A Segment of One for Secure, Granular and Efficient Network Access Control
The growth of enterprise collaboration, consumption of information on personal devices and mobile distributed workers has resulted in the collapse of the traditional perimeter. Today, users require access to business applications, data and services whether on-premises or in the cloud, at work or on the road. And in today’s globally connected business environment, those users could be employees, partners or customers whose broad entitlements represent a significant security risk.
In the new world of pervasive internal and external threats, distributed organizations and global ecosystems, the perimeter is more porous and less relevant than ever. The old models simply aren’t working. We need to move from perimeter-centric, VLAN and IP-focused security to a model that focuses on securing the entire path from user to application, device to service – on a one-to-one basis.
AppGate provides a new security model for today’s perimeterless IT landscape
AppGate enables organizations to adopt a Software-Defined Perimeter approach for granular security control. AppGate makes the application/server infrastructure effectively “invisible.” It then provides users with access to authorized resources only, verifying user context and attributes — including device posture and identity — before granting access to an application. Once the user logs out, the secure tunnel disappears. Additionally, when a user’s context changes – such as moving from a corporate to a public network, additional security requirements (such as multi-factor authentication) can be enforced, or access can be denied. All controlled by a simple policy.
With AppGate, the full security posture — including device, location, time, group, configuration and more — are used by the policy engine to dynamically define access to applications. AppGate does not depend on a traditional network perimeter model or require specific hardware, therefore it can be used across cloud and hybrid environments by leveraging software-defined virtualization techniques including its patent-pending architecture that combines scalability with high-availability.
Now enterprises can achieve dynamic, user-centric network security, while obtaining the reliability and performance needed to support their resources in the cloud or on-premises. With AppGate, organizations can uniquely obtain fine-grained, user-centric access control, while simplifying security, compliance, and operational complexity.
Greater Flexibility, Higher Network Security
AppGate is an integrated security gateway that provides application and service-specific authentication and authorization which controls network access inside and from outside the perimeter. A context-aware architecture enables access to be granted based on user-specific variables, including location, device and role. Drawing on this user context, AppGate dynamically creates a secure, encrypted networksegment of one that’s tailored for each user session. Network access rules aren’t written once and saved forever, but are created and enforced in real-time. This simplifies the user access problem and eliminates over-entitled network access.
Protection from Every Angle
Today’s business environments require that organizations evolve beyond traditional perimeter-based security. AppGate ensures that all resources – whether on-premises, private or public cloud – remain invisible until authorized. AppGate reduces cost, complexity and effort for configuring third-party, privileged user access and cloud infrastructure management. And AppGate provides exhaustive forensic evidence of access to systems and documents. With seamless integrations with SIEM systems, AppGate simplifies compliance audit and reporting.
Out of Sight, Out of Reach
Traditional perimeter security models check credentials at the door and then provide access to an entire network segment. Users may not be authorized to access certain services, but the services are still present on the network, and a visible lock is a vulnerable lock. AppGate’s service-specific connections abstract applications and resources from the underlying physical infrastructure, which means that unauthorized services are simply not visible on the network at all. Can’t be seen, can’t be compromised.
From VLANs and IPs to Users and Apps
AppGate expands the traditional network security model beyond IP addresses and VLANs, allowing you to manage access at the most relevant and critical level – from user to app to service, on a one-to-one basis. This provides a secure, encrypted, point-to-point tunnel to protect network resources and dynamically provision access from any device in any location.
Integrated and Complete
Replaces multiple, non-integrated products (NAC, VLAN, Next Gen Firewall and VPN) with a single solution providing centralized policy management, enforcement and reporting for compliance.
Simplified Security, Reduced Complexity
Reduces cost, complexity and effort for configuring third-party access, privileged user access and cloud infrastructure management. Combines strong authentication, authorization, encryption and access control in one system, replacing many traditional point products. AppGate automatically detects new server instances in the cloud, and immediately adjusts user access rights without burdening IT.
Dynamic, Context-Aware, and Fine-Grained
Draws on user context to dynamically create a secure, encrypted network segment of one that’s tailored for each user session, eliminating over-entitled network access. Access policies precisely control which resources each user can access – including server and port – based on user and server attributes.
Reduce Attack Surfaces
Provides defense-in-depth against internal and external threats through a real-time, centrally managed access gateway, encrypted service-specific tunnels and multi-factor authentication.
Extensible and Distributed
Extend access control into any location, both on-premises and in the cloud and provide flexibility, scalability and versatility in how people access work assets from any location, at any time.
Easy to Use, Easy to Implement
Reduces the burden of administrative and management overhead by providing a simple, easy to manage solution that supports the dynamic nature of the global, mobile workforce. Users can access resources from any device – desktop, laptop, or mobile – easily and transparently.
Integrated with Identity Management
Users can be authenticated against multiple identity management systems, including on-premises, cloud-based SAML, or third-party systems. This enforces strong authentication, and enables organizations to connect network security to their identity management life cycles.
Multi-Tenant Environment Support
Designed for multi-tenant environments. With AppGate it’s simple to create independent groups of users and resources with delegated administration. Centralized service provider organizations can confidently enable their internal or external customers with admin access, while ensuring isolation of different customer environments.
Built for the Cloud
Cloud resources – whether in private or public clouds – can easily be protected. AppGate has a flexible, distributed deployment model to suit any architecture, automatically detects server instance creation, and uses server attributes to determine user access.