Enterprise Edge Security

In the System Monitoring Room Senior Supervisor Controls Work of the Operator. They're Surrounded by Monitors Showing Relevant Technical Data.

Edge-Secirity – The Identity Management & Access Management are handled at the edges of your network or within your network so the sensitive data never goes over the Internet

Who should consider Edge Security

  •  2000+ Employees 
  • 100+ Clients – Access Points
  • 5+ locations 
  • 50+ Access Control Policies 
  • Group based policies
  • Layered Network – Secured to DMZ
  • Require two or more MFAs
  • Require direct access to raw database
  • Require direct access to raw database
  • Require custom reports
  • Keep security data within network
  • Want to run your own scripts
  • Require location based policies
  • Require real-time access control 
  • Network latency tolerance

If you meet many of the above criteria then you can consider edge security based solution

Edge Security Architecture

  • Layered or Flat Network
  • Flat Network – Secured by firewalls at edges
  • Layered Network – Innermost layer is most secured and the outermost layer is least. Each layer is secured from its outer layer
  • We support both architectures
  • Preferred architecture is layered network 
  • Our security servers with database reside in the innermost secured network.
  •  Known Access security servers with Internet access & without database reside in the outermost layer (DMZ).
  • No direct communication between the innermost network and the Internet.
  • Secure communication within innermost network
  •  No sensitive data is passed from the innermost to the outermost network
  • Inter-layer communication is protected by TLS security
  • In Flat Networks, all the security servers are kept within the network protected by firewalls. 
  • Firewalls are configured so the Internet traffic can go to only one type of Known Access security servers
  •  All the Internet traffic accessing our servers has strong transport layer security
Website development team sketching wireframe layout design for responsive web content, two UI/UX front end designers in office

Known Access Edge Security Product-Line

An Network servers in data room .

Centralized Security Administration Controller (CSAC)

  • Security management
  • Network Parameter management
  • Access point management
  • MFA management
  • User administration
  • Group management
  • User profile management
  • Access control management
  • Lifecycle management
  • Audits & Reports
  • Redundancy provided

Remote Access Controller (RAC) 

  • Authentication
  • MFA handling
  • Multi-protocol handling
  • Access Control
  • Profile handling
  • Mobile App handling
  • SMS token processing
  • Log and Audit generation
  • Notification management

Key Distribution Controller (KDC).

  • Distribution of sensitive data
  • Prioritization of traffic
  • High priority traffic routed quickly
  • Application level router
  • Separates time-sensitive traffic for quick distribution
  • Architecturally it sits in the innermost layer
  • No direct or indirect Internet communication
  • Routing tables are updated as new resources are introduced
  • Redundancy is provided
  • Auto switch-over in case of failure

Gateway Access Controller (GAC).

  • Internet access through enterprise firewall
  • Communication over TLS protocol
  • Handles NacPass Mobile App communication
  • Handles SMS based communication
  • Handles Email based communication
  • No security database on GACs
  • Redundancy provided
  • Traffic distribution over multiple GACs
  • Block unwanted callers

Identity & Access Management (IAM) & Supported Processes & Products

Facial Recognition System concept.

Strong Authentication

  • Multi-Factor Authentication
  • TouchI D & Face ID 
  • Pre-Authorization
  • Token-Less
  • Mobile App
  • Desktop Soft Token
  • SMS OTP
  • Push Token Technology

Security management

  • User 
  • MFAs
  • User Groups
  • Access Router (RAS/NAS) groups
  • Network Resources
  • Administrators & Capabilities
  • User Profiles
  • Lifecycle Management

Access Management

  • Time of Access
  • Allowed Access Points
  • Type of MFA allowed
  • Access to select protocols
  • Access to select servers
  • Access to Vendor specific routers
  • IP Address specific access
  • Real-Time permission builder

NacPass Mobile App

    • Registration
    • Token Request
    • Token Push
    • Pre-Authorization (Token-Less)
    • Touch ID & Face ID
    • AES256 Encryption
    • TLS Based Communication
    • Hashed security data

YubiKey-5

  • OTP Protocol
  • YubiKey Programming
  • Configuration Loading
  • Auto Assignment
  • MFA Backup

RSA SecurID

  • Configuration Loading
  • User Assignment
  • Multiple Tokens per User
  • Lifecycle management
  • 6-Digit Tokens

SMS OTP Tokens

  • Token Request
  • Token Push
  • Previous request
  • Information
  • Tokens valid during session only

NacID Desktop Authenticator

  • Windows Based 
  • 7-Digit Tokens
  • NacID Registration
  • Valid on only one Desktop
  • Temper Resistant

Threat Prevention

  • Real-Time Access Analysis
  • Authentication Analysis
  • Suspicious users flagged
  • Each authentication attempt audited
  • Detailed logging for debugging
  • Auto user suspension
  • Administrator controlled suspensions
  • Invalid SMS traffic blocked
  • Invalid NacPass traffic blocked at source
  • NacPass guesswork attempt flagged
  • Invalid use of YubiKey rejected
  • Authentication from invalid clients rejected & audited
  • Excessive invalid attempts flagged
  •  High frequency authentication attempts blocked
  • Redundant security databases to prevent localized threat
  • User notification for all access attempts
  • Any un-authorized access notified
  • Joint threat prevention supported
  • Many reporting capabilities to analyse and prevent threats
In the System Control Room Chief Engineer Thinks While Standing Before Big Screen with Interactive Map on it. Data Center is Full of Monitors Showing Graphics.

Layered Security

  • Provision to support two MFAs per user
  • Use one MFA and get access notification on the other MFA
  • Use two MFAs to authenticate
  •  Notifications supported over NacPass & SMS
  • Security can be provided in layers
  • If one layer of security is breached then other layers will keep the network secure
  • Authorize using Mobile App and authenticate using any other MFA
  • Our data over TLS links are strongly encrypted although TLS provides end-to-end communication security
  • Few years ago SSL protocol was replaced with TLS. Don’t know when TLS will be replaced with something stronger protocol
  • We highly recommend layered networks and layered security to protect your network for long haul.

Feature Rich Product-Line & Services

  • Robust access security
  • Support of small, medium, and large networks.
  • Provide robust Identity & Access Management
  • Integrated one-time password generation technology
  • Auditing & Logging
  • Real-Time Profile management
  • Support small networks (~50 Users) to large networks (1M+ Users)
  • High Availability
  • Fault Tolerant
  • Strong Identity Management
  • Strong Access Control
  • Call Auditing & Logging
  • Real-Time Profile Management
  • IP Pool Management
  • Extensive Protocol Support
  • Support of Layered network architecture
  • Support of multi-vendor RAS & NAS