Pricing & Packaging
Device-centric Security Service Edge (SSE) for every organization
Get started with VPNaaS
- Cloud VPN (VPNaas)
Industry-leading ZTNA & CASB
- Cloud VPN (VPNaas)
- Zero Trust Network Access (ZTNA)
- Cloud Access Security Broker (CASB)
Industry-leading SSE
- Cloud VPN (VPNaas)
- Zero Trust Network Access (ZTNA)
- Cloud Access Security Broker (CASB)
- Secure Web Gateway (SWG)
| TEAM | ENTERPRISE | UNLIMITED | |
CORE CAPABILITIES |
|---|
Cloud VPN (VPNaaS)
 Secure network access - enable access to specific applications and networks |
 |
 |
 |
| Zero Trust Network Access (ZTNA)
Secure access to private resources - connect to internal HTTP applications and TCP services |
|
|
|
| Cloud Access Security Broker (CASB)
SaaS application security - enforce device trust policies for cloud SaaS applications |
|
|
|
| Secure Web Gateway (SWG)
Continuously enforce granular access policies based on resource sensitivity, regardless of user's location |
|
PLATFORM CAPABILITIES |
|
|
|
|---|
| High-Performance Data Plane
Dynamic Edge architecture provides fast and reliable connections to your users around the world |
|
|
|
| Cloud Control Plane
Cloud management interface for IT & Security admins to configure Zero Trust connectivity |
|
|
|
| Support for all Operating Systems
Native support for all platforms - Desktop (Windows, macOS, Linux) and Mobile (iOS, Android, ChromeOS) |
|
|
|
| Continuous Policy Enforcement
Continuously enforce granular access policies based on resource sensitivity, regardless of user's location |
|
|
|
| Trust Scoring
Quantify the level of trust and risk associated with your users and devices |
|
|
|
| Actionable Visibility
Gain a complete view into user/device and application/resource risk |
|
|
|
SECURE NETWORK ACCESS |
|
|
|
|---|
| Private Networks
Provide access to private subnets (RFC-1918 ranges) and private domains (internal DNS servers) |
|
|
|
| Split Tunneling
Select specific subnets and domains (private or public) that need to be tunneled |
|
|
|
| Full Tunneling
Tunnel all network traffic from devices |
|
|
|
| Network Policies
Create Layer-4 policies based on CIDRs and FQDNs to manage network access |
|
|
|
USERS AND DEVICES |
 |
|
|
|---|
| Single Sign-On
Provide access to private subnets (RFC-1918 ranges) and private domains (internal DNS servers) |
|
|
|
| Device Posture
Select specific subnets and domains (private or public) that need to be tunneled |
|
|
|
| Trust Profiles
Tunnel all network traffic from devices |
|
|
|
| Custom Remediation
Create Layer-4 policies based on CIDRs and FQDNs to manage network access |
|
|
|
| Passwordless Authentication
Create Layer-4 policies based on CIDRs and FQDNs to manage network access |
|
|
|
| Unregistered Devices
Create Layer-4 policies based on CIDRs and FQDNs to manage network access |
|
|
|
| Clientless
Create Layer-4 policies based on CIDRs and FQDNs to manage network access |
|
|
|
| Service Accounts
Create Layer-4 policies based on CIDRs and FQDNs to manage network access |
|
|
|
| EDR Integration
Create Layer-4 policies based on CIDRs and FQDNs to manage network access |
|
|
|
| MDM/UEM Integration
Create Layer-4 policies based on CIDRs and FQDNs to manage network access |
|
|
VISIBILITY AND COMPLIANCE |
|
|
|
|---|
| Real-time Event Stream
Monitor a real-time stream of user and device activity |
|
|
|
| Device Posture Reporting
Track all devices - managed and unmanaged - accessing corporate resources, as well as their security posture |
|
|
|
| Admin Activity Reporting
Record all administrator activity in the Cloud Command Center |
|
|
|
| SIEM Integration
Send a security event stream to your SIEM solution (Splunk, Elastic, Sumo Logic) |
|
|
|
| Private Network Discovery
Discover private applications accessed by your users and devices to secure with granular policies |
|
|
|
| IaaS Resource Discovery
Discover IaaS cloud resources used by your organization to secure with granular policies |
|
|
|
| SaaS Application Discovery
Discover SaaS applications accessed by your users |
|
|
OPERATIONS AND AUTOMATION |
|
|
|
|---|
| Banyan API
RESTful endpoint to configure Banyan objects |
|
|
|
| API Clients - pybanyan, terraform
Python library and Terraform provider to interact with the Banyan API |
|
|
|
| Zero Touch Device Registration
Deploy the Banyan app to your device fleet without requiring any end-user interaction |
|
|
|
| Private Edge Deployment
Self-host Banyan's identity-aware gateway in your own datacenters and cloud infrastructure |
|
|
|
| Integration with Enterprise PKI
Use certificates issued by your existing Public Key Infrastructure (PKI) solution |
|
|
SECURE ACCESS TO PRIVATE RESOURCES |
|
|
|---|
| Internal Websites
Connect to internal HTTP applications using browser-only OpenID Connect flows |
|
|
|
| Linux Servers (SSH)
Access Linux machines using any SSH client |
|
|
|
| Windows Servers (RDP)
Access Windows machines from any RDP client |
|
|
|
| Databases
Access database servers, such PostgreSQL and MySQL, using their native clients |
|
|
|
| Kubernetes Clusters
Access the Kubernetes API using any Kubernetes client |
|
|
|
| SSH Certificate Authentication
Enable SSH certificate authentication, AuthorizedPrincipals, and audit logging |
|
|
|
| Application Policies
Enable SSH certificate authentication, AuthorizedPrincipals, and audit logging |
|
|
SAAS APPLICATION SECURITY |
|
|
|---|
| Visibility into Cloud Applications
Discover cloud apps in use; understand risk due to unsanctioned "shadow IT" apps |
|
|
|
| IP Whitelisting
Whitelist traffic to SaaS applications through the Banyan Edge |
|
|
|
| Device Trust for Okta
Enforce device trust policies for cloud SaaS applications federated with Okta |
|
|
|
| Device Trust for Azure AD
Enforce device trust policies for cloud SaaS applications federated with Azure AD |
|
|
|
| Device Trust for other IDPs
Enforce device trust policies for cloud SaaS applications federated with IDPs such as OneLogin, JumpCloud, etc. |
|
|
|
| Custom Inline Proxy Controls
Create Layer-7 policies for session-level controls for SaaS applications |
|
INTERNET THREAT PROTECTION |
|
|---|
| DNS Layer Security
Block domains with malware, phishing, botnet, or other high risk items |
|
||
| Web Filtering
Protect users from harmful or restricted websites |
|
||
| Malware Protection
Protect users from exposure to malicious web content |
|
||
| SWG integration (existing)
Route internet-bound traffic to an existing third-party Secure Web Gateway |
|
SERVICES AND SUPPORT |
|
|
|
|---|
| Tech Support & Customer Success Team | |
|
|
| Live Chat & Response SLAs | |
|
|
| Project & Implementation Services | |
|
|
Questions? Answers.
How do you calculate the number of users? What happens when I exceed the limit?
Banyan communicates a quarterly “true-up” for our customers.
How many devices are included in my license?
Why should I upgrade from Enterprise to Unlimited?
Upgrading to Unlimited brings numerous benefits for little incremental cost. Additional features include robust Secure Web Gateway (SWG) functionality, for protecting workers from being phished, straying onto malicious web sites, or being exposed to ransomware.
The Unlimited edition enables you to more fully take advantage of existing investments while enabling you to completely shut down your legacy VPN for remote access. The Banyan app is easily and quickly deployed to users in a Zero Touch Install via your existing UEM. The automated discovery of cloud resources makes it a snap to publish resources while security is enhanced by leveraging EDR/UEBA data to make authorization decisions. Unlimited edition further enhances the end user experience by providing passwordless authentication to the Banyan app and web-based resources. Also, with Unlimited the continuous authentication with device trust can also be applied to SaaS applications, providing complete visibility across users, devices, and applications whether on-premises, in SaaS, or in the cloud. Lastly, the Private Edge’s self-hosted access tiers enable full control and visibility over your user’s traffic.
How are the Enterprise edition add-ons priced?
Upgrading to Enterprise brings numerous benefits for little incremental cost. Enterprise features include secure SaaS application access, threat detection, integrations, and premium support, to name a few.
The Enterprise edition enables you to more fully take advantage of existing investments while enabling you to completely shut down your legacy VPN for remote access. The Banyan app is easily and quickly deployed to your users in a Zero Touch Install via your existing UEM. The automated discovery of cloud resources makes it a snap to publish resources while security is enhanced by leveraging EDR/UEBA data to make authorization decisions. Enterprise edition further enhances the end user experience by providing passwordless authentication to the Banyan app and web-based resources. Lastly, the Private Edge’s self-hosted access tiers enable full control and visibility over your user’s traffic.