Zero Trust
Architecture
Zero Trust Architecture Solutions
Given the trends of cloud-based systems, remote access, and mobile office needs, relying solely on traditional firewalls and segregated IT infrastructure is no longer sufficient to combat modern cybersecurity threats. To effectively mitigate the risk of modern ransomware penetrating internal networks and to prevent the future risk of confidential information being decrypted through side-channel attacks by quantum computers, it is essential to adopt end-to-end secure transmission products based on Zero Trust architecture to ensure the security of your data transmission.
Three Key Technical Indicators of Zero Trust Architecture (ZTA)
(Enhanced Identity Governance): Compliance with FIDO 2.0 / WebAuthn Two-Factor Authentication
(Micro-Segmentation): Gateway Connection Mode and Resource Access Permission Control
(Software Defined Perimeters): Virtual IP & WireGuard
The system adopts the most secure deployment mode based on NIST SP 800-207 (Device Agent / Gateway Mode) and also supports two additional deployment modes (Enclave Gateway Mode and Resource Portal Mode).
Product Features
Zero Trust Architecture Endpoint Encrypted Connection
By establishing end-to-end encryption, dynamic IP, and two-factor authentication for identity management, supporting FIDO 2.0 and WebAuthn architectural standards, the system effectively prevents man-in-the-middle attackers from intercepting or modifying communications between systems. This further protects against information gathering and impersonation of legitimate systems for unauthorized access or data manipulation.
Micro-Segmentation Architecture Prevents Lateral Movement and Spread of Viruses
Virus attacks may begin with malware on an employee's desktop computer, attempting to move laterally to infect other computers on the network, internal servers, and more, until they reach their final target. By establishing a software firewall that differentiates access permissions based on various identities, organizations can implement least privilege management. When administrators detect unusual connections, they can immediately revoke permissions, effectively reducing the impact of account takeover and ransomware attacks.
Comprehensive Tracking of Connection Activity and Usage Monitoring
Proactively track network, personnel, and abnormal activities: Monitor connection activity and maintain comprehensive records of usage trails to achieve real-time protection and remote backup. The system also features complete connection log files to meet enterprise management and auditing requirements. Logs can be downloaded and support format conversion (such as CEF, LEEF, etc.) for easy integration with common SIEM platforms.