Advancing the State of Cyber Security, One Brick at a Time
Cryptzone is serious about the Software-Defined Perimeter. We’ve taken a leadership role within the Cloud Security Alliance (CSA), and invested time and effort contributing to the Software-Defined Perimeter core specification and IaaS initiative. All of this is helping us as an industry (and as a vendor) drive the changes that are needed to better protect organizations against today’s cyber threat landscape.
But building enterprise security systems is hard work – these solutions have to be robust, work smoothly with a great user experience, and be relatively simple to deploy. At Cryptzone, our product engineering teams have worked hard to achieve our mission – helping enterprises more easily protect themselves with this innovative Software-Defined Perimeter approach to network security.
Today we’re pleased to announce the newest version of our solution, AppGate, with some great capabilities that help make the Software-Defined Perimeter even more ready for the enterprise. In particular, we’ve enhanced some of the high availability and load balancing capabilities, and improved the process for securely onboarding user devices.
Building Bridges between Security Silos
But today I want to focus on one area in particular that we’re most excited about – building bridges between security silos. First, some context – keep in mind that a Software-Defined Perimeter solution connects the user and his or her device to authorized services. Because of this, it has a unique place in the security architecture, and when properly done can significantly improve overall security.
In our newest version of AppGate, customers can now perform real-time policy checks that tie together user, system, and global attributes at both time of authentication as well as at time of access. Customers can now create more effective access policies, which use attributes obtained from the client device, from Identity Management systems, or from essentially any system. This extensible set of attributes can be obtained (and policies enforced) not just when the client initially authenticates, but also at the time the client is in the process of accessing a protected resource.
Real-time Policy Check Examples
To illustrate this, here are a few examples of what AppGate could check in real-time against the policies, for each specific user.
- User attributes from an IAM system to determine whether they should access a target resource – for example membership in a directory group.
- Device profile – for example whether antivirus software is currently running on the client. A device could be blocked unless it has antivirus running.
- A global attribute, such as checking IP geolocation to ensure a user is accessing the network from an acceptable place. This could block a user, or prompt for multi-factor authentication if the users is in a questionable location.
- Business context – In a service desk scenario, AppGate can dynamically adjust access only to servers for which a user is temporarily authorized by the presence of a valid service desk (ITSM) ticket mapping the user to a server.
In addition, because AppGate sees all network activity initiated from the client device, it can easily detect unauthorized activity such as a port scan, and respond by notifying a SIEM or IDS, and remediate via actions such as revoking user access or forcing re-authentication.
Cryptzone is proud to be part of the SDP movement that’s helping change and improve the way enterprises are protecting themselves, and we’re very happy to see that this new approach is gaining traction, being eagerly embraced by enterprises, and endorsed and promoted by analysts.
SDP represents an exciting and in some ways fundamental change in how enterprises are thinking about information security, supported by a growing set of vendors (like Cryptzone), industry organizations like the Cloud Security Alliance, industry analysts, and system integrators.
If you’d like to learn more about this new approach, visit Why a Software-Defined Perimeter?