LAN ZeroTrust

In the work from everywhere world, isolation and segmentation on the Local Area Network (LAN) are critical. Traffic on internal networks cannot be assumed safe, whether on corporate, public, or home networks. IoT devices on networks are increasingly used as entry points due to their notoriously poor security. The proliferation of ransomware and persistent threats creates new challenges in distributed and on-prem environments. More than ever before, it's critical to segment and secure internal networks to prevent threats from spreading and bad actors from moving laterally.

LAN ZeroTrust (LZT) is a unique technology to segment internal networks. Built with a firewall-inspired interface, controlling internal traffic has never been easier. It leverages a deny-by-default design where devices on internal networks can no longer freely communicate without explicit policies. LZT integrates with identity, empowering you to implement multi-factor authentication (MFA) policies where users must authenticate to access sensitive resources on the internal network.

• Segment Internal Networks: Easily segment internal networks without overhauling architectures, VLANs, or other complex solutions. Devices on the LAN are isolated, meaning they cannot freely communicate with each. Employees working from home, co-working spaces, hotels, coffee shops, and other shared networks are protected against local network threats as LZT prevents communication, making these devices essentially invisible. LZT policies also leverage multi-factor authentication (MFA) capabilities, helping to meet compliance requirements. Combining MFA with Todyl's LZT also empowers organizations to develop sophisticated configurations where a user needs to MFA before a device can access the LAN.
• Rapid Lockdown During a Cyber Incident: With LZT, organizations can rapidly lock down their entire LAN during a cyber incident. With the touch of a button, all communication ceases between devices on the LAN, preventing communication and lateral movement of threats.
• Conditional Access to Sensitive Resources: Enforce strong access controls by requiring users to MFA before accessing restricted and high value internal resources.

If a policy allowing communication is in place, then they can communicate.

With authentication-based policies, devices can only communicate with each other after the user authenticates. Once authenticated, they can access only the intended resource to prevent unauthorized access or lateral movement.