Subscribe
  • Home
  • /
  • Security
  • /
  • Network access control vs Appgate: software defined perimeter

Network access control vs Appgate: software defined perimeter

How to reduce the attack surface area with an individualised network 'segment of one'.


Johannesburg, 20 Oct 2016

Enterprises and employees have become more application- and service-centered to support day-to-day business demands. Dispersed, global teams conducting business from anywhere, anytime result in increased workforce mobility, distributed systems, and widely networked, on-demand computing environments. This adds layers of complexity to enterprise networks and puts critical data at risk. At the same time, enterprise IT and security teams are expected to deliver more applications, faster, and ensure availability from anywhere, 24/7 while maintaining a high security profile and meeting compliance and audit requirements.

Traditional security and remote access tools like VPNs, next generation firewalls and network access control (NAC) solutions provide all-or-nothing access control, typically offering carte-blanche access to all authenticated users.

"These tools don't address the potential for insider threats, stolen credentials, or successful phishing," says Sean Glansbeek Director at Private Protocol.

Organisations often attempt to address these issues by applying multiple security tools, but the end result is a patchwork of silos, each one only solving a minor part of the broader challenge, imposing administrative overheads and requiring extensive manual activities.

The result is that organisations are no more secure than before. Adding more tools and systems doesn't automatically improve security; in fact they often add complexity which can actually reduce security.

What if there were another way?

What if IT teams could provide unified, granular access control to applications, services and infrastructure, regardless of location, whether on-premises or in the cloud? What if you could apply the same level of access control scrutiny to devices brought into the environment by third-parties, contractors, or even your own employees? What if you could make the network 'invisible', cloaking the full network and only granting visibility and access to the applications and services that users need to do their job?

"In today's world, it only makes sense to have the user as our reference point," says Glansbeek.

Appgate's Software-Defined Perimeter (SDP) architecture should be considered as an alternative to traditional NAC technologies. AppGate greatly simplifies access, with its 'segment of one' session-based technology that combines secure access with pinpoint access control of both users and network resources. Unlike NACs, AppGate controls individual user access to specific network servers and services - through a simple set of policies - without requiring broad network changes.

AppGate combines strong authentication, authorisation, encryption and access control in one system, replacing many of the point products traditionally used. And AppGate can make access decisions based on a rich context - including user context, system context, and environmental context, such as whether a service desk system has a ticket open for a specific server.

AppGate is a distributed, dynamic and scalable platform for fine-grained network access control. It draws on user context to dynamically create a network 'Segment of One' that's tailored for each user session and hides all network resources - servers, services, and applications - except those that the user is authorised to see. By making the rest of the network invisible, enterprises can simplify their security infrastructure, while granting access with confidence. AppGate provides real-time, user centric access, enforces the principle of least privilege, and easily controls access while maintaining a strong security stance.

With AppGate, organisations can finally apply the principle of least privilege to the network, ensuring that users' access rights are consistently enforced at both the application and the network level. This improves security by reducing the attack surface area, while increasing business agility and reducing administrative and management effort compared with NAC solutions.

"Cryptzone's AppGate enables business agility and flexibility to adapt to the dynamic demands of the workforce, customers and the business to be competitive on a global scale" concludes Glansbeek.

Share

Cryptzone

Cryptzone secures the enterprise with dynamic, context-aware security solutions that protect critical services, applications and content from internal and external threats. For over a decade, enterprises have turned to Cryptzone to galvanize their cloud and network security with responsive protection and access intelligence. More than 450 public sector and enterprise customers, including some of the leading names in technology, manufacturing and consumer products, trust Cryptzone to keep their data and applications secure.

Private Protocol

Private Protocol is a data security provider offering solutions and strategies that cover mobile device and information security, secure data collaboration, SharePoint/O365 security and compliance, data classification, file share security and compliance, Web content compliance, data leakage prevention, endpoint security and cloud security. Private Protocol also offer data risk assessments so companies can understand where their data resides, where their data is going, who is using it and what devices are connecting to the network. Private Protocol covers Africa and Indian Ocean Islands and also has a distributed partner channel.

Web site - www.privateprotocol.com

Editorial contacts