Transcript
to NETSCOPE1 Private Access. So NETSCOPE1 Private Access is all about providing fast and secure access to your internal applications that are hosted in your data center or in the public cloud. So unlike a traditional remote access VPN that's open to attacks from the outside world, this uses the fundamental principles of zero trust network access, where you don't have to deal with concentrators that are vulnerable to attacks. Also unlike a VPN where you connect users to a network, you use zero trust principles where you're going to remove implicit trust and then verify things like identity, device posture, and then only then do you connect users directly to a resource so you can limit and restrict lateral movement, if you will. It's also a great user experience and an automated experience for the user. So let's take a look at what this looks like in action from a user perspective. So what I'm going to do is I'm going to access one of these private applications that we have hosted, a finance app. First of all, it was very lightning fast. It actually cached my credentials that I typically log in using, in this case, Okta, my identity. And here I have fast and secure access directly to this internal private application. It verified my device posture, my identity, and then it granted me access. You can see the internal IP. I can't access other systems on the network from here. If I were to go in and try to access another service, as an example, let's access this engineering app here, again, zero trust principles. I don't have access to this application. I shouldn't have access to this application. So it blocks me from gaining access to that application. Now I'm sitting here on a managed device. This is all driven by the NetScope client that's deployed on managed endpoint. So it's going to allow the Work From Anywhere user to get that fast and secure access, whether they're at home, whether they're in the office or a coffee shop, it's the same experience. But what happens if the user were to go to an unmanaged device scenario, like I'm seeing here? So I'm logged into this machine, does not have a NetScope client deployed. So what we're able to do in this particular case is we're able to go ahead and bring the user into a user portal. So the user logs in, in this case, I'm going to log in with my Okta. And now the user is published a portal with the applications for which the user has granted zero trust access to. So here's this finance portal application. The user has fast and secure access, even without a NetScope client deployed. So for the unmanaged device use case, as an example, and here's kind of the URL where the user gets proxied as part of that connection. And what happens also, if I go in and try to, for example, do something after I've been granted access, let's say I try to download sensitive data, we could also apply DLP to that user session to protect data, make sure it doesn't go to those unmanaged devices. And then last but certainly not least, there's also situations where you have use cases where it's not the traditional private app that is client to server initiated, kind of like that finance portal, but there's a number of traditional application scenarios. Think remote assistance, think software push like SCCM, where you need to reach out to remote desktops, think voice over IP. Traditionally with zero trust network access, you have to leave your VPN still in place to support those use cases. But with NetScope One private access, we're able to support also server initiated connections. Here I'm logged into a server and I have this remote machine here, and the remote machine happens to have a NetScope One client deployed. And because we have this NetScope One client deployed, I'm going to try pushing a message out to this machine. And that's exactly what I was able to do. In this particular case, you could see the message show up on this user's machine. So again, server initiated connections, client initiated connections, it's a full VPN replacement, and it aligns to zero trust principles of removing implicit trust, and then only connect users to applications versus connect them to the network where they can move laterally. Thank you very much.