DACS Lite is a network access control system based on zero trust architecture, following the concept of "trusted identity, trusted access, intelligent permissions, easy operation and maintenance" to build dynamic access boundaries for users to eliminate excessive implicit trust. It realizes the trusted identity, trusted device, trusted environment, and trusted connections in remote office scenarios, helping enterprises continuously evolve their security capabilities.
Support rich authentication methods and multi-factor authentication mechanisms to ensure the legitimacy of access users.
When you access intranet services, data is transmitted through encrypted tunnels to ensure data transmission security.
Dynamically adjust business access permissions based on identity, environment, behavior and other factors to adopt different security access policies for services of different sensitivities.
Ensure that only terminals that meet the security baseline standards are allowed to access intranet services and are continuously detected during the access process.
AI adaptive policy engine for smarter management.
Continuous authentication mechanism based on identity, device and environment: multi-factor authentication, device fingerprint identification, and continuous environmental integrity inspection
Unified channel encryption for intranet access: TLS/HTTPS-based channel encryption algorithm and identity-based certificate and key management mechanism
Terminal trusted security mechanism: PKI + Trusted Chain + TPM
Support fine-grained access control based on user identity and attributes: can meet the efficient operation and management of 10 million volume of authority data
Fine-grained access control to meet the least permissions requirements
AI adaptive security engine: supports driving business authorization refinement, minimizing convenient operation and maintenance
Low latency and high throughput: a single instance supports 10000+ QPS and 10000MB bandwidth
Stateless design: support for clustered deployment and horizontal elastic expansion
Load balancing and fault tolerance: support automatic abnormality detection and second-level switching, no single point of failure risk, and support for level-by-level escape degradation mechanism
Making business system invisible, unable to discover enterprise intranet business information through port scanning and other means
Risk control capability based on active defense and continuous verification technology to develop perfect abnormality detection and response blocking mechanism
Rich authentication methods to ensure the identity legitimacy of access personnel
Multidimensional terminal detection mechanism and flexible terminal access policy to ensure the security of the access terminal environment
Adaptive fine-grained dynamic permission policy engine continuously drives least permission access control
Based on RBAC/ABAC model, it efficiently manages super-large-scale permission data and realizes distributed permission management