AIARCOASC Docs

Endpoint, SWG, CASB, DLP

Lightweight endpoint agent feeding a Secure Web Gateway with CASB and DLP policies.

What it is

The endpoint agent enrols managed devices and routes traffic through a Secure Web Gateway that enforces DNS/HTTP policy. CASB inspects SaaS posture (Shadow IT discovery, mis-configuration scoring). DLP inspects in-flight content against custom and managed classifiers (credit cards, PII, code).

When to use it

  • Replace a legacy on-prem proxy with a cloud-delivered one.
  • Block uploads of source code to consumer file-share services.
  • Get visibility into Shadow IT for procurement.

Quickstart

asc edge endpoint enrol --token <enrolment-token>
asc edge swg policy create block-personal-cloud --match 'category in ["file-storage","unsanctioned"]' --action block
client.edge.swg.policy.create(name='block-personal-cloud', match='category in ["file-storage"]', action='block')
await client.edge.swg.policy.create({ name: 'block-personal-cloud', match: 'category in ["file-storage"]', action: 'block' });

Limits & quotas

LimitDefaultBurstNotes
Per user-seat$7 / user-moIncludes SWG + Access seat
SaaS posture (CASB) per connected app$1 / app-mo
DLP inspected GB$0.10
Browser Isolation session-hour$0.50

Pricing

See pricing. Pay-as-you-go, billed monthly via Stripe.

API surface

  • POST /v1/edge/swg/policy
  • POST /v1/edge/casb/connect
  • POST /v1/edge/dlp/classifiers

Required scope(s): edge:write. See Scopes.

Security

All access is authenticated and scoped. See Auth & scopes and Network controls.