.png){kind=small}
Zero Trust Network Access
Features
Hardware Asset Inventory
Invisily can be used to ensure that only devices in the inventory are allowed to connect to the enterprise assets based on their entitlements. In addition, Invisily exposes an API through which third-party tools that perform device discovery can be integrated with Invisily.
Software Asset Inventory
Inventory and Control of Software Assets is the second of the Critical Security Controls from the Center of Internet Security (CIS). Invisily discovers all installed software on the devices in its device inventory and provides several kinds of policies based on it. Access is not allowed or restricted if any software version is installed on an endpoint that does not exist in the whitelist.
Running Process Check to Enforce Security Controls
Invisily Admin can define a list of running processes that Invisily must check for before allowing access to applications and services.
Risk-Based Access and Session Maintenance
Invisily assigns a risk score to devices and users based on factors like device vulnerability rating, Indicators of Compromise, and the suspicious user or device behavior. The assigned risk score can be used in defining access policies, and access can be revoked in ongoing sessions if the risk score crosses the specified threshold.
Lightweight mTLS Tunnelling
Invisily creates a point to point secure mTLS tunnels between entities using robust AES-256-bit encryption and TLS 1.3. However, if the communicating entities already encrypt traffic through, say, HTTPS, adding the overhead of yet another encryption can cause deterioration in user experience without enhancing security. Invisily offers a zero encryption overhead tunneling option for such scenarios. As a result, users benefit from secure connections without any noticeable network performance, which is often an issue with VPNs.
Robust Device Identification and Protection from Replay Attacks
Invisily computes device IDs based on hard-to-spoof attributes of device hardware. In addition, it implements HOTP, which is a One-Time-Password mechanism for hardware. The device is authenticated using this dynamic password that changes every time. Hence, it is not possible to replay device credentials and gain access.
Scheduled Access
Invisily Admin can define policies to provide access at certain times of day, days of the week, and dates. This helps limit attack windows for attackers and reduces the attack surface.
Multifactor Authentication and SSO
Invisily offers multifactor authentication through OTP tokens and mobile biometric sensors, including fingerprint and FaceID. In addition, it provides Single-Sign-On implementation with applications through SAML and integrates with third-party MFA and SSO applications.
Zero Trust Datastore Access and Data Exfiltration Detection
Invisily enables the creation of zero trust-based access points for datastore and database access in cloud and data center environments. As a result, access is not possible to these datastores through any other means, thus dramatically reducing the probability of an attacker gaining access to these. Additionally, Invisily provides for monitoring the volume of data retrieved from these data stores and alerting or blocking access when high volume transfers are detected.
Gateway Based and Gateway Independent Microsegmentation
In addition to offering secure connections to applications through Gateways, where Invisily stays in the path of the data, Invisily offers application layer micro-segmentation without getting in the path of the data.
Secure IoT Connectivity
In addition to traditional endpoints, Invisily Gateways and Bridges provide secure connectivity to and from IoT devices and networked peripherals such as printers and IP cameras. It offers device-side bridges that secure device connectivity to the rest of the network and protect the devices from unauthorized access.
Highly Scalable and Resilient
Invisily Gateways and Controllers are horizontally scalable and offer N+1 redundancy. All components auto-update, which keeps them protected and avoids downtime.
Flexible Deployment Model
Invisily can be deployed in cloud-hosted, on-prem, and air-gapped environments, thus enabling organizations to achieve zero-trust network access without compromising operational and regulatory needs. Invisily is offered in the SaaS model as well.
Access Restricted to Trusted Devices
Invisily ensures that users only access network, cloud and SaaS resources from trusted and authenticated devices. This prevents internal and external threat actors from circumventing device based security controls.
Outbound Network Access Restriction
Organizations may be required to offer controlled internet access to their employees to meet certain security requirements. Invisily provides controlled outbound access through policy based destination IP whitelisting feature customizable for individual users or group of users.