Cipherscale Service Datasheet

Cipherscale Clients

• Easy-to-install client application available for Android, iOS, macOS, Ubuntu (coming soon), and Windows
• Apps stay current with automatic installation of software updates
• The Administrator controls configuration and access to settings (coming soon)

User Management and Authentication

• Native support for authentication with Google and Microsoft using OIDC
• Federated Single Sign On (SSO) with SAML 2.0 compliant Identity Providers
• Multiple authentication methods can be active simultaneously
• User provisioning and maintenance using System for Cross-domain Identity Management (SCIM) (coming soon)
• Administrators can invite Users to join cipherscale space with emails
• Users can be assigned various roles, such as Administrator and Auditor. A new role for Billing administration is coming soon

Zero Trust Features

• The device is only sent routes to authorized applications, which prevents lateral movement and segments the network
• Application access is governed by access policy based on the identity of the user, device, or user group
• Access polices are linked to admission rules that are checked before making access decisions 
• Admission rules can be based on device posture factors below:
  • Device OS (Android, iOS, macOS, Windows) and OS Version
  • Presence of digital certificate
  • Disk Encryption
  • Use of Antivirus software
  • Presence of a specific application or process
• Admission rules can be based on the device's location and time of day.

Private Access

• One or more cipherscale Gateways can be deployed on a private network to provide access to private applications
• Cipherscale Gateways act as software routers and accept encrypted communications from authorized devices
• Gateways are deployed from the Administration portal using AWS CloudFormation templates (coming soon), Terraform templates, Debian package for Ubuntu, and Docker files.
• Private applications are configured using their domain names or IP addresses
• All TCP and UDP applications are supported
• Private applications can be configured to allow access using only specific application protocols

SaaS Access

• One or more cipherscale Gateways can be deployed on multiple sites, IaaS, VPS providers in various locations
• Cipherscale Gateways act as software routers and accept encrypted SaaS communications from authorized devices
• Gateways are deployed from the Administration portal using AWS CloudFormation templates (coming soon), Terraform templates, Debian package for Ubuntu, and Docker files.
• SaaS applications are configured with their domain names as reachable by the Gateways. The security feature of the SaaS applications needs to be configured to only accept login requests from the public IP address of these Gateways
• Forces Users to use cipherscale for SaaS access, allowing for all zero trust controls to be leveraged
• Cipherscale access policies can be configured to provide Users and User Groups with the least privileged access to SaaS apps

Internet Access

• A User, Device, or User Group can be restricted from accessing the internet
• One or more cipherscale Gateways can be deployed on multiple sites, IaaS, VPS providers in various locations
• Cipherscale can distribute the User's internet traffic among multiple Gateways based on the User's location.
• Cipherscale Gateways act as software routers and accept encrypted internet communications from authorized devices
• Gateways act as Secure Web Gateways (SWG) by blocking access to malicious IP address destinations and enforcing content filtering policies by blocking access to malicious or undesirable content from 43 content categories (coming soon)
• Gateways are deployed from the Administration portal using AWS CloudFormation templates (coming soon), Terraform templates, Debian package for Ubuntu, and Docker files

Site-to-Site Networking Features (coming soon)

• Cipherscale creates a network using full-mesh topology by coordinating tunnel setup between all the Gateways deployed at various locations (coming soon)
• This site-to-site network allows all sites to communicate with each other directly without using a hub-and-spoke configuration and avoids the risk of a single point of failure (coming soon)

Monitoring, Visibility , and Automation

• Admin audit logs show information about who made what configuration changes in the Administration portal and when (coming soon)
• Detailed logs are available on user and device connections and access to various IP and domain name destinations.
• Logs can be streamed to external SIEM systems using rsyslog (coming soon)
• Logs can be streamed to cipherscale provided cipherscale Data service, which includes log storage, monitoring, and visualization (coming soon)
• Email alerts are sent for critical events (coming soon)
• Public API can be used to automate configuration (coming soon)
• Gateway software upgrades can be automated and scheduled from the Administration portal (coming soon)

High Availability

• Multiple Gateways work in an active-active load balancing mode to provide access to the same application, and Users access the application from one or more Gateways
• Multiple Gateways work in a failover mode to provide access to the same application, and on failure of the active Gateway, users access the application using a lower priority Gateway.

Networking

• Native IPv4 and IPv6 support
• The IP range for Carrier Grade Network Address Translation (CGNAT) is used for cipherscale operation
• Private DNS Servers can be used
• A single cipherscale Gateway can be used to provide access to private applications, SaaS, and the internet

Compliance

Support