Array's ZTAG Series acts as a Zero Trust Access Gateway, establishing a new security perimeter that grants users access to productivity applications while strictly adhering to zero trust principles. This next-generation solution surpasses traditional VPNs by offering identity-based, per-application access, multi-factor authentication, continuous device posture assessment, and adaptive access policies. It also makes internet-facing applications invisible to unauthorized users. Available both on-premises and in the cloud, Array's ZTAG is ideal for building connected, multi-site architectures that combine robust connectivity with advanced cybersecurity, providing defense-in-depth for both employees and partners. Key use cases include secure remote access, zero trust access for all users (local and remote), and the creation of a hybrid cloud security services edge that spans geographically dispersed operations. The ZTAG is built on the "never trust, always verify" principle, ensuring that while workers have the resources they need, every session is continuously verified to prevent unauthorized access and data breaches.

Features & Benefits

• Single Packet Authorization (SPA): Makes the ZTAG invisible to network scans and unauthorized users, preventing brute force attacks and DDoS.
• User Identity & Device Validation: Supports MFA, SSO, HW ID, AAA protocols, IdP providers, and device certificates/fingerprinting.
• Continuous Adaptive Access Control: A built-in policy engine recalculates user access rights based on changing risk factors.
• Advanced Client Security: Restricts clipboard access, blocks screen sharing, and disables file uploads/downloads in sensitive sessions.
• Granular Authentication Parameters: Validates OS and patch version, antivirus, port use, IP reputation, and connection type as prerequisites for authentication.
• Least Privilege Application Publishing: Layer-7, Layer-4, and Layer-3 app publishing shrinks the attack surface by providing access on a per-user, per-resource basis.
• End-to-End Encryption: User and gateway connections utilize the latest TLS and IPSec encryption protocols and ciphers, including WireGuard VPN.
• Reporting & Monitoring: Records all access activities and allows logs to be queried by date, user, application, IP address, and other parameters.