Security is an arms race. Innovation happens simultaneously on the attack and protect sides of the environment. By authenticating identity and implementing security policy at the earliest possible time – on the first packet of a network session setup – BlackRidge provides deterministic, scalable and cost-effective cyber defense.
BlackRidge Transport Access Control
BlackRidge Transport Access Control (TAC), using our patented First Packet Authentication™, provides a new level of cyber defense for network and cloud resources. TAC operates pre-session, in real-time, before other security defenses engage. TAC is address and topology independent, supporting NAT and automatically adjusting to changing network topologies. Cyber-attacks are stopped dead in their tracks by preventing unauthorized users and attackers from performing reconnaissance of network and cloud resources, and by denying them the ability to communicate anonymously.
BlackRidge TAC uses a highly scalable, non-interactive authentication protocol that does not rely on signatures, sandboxing, or deep packet inspection. By operating at the transport layer, BlackRidge is compatible with your existing network and security technologies and middle boxes, address and topology independent, and supports NAT. BlackRidge TAC works across network boundaries and automatically adjusts to changing network topologies, ensuring that systems are secure end-to-end in enterprise and hybrid cloud environments.
BlackRidge TAC works by inserting and authenticating a single-use identity token on each side of a TCP/IP session. TAC identity tokens are cryptographically generated tokens that securely communicate identity. TAC overlays the token into the first packet of a TCP/IP connection request without impacting TCP compatibility. When TAC receives the connection request, it extracts and authenticates the TAC identity token and applies a security policy — forward, redirect, or discard — for the connection request based on the TAC identity.
Learn about our new model of identity-based protection that operates pre-session at the earliest possible time to block unauthorized or unidentified traffic on your network.