Twingate – A modern solution for remote access

栏目: IT技术 · 发布时间: 4年前

内容简介:Today we are proud to announce the launch of Twingate, a modern remote access solution designed to markedly improve your security posture without introducing compromise and headaches around deployment and ease of use. If you are a developer, work in DevOps

Today we are proud to announce the launch of Twingate, a modern remote access solution designed to markedly improve your security posture without introducing compromise and headaches around deployment and ease of use. If you are a developer, work in DevOps, or are a network administrator, Twingate has been designed with your needs in mind.

We first decided to build Twingate when we were doing customer research almost 18 months ago. It was abundantly clear that remote access was broken. VPN—a technology that is almost 30 years old—has remained a de facto standard for remote access despite serving user needs poorly, introducing additional complexity into infrastructure decisions, and being the weakness behind multi-million dollar security breaches . Given these serious flaws, and our own negative experiences using VPN as employees, we were baffled as to why a new product had not emerged to replace it. We moved on from Windows 95 long ago, so why hasn’t remote access caught up?

Underestimating the threat of an outdated model

After speaking to nearly fifty IT, security, and networking professionals at companies of widely varying sizes across multiple industries, a few trends became apparent, repeated in almost every conversation. The most surprising of these is that most people we spoke to are aware that a more secure approach to remote access exists, but they think that it’s far too complex and costly to implement. Summarizing our customer conversations, these are the main trends that drove the approach we took with Twingate:

  • The traditional “ castle and moat ” approach to network security persists, despite monumental changes to how we work over the past 20 years.
  • The security risks inherent to lateral movement and attack “blast radius” are significantly underestimated and broadly unmitigated
  • Most people are aware that a much more secure approach exists, with Google’s BeyondCorp proprietary implementation cited frequently
  • However, the level of complexity involved in implementing an equivalent solution is perceived to be insurmountable

Reflecting on the above trends, the diagram below likely illustrates a network architecture very close to what you regularly access, administer, or both. Access involves some brittle combination of static IP whitelisting, subnet mapping for remote users, a vulnerable gateway on the public internet, firewall rule management, and routing rule management. That level of management overhead doesn’t even start to account for how vulnerable this general network architecture is to lateral movement and the resulting potential for serious business losses and impact.

Twingate – A modern solution for remote access

Traditional perimeter-based network architecture with VPN

The reason that this architecture persists is grounded in a gradual creep outwards from an outdated perimeter-based approach to securing networks. However, with the dislocation of user devices, users, and applications alike, an entirely new approach is clearly needed to secure access.

Restoring the balance between security and ease of use

“I got everything set up in <30 minutes and most of that was only because my Docker is a bit rusty. Impressive stuff guys. This is cool.”

When designing Twingate, we knew that we would need to take a “no compromises” approach to security, but the challenge was ensuring that the product would still be both easy to use and—critically—easy to adopt for end users and administrators alike. We’re exceptionally proud of what we’ve built, and like the customer quoted above, we think you’ll find it surprisingly easy to both virtually eliminate your network’s attack surface and improve users’ experience at the same time.

Twingate’s design and development are driven by the following core principles:

  • Undeniably more secure. Twingate uses standards-based cryptographic techniques to encrypt and authorize network traffic, but we takea unique approach to the level of decentralized agreement that must exist to authorize network connections. (In fact, the name Twingate is derived from the multiple cryptographic checks that every network connection must pass.)
  • Simple to deploy. Over and over again, we’ve seen business products fail because they don’t take into account the importance of minimizing the pain surrounding change management. Whether it’s integrating with an existing identity provider , deploying infrastructure with a one-line Docker command , or enabling self-service deployment for end users, we’ve focused on making Twingate easy to use.
  • Designed for how we actually work today. Users access applications hosted in multiple environments from multiple devices, in multiple locations, and from multiple networks. These scenarios are not future trends authored by an industry analyst; this is the reality of working in 2020. Add to that the greatly expanded range and sophistication of cybersecurity threats, and it’s clear that the old perimeter-based model is no longer adequate.
Twingate – A modern solution for remote access

Simplified network architecture with Twingate

Twingate’s deployment model is incredibly simple:

  1. Deploy aconnector behind the firewall on any network that you need to provide remote access to.

  2. Define any number of destination resources . Only these specific destinations will be accessible, and nothing more, resulting in a least-privileged access model by default.

  3. Have users self-install the Twingateclient app and authenticate using their existing credentials.

That’s it. Users continue to access resources using their existing addresses, using any application as they did before. No changes to the underlying applications or resources are required to allow Twingate to authorize access. Networks can also be completely segregated, minimizing the complexity of any routing or firewall rules. The right approach to network security can be implemented independently of any access needs.

Give yourself the network security your deserve (without the pain)

Though we never could have predicted the changes the world has seen since those first customer interviews, the security problems inherent to remote access are now more pressing than ever before , with remote work becoming an overnight necessity. Thewhole team has put a huge amount of effort into creating Twingate over the past 18 months, and we’re confident that what we’ve built represents a step function departure from today’s typical experience and outdated technology.

We invite you toexperience Twingate for yourself and read more aboutthe technology behind our product.


以上就是本文的全部内容,希望对大家的学习有所帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

A Philosophy of Software Design

A Philosophy of Software Design

John Ousterhout / Yaknyam Press / 2018-4-6 / GBP 14.21

This book addresses the topic of software design: how to decompose complex software systems into modules (such as classes and methods) that can be implemented relatively independently. The book first ......一起来看看 《A Philosophy of Software Design》 这本书的介绍吧!

图片转BASE64编码
图片转BASE64编码

在线图片转Base64编码工具

RGB CMYK 转换工具
RGB CMYK 转换工具

RGB CMYK 互转工具