Advanced Remote Access for Engineers

Remote access to servers storing/managing data via SSH/RDP is more critical than ever. Traditional VPN access plus static long-lived credentials used for SSH/RDP are not secure enough for modern IT environments.

The problem

As Engineering teams are increasingly distributed across the globe and enterprises are often turning to contract workers to help accelerate project deliverables, the need for securing SSH, RDP, and Kubernetes remote access has never been higher. VPN alternatives are needed, given the sensitive nature of this work and the potential for breaches with VPN-based secure access. Enterprises need a more secure approach that delivers on Zero Trust principles that fit the modern enterprise.

The emergence of continuous authorization and principle of least privilege are critical to this approach, and VPNs simply cannot keep up with these demands. Specifically, in the case of secure SSH, RDP, and K8s access, VPNs fall short:

Poor Security

Broad network-level access based on long-lived certificates, with lateral movement vulnerability especially for 3rd parties who can access any server on the network or in any Virtual Private Cloud (VPC).
No good way to continuously authorize (not just one-time authentication) and provide least-privilege access to specific servers.

Complex Management

Network-level controls hard to configure, especially due to ephemeral server instances on modern clouds.
Painful process of updating end-point clients and VPN hardware and software patches.

Frustrating User Experience

Dropped connections due to network complexities resulting from constant compute environment changes with cloud deployments and enterprise growth.
Expensive appliances, inability to scale to cloud compute clusters.

The Banyan Solution for Secure SSH/RDP and Kubernetes access

The Banyan Security Zero Trust Remote Access platform offers role and attribute-based access control to servers while providing integration with your existing SSO and MDM tools as well as IaaS clouds like AWS, GCP, and Azure.

With Banyan, a security team can define the privileges needed to access a particular server resource, on a per user basis. With Banyan’s Zero Trust Remote Access platform you can achieve direct, secure least-privilege access to your SSH/RDP and Kubernetes environments.

The Banyan remote access solution is comprised of three core components that together deliver a complete Zero Trust Network Access (ZTNA) solution.

First, we offer Trust Scoring for quantification of user and device contextual factors.

Next, we provide continuous authorization of access via our Cloud Command Center which is powered by a machine learning engine.

And finally, we offer real-time access enforcement based on the principal of least privilege.

Zero Trust Access Elevates Security Posture

Massive reduction in visible attack surface by enforcing least privilege access and continuous authorization based on user and device trust factors
Short-lived certificates managed by the Banyan platform for a higher security posture

Comprehensive Solution for Diverse DevOps Environments

Consistent experience whether servers are deployed on-premises or via IaaS
Provide differentiated access based on user authentication and profile (e.g., employee vs. contractor vs. vendor), device characteristics (e.g., patch level), and relative importance of resource (e.g., PCI vs. non-PCI servers)

Seamless & Fast User Experience

Direct access into servers whether on private clouds or IaaS-deployed
Simplified access policies tied to user and device profiles for ease of management

Banyan Makes it Easy

The Banyan Security Zero Trust Remote Access platform is universal in its ability to support multiple remote access use cases. Accessing complex infrastructure, whether on-premise, private cloud, or IaaS, Banyan has you covered. Access to services like SSH/RDP, Kubernetes and hosted applications like GitLab and Jenkins has never been easier. A single click in the Service Catalog is all it takes to reach a desired resource.

Favorites give end users the flexibility to “bookmark” frequently accessed applications and services.

Autorun allows specified resources to automatically connect when the Banyan app is launched.

Service Bundles enable the grouping of related applications and services so end users can access the entire group with a single click.

Key Features for DevOps Environments

One-click access to SSH/RDP and Kubernetes environments, including hosted applications like GitLab, Jenkins, and Jira.
Real-time check of user and device security posture before granting access using employee-visible Banyan TrustScore
Highly secure, automated PKI infrastructure with support for X.509 certificates that is maintained by Banyan Zero Trust Remote Access platform