Introduction

Introducing

Consolidated and intelligent security
for today's hybrid enterprise.

What is consolidated and intelligent security?
Let's start by describing what isn't.

Over time a typical enterprise accumulates multiple security products and services as access needs evolve, each designed to address a different function.  For example, mobile device management (MDM) is popular and widely used, as are remote tunneling technologies such as SSL and IP VPN platforms.  Network and Application firewalls are everywhere and made by dozens of vendors, as are Two-Factor Authentication products and Network Policy (NAP) systems.  Single-Sign on products are also essential, but you need two if you wish to support both the enterprise and the cloud.   

The product list continues to grow while application and access needs grow as additional technologies are continually added to help control access. 

The problem?

The products mentioned above don't talk to each other,
and are independently managed.

The solution?

Consolidate access intelligently with

TAC consolidates multiple technologies that are typically found in individual products developed and supported by different vendors.   By building these technologies into one unified product, the result is a more comprehensive, integrated, and fortified architecture.   It’s not only a more logical approach to security, it’s just better.

Portal Access

• Your applications in a customizable web portal

• Dynamic portal shows only accessible resources

• Consistent experience regardless of device/location

MDM - Mobile Device Management

• Full validation and control

• Jailbreak/root detection

• Selective/partial wipe for BYOD

Internal Application Access Control

• Publish your internally hosted applications securely

• Control Authentication and Access permissions

• Mask URLs native  to the application

Centralized Management

• “Single pane of glass“ management of all functions

• Real-time monitoring of all activity

• No interruption of service for configuration changes

Cloud Application Access Control

• Control who gets access to cloud apps

• Use your own authentication/multifactor

• Delivered seamlessly alongside your internal apps

Comprehensive Reporting and Auditing

• Detailed reporting of all access to all resources

• Ability to drill down to any session, any activity

• Graphical reports simplify data analysis

Multi-factor Authentication

• Includes revolutionary picture-based multifactor

• Supports any third-party multi-factor products

• Can be by application, user, or portal specific

Firewall and VPN

• Integrated IPSec-style tunnel

• User experience feels clientless

• Can be automatically launched based on client needs

Single Sign-On

• Simplify all access for end-users

• SSO for all local and cloud-based apps

• Improves productivity, lowers support costs

Device Validation

• Determine full status of any device

• Block access at hardware level

• Vary/block access based on device status/version

GeoIP Intelligence

• Allow/block access based on location

• Security behavior based on geography of access

• Report based on geography of access/attempts

Application Acceleration

• Improve application performance

• Reduce network load

• Improve response times

Differential Security Policy Engine

• Highly intelligent, granular security engine

• Allows for very flexible, dynamic rules

• More robust security options

Scalable with High Availability

• Global geo-aware architecture support

• High availability local or across the globe

• Up to 64 array members

Untrusted Device Protection

• Control sessions from untrusted devices

• Limit functions on unknown or untrusted devices

• Block file access, copy, print/print-screen

Socket Forwarding

• Publish thick-client applications

• Dynamically launched from within the portal

• Support for RDP, VDI, VMware and many more

TAC is a single security solution that delivers

SIMPLE, STRONGER, UNIFIED SECURITY.

One product to manage even the largest organization’s mobility and access needs, no matter the scale.

TACpolicy

The TAC Policy engine dictates who gets access to what and under what conditions.

Real-time device inspection reveals the device to be an unmanaged/BYOD device.

Submits results to the TAC policy engine for limited access rules.

cloud

TAC can authenticate via SAML to hundreds of different cloud applications.

TAC also securely provides access to any cloud application.

devices

Real-time device inspection reveals the device to be a managed and trusted device.

Submits results to the TAC policy engine for privileged access.

datacenter

TAC provides secure access to enterprise applications that you manage in your own datacenter.

TAC can authenticate to any enterprise application via forms-based or 401 request.

Your users want easy access.

You need access to be secure.

Users today have many ways to access information, from laptops and tablets to desktops and smartphones. And they have access from just about anywhere. It’s challenging to ensure that each connection is truly secure, taking into account the context in which the connection is happening.

Compounding the issue – the resources employees need to access can be anywhere, local or the cloud. 

TAC provides centralized application access from any device, to any application.

The user experience:

Users log in to TAC using a single URL, no matter what application they may need. Once authenticated, they can then see a list of all the applications they are authorized to use within an intelligent portal.

Accessing each application is as simple as clicking on it; TAC takes care of the logon behind the scenes – but with improved security. 

TAC is a reverse proxy that eliminates direct connections to resources,
regardless of location.

One Set of Credentials
Local or Cloud.

Any Device - Corporate and BYOD

Context Aware Access Control

Single Sign-On with Multi-Factor Authentication

Consistent User Experience

Optimized Application Delivery (Local and Cloud)

Protection from Untrusted Devices

Centralized Administration & Auditing

Scalable, Enterprise-Proven Reliability

Context of Access is central to Total Access Control

To fully understand the power of TAC you need to understand context of access.  Deciding on whether to grant an application access request involves far more than correctly identifying users and confirming their authorization level. It also means considering factors such as the device the user is employing, exact location, time of day, type of network connection and more. 

As these attributes change, so can the decision on whether to allow or deny access, or perhaps allow only partial access. If a user is connected using a laptop on the secure, internal network but then moves to a public Wi-Fi connection, that’s a completely different context of access – and one that TAC enables you to deal with on the fly.  

A user accessing information is not just a person and their credentials, but also their location, device type and status of the device (among other factors). This provides context around this particular access request. Using this information TAC creates a significantly greater control over providing or blocking access to each specific resource.

Consider any combination of factors for how access is provided to a user based on their context of access. TAC allows you to detect and manage almost any scenario imaginable. For example:

Linda
Marketing
Profile
Works from her home. Shares her computer with her family.

Applications
• Exchange
• Sharepoint
• Peoplesoft
• Office36S
• Salesforce.com

Devices Used
Android Phone, iPad, Windows 8, Corporate Laptop

Kevin
IT Administrator
Profile
Manages IT, Hardware and Software
Infrastructure.

Applications
• RDP/Term Svc
• Sharepoint
• Citrix
• Oracle
• Office365
• Lync

Devices Used
Android Phone, iPhone, Android Tablet, Windows 7

William
Customer Service
Profile
Works with customers over phone and email.

Applications
• Exchange
• Office365
• Salesforce.com
• In House Order Entry Software

Devices Used
Android Phone, iPhone, Android Tablet, Windows 7

Kori
Customer
Profile
Accesses her customer account to review and pay her bill.

Applications
• Web-Based Customer Portal

Devices Used
Connects with shared home Windows7 PC

Total Access Control Detection and Compliance Engine

Context & Compliance Inspection

Dozens of attributes are scanned, including:

  • User group/department Membership
  • Type of Internet Connection
  • Detect Corporate-issued machines and threat level of non-corporate devices
  • Mobile Device Detection -Type and Jailbreak/Root Status
  • Operating System – Version & Patch level
  • Anti-Virus and Anti-Spyware detection. Definitions up-to-date and running.
  • Applications or network locations should the user have access to
  • Domain or Workgroup
  • IP address
  • Geographic origin of the user

User Experience

A wide variety of enforcement measures including:

  • Allow/Disallow access to specific applications.
  • Allow/Disallow access to all applications
  • Allow/Disallow ability to “put” files on the network. Example: attachments in email or add documents in Sharepoint.
  • Allow/Disallow ability to “get” files from the network.
  • Display applications available only to specific supported device types.
  • Enforce the requirement of Anti-Virus and/or
    Anti-Spyware applications
  • Enforce the requirement of specific approved operating systems and patch levels.
  • Dynamically deliver Secure Sterile Desktop when required

Example of TAC Endpoint Detection and Policy Enforcement in Action

A user inside the company firewall using a managed desktop is a very different threat level than if that same user attempts to connect externally (same credentials) using their home PC.

TAC gives you the ability to dynamically change what people get access to by using more information about the user, their location, their device, and more.

The end result is a more secure environment without making it harder for the end users.

Nathan
Sales Rep

Home PC

Corporate Device

Credentials

Location

Credentials

Location

Exchange

Citrix

RDP

Oracle

File Sharing

SharePoint

Office 365

SalesForce

Exchange

Citrix

RDP

Oracle

File Sharing

SharePoint

Office 365

SalesForce

Total Access Control gathers intelligence about all aspects of the user and client device used, leveraging Context of Access to determine the level of access:

Employee vs. Corporate Managed Device

Device Type

Device Jailbreak/Root Status

Network Connection Type

Current Antivirus, Spyware

Geographic Location

Operating System & Patch Level

Domain Join Status

Applications Installed on Client Device

Installed Certificates / Registry key(s)

Explore the elements of

These two forces have always been opposed: Security versus access.

You don’t have to fight these battles any longer.

Total Access Control goes much further than simply verifying user authorizations. It is a proxy-based system that serves as a gatekeeper to the applications behind it.

Security tools must be high performance and simple to administer.

Total Access Control puts a premium on both.

Security is too complicated for end users.  It doesn’t have to be.

If your security relies on username and password alone, whether this is for local applications, email or cloud-based applications, you are a prime target for hackers.

Questions? Call Us!

We’re here to help. Give us a call and speak
with a security specialist who will answer
any questions you might have.

US +1 781 996 4900
UK +44 208 196 2420

Request a Demo

In 30 minutes, our system engineers will show you how PortSys Total Access Control can help you achieve compliance, protect your data, and increase efficiency, while enhancing the end user experience.

Free Security Assessment

Not sure whether your environment is protected? In 2 easy steps, we’ll help you find risk areas, audit access, and go through your access requirements.