What We Do
We are the leaders in software-defined perimeter security. Founded with a vision to secure computing for the digitally-transformed enterprise, we have developed products that enable applications to run in enclaves, creating virtual network perimeters in today’s complex hybrid computing environments. Our patented enclaves enable unified security orchestration for next-generation hybrid cloud datacenters.
What is an Enclave?
An enclave is a virtual network perimeter that wraps around authenticated endpoint machines, instantly isolating them from other endpoints, even those that share the same physical network.
Endpoints inside an enclave are specifically permitted to communicate with each other according to policies that define the expected application flow. All enclave communications are secured by on-demand encrypted tunnels, and endpoints in disparate physical networks can communicate with each other using Zentera’s patented Cloud over IP® (CoIP®) technology without any special networking setup or configuration of the physical infrastructure.
What are the Benefits of an Enclave?
Zentera’s enclave approach offers a number of benefits, including:
Instant Network Perimeter
An enclave’s perimeter creates a new traffic policy enforcement point. By default, endpoints are accessible only through an overlay IP network, which shields the endpoint from scans.
Simple and Portable Policy-Driven Security Orchestration
An enclave provides a single uniform set of controls for a distributed application that may be spread over multiple clouds or datacenters. Endpoints in an enclave automatically inherit the enclave’s security policies, reducing the potential for misconfiguration. Administrators can set up enclaves without modifying firewall or routing rules.
Application-Based Deep Segmentation
Applications can be deployed to an enclave with detailed segmentation rules. Traffic can be filtered in any direction – east-west or north-south – and network access can even be restricted to specific application binaries, limiting the potential for lateral migration of an attack.
Zero Trust of the Underlying Infrastructure
Traffic from sensitive enclave applications is segmented, encrypted, and inaccessible to non-enclave endpoints that may share the same physical infrastructure. In this way, enclaves help minimize the risk of data leakage that may arise from an attack on the infrastructure itself.
When an application is deployed to a Zentera enclave, any unapproved activity triggers an alert, which is by definition actionable. Endpoints can be quarantined pending analysis and remediation.
How are enclaves different from existing security tools?
Virtual LANs (VLAN), Virtual Private Clouds (VPC) and Security Groups
Unlike VLANs, VPCs and security groups, which are specific to the network or cloud where they are configured, an enclave works exactly the same way across all infrastructures in which it was deployed. These approaches, which require significant planning to effect any change, whereas enclave configurations can be updated in a matter of minutes.
Most micro-segmentation security tools focus on east-west micro-segmentation, which controls traffic between endpoints on the same computing tier. They typically do not address north-south or application-based traffic segmentation. Additionally, they have limited capabilities to support dynamic environments that may span many cloud service providers.
While firewalls are the foundation of any good network perimeter defense, it is not feasible to deploy a physical appliance in a hybrid cloud environment. Virtual firewalls are plagued by performance issues, as the hardware physical firewalls rely upon for deep packet inspection (DPI) isn’t available, and haven’t achieved the same level of popularity as a result. In contrast, the application-based deep segmentation of a CoIP enclave locks network access to specific applications without relying on CPU-intensive DPI.
VPNs are commonly used to provide secure site-to-site connectivity (e.g., cloud to on-premise), but as such can pose a security risk – attacks can be carried through a VPN mixed with application traffic. Enclave end-to-end tunnels are set up on-demand, locked to a specific application.
What can an enclave do for my applications
Simplify Security on Any Infrastructure
An enclave enables security to be defined by policies that can be deployed across any mix of infrastructure resources. Whether deployed completely on-premise or in a full multicloud environment, enclaved applications can be managed through a single pane of glass or with a simple API.
The segmentation provided by an enclave and its instant software-defined perimeter can help reduce the scope of a compliance audit. Whether you have an e-commerce application facing a PCI compliance scan or a healthcare application that must meet HIPAA and HITECH requirements, an enclave can help reduce compliance scope by reducing the attack surface that must be considered.
Detect Breaches and Simplify Recovery
With instant actionable alerts, customers can automatically quarantine suspect endpoints for analysis and remediation without affecting the application flow. Security policies are instantly inherited from the enclave, allowing security controls to be decoupled from the configuration management scripts.