Introduction. The Safe-T Solution

Similar documents
Introduction With the move to the digital enterprise, all organizations regulated or not, are required to provide customers and anonymous users alike

Introduction. The Safe-T Solution

Introduction. The Safe-T Solution

Today s workforce is Mobile. Cloud and SaaSbased. are being deployed and used faster than ever. Most applications are Web-based apps

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Using AD360 as a reverse proxy server

SAP Security in a Hybrid World. Kiran Kola

AKAMAI WHITE PAPER. Enterprise Application Access Architecture Overview

Securing Your Most Sensitive Data

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

PCI DSS Compliance. White Paper Parallels Remote Application Server

StorageZones Controller 3.3

shiftz Citrix virtual desktops and applications on Microsoft Azure Lieven Van de Walle

CyberP3i Course Module Series

App Gateway Deployment Guide

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

ARCHITECTURAL OVERVIEW REVISED 6 NOVEMBER 2018

Cloud Access Manager Overview

StorageZones Controller 3.4

BIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

1. Introduction. 2. Why Mi-Token? Product Overview

HySecure Quick Start Guide. HySecure 5.0

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: VMWARE IDENTITY MANAGER ARCHITECTURE

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

Indicate whether the statement is true or false.

Web Application Firewall for Web Environments

Microsoft Azure Integration and Security. Course Code: AZ-101; Duration: 4 days; Instructorled

Using Trustwave SEG Cloud with Cloud-Based Solutions

Developing Microsoft Azure Solutions

Optimizing Pulse Secure Access Suite with Pulse Secure Virtual Application Delivery Controller solution

GoAnywhere MFT System Architecture Guide. For High Availability, Scaling, and Performance

All-in one security for large and medium-sized businesses.

Office 365 and Azure Active Directory Identities In-depth

API Security Management with Sentinet SENTINET

DATACENTER MANAGEMENT Goodbye ADFS, Hello Modern Authentication! Osman Akagunduz

Software Defined Perimeter & PrecisionAccess. Secure. Simple.

Check Point vsec for Microsoft Azure

How-to Guide: Tenable.io for Microsoft Azure. Last Updated: November 16, 2018

How-to Guide: Tenable Nessus for Microsoft Azure. Last Updated: April 03, 2018

Designing an Enterprise GIS Security Strategy

O365 Solutions. Three Phase Approach. Page 1 34

SAS and F5 integration at F5 Networks. Updates for Version 11.6

Microsoft Internet Security & Acceleration Server Overview

Simple and Powerful Security for PCI DSS

How to Configure SSL VPN Portal for Forcepoint NGFW TECHNICAL DOCUMENT

Palo Alto Networks PCNSE7 Exam

WHITE PAPER AIRWATCH SUPPORT FOR OFFICE 365

Security in the Privileged Remote Access Appliance

Dell One Identity Cloud Access Manager 8.0. Overview

[MS20533]: Implementing Microsoft Azure Infrastructure Solutions

Using Trustwave SEG Cloud with Exchange Online

VMware AirWatch Cloud Connector Guide ACC Installation and Integration

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: UNIFIED ACCESS GATEWAY ARCHITECTURE

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

BIG-IP V11.3: PRODUCT UPDATE. David Perodin Field Systems Engineer III

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

Verizon Software Defined Perimeter (SDP).

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

CNS-207-2I Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

DreamFactory Security Guide

Introduction to Windows Azure. Managing Windows Azure. Module Manual. Authors: Joey Snow

Hosting DesktopNow in Amazon Web Services. Ivanti DesktopNow powered by AppSense

API Security Management SENTINET

Microsoft Azure Course Content

TestsDumps. Latest Test Dumps for IT Exam Certification

VMware Workspace ONE UEM VMware AirWatch Cloud Connector

Crash course in Azure Active Directory


Implementing Microsoft Azure Infrastructure Solutions

Cloud FastPath: Highly Secure Data Transfer

Configure Unsanctioned Device Access Control

SteelGate Overview. Manage perimeter security and network traffic to ensure operational efficiency, and optimal Quality of Service (QoS)

StorageZones Controller 3

Next Generation Privilege Identity Management

Hybride Cloud Szenarien HHochverfügbar mit KEMP Loadbalancern. Köln am 10.Oktober 2017

Real4Test. Real IT Certification Exam Study materials/braindumps

HikCentral V.1.1.x for Windows Hardening Guide

Implementing Microsoft Azure Infrastructure Solutions (20533)

Trusted Login Connector (Hosted SSO)

Lab Guide. Barracuda NextGen Firewall F-Series Microsoft Azure - NGF0501

En partenariat avec CA Technologies. Genève, Hôtel Warwick,

HikCentral V1.3 for Windows Hardening Guide

Related Labs: Introduction to Universal Access and F5 SAML IDP (Self-paced)

CogniFit Technical Security Details

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

MigrationWiz Security Overview

Security for the Cloud Era

Hypersocket SSO. Lee Painter HYPERSOCKET LIMITED Unit 1, Vision Business Centre, Firth Way, Nottingham, NG6 8GF, United Kingdom. Getting Started Guide

Hybrid Identity de paraplu in de cloud

Sophos Mobile. server deployment guide. product version: 9

VMware AirWatch Content Gateway Guide for Windows

REVISED 4 JANUARY 2018 VMWARE WORKSPACE ONE REFERENCE ARCHITECTURE FOR SAAS DEPLOYMENTS

CYAN SECURE WEB Installing on Windows

VAM. SecureAuth Access Gateway (SAAG) Value-Added Module (VAM) Deployment Guide

Introduction. SecureAuth Corporation Tel: SecureAuth Corporation. All Rights Reserved.

Transcription:

Secure Application Access Product Brief Contents Introduction 2 The Safe-T Solution 3 How It Works 3 Capabilities 4 Benefits 5 Feature List 6 6

Introduction As the world becomes much more digital and global, organizations are opening up their network and internal applications to the outside world (e.g. employees, customers, business partners, 3rd party vendors, mobile, IOT), much more than in the past. But while the amount of external parties is ever growing and evolving, the common methods of providing external parties access, have stayed the same - S/FTP access, VPN and SSL VPN access, reverse-proxy access, RDP, etc. And they all have one common flaw, they provide access before the authenticate, essentially exposing your services to both trusted and untrusted entities. In addition to the above, the common access options, have benefits but also major faults: S/FTP - File servers are simple to deploy and use by either internal or external users, and are usually placed in the DMZ (on-premises or in the cloud) for easy access. However, this methodology is inviting hackers to easily attack such as service, using it as a jump point to the network via the open firewall port or steal its SSL keys and certificates. VPN / SSL VPN - VPNs offer high security by utilizing certificates or other authentication mechanisms. However, they pose various challenges when used by external parties they are complicated to manage due to certificates distribution to partners, they store SSL certificates in the DMZ, they open ports in the firewall, and they provide network access. Reverse Proxy access - everse-proxies are the simplest means of allowing external parties to access internal applications, they are simple to deploy and they offer a wide range of security options. However they pose quite serious security concerns - hackers can easily see and attack them using various SSL/SSH based attacks or OS based vulnerabilities, they store SSL keys in the DMZ (onpremises or in the cloud) unprotected, they require opening ports in the firewall, and more. RDP (Remote Desktop) - remote desktop access is used to allow remote/external access to a specific machine within the network. This access can be granted to organization employees or 3rd party partners, however in most cases the basic requirement is the use of a VPN connection over which the RDP protocol will flow. This results in the VPN deployment challenges discussed above. The Safe-T Solution Safe-T Software Defined Access introduces an evolution in the way organizations grant secure external access to their services. Built on Safe-T s Software Defined Perimeter technology and Integrated Data Security Platform, it offers true secure and transparent access for all entities to internal applications and data. By deploying Safe-T s Software Defined Perimeter architecture organizations can now design and deploy the On-Demand Perimeter. The On-Demand perimeter creates access rules for authenticated users into applications and data, in a fully automated and dynamic fashion. connects to the organization s backend application. Figure 2 - Safe-T Secure Data Access Technology

How It Works As can be seen in figure 1 below, the is composed of three access servers. The solution is deployed in multiple tiers within the organization and cloud: Cloud tier includes the Authentication Gateway which is deployed with the cloud (Amazon, Azure, etc) DMZ tier includes the Access Gateway Lan tier - includes the Access Controller which connects to the organization s backend applications, storages and authentication services (AD, IAM, etc). Organization Public Cloud Authentication Gateway Anti- Malware Finance App Remote Worker Access Gateway Contraller Business App Remote Applications RDP Hacker IAM Contractor, 3rd Party Vendor, Partner DMZ LAN Figure 1 - Safe-T Secure Application Access Figure 2 - Safe-T Secure Data Access Technology

The flow of the solution is as follows: 1 User logs into dedicated authentication portal published by the Authentication Gateway 2 3 4 The user enters the credentials into the portal The Access Controller retrieves the credentials from the Authentication Gateway over a reverse-access connection, and then authenticates the user using - 3rd party IAM/IDP solutions, POST based login, Microsoft Active Directory, SAML, OTP, etc Once the user is authenticated, the Access Controller instructs the Authentication Gateway which applications to display to the user, and instructs the Access Gateway to provide (reverse) access to the specific user to allowed applications 5 6 7 8 The user selects the application which should be accessed The user is redirected to the application s published IP address The user accesses the newly published service Once the user disconnects from the service, the Access Controller instructs the Access Gateway to block access to the specific user to the specific application Capabilities Deploying Software Defined Access for secure application access provides the following capabilities: Firewall is constantly in deny-all state, no open ports required for access Bi-directional traffic is handled on outbound connections from the LAN to the outside world Support a variety of applications HTTP/S, SMTP, SFTP, APIs, RDP, RDH5, WebDAV Allow client-less access to applications and data Robust multi factor authentication options Remove the need for VPN access Perform SSL decryption in a secure zone Scan any incoming traffic for attacks Hide DMZ components which can be hacked and utilized to access the network Provide only direct application/service access, blocking network access

Benefits The benefits of providing application access via Safe-T s Anonymous Application Access: Authenticate before providing access Hide services from unauthorized users Reduce attack surface by closing incoming firewall ports Client-less application access Minimize risk of network DDoS and application level attacks Control user access and usage End-to-end monitoring of application access flow Feature List Feature Comments System Level Features High availability (HA) Ability to perform high availability/clustering mode in the same data center and between data centers can be setup in HA using an external load balancer or application delivery controller. In addition, a single Access Controller can operate with multiple Access Gateways and Authentication Gateways.

Feature List Feature Comments System Level Features Disaster recovery Ability to failover to another data center in the event of application unavailability or site disasters can be setup in a disaster recovery architecture using an external load balancer or application delivery controller Deployment On-premises or Hybrid-cloud Access Features Patented Reverse-Access technology Requires opening firewall ports Safe-T s reverse-access technology is patent protected. The Reverse-access technology is a dual node technology, which removes the need to open any ports within a firewall, while allowing secured application access between networks (through the firewall) No Support any TCP based application / service Logical Network Segmentation HTTPS Proxy supports any TCP based application / service, applying reverse-access to it Logically segment the network, deploying a Zero Trust model, to reduce the risk of cyber-attacks from reaching internal network segments, or laterally moving throughout your network supports HTTP/S based applications / services WebDAV Support supports WebDAV based file access

Feature List Feature Comments Access Features SSL Off-loading Multi-factor authentication support terminating SSL client connections destined to an application / service supports authenticating and authorizing users with multi-factor identity management tools before service requests to back-end applications can take place. Authentication via the organization s LDAP or Active Directory systems, Authentication using OTP as 2nd factor for NTLM or Kerberos Integration with 3rd party authentication solutions NoPost authentication based on emails SSO support Client-less and VPN-less application access Dynamic URL rewriting supporting multidomain applications Per User Group Access Policies Time/Date Based Access Policies does not require any client application to be installed on the end-user s machine Safe-T SDA supports the following rewriting options: Rewriting the destination hostname to defined subdomain Prepending the virtual directory Rewriting both (http / https) protocol to https or http Yes Yes

Feature List Feature Comments Management and Operation Using a Web for full management Yes System logs External Provisioning Yes Yes, via TCP API for reverse-access rules

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback