IDENTITY AND ACCESS MANAGEMENT (IAM) AND AUTHENTICATION SYSTEMS
Identification: For the user to access, the user must first be identified, and an identity must be created for the user.
Authentication: Every system and application need a way for users to identify themselves as the right person to authenticate.
Authorization: Every system and application must have a way to control what user can do after the user logs in.
Accounting: The answers to these questions (Who? What? How? Why? Where? When?) should be recorded for given access to the system and the applications.
- What you know (Password)
- What you have (Token, card etc.)
- What belongs to you (Fingerprint, Iris record etc.)
- Two Factor Authentication:
⦁ One-time Password (OTP)
⦁ Two Factor Authentication (2FA)
- Biological Authentication:
⦁ Face recognition systems
⦁ Voice recognition systems
⦁ Fingerprint recognition systems
⦁ Palm recognition systems
⦁ Iris control systems
- Behavioral authentication:
⦁ Network behavior-based authentication
⦁ Device behavior-based authentication
⦁ User behavior-based authentication
PRIVILIGED ACCESS MANAGEMENT (PAM)
- Paylaşımlı ve acil erişim için ayrıcalıklı hesaplara erişimi kontrol etmek.
- İdari, servis ve uygulama hesapları için kimlik bilgilerini (parola, anahtarlar vb.) tahmin edilemez hale getirme, yönetme ve elektronik kasada saklama.
- Ayrıcalıklı erişimin kimlik bilgilerinin açığa çıkmasını engellemek için tekil oturum açma.
- Ayrıcalıklı komutları, eylemleri ve görevleri kontrol etme, filtreleme ve düzenleme.
- Açığa çıkarılmasın diye uygulamalara, hizmetlere ve konteynırlara ait kimlik bilgilerini yönetime ve broker etme.
- Ayrıcalıklı erişimi, oturumları ve eylemleri izleme, kaydetme ve denetleme.
Birlikte Çalışılan Üreticiler:
IDENTITY PROCESS MANAGEMENT SYSTEMS (IGA – IDM)
Because of the difficulties of managing the life cycle process of the identities created for each user according to the corporate policies, the increase in the number of users and the increase in the systems that the user accesses with different authorities have made Identity Management Process Management systems compulsory. Identity Process Management Systems (IDM / IGA) is a second generation IAM solution developed for identity management and intelligence that combines functions from identifying any user to deleting the identity from the systems on a single platform. IGA tools are the cornerstone of organizations’ IAM strategies, so IGA adoption has increased rapidly. Features such as identity analysis support are becoming mainstream nowadays. At the same time, large organizations with mature governance evaluate the flexibility provided by many products on fulfillment processes and access requests that can be found very complicated for small organizations. Our solutions provide consistency on fundamental functionality regarding basic features (basic life cycle, authority management, access requests for authorization workflows, access certificate campaigns, fulfillment, and reporting).
NETWORK ACCESS CONTROL (NAC)
- Policy lifecycle management:
- Security stance control:
- Guest management:
- Profiling and visibility:
NAC solution provides following basic functions.
- Visibility: Scan, classify and evaluate.
- Control: Warn, check compliance, provide access based on dynamic role.
- Response: SOC – NOC integration, incident triage, incident review, isolation (quarantine etc.)
NEW GENERATION SECURE ENDPOINT REMOTE NETWORK ACCESS – (NG VPN, SDP, DEM)
Hardships with traditional VPN solutions:
Security concerns (breach risk): Because of the many breach risks in IPSEC and SSL VPN Technologies that have been in our life for a long time, they can’t meet today’s cyber security risks.
Risks of compliance with laws (monetary fines): Due to the lack of auditing on devices and data connected from out-of-office, traditional VPN technologies can’t check compliance with GDPR/KVKK that came into our lives in the recent years.
User efficiency loss (disconnections to VPN): Traditional VPN technologies needs to reconnect in case of temporary disconnections or change of user access environment (such as transition from Wi-Fi to 4G).
Lack of healthy and secure communication: Geleneksel VPN teknolojilerinde uygulama duyarlılığı ve optimizasyon özelliğinin olmaması nedeniyle uç noktada servis kalitesi sağlanamaktadır.
Difficulties in troubleshooting (End device problems): Geleneksel VPN teknolojilerinde ofis dışında sınırlı görünürlük sağladığı için kullanıcı problemlerinin giderilmesinde çok zorluk yaşanmaktadır.
- With its patented BLOCKCHAIN technology, it is not affected by known VPN vulnerabilities and does not pose a breach risk.
- With its SDP capabilities, it checks the device compatibility and data outside the office with detailed data analysis and policy controls. It does not permit access for non-compatible machines to the network without ensuring their compatibility first.
- Provides uninterrupted communication for the users with its Digital Experience management (DEM capabilities).
- Digital Experience management (DEM capabilities), as well as application-sensitive optimization, QoS and security capabilities, provides the user healthy and secure audio / video transmission.
- With its SDP capabilities, it provides access to the user’s machine and detailed data for the Office IT department.
SECURE ENDPOINT APPLICATION ACCESS (ZTNA) AND APPLICATION SHIELD PROTECTION
With digital transformation, many transactions in our lives are carried out online on mobile or personal computers. These transactions involve many risks during data transmission and due to weaknesses of user devices.
Basic security risks in Accessing the Application:
⦁ Application access is provided on the public internet and is accessible to everyone. Customer traffic can be directed to a different server and their information can be stolen.
⦁ Application is open to all kinds of attack vectors such as XSS, Heartbleed, SQL Injection, DOS / DDOS.
⦁ Customer information can be stolen by routing the bank portal with a MIM attack.
Uygulamaya yüklenilen uç nokta cihazından kaynaklanan güvenlik riskleri:
⦁ Malware can easily be installed on end devices due to the lack of user awareness
⦁ Stealing user / password information with keyloggers
⦁ Copying the information of user’s bank accounts
⦁ Getting screenshots from user’s device
⦁ Application data is open at the final point since SSL is used in banks
A new approach is required to address all these security risks. With the zero-trust access solution provided by Teknoser, these risks are eliminated by providing the following:
⦁ The banking app will not obtain an IP address which is open to the internet. The application is invisible on the internet.
⦁ All attacks are obsolete since there is no known IP address or URL on the internet
⦁ Critical applications and data on the client devices are safe from leaks
⦁ The source of the application is guaranteed to be the bank
The micro container solution provided by Teknoser eliminates the following risks by not allowing the online application loaded on user device to access any software, including the operating system on user machine:
⦁ Reverse Engineering (Troubleshooting / VM / Jailbreak) prevention
⦁ Prevention of clipboard and runtime data sharing
⦁ Transparent file encryption (AES 256 Bit)
⦁ Anti-Surveillance (Voice and Screen Recording Shield)