Six integrated capabilities.
One unified platform.
Calbrate doesn't resell iboss — we architect it. Every deployment is custom-designed by engineers who built iboss from the inside. The same platform protecting Fortune 500 companies, configured for your environment.
Secure Web Gateway
Full session telemetry with behavioral context. Advanced threat protection, SSL inspection, and content filtering across every web request in real time.
Zero Trust Network Access
Replace legacy VPNs with identity-verified, application-level access. Every user, every device, every connection verified continuously.
AI-Powered CASB
Signatureless cloud app security with dual-risk scoring. Detects data uploads to any application — including zero-day apps not in traditional databases.
Data Loss Prevention
Content-aware DLP inspecting data in transit. Prevents student records, PII, and district data from exfiltration through any application or service.
Browser Isolation
Web content executes in an isolated cloud container. Only safe pixels stream to the user. Zero malware, zero exploits, zero data extraction.
Zero Trust SD-WAN
Secure connectivity for every building. Integrated security eliminates legacy firewalls at each location. Auto-mesh topology with UDP encryption.
Full session telemetry with behavioral context.
SSL/TLS Inspection
Full decryption and inspection of encrypted traffic. Over 90% of web traffic is encrypted — without inspection, threats hide in plain sight. Selective bypass for banking and health sites.
Advanced Malware Defense
Multi-engine scanning with behavioral analysis and sandboxing. Zero-day malware detected through behavior, not signatures. Cloud-delivered updates in real time.
URL & Content Filtering
80+ content categories with granular policy control. Time-based policies for educational hours vs. after-school. Custom allow/block lists per building, grade, or user group.
Threat Intelligence
Real-time threat feeds from iboss's global network — 150B daily transactions surface emerging threats. IP reputation, domain age analysis, and behavioral scoring.
Safe Search Enforcement
Force safe search across Google, Bing, YouTube, and other search engines. Restrict YouTube to education mode. Apply across all devices, all networks, all locations.
Bandwidth Management
Prioritize educational traffic during school hours. Limit streaming and social media bandwidth without blocking entirely. QoS policies per application category.
Replace legacy VPNs with identity-verified, application-level access.
Device Posture Assessment
Verify OS version, encryption status, endpoint protection, and certificate compliance before granting access. Non-compliant devices blocked automatically.
Application-Level Access
Users access specific applications — never the underlying network. Internal apps, SaaS platforms, and cloud resources each have individual access policies.
Continuous Verification
Access isn't a one-time check. Sessions are continuously monitored for risk changes. If a device becomes compromised mid-session, access is terminated in seconds.
Adaptive Access Policies
When CrowdStrike or Microsoft Defender detects a threat, iboss automatically adjusts access. Step-up MFA for sensitive resources. Risk-based authentication in real time.
VPN Elimination
No more split tunneling debates. No VPN concentrators to maintain. No client compatibility issues. Background security that users don't even notice.
Identity-First Architecture
Integrates with any identity provider — Azure AD, Google Workspace, Okta. Policies follow the user identity, not the network location.
Signatureless cloud app security with dual-risk scoring.
Signatureless AI Detection
No dependency on fixed app databases. AI analyzes traffic behavior to identify and classify any cloud application — even brand-new or custom-built ones.
Dual-Risk Scoring
Scores both application risk AND data risk separately. A trusted app can still have a high data-risk score if sensitive information is being uploaded.
GenAI Security
Monitor and record conversations across ChatGPT, Copilot, Gemini. Block sensitive data uploads to AI services. Create security incidents automatically.
Shadow IT Discovery
Automatically discover and assess unknown cloud applications employees are using. Full visibility into unapproved SaaS, file sharing, and communication tools.
File Upload Control
Track and analyze all file uploads across cloud applications. Label apps as tolerated or risky. Allow small uploads to approved apps while blocking transfers to risky ones.
Form Data Inspection
AI-powered analysis of form data before submission. Detect sensitive information — PII, financial data, student records — entered into web forms across any cloud application.
Content-aware DLP inspecting data in transit.
Exact Data Matching
Upload your sensitive data fingerprints. iboss detects exact matches in transit — student SSNs, employee IDs, specific records. Zero false positives on known data.
Microsoft Purview Integration
Extend Microsoft sensitivity labels across the iboss platform. Unified DLP policies that follow data from endpoint to cloud to network. No gaps between Microsoft and web traffic.
Multi-Channel Inspection
DLP across web uploads, form submissions, email attachments, cloud storage, and AI platforms. Consistent policies regardless of how data leaves your network.
FERPA Compliance
Pre-configured detection patterns for student education records. Prevent unauthorized sharing of grades, disciplinary records, health information, and PII.
Custom Detection Patterns
Build your own detection rules for district-specific data. Match internal document formats, grant numbers, or confidential project identifiers.
Incident Management
Automated security incidents with detailed forensics and user attribution. Severity scoring, workflow routing, and compliance reporting.
Web content executes in an isolated cloud container.
Cloud Container Execution
All web rendering happens in a disposable cloud container. Code, scripts, and downloads never touch the endpoint. Container destroyed after each session.
Pixel-Only Streaming
Users see a visual representation of the web page — not the actual code. Malware, exploits, and malicious scripts cannot execute because they never reach the device.
Risk-Based Isolation
Isolate only risky or uncategorized sites. Known-safe sites render normally for performance. Unknown or suspicious sites automatically route through isolation.
Data Extraction Prevention
Block copy-paste, downloads, and printing from isolated sessions. Content stays in the container. Even if a user visits a phishing site, credentials can't be harvested.
Secure connectivity for every building.
Auto-Mesh Topology
Automatic site-to-site connectivity between all locations. No complex routing tables. Add a new school building and it joins the mesh automatically with full security.
UDP Encrypted Transport
Ultra-fast encrypted connections using UDP — lower latency than traditional TCP-based SD-WAN. Optimized for video conferencing and cloud-based testing platforms.
Firewall Replacement
Eliminate on-premises firewall appliances at every location. Cloud-delivered FWaaS with the same inspection capabilities. No more hardware refresh cycles.
BYOD Network Security
Secure every device on the network — managed and unmanaged. Student personal devices, teacher phones, IoT sensors. Uniform security without requiring endpoint agents.
Multi-WAN Failover
Aggregate multiple ISP connections per site. Automatic failover, load balancing, and bandwidth optimization. Zero-bandwidth charges between sites.
Cloud Gateway Extension
Extend iboss SASE into AWS, Azure, and data center environments with dedicated cloud gateways. Consistent policies everywhere.
Every capability integrated.
Single console. Single policy engine.
Beyond the six core pillars, the iboss platform includes capabilities that enterprise security teams expect — configured by Calbrate for the K-12 and government environment.
Universal SSO Integration
Unlimited concurrent identity providers. Dynamic policy based on Azure groups or Google OUs. Step-up MFA for sensitive resources.
Adaptive Access Control
Real-time response to endpoint security signals. When CrowdStrike or Defender detects a compromise, iboss terminates access in seconds.
GenAI Security Governance
Comprehensive controls for ChatGPT, Copilot, Gemini. Monitor conversations. Block sensitive data uploads. Enforce approved AI tool usage.
SaaS Security Posture (SSPM)
AI-powered continuous assessment of SaaS configurations. Detect misconfigurations, excessive permissions, and risky sharing.
Digital Experience Monitoring
Measure connection quality between clients, proxies, and servers. Identify performance bottlenecks before users complain.
AI-Powered Dashboards
Customizable layouts with AI-driven insights. Prioritize the most severe, actionable incidents automatically.