Zero-Trust Access

Trust Endpoint Access to Your Cloud and Local Networks

Secure Access Module

The Secure Access module of the MetaAccess Platform ensures that access from the device to your cloud and legacy applications is secure, whether connecting from the office, home or other remote locations. There are two different methods available: Secure Cloud Access with SAML IdP Integration and Software Defined Perimeter (SDP) for zero-trust access control. With Secure Access, visibility is provided and unauthorized access is prevented.

Secure Cloud Access

Secure Cloud Access is accomplished with SAML / IdP Integration. Security Assertion Markup Language (SAML) is an XML-based standard for web browser single sign-on (SSO) that eliminates the need for application specific passwords. SAML uses single-use, expiring, digital "tokens" to exchange authentication and authorization data between an identity provider (IdP) and cloud application service provider that have an established trust relationship.

How does SAML SSO work with Cloud Access Control?

SAML single sign-on works by transferring the user's identity from one place (the identity provider) to another (the service provider). This is done through an exchange of digitally signed XML documents. Consider the following scenario; a user is logged into a system, which acts as an identity provider. The user would like to log into a remote application such as Salesforce or Dropbox (i.e. the service provider) but before the user is granted access, the user's device needs to pass a security check as defined by the organization's security policy.

The Challenge - Securing the New Perimeter

The foundation of the Internet is built on a communication access protocol (TCP/IP) that allows every IP addressable device on the Internet to effectively “see” every other device.  Secure access to applications and data is based on an outdated “trust and verify” approach, which has become a treasure-trove of opportunity for malicious activity and hackers. Additionally, the ability to use traditional device management techniques do not work for remote and/or personal devices.

Software Defined Perimeter

What if all critical Internet resources were inherently “invisible” to all users? The good news is this “Cloak of Invisibility” is available now with Software Defined Perimeter (SDP). OPSWAT SDP, a cloud-based service offering, hides enterprise application and data resources and adheres to a “verify first, connect second” Zero-Trust access model as compared to today’s “connect first, authenticate second” approach.

Use Cases

Next-Gen VPN

Increase security by darkening visibility to the protected applications and preventing east-west traversal. This security is added without increased cost or additional throughput degradation compared to the current generation of VPN solutions. At the same time, user experience is improved with a consistent, easy way to connect while on premises or off.

App Security

Make your applications invisible, rendering them undetectable and inaccessible to outsiders, while enhancing your application and data access security for internal wired and wireless-based network perimeter devices. This application security addresses regulatory compliance for a wide variety of industries, especially with the ability to block unauthorized access.

Borderless Security

Protect your data with mutual TLS encryption both within your perimeter and beyond, ensuring the required secure access. This security system protects against credential theft, connection hijacking and data loss, and common attacks such as DDOS, Man-in-the-Middle and more. SDP enables greater security based on an application-session only (least-privileged) zero-trust access model.

Download SDP White paper

Address Regulatory Compliance

Meet regulatory requirements by preventing access to corporate data, based on device risk. MetaAccess provides reports that can be used to meet regulatory compliance audits, such as FINRA, HIPAA, Sarbanes-Oxley, and others.

SDP Architecture

How it Works

SafeConnect SDP comprises three main components:

SDP Client

Available for Windows, macOS, iOS and Android devices. It ensures the certificate-based mutual TLS VPN only connects to authorized user services. The SDP Client can be distributed to managed devices or downloaded as part of a Patent-Pending BYOD onboarding process.

SDP Controller

The trust broker between the SDP Client and security policy controls such as Identity Access Management, Issuing Certificate Authority, and Device Compliance. Once authorized, the SDP Controller configures a mutual TLS VPN to enable per-session application access.

SDP Gateway

The termination point for the mutual TLS VPN connection from SDP Client. The SDP Gateway acts as a “Deny-All Firewall” to block visibility and access to the network. It is usually deployed as topologically close to the protected application as possible, and multiple Gateways are supported.


Address Regulatory Compliance

OPSWAT's MetaAccess not only includes an SDP, but also protects cloud apps through an IdP approach and on-premises network through MetaAccess NAC - all in one platform.

Adheres to Zero-Trust/Least Privileged Model

Verify first-connect second access to private and public cloud applications; resources are protected by a DENY ALL dynamic firewall; Traffic is protected in a mutually authenticated TLS tunnel (mTLS).

Customer-Provisioned Cloud Offering

Rapid deployment in a matter of hours; 24/7 Support; No additional hardware or network integration required; seamlessly overlays your existing network access controls.

Decreases Network Attack Surface

Hide your applications from the Internet and corporate networks to address DDoS attacks, credential theft, connection hijacking and data loss.

Talk to us and Request a Demo