Banyan Security demo showing how easy it is to give engineers easy, secure, one-click access to infrastructure and applications.
View Transcript
Tarun Desikan:
In this first session, we’re going to demonstrate certain capabilities of the Banyan product, specifically around how Banyan provides secure access to third parties; vendors, contractors, as well as bring your own device, BYOD scenarios. I have a fictional representative demo environment. We call it MedSoft and MedSoft is a medical software company, has some infrastructure in the data center, some SaaS, some running in Amazon web services, some running in Google cloud and different types of users who need access to these applications. I’m going to focus on a third party scenario, so we have a contractor named Carly who needs to access a Trials software. It’s a web portal that runs in the data center.
Tarun Desikan:
Now, traditionally, you’d have to give a contractor a VPN or even a clunky VDI access to accomplish this. We’re going to show you how you can make it super simple, super easy with Banyan. So let’s start first with the Banyan command center. I’m going to log in and once I log in as an administrator, I can get a quick overview of the different policies and the devices and users I have, in this case, in my demo account. The directory and infrastructure tab gives you your inventory of users, their devices, as well as the different corporate data centers and cloud environments that you’re securing with Banyan, in this case, you can see my data center GCP and so on.
Tarun Desikan:
In the secure access tab is where you specify your zero trust policies. Banyan makes policies very simple to write, so instead of writing complicated ciders, you essentially write policies in terms of it’s these types of users in this case, admins and users on registered devices with a high level of trust, that’s an example of a high security policy and once you write the high security policy, you can then define a service and in this case, I’m going to call my service Trials Platform available at this URL trials.medsoft.digital and expose that to end users.
Tarun Desikan:
Now, this service, as you can see, is a web-based service, in this case it’s a WordPress application. So what we’re going to show you in this demo is how we provide access to this Trials Platform, WordPress application. We’re going to have a couple of different zero trust policies in effect. The first is going to allow unregistered devices, so these are contractor devices to access the application and the second is going to restrict certain sections of the application, the high security sections, to users who come on a device with a high trust score, with the right entitlements.
Tarun Desikan:
So first we have Carly, the contractor from an Android tablet. Then we’ll have an administrator, Adam from a Windows laptop, and then we’ll reduce the trust of the Windows laptop and see what happens. Let’s start with the Carly contractor scenario, and I’m using a tablet emulator here to represent a third party device. Now, MedSoft IT does not control this device, has no idea what’s running on it or where it has been. So how does Carly access the Trials portal? Well, it’s as easy as typing in the URL. So all she has to do is type in the URL and you get redirected to your Okta portal where I will sign in with my username and password, and that’s about it. You enter the URL and boom, you’re in. You don’t have to install a VPN client. You don’t have to install an MDM client. You can just type the URL and you’re in, once we authenticate and you can come in and do the job that you need. In this case, uploading specific trials data for a specific medication.
Tarun Desikan:
Now, security is often a really key concern when exposing internal applications over the browser, over the internet to devices. Now, in this case, as you can see, Trials management is a WordPress website. Now WordPress is one of the most popular content management systems in the world. It unfortunately is also responsible for most CVEs and most attacks and most attacks happen because once you can get into the admin section of WordPress, you can upload malicious plugins that can do a lot of damage. So with Banyan, what you can do is create a least privileged policy to protect the WordPress site. So let’s look at what happens when Carly with a contractor profile tries to access. Well, you’re blocked. Banyan policy can block off specific APIs and specific sections of a website from certain users. In this case, contractors do not have admin access to this Trials portal.
Tarun Desikan:
So let me switch back to my admin device. So on my admin device, you can navigate to the cloud command center and here we have a real time event’s dashboard, and you can see this unauthorized access from the contractor. So we have a real time system that gives an admin full visibility into the different actions a user and a device are performing.
Tarun Desikan:
The other view, we also provide administrators is what we call an unregistered device’s view. So, because we don’t know what devices Carly is using, we can infer based on IP address and user agent sniffing, what types of devices. So we know Carly has actually accessed the Trials portal from Android, Windows and Mac machines. So, that was the first scenario, a contractor accessing this website from an Android tablet. Now, what if that was an unregistered device, but what about trusted devices? What about registered devices? We’re going to show that next with the administrator.
Tarun Desikan:
Now, for unregistered devices, it’s primarily targeted at third parties. Banyan also supports flexible mechanisms to register different types of devices. You can have the users register in their own devices by downloading the app from the App Store, you can use a device manager to silently push the Banyan app out. We can also integrate with device managers, so you don’t even have to use the Banyan app to establish trust. So back on the Banyan console, I’m in admin. Let me log in from my Windows laptop, which is a registered device to show you that experience. So I just, again, type in trials.medsoft and boom, I have to authenticate and this time I authenticate as an administrator, so I have administrator entitlements, I’m on a managed device and now have access to Trials and I can also get into the admin section where I can log in and administer the WordPress website and maybe I want to upload some plugins.
Tarun Desikan:
So how did Banyan establish this device trust, that gave me access to the admin section? We have a Banyan app, here it is running in the tray. This is a core component of how we provide zero trust security to an organization. You can configure different types of zero trust policies.
Tarun Desikan:
You can say what is required for a device to be trusted in the organization and we go compute that on a device and we establish a trust code and here I am at a hundred and because I’m a trusted device and I have the right entitlements, I’m able to access the WordPress admin website. Now let’s say, I decide not to follow corporate standards and for this demo, let me go in and maybe turn off my firewall. So I’m on a public network. Let me turn off the firewall and instantaneously Banyan computes it, it catches that my firewall has been disabled and my trust core has fallen. So now I am no longer at the high level of trust I need. Let’s see what happens when I navigate to an admin section.
Tarun Desikan:
I am blocked. I can no longer upload plugins. I can no longer administer the website because I am now violating my zero trust policy. So we showed a simple Banyan app integration with your firewall, but Banyan also can invite signals from your device manager, your EDR and your antivirus tool to compute your device trust.
Tarun Desikan:
Admins really love this feature about Banyan, because this also prompts you to self remediate. As a user, you can just click on the app. You can click on the button and you can see exactly what steps you need to take for your device to meet the corporate security standard and IT loves this because this cuts down on support ticket volume.
Tarun Desikan:
So to recap, we focused on third parties accessing a data center application called Trials Platform. We allowed unregistered devices, the Android tablet to access the application as well as restricting access to certain APIs, you know when Carly the contractor accessed it, we limited her to non-admin, when Adam the admin accessed it on a high trust device, we granted access and finally, when the trust of the device fell, we were able to limit access. So with Banyan you can roll out your least privilege zero trust policies and enable better collaboration. We showed how you can establish trust based on the user profile, device attributes. You can limit access to different resources based on that trust, you can enable users to self remediate and fix the levels of trust and finally, and I think this is really important to zero trust in general, it’s not just about security, you can actually simplify your organization’s workflows without sacrificing security.
Close Transcript
Free for 30 Days
Simple, secure, & free!
Quickly provide your workforce secure access to corporate resources and infrastructure.