Forum Sentry ZTA PEP


api-security-icon  Forum Sentry and Zero Trust


Achieving Zero Trust Architecture (ZTA) using Forum Sentry Policy Enforcement Points

The National Institute for Standards and Technology has issued a special publication NIST SP 800-207 defining the architecture and concepts for deploying successful ZTA.

“Zero Trust Architecture is an end-to-end approach to network/data security that encompasses identity, credentials, access management, operations, endpoints, hosting environments, and the interconnecting infrastructure. Zero trust is an architectural approach that is focused on data protection.

In Figure 1, a user or machine needs access to an enterprise resource. Access is granted through a 365 Policy Decision Point (PDP) and corresponding Policy Enforcement Point (PEP).

Policy Enforcement Point (PEP): This system is responsible for enabling, monitoring, and terminating connections between a subject and an enterprise resource.  



Risks of using insecure PEPs

While Policy Enforcement Points may claim that they provide access control, there are significant risks involved in deploying non cyber-hardened PEPs.  This is because in a Zero Trust Architecture, the PEP itself is a critical decision point, and becomes by nature of the architecture itself, the target of attack.

Issues with non-secure PEPs:

Forum Sentry Cyber-Secure PEP

Forum Sentry has achieved FIPS 140-2 Level II, Common Criteria EAL NDPP, and DoD PKI certification.  The product architecture is designed with tamper-proof self-health checks and Known Algorithm Test (KAT) validations to detect and prevent compromise.   Forum Sentry provides integrated PKI, IDP, DLP, AV, and deep context data analysis engines that combine with the built-in identity, access control, authentication and authorization capability for dynamic and secure PEP enforcement.   Furthermore, Forum Sentry captures transaction information bi-directionally into unique session identifiers for contextual logging, auditing, and real-time monitoring.   Forum Sentry provides integration with AI machine learning for advanced predictive analytics of PEP message flows.


Built-in Forum Sentry PEP Security Features
PEP Cyber Security Protection

Content-Aware Threat Prevention

Intrusion Detection and Prevention

Data Leakage Prevention

Integrated Antivirus and BASE64 scanning

PEP Access Control

Authentication and Authorization

Multi-Context Access Control

Role-Based Access Control

Attribute-Based Access Control

Content Based Access Control

PEP Accelerated Cryptography

SSL/TLS Termination and Initiation

Digital Signatures and Encryption

Centralized PKI Key Management

PEP Data Conversion

Content Encryption and Decryption


Data mapping

Protocol conversion

PEP Rate and Size Throttling

User-based service level assurance

Application throughput DOS protection

Monitoring and Alerts

PEP Real-time Monitoring

Real-time view of traffic and events

Alert Management