Enterprises are increasingly adopting cloud-based software-as-a-service offerings. These services are subject to varied network security risks. Known systems for securing these networks operate by inspecting traffic between servers operating the software-as-a-service and the endpoint operated by a user. These known network security systems typically require complex configuration of the endpoint which increases system complexity. Furthermore, in many cases, the endpoint may not be under the complete control of the enterprise, may be entirely unmanaged, or otherwise un-configurable. In addition to the difficulties inherent in configuring and administering a user-controlled endpoint, it is difficult to ensure traffic captivation for an entire session when network addresses are generated dynamically.