ZTNA - Invisily Zero Trust Network Access

1. Hardware Asset Inventory: Invisily can be used to ensure that only devices in the inventory are allowed to connect to the enterprise assets based on their entitlements.
2. API Based Integration with Automated Device Discovery Tools: Invisily exposes an API through which third party tools that perform device discovery can be integrated with Invisily.
3. Software Asset Inventory: Inventory and Control of Software Assets is the second of the Critical Security Controls from Center of Internet.
4. Security (CIS): Invisily discovers all installed software on the devices in its device inventory and provides several kinds of policies based on it. Access is not allowed or is restricted if there is any software version installed on an endpoint that does not exist in the whitelist.
5. Running Process Check to Enforce Security Controls: Invisily Admin can define a list of running processes that Invisily must check for before allowing access to applications and services.
6. Risk Based Access and Session Maintenance: Invisily assigns a risk score to devices and users based on factors such as device vulnerability rating, Indicators of Compromise and suspicious user or device behavior. The assigned risk score can be used in defining access policies and access can be revoked in ongoing sessions if risk score crosses the defined threshold.
7. Lightweight mTLS Tunnelling: Invisily creates point to point secure mTLS tunnels between entities using robust AES-256-bit encryption and TLS 1.3. However, if the communicating entities already encrypt traffic through, say, HTTPS, adding overhead of yet another encryption can cause deterioration in user experience without enhancing security. Invisily offers a zero encryption overhead tunnelling option for such scenarios. Users get the benefit of secure connections without any noticeable network performance, which is often an issue with VPNs.
8. Robust Device Identification and Protection from Replay Attacks: Invisily computes device IDs based on hard-to-spoof attributes of device hardware. In addition, it implements HOTP which is a One-Time-Password mechanism for hardware. The device is authenticated using this dynamic password that changes every time. Hence, it is not possible to replay device credentials and gain access.
9. Scheduled Access: Invisily Admin can define policies to provide access at certain times of day, days of the week and dates. This helps limit attack windows for attackers and reduces the attack surface.
10. Multifactor Authentication and SSO: Invisily offers multi-factor authentication through OTP tokens and mobile biometric sensors including fingerprint and FaceID. It offers Single-Sign-On implementation with applications through SAML. It integrates with third party MFA and SSO applications as well.
11. Zero Trust Datastore Access and Data Exfiltration Detection: Invisily enables creation of zero trust-based access points for datastore and database access in cloud and data center environments. Access is not possible to these datastores through any other means thus dramatically reducing the probability of an attacker gaining access to these. Additionally, Invisily provides for monitoring volume of data retrieved from these data stores and alerting or blocking access on detection of high transfer volumes.
12. Gateway Based and Gateway Independent Microsegmentation: In addition to offering secure connections to applications through Gateways, where Invisily stays in the path of the data, Invisily offers application layer microsegmentation without getting in the path of the data.
13. Secure IoT Connectivity: In addition to traditional endpoints, Invisily Gateways and Bridges provide secure connectivity to and from IoT devices and networked peripherals such as printers and IP cameras. It offers device-side bridges that secure device connectivity to the rest of the network and protect the devices from unauthorized access.
14. Highly Scalable and Resilient: Invisily Gateways and Controllers are horizontally scalable and offer N+1 redundancy. All components auto-update to which keeps them protected and avoid down time.
15. Flexible Deployment Model: Invisily can be deployed in cloud-hosted, on-prem and air gapped environments thus enabling organizations to achieve zero trust network access without compromising on operational and regulatory needs. Invisily is offered in the SaaS model as well.

1. Brokers connection between user and application.
2. Performs device and user authentication.
3. Manageable from web-based admin portal.
4. Hosted on cloud or on-prem.

Invisily Gateway

1. Enables user to connect with applications and services.
2. Compatible with enterprise data centers and public cloud services.

Invisily Client

1. Client running on user endpoints and servers.
2. Establishes connection with Invisily Gateway to provide access to apps.

Admin Portal

1. Enables Admins to deploy and manage various components.
2. Provide insights into users and the applications they access.

1. VPN Replacement: Traditional VPNs are complex to manage, insecure and costly for providing remote access to internal resources. They are overly permissive and expose the network to attacks. Hence, they are used as exceptions. Invisily eliminates the need for VPNs as secure mTLS based tunnels are the default connectivity mechanism for all connectivity and provides secure, identity-centric and segmented access to enterprise applications and resources in the data center and the cloud. Through our zero-encryption-overhead tunneling, users do not experience any performance degradation that is typically seen with VPNs.
2. NAC Alternative: Invisily Zero Trust Network Access exceeds the capabilities offered by traditional NAC products and offers a greater degree of network security at a lower cost and with greater operational simplicity. In environments that already have a NAC deployed, Invisily provides additional capabilities to enable zero-trust based access to local and remote assets. In environments where a NAC does not exist, Invisily takes away the need for one and offers additional benefits.
3. Agent Based and Agentless Application Layer Micro-segmentation: Invisily can be used for micro segmenting server to server and client to server connectivity. Application layer micro segmentation reduces the need for network layer micro segmentation and is simpler and more cost-effective in reducing the attack surface. Active Directory, Azure AD and OpenLDAP Server.
4. Secure Access to Internet, Cloud and SaaS: Invisily helps implement security controls governing internet access and provides secure connectivity to cloud environments and SaaS applications. It helps secure connectivity between services running within the cloud as well.
5. Digital Asset Protection: Leakage of intellectual property – including source code and documents containing company secrets – can cause major financial loss and loss of competitive advantage. Invisily provides protection of such assets, going far beyond the protection offered by traditional DLP solutions. It counters both internal as well as external threats.
6. Secure Third Party Access to Enterprise Applications: Enterprises are increasingly allowing third parties – including suppliers and contractors – to access internal applications thus exposing themselves to network-based attacks. Invisily enables this set of users to securely access enterprise applications without increasing the network attack surface.
7. Agent-Based and Agentless Access: Enterprise and third-party users can securely access self-hosted and SaaS applications with or without an agent installed on their device. Invisily supports SSH, RDP, Web Apps and other protocols for secure remote access to applications.
8. Secure Thin Client Access: Invisily allows thin client users to securely access enterprise resources without the need for installing Invisily clienton the devices. This is made possible through our proprietary Server Bridge and Threat Detection technologies.
9. Securing Mobile Apps: Any mobile app can create a zero-trust network of its own by integrating Invisily SDK into it. This ensures secure access for mobile app users and at the same time protects the backend infrastructure from attacks.