Operating in a zero trust world: Introducing Instart Zero Trust Access
We are pleased to announce our new offering, Instart Zero Trust Access, giving the enterprise an easier, yet more secure, solution for providing employees and other workers with access to their applications. We have uniquely integrated a cloud-based software-defined perimeter (SDP), a comprehensive suite of web application and API protection (WAAP) services, and endpoint data protection that empower customers to deploy a complete zero trust solution.
Why zero trust?
The way enterprises perform business is ever evolving. Users and their devices, as well as applications and data, are no longer behind trusted perimeters. These perimeters are complex, increase risk, and are no longer compatible with today’s business models. In the past, enterprises have given users and their managed devices complete network access after verifying the identity of the user and the configuration of their device. This can no longer be the case as advanced threats have moved inside the corporate perimeter and corporate perimeters have dissolved with the public cloud.
Requirements of a zero trust access solution
It is generally recognized that there are three requirements to deliver a zero trust access solution:
Enable access to applications in hybrid cloud without exposing the application and network to the world. This is typically accomplished with inside-out connections to a cloud-based SDP platform, making the application invisible from discovery and reducing the surface area for attacks.
Provide an SDP with access and application security services. In the world of zero trust, the SDP cloud-based platform must be as close as possible to global end-users and applications. The solution needs to perform authentication and authorization with a trusted identity broker while optimizing the delivery of the application traffic to the user. And given that zero trust access leverages the public internet, the solution must protect the application from threats such as DDOS, application vulnerabilities, and automated bots.
Provide data protection on an untrusted endpoint. In today’s world, no endpoint can be trusted. Traditional solutions that require up-to-date agents and error-prone vulnerability detection always end up compromising the integrity of the endpoint. We believe a zero trust access solution needs to be simple and client-less and while still providing complete data protection.
The Instart Zero Trust Access solution
Capabilities of the Instart solution
The components of the Instart Zero Trust Access solution are very easy to understand and consume as shown in the following block functional block diagram and component descriptions:
Instart Zero Trust Cloud Extender – This component connects the hybrid cloud hosting the application to Instart’s cloud-based SDP – the Instart web application and API protection (WAAP) Platform. The Instart Zero Trust Cloud Extender is a virtual machine hosting a connector service that initiates inside-out connections to the Instart WAAP Platform. The Instart Zero Trust Cloud Extender routes requests to the application and is managed by the Instart Operations team.
Instart web application and API protection (WAAP) platform – This component is a global cloud-based platform that provides bot management, web skimming protection, DDoS mitigation, WAF, API protection, and a CDN, as well as core services such as IDP authentication and authorization, and application access control services. Every point-of-presence at the edge of our SDP platform provides middle mile and last mile optimizations, giving end users the best possible experience regardless of their location. The Instart WAAP platform routes user requests to the Instart Zero Trust Cloud Extender attached to the customer’s application and is managed by the Instart Operations team.
Instart Zero Trust Client – Our client is a JavaScript technology that is seamlessly and dynamically injected into the browser to protect the end-user’s application session from malware on the endpoint. There is no need to install, maintain, and upgrade a client on BYOD or enterprise devices. Our Instart Zero Trust Client is transparent to the end-user and eliminates the support workload that is typically associated with a client install.
Together these three components address the limitations of legacy VPN solutions, which are not designed for zero trust, with the following capabilities:
- Provides a cloud-based SDP with web application
and API protection as well as data protection on the user’s device - Leverages Instart’s threat intelligence services
that keep customer applications safe from attacks - Removes enterprise networks, applications,
services, and data from being visible from the internet, thereby significantly
reducing the surface area of possible attacks - Enables access to specific applications only
after an assessment of the user’s identity, device health, and security context
has been established - Enables secure access that is independent of the
user’s location or device - Grants access only to a specific application and
not the underlying network - Provides end-to-end TLS 1.3 encryption of the
user’s session - Monitors the session for indications of unusual
activity, duration, or bandwidth requirements - Provides a consistent user experience for
accessing applications, regardless of network location - Can easily be deployed in conjunction with other
existing solutions to quickly realize the benefits of zero trust access in
vital use cases
Getting started with Instart Zero Trust Access
The following use cases are excellent ways to begin the journey with Instart Zero Trust Access:
- Exposing applications and services to contractors and partners
- Extending access to an acquired organization during M&A
- Providing access to users on personal devices, including mobile employees
Summary
Instart is announcing its Zero Trust Access solution, giving customers an easier, yet more secure solution for providing end-users access to applications. We are confident that enterprises will see the following value from our solution:
Better user experience
Instart Zero Trust Access simplifies the user experience for
application access and eliminates the distinction of between being on and off
the corporate network as well as the distinction of SaaS and enterprise-managed
applications.
The Instart Zero Trust Client is injected into the user’s browser and protects the session from malware on the endpoint. Unlike competitors, there is no need to install and manage thick clients on the enterprise-managed devices.
More secure
The Instart Zero Trust Access solution is more secure than legacy VPN solutions. Applications are hidden from discovery. This removes the application from public visibility and significantly reduces the surface area for attacks.
Instart offers a suite of security services delivered from cloud, on-premises, and browser control points as part of the Instart WAAP Platform, which includes bot management, web skimming protection, DDoS mitigation, WAF, API protection, and a CDN, as well as core services such as intelligence, IDP authentication and authorization, and application access control services.
Easier to operate
The Instart Zero Trust Access solution can easily be
deployed and operated by the enterprise. Unlike competitors, there are no VPN appliances
to purchase, maintain, and refresh. There are no VPN clients to install that amplify
management and support costs. And most importantly, the Instart Zero Trust
Access solution is delivered as-a-service to the enterprise.
*** This is a Security Bloggers Network syndicated blog from Instart blog RSS authored by Mark Vondemkamp. Read the original post at: https://www.instart.com/blog/operating-in-a-zero-trust-world
