Cloud Access Security Broker (CASB)

Native CASB protection – inspect, control, and log cloud usage without adding complexity.

Cloud adoption introduces new risks: shadow IT, unauthorised SaaS use, and loss of visibility into where data goes. Traditional CASB solutions are often heavy, opaque, and bolt-on – requiring standalone appliances, traffic redirection, or per-app integrations.

Key Features

Native to the platform – no separate install

CASB is hosted directly within evolving ZERO – no need to deploy or manage separate sensors or services.

Deep application fingerprinting

Detect and categorise cloud services in real time, even behind generic domains or CDNs.

Live session inspection

Go beyond DNS or hostname-based detection – classify traffic based on payload, metadata, and behaviour.

Inline policy enforcement

Allow, block, rate-limit, or log based on application, user, group, or device.

App-aware logging and observability

Full audit trail of cloud usage across the platform, visible through standard monitoring views.

Flexible response options

Apply soft block (warn), hard block, or granular allow rules by app, category, or destination.

Works across all access paths

Enforce CASB policies on traffic via ZTNA, EVX sites, or Secure Access Client endpoints.

evolving ZERO includes a fully integrated CASB capability, powered by Zenarmor. Deployed natively within the platform, it allows you to inspect, classify, and control cloud service usage inline – with no extra deployment or rearchitecture required. If you’re subscribed to the CASB module, it’s already there, ready to protect user-to-cloud traffic across your Secure Access Fabric.

Why Evolving CASB over legacy solutions

No redirection or proxy chaining required

Other CASBs require traffic rerouting through central proxy stacks. Ours doesn’t.

Wire-speed performance with deep inspection

Zenarmor uses eBPF and multi-threaded processing – no throughput bottlenecks.

True application-level awareness

Competing products rely on domain lists. Zenarmor classifies actual traffic.

Integrated user and device context

No need to bolt on identity – it’s already tied into the evolving ZERO platform.

Modern CASB featureset

Zenarmor stands apart from legacy CASB solutions with deep application fingerprinting, live traffic classification, and user-aware policy enforcement – all delivered at wire speed. It doesn’t rely on DNS or basic SNI filtering. It inspects real sessions and enforces controls at the point of use.

How Evolving CASB works

Zenarmor inspects traffic inline – it doesn't rely on DNS logs or SNI headers. It watches actual connections in real time and applies policies based on what it sees. Here's what that includes:

Cloud App Detection

It identifies cloud applications in use, even if users don't go through DNS first or if the apps are hosted behind generic domains like cloudfront.net or azureedge.net. Detection is based on traffic behaviour and packet-level signatures, not just URLs.

Category-Based Controls

Applications are grouped into categories (e.g. storage, collaboration, dev tools). You can allow or block whole categories, or make exceptions app by app.

Per-App Policy Enforcement

You can block Dropbox but allow Google Drive. Or block Slack but allow Microsoft Teams. Rules can be tied to user identity, device, or site.

Real-time Visibility

You get live logs of which cloud apps are in use, how much data is flowing, and which users or devices are accessing them.

Inline Enforcement

All of this happens inline – at the point traffic enters the evolving ZERO fabric – not via centralised proxy redirect or log analysis after the fact.

Traffic Shaping

In addition to blocking, you can rate-limit or deprioritise certain cloud apps – useful for non-business traffic like social media or streaming.

TLS Inspection Optional

If enabled, Zenarmor can perform full TLS inspection to see inside encrypted sessions for more accurate app detection and policy control.

No Agent Required

It works passively on the fabric or EVX node – no endpoint software or browser plugin needed.