Zero Trust versus UNIVERSAL Zero Trust
Invisinet’s Transport Access Control (TAC) is a foundational approach to Zero Trust and enables and enforces identity-based access control at the network layer. We believe that IT assets should be invisible and non-discoverable to entities not explicitly authorized to connect to them. Likewise, trusted entities should be able to easily establish network connections to appropriate IT assets regardless of geographical location. This is exactly how we enable identity-based access control for any device on any network.
ACCESS
CLOAK
NETWORK
REPORTING
TAC IDENTITY
MICRO-SEGMENTATION
USING IDENTITY
FIRST PACKET
AUTHENTICATION™
SUPPORT
Internet Transmission is Built on 50 Year Old TCP Protocol
TCP FUNDAMENTAL VULNERABILITY
“IT’S DESIGNED TO ANSWER ALL CALLS”
Fifty years ago, TCP was designed to establish a connection between a client and a server. Servers actively listen and acknowledge all requests. This is a very reliable protocol that all clients have installed and that runs the internet. Hackers have figured out that by requesting a connection, they can discover the existence of a host and have used that to target systems. Organizations spend significant resources to try and stop the attacks, but in reality, they are trying to close the barn door after the animals have escaped. On the other hand, we keep the doors shut, make the determination if you’re allowed in, and do that on the very first request from the client. We call that identity-based first packet authentication which controls access to the network independent of client location. That’s what makes Invisinet unique in the market.
TCP BUILT IN 1973 WAS DESIGNED TO ANSWER INCOMING REQUESTS
First Packet Authentication uses identity and applies
security policy prior to session establishment
Invisinet First Packet Authentication inserts a cryptographically generated single-use identity token on each side of a TCP/IP session without impacting TCP compatibility. When TAC receives the connection request, it extracts and authenticates the identity token (First Packet Authentication) and applies a security policy — forward, redirect, or discard — for the connection request based on the TAC identity.
This new model of identity-based protection operates at the earliest possible time to block unauthorized or unidentified traffic on your network.
Cloak Your Network
They Can’t Attack What They Can’t See
Invisinet TAC provides a new level of cyber defense by cloaking critical services, enterprise and hybrid cloud assets. TAC easily enables micro segmentation to isolate and protect critical assets. Management and control networks are the foundation upon which business systems are built. They need to be further protected from cyber-attacks and insider threats, including privileged account and third-party risks. TAC isolates and protects IT management networks, control planes and management systems from unauthorized users and devices. This additional layer of protection lowers risks of IT or Operation Technology (OT) management systems being attacked and provides identity attribution information for each network session.
Real Time Reporting
Standardized log reporting enables integration with market leading SIEM platforms
TAC records the disposition of all session requests and stores in standard syslog format. Log records are generated for each policy action, providing real-time information on unidentified and unauthorized access to event management systems for early detection of insider or third-party incidents and for compliance reporting.
