Cloud

12/4/2017
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

ScaleFT Announces General Availability of its Zero Trust Access Fabric

ScaleFT is the first company to deliver Google's BeyondCorp as a service - helping companies achieve their own Zero Trust security architecture.

SAN FRANCISCO - ScaleFT, the Zero Trust security company, today announced general availability of its Access Fabric, the globally-distributed real-time authorization engine backing its Zero Trust Access Management platform. Inspired by Google’s BeyondCorp, which allows employees and contractors to work securely from any location across the globe without the use of a VPN, the ScaleFT Zero Trust Access Management platform protects sensitive company resources through an application layer authentication and authorization model that factors in dynamic user and device conditions. Managing access to a company’s server and web application resources through layer 7 controls, ScaleFT is the first company to make the core components of BeyondCorp consumable as a service.

“We’ve witnessed the emergence of BeyondCorp as an industry-wide movement, with more and more companies wishing to achieve the same positive security and productivity outcomes as Google,” said Jason Luce, CEO and co-Founder of ScaleFT. “Few companies have the time, resources, and expert personnel as Google to successfully implement such a complex system themselves, which is what we’ve done for our customers.  Our mission is to make BeyondCorp a reality by breaking the architecture down into more consumable pieces that can be quickly adopted by any size organization. With the GA release of the ScaleFT Access Fabric, any company can start incorporating dynamic Zero Trust workflows for their internal resources with just a few clicks.”

ScaleFT first introduced Zero Trust principles to the market with its Server Access product in 2016, which eliminates the use of static credentials entirely for Linux and Windows servers through a client certificate-backed PKI architecture. Now running in production at a number of companies including Rackspace, Coursera, Quid, Jungle Disk, Zenoss, and more, ScaleFT Server Access has fundamentally changed how companies deal with privileged access, significantly lowering the attack surface of insider threats. With the release of the Access Fabric as the backing architecture for its Web Access product, ScaleFT now extends its capabilities to protecting internal applications such as GitHub Enterprise and the Atlassian suite with a Zero Trust architecture.

The combination of Server Access and Web Access is the full realization of a BeyondCorp architecture, which can now be consumed as a service from ScaleFT. “If a company like ScaleFT can help get us there, we’re 100% on the BeyondCorp model,” said Ryan Seekely, Director of Infrastructure and Security at Quid, Inc. “We won’t be able to do it ourselves and I was very grateful to be able to see a company like ScaleFT come along and solve a lot of the hard parts.” QUOTE FROM CASE STUDY PENDING FINAL APPROVAL

"For many years security has been seen as a blocker. As something that costs money and slows business down. As a result Security is relegated to being an afterthought, or ends up being left out entirely. The result? The increasingly massive breaches we have seen recently," said ScaleFT advisor, Marc Rogers, head of security at Cloudflare and organizer of the DEFCON conference. “With the advent of future-thinking architectures like BeyondCorp, security is finally able to work in harmony with business needs. This approach enables business processes to safely go faster, rather than slowing them down. Companies like ScaleFT can help arm businesses with the tools needed to embrace these new business first security architectures.”

ScaleFT offers a 30-day free trial of its Zero Trust Access Management platform, integrating out of the box with an enterprise’s choice of identity governance solutions, including Okta, G Suite, Active Directory, and more. 

For a live demo of the ScaleFT platform, the company is hosting a webinar on Wed. Dec 13th at 9 AM PST. To reserve a seat, register here.

Also find ScaleFT at KubeCon in Austin, TX this week. The company is hosting a Meetup in conjunction with the Cloud Austin Meetup group, Thursday Dec 7th at 5 PM. Ivan Dwyer of ScaleFT will be giving a presentation about adhering to policies the way Google did with BeyondCorp, along with Bret Piatt, CEO of Jungle Disk, who will be giving a talk about AI/ML in a security context.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Gee, these virtual reality goggles work great!!! 
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.