Enterprise-grade platform designed
to secure your sensitive data

Safe-T’s Integrated Data Security Platform (IDSP) provides the foundation for Safe-T’s Software-Defined Access, providing it all the technology components required to create a true adaptive access solution. Enterprises can scale up according to business needs by adding key products and services that integrate seamlessly with the platform.

Safe-T’s underlying technology enables customers to benefit from an advanced security architecture, policies and workflows, strong data encryption, high availability, roles management, reporting and detailed audit trails.

Multi-Module Technology Platform

SecureStream™ Policy and Workflow Engine



Reverse Access

Authentication Gateway


Unified Protocol

SecureStreamtm Policy & Workflow Engine

Safe-T SecureStream policy and workflow enforcement engine enables enterprises to easily enforce security policies on any data exchange and data access workflow. Each workflow is fully controlled and monitored, providing complete auditing and tracking of “who, what, where, when and how” information. Administrators can create policies and workflows for secure data access and exchange that can be integrated intuitively into existing business workflows.

SecureStream enables system users to build multiple application tasks defined as a series of automated actions that can be triggered to occur based on specific events or behavior. System users can integrate virtually any task and application with any other task with minimal integration effort, regardless of the protocols and languages each one uses. For example, SecureStream allows brokering traffic to 3rd party security (DLP, AV, Anti-malware) and IAM products.

Combining Safe-T Connectors and Authentication Engine with Safe-T’s SecureStream allows for creating robust workflows, for example:

  • Automatically enforce security policies on outgoing/incoming data exchange flows.
  • Easily create multi-factor authentication and authorization workflows.
  • Receive an uploaded file from a user and store it in an SFTP folder.
  • Store a file received from a document management system in an NTFS location.
  • Pass an email attachment to a DLP to be scanned and then to an encryption solution to be encrypted.


Using Big Data and Machine Learning principles, Telepath Behavioral Analytics detects the presence of bots or authenticated malicious insiders. It provides you with highly actionable data to help you recognize and tamp down threats before they have the opportunity to cause harm.

It’s anomaly detection that is specifically designed to work with a software defined perimeter solution, providing the most comprehensive solution to evolving access challenges.

Safe-T Telepath gives cyber security teams:

  • Actionable intelligence regarding emerging threats
  • Comprehensive forensics capabilities
  • Insights into sophisticated attacks
  • The ability stop fraudulent activities by understanding normal behaviors


Secure NTFS File Share and Access with Internal and External Entities – SmarTransfer® allows for internal and external users to gain transparent access to secure storage. What appears as a standard mapped network drive is actually a secure, encrypted and access-controlled channel to interact with files — upload, download, copy, open, delete, etc. — while not relying on vulnerable protocols such as SMB.

All transactions are subject to Safe-T’s SecureStream policy and workflow engine, thereby ensuring secure and controlled access to any file type, content meeting governance and audit requirements.

The benefits of SmarTransfer® include:

  • An extension of the HTTP Protocol.
  • Supports file I/O operations on remote file servers with full file function capabilities, such as: Upload, download, copy, create, open, move, delete and NTFS complimentary permissions associated with users and groups.
  • Clientless capabilities minimize the complexity of managing desktop client installations and upgrades, and it is transparent to operating systems (Windows/Mac/Linux).
  • Support using HTTP URL only and authenticating using standard authentication methods: Kerberos/Negotiate/NTLM/Multi-factor/IDP/Header-Auth/AUTH2/Smart-Cards/etc.
  • Server-side capabilities maximize the security of overall user file transmissions.
  • Ensures secure and controlled access to any file types and content.
  • Acts as a secure file gateway between users and remote file servers while enabling third-party integration and enforced policies (AV/DLP/etc). This helps to prevent any unauthorized access or usage (such as changing file original format, encrypting files, Ransomware attacks, etc).
  • From the user’s perspective, it acts as any mapped drive, including sharing links to the mapped drive with other users.

Authentication Gateway

Safe-T IDSP supports a robust built-in multi-factor and multi-tier authentication and authorization (MFA) gateway. The gateway allows for performing user authentication and authorization enforcement actions through multiple authentication engines, as part of any data exchange or access workflow. The authentication engine supports the following built-in authentication mechanisms:

  • Anonymous login
  • Basic authentication
  • Microsoft Active Directory
  • LDAP
  • Open ID / SAML
  • Microsoft Radius server
  • Kerebos authentication server
  • NTLM
  • Header
  • Challenge-Response authentication based on information from external sources.
  • One Time Password (OTP)
  • Any users DB – SQL, MYSQL, Oracle, CSV/XLS files, etc.

It is also possible to connect to an external authentication and authorization system.

Reverse Access

Safe-T’s Reverse-Access is a dual server patented technology, which removes the need to open any ports within a firewall while allowing secure application access between networks (through the firewall).

  • External server – installed in the DMZ/external/non-secured segment.
  • Internal server – installed in the internal/secured segment.

Located in the organization’s DMZ (on-premise or cloud), the role of the external server is to act as a front-end to all services/applications published to the Internet. It operates without the need to open any ports within the internal firewall and ensures that only legitimate session data can pass through into the internal network. The external server performs TCP offloading, allowing it to support any TCP based application without the need to perform SSL decryption.

The role of the internal server it to pull the session data into the internal network from the external SDA node, and only if the session is legitimate, perform layer 7 proxy functionality (SSL offloading, URL rewrite, Deep Packet Inspection, etc) and pass it to the destination application server.

Benefits of our Reverse-Access technology include:

  • Access to applications/networks without opening an incoming hole in the firewall.
  • Support any TCP based application.
  • Bi-directional traffic is handled on outbound connections from the LAN to the outside world.
  • Client-less and VPN-less application access.
  • Logically segment networks.


Safe-T supports out-of-the-box Safe-T Connectors designed specifically for the enterprise. The connectors are divided into three types:

  • Business Applications
  • SharePoint/SharePoint Online
  • Oracle
  • MS Exchange
  • Documentum
  • IBM AS400
  • Outlook / Outlook 365
  • SMS providers
  • Data Storage
  • SQL
  • MySQL
  • NFS
  • NTFS
  • SSH
  • Cloud Storage
  • (, DropBox, etc)
  • Security/Authentication Solutions
  • IAM
  • IDP
  • DLP
  • Anti-Malware
  • Encryption
  • Sandbox
  • ActiveDirectory

By utilizing Safe-T’s connectors, Safe-T High-Risk Data Security solution offers the industry’s most integrated data security platform, allowing it to integrate with the entire enterprise ecosystem: Business applications, data storages, websites, security solutions, etc.
The Connectors module exposes a multi-language standard API (REST/SOAP/WS/etc), allowing system users to easily develop new connectors, modify existing ones and integrate with new enterprise solutions.

Unified Protocol

Safe-T IDSP supports native and SDK based support for all common enterprise file transfer and business applications’ protocols – HTTP/S, SSH, FTP/S, SFTP, ICAP, SMB, REST, etc. It’s unique architecture and design supports real-time application/protocol conversion within a single flow. For example: HTTP to SFTP or SQL to One Drive.

The Unified Protocol module exposes a standard API to the programmer and makes the data transfer process completely transparent, regardless of the protocol or application used, either as source or as destination. Furthermore, the API allows system users to easily integrate new RFC protocols or modifying existing ones.