Pulse Secure VPN | Zero Trust Secure Access to Hybrid IT Resources
Pulse Secure VPN | Zero Trust Secure Access to Hybrid IT Resources
layots
Secure Access is critical for today’s workforce as it is an enabler of digital transformation, empowering employees, customers, peers, and partners to work, communicate, and collaborate seamlessly. However, with new cyber threats and security breaches in the headlines, companies must also ensure a balance between productivity and security.
Traditionally, this has been a difficult goal given that security was predicated primarily on control: IT administrators enforce rules to meet business requirements and adhere to compliance obligations. This approach can result in a less than optimal user experience (UX), causing users to seek workarounds in order to get their jobs done. The growth of shadow IT is proof that users are very adept at leveraging unsecured personal devices or unsanctioned cloud services to address the tasks at hand.
Secure Access, in contrast, is designed with a seamless, simple user experience in mind that also provides Zero Trust protection. It is a model based on enablement rather than restriction. The objective is to deliver simple and frictionless access to enterprise information, applications, and services without compromising security – all while making it easy and flexible for IT to implement, manage and adapt security policies that align with an ever-changing environment. Zero Trust assumes that nothing inside or outside of the enterprise perimeter should be trusted and the network must verify anyone and anything trying to connect before granting access. Connectivity is only granted after identity is authenticated, the security posture of the connected device is verified, and the user or thing is authorized to access the desired application, service, or information.
Pulse Clients securely connect users to networks, both data center, and cloud. Wrapped in an extremely user-friendly package, Pulse Clients dynamically enable the appropriate network and security services on users’ endpoints. Users are not distracted from their work activities to figure out what network they are on or what service to enable. With Pulse Secure, the connection just works, helping to deliver the productivity promised by mobile devices. Pulse Client delivers dynamic access control, seamlessly switching between remote (SSL VPN) and local (NAC) access control services on Microsoft Windows devices. Pulse Client also enables comprehensive endpoint security posture assessment for mobile and desktop computing devices, and quarantine and remediate, if necessary
Pulse Secure Connection Workflow
- The user will initiate a connection to the Pulse Secure SSLVPN gateway using the provided VPN URL.
- Users can connect using a browser (for agentless access) or using a persistent VPN agent.
- SSLVPN gateway will perform the user authentication (it can be Active Directory, LDAP, Radius, OTP, etc credentials or it can be Multifactor Authentication).
- After successful authentication, the SSLVPN gateway will perform the compliance check on the user machine (optional)
- Once the authentication and compliance check is Passed successfully, access will be provided only to the authorized resources. Resource access can be controlled through Access rules.
- The policy can be configured per user, group, etc.
Feature Set of Pulse Secure Access VPN
Dual-transport (SSL + Encapsulating Security Payload) full Layer 3 VPN connectivity with granular access control.
- Client/server proxy application that tunnels traffic from specific applications to specific destinations (available for Windows devices only)
- “On Demand VPN” and “Per App VPN”, for seamless & secure end user experience
- The full range of split tunneling options is configurable, including support for individual IP addresses as well as FQDN.
- Includes enable and disable functionality with overriding route capability and route monitoring.
- Pulse AppConnect enables IT to integrate per-application SSL VPN connectivity for maximum data security and user transparency.
- Users can easily launch SSL VPN via their Web browser, or directly from their desktop.
- Auto Connect feature allows devices to automatically connect to VPN, either at the time when the machine starts or user logs on.
- VPN on demand feature leverages OS capabilities for auto triggering VPN, seamlessly in the background, when an approved application needs corporate access.
- Administrators can deploy Pulse Secure for remote user authentication using a wide array of authentication mechanisms, including hardware token, smart card, soft token, Google Authenticator, one-time passwords, and certificate authentication.
- SAML authentication, for delegating user authentication to an Identity Provider.
- Endpoint devices can be checked prior to and during a remote access session to verify an acceptable device security posture requiring installed/running endpoint security applications (antivirus, personal firewall, etc.), as well as check for IT-required Operating System versions, patch level, browser type, and many other requirements.
- Custom-built checks for specialized customer requirements are also supported.
- Noncompliant endpoints can be quarantined, denied access, or granted access, depending on administrator defined policies
- Enables consolidated reporting and dashboards for simplified management.
- Leverages MDM attributes for more intelligent and centralized policy creation.
- Facilitates transparent “no touch” MDM-based deployment of Pulse Clients to iOS and Android devices
Pulse Secure offers a comprehensive, unified, interoperable and scalable Secure Access platform that securely connects workers to company resources and protects company devices, regardless of location – in the data center, internal network, cloud, or mobile. That’s why the world’s largest and most security conscious organizations rely on Pulse Secure solutions and trust our expertise and know-how.
