Policy Updates and Continuous Enforcement
Note
This is a limited release feature. For more information contact Axis Security Support: [email protected]
The Atmos Agent captures relevant outgoing traffic by adding a virtual network interface to the user's machine. Requests to applications' IP and DNS addresses are directed to the network interface by new rules set in the OS routing table. Once the Client receives the request, it sends the request to Atmos Cloud over an encrypted UDP channel.
Click here to learn more about routing traffic to the Atmos Cloud.
The Atmos Agent provides continuous policy enforcement; it ensures that authorized sessions are continuously being evaluated and enforced based on current policies. When a session no longer adheres to the policy, or there are changes to the user's provisioned identity via SCIM (e.g. the user is deleted from the IdP), Atmos will terminate the session immediately.
Enforcing Policy Updates Pertaining to IP Addresses
Since DNS addresses are resolved by the Agent and routed to the Atmos Cloud, changes to policies pertaining to DNS addresses are constantly implemented. Based on changes to IP addresses in policies and application access configuration, the Atmos Agent is constantly changing the OS routing table configuration. To make these changes, the Agent disconnects all the channels, resulting in a complete stop of all currently established connections.
Since requests to access IP addresses are not resolved and controlled by Atmos, and seeing as implementing policy changes pertaining to IP addresses requires a complete stop for all currently established connections, any changes made to policies or application access that are based on IP addresses must be implemented manually to prevent disruption.
When the admin updates policies or application access based on IP addresses and pushes these changes, the user will see a notification in the Agent asking him to reconnect to implement these changes. This will stop all Axis traffic and therefore may cause disruptions to traffic such as file upload or download. Click here to learn more about what the end-user may experience.
To provide visibility into policy change implementation by the end-users, admins are kept informed of the update status. Click here to learn more.
Updated over 2 years ago