Barracuda CloudGen Access

Enable Zero Trust Access to all your apps and data from any device and location.

WATCH VIDEO
Available as: SaaS

Secure Access to Internal Apps and Data

VPNs don’t work in the modern enterprise ecosystem. Distributed users, servers, and devices create challenges that VPNs were not meant to solve. Exposed networks, unmonitored user identities, unknown device security status, and complex switching between VPNs are just the tip of the iceberg. No company can accept the level of risk inherent in VPNs. CloudGen Access is the modern VPN replacement. Secure access and empower employees.

Trust BYOD. Finally.

Validate that devices outside the perimeter trying to access your infrastructure are authorized to do so. Ensure that devices meet your baseline security and compliance requirements before granting access. All in real time.

CloudGen Access VPN

Native support for trusted devices

No native support for trusted devices

Generates and stores device certificate on hardware keystore

Relies only on user credentials for infrastructure access

Sends a CSR to Management Console to register device and establish trust

Depends on 3rd-party tools like MDM to establish a native version of trusted devices

Validates every access request against current security and compliance policy

Requires enrollment to corporate MDM to determine trusted devices

Deploys conditional and contextual trust

Static trust architecture

Certificate management is built-in for both device and infrastructure components

Certificate management is difficult and requires 3rd-party tools

Grant resource access, not network access

Know who has access to your network and resources at all times. CloudGen Access segments apps and VMs based on user roles to limit exposure. Delight corporate users with hassle-free access to multiple VPN sites from a single profile.

CloudGen Access VPN

Access resources not the entire network. Direct trusted users to the information they need, whether in a VPC, data center or on-premises without increasing risk

VPN clients can act as patient zero on your network, increasing the potential attack surface exponentially. A compromised VPN client, residing on a VLAN with complete network access, can launch attacks on other clients on the same VLAN, ultimately exposing every routable VM/workload

Connect to multiple infrastructure sites without switching access profiles

Requires user to switch between VPN configurations to access multi-site environments

Confirm or deny access based on user role and device attributes: RBAC+ABAC. Example: User A in Group B with Device C that complies with policy D can access resource

Implements network segmentation, a painful and error-prone approach that requires 3rd party or custom tools. Limits ability to access dynamic, modern resources like Kubernetes workloads

Evaluate retrospective and prospective device security

Be confident that no compromised devices are on your network.

CloudGen Access VPN

Continuously monitors device and logs network metadata at the device level (network DVR)

Lacks visibility into device security status before starting active VPN session

Enforces policy that requires searching for a comprehensive IOC (indicators of compromise) list in network history before granting access

Cannot integrate with a local security agent as part of an access policy

Conducts retrospective search for IOC

Provides only single point in time access to device security state. Any change to the device security state is not reflected in the active session.

Detects if the device has ever exchanged information with a phishing site: e.g. mycompany.oktaa.com

Detects if the device has ever generated APT x C&C traffic

Ensure role and attribute-based access control

Guarantee access to the right resources. Anywhere. Anytime.

Global, remote, nomadic work is here. Let an EU resource traveling in the US access EU resources. Make sure an employee at home in China can get work done.

Role-based access alone cannot support new regulatory compliance requirements. CloudGen Access adds a new layer of attribute-based access control to ensure access for traveling or remote-working employees and partners.

CloudGen Access VPN

Role-based access control enhanced with attribute-based access control

Role-based access control (RBAC) only. Access tokens can be permanent or long-lived, creating additional risk as VPNs do not natively support re-auths and step-up auths

Rich attribute support:

  • Permissions: verify user/resource
  • Device: type, model, OS, end-of-life
  • Jailbreak
  • Authentication: configured touch/face ID & passcode
  • Wi-Fi SSID and location

Minimal contextual, actionable information about location, network, and device

Enable continuous connectivity

High quality, high fidelity mobile access. CloudGen Access enhances connectivity quality with a built-in defense and local proxy on a device.

CloudGen Access VPN

Built-in defense for intermittent connectivity

Sustained disconnects force application layer timeouts

Consistent session stability unaffected by change in source IP

Frustrating, painful experience for users, especially mobile workers such as utility field workers, insurance adjusters, law enforcement

Local proxy on device side and access proxy on infrastructure side can maintain session during dropped connections

Time wasted on repetitive VPN reconnects and app reloads, costing organization valuable employee productivity

Defend against Internet-borne threats.

Web-based attacks such as credential theft, phishing, drive-by downloads, and malvertising are the largest cybersecurity challenges facing corporations today.

CloudGen Access protects resources from these threats and delivers real-time alerts.

CloudGen Access VPN

Intercepts and blocks Internet-borne threats on the device with patent-pending technology

Requires integration with a costly point solution like Bluecoat, Websense, or Zscaler, to address threats in real-time

Preserves corporate network bandwidth and speed

Lacks capability to provide protection from Internet-borne threats due to split-tunnel configuration

Eliminates latency that can negatively impact user experience

Adds significant congestion to corporate network; degrades bandwidth utilization

Protects employee privacy, increasing adoption

Creates significant latency for users and increases battery consumption

Evaluates security state and posture of trusted devices in real-time. First-of-its-kind continuously updated content-filtering to identify new threats

Generates employee privacy concerns that may slow adoption

Empower users to improve device security posture.

Network Access Control works to secure corporate wired and wireless networks within the organizational perimeter. Today’s enterprises must secure roaming devices and laptops from coffee shops to hotels to co-working spaces.

CloudGen Access has built-in remediation engine lets users fix access issues and increases awareness of device security.

CloudGen Access VPN

Delivers a built-in policy remediation agent that operates directly on the edge

Requires additional point solution to offer any form of NAC functionality

Works everywhere, on the corporate network or on the go

Provides autonomy to users to solve their own access issues. CloudGen Access offers a step-by-step guide to fix issues and regain access. For example: If access is denied to Gitlab due to FileVault being disabled, CloudGen Access will share the steps to enable disk encryption