Solution Design

The Xinchaoxin Web Shield Zero Trust Security Solution fully draws on *philosophy and framework, targeting business application resources on both local physical servers of enterprises and private clouds. It adopts an integrated technical architecture of "Zero Trust Client, Zero Trust Controller, Zero Trust Gateway," constructing a dynamic access control mechanism centered around identity, providing *for** effective resource access security management and control. Among them:

1. Zero Trust controllers assess the credibility of the access entity (user/device/application) based on their identity, combined with analysis of environmental risks, abnormal behaviors, and security incidents. They continuously evaluate the credibility throughout each session and dynamically adjust strategies such as identity authentication, resource authorization, and access control.

2. Zero Trust gateways and clients are responsible for establishing secure connections between subjects accessing and resources being accessed across various scenarios, and specifically executing dynamic access control policies.

By combining the above two parts, we truly achieve trusted access for both parties, controllable access paths, and the blocking of malicious behavior, ensuring reliable and secure flow of business data.

Technical Features

The inchheart WebShield Zero Trust Security Solution is based on the Zero Trust concept and employs a variety of innovative technical measures. It features six key technical characteristics: "Authentication before Access, On-Demand Minimal Authorization, Flexible Strategy Adjustment, Full-Life Cycle National Cipher Protection, Continuous Trust Evaluation, and Multidimensional Risk Perception."

1. Pre-verification required for access

The principal entity cannot directly access corporate resources. Access to the required resources can only be obtained through a zero-trust gateway after the principal entity's identity is verified as legitimate and trustworthy.

2. As-per-need small authorization

Adhere to the principle of minimal privilege, granting only the smallest resource access permissions necessary for the subject to fulfill business needs, thereby reducing the exposure surface of resources.

3. Multidimensional Risk Perception

Conduct real-time monitoring of environmental conditions, health status, and security threats on the terminal, network, and resource sides, perceiving changes in risks.

4. Continuous Trust Assessment

During the session, continuously assess the trust level of the access subject by considering factors such as environmental risks, abnormal behavior, and security incidents, while monitoring changes in real-time.

5. Flexible Strategy Adjustment

Dynamically adjust access permissions, authentication methods, and network access control strategies based on the trust level changes of the visiting entity, and issue the strategies to the zero-trust clients and gateways for execution.

6. End-to-End National Security Encryption Protection

Utilizing authentication and encryption technologies based on national encryption algorithms, we provide a high-intensity security protection for the entire communication process from the access end to the resource end.