What is full site protection?
Secfense User Access Security broker has a new and interesting functionality now. This is a big change because it shifts the application protection even further than before.
We called it full site protection and it means that apart from securing the login process Secfense protects the entire application now. By default, Secfense User Access Security Broker stands before the application and strengthens the user authentication process. With the most recent upgrade a person on the client site can now set up Secfense to be placed one step earlier, protecting not only the login process but the entire application.
With full site protection Secfense creates a distinction between trusted and untrusted network. Trusted network is when employees log in from within the company network. Untrusted is when they log in from anywhere else where there is internet available.
With full site protection a user will only be able to authenticate from the untrusted network if he or she has already activated the second factor. The initial activation of two-factor authentication method via Secfense needs to be done within the trusted network, so only when the user is in the office.
Why is that important?
Main purpose of Secfense User Access Security Broker is to give security admins full control of the authentication security. With Secfense security admins can pick any two-factor authentication method available on the market and then easily enable it on any application they want.
Such an approach increases the level of security of the authentication process but applications can still get compromised if they have some vulnerabilities inside. In such a case, even if authentication is secure the breach can still happen and data can still get compromised.
With Secfense full site protection in place no traffic can ever be admitted without initial pre-authentication. Such a configuration will only accept users who own the already registered second component. Users without registered second factor won’t even be able to get to the login page.
The situation in which this is especially useful and important is when there is no SSL VPN placing Secfense as a great alternative solution to VPN.
Full site protection takes one step further into securing the company data and protecting organizations against hacking threats. All application users are obliged to visit the office and within the company network enable their second factor. The decision which applications should be protected with full site protection and which can be left with a softer security policy is for the admin to decide. Full site protection can be turned on and off within the Secfense admin dashboard. The same place where two-factor authentication methods are chosen.