Access Methods

Secure Access

Security is crucial to organizations. You want to provide access to business resources, but you must be able to do so securely. Failure securing access to your organization can result in financial loss, financial penalties, litigation and significant reputation damage.

At the same time, you have mounting pressure to provide nearly ubiquitous access to information from anywhere on any device.

These two forces have always been opposed: Security versus access.

You don’t have to fight these battles any longer. It is possible to enable mobility and provide higher levels of security with Total Access Control. Here are some of the ways that TAC helps you to do this:

TAC is a Reverse Proxy Solution

This means that TAC inspects every connection before it can connect to your corporate resources, regardless of whether those resources exist in your local datacenter or in the cloud. Furthermore, you get to determine what criteria users must meet before getting access.

  • No direct connection to resources – users must pass inspection through TAC first

  • Every connection is validated before allowing access – this includes robust endpoint inspection, credentials verification, device validation and much more

  • Each connection to each resource must pass the security policies you have set before access is granted

  • Per-application policies – each resource can have its own rules for access. This allows for variable access and even partial access to resources. No longer do you have to deal with “all or none” security policies

  • Dynamic Gateway – TAC intelligently reacts to each request for access and make determinations based on that particular user and their access criteria (device, device status, location, credentials and much more)

  • Customized Authentication based on risk – TAC allows for variations in authentication based on criteria you determine. For example, prompting for extra authentication for certain, more sensitive applications, or only allowing managed corporate devices to access certain resources

End Point Awareness

Understanding what’s happening on a user’s device is crucial.

Access isn’t just about username and password, it’s also about the context of access. To be able to determine the context, it’s important to understand what’s happening on the endpoint. TAC provides robust end point inspection and can determine factors such as:

Operating System
Patch level
Hardware Device
Antivirus (current)
Anti-spyware
Specific installed software
Registry key entries

Certificates
Domain joined status
Hidden files
Network location
Device specifications (such as screen size, etc.)
Pin code
And more

Security Inspection

Being able to inspect the traffic for potential issues and block threats is critical. TAC manages this on multiple levels.

TAC is not only able to identify and block typical threats, but it can also provide a higher level of security in the way it delivers and secures access to applications. TAC has been designed from the ground up for security and performance with standard features such as:

Phishing Protection

Phishing attacks are rampant. Lost credentials are a huge risk for any organization. With TAC, you can protect yourself so that even if your end user loses or gives their credentials to a hacker, they still cannot get past TAC. TAC can use multiple factors of authentication (such as binding a specific device to a user’s account) to restrict access to only those people you know and trust, and not the hackers.

GeoIP Intelligence

Knowing where a request for access originates can be extremely helpful in determining who gets access and who doesn’t. TAC has built-in GeoIP Intelligence that lets you block or allow access from specific geographies. You can even do this for specific resources. For example, you can allow access to email from anywhere, but block access to financial applications from outside of your home country.

Brute Force Protection

Understanding when someone is trying to break down the door or compromise your organization is important. But, so is keeping your organization moving. Many applications or cloud services will lock out a user’s account if there are too many invalid attempts to log in. While this can be effective at slowing the hackers down, it also stops your employees cold. TAC provides brute force protection, but also allows your users to get on with their day without interruption, giving you both security and an uninterrupted experience for your legitimate end users.

Denial of Service Protection

Being able to identify when someone is trying to flood your organization and keep it from operating normally is highly desirable. TAC can identify these types of attacks and block the offending nodes while keeping operations open for your own users/partners, etc.

Port Scanning Protection

It’s widely known that applications tend to transact their data across specific ports. The hackers know this too. They know how to poll for vulnerabilities and openings in your security by scanning ports and what you have open to the world. TAC keeps this from happening. By bundling transactions securely across port 443, (using SSL/TLS encryption,) your applications are locked away from the prying scans of hackers. Even if your application had vulnerabilities that hackers could exploit, TAC keeps this from happening because hackers cannot see your applications to identify which ones might be vulnerable to exploit.

URL Inspection

TAC inspects all the traffic that’s coming in before it makes its way to the application servers. TAC understands what the applications are expecting for traffic, and if an application violates that expected standard in some way, TAC will sever the connection before anything ever makes it to the protected application. On top of this, TAC will also validate the end user, their device, location, and much more before allowing connections to your valuable business resources. So, you’re protected in multiple ways.

Want to see our security inspection in action?

Application Protection

TAC provides sophisticated protection for each of the resources you protect.

Application Firewall

TAC understands what is proper for the application and only passes traffic that meets the proper standards. If the traffic is malformed or an attack, TAC detects and drops the traffic so it doesn’t reach your application server.

Secure native applications that aren’t traditionally secure

Many organizations have legacy applications. These applications may not even have username and password authentication. TAC can secure even these applications and provide full authentication, device validation and much more (as described in other sections) for these applications making it possible to publish these to users outside the confines of the local network.

Detailed security policy engine

TAC’s policy engine allows you to define very specific requirements for an application, such as requiring an active antivirus running on the client’s machine, or blocking mobile devices from access, or dozens of other attributes. The rules are highly granular and give you an amazing level of control over each and every resource you’re protecting.

Rules for each individual resource

The rules for access to each resource can be unique for every different resource, if you want them to be. Many times, this takes the form of limiting access under certain criteria. Say for example, a user with a jailbroken iPhone: You may want them to be able to access some information, like HR announcements or other non-crucial resources. Perhaps you want them to be able to access email, too, but without being able to upload or download attachments. But, you may not want them to access more important resources because of their uncertain security status. TAC allows you to do this on a resource-by-resource basis.

Align device and user intelligence to RDP experience

TAC has very sophisticated controls around the use of RDP. TAC can define each specific RDP session with individual security parameters which could vary by user. For example, an RDP session with an IT administrator may allow access to a full desktop, but you may restrict another user to only a single RDP application. Further, each session can have RDP security policies that define it such as restricting printing, downloading of files or many other security features.

Authentication

Another important aspect of security is authentication. However, the old ways of using username and password are simply not enough from a security perspective. It is far too easy to compromise a user’s credentials, whether that is through a brute force or dictionary attack, or through a phishing attack. While username/password is not the best way to secure access for your organization, when combined with other identification mechanisms, TAC can lock down the security of your environment while simultaneously making it easier for your end users.

Some of the ways in which TAC helps you to validate your end users are:

Authentication from many different sources

TAC doesn’t restrict you to one authentication repository. You can have multiple ways to validate an end user, and these methods can be combined together to make a much more certain way of distinguishing your users from would-be imposters. For example, you can combine Active Directory username and password with hardware device credentials, certificates, smartcards or even biometric authentication. And, it’s not limited to just these. You can combine many different factors of authentication, all without making it more difficult for your end users.

Multi-factor authentication

TAC has a built-in multifactor authentication. It is designed to be simple and easy to use. But, TAC will support a wide variety of different authentication factors such as RSA tokens, SMS tokens, Biometric devices, Smartcards and much more. You can even combine multiple different methods together, or vary which methods are used for which resources.

Add authentication/multi-factor to apps that don’t normally support it

TAC can add authentication or multi-factor authentication to applications that don’t support it themselves. Instead of having to rewrite that application, TAC can present the authentication/validation before the user is allowed to access the application, therefore implementing full user vetting before accessing even legacy applications. This also works well for cloud-based resources that do not natively support multi-factor authentication.

Variable authentication based on risk

Being able to vary the way you authenticate an end user based on the risk they present to your organization is important. For example, if a user is trying to access protected resources from an unknown/untrusted device, you may choose to present additional verification for that end user. You can even vary the resources available to that user based on their risk, and this all happens dynamically without the need for intervention by administrators.

Binding device to user credentials

TAC can provide much more stringent controls over end users in the form of device validation. The user’s credentials are bound to an end-user’s actual hardware device ID. The only way for the end user to access resources is to use an approved hardware device that has been bound to their account. This is a very effective tool for protection in phishing attacks, brute force attacks or other types of credential-based hacks. This is a strong multi-factor authentication method, and the end user doesn’t have to do anything extra to make this happen. TAC makes this transparent to the end user, but the increase in security for the organization is substantial.

Want to see our authentication features in action?

Explore the Functions of

Introducing Total Access Control (TAC)

Consolidated and intelligent security for today’s hybrid enterprise.

Total Access Control goes much further than simply verifying user authorizations. It is a proxy-based system that serves as a gatekeeper to the applications behind it.

Security tools must be high performance and simple to administer.

Total Access Control puts a premium on both.

Security is too complicated for end users.  It doesn’t have to be.

If your security relies on username and password alone, whether this is for local applications, email or cloud-based applications, you are a prime target for hackers.

Questions? Call Us!

We’re here to help. Give us a call and speak
with a security specialist who will answer
any questions you might have.

US +1 781 996 4900
UK +44 208 196 2420

Request a Demo

In 30 minutes, our system engineers will show you how PortSys Total Access Control can help you achieve compliance, protect your data, and increase efficiency, while enhancing the end user experience.

Free Security Assessment

Not sure whether your environment is protected? In 2 easy steps, we’ll help you find risk areas, audit access, and go through your access requirements.