterprise edition enables you to more fully take advantage of existing investments while enabling you to completely shut down your legacy VPN for remote access. The Banyan app is easily and quickly deployed to users in a Zero Touch Install via your existing UEM. The automated discovery of cloud resources makes it a snap to publish resources while security is enhanced by leveraging EDR/UEBA data to make authorization decisions. Enterprise edition further enhances the end user experience by providing passwordless authentication to the Banyan app and web-based resources. Also, with Enterprise the continuous authentication with device trust can also be applied to SaaS applications, providing complete visibility across users, devices, and applications whether on-premises, in SaaS, or in the cloud. Lastly, the Private Edge’s self-hosted access tiers enable full control and visibility over your user’s traffic.
How are the Enterprise edition add-ons priced?
Upgrading to Enterprise brings numerous benefits for little incremental cost. Enterprise features include secure SaaS application access, threat detection, integrations, and premium support, to name a few.
The Enterprise edition enables you to more fully take advantage of existing investments while enabling you to completely shut down your legacy VPN for remote access. The Banyan app is easily and quickly deployed to your users in a Zero Touch Install via your existing UEM. The automated discovery of cloud resources makes it a snap to publish resources while security is enhanced by leveraging EDR/UEBA data to make authorization decisions. Enterprise edition further enhances the end user experience by providing passwordless authentication to the Banyan app and web-based resources. Lastly, the Private Edge’s self-hosted access tiers enable full control and visibility over your user’s traffic.