Zero Trust Connectivity Automation Rivals the VPN

Network Security Business Challenges

Cloud-Enabled Enterprises are constantly grappling with new service to service and application communications. This creates a constant friction in the vast majority of enterprises which include nearly nightmarish levels of of evaluation and risk analysis for large entities and increases security threats.

BrazenCloud believes the industry needs to move from today’s manual “predefined policy and always on VPN” oriented approach to a zero trust on-demand, fully automated and dynamically provisioned connectivity future.

Common Network Security Scenario:

Let’s suppose for a moment there is a business need to establish connectivity between two services or applications that reside in completely different networks behind different firewalls.

• Change requests and extensive collaboration is needed security teams for the business to be serviced properly.

• Once a need has been established, in turn, change requests are invoked for yet another approval process to establish VPN links and or new connectivity.

• A new connectivity or policy change adds additional network and security layers, adding complexity and increasing potential attack surface.

• Policies must be manually modified (and in the vast majority of cases) often also opening connectivity on a permanent basis between the two applications -creating unneeded network security exposure.
  

  Unacceptable Business Results:

  • It can take several weeks or months to get new connectivity approved (~1 week), changes then need to be discussed, planned and implemented (~1 week).

  • New Connectivity Introduces “Established Trust” which can be leveraged by attackers for lateral movement and exploitation.

Dynamic On-Demand Zero Trust Connectivity is Needed in Network Security

Avoiding Costly Administration and Compliance Burdens with “Time of Need” Trust

• BrazenCloud enables and delivers direct service-to-service or app-to-app secure communications with dynamic communications at the service layer.

• Applications generally need lateral connectivity to serve specific functions, the vast majority of which are only needed for brief moments of time (for example backups, time synchronization, on-demand administrative connectivity).

• BrazenCloud is more secure because it delivers on-demand connectivity which is orchestrated and instantiated at the “time of need”.

• With BrazenCloud, users can integrate on-demand connectivity into BrazenCloud Runbooks, delivering on demand connectivity to applications or services at time of need.

Automation is Key to Trust Validation/Effectiveness

• With BrazenCloud the connection can be established immediately with a few keystrokes or with a simple script via the Brazen API.

• BrazenCloud is not only faster to establish connectivity, it is also more secure. A VPN requires a bunch of security rules to lock it down so that only the desired services or applications can communicate.  

• BrazenCloud allows Enterprises the ability to allow services to communicate over a coms pipe only for the duration of an automation or at a certain time of day

Eliminate “Always On’ Connectivity

• By contrast, BrazenCloud links can be set up automatically via a Runbook and torn down when the job is done. This is much more secure.

• With BrazenCloud Zero Trust Connectivity architecture, connectivity can be configured to exposed only a local listening port on a workload, avoiding opening network connectivity to adjacent networked services and applications.

What BrazenCloud Can Do:

Automated Zero Trust Connectivity

• Create Local Service Listener’s that aren’t available on the Brazen Agent host’s live network (limit exploitation availability).

• Orchestrate Enabling and Disabling Service Accounts in Active Directory (temporarily authorized trust).

• Open Connectivity Between Two Authorized Hosts On Demand only during the time connectivity is necessary (during time of need).