Uncompromised secure access
Replace your VPN with the highest level of Zero Trust Security while still using cheap retail mobile data to save costs.
Many call centres dealing with private and sensitive information like ID numbers and banking details. Yesterday’s security strategy is not relevant today, especially with the rise of a WFH workforce, relying heavily on public mobile data and legacy VPNs in an effort to secure data. The VPN simply wasn’t built for the security, scalability, or visibility needs that a WFH workforce requires.
The only answer: Zero Trust Network Access
In 2019, Gartner first published its Market Guide for Zero Trust Network Access (ZTNA). It outlined the core components for a technology seen by many as the natural successor to VPN. Similar to SDP, ZTNA operates on a ‘deny by default’ basis, keeping unwanted users or bad actors from accessing sensitive enterprise resources. NetMotion is the only solution to provide ZTNA as part of its platform alongside a VPN, offering the 98% of organisations with a mix of on-prem and cloud applications with the optimum choice for adopting ZTNA while also retaining a VPN that’s there when they need it.
Workers use an increasing variety of devices and networks, operating outside the traditional perimeter more than ever before. NetMotion prevents these workers from accessing resources until it is proven that such requests are risk-free, conducting real-time analysis of the device, location, destination, network and more to determine approval.
Protect Your Users
NetMotion SDP analyses every single request by remote workers, using dynamic, contextual data about each device to authorise access to enterprise resources. Unwanted and risky connections are blocked, keeping users safe from online threats and risky content – and crucially, outside of enterprise resources they are not approved to access.
Organisations have been slowly migrating to the cloud, yet almost all still retain a blend of on-premise, cloud and SaaS applications. NetMotion allows security teams to make these resources go dark no matter where they are hosted, only becoming available to approved users in the moment that they are needed – and to no one else.
Protect Your Resources
Your company data and applications remain protected, whether they are hosted in the cloud, as a service or on-premise. Only approved users can reach the resource that they need in the moment they need it, eliminating lateral movement. Applications are made completely invisible to unsanctioned users, ensuring your organisation is safe from intruders or high-risk connections.
NetMotion’s granular control for meeting and exacting security requirements
Using NetMotion’s mobile performance management, IT administrators can create a highly flexible and programmable secure mobile strategy. A software-defined secure tunnel protects the data sent between a device and enterprise resources, protecting applications running over public networks regardless of location. The secure tunnel exercises strong authentication and the highest level of military-grade encryption to ensure that data communications are protected on insecure public networks. Administrators can configure options from a “per-app” level to device-wide configuration, providing customisable and secure access to enterprise data. Most importantly, IT can tightly restrict access without making security burdensome for WFH employees.
When WFH employees use public internet like cellular sims, requirements for security enforcement are very different compared to a corporate-controlled LAN environment. IT can secure connections for either specific applications and data flows, or all applications and connections on the device. Security enforcement can also be controlled by physical location using geo-fencing capabilities.
Whether driven by regulatory requirements or the nature of the applications and data accessed by the mobile user, some industries require advanced security. Examples include multi-factor authentication beyond simple user/password logins or stringent standards for encryption strength. NetMotion software supports the requirements for even the most security-conscious industries and organisations.
Unsecure devices allowed to access corporate resources are a threat. NetMotion can verify that specific security procedures such as an active firewall and updated antivirus are in place before allowing a device to access corporate networks, servers and data
All the controls, including a firewall on each device, required to stop malicious traffic proliferating your network, has been hardwired into NetMotion. As a WFH machine gets, the proliferation of the attack has nowhere to go and essentially the attack will be stopped in its tracks. Centralised control allows IT to push these security configurations out to each device in the field, from a single console.
NetMotion supports integration with popular security tools (Anti-viruses, Anti-malware) that identify and allow security personnel to remediate threats.
Log export allows IT to use SIEM tools to analyse NetMotion logs, for integration with the enterprise’s overall security strategy.
When users roam from one network to another, security requirements change; for example, going from their WFH sim card back to the office LAN. NetMotion maintains its secure tunnel regardless of the number of networks traversed. Since enterprise data transits the mobile carrier’s infrastructure and the Internet, NetMotion deployed strong authentication and encryption to protect and secure systems and data. Network access control (NAC) techniques ensure that mobile devices are in compliance before granting them access to corporate assets behind the firewall.
NetMotion enforces a highly flexible and programmable secure tunnel that supports split tunnelling on a per-app, per-flow basis or device-wide lockdown that requires all traffic to route through the NetMotion Tunnel to reach the enterprise network. This is ideal where employees use their own devices for company use only to secure the applications relevant to company use.
Advanced authentication & encryption meets the exacting requirements of sensitive industries. NetMotion supports two-factor authentication using RSA SecurID; x.509v3 certificates and PKI stored on the device or in a smartcard; or biometric device authentication. Encryption can be configured globally, on a user group, or per-user basis.
NetMotion applies encryption using AES encryption modules at 128-, 192- or 256-bit cypher strengths that are FIPS 140-2 validated, as well as NSA Suite B cryptography to meet the U.S. government’s standard for securing non-classified information.
In addition, NetMotion is certified at Common Criteria Evaluation Assurance Level 4 (EAL4+) augmented with flaw remediation; an international set of guidelines used extensively throughout Europe and by the U.S. Federal Government.
These high levels of encryption make it easy to demonstrate compliance with regulatory and organisational security mandates such as CJIS, HIPPA / HITECH, NERC-CIP, and PCI.
Network Access Control (NAC) detects the security status of the WFH device and allows IT to define security-related criteria and actions that control device access to the corporate network. For example, in order for a client on Windows to connect, it must have a specific antivirus product installed and auto-update enabled.
Granular control over application access by IP addresses, ports or other parameters, centrally maintained as policies at the NetMotion server and distributed for enforcement by devices in the field, creates a distributed firewall spanning all enterprise devices.
Geo-fencing enforces location-based security, alone or in conjunction with other parameters such as port number, IP address or application in use. This, for example, allows access to corporate resources only while the user is within bounds of a headquarters building, corporate campus or other authorised facilities.
WFH Employees only need to use one set of login credentials, at the start of each shift, and ForgeNet handles all subsequent logins as they roam across various networks. This is not only a convenience to the employee but also makes multi-factor authentication more practical to implement and the enterprise more secure because the secure tunnel persists throughout the entire shift.