Access Methods
TAC bridges the gap between security and access to all your resources, local and cloud, through comprehensive authentication and inspection that seamlessly ensures an optimal end user experience.
Security is crucial to organizations. You want to provide access to business resources, but you must be able to do so securely. Failure securing access to your organization can result in financial loss, financial penalties, litigation and significant reputation damage.
At the same time, you have mounting pressure to provide nearly ubiquitous access to information from anywhere on any device.
These two forces have always been opposed: Security versus access. You don’t have to fight these battles any longer. It is possible to enable mobility and provide higher levels of security with Total Access Control.
Security is crucial to organizations. You want to provide access to business resources, but you must be able to do so securely. Failure securing access to your organization can result in financial loss, financial penalties, litigation and significant reputation damage.
At the same time, you have mounting pressure to provide nearly ubiquitous access to information from anywhere on any device.
These two forces have always been opposed: Security versus access.
HOW TAC BRIDGES THE GAP BETWEEN SECURITY and ACCESS WITH ZERO TRUST ACCESS CONTROL
REVERSE PROXY
With TAC’s reverse Proxy gateway, every connection is inspected before a user is connected to your corporate resources – whether those resources exist in your local data center or in the cloud.
Not only that, but TAC’s Zero Trust Access Control let’s you determine what criteria users must meet before getting access – and not just what third-party vendors may require.
No direct connection to resources – users must pass inspection through TAC first
Validates every connection before allowing access – including robust endpoint inspection, credentials verification, device validation and more
Each connection to each resource must pass the security policies you have set before access is granted
You set the security policies for access to each of your applications. This allows for variable access or partial access to resources. No more “all or nothing” security policies
TAC's dynamic gateway intelligently reacts to each request for access and makes determinations based on that particular user and their access criteria – their device, device status, location, credentials and more
TAC allows you to customize your authentication policies based on the risk criteria you set – for example, prompting for extra authentication for certain more sensitive applications, or only allowing managed corporate devices to access certain resources
UNDERSTANDING WHAT’S HAPPENING ON AN END USER’S DEVICE IS CRUCIAL TO MAINTAINING YOUR DEFENSE POSTURE ACROSS YOUR INFRASTRUCTURE.
ENDPOINT AWARENESS
Zero Trust Access Control isn’t just about your end users’ credentials – it’s about their full context of access. To fully grasp the end users’ complete context of access, it’s important to understand what’s happening on their endpoints. TAC provides robust endpoint inspection of critical factors that include:
- Operating System
- Patch Level
- Hardware Device
- Anti-Virus (current)
- Anti-Spyware
- Specific Installed Software
- Registry Key Entries
- Certificates
- Domain-Joined Status
- Hidden Files
- Network Location
- Device Specifications (such as screen size, etc.)
THOROUGHLY INSPECT ALL TRAFFIC FOR POTENTIAL ISSUES AND TO BLOCK THREATS
SECURITY INSPECTION
MANAGE YOUR SECURITY INSPECTION ON MULTIPLE LEVELS TO IDENTIFY AND BLOCK TYPICAL THREATS,
YET STILL DELIVER A HIGH LEVEL OF SECURE ACCESS TO YOUR APPLICATIONS – BOTH LOCAL AND CLOUD.
Phishing Protection
Phishing attacks are rampant and relentless. Lost credentials are a huge risk for any organization. Protect your end users so even if they lose or give their credentials to a hacker, the hacker will still not get past TAC. Total Access Control can use multiple factors of authentication – such as binding a specific device to a user’s account – to restrict access to only those people you know and trust, and not the hackers.
Brute Force Protection
Understanding when someone is trying to break down the door or compromise your organization is important…but so is the need for you to keep the lights on and the business moving. Many applications or cloud services will lock out a user’s account if there are too many invalid attempts to log in. While this can slow down hackers, it also stops your employees cold. TAC provides brute force protection, but also allows your users to get on with their day without interruption – giving you both security and an uninterrupted experience for your legitimate end users.
Port Scanning Protection
Hackers are well aware that applications often transact their data across certain specific ports. They know how to scan your ports for vulnerabilities and openings across your defense posture to see what is left open on the internet. By bundling transactions securely across port 443 using SSL/TLS encryption, TAC enables you to lock away your applications from the prying scans of hackers. Even if your application has vulnerabilities hackers might exploit, TAC prevents this – because hackers cannot see your applications to identify which ones are vulnerable enough to exploit in an attack.
GeoIP Intelligence
It is critical to know where an access request originates from before you authorize access to your resources. TAC’s GeoIP Intelligence lets you block or allow access from specific geographies – even for specific resources in specific regions. For example, you can allow access to email from anywhere, but block access to financial applications from outside of your home country.
Denial of Service Protection
Hackers often aim to flood your organization and keep it from operating normally through Distributed Denial of Service (DDOS) attacks. TAC identifies those attacks to block the offending nodes, so you can keep your organization humming for your employees, partners and suppliers.
URL Inspection
TAC inspects all the traffic that’s coming in before it makes its way to the application servers. TAC understands what the applications are expecting for traffic, and if an application violates that expected standard in some way, TAC will sever the connection before anything ever makes it to the protected application. TAC will also validate the end user, their device and location before allowing connections to your valuable business resources. So, you’re protected in multiple ways.
SOPHISTICATED ZERO TRUST ACCESS CONTROL FOR ALL YOUR RESOURCES – LOCAL AND CLOUD
APPLICATION PROTECTION
ENSURE OPTIMAL PERFORMANCE WITH TAC'S ZERO TRUST ACCESS CONTROL
Application Firewall
TAC understands what is proper for the application and only passes traffic that meets the proper standards. If the traffic is malformed or an attack, TAC detects and drops the traffic so it doesn’t reach your application server. TAC allows you to do this on a resource-by-resource basis.
SECURE NATIVE APPLICATIONS THAT AREN’T TRADITIONALLY SECURE
Many organizations have legacy applications. These applications may not even have username and password authentication. TAC can secure even these applications and provide full authentication, device validation and much more (as described in other sections) for these applications, making it possible to publish these to users outside the confines of the local network.
Detailed security policy engine
TAC’s policy engine allows you to define very specific requirements for an application, such as requiring an active antivirus running on the client’s machine, or blocking mobile devices from access, or dozens of other attributes. The rules are highly granular and give you an amazing level of control over each and every resource you’re protecting.
RULES FOR EACH INDIVIDUAL RESOURCE
The rules for access to each individual resource can be uniquely set, if you need them to be. This is often done to limit access under certain criteria – for instance, for a user with a jailbroken iPhone. You may want that user to be able to access some information, such as HR announcements or other non-crucial resources.
ALIGN DEVICE AND USER INTELLIGENCE TO RDP EXPERIENCE
TAC has very sophisticated controls around the use of RDP. You can define each specific RDP session with individual security parameters, which could vary by user. For example, an RDP with an IT administrator may allow access to a full desktop, but you may restrict another user to only a single RDP application.
TAC’S ZERO TRUST ACCESS ENSURES OPTIMAL PERFORMANCE IN A NUMBER OF WAYS, NAMELY:
Real-time device inspection reveals the device to be an unmanaged/BYOD device.
Submits results to the TAC policy engine for limited access rules.
Real-time device inspection reveals the device to be an unmanaged/BYOD device.
Submits results to the TAC policy engine for limited access rules.
TAC can authenticate via SAML to hundreds of different cloud applications
TAC also securely provides access to any cloud application.
Real-time device inspection reveals the device to be a managed and trusted device
Submits results to the TAC policy engine for privileged access.
TAC provides secure access to enterprise applications that you manage in your own datacenter
TAC can authenticate to any enterprise application via forms-based.
TAC provides secure access to enterprise applications that you manage in your own datacenter
TAC can authenticate to any enterprise application via forms-based.
Authentication is an important aspect of your security
Authentication
The old ways of using username and password for security simply don’t cut it in today’s perimeterless world. It is far too easy to compromise those credentials through social engineering attacks such as brute force, phishing, pretexting, baiting, quid pro quo or tailgating.
However, when those credentials are combined with multiple other factors of authentication by TAC, you can lock down your security using the principals of Zero Trust Access Control – all while simultaneously making life easier for your end users, wherever they are working from.
Another important aspect of security is authentication. However, the old ways of using username and password are simply not enough from a zero trust perspective. It is far too easy to compromise a user’s credentials, whether that is through a brute force or dictionary attack, or through a phishing attack. While username/password is not the best way to secure access for your organization, when combined with other identification mechanisms, TAC uses zero trust access to lock down the security of your environment while simultaneously making it easier for your end users.
These two forces have always been opposed: Security versus access.
based on risk
Authentication from many different sources
TAC doesn’t restrict you to one authentication repository. You can have multiple ways to validate an end user, and these methods can be combined together to make a much more certain way of distinguishing your users from would-be imposters. For example, you can combine Active Directory username and password with hardware device credentials, certificates, smartcards or even biometric authentication.
Multi-factor authentication
Multi-factor authentication is built right into TAC, designed to be simple and easy to use. However, TAC also supports a wide variety of different authentication factors – including RSA tokens, SMS tokens, biometric devices, smartcards and much more. You can even combine multiple different methods together, or vary which methods are used for which resources. Regardless of which authentication approach you decide on, the user experience is seamless – they don’t have to do anything extra to make this happen.
based on risk
Variable authentication based on risk
Being able to vary the way you authenticate an end user based on the risk they present to your organization is important. For example, if a user is trying to access protected resources from an unknown/untrusted device, you may choose to present additional verification for that end user. You can even vary the resources available to that user based on their risk, and this all happens dynamically without the need for intervention by administrators.
ADD AUTHENTICATION TO APPS THAT DON’T NORMALLY SUPPORT IT
TAC can add authentication or multi-factor authentication to applications that don’t support it themselves. Instead of having to rewrite that application, TAC can present the authentication/validation before the user is allowed to access the application, therefore implementing full user vetting before accessing even legacy applications. This also works well for cloud-based resources that do not natively support multi-factor authentication.
Binding device to user credentials
TAC can provide much more stringent controls over end users in the form of device validation. The user’s credentials are bound to an end-user’s actual hardware device ID. The only way for the end user to access resources is to use an approved hardware device that has been bound to their account. This is a very effective tool for protection in phishing attacks, brute force attacks or other types of credential-based hacks.
You may be interested in these materials
Benefits
Performance
Experience
Security
Access Management