Zero Trust
Architecture
Zero Trust Architecture Solutions

End-to-End Secure Transmission Solutions Designed Based on Zero Trust Architecture

Given the trends of cloud-based systems, remote access, and mobile office needs, relying solely on traditional firewalls and segregated IT infrastructure is no longer sufficient to combat modern cybersecurity threats. To effectively mitigate the risk of modern ransomware penetrating internal networks and to prevent the future risk of confidential information being decrypted through side-channel attacks by quantum computers, it is essential to adopt end-to-end secure transmission products based on Zero Trust architecture to ensure the security of your data transmission.

零信任架構解決方案 - 圖片
Complying with NIST SP 800-207
Three Key Technical Indicators of Zero Trust Architecture (ZTA)
  • Advanced Identity Governance
  • (Enhanced Identity Governance): Compliance with FIDO 2.0 / WebAuthn Two-Factor Authentication

  • Network Micro-Segmentation
  • (Micro-Segmentation): Gateway Connection Mode and Resource Access Permission Control

  • Software-Defined Perimeter
  • (Software Defined Perimeters): Virtual IP & WireGuard

    The system adopts the most secure deployment mode based on NIST SP 800-207 (Device Agent / Gateway Mode) and also supports two additional deployment modes (Enclave Gateway Mode and Resource Portal Mode).

    Product Features

    Zero Trust Architecture Endpoint Encrypted Connection

    By establishing end-to-end encryption, dynamic IP, and two-factor authentication for identity management, supporting FIDO 2.0 and WebAuthn architectural standards, the system effectively prevents man-in-the-middle attackers from intercepting or modifying communications between systems. This further protects against information gathering and impersonation of legitimate systems for unauthorized access or data manipulation.

    零信任架構解決方案 - 零信任架構端點加密連線
    零信任架構解決方案 - 微切分架構防止病毒橫向移動擴散

    Micro-Segmentation Architecture Prevents Lateral Movement and Spread of Viruses

    Virus attacks may begin with malware on an employee's desktop computer, attempting to move laterally to infect other computers on the network, internal servers, and more, until they reach their final target. By establishing a software firewall that differentiates access permissions based on various identities, organizations can implement least privilege management. When administrators detect unusual connections, they can immediately revoke permissions, effectively reducing the impact of account takeover and ransomware attacks.

    Comprehensive Tracking of Connection Activity and Usage Monitoring

    Proactively track network, personnel, and abnormal activities: Monitor connection activity and maintain comprehensive records of usage trails to achieve real-time protection and remote backup. The system also features complete connection log files to meet enterprise management and auditing requirements. Logs can be downloaded and support format conversion (such as CEF, LEEF, etc.) for easy integration with common SIEM platforms.

    零信任架構解決方案 - 完整紀錄使用軌跡監控連線活動

    DoQubiz Technology

    Innovative fractal technology helps you comprehensively protect digital assets

    Scroll to Top