Product showcase: Enclave – using zero trust network access to simplify your networks – Help Net Security

A huge number of Internet-accessible systems are protected by the principle of connect, then authenticate. This includes VPNs, web applications, databases, Windows Servers with RDP endpoints exposed, and more.

Having a “private” system which is publicly-accessible means that connecting parties must connect before they can authenticate, an approach which means your private system is one phishing email, brute-force attempt or zero-day vulnerability away from being breached.

Enclave is a new way to protect private systems. It reverses the connect-then-authenticate paradigm to cloak private systems so they are invisible to the public Internet, with entirely closed ingress firewalls, and discoverable only by other systems which have first authenticated and met the specific trust requirements for access. To anyone else, your private systems simply don’t exist.

Zero trust, zero fuss

Let’s face it, zero trust is complicated, even to get started on the journey.

One of the goals of Enclave is to let you quickly create private connectivity without needing to expose anything on the public Internet, where the rules of who can talk to what, when, and for how long are defined entirely by policies based on business rules.

We believe Administrators shouldn’t have to understand access control lists or network security groups on the firewalls (no open ports, they can stay closed), and no more managing IP addresses, proxies, routers, switches, NAT or secret keys.

For example, Administrators can define an Enclave policy similar to “devs can access the test environment”, and Enclave takes care of the rest, regardless of what physical network the developer is on, and whether the test environment is on-prem, in the cloud, or an IoT device.

Enclave groups systems using “tags”; e.g. “devs”, “test-environment”, “server”, “payroll”, and so on; you can use whatever tags you like that best represent your business or security categories.

Tags are then combined into Policies to define access and connectivity. Enclave is default-deny, so Administrators can effortlessly craft precision access across the organisation regardless of what network each system is on, without needing to install appliances or proxy servers or opening firewall ports to the Internet.

Enclave zero trust

Organisations are more than their perimeter

Applying perimeter-based solutions like VPN and Software Defined Perimeter (SDP) only addresses part of an organisation’s complexity; specifically remote access, the north-south traffic pattern. Once remote access traffic has arrived at the perimeter, the internal network can still be a complex web of tooling and configuration that tries to segment and route network traffic to its intended destination, which often then tends to cross to the east-west traffic pattern inside the organisation, and can often be several more firewall and VPN hops away from the original entry point.

Enclave zero trust

With Enclave, stop thinking about network perimeters, or this office network and that cloud environment. By defining a Zero Trust Overlay Network using Enclave, segmented however you wish, the distinction between north-south and east-west traffic patterns, location and bearer all become completely irrelevant, transforming the network from a blocker to an agile and dynamic enabler.

Enclave zero trust

With Enclave, you define what connectivity you want, rather than how that connectivity happens. We take care of the rest.

Direct, encrypted, universal connectivity

Solutions like VPNs and SDP inevitably route your traffic eventually through some form of concentrator, so you end up being limited by the capacity of that component, both in terms of available bandwidth, and how many users it can handle at any given moment.

Enclave creates fully audited peer-to-peer and end-to-end encrypted tunnels (to which we never hold the private keys, so we have no access to the data) and so is able to always utilise the best network route and all available network capacity between two points, without any bottlenecks.

Enclave is deployed as agent-based software on user devices or servers, and adds a new network adapter to transparently create the Enclave Zero Trust Overlay Network. To applications and software on the device, Enclave is simply another network which can route web, RDP, SSH, database, SMB, and any other protocol that runs on top of IP, forming an entirely private network with universal protocol support.

Enclave zero trust

Example use case 1 – Secure access for developers to development environments

Developers often need access to development environments hosted in the office, the company cloud environment, or a testing lab. Getting developers appropriate (and secure) access can be complicated, and slow down development while they wait.

With Enclave, install the Enclave Agent on the developer’s machine, and on any systems they need access to (without any other network changes); whether that’s a MSSQL database server running on Windows, a pod in a Kubernetes cluster running on EKS, or an IoT Raspberry Pi plugged into a sensor in the office.

Tag each system appropriately, then define the policy in Enclave that your users need, e.g. `developers` can access `test-db`, and that’s it, they can get on with their work.

When the developer access is no longer needed, or they shouldn’t have that access anymore, just disable the policy and the access is instantly terminated.

Example use case 2 – Multi-cloud connectivity

If you have to interoperate between systems sitting in both AWS and Azure (for example), at the moment you probably have to navigate the myriad of (expensive) ways to set up private connectivity between VPCs in different clouds.

Why bother? If you stop worrying about the boundaries between clouds, and treat everything as a single Enclave Network, you don’t need any other glue to securely and privately connect multi-cloud or multi-region resources together.

Simply install the Enclave Agent on your systems in AWS and Azure, define the policies in the Enclave Portal (or via our Terraform provider) and those systems will feel like they’re sitting in the same VPC.

[embedded content]

Source of this news:

Related posts:

30 thoughts on “How To Get Discord to Work at Your School or College” - Alphr
When you are at a school, college, or governmental institution, chances are that your access to certain websites is limited. This is especially true for social platforms or content sharing websites t...
Rapid7 : For Microsoft Exchange Server Vulnerabilities, Patching Remains Patchy -
If you've been keeping tabs on the state of vulnerabilities, you've probably noticed that Microsoft Exchange has been in the news more than usual lately. Back in March 2021, Microsoft acknowledged ...
How CTOs Can Ensure Security, Stability Amid Media Localization Boom - Slator
After the pandemic accelerated the migration of workflows, companies, and everything to the cloud, Chief Technology Officers at many organizations had to grapple with new, pressing concerns. Not the ...
1 / 4 of UK Parents Apply Content Filters from High speed ISPs - ISPreview. corp. uk
A new Ofcom report has found that 61% of parents are aware of the existing network-level internet filtering (Parental Control) tools provided by big U broadband ISPs, yet singular 27% have a...
Meet WINTR, the all-in-one web scraping API -
by Teodor Nechita Software Managing Editor Eager to help those in need, Teodor writes articles daily on subjects regarding Windows, Xbox, and all things tech-related. When not working, y...
VPNs vs. Proxies: What's the Difference? - PCMag
While VPNs are sucking up all the oxygen in the privacy conversation, there is a similar technology that hasn't gotten the same attention: the humble proxy. We asked experts from two leading VPN comp...
How to fix Windows Update error 0x80242016 - TWCN Tech News
Here is a guide to fix Windows Update error 0x80242016. Windows Update errors are not new as users keep running into one or another update error every now and then. One such error is the error code 0...
Headline Scan for Aug 23, 2021 | CIDRAP - CIDRAP
Breakthrough COVID-19 may be less infectious Being fully vaccinated against COVID-19 significantly lowered the probability of virus attack culture positivity in advancement cases versus cases f...
April Week 1 - iProgrammer
This weekly digest is an extended version of the newsletter emailed to subscribers every Wednesday. As well as listing the week's news items, it also includes the week's Book Review, additions to Boo...
Should you have a proxy server to perfom at online casino? - KnowTechie
Although gambling is established in almost all countries just about, and millions of people, if not more, enjoy it, it is still reckoned to be illegal in many countries and affirms. It is considere...
A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries - The Hacker News
A previously undocumented threat actor has been identified as behind a string of attacks targeting fuel, energy, and aviation production industries in Russia, the U.S., India, Nepal, Taiwan, and Japa...
Everything you need to know about data extraction - Flux Magazine
words Alexa Wang Data is being generated more than ever. The main reasons for that are the development of digital technologies and the internet, and it’s an excellent opportunity for businesses worl...
How to work with user classes on Windows 2021 Tips - Bollyinside - BollyInside
This tutorial is about the How to work with user classes on Windows. We will try our best so that you understand this guide. I hope you like this blog How to work with user classes on Windows. If you...
Indien Tuweni 2 Adds JSON-RPC Support - iProgrammer
Apache Tuweni has been updated to fassung 2 . 0, with breakthroughs including JSON-RPC clients while servers, and a new filtration systems that application with a simple pants pocket. Apache Tuwen...
Fix OneDrive stuck on Processing Changes - TWCN Tech News
OneDrive is a cloud service from Microsoft. You can use OneDrive to store your files on cloud storage and save the disk space on your system. Besides storing the files, you can also share your files ...
Active Cozy Bear C2 servers identified. A benefits app looks like spyware. Manifesto phishbait. HTML...
Attacks, Threats, and VulnerabilitiesRussian Hackers Continue With Attacks Despite Biden Warning (BloombergQuint) Russian Hackers Continue With Attacks Despite Biden WarningDozens of active Cozy Bear...
Protect Your Internet Privacy With These Top VPN Deals - Futurism
A virtual private network (VPN) helps protect your privacy by routing all your internet traffic through an encrypted connection to a remote server. However, each VPN has its own tools and features to...
Cloudflare: Life on the Bleeding Beginning - InvestorPlace
Owning Cloudflare (NYSE: NET ) stock is life on your bleeding edge of method, security and fast ingredients delivery. It’s exciting. It is actually wildly profitable, but other also an ar...

IP Rotating Proxy Onsale


First month free with coupon code FREE30