How a Global Paint and Chemical Company Secured Remote Workers with TransientAccess ZTNA

Betek, with 2000 employees in 16 countries, chose TransientAccess to replace its legacy VPN with Zero-Trust Network Access (ZTNA), allowing them to use remote clients, SAP in particular, with confidence.

While looking for a product to replace their current VPN solution and secure remote workers, Betek found TransientX’s TransientAccess based on a recommendation from their partner, Maya ICT, one of Turkey’s leading MSSPs. Maya ICT had already incorporated TransientAccess into their cloud security offering for customers. Betek’s goals were to:

• Implement a zero-trust model
• Secure remote workers with ZTNA and eliminate the VPN
• Provide granular control of remote network access between offices
• Provide secure access by 3rd parties to in-house SAP apps without a VPN
• Implement micro-segmentation of critical apps
• Create and manage application-based user policies within minutes
• Support private cloud and hybrid architectures

As part of their search for a solution, Betek explored how they could implement microsegmentation in their critical applications for the company with their existing systems, but they could not fully support this for end users. Managing the many different user profiles in order to partially control access to their VPNs was time consuming and difficult.
This solution was not scalable and was difficult in terms of change management. Moreover, they had to support a wide variety of their customers’ IT architectures, including private cloud and hybrid architectures.

” TransientAccess is very easy to use, but the main benefit is that it provides very powerful control with the features it provides.
They made it possible to define a variety of policies for different groups with different needs. We could not find any other alternative system that met our needs as we define various policies for all our users. It provides security so easily.” -Feza Zengin,
IT Manager at Betek.

Read the full case study here or contact us to try it out for yourself.

Zero Trust Network Access: What and Why?

Legacy NAC and VPN for accessing corporate networks

ZTNA, NAC, SDP, RDP, VPN: Making sense of the remote access alphabet soup.

Zero Trust Security is a hot topic and with good reason. But what does it really mean in practice, when applied to solving remote access security challenges? In this post we provide an introduction on Zero Trust Security as it applies to Network Access (ZTNA) to help sort it out.

Before Zero Trust, a user or device was validated as having the correct credentials and the right to access the network. Once that step was complete the user or device had a wide open path to the network and resources. To mitigate the risk that a valid user would access systems they weren’t supposed to, role-based access control (or RBAC) was implemented. In theory this worked in conjunction with least-privileged access (the Principle of Least Privilege or PoLP) so that users were only granted access to the resources they needed and nothing more.

VPNs – Virtual Private Networks – are the ubiquitous technology for providing remote users access to enterprise resources. However, they are a network-layer technology, meaning that once the user is validated and logged in, the user’s device now has an open network connection to the corporate network. To mitigate the security risk of this open pipe, in addition to RBAC and PoLP, enterprises deploy Network Access Control (NAC) to verify first that a given device has the correct security posture – is the device allowed, independent of the user? Does the device have up to date AV running and passed a scan? And so forth.

VPN
Legacy NAC and VPN for accessing corporate networks

Once a user logged in to the VPN client, and his device passed the NAC security check, one of the most common resources accessed are remote desktops, most often with Remote Desktop Protocol or RDP. Although it is a proprietary Microsoft protocol, it does have cross-platform support for non-Windows devices.

That in essence is the technology stack most widely deployed in enterprises today to enable remote access: VPN clients where devices are validated by NACs. Users are granted access based on RBAC, PoLP to resources, including remote desktops over RDP.

Zero Trust Network Access (ZTNA) offers a simpler, more secure alternate vision. ZTNA turns the existing paradigm on its head – rather than open up a wide open pipe and then retroactively find ways to narrow it down, ZTNA assumes no device or user should be trusted, and no access granted by default except that explicitly required only for the duration required.

This is critical in a world where there is no fixed perimeter any more, but rather a software-defined perimeter (SDP).

TransientAccess takes ZTNA and SDP a step further, delivering true app-to-app connectivity over disposable networks. That is, there is never a device to device connection, nor is a user validated for anything more than what the user needs access to for the time the user is accessing it.

TransientAccess Zero Trust Network Access
TransientAccess Zero Trust Network Access

TransientX has a unique approach to Zero Trust Network Access (ZTNA):

  • A lightweight agent, creating a disposable virtual network connecting the local app to the enterprise resource on-prem or in the cloud.
  • A “Transient Virtual App Network”

This approach means TransientX can deliver on the promise of truly secure remote access for an organization’s workforce and business partners. Learn more in our intro video, contact us to get TransientAccess now or scroll below for further reading:

Further Reading:

https://transientx.com/content/zero-trust-network-access.html

https://transientx.com/content/zero-trust-network-access.html

References:

https://en.wikipedia.org/wiki/Principle_of_least_privilege

https://en.wikipedia.org/wiki/Role-based_access_control

https://en.wikipedia.org/wiki/Virtual_private_network

https://en.wikipedia.org/wiki/Remote_Desktop_Protocol

https://en.wikipedia.org/wiki/Software_Defined_Perimeter

Delivering a Unified TransientAccess User Experience

TransientAccess User Experience (UX)

For users, a consistent UX across all platforms and devices

TransientAccess provides a consistent user experience across all platforms: Windows, Mac, iPad, Android and iPhone. We’ve produced a short video showing how TransientAccess delivers radically simple Zero Trust Network Access (ZTNA) with the same UX across all devices and platforms, whether the devices are managed or unmanaged.

Ease of use, simplicity, performance and consistency are security factors. Nothing will motivate end users faster to bypass security controls than poor UX or degraded performance. With the TransientAccess user experience, the user sees no performance degradation vs VPN and has no learning curve as they switch platforms and devices.

See more here and contact us if you’re ready to try for yourself:

How a Leading Sports Club Secured SAP with TransientAccess ZTNA

Fenerbahce ZTNA Case Study with TransientAccess

TransientAccess delivers true Zero Trust Network Access for the Fenerbahce Sports Club

With over 5000 employees and more than 300,000 members,
Fenerbahce is one of the largest multi-sport clubs in Turkey and is a
major retailer in its own right.

With their dedicated fan bases, legal and illegal betting riding on game results and big revenue streams, professional sports clubs are among the most targeted companies by hackers. Successful attacks can have devastating effects on company operations and reputation.

An organization’s viability can be imperiled because of damage caused by IP loss. For an organization like Fenerbahçe, SAP is the most important digital asset to defend. Protecting such a high value asset means going beyond traditional security paradigms. Most organizations deploy multiple security layers to protect SAP data, such as NGFWs, AV, MFA along with robust IT security policies. Yet all these steps can still leave holes that
need to be closed.

FC Fenerbahce relies heavily on SAP for all business-critical processes. The executives and security teams are responsible for carrying out this process knowing that their business revolves around this information. However, they are also aware of hidden dangers such as user accesses, file downloads, and data leaks that can occur due to data streaming. It therefore became critical to implement solutions that monitor and prevent such leaks.

“After a detailed product assessment, in-depth presentations and a pilot
project to measure performance in our company’s environment,
TransientAccess demonstrated reliability and effectively demonstrated its
value in providing SAP access and data security.”
– Bülent Kaçmaz, CTO, FC
Fenerbahçe

Securing remote access for SAP with ZTNA

TransientAccess is able to proactively eliminate threats such as data loss and ransomware attacks by providing users with an operational convenience they have not experienced before.


As a result, TransientAccess provides proactive protection against commercial damage by ensuring data protection and facilitating secure operational processes. Thanks to the micro-segmentation feature of TransientAccess, only relevant users are authorized to access company data in the relevant SAP modules. IT Managers can now see ‘who’ can access ‘which’ data from the SAP system and make sure that this data is securely encrypted, even outside the company.

Read the full case study here or contact us to try it out for yourself.

TransientAccess Performance vs VPN

TransientAccess ZTNA performance vs Open VPN

Speed Matters.

While security is the prime consideration when moving from VPN to ZTNA, another important factor is performance. Not only do VPNs have a broad attack surface, they can impact dramatically network speeds for the endpoint. That’s why TransientAccess ZTNA’s performance vs traditional VPN clients like Open VPN is crucial.

Performance degradation in effect becomes a security issue, as the degraded user experience pushes users to avoid using VPNs and the already-limited security they provide. Shadow IT emerges and IT security teams get pressure to loosen controls.

Instead, with a Zero Trust Network Access (ZTNA) approach like TransientAccess, there’s no performance degradation. That’s in addition to the inherent security advantages of app to app security provided only when needed as needed on transient, disposable networks.

ZTNA Performance vs Open VPN

We’ve made a short video here showing the real-world performance hit of TransientAccess ZTNA vs a VPN client (in this example, Open VPN):

TransientAccess ZTNA Performance vs Open VPN

Whether remote access is via a mobile client or desktop, and whether it’s OpenVPN or a commercial VPN client, performance degradation will always be an issue. Contact us to compare for yourself.

TransientAccess Now Available on MS Azure Marketplace

Microsoft Azure customers worldwide now gain access to TransientX’s flagship product TransientAccess to take advantage of the scalability, reliability and agility of Azure to drive true zero-trust security through zero-trust network access (ZTNA).

Hoboken, NJ — September 28th, 2020 — TransientX, transforming fixed and device-centric networks to disposable networks of apps, today announced the availability of TransientAccess Zero-Trust Network Access in the Microsoft Azure Marketplace, an online store providing applications and services for use on Azure. TransientX customers can now take advantage of the Azure cloud platform, with streamlined deployment and management. In addition, we’ve built in tight integration with Azure Active Directory Services for seamless integration with existing customer infrastructure.

TransientX has a mission to transform fixed and device-centric networks to disposable networks of apps – delivering true Zero-Trust Network Access (ZTNA).

TransientX has a unique approach to ZTNA:

  • A lightweight agent, creating a disposable virtual network connecting the local app to the enterprise resource on-prem or in the cloud.
  • A “Transient Virtual App Network”

“Microsoft Azure Marketplace lets customers worldwide discover, try, and deploy software solutions that are certified and optimized to run on Azure,” said Sajan Parihar, Senior Director, Microsoft Azure Platform at Microsoft Corp. “Azure Marketplace helps solutions like TransientAccess reach more customers and markets.”

The Azure Marketplace is an online market for buying and selling cloud solutions certified to run on Azure. The Azure Marketplace helps connect companies seeking innovative, cloud-based solutions with partners who have developed solutions that are ready to use.

“By making our solution available on the Azure Marketplace, we are going further in delivering on our mission and helping make our customers’ experience seamless and secure. We build on Azure’s impressive performance and security infrastructure  to make it easy and fast for customers to deploy TransientAccess. Additionally, we tightly integrate with Azure Active Directory for a seamless customer experience.” – Egemen Tas, TransientX founder and CEO.

For additional information, see our listing on the Azure Marketplace and our Press Release.

The TransientAccess Client is available here.

TransientAccess 2.0 now available

TransientAccess 2.0 Desktop view

Like the ease of use of Zoom? You’ll love how easy we’ve made ZTNA with TA2.0

Highlights:

  • Unified User Experience
  • Friction-Free Browser-Based User Onboarding
  • Automatic Disposal of Application Contents
  • Built-In MFA Support

We’ve made it our mission to deliver zero-trust network access that provides a seamless, transparent user experience with no compromise on security. With the release of TransientAccess 2.0 we’ve delivered on that goal on multiple fronts:

Unified User Experience & Friction-Free Onboarding

We have simplified the end user experience significantly. The same lightweight client is available on all platforms, from IOS and Android to Windows and Mac.

We have also removed the friction of provisioning or installing our clients to endpoint devices, with a new seamless browser based experience. For mobile users they see:

TransientAccess mobile client

Desktop users see this:

TransientAccess 2.0 Desktop view
TransientAccess 2.0 Desktop view

Whether accessing via desktop or mobile, TransientAccess 2.0 provides a seamless, frictionless and consistent UX across all platforms.

MFA support built-in

Lack of MFA adoption by end users because of the friction and hassle involved is arguably one of the biggest security risks out there. Now TransientAccess has MFA support enabled, allowing TOTP-based authentication using common 2FA apps from Google, Microsoft, DUO and more.

Automatic Disposal of Application Contents

We have added a much-anticipated feature for automatically deleting container contents when going offline. With this new option, when users go offline or sign out, all the application contents can be erased from the device.

TransientAccess 2.0 new features
TransientAccess Automatic container content disposal

Ready to try for yourself? Contact us and we’ll get you set up today.