The Coronet SecureCloud system is built of two main components - the SecureCloud Server and the Coronet client application.
The SecureCloud Server communicates with the corporate cloud services (typically SaaS) via their APIs in order to detect abnormal user activity and behaviour and to detect various service threats (e.g. the presence of sensitive information, malware, etc.).
If a risk is detected, and based on the actions defined in the security policy rules, the admin may be alerted, or mitigate the risk by taking service enforcement action (such as restricting user access, limiting sensitive data collaboration, etc.) may be taken on the service using the service API.
At the Coronet client application side, the Coronet application monitors and detects device and network vulnerabilities, assesses their risk, and based on the security policy rules will alert the user, alert the admin, or mitigate the risk by taking service enforcement action (such as restricting user or device access to the service).
A Device Acces Control module on both the server and the client applciation makes sure that only protected devices can access the corporate services, and is also used as a 2FA to authenticate corporate users (see the Device Access Control guide for more details).