Shanghai Paraview Software Co., Ltd.

Solution

By Industry

Financial Industry

Automobile

Manufacture

Retail

By Initiative

Zero Trust & CARTA

Digital Transformation

Audit & Compliance

Cloud Security
Product

Identity Management

Access Management

API Security Gateway

Multi-Factor Authentication

Privileged Access Management

Identity Cloud
Customer
Company

About Us

Company Culture

Contact Us
En

Chinese

English

Contact

Zero Trust
& CARTA

Trust Boundary and
Zero Trust

Firewall-based Trust boundary

Servers and office equipment inside the enterprise depend on the internal firewall, and external users need a VPN to access the internal network.
The intranet is considered a trusted network environment, and the network outside the company is considered an untrusted network environment. Build a firewall service before the two to prevent threatening external requests from obtaining sensitive company information.
SDP-based Zero trust model

Abandoning the "over-trust" practice of the trust boundary model for the internal network, all requests to access sensitive data should first pass through the zero trust control center, and the control center will evaluate the access and decide what level of authentication information to provide for this visit Then authorize access dynamically. That is, "trust authorization" should be evaluated and transformed in real time based on access.

Why Do We Need Zero Trust?

Security perimeter redefined

Cloud applications and the mobile workforce have redefined the security perimeter. Employees also use their own devices and working remotely. Data is being accessed outside the corporate network and shared with external collaborators such as partners and vendors. Corporate applications and data are moving from on-premises to hybrid and cloud environments.
No protection for Intranet

To some extent, the traditional network security architecture assumes or defaults that the intranet is secure. Through firewall, WAF, IPS and other border security products / programs, the enterprise network exports are heavily protected, while the enterprise intranet security is ignored. It can't identify the attack behavior of internal trusted devices on other trusted devices, handle the attack behavior bypassing the firewall, and avoid the misoperation or malicious revenge of the enterprise's insiders.
static trust model for identification

We cannot guarantee that all access identities are credible or untrusted, so we must establish a risk model for all the authentication factors such as IP, behavior , MAC address and other risk factors, perform dynamic analysis, and then combine strong authentication to fullfill the identity verification.

last next

Adopt a Zero Trust
Security Model

Izero trust security aims to fulfill comprehensive, dynamic and intelligent access control of digital identity ,including people / IOT / API with the help of trusted identity management platform.

Identity-orentied

Everything has an identity. Achieve full identity of people / IOT / API through identity governance platform
Reliable dynamic identification

Through the big data and the access context AI factor, the trusted authentication identification system is reconstructed, and the access is dynamically "identified".
Dynamic access control

"Access control" should be based on real-time monitoring of access behavior and risk measurement to achieve adaptive security control and early warning.
User behavior analysis

In order to realize the zero trust security, it is necessary to have a comprehensive audit strategy based on identity, permission and access.

Zero-trust
Security Architecture

CARTA

Continuous Adaptive Risk and Trust Assessment

CARTA is a new trategic approach for information security, in which infrasturcture and systems must be prepared to treat trust as dynamic ,ever-changing set of contextual values. As per Gartner，CARTA is vital to stay competitive with emerging business opportunities. The key is to apply philosophy across the business form DevOps to external partners.

Scenario

Remote access
Digital transformation
Internet of Things
Privileged security
API security

Remote access

Enterprise digital transformation has produced the characteristics of diversified user identity, diversified physical equipment and diversified business platforms. In this case, the zero-trust model advocates that all identities and devices are defaulted as untrusted, and continuous risk assessment of access behaviors, dynamic authorization, and access control, abandoning the original internal network and excessively trusting external network VPN access 。The model is transformed into a multi-attribute level of continuous trust, which effectively prevents internal ghosts and external network attacks.

Digital transformation

Internet of Things

Privileged security

API security

Business Value

enables adaptive securtiy for enterprises, provides intelligent, contextual, and continuous security to protect employees and consumers.
Transforms from network-based to identity-based, supports enterprises to adpot new IT technologies safely in digital transformation, and accelerates bussiness innovation。
Zero-trust security architecture can not only prevent external malicious attacks, but also avoid internal malicious or abuse access Based on internal and external security risks assement, adjust trust policies to continue security defense.