GoodAccess provides administrators with powerful network and security tools aimed at increasing the security of their organization’s perimeter, including identity-based access control and device posture check.
Now, new features arrive to further improve your organization’s security:
- Geo restrictions—Allowing you to specify countries from which access is denied or allowed,
- Device approval—Enforcing manual clearance of devices seeking access to the secure perimeter
Geo Restrictions: Restrict access based on country of origin
Geo restrictions allow administrators to control access to the perimeter based on the country, from which users are connecting.
You can create a blocklist or allowlist of the selected countries, depending on the scenario.
For example, a large organization, with branches in multiple countries, may choose to allow access from those countries and shrink its attack surface. Other organizations may decide to bar access from countries that have been known to host hacker or cyber espionage groups.
Both strategies reduce the likelihood of a cyberattack’s success. Even if the attacker gets hold of access credentials, bypasses MFA and device posture check, they will not be able to access critical resources unless they are in the right country as well.
How Geo Restrictions work
When a user tries to connect from a blacklisted country, the attempt will be denied.
When they are already connected and they cross the border to a restricted country, they will be disconnected from the perimeter immediately.
You may find all the settings in the Control Panel, under the Access Control section, and Geo Restrictions.
Device Approval: Control every access of every device manually
For some time now, GoodAccess has included Device Posture Check, a feature that automatically assesses the security state of user devices seeking access to the secure perimeter. However, some organizations require even more control and prefer to check every device manually before granting it access.
This is now possible thanks to Device Approval. Once activated, in the Control Panel, Access Control section, Device Approval, all user devices will require manual approval from the administrator.
Please note that when the feature is activated, user devices that are already connected to the zero trust perimeter will be moved to a queue and will have to be cleared by the admin just like new devices.
When a device requests approval, the administrator will be informed by email, so that the request is quickly resolved. The user is also notified that their device is waiting for clearance. Once approved, the user will get a message that they are permitted to log in to the application.
Device Approval balances security against usability. The decision whether to activate Device Approval is up to every organization and the requirements of its critical infrastructure.
Summary
Geo Restrictions and Device Approval enhance the security of the GoodAccess zero-trust perimeter.
Geo Restrictions allow administrators to block or permit access based on the user's country of origin, offering flexibility with blocklists or allowlists. This feature is particularly valuable for organizations looking to reduce risks associated with cyber threats originating from specific regions.
Device Approval complements existing security measures like Device Posture Check by requiring manual clearance for all user devices, including those previously connected. Administrators are notified of approval requests by email, and users are informed about the status of their devices. These features provide customizable solutions for organizations prioritizing security over usability, tailored to their infrastructure needs.
