Contributed by Safe-T
Safe-T provides a secure application and file access solution with 1) An architecture that implements Zero Trust Access, 2) A proprietary secure access control channel that enables users granted appropriate permissions access to shared sensitive files and folders, and 3) User behavior analytics.
Why The Traditional Network Security Perimeter Is Obsolete
Most data centers implement a security perimeter model that establishes zones of trust based on ranges of IP addresses. They deploy back-to-back firewalls creating a DMZ that separates their trusted internal network from the external untrusted internet.
For the following reasons the traditional security perimeter topology is a flawed paradigm with vulnerabilities and risks that are increasingly difficult for security teams to manage.
Trusted Zones: A hacker who infiltrates the inner firewall of an organization is inside what is regarded as a trusted area. The hacker can then move about laterally stealing credentials and using them to capture and exfiltrate valuable digital resources.
Cyber Attacks: Hackers can bypass and exploit the architecture of a traditional security perimeter. They can use spear phishing attacks, exploit misconfigured firewalls, distribute malware via websites, and collaborate with malevolent insiders.
Mobile Workers: Company networks are expanding in size and complexity. Employees, contractors, and partners use laptops and other mobile devices offsite in locations external to the trusted perimeter network. They connect to company backend servers via Wi-Fi hotspots while sipping a latte in coffee houses, waiting for a plane in an airport lounge, and connecting from other locations anywhere in the world.
Cloud Applications: Companies are increasingly deploying their web applications and data on public clouds such as Amazon Web Services and Microsoft Azure. These public clouds are typically located in geographically locations remote from an organization’s trusted perimeter network.
VPNs: Using VPNs to access an internal network can create a vulnerability if an administrator grants overly broad permissions to users. VPNs are often configured enabling users to access the inner network as if the user was onsite in a company office.
An additional problem with VPNs is they create a high level of risk that malware in a user’s device can spread to an inner network.
Security professionals have come to the realization the traditional perimeter security model is not able to safeguard access to critical IT resources.
What Is Zero Trust Network Access
These are key principles of a Zero Trust network:
Trust Nothing: Users and network traffic are not trusted until verified. Users whether inside or outside the organization’s network should never be trusted by default.
Visibility: Backend servers are not visible to unauthenticated users.
Authentication: Authentication workflows for a user or group should include context-aware data such as device ID, geographic location, and the time and day the user requests access.
Granularity: Zero trust supports network micro-segmentation isolating IT resources to limit threats. It also implements a policy of least privilege by enforcing controls that enable users to have access only to resources needed to perform their jobs.
Logs: All traffic internally as well as externally is logged to detect malicious or anomalous events.
Safe-T’s Zero+ Architecture
Safe-T provides a secure application and file access solution with 1) An architecture that implements Zero Trust Access, 2) A proprietary secure access control channel that enables users granted appropriate permissions access to shared sensitive files and folders, and 3) User behavior analytics.
Safe-T Software Defined Perimeter
Safe-T Zero+ Capabilities
- Users who want to access a protected server must successfully authenticate and be authorized at an authentication gateway.
- Configurable policies define orchestrated authentication steps each user or group member is required to perform.
- Backend servers are not visible to unauthenticated users. The probability of successful attacks is minimized following Safe-T’s axiom: If you can’t be seen, you can’t be hacked®.
- Eliminates the possibility of users establishing a direct connection from an untrusted network to specific hosts in the internal Provides URL rewriting to hide backend services.
- Implements a patented technology to eliminate the need to open incoming ports in the internal firewall. Eliminates the need to store sensitive data in the DMZ.
- Support a variety of communication protocols: HTTP/S, SMTP, SFTP, APIs, RDP, WebDAV.
- Extends to on premises, public, and hybrid cloud. Zero+ can be deployed on AWS, Azure, and other cloud infrastructures protecting both cloud and on-prem resources.
- Provides user behavior analytics capability that monitors the actions of protected web applications. A dashboard displays security related events and aggregated statistics. Administrators work at the dashboard to inspect details about anomalous behavior that can trigger alerts and identify suspicious activities.
- Provides a unique, native HTTPS-based file access solution for NTFS file system, replacing the vulnerable SMB protocol. Users can create a standard mapped network drive in their Windows explorer providing a secure, encrypted, and access-controlled channel to shared backend resources.
Conclusion
Implementing Safe-T Zero+ in your organization helps protect your data center from cyberattacks that could be successful against a traditional security perimeter. Safe-T Zero+ also helps ensure regulatory bodies that your company is meeting information governance and security regulations.
CISO MAG does not evaluate the advertised product, service, or company, nor any of the claims made by the advertisement. The facts, opinions, and language in the article do not reflect the views of CISO MAG and CISO MAG does not assume any responsibility or liability for the same.
