User logs into dedicated authentication portal published by the Authentication Gateway.
The user enters the credentials into the portal
The Access Controller retrieves the credentials from the Authentication Gateway over a reverse-access connection, and then authenticates the user using – 3rd party IAM/IDP solutions, POST based login, Microsoft Active Directory, SAML, OTP, etc.
Once the user is authenticated, the Access Controller instructs the Authentication Gateway which applications to display to the user, and instructs the Access Gateway to provide (reverse) access to the specific user to allowed applications
The user selects the application which should be accessed
The user is redirected to the application’s published IP address
The user accesses the newly published service
Once the user disconnects from the service, the Access Controller instructs the Access Gateway to block access to the specific user to the specific application
Safe-T Software Defined Perimeter
The Safe-T Software Defined Perimeter solution provides the ultimate cyber threat protection for published services, supporting protocols such as HTTP/S, RDH5, WebDAV, etc. Organizations can now provide a complete remote access suite for remote users and partners for internal services, including Web, RDP, NTFS, Email, and more. All without requiring the user to install any client software and without the need for VPN, while the entire time the services are completely hidden from the world.
SOFTWARE DEFINED PERIMETER CAPABILITIES
- Firewall is constantly in a deny-all state, no open port (inbound or outbound) is required for access.
- Supports a variety of applications – HTTP/S, SMTP, SFTP, SSH, APIs, RDH5, WebDAV.
- Bi-directional traffic is handled on outbound connections from the LAN to the outside world.
- Defines new reverse-access rules on-demand.
- Allow client-less access to data, services, networks and APIs.
- Robust partner authentication options.
- Remove the need for VPN.
- Perform SSL decryption in a secure zone.
- Scan any incoming traffic using the organization’s security solutions.
- Hide DMZ components which can be hacked and utilized to access the network.
- Provide only direct application/service access, thereby blocking network access.