Zero Trust Networks
The Zero Trust Networks architecture considers both internal networks and external networks to be completely untrusted. It allows your workforce to access enterprise resources from any network, and without the need for a traditional VPN. All access to enterprise resources is fully authenticated, fully authorized, and fully encrypted based upon device trust and user credentials. The Transmit Platform includes the key components required to build an effective Zero Trust Networks architecture. The Transmit Identity Gateway can be placed in front of your web applications and services and control access to these services. Enterprise applications are exposed externally with a public DNS pointing at the gateway. The Identity Gateway uses Transmit’s Device Management Services and Risk Detection services to build a trust level in the user’s device and activity. The Gateway then uses Transmit’s Over the Air Journeys to orchestrate the session’s trust level with user entitlements. When needed the Gateway can enforce various authentication methods to increase the user’s trust level.
Identity Gateway Services
Transmit Identity Gateway is based on a reverse proxy technology that sits in front of applications and APIs and enforces authorization and authentication policies without the need to make any changes to applications. Typical use cases include controlling access to hundreds of web applications and the replacement of outdated Web Access Management solutions such as CA SiteMinder™. Unlike traditional gateways that rely on simple access rules, Transmit Identity Gateway is based on Zero Trust technologies which inspect access to applications based on the trust level of the user’s device, the environment, the session, the level of risk, and the user’s behavior. The Transmit Gateway also incorporates the Over-the-Air Journeys Technology and the Identity Services Hub capabilities, and it can run advanced step-up, multi-factor authentication processes as well as device management and enrollment activities.
Transmit provides a full set of authentication services to manage primary login, multi-factor, and step-up authentication across various applications and channels. The platform includes a large set of built-in authenticators such as OTPs, soft tokens, biometric authenticators, and knowledge-based authenticators. In addition, the platform can be used to manage any third-party authenticator or authentication service connected to the Identity Services Hub. Transmit’s authentication services manage the enrollment process for each authenticator and also tasks such as de-enrollment, re-enrollment, and expiry periods. The platform provides flexible ways of defining authentication levels and attaching them to different authenticators and journeys. The platform allows building rules for authentication failures across different authenticators and devices and taking various actions when thresholds are reached. Transmit is FIDO certified and can be used to manage any FIDO authenticator alongside non-FIDO authenticators.
The platform offers role-based access control (RBAC) and attribute-based access control (ABAC) services across all applications. The platform automatically collects device and environmental attributes—for example, location, device type, and connection type—and exposes them to the orchestration engine. The platform is capable of reading entitlements and risk indicators from multiple directories, databases, and engines at the same time, including a built-in entitlement store. This information can be orchestrated at run-time to reach access decisions and to call for actions such as authenticating, blocking an activity, approving an activity, notifying of an activity, requesting authorization from multiple users across multiple devices, and signing transactions and user requests.
Device Management Services
Users are accessing your applications and systems from various devices—laptops, computers, mobile devices, and tablets. Transmit automatically tracks all devices for each user and provides the tools to bind these devices and build trust in them. This process uses cryptography to secure the channel between the device and your systems and to mutually authenticate the device. The platform is responsible for securing data and cryptographic keys on the device. A full view of all devices is provided to both end-users and support managers, together with the ability to remove devices, disable devices, lock devices, set primary devices, manage security preferences per device, and more.
Risk and Fraud Detection Services
Behavioral profiling capabilities are built into the platform. All you need to do is tell Transmit what to profile. The platform can automatically profile devices, locations, access times, activities, transactions, payments, and many other factors. Profiles are built over time per user and can be used to reach even better authentication and authorization decisions. The platform also includes machine learning for device identification to add trust in known user devices. One of the great advantages of Transmit around fraud prevention is the ability to orchestrate different engines and scores. Third-party fraud detection engines can be connected to the Identity Services Hub, and then, using simple graphical design tools, administrators can orchestrate the results coming out of these engines with the built-in Transmit profilers to build an uber risk score and drive different actions.
Over-the-Air Journeys is the technology that sets Transmit apart from all other vendors. Using Over-the-Air Journeys, application owners can use graphical tools and an orchestration language to design simple and complex user journeys that involve authorization, authentication, KYC, fraud prevention, regulatory requirements, and more. Once done, these journeys can be pushed "over the air" and played in any application that is connected to Transmit, without making any code changes to the application and without the need to re-publish the application. Over-the-Air Journeys consist of two main technologies - a Journey Player and an Orchestration Engine. The Journey Player is incorporated into your applications as an SDK and is responsible for playing the entire journey inside the application. The Journey Player works with the Transmit Orchestration Engine which orchestrates the journey and defines the next steps on either the client or server side.
Identity Services Hub
Identity is a highly fragmented space with many tools and capabilities from different vendors: biometric authenticators, traditional authenticators, KYC tools, risk and fraud engines, behavioral tools, directories, device security, and more. Integrating each of these services into your systems and applications requires significant ongoing work. This work involves processing input and output from each of these services, building the various user journeys around these services, and dealing with exceptions, failures, and edge cases. With Transmit, this can be avoided. The Transmit Identity Services Hub includes built-in, secure connectors to dozens of third-party identity services, dozens of built-in services, and a flexible, secure plug-in architecture that allows you to add anything and everything. It’s a complete, secure abstraction layer between your applications and the entire identity ecosystem. It’s the only platform capable of securing client-side identity services such as authenticators and KYC tools and also the only platform that doesn’t require writing third-party specific code in your applications.