Security Built on a Solid Zero Trust Foundation


Device trust is the foundation of Zero Trust

Device identity binds users to devices with cryptography, providing invisible multi-factor authentication (MFA)

Device identity is very important to your security posture. Organizations should have rules for managed and unmanaged devices. Some organizations do not allow unmanaged devices.

Devices that are managed or corporate-issued may be treated differently than BYOD or unregistered devices. Typically, these devices have more security-enabling applications installed and can be controlled by corporate tools such as UEMs.

Some organizations may allow unmanaged/unregistered devices, especially for a specific set of users like consultants accessing a limited number of low-risk applications.

For more information on unmanaged device support ⇢ 

Flexible Architecture icon

Device posture reduces risk of malware spread

The Banyan app ensures that the proper applications and settings are configured on end devices to ensure that malware detection is happening, and the spread is prevented.

To further enhance this functionality, integrating with the rest of your security stack is possible. For example, we can integrate with your EDR to reduce or completely cut off access when a device is compromised.

Clientless device trust via API integration with UEM/EDR for easy deployment

Trust scoring uses information collected by the Banyan app from end user devices. This can be further enhanced by getting information on what’s happening on the device from your existing EDR.

Integrations with vendors like CrowdStrike and SentinelOne are achieved through APIs.

More info on Trust Integrations ⇢

Banyan APIs are accessible using a simple Python API client and command-line utility which is available on GitHub.

More info on using pyBanyan and APIs ⇢

Comprehensive visibility

Correlated user, device, security posture, and app activity

Dashboards provide a quick overview of users, devices, security postures, and app activity. A Sankey diagram correlates users, their devices, and the resources they access for easy interpretation.

Rich detail is accessible by clicking on the dashboard widgets or going to the logging section.

Advanced filtering is available to narrow down the information you’re looking for.

Logs can be exported to archive or for use by other tools.

Comprehensive Visibility

Inclusive visibility regardless of user or resource location

Secure Web Gateway (SWG)

See who is using Banyan and Banyan-protected resources, regardless of authentication method

Secure Web Gateway (SWG)

Get a view of what devices workers are using

Secure Web Gateway (SWG)

Gain insight into which resources users access

Secure Web Gateway (SWG)

Widgets show top resources accessed and blocked attempts to help you better understand end user behavior

Easy to interpret dashboards, human-readable policy

Easy to understand end user behavior enables you to craft policies that further protect your organization.

Create simple, human-readable policies without having to write code or learn complex syntax. Policies include who, using what specific devices, can access which resource.

More info on Policy Enforcement ⇢


Integration with security stack

Leverage MDM/UEM for zero-touch installs

Deploying the Banyan app can be done easily leveraging your existing investment in MDM/UEM.

With Zero Touch install, the following steps are automated:


Creating an mdm-config.json file that specifies app functionality


Downloading the latest Banyan app version and installing it (you can also optionally specify an exact app version)


Staging the app with the device certificate that contains user information


Starting the app as the logged-in user

Use Endpoint Detection and Response (EDR) device telemetry data in trust scoring

Trust scoring involves information that the Banyan app collects from end user devices. This can be further enhanced by getting information on what’s happening on the device from your existing EDR.

Integrate with vendors such as CrowdStrike and SentinelOne through APIs.

Banyan APIs permit both automation and data access for use in downstream solutions like SIEM

Automate repetitive tasks from initial deployment to configuration updates, along with monitoring.

Export logs and other information to external systems such as syslog and SIEM.

Leverage Banyan APIs using a simple Python API client and command-line utility available on GitHub.