What We Do
We are the leaders in software-defined perimeter security. Founded with a vision to secure computing for the digitally-transformed enterprise, we have developed products that enable applications to run in enclaves, creating virtual network perimeters in today’s complex hybrid computing environments. Our patented enclaves enable unified security orchestration for next-generation hybrid cloud datacenters.
An enclave is a virtual network perimeter that wraps around authenticated endpoint machines, instantly isolating them from other endpoints, even those that share the same physical network.
Endpoints inside an enclave are specifically permitted to communicate with each other according to policies that define the expected application flow. All enclave communications are secured by on-demand encrypted tunnels, and endpoints in disparate physical networks can communicate with each other using Zentera’s patented Cloud over IP® (CoIP®) technology without any special networking setup or configuration of the physical infrastructure.
An enclave’s perimeter creates a new traffic policy enforcement point. By default, endpoints are accessible only through an overlay IP network, which shields the endpoint from scans.
An enclave provides a single uniform set of controls for a distributed application that may be spread over multiple clouds or datacenters. Endpoints in an enclave automatically inherit the enclave’s security policies, reducing the potential for misconfiguration. Administrators can set up enclaves without modifying firewall or routing rules.
Applications can be deployed to an enclave with detailed segmentation rules. Traffic can be filtered in any direction – east-west or north-south – and network access can even be restricted to specific application binaries, limiting the potential for lateral migration of an attack.
Traffic from sensitive enclave applications is segmented, encrypted, and inaccessible to non-enclave endpoints that may share the same physical infrastructure. In this way, enclaves help minimize the risk of data leakage that may arise from an attack on the infrastructure itself.
When an application is deployed to a Zentera enclave, any unapproved activity triggers an alert, which is by definition actionable. Endpoints can be quarantined pending analysis and remediation.
Unlike VLANs, VPCs and security groups, which are specific to the network or cloud where they are configured, an enclave works exactly the same way across all infrastructures in which it was deployed. These approaches, which require significant planning to effect any change, whereas enclave configurations can be updated in a matter of minutes.
Most micro-segmentation security tools focus on east-west micro-segmentation, which controls traffic between endpoints on the same computing tier. They typically do not address north-south or application-based traffic segmentation. Additionally, they have limited capabilities to support dynamic environments that may span many cloud service providers.
While firewalls are the foundation of any good network perimeter defense, it is not feasible to deploy a physical appliance in a hybrid cloud environment. Virtual firewalls are plagued by performance issues, as the hardware physical firewalls rely upon for deep packet inspection (DPI) isn’t available, and haven’t achieved the same level of popularity as a result. In contrast, the application-based deep segmentation of a CoIP enclave locks network access to specific applications without relying on CPU-intensive DPI.
VPNs are commonly used to provide secure site-to-site connectivity (e.g., cloud to on-premise), but as such can pose a security risk – attacks can be carried through a VPN mixed with application traffic. Enclave end-to-end tunnels are set up on-demand, locked to a specific application.
An enclave enables security to be defined by policies that can be deployed across any mix of infrastructure resources. Whether deployed completely on-premise or in a full multicloud environment, enclaved applications can be managed through a single pane of glass or with a simple API.
The segmentation provided by an enclave and its instant software-defined perimeter can help reduce the scope of a compliance audit. Whether you have an e-commerce application facing a PCI compliance scan or a healthcare application that must meet HIPAA and HITECH requirements, an enclave can help reduce compliance scope by reducing the attack surface that must be considered.
With instant actionable alerts, customers can automatically quarantine suspect endpoints for analysis and remediation without affecting the application flow. Security policies are instantly inherited from the enclave, allowing security controls to be decoupled from the configuration management scripts.
Zentera secures application workloads in hybrid environments with a type of software-defined perimeter called an enclave. The CoIP Enclave™ solution provides security and connectivity. It works with any infrastructure in any environment, does not interfere with existing environments or security, and can be up and running in less than a day. CoIP Enclave provides comprehensive network security for enterprise applications in the cloud, moving to the cloud or on-premise, and is deployed for worldwide operations by global corporations. The company has received numerous honors, including consecutive Red Herring Top 100 Awards, and is based in Silicon Valley.
Copyright © 2018 Zentera Systems, Inc.
All Rights Reserved.
All other trademarks and copyrights are the property of their respective owners.