Endpoint, SWG, CASB, DLP
Lightweight endpoint agent feeding a Secure Web Gateway with CASB and DLP policies.
What it is
The endpoint agent enrols managed devices and routes traffic through a Secure Web Gateway that enforces DNS/HTTP policy. CASB inspects SaaS posture (Shadow IT discovery, mis-configuration scoring). DLP inspects in-flight content against custom and managed classifiers (credit cards, PII, code).
When to use it
- Replace a legacy on-prem proxy with a cloud-delivered one.
- Block uploads of source code to consumer file-share services.
- Get visibility into Shadow IT for procurement.
Quickstart
asc edge endpoint enrol --token <enrolment-token>
asc edge swg policy create block-personal-cloud --match 'category in ["file-storage","unsanctioned"]' --action blockclient.edge.swg.policy.create(name='block-personal-cloud', match='category in ["file-storage"]', action='block')await client.edge.swg.policy.create({ name: 'block-personal-cloud', match: 'category in ["file-storage"]', action: 'block' });Limits & quotas
| Limit | Default | Burst | Notes |
|---|---|---|---|
| Per user-seat | $7 / user-mo | — | Includes SWG + Access seat |
| SaaS posture (CASB) per connected app | $1 / app-mo | — | |
| DLP inspected GB | $0.10 | — | |
| Browser Isolation session-hour | $0.50 | — |
Pricing
See pricing. Pay-as-you-go, billed monthly via Stripe.
API surface
POST /v1/edge/swg/policyPOST /v1/edge/casb/connectPOST /v1/edge/dlp/classifiers
Required scope(s): edge:write. See Scopes.
Security
All access is authenticated and scoped. See Auth & scopes and Network controls.