Please review our Frequently Asked Questions for some relevant replies. Of course, feel free to get in touch with us at any time for any queries.
InstaSafe Secure Access is a comprehensive security solution based on Software Defined Perimeter principles, delivered in a SaaS model, that lets non-security experts affordably create a secure, distributed network for Public Clouds, Private Clouds and On-premise data centers. It provides user and device authentication, user and device binding, secured networking, access control and auditing, as well as real-time monitoring capabilities.
Yes. Open your web browser and go to https://my.instasafe.net and click on Forgot Password link or go directly to this link to reset your password. If you are unable to reset your password through this link, then contact your company’s IT team.
InstaSafe Secure Access requires works by having a client agent on the user’s device that helps to connect the user to the controller, where the user is authenticated and the device is verified; and also have an agent running in the data center to connect to the Controller and tunnel all user traffic to the data center applications.
The InstaSafe Secure Access cloud based Controller performs the following functions:
- Authenticate users
- Authenticate devices
- Bind users and their devices
- Enforce application access rules to users / user groups
- Verify endpoint hosts are running required software (such as AV etc.)
- Provide secure encrypted tunnel from end user device to the data center
- Data centers are connected to the Controller via our Gateway module installed in each data center. The Gateway creates a secure encrypted tunnel from the DC to the Controller and tunnels all user traffic to the applications.
InstaSafe Secure Access helps you protect your applications against many network based attacks by allowing you to hide the applications, while at the same time allow access to the applications to only authorized users accessing with registered / authorized devices.
The primary security benefits of using InstaSafe Secure Access are:
Block many network based attacks such as:
- MITM - Man in the middle attack
- Server scanning - by limiting access at Layer 4, attackers cannot scan the entire system for vulnerabilities to exploit.
- DoS - Denial of Service attacks are blocked as no DNS and IP information is published
InstaSafe Secure Access does not require any additional bandwidth to operate beyond the needs of the applications being accessed by the users.
InstaSafe Secure Access utilizes bandwidth only for querying the endpoint during initial authentication and authorization which utilizes very less bandwidth.
The bandwidth requirement depends primarily on the applications being accessed by the users.
If customers enable export of logs from the Controller to their data center, then additional bandwidth of 256 to 512 Kbps would be sufficient to push the logs from the Controller to the log storage in the data center.
- Endpoint provides devices fingerprint (certificate & device ID) and creates mTLS tunnel with AES-256 bit encryption
- Device verified and authenticated. Initiate user authentication
- User authentication using password + OTP / Token
- User requests access to Application-X
- Based on device and user authorization, access is allowed
- (A) Gateway device authentication (certificate, device ID) and creates mTLS tunnel with AES 256 bit encryption
- (B) Gateway authenticated and available with specific subnets
- (C) Controller routes application traffic between user and the Gateway. Gateway routes the traffic between the Gateway and the application.
Secure Access interconnects the users to the applications securely over any type of network. Primarily, the network bandwidth or latency plays a large role in the user experience. Secure Access components such as the Client agent, Gateway and the Controller introduce latency in the range of a few milliseconds which does not impact user experience.
Yes. Secure Access can be integrated with AD / LDAP / RADIUS servers. Integration with AD / LDAP allows you to directly import all or specific users from the directory and onboard them into InstaSafe Secure Access with a single click.
No. InstaSafe Secure Access is a software only solution and does not deploy any hardware. The Gateway module that is installed in the customer network requires any generic hardware running a compatible OS such as Linux, Windows or Mac OSX.
Yes. InstaSafe Secure Access has built-in support for 2FA using either SMS / Email / Google OTP. We also support other third party token based products such as RSA SecurID, Vasco etc. using RADIUS protocol.
No. InstaSafe Secure Access uses the Client agent to perform a lot of security functionality that makes our solution unique and more secure than the others and hence requires the use of the Client agent on every end-user device.
Yes. InstaSafe Secure Access tunnels any and all types of TCP/IP or UDP/IP based application traffic.
Refer to the architecture diagram FAQ question and note that one Gateway is typically installed per data center (or cloud) and additionally a backup gateway is installed for redundancy. However, depending on specific requirements of your network, there may be more than 2 Gateways required to be installed per data center or cloud setup.
InstaSafe Secure Access Controller is the primary component of the entire solution and is hosted in reputed Public Clouds such as AWS, Azure, IBM Cloud and others. We utilize the Public Cloud well established functionality for very high level of redundancy to ensure continuous availability of our services to all our clients.
At the customer level, we recommend installation of backup gateways to provide high level of availability of the data center itself. It would also be recommended that the customer have redundant internet connections from different providers to ensure continuous availability of the services.
Yes, InstaSafe Secure Access solution was designed to be cloud-independent. Using the Secure Access Gateways you can connect your deployments on different clouds or hybrid environments.
No. All data from the endpoint Client to the Gateway is tunnelled through the AES 256 bit encrypted tunnel. The tunnel is not terminated on the wire in our cloud and hence no data is decrypted nor stored in our cloud. We only store activity, access and other related logs for a specified period of time. Such logs are accessible only by authorized personnel of InstaSafe based on their role.