BlastShield™ Overview and Architecture
BlastShield brings three breakthrough products, any of which separately is best-in-class, into a consolidated, simplified platform:
Phishing-resistant passwordless MFA
High performance, peer-to-peer ZTNA, and
Simple to deploy and manage microsegmentation.
Functionally, BlastShield™ is an in-line IP subnetwork that creates a zero trust protective shield around critical IT/OT assets and data by making them undetectable by modern network scanning and traffic analysis tools. BlastShield™ creates a Software-Defined Perimeter (SDP) network using a peer-to-peer architecture that can be deployed on any packet- based network.
For the purposes of the Proof of Concept BlastShield™ Agents will be installed on the servers being protected, and BlastShield Clients will be installed on the PoC users' computers. This will provide a secure overlay network with passwordless authenticated access.
Alternatively, BlastShield™ Gateways may be used for devices on which it is not possible to install the Agent.
Users who require access will authenticate using the BlastShield™ MFA Mobile authenticator app on their mobile device, or with a FIDO2 key.
The BlastShield ZTNA solution is illustrated below.
BlastShield™ Desktop Client.
Free downloadable software client available for Windows, MacOS, Linux, Apple iOS and Android.
The BlastShield™ Client provides secure user access to the BlastShield™ network. It is installed on a user device and is available for Windows, Linux, macOS, and also supports iOS and Android for use on tablets.
For the trial, the BlastShield™ Client will be installed on the trial user's computers.
BlastShield™ Mobile Authenticator app
Free downloadable software Multi Factor Authenticator App available from Play Store and App Store.
The Mobile Authenticator is an application for iOS and Android mobile devices for user passwordless MFA. It is available via the Apple App Store or Google Play Store.
For the trial, the BlastShield™ Authenticator will be installed on the trial user's mobile devices.
FIDO2 Key
Optional authentication key. Alternative to BlastShield™ Authenticator App.
A FIDO2 key is typically used in environments where mobile devices are not used.
BlastShield™ Orchestrator.
Cloud or On-Premises hosted Orchestration Application.
The Orchestrator is a server hosted by BlastWave that is used to create, modify, and remove all system users and policies within the BlastShield Network. Only users with authorized privileges can access and use the Orchestrator.
One Orchestrator will be deployed as a cloud instance for the trial.
BlastShield™ Gateway.
Downloadable software gateway that runs on most x86 platforms. Typically deployed in line to secure multiple assets that cannot host a BlastShield™ Host Agent or Virtual Gateway. Usually deployed in front of a network switch.
The BlastShield™ Gateway is an Agentless solution that is ideal for protecting OT and IIoT assets, or legacy computing assets that cannot support running an Agent.
A Gateway is deployed as a software image running on an x86 hardware of your own choice, or as a virtual machine.
BlastShield™ Virtual Gateway
Downloadable software gateway that runs in the Cloud (AWS, Azure, GCP) or on a hypervisor (VMware).
The Virtual Gateway is typically used to protect private cloud virtual instances, auto-scaling endpoints and serverless functions.
BlastShield™ Host Agent.
Downloadable software Host Agent that runs on modern Windows, Linux and macOS platforms. .
The BlastShield™ Agent is an application installed on your servers which enables secure peer-to-peer access from the BlastShield™ protected network.
A BlastShield™ Agent installed on a host will only allow access from authorized and authenticated BlastShield™ Users to its interface. Access to the Agent interface is controlled by policy using a zero-trust access methodology where particular users and assets must be authorized by policy before they can access the Agent.
The Host Agent can be deployed on on-premises hosts, on virtual machine instances or on private cloud virtual instances.
BlastShield™ SaaS Proxy
Downloadable software agent that runs on most modern Windows, Linux and macOS platforms.
The SaaS Proxy proxies traffic to specifically configured domains enabling conditional access to cloud applications.