What is Enclave?

Enclave is a unified zero trust security platform designed to enhance network security, identity management, and threat prevention through automated microsegmentation, asset intelligence, and integrated security controls. It provides a comprehensive solution for managing and securing your network infrastructure, whether in the cloud or on-premises.

It is an agent-based platform that allows you to create secure microsegments (enclaves) within your network, enabling granular control over traffic and access. Enclave's architecture supports both software and hardware agents, allowing for flexible deployment options across various devices, including servers, workstations, IoT devices, and more.

Platform overview

The Enclave platform consists of two major components: the Enclave management console and software/hardware agents.

1. Enclave management console (EMC) is the control center for the platform. In the EMC, you configure your enclaves (microsegments), manage how agents (machines or users) will authenticate, manage asset intelligence, and more.

2. Agents are responsible for creating the overlay network, managing the firewall, passing asset inventory information, and more. They authenticate with the EMC to receive configuration and updates. Agents can be installed on various devices, including servers, workstations, and IoT devices. Additionally, they can be software-based or hardware-based.

Agent types

Enclave supports various types of agents, each designed for specific use cases and deployment scenarios. Our single installable supports agent types, simplifying deployment. The current types of agents are:

User agents

User agents authenticate with short-lived credentials issued from the EMC or your OIDC provider. A user can use this connection to access the network, do work, and then disconnect from the network. This is a similar process to how you access infrastructure through a VPN.

Node agents

Node agents authenticate with fixed (optionally auto-rolling) credentials. An example of this is a web server that is always online. A user always needs to be able to access it.

Gateway agents

Gateway agents act as ingress/egress points within the Enclave network. They can be used to route traffic to devices that do not have an agent installed on them. This allows for agentless deployment. These can be virtual or physical devices.

Beacon agents

Beacon agents are agents that provide resolution between nodes. They provide peer discovery by translating the overlay IP space to the physical IP space. Additionally, they can act as a relay if a direct connection is not possible. At least one beacon is required for networking to function. These can be managed by a client or hosted by SideChannel.