Invisily Zero Trust Network Access

Invisily makes enterprise and cloud computing resources invisible to attackers, making them visible only when needed to only those who need them after strong multi-factor authentication. It ensures that all access, including access to corporate accounts in third-party SaaS applications, is from trusted devices complying with enterprise security policies. It enforces enterprise restrictions on outbound network access as well. It does this regardless of whether people are working from within the office or from outside. This makes attacks extremely hard, handily beats VPN and SSH for remote access and provides much stronger protections against data loss than traditional DLP.

What is Zero Trust Network Access

Gartner Market Guide for Zero Trust Network Access, April 29, 2019

“ZTNA, which is also known as a software-defined perimeter (SDP), creates an identity and context-based, logical-access boundary around an application or set of applications. The applications are hidden from discovery, and access is restricted via a trust broker to a set of named entities. The broker verifies the identity, context and policy adherence of the specified participants before allowing access. This … significantly reduces the surface area for attack.”

How Invisily Provides Secure Access to Your Network and Critical Assets?

Zero Trust Model

Invisily abstracts the network topology and builds a zero-trust network where all resources are invisible and access to resources must be explicitly granted. It essentially creates a ‘black cloud’ that is invisible to attackers and dramatically reduces the attack surface.

Disrupting the Kill Chain

Even if an endpoint gets compromised – due to social engineering, for instance – lateral movement is prevented by the invisibility of other nodes in the network thus disrupting the Kill Chain and preventing the spread.

Access Restricted to Trusted Devices

Invisily ensures that users only access network, cloud and SaaS resources from trusted and authenticated devices. This prevents internal and external threat actors from circumventing device based security controls.

Authenticate Before Connection

All entities requesting a network connection are authenticated before a TCP connection request is accepted from them. This along with invisibility to the outside world provides robust protection against DDoS attacks.

Simplified Network Security

By reducing or eliminating the visibility of the endpoints and servers on the network, the burden on traditional network security products such as firewalls, IDSs and IPSs gets significantly reduced. Compared to traditional NAC and VPN solutions the management of an Invisily based network environment is much simpler.

Seamless User Experience

Users need to think only in terms of the applications and services that they need to access and not care about network related details e.g. in multi-site or hybrid IT networks users need not be aware of where the applications of their interest are hosted.

Outbound Network Access Restrictions

Organizations may be required to offer controlled internet access to their employees to meet certain security requirements. Invisily provides controlled outbound access through policy based destination IP whitelisting feature customizable for individual users or group of users.

SaaS Application Access Restrictions

SaaS applications have proven value for enterprises in terms of lower cost, scalability, ease of use and accessibility. But in case of credential theft or an insider attack SaaS applications can become a source of intellectual property theft. Invisily integrates with SaaS applications to provide multi-factor authentication based access from authorized devices only, thus significantly reducing the attack surface.

Device Posture Check

User endpoints with weak security controls and missing security patches can be used by hackers to attack the enterprise network or applications. To prevent such scenarios, Invisily checks device posture and helps you control access to applications by restricting access when the device does not meet the specified security requirements.

“Legacy, perimeter-based security models are ineffective against attacks. Security and risk pros must make security ubiquitous throughout the ecosystem.”

Forrester

How Invisily Zero Trust Network Access Works?

1

Invisily Client

The client verifies user and device identity and performs device health checks before access is granted. Forms mutual TLS based encrypted tunnels with Invisily Gateways to allow access to applications and resources hosted in enterprise data centers and cloud environments

2

Invisily Controller

Establishes trust with Invisily Client through user and device authentication before granting entitlement to applications and resources. Brokers connection between user client and the gateways through configuration of gateways in real-time.

3

Invisily Gateway

One or more gateways act as termination points for mutual TLS tunnels from the Invisily Clients and grants access to requested applications and resources after authenticating user and devices

Use Cases

VPN Replacement

Traditional VPNs are complex to manage, insecure and costly to provide remote access to internal resources. Invisily eliminates the need for VPNs and provides secure, identity-centric and segmented access to enterprise applications and resources in the data center and cloud.

Secure Access to Enterprise Application in Cloud

Increasingly, businesses are moving applications to the cloud to benefit from its simplicity, scalability and lower cost, this exposes the applications to the threats posed by open internet. Invisily ensures that cloud based applications are accessed only by authorized users from an authorized device with essential security controls in place. Direct access to applications is not possible as they are hidden from the internet.

Micro-segmentation in the Enterprise Network

Creates a virtualized perimeter encompassing the user, the device and the application making everything else invisible to the user. This prevents lateral movement on the server and cloud infrastructure and stops sophisticated attacks in their tracks.

Digital Asset Protection

Leakage of intellectual property – including source code and documents containing company secrets – can cause major financial loss and loss of competitive advantage. Invisily provides protection of such assets, going far beyond the protection offered by traditional DLP solutions. It counters both internal as well as external threats.

Secure 3rd Party Access to Enterprise Applications

Enterprises are increasingly allowing third parties – including suppliers and contractors – to access internal applications thus exposing themselves to network based attacks. Invisily enables this set of users to securely access the enterprise applications without increasing the network attack surface.

Multi-factor Authentication and SSO

Additional layer of security through built-in Multi Factor Authentication (MFA) Also supports integration with third party MFA solutions. Supports Single Sign-On by integrating with Microsoft Active Directory, Azure AD and OpenLDAP Server.