Airwall Agents and Airwall Servers

Airwall Agents (Windows, macOS, iOS, and Android)

An Airwall Agent enables granular remote access to the network resources for employees, contractors, and vendors, without complex management of certificates, ACLs or IPSec tunnels.

Airwall Servers (Windows and Linux)

Serving as the network boundary and security perimeter for its protected workload, the Airwall Server can be deployed with little no changes to existing infrastructure and eliminates the complexity associated with traditionally separate network and security controls.

A workload protected by an Airwall Server can be cloaked and made undiscoverable by unauthorized systems. Server access is then restricted to only other authenticated and authorized Airwall Edge Services connecting from any network, significantly reducing the network attack surface.

Airwall Agents and Airwall Servers are a better alternative to virtual private networks

A virtual private network (VPN), while providing a host-to-network tunnel, lacks segmentation once authenticated and inside the network. In contrast, an Airwall Agent or Airwall Server allows secure access to mutually-authenticated and authorized machines only, making it easy to create private workgroups that are invisible and inaccessible to others, even from clients that may have valid user or application credentials. This allows devices to be logically segmented, connected, and protected in a manner that VPNs and firewalls cannot achieve.

Benefits

Universal Mobility: Instant Access and Revocation from Anywhere

Granting and revoking Airwall Agent access to individual resources on the network is simple and instant. The security context and ability to connect clients to specific resources never changes, regardless of where a user may be coming from – the LAN, WAN or Internet. The result is access from anywhere in the world, without the complexity and inflexibility of VPNs.

Airwall Invitations: Automate Rapid Deployment and Access

Automate user device access using Airwall Invitations to create secure and segmented access to individual resources, not entire networks. Provide email addresses, and as users download and add their machines, they’ll have access to only the specific systems they’re allowed and cannot see or access others, even if those systems reside on the same network. This significantly simplifies the time-consuming and complex process of getting people access to resources on the network.

Seamless and Transparent Multi-Factor Authentication (MFA)

Once the Airwall Agent is installed on a device, it now has an immutable and unique machine identity. Unlike port forwarding that enables arbitrary connections with no requirement for authentication, Airwall Agents are authenticated and authorized based on their trusted machine identity before a peer-to-peer encrypted connection is established and credentials used. User authentication can now be easily integrated with device-based authentication, overcoming much of the complexity associated with attempts to extend directory services to include device-based trust.

Private Workgroup Networks: Protect Intellectual Property and Sensitive Data

Our customers easily and quickly create overlay networks to isolate and control access to critical systems. For example, this includes controlling administrator access to network and security infrastructure to eliminate the threat of a hacker gaining access to those systems through a system’s local management interface. Another example is creating private workgroups for DevOps, Executive, HR, and PCI teams to protect intellectual property and sensitive data from being breached by unauthorized machines with access to the same network.