cryptzone appgate technical architecture
TRANSCRIPT
![Page 1: Cryptzone AppGate Technical Architecture](https://reader035.vdocument.in/reader035/viewer/2022062412/58ceb6381a28abb2218b5cdd/html5/thumbnails/1.jpg)
AppGate Technical Architecture
![Page 2: Cryptzone AppGate Technical Architecture](https://reader035.vdocument.in/reader035/viewer/2022062412/58ceb6381a28abb2218b5cdd/html5/thumbnails/2.jpg)
Individualized perimeter for each user
What Does AppGate Look Like?
2
![Page 3: Cryptzone AppGate Technical Architecture](https://reader035.vdocument.in/reader035/viewer/2022062412/58ceb6381a28abb2218b5cdd/html5/thumbnails/3.jpg)
Fine-grained authorization for on-premises and cloud
What Does AppGate Look Like?
3
![Page 4: Cryptzone AppGate Technical Architecture](https://reader035.vdocument.in/reader035/viewer/2022062412/58ceb6381a28abb2218b5cdd/html5/thumbnails/4.jpg)
Dynamically adjusts to new cloud server instances
What Does AppGate Look Like?
4
![Page 5: Cryptzone AppGate Technical Architecture](https://reader035.vdocument.in/reader035/viewer/2022062412/58ceb6381a28abb2218b5cdd/html5/thumbnails/5.jpg)
Consistent access policies across heterogeneous environments
What Does AppGate Look Like?
![Page 6: Cryptzone AppGate Technical Architecture](https://reader035.vdocument.in/reader035/viewer/2022062412/58ceb6381a28abb2218b5cdd/html5/thumbnails/6.jpg)
Contextual awareness drives access and authentication
What Does AppGate Look Like?
6
![Page 7: Cryptzone AppGate Technical Architecture](https://reader035.vdocument.in/reader035/viewer/2022062412/58ceb6381a28abb2218b5cdd/html5/thumbnails/7.jpg)
AppGate Architecture
ControllerAuthentication and
token-issuing service
Distributed Architecture
with 3 FunctionsGateway
Distributed, dynamic access control
LogServerProvides secure logging services
7
VirtualNetworkAdapter
Secure, Encrypted Tunnel
![Page 8: Cryptzone AppGate Technical Architecture](https://reader035.vdocument.in/reader035/viewer/2022062412/58ceb6381a28abb2218b5cdd/html5/thumbnails/8.jpg)
AppGate Policy Model
8
Filter Entitlement
ConditionAttributes
![Page 9: Cryptzone AppGate Technical Architecture](https://reader035.vdocument.in/reader035/viewer/2022062412/58ceb6381a28abb2218b5cdd/html5/thumbnails/9.jpg)
A Policy-Centric Approach• Controller applies filters to
decide which policies apply upon authentication
• All the permitted entitlements are applied to the user
• Resulting entitlements and conditions are embedded in a token
Site 2
Site 1
Site 3
Database Database
Controller
LogServer
SalesSystem
RDP AccessWeb Staging
SSH
9
FinanceApp
DatabaseFinanceApp
![Page 10: Cryptzone AppGate Technical Architecture](https://reader035.vdocument.in/reader035/viewer/2022062412/58ceb6381a28abb2218b5cdd/html5/thumbnails/10.jpg)
Entitlements
Definition of the protected resource
10
![Page 11: Cryptzone AppGate Technical Architecture](https://reader035.vdocument.in/reader035/viewer/2022062412/58ceb6381a28abb2218b5cdd/html5/thumbnails/11.jpg)
Filters
Determine which users are allowed access
11
![Page 12: Cryptzone AppGate Technical Architecture](https://reader035.vdocument.in/reader035/viewer/2022062412/58ceb6381a28abb2218b5cdd/html5/thumbnails/12.jpg)
Conditions
Determine howand when users can access resources
12
![Page 13: Cryptzone AppGate Technical Architecture](https://reader035.vdocument.in/reader035/viewer/2022062412/58ceb6381a28abb2218b5cdd/html5/thumbnails/13.jpg)
Attributes
User, device and context information
13
![Page 14: Cryptzone AppGate Technical Architecture](https://reader035.vdocument.in/reader035/viewer/2022062412/58ceb6381a28abb2218b5cdd/html5/thumbnails/14.jpg)
AppGate
14
DEVICE TIME
CUSTOMATTRIBUTES ANTI-VIRUS
LOCATIONAPPLICATIONPERMISSIONS
Looks at both context and identity to grant access1
![Page 15: Cryptzone AppGate Technical Architecture](https://reader035.vdocument.in/reader035/viewer/2022062412/58ceb6381a28abb2218b5cdd/html5/thumbnails/15.jpg)
AppGate
15
DEVICE TIME
CUSTOMATTRIBUTES ANTI-VIRUS
LOCATIONAPPLICATIONPERMISSIONS
Managed NetworksCloud, On-premises or Hybrid
SharePoint Secured Email
CRM Group File Share
Executive Files
Enterprise Finance
\\EXEC_SER
VER
Looks at both context and identity to grant access1
Creates dynamic ‘Segment of One’ (1:1 firewall rule)2
ENCRYPTED & LOGGED ERP
![Page 16: Cryptzone AppGate Technical Architecture](https://reader035.vdocument.in/reader035/viewer/2022062412/58ceb6381a28abb2218b5cdd/html5/thumbnails/16.jpg)
AppGate
16
DEVICE TIME
CUSTOMATTRIBUTES ANTI-VIRUS
LOCATIONAPPLICATIONPERMISSIONS
Managed NetworksCloud, On-premises or Hybrid
Looks at both context and identity to grant access1
Creates dynamic ‘Segment of One’ (1:1 firewall rule)2
Makes everything else invisible3
ENCRYPTED & LOGGED ERP
![Page 17: Cryptzone AppGate Technical Architecture](https://reader035.vdocument.in/reader035/viewer/2022062412/58ceb6381a28abb2218b5cdd/html5/thumbnails/17.jpg)
AppGate
17
DEVICE TIME
CUSTOMATTRIBUTES ANTI-VIRUS
LOCATIONAPPLICATIONPERMISSIONS
Managed NetworksCloud, On-premises or Hybrid
Looks at both context and identity to grant access1
Creates dynamic ‘Segment of One’ (1:1 firewall rule)2
Makes everything else invisible3
Adjusts automatically to changes in posture and infrastructure4
ENCRYPTED & LOGGED ERP
![Page 18: Cryptzone AppGate Technical Architecture](https://reader035.vdocument.in/reader035/viewer/2022062412/58ceb6381a28abb2218b5cdd/html5/thumbnails/18.jpg)
AppGate Benefits
18
Creates an identity before connecting to anything on the network
Removes attacks including zero day, DDOS and lateral movement
The Cloud Fabric can now be extended all the way to the user and device
Leverages legacy applications by extending the SDP Architecture
No longer need traditional network defense equipment (Firewall, VLAN, VPN, etc.)
• Identity-centric security • Policies on user and cloud instances
Identity-Centric Network Security