SECURITY STARTS
WITH
ACCESS
Modernize the way you secure access to apps and infrastructure.
CloudGen Access provides conditional and contextual access to corporate applications and data. It strengthens your security posture, and it is easy to deploy and manage.
Modernize the way you secure access to apps and infrastructure.
CloudGen Access provides conditional and contextual access to corporate applications and data. It strengthens your security posture, and it is easy to deploy and manage.
Quick to deploy, easy to manage
The CloudGen Access Zero Trust model establishes unparalleled access control across users and devices without the performance pitfalls of a traditional VPN.
It provides remote, conditional, and contextual access to resources and reduces over-privileged access and associated third-party risks.
With CloudGen Access, employees and partners can access corporate apps and cloud workloads without creating additional attack surfaces.
Ensure business continuity
Securely manage your remote workforce with instant provisioning of company or employee-owned devices and unmanaged contractor endpoints.
Mitigate risk with remote access
Mitigate breach risks with Zero Trust secure access. Deliver continuous verification of user and device identity and trust to reduce attack surface.
Mitigate risk with remote access
Mitigate breach risks with Zero Trust secure access. Deliver continuous verification of user and device identity and trust to reduce attack surface.
Enable remote work productivity
Empower employees with streamlined access, increased security and upgraded performance compared to traditional VPN technology.
"By 2022, 80% of new digital business applications opened up to ecosystem partners will be accessed through Zero Trust Network Access (ZTNA)."
– Gartner, 2019
Modern enterprises need more than just another VPN
Let’s face facts. VPNs don’t work in the modern enterprise ecosystem. Distributed users, servers, and devices create challenges that VPNs were not meant to solve. Exposed networks, unmonitored user identities, unknown device security status, and complex switching between VPNs are just the tip of the iceberg. No company can accept the level of risk inherent in VPNs.
CloudGen Access is the modern VPN replacement.
Secure access and empower employees.
Validate that mobile devices trying to access your infrastructure are authorized to do so.
Ensure that devices meet your baseline security and compliance requirements before granting access. All in real time.
| Barracuda CloudGen Access | VPN |
|---|---|
| ✔ | ✖ |
| Native support for trusted devices | No native support for trusted devices |
| ✔ | ✖ |
| Generates and stores device certificate on hardware keystore | Relies only on user credentials for infrastructure access |
| ✔ | ✖ |
| Sends a CSR to Management Console to register device and establish trust | Depends on 3rd-party tools like MDM to establish a native version of trusted devices |
| ✔ | ✖ |
| Validates every access request against current security and compliance policy | Requires enrollment to corporate MDM to determine trusted devices |
| ✔ | ✖ |
| Deploys conditional and contextual trust | Static trust architecture |
| ✔ | ✖ |
| Certificate management is built-in for both device and infrastructure components | Certificate management is difficult and requires 3rd-party tools |
Know who has access to your network and resources at all times.
Barracuda CloudGen Access segments apps and VMs based on user roles to limit exposure. Delight corporate users with hassle-free access to multiple VPN sites from a single profile.
| Barracuda CloudGen Access | VPN |
|---|---|
| ✔ | ✖ |
| Access resources not the entire network. Direct trusted users to the information they need, whether in a VPC, data center or on-premises without increasing risk | VPN clients can act as patient zero on your network, increasing the potential attack surface exponentially. A compromised VPN client, residing on a VLAN with complete network access, can launch attacks on other clients on the same VLAN, ultimately exposing every routable VM/workload |
| ✔ | ✖ |
| Connect to multiple infrastructure sites without switching access profiles | Requires user to switch between VPN configurations to access multi-site environments |
| ✔ | ✖ |
| Confirm or deny access based on user role and device attributes: RBAC+ABAC. Example: User A in Group B with Device C that complies with policy D can access resource | Implements network segmentation, a painful and error-prone approach that requires 3rd party or custom tools. Limits ability to access dynamic, modern resources like Kubernetes workloads |
Be confident that no compromised devices are on your network.
| Barracuda CloudGen Access | VPN |
|---|---|
| ✔ | ✖ |
| Continuously monitors device and logs network metadata at the device level (network DVR) | Lacks visibility into device security status before starting active VPN session |
| ✔ | ✖ |
| Enforces policy that requires searching for a comprehensive IOC (indicators of compromise) list in network history before granting access | Cannot integrate with a local security agent as part of an access policy |
| ✔ | ✖ |
| Conducts retrospective search for IOC | Provides only single point in time access to device security state. Any change to the device security state is not reflected in the active session. |
| ✔ | |
| Detects if the device has ever exchanged information with a phishing site: e.g. mycompany.oktaa.com | |
| ✔ | |
| Detects if the device has ever generated APT x C&C traffic |
Guarantee access to the right resources. Anywhere. Anytime.
Global, remote, nomadic work is here. Let an EU resource travelling in the US access EU resources. Make sure an employee on hotel Wi-Fi in China can get work done.
Role-based access alone cannot support new regulatory compliance requirements. Barracuda CloudGen Access adds a new layer of attribute-based access control to ensure access for traveling employees and partners.
| Barracuda CloudGen Access | VPN |
|---|---|
| ✔ | ✖ |
| Role-based access control enhanced with attribute-based access control | Role-based access control (RBAC) only. Access tokens can be permanent or long-lived, creating additional risk as VPNs do not natively support re-auths and step-up auths |
| ✔ | ✖ |
| Rich attribute support: • Permissions: verify user/resource • Device: type, model, OS, end-of-life • Jailbreak • Authentication: configured touch/face ID & passcode • Wi-Fi SSID and location | Minimal contextual, actionable information about location, network, and device |
High quality, high fidelity mobile access.
Barracuda CloudGen Access enhances connectivity quality with a built-in defense and local proxy on a device.
| Barracuda CloudGen Access | VPN |
|---|---|
| ✔ | ✖ |
| Built-in defense for intermittent connectivity | Sustained disconnects force application layer timeouts |
| ✔ | ✖ |
| Consistent session stability unaffected by change in source IP | Frustrating, painful experience for users, especially mobile workers such as utility field workers, insurance adjusters, law enforcement |
| ✔ | ✖ |
| Local proxy on device side and access proxy on infrastructure side can maintain session during dropped connections | Time wasted on repetitive VPN reconnects and app reloads, costing organization valuable employee productivity |
Web-based attacks such as identity theft, phishing, drive-by downloads, and malvertising are the largest cybersecurity challenges facing corporations today.
Barracuda CloudGen Access protects resources from these threats and delivers real-time alerts.
| Barracuda CloudGen Access | VPN |
|---|---|
| ✔ | ✖ |
| Intercepts and blocks Internet-borne threats on the device with patent-pending technology | Requires integration with a costly point solution like Bluecoat, Websense, or Zscaler, to address threats in real-time |
| ✔ | ✖ |
| Preserves corporate network bandwidth and speed | Lacks capability to provide protection from Internet-borne threats due to split-tunnel configuration |
| ✔ | ✖ |
| Eliminates latency that can negatively impact user experience | Adds significant congestion to corporate network; degrades bandwidth utilization |
| ✔ | ✖ |
| Protects employee privacy, increasing adoption | Creates significant latency for users and increases battery consumption |
| ✔ | ✖ |
| Evaluates security state and posture of trusted devices in real-time. First-of-its-kind continuously updated content-filtering to identify new threats | Generates employee privacy concerns that may slow adoption |
Network Access Control (NAC) works to secure corporate wired and wireless networks within the organizational perimeter. Today’s enterprises must secure roaming devices and laptops from coffee shops to hotels to co-working spaces.
Barracuda CloudGen Access’s built-in remediation engine lets users fix access and increases awareness of device security.
| Barracuda CloudGen Access | VPN |
|---|---|
| ✔ | ✖ |
| Delivers a built-in policy remediation agent that operates directly on the edge | Requires additional point solution to offer any form of NAC functionality |
| ✔ | |
| Works everywhere, on the corporate network or on the go | |
| ✔ | |
| Provides autonomy to users to solve their own access issues. Barracuda CloudGen Access offers a step-by-step guide to fix issues and regain access. For example: If access is denied to Gitlab due to FileVault being disabled, Barracuda CloudGen Access will share the steps to enable disk encryption |
