Cloud Access Control

Our patented disk encryption status check (United States Patent No. 9,021,163) detects and reports the encryption state of the endpoint’s physical disk and reports if a system volume is not encrypted. Our innovative technology is able to detect disk encryption regardless of the encryption application used, providing comprehensive data encryption validation.

Our patented network access control with compliance policy check (United States Patent No. 9,288,199) seamlessly integrates with the single sign-on authentication process providing advanced device compliance checks. A typical workflow can be described as follows:

• OPSWAT’s endpoint application performs the security and posture check on the device and periodically reports the information to the OPSWAT network access control server.
• The network access control server then checks the reported endpoint compliance data against defined policies, and assesses compliance status.
• To access the cloud application, users will be connected to the identity provider’s (IdP) authentication server. After users pass the credentials validation step, the authentication server forwards the authentication response in the form of an XML document (SAML) to the OPSWAT network access control server instead of the targeted SaaS application.
• The network access control server then decides whether to grant or deny access to the SaaS application based on device compliance status.

Our technology can easily be integrated by third-party vendors, such as cloud identity providers (IdPs), cloud access security brokers (CASBs) and traditional network access control (NAC) solutions, to perform security and compliance checks prior to granting access to cloud applications or local network resources. MetaAccess runs on an endpoint and periodically collects endpoint security and posture on the local device and reports back to the MetaAccess cloud. The compliance status of the device is assessed in the cloud against a security policy configured on an administrator console. Third-party solutions can retrieve the device identity from browser cookies, client certificates, or cross-domain APIs and then leverage MetaAccess OAuth API to retrieve the endpoint’s compliance information.