Experience Aryakas Unified SASE as a Service Take The Interactive Tour >>
Blog Resources Threat Research Lab Contact Us Customer Login Book A Demo
aryaka aryaka

Top Questions

Expand All Collapse All

1. What is “Universal” about Aryaka Universal ZTNA?
+
A: One policy model for all users, devices, and locations—HQ, branches, cloud, and remote—enforced through Aryaka’s global PoPs with per-app access, posture checks, and unified visibility.
2. How is it different from a traditional VPN?
+
A: VPN trusts the network and tunnels everything; ZTNA trusts identity + device + context and grants per-app access only. This reduces lateral movement, improves user experience, and simplifies policy.
3. Do we support both agent-based and clientless access?
+
A: Yes. Agent-based for any app/protocol and eventually, clientless for browser-accessible apps—both under the same policy and analytics.
4. What apps and protocols are supported?
+
A: Web (HTTP/S) and common client/server apps (e.g., RDP, SSH, DBs) via the agent; browser apps via clientless. (See “Details we’d like to confirm” for specific UDP lists.)
5. Which identity providers do we integrate with?
+
A: Standards-based SAML with major IdPs (e.g., Okta, Entra ID, etc.); we inherit MFA/SSO and can apply step-up based on risk/posture.
6. What device posture checks are available?
+
A: OS/platform, encryption, firewall status, certificate/trust, and other health signals to gate access before session start.
7. Can we segment access at a very granular level?
+
A: Yes—per-app micro-segmentation (FQDN/IP/port/path) with identity, group, device, and posture context. Policies are reusable across sites and users.
8. How does performance compare to VPN?
+
A: Users attach to the nearest Aryaka PoP; traffic rides Aryaka’s backbone with single-pass security—lower latency, fewer re-encryptions, and better SaaS/app responsiveness.
9. How does ZTNA interact with our SWG/NGFW/CASB/DLP?
+
A: It’s native to Aryaka Unified SASE: ZTNA grants per-app access, and traffic is inspected by SWG/NGFW/IPS with CASB and Next-Gen DLP for controls. This means one policy plane, one set of logs.
10. Can we handle unmanaged or BYOD devices?
+
A: Yes, eventually—with the future addition of clientless access combined with Next-Gen DLP controls for uploads/downloads, and we would require step-up auth for sensitive apps.
11. Does it work for contractors and third parties?
+
A: Yes—onboard external identities via the customer’s IdP or a partner directory; restrict access to specific apps with time-bound policies.
12. How are DNS and private name resolution handled?
+
A: Connectors forward requests to customer-authoritative DNS; ZTNA resolves internal FQDNs per policy without exposing the private network.
13. What happens if a PoP or link fails?
+
A: Sessions fail over to the next best PoP; connectors are HA-capable; policies are cloud-hosted for rapid recovery.
14. Can we do split-tunneling per application?
+
A: Yes—per-app steering. Private apps traverse ZTNA; public/SaaS can go direct or through SWG, depending on policy.
15. How are threats like credential theft or token replay mitigated?
+
A: Short-lived, identity-bound sessions, posture re-checks, device certs, and continuous policy evaluation; risky posture triggers step-up or block.
16. Is traffic inspection encrypted end-to-end?
+
A: Yes—TLS to PoP, single-pass inspection within the platform (per policy), and encrypted onward to the destination or connector.
17. What telemetry and logs are available?
+
A: Per-user/per-app sessions, posture decisions, policy hits, and block/allow events. Export to SIEMs for correlation.
18. How does Universal ZTNA help with Shadow IT discovery?
+
A: Observability through Aryaka NGFW, CASB, SWG, and AI>Secure surfaces unsanctioned AI/tools and unknown destinations; with Universal ZTNA you can classify, allow with guardrails, or block and coach behaviors.
19. Can we enforce data controls (uploads/downloads) through ZTNA sessions?
+
A: Yes—tie Universal ZTNA to CASB/Next-Gen DLP to monitor/redact/block sensitive data in real time, including for AI/GenAI traffic.
20. What’s the deployment model and time to value?
+
A: Cloud-delivered. Roll out the agent to users, drop connectors near apps, integrate IdP, and apply baseline policies—phased VPN co-exist/replace is common.
21. How is it packaged and licensed?
+

A: Three tiers:

  • Tier 1 – Secure Remote Access: Secure remote access from anywhere + access to the Zero Trust client.
  • Tier 2 – Essential Universal ZTNA: Everything in Secure Remote Access, plus device posture checks and security policy enforcement at the Unified SASE plan level.
  • Tier 3 – Advanced Universal ZTNA: Everything in Essential Universal ZTNA, plus security policy enforcement at the Advanced Security plan level.
22. Does it support regulatory, and data-residency needs?
+
A: Policies/logs can be scoped by region, and traffic rides Aryaka’s backbone with regional PoPs; confirm specific residency options per customer region.
23. What migration guidance do we give to replace VPNs?
+
A: Start with per-app access for high-value apps, onboard pilot users, enforce posture, then expand; keep VPN only for legacy edge cases until retired.

1. What does the new MyAryaka Landing Page offer?
+

A: The new MyAryaka Landing Page is your morning dashboard — a single view of everything that matters about your Aryaka service. It delivers instant insights into the health and performance of your global network through Aryaka’s Unified SASE as a Service platform, which brings networking, security, and observability together in one seamless experience.

With one glance, you can see how your sites, users, and applications are performing across Aryaka’s Zero Trust WAN, monitor real-time security intelligence from features like the Intrusion Prevention System (IPS), and stay ahead of emerging threats — including Shadow AI activity.

Built for simplicity and speed, MyAryaka gives you the visibility to detect, prevent, and act faster — all without navigating through multiple tools or pages.

If you would like to explore the new MyAryaka landing page or unlock advanced visibility and analytics? Contact Aryaka to learn more or enable these features for your organization.

2. How do I get access to the new MyAryaka Home page?
+

A: Great news – there’s nothing you need to do! The new MyAryaka Home Page is automatically available to all customers from Day One, with no activation or installation required.

Just log in to your MyAryaka Portal, and you’ll see the new landing page experience right away.

If you don’t see the updated layout or features, simply contact Aryaka Customer Support, and our team will make sure your account is running the latest version.

3. Why does the Site count differ from my licensed site count?
+

A: The Site Status widget displays all licensed access points configured under your Aryaka service — not just your physical locations. This includes:

  • Your physical and virtual branch sites
  • Remote user access points
  • Accelerated SaaS application access points

Because these all count as part of your licensed Aryaka service, the number shown here may be higher than your physical site count — offering a complete view of your connected network footprint.

4. What does “Error” mean on the Site Status widget?
+

A: An “Error” status means that one or more critical conditions have been detected for that site — for example:

  • The site-to-Aryaka POP connection is down
  • An ANAP interface is offline
  • The site is unreachable from the Aryaka Core

No need to guess what’s wrong — just click the site name to open its detailed status page and view the exact issue and next steps.

5. What does “Warning” mean on the Site Status widget?
+

A: A “Warning” status means your site is operational, but there’s a condition that could impact performance if not addressed.

For example, if one of your two tunnels to the Aryaka POP is down, traffic will continue through the other tunnel — just with reduced redundancy or bandwidth.

Warnings act as early indicators, helping you spot and fix potential issues before they affect users or applications.

6. Why does my site’s utilization bar show more than 100%?
+

A: Aryaka’s adaptive bandwidth management allows sites to burst above their committed bandwidth during periods of high demand.

When this happens, you might see utilization exceed 100%. This is expected and indicates that your site is temporarily leveraging additional bandwidth to maintain performance.

You can learn more about Aryaka’s bursting capabilities here.

7. Why do some widgets say “No data available”?
+

A: If a widget shows “No data available,” it usually means there’s not enough recent activity or telemetry to display results. Common reasons include:

  • No traffic during the selected time range
  • The feature or service isn’t currently generating data
  • Your site’s data plane version may need an upgrade

Try adjusting the time range in the top-right corner of the page. If data still doesn’t appear, contact Aryaka Customer Support to confirm your configuration or request an update.

8. Why do some widgets say “Not Enabled”?
+

A: Widgets marked “Not Enabled” simply mean the corresponding service isn’t yet active for your account. Examples include:

  • Remote User Access
  • Intrusion Prevention System (IPS)
  • Cloud Access Security Broker (CASB)

Once these features are part of your service package, the widgets will automatically begin showing live data and analytics.

If you’d like to activate any of these services, please contact Aryaka Customer Support to enable the feature for your account.

9. What’s next for the MyAryaka Home experience?
+

A: Aryaka will continue expanding the MyAryaka Home experience with new widgets and richer insights into user risk, application performance, and security posture.

Upcoming releases will introduce advanced drill-down views, allowing you to move seamlessly from overview dashboards to detailed analytics and event data — for faster, smarter decision-making.

These enhancements are part of Aryaka’s vision to make MyAryaka your centralized hub for visibility and action – helping you monitor, analyze, and act on your network and security data faster than ever before.

1. What is AI Secure?
+
A: AI Secure is a comprehensive solution that ensures the safe, secure, and ethical use of AI across your organization. It provides real-time risk detection, threat prevention, and governance capabilities to protect sensitive data, maintain compliance, and promote responsible AI adoption among employees.
2. Why do organizations need AI Secure?
+
A: With the rapid adoption of generative AI, employees often use AI tools without visibility or controls, leading to risks such as data leakage, prompt injection, malicious responses, and policy violations. AI Secure eliminates these risks by offering full visibility, runtime protection, and governance for all AI activities.
3. How does AI Secure protect against AI-related threats?
+

A: AI Secure uses real-time monitoring and NLP-based detection models to identify and block:

  • Prompt injection and jailbreak attempts
  • Unsafe or malicious AI responses
  • Data exfiltration via AI prompts
  • Harmful or misleading AI-generated content

It enforces runtime guardrails to prevent unsafe interactions before damage occurs.

4. What makes AI Secure different from traditional security tools like CASB or DLP?
+

A: Traditional tools were not designed for AI-driven interactions or natural language–based risks. AI Secure adds a contextual understanding layer using AI-aware inspection, enabling it to:

  • Understand and analyze natural language prompts
  • Detect intent and semantic risk, not just keywords
  • Enforce AI-specific data and compliance policies
  • Govern employee AI behavior across sanctioned and unsanctioned tools
5. What are the core pillars of AI Secure?
+

A: AI Secure is built on three key pillars:

  • Discovery & Insight – Identify all AI tools, users, and data interactions (Shadow AI visibility).
  • Runtime Protection & Prevention – Detect and stop unsafe prompts, malicious responses, and sensitive data exposure in real time.
  • Governance & Reporting – Maintain compliance with evolving AI regulations (EU AI Act, NIST AI RMF, ISO) and provide audit-ready reporting.
6. How does AI Secure help with compliance and governance?
+

A: AI Secure automatically maps AI usage to key compliance frameworks, including:

  • EU AI Act
  • ISO 42001 (AI Management System)
  • NIST AI Risk Management Framework
  • SOC 2 / GDPR alignment

It provides policy-based access control and ensures ongoing responsible AI governance.

7. Can AI Secure detect “Shadow AI” usage?
+
A: Yes. AI Secure’s Discovery & Insight module continuously monitors AI traffic to detect unauthorized or unknown AI tools used by employees. It provides app risk scores, usage dashboards, and user-level visibility, helping security teams control unapproved AI usage.
8. How does AI Secure prevent data leaks to public AI tools like ChatGPT or Gemini?
+

A: When employees interact with AI platforms, AI Secure inspects prompt and response content in real time. If sensitive data (PII, source code, CC, etc.) is detected, AI Secure can:

  • Block / Deny the prompt
  • Coach the user with feedback
  • Log the event for audit and compliance tracking
9. How is AI Secure delivered and deployed?
+
A: AI Secure is a cloud-delivered solution, requiring no endpoint agent or complex setup.
10. How does AI Secure integrate with existing security tools?
+

A: AI Secure integrates seamlessly with:

  • SIEM / SOAR for incident visibility and response
  • Identity providers (Okta, Azure AD) for user context
11. How is AI Secure’s protection enforced in real time?
+

A: AI Secure sits in the AI interaction path, analyzing prompts and responses on the fly. It applies AI Guardrails using:

  • NLP based context analysis
  • Policy-driven action (block, coach, allow)
  • Continuous learning from user and threat patterns
12. How does AI Secure promote responsible AI usage among
+
A: AI Secure embeds user coaching directly into the workflow, providing real-time feedback when unsafe or non-compliant prompts are detected. This helps employees learn responsible AI behavior, fostering trust, and accountability while maintaining productivity.
13. What benefits does AI Secure provide to CISOs and compliance teams?
+
  • 360° visibility into all AI activity and risks
  • Reduced data exposure from unsanctioned tools
  • Continuous compliance and audit readiness
  • Improved employee AI awareness
  • Stronger overall AI security posture
14. What ROI can organizations expect from AI Secure?
+

A: Customers typically see:

  • 20–30% reduction in AI-related security incidents
  • 55% cost optimization with NLP model improvements
  • Higher user productivity due to safe enablement of AI tools
  • Faster compliance reporting through automation

1. What is Aryaka Next-Gen DLP?
+
A: It’s an advanced DLP capability built directly into Aryaka’s Unified SASE platform, using AI-powered language and contextual analysis to protect sensitive data across apps, networks, users, and locations.
2. What problems does it solve vs. legacy DLP?
+
A: Beyond basic pattern matching, NG-DLP adds NLP/context so you can see sensitive data flows in real time and block leakage before it happens, strengthening compliance while reducing manual effort.
3. Where is it enforced in the SASE stack?
+
A: At Aryaka PoPs in a single-pass (OnePASS™) architecture alongside NGFW, SWG, DNS Security, IPS, Anti-Malware, CASB, and Universal ZTNA – so controls are consistent and efficient.
4. What makes it “next-gen”?
+
AI-powered named-entity recognition (NER) and contextual analysis, image OCR and API/LLM request inspection.
5. Can it govern API and AI/LLM traffic?
+
A: Yes – NG-DLP can scan API request/response bodies, including APIs that access LLMs.
6. Does it support redaction inline?
+
A: Yes – full text, inline traffic redaction is supported.
7. How does it help with audits and compliance?
+
A: Centralized policies, masked-at-ingestion evidence, data retention controls, export controls, RBAC, and audit logs with audit packs mapped to GDPR/HIPAA/PCI.
8. What visibility do admins get?
+
A: Security events (e.g., policy hits) and asset data are presented in a common MyAryaka UI for unified observability.
9. Can NG-DLP protect data inside images and scans?
+
A: Yes – image-based detection extracts text from images and document formats for classification via OCR.
10. How does NG-DLP integrate with other SASE controls?
+
A: It’s part of the single-pass PoP stack and works with SWG/NGFW/IPS and CASB for deeper SaaS controls under a unified policy plane.
11. What outcomes can customers expect?
+
A: Stronger security posture, fewer manual processes, and proactive prevention that reduces risk of fines, IP loss, and reputational damage.
12. Does it protect remote users as well as sites?
+
A: Yes – NG-DLP protects data everywhere (users, sites, cloud) and offers both site-based and user-based licenses for remote users.
13. What are the licensing prerequisites?
+
A: NG-DLP is part of Aryaka Advanced Security. Entitlement includes all Aryaka SD-WAN and Unified SASE features plus CASB and NG-DLP.
14. How is NG-DLP licensed?
+
A: Two types – site licenses (enable NG-DLP at a location) and user licenses (for remote users).
15. How does NG-DLP support regional policies and data residency?
+
A: You can scope controls and evidence handling by region/tenant, apply residency and retention control exports to minimize exposure.
16. What’s the relationship between ZTNA and NG-DLP?
+
A: Universal ZTNA governs who/what can connect per app; NG-DLP (with CASB when needed) governs what data can move – so uploads/downloads in ZTNA sessions can be monitored, redacted, or blocked in real time.
17. Why is “single-pass” important?
+
A: Traffic is inspected once across multiple security controls at the PoP, reducing latency and operational complexity while keeping policies consistent.