Zero Trust Security

  • View ZTNA Dashboard

    This article explains how to access data on the ZTNA Dashboard and enhance productivity and security by leveraging all available information in zero trust scenarios.

    The Zero Trust Network Access (ZTNA) Dashboard provides a complete overview of all user and admin events within your network, all displayed on one page.

    To filter the data displayed in widgets, start by using the User & Admin Events filter and the time filter located in the upper-right corner of the ZTNA Dashboard.

    Access the information on successful logins, failed logins, high-risk login attempts, lockouts for failed logins, sign-in rule denies, and sign-in locations on graph and a map.

    • You can also access the locations of all events using the map in the Sign-In Locations widget.
    • To zoom in on the map, use ctrl+ scroll. In addition, you can view the event types included in the widget by using the map filter in the upper-right corner.
    • Double-click the purple number icons on the map to access login information such as the username, public IP, location, and time.
    • For a better view, use the Keyboard Shortcuts dialog located in the lower-right corner of the map.
    • By clicking on the widgets, you will be directed to the Events page where you can see all the User Events and Administrator Events, including their respective details with the IP Intelligence information about their device. Click the View Events page to see more.
    See more
  • User Sign-In Policy

    This article will guide administrators on how to create behavior-based, user sign-in policies Timus ZTNA.

    Timus ZTNA offers a unique and improved access control method that allows businesses to expand without compromising the fundamental security of their network, which includes infrastructure, applications, data, users, and devices.

    • In the "User Sign-in Policies" page, you can see the following information from left to right: Name, Description, and Status of both default and custom policies.
    • You can use the search filter in the upper left corner to find and adjust policies quickly.

    The policies within Timus' Zero Trust Network Access (ZTNA) security framework are organized and prioritized by its place in the policy table. A policy, which is placed higher in the table, is more prioritized than the other User Sign-In policies.

    It means that you are able to prioritize the Timus ZTNA rules by yourself.
    • To create a custom policy for a user, click the "Create User Sign-in Policy" button on the right side of the page.
    • The total number of policies defined in your network will be displayed just below.
    • To manage a policy, click the ellipsis icon located at the end of its general details.
    • From here, you can edit the policy or create a new one using the Copy feature.
    • Additionally, you have the option to Activate/Deactivate or Delete the policy.

    You can Deactivate the default user sign-in policy.

    To create a new User Sign-In/Login Policy, follow these steps:

    • Go to the Timus Manager -> Zero Trust Security -> User Sign-In Policies page.
    • Click the "Create User Sign-In Policy" button on the right side of the page.

    A pop-up window will appear with the following tabs:

    • Source,
    • Condition,
    • Action,
    • Alerts & Notifications.

    On the Source tab:

    • Enter a Name and Description for the policy you are creating. For example, "Default User Sign-In Policy" or "Default User Sign-In Policy for High-Risk Attempts."
    • Click "Select" and choose the Source as User/Team/Tag or Public IP.
    • Enter a Description based on the Source type you selected.

    If necessary, you can select multiple sources to apply to the policy.

    On the Condition tab,

    • Choose the Authentication method that you prefer to verify the source of your policy, whether it's Any, Connect App, or User Portal.
    • Set the risk level to Any, High, Medium, or Low.
    • Select the Behavior on which this policy will be applied.
    • Click on + Add Behavior. You can select multiple behaviors to trigger the policy.

    Schedule the policy.

    When "All Selected Behaviors" is chosen, all selected behaviors such as Untrusted IPs, New Device, and Breached E-mail Address must be active simultaneously for the policy to take action.

    When "Any Selected Behavior" is chosen, at least one of the selected behaviors must be triggered by the policy to take the action.

    You can consider All Selected Behaviors like "AND &&" and Any Selected Behaviors like "OR ||" as in coding language.

    Experience the user-friendly interface of Timus by hovering over the info icons on the policy creation screen:

    When you add a behavior to the policy with the add behavior button on the screen and hover over that behavior, you can view the brief explanation about the behavior you added:

    On the "Action" tab,

    • You can determine how the system should respond when a certain behavior triggers a policy.
    • The system offers various actions, including Allow, Deny, Ban, MFA-Email, MFA Authenticator App, Deny and Block IP, and Ban and Block IP.
    • You can select multiple actions for multi-factor authentication which are numbered on the left side of the tab: If you select MFA-Authenticator App and MFA-Email actions, you will have the option to add more actions for login attempts.
    • This means that if the first authentication step fails, you can enable another action and send two-factor authentication setup introductions to users.

    Select an action from the drop-down list.To set Alerts and Notifications for your policy,

    1. Go to the tab on the policy screen,
    2. Enter a title for the alert and select the severity (High, Medium, or Low).
    3. To activate the alert, make sure the Status is switched to ON.
    4. Specify which Result Conditions will trigger the alert, such as Successful, Failed, or Timeout.
    6. To create a notification, click on "Notifications" and enter a Title.
    7. Select the severity (High, Medium, or Low) and turn the Status ON to enable the notification.
    8. Specify the Result Conditions that will trigger the notification (Successful, Failed, or Timeout).
    9. If necessary, you can check the box labeled "Notify Users Matching Conditions" to notify policy-bound users.
    10. Additionally, you can specify recipients for the notification by choosing between administrators or external users. It is possible to assign multiple recipients to the policy.
    11. If you select administrators, all admins in the system will be listed, and you can choose "All Administrators."
    12. If you select External user, enter their Name and Email Address.
    13. To delete a recipient, simply click x at the end of the line.
    14. Once all the required information is entered, click "Confirm" to create your user sign-in policy with Timus ZTNA.
    • To edit the default policy on the page, click on the ellipsis icon located on the policy row and select "Edit" from the mini drop-down list.
    • Once you have made the necessary changes to the policy configuration and click Confirm, you can reapply it to Timus ZTNA with your updated settings.
    • You also have the option to create a similar policy with minor adjustments using the Copy feature in the list.
    See more
  • Create Behavior

    To add customized behaviors to your network, visit Timus Manager, then select Zero Trust Security> Behaviors. This allows you to expand on the default behaviors provided by ZTNA for more comprehensive risk assessments in network use cases.

    To find your network's pre-configured behaviors, go to the Name and Details parameters page. These behavior settings are already set up for your network and can be viewed and adjusted if necessary.

    The general information of the default behaviors displayed on the page are as follows:

    1. New Device - Default Compare with the last 10 authentications.
    2. Out of Radius - Default When the Radius from the location is 50 miles. Last 3 locations
    3. New Country - Default Compare with the last 5 authentications.
    4. Impossible Travel - Default When the assumed maximum speed is 1000 mph.
    5. Last Sign-In Date - Default Last sign-on date older than 30 days.
    6. Untrusted IP - Default
    7. Breached E-mail Address - Default Include Breaches and Disclosures that occurred within the last 180 days.
    8. Consecutive Failures at Same Account - Default When consecutive failures are 5 times.
    9. Consecutive Failures at Any Account - Default When consecutive failures are 5 times.
    • You can get more information about a behavior by clicking on the ">" symbol next to its name.
    • To customize the default behavior, click on the ellipsis icon (three dots) next to the "Details" option.
    • This will open the Edit feature where you can make changes according to your preferences.
    • Moreover, you can create a new behavior by copying the default behavior with just one click on the Copy Feature.
    • This way, you can modify the copied behavior without affecting the original.

    To create custom behaviors for your network policies, do the following:

    1. On the right side of the page, find the Create Behavior button.
    2. Click on the Create Behavior button to start creating a new behavior.
    3. Follow the prompts and provide the necessary information to define the behavior.
    4. Enter a Name select a Behavior Type - the behavior classification of Timus for the ZTNA trigger.
    5. Click Confirm.
    New Device
    This behavior is triggered when users attempt to sign in to the system from a different device than the previous devices they successfully signed in with.
    New Geo-Location
    This behavior is triggered when users attempt to log into the system from a different location than their previous successful signed-in locations.
    New Country
    This behavior is triggered when users attempt to sign in to the system from a new country than the previous countries they successfully signed in from.
    Impossible Travel
    This behavior is triggered if there is an unusual time and distance between the user's last sign attempts.
    Last Sign-On Date
    This behavior is triggered if more than the specified time has passed since the user's last successful login.
    Untrusted IP
    This behavior is triggered when the user tries to sign in with an untrusted IP address.
    An IP address is tagged as “untrusted” if it has recently been involved in abusive activities, or is part of the TOR network, or is part of a proxy network.
    Certain public IP addresses can be used for malicious purposes, causing them to be tagged as Untrusted IPs by Timus ZTNA framework. Those IP addresses may then be given to legitimate users by the IPs. If you use Untrusted IP behavior to deny user or admin sign-ins, their sign-ins will be denied until their IP addresses become trusted again, or they start using other trusted IP addresses.
    Breached E-mail Address - Default
    This behavior is triggered if there have been any breaches or disclosures within the selected days.
    Consecutive Failures for the Same Account
    This behavior is triggered if more than a specified number of failed login attempts have been tried to the same user's account.
    Consecutive Failures at Any Account
    This behavior is triggered if more than a specified number of failed login attempts have been tried on any user's account.
    Device Posture Check This behavior depends on what EPP you have been using, the trigger can be Passes or Fails.
    See more
  • Manage Zero Trust Policies

    Timus Zero Trust Policies provides a user/ behavior-based access control as an alternative to traditional IP-based access control and makes it easier for an organization to manage network access.

    • You can view the default sign-in policies for both Users and Admins by visiting the Zero Trust Policies pages.
    • You can create custom user/admin sign-in policies.
    • Edit, copy, deactivate, and delete your Custom and Copied policies.

    The policies within Timus' Zero Trust Network Access (ZTNA) security framework are organized and prioritized by its place in the policy table. A policy, which is placed higher in the table, is more prioritized than the other policies.

    It means that you are able to prioritize the Timus ZTNA rules by yourself.

    It allows for more granular control over access rights, ensuring the right people have the right access at the right time.

    The security model of this zero trust approach protects your organization against potential threats by increasing network security.

    See more
  • Create an Administrator Sign-In Policy

    This article shows administrator how to create Timus ZTNA's behavior-based administrator sign-in policies and apply them to your network.

    Timus ZTNA's policies provide a distinctive and enhanced access control approach to expand your business while maintaining the fundamental aspects of your network security: Infrastructure, Application and Data, User and Device.

    To protect your organization and users against today's ever more sophisticated cyber security threats, you can create User/Administrator-based sign-in policies in Timus Manager that automatically respond to any predefined risk level.

    On the Admin Sign-in Policies page, you can view the following left to right:

    • You can easily navigate the page, view and configure policies using the Search filter located in the page's upper-left corner.

    The policies within Timus' Zero Trust Network Access (ZTNA) security framework are organized and prioritized by its place in the policy table. A policy, which is placed higher in the table, is more prioritized than the other Admin Sign-In policies.

    It means that you are able to prioritize the Timus ZTNA rules by yourself.

    • You can create custom policies for admins by clicking the Create Admin Sign-in Policy button on the right side of the page.
    • In the area on the page with the default and custom policies, you can get general information about the policies, such as Name, Description, and Status.
    • The total number of policies defined in your network is displayed just below.
    • By clicking the ellipsis icon at the end of the general details of a policy: You can Edit the policy and easily create a new policy with the Copy feature. You can Deactivate and Delete the policy.

    You cannot Deactivate or Delete the default administrator sign-in policy.

     
    If you want to create a new Administrator Sign-In/ Login Policy, follow the steps below:
    1. Go to Timus Manager> Zero Trust Security> Admin Sign-in Policies.
    2. Click the Create Admin Sign-in Policy button on the right side of the page and display the pop-up on the screen with the following tabs:
      • Source
      • Condition
      • Action
      • Alerts & Notifications

    On the Source tab,

    1. You must first enter a Name and Description for the policy you are about to create. For example, Default Administrator Sign-in Policy Default Administrator Sign-in Policy for High-Risk Attempts
    2. Click on Select and choose an Administrator.
    3. If needed, you can select multiple administrators to apply to the policy.
    4. Click on Save.

    On the Condition tab,

    1. Set Risk Level as Any, High, Medium, or Low.
    2. Select the behaviors on which this policy will be applied. More than one can be selected.
    3. If you move your mouse over the new behavior, a pop-up text will appear displaying information about that specific behavior.
    4. If you want to set the time, click Schedule. You can set the day(s) and start/ end date here.
    5. Click Confirm.

    When "All Selected Behaviors" is chosen, all selected behaviors such as Untrusted IPs, New Device, and Breached E-mail Address must be active simultaneously for the policy to take the action.

    When "Any Selected Behavior" is chosen, at least one of the selected behaviors must be triggered the policy to take the action.

    You can consider All Selected Behaviors like "AND &&" and Any Selected Behaviors like "OR ||" as in coding language.

    Experience the user-friendly interface of Timus by hovering over the info icons on the policy creation screen:

    When you add a behavior to the policy with the add behavior button on the screen and hover over that behavior, you can view the brief explanation about the behavior you added:

    In the Action tab,

    Decide what action the system should take when a behavior triggers the policy. The actions defined in the system are as follows:

    1. Allow
    2. Deny
    3. MFA-Email
    4. MFA Authenticator App
    5. Deny and Block IP

    You can set multiple actions for multifactor authentication with Timus ZTNA.

    The actions you select are numbered in the tab shown on the left.

    1. Select an Action from the drop-down list.
    2. If you choose is MFA- Authenticator App and MFA- Email actions with multifactor authentication capability, you will see the Add More Actions button on the screen.

    So, in a scenario where the first authentication step fails, you can enable another action for login attempts and send authentication setup instructions to administrators who have not completed the setup process.

    On the Alerts and Notifications tab, you can configure the policy to send Alerts and Notifications each time it is triggered.

    1. Enter a Title for the policy alert.
    2. Set the Severity of the alert. Severity can be defined as High/ Medium or Low.
    3. Set Status ON to enable the alert.
    4. Specify which Result Conditions will be given an alert. Conditions can be Successful/ Failed or Timeout.
    5. Click on Notification.
    6. Enter a Title for notification.
    7. Set the Severity of notification. Severity can be defined as High/ Medium or Low.
    8. Set Status ON to enable the notification.
    9. Decide which Result Conditions will receive notification. Conditions can be Successful/ Failed or Timeout.
    10. If necessary, check Notify Administrators Matching Conditions to have the system notify the policy-bound user.
    11. If necessary, enter a Recipients for the notifications to be generated,
    12. Choose a recipient type: This can be one of your Admin(s) or an External user. More than one recipient can be assigned to the policy.
    13. When the administrator is selected, all administrators defined in the system are listed by name, and you can also select All Administrators in here.
    14. When External is selected, enter a Name and E-mail Address.
    15. Click +Add and view administrators' information, such as Name/ Type and E-mail Address below.
    16. Clicking Delete at the end of the line deletes the recipient.
    17. By clicking on Save, you will have created your first Create Admin Sign-in Policy with Timus ZTNA.
    • When you open the page, click the ellipsis icon in the default policy row and select Edit from the mini drop-down list.
    • Then you can change the configuration of the default policy and reapply it to Timus ZTNA with your final configuration.
    • Also, you can create a similar but slightly different policy: If needed, use the Copy feature in this list.
     
     
    See more