PROTECTION

New business drivers are affecting data security every day. Companies not only must protect APIs and application infrastructure from malicious attacks, they must also prove the scope of attempted attacks and provide a clear audit trail for all issues to minimize legal responsibility when attacks occur.

MicroPerimeter™

POLICY MANAGEMENT AND PROTECTION

New business drivers are affecting data security every day. Companies not only must protect APIs and application infrastructure from malicious attacks, they must also prove the scope of attempted attacks and provide a clear audit trail for all issues to minimize legal responsibility when attacks occur.

TRANSPARANCY

The disconnect between business requirements and actual security policies is often obscured by the complexity of applying a technical solution to code. All security policies can be built and rendered in the dashboard in a human readable format to allow easier auditing and compliance analysis.


TRANSPARENCY

The disconnect between business requirements and actual security policies is often obscured by the complexity of applying a technical solution to code. All security policies can be built and rendered in the dashboard in a human readable format to allow easier auditing and compliance analysis.

PORTABILITY

While transparency is great for the business team, the DevOps team needs a way to take those visualized policies and inject them into the CI/CD pipeline. All configurations are easily exported in a yaml or json format for inclusion in your code repositories. With service segmentation it’s easy to create policy libraries that can be shared and tested throughout development and easily incorporated into your deployment process.

INSTALL
MicroPerimeter™ API SECURITY

FLEXIBLE OPTIONS

Our MicroPerimeter™ Sidecar was designed from the ground up to work with container orchestration. When deploying containers in a Kubernetes cluster, the MicroPerimeter™ Sidecar automatically registers with the central repository, inserts itself in the flow for all ingress and egress traffic, and provides true East/West tracking and security enforcement. Click below to learn how to run Sidecar on Minikube.

FLEXIBLE OPTIONS

Our MicroPerimeter™ Sidecar was designed from the ground up to work with container orchestration. When deploying containers in a Kubernetes cluster, the MicroPerimeter™ Sidecar automatically registers with the central repository, inserts itself in the flow for all ingress and egress traffic, and provides true East/West tracking and security enforcement. Click below to learn how to run Sidecar on Minikube.

Cloudentity’s policy management comes preconfigured to integrate a wide range of attributes out of the box. This list describes some of the standard types of policies you can start working with immediately — contact us to learn more about custom policy types to extend your security logic even further.

GENERAL POLICY TYPES:

  • The Auth Events Sequence Validator checks whether a sequence of auth events, matching given list of criteria, have occurred in current session. 

  • The Policy Reference Validator can be used to embed an existing policy in your new policy without a need to duplicate policy logic. 

  • Fine-grained permission validator checks if fine-grained permission to Resource (Object) is granted to Principal (Subject) 

  • Permission validator checks if coarse-grained permission is granted to Principal (Subject) 

  • The Risk validator can be used to check if selected entity risk is above/below accepted. 

  • The Scopes validator can verify the existence of required scopes in the OAuth token .

LOGIC POLICIES:

  • The Conditional Validator allows the definition of complex authorization scenarios based on results from other policy validators. It handles the standard if-else statement flow. 

  • Pass/Fail Validators allow for the inclusion of gating within conditional flows or the creation of global policies which allow all or block all traffic unconditionally.  

ATTRIBUTE POLICIES:

  • The Cookie validator can be used to check if the HTTP request cookies meet the given conditions. 

  • The Header validator can be used to check if the HTTP request headers meet the given conditions. 

  • The Identity context attributes validator digs deeper into the values of scopes or other attributes that may be referenced in the OIDC JWT but where additional details need to be retrieved from the Identity server. 

  • The Path validator can be used to check if the HTTP request path parameters meet the given conditions. 

  • The Query validator can be used to check if the HTTP request query parameters meet the given conditions. 

  • The Service fingerprint attributes validator is used to check the identity of a Service that is making a request – this is critical for managing your core, East/West traffic.  

  • The User validator can be used to check if the user attributes of an authenticated user meet the given conditions.