Secure Application Access

SECURE APPLICATION ACCESS

Adaptive Application Access for the Digital Enterprise

SAMPLE SCENARIOS

Customer/Partner/Employee
access to application.

Mobile Access
to internal application.

Applications
Application-to-application access.

As the world becomes much more digital and global, organizations are opening their network and internal applications to the outside world (e.g. employees, customers, business partners, 3rd party vendors, mobile and IoT) much more than in the past.

But while the amount of external parties is ever growing and evolving, the common methods of providing external parties access have stayed the same – S/FTP access, VPN and SSL VPN access, reverse-proxy access, RDP, etc. And they all have one common flaw: They provide access before they authenticate. Essentially, this exposes your services to both trusted and untrusted entities.

Benefits

  • Authenticates before providing access.
  • Hides services from unauthorized users.
  • Reduces attack surface by closing incoming firewall ports.
  • Client-less application access.
  • Minimizes risk of network DDoS and application level attacks.
  • Controls user access and usage.
  • End-to-end monitoring of application access flow.

CHALLENGES OF TODAY’S TECHNOLOGIES

S / FTP

File servers are simple to deploy and use by either internal or external users, and are usually placed in the DMZ (on-premises or in the cloud) for easy access. However, this methodology is inviting hackers to easily attack such a service, using it as a jump point to the network via the open firewall port or to steal its SSL keys and certificates.

VPN / SSL VPN

VPNs offer high security by utilizing certificates or other authentication mechanisms. However, they pose various challenges when used by external parties: They are complicated to manage owing to certificates distribution to partners, they store SSL certificates in the DMZ, they open ports in the firewall and they provide network access.

Reverse Proxy Access

Reverse-proxies are the simplest means of allowing external parties to access internal applications. They are simple to deploy and they offer a wide range of security options. However, they pose quite serious security concerns: Hackers can easily “see” and attack them using various SSL/SSH based attacks or OS based vulnerabilities, they store SSL keys in the DMZ (on-premises or in the cloud) unprotected, they require opening ports in the firewall, and more.

RDP (Remote Desktop)

Remote desktop access is used to allow remote/external access to a specific machine within the network. This access can be granted to organization employees or 3rd party partners. However, in most cases, the basic requirement is the use of a VPN connection over which the RDP protocol will flow. This results in the VPN deployment challenges discussed above.

Safe-T’s Secure Application Access

Safe-T Software Defined Access is evolutionary in the way organizations grant secure external access to their services. Built on Safe-T’s Software Defined Perimeter technology and Integrated Data Security Platform, it offers true secure and transparent access for all entities to internal applications and data.

Software Defined Access CAPABILITIES
for Secure Application Access

  • Firewall is constantly in a deny-all state, no open ports are required for access.
  • Bi-directional traffic is handled on outbound connections from the LAN to the outside world.
  • Supports a variety of applications – HTTP/S, SMTP, SFTP, SSH, APIs, RDH5 and WebDAV.
  • Allows client-less access to applications and data.
  • Robust multi-factor authentication options.
  • Removes the need for VPN access.
  • Performs SSL decryption in a secure zone.
  • Scans any incoming traffic for attacks.
  • Hides DMZ components which can be hacked and utilized to access the network.
  • Provides only direct application/service access, blocking network access.

Keep Your Sensitive Data in

THE RIGHT HANDS

ON-PREMISE, MOBILE AND IN THE CLOUD