Current Filter: Network>>>>>Review>

   

AppGate XDP has been designed to address the resulting gap, using policy-based access. Firewalls can run thousands of rules but AppGate XDP only runs rules ad hoc: if a user is not logged in, there are no policies. Equally, the dynamic generation of user centred rules is seamless and unobtrusive, creating an encrypted, highly granular, user framework - a Segment of One. If a device is compromised, the attacker can only access that user’s permitted resources and will be unable to interact with the network at large.

A small client is loaded onto each endpoint which, once authenticated, runs as a background service. Policies are automatically created as the device connects and the relevant tokens are returned. Mouse hovering over the client displays authenticated Gateway connections.

Next, the Dashboard, to create our first Policy and User account. It provides a very simple view around Operations and Configurations. With quick access to functionality, the biggest challenge is to decide how you want to manage access. Setting up Administrators is based on highly specific privileges, ensuring separation of duties and a reduced attack surface.

AppGate XDP uses the Controller to set Policy, the Gateway - a defined network resource such as a server deployed at AWS - to enforce Policy and control user access, and the Log Server to record everything. Filters can be linked to policies, allowing you to create a list of highly specific user Entitlements. Conditions once defined are applied to Entitlements in real time, built around whom the user is, the device they use, the time, the day, their location etc.

Multiple Gateways, which are stateless, can be configured - DNS resolver, tunnelling, tagging for multi-tenant environments - to enhance resilience. There is no inter-Gateway traffic.

Systems applying rule-based authentication at logon are vulnerable because user conditions change over time. AppGate XDP dynamically monitors this. Should, for example, it notice an unknown device or vulnerable connection it will act, based on Policy, in real time.

There is of course the need to configure some network parameters, including the creation of one or more Appliances. It's all straightforward when armed with the details.

AppGate XDP can exchange AD/LDAP parameters and the Log Data can be passed to a SIEM solution for broader analysis. There is more third-party integration planned.

AppGate XDP handles both IPv4 and IPv6 addressing and uses Google Authenticator to deliver OTP authentication, if required. Using Actions, we established meaningful ways to deal with Policy denied access requests - for example a link to a service owner requesting access, without raising a ticket.

Valuable data is gathered by the Log Server and using the integrated Kibana Visualisation tool it was quick and easy to analyse it. Its usefulness goes way beyond security.

Network management gets a boost because if it is necessary to take a Gateway down, that Token is revoked and users are seamlessly transferred to another. Known combinations of user, machine etc. can be Blacklisted for further safeguarding.

AppGate XDP is extremely scalable, really powerful, and realistically simple to configure and use. It can clearly evolve and adapt policy-based protection over time. Following initial configuration, it to some degree self-configures, operating with the user at the centre in a distributed context, and in real-time. Its potential application is extensive and impressive. Deployment will benefit from a change of mindset to fully unpack its potential and return the Firewall to what it does best. NC

Product: AppGate XDP
Supplier: Cryptzone
Web site: www.cryptzone.com
Email: info@cryptzone.com
Telephone: +44 208 899 6189 or +1 888 272 2484