ENCLAVE: ZERO TRUST NETWORK ACCESS

THE CHALLENGE

There are millions of private systems that are exposed to the public internet for anyone, anywhere to connect to. And they are under frequent attack by malicious attackers.

This challenge has become even more widespread as more organisations move to the cloud and more devices and critical national infrastructure connects to the internet.

By design, VPN servers allow anyone to connect to the gateways in private networks. This means that whether a user is authenticated or not, they could exploit vulnerabilities and access files – including authentication credentials or the privileges needed to run secondary exploits aimed at accessing a root shell.

“The default architecture of the internet is connect then authenticate, which is not a robust approach to security”

– David Notley, CEO, Enclave

THE INNOVATION

Enclave is a deeptech solution that’s making it easier for organisations to manage their virtual private networks (VPN) over the public internet. It’s raised over £1m in investment and its users include banks, managed services providers and a ride-hiring company.

The startup’s patented Zero Trust Network Access only allows connections to be made once the request has been authenticated.

Enclave is still a VPN that enables end-to-end, encrypted connectivity. But rather than taking a connect, then authenticate approach, it requires authentication first. This makes private networks effectively invisible to the public.

It creates an overlay network so organisations can establish secure, private Zero Trust connections without making changes to their underlying network infrastructure. This means organisations can avoid spending time on the complex and error-prone configuration of multiple aspects of their network infrastructure.

The startup has received £500,000 in investment, has been awarded £175,000 in Innovate UK SMART grants and has recently submitted additional patent applications.

WHY NCSC FOR STARTUPS?

As Enclave builds its user base and refines its product features, functionality and benefits, it wants to collaborate with the government to achieve a compelling product-market fit. It would benefit from guidance on validating its approach and identifying early adopter use cases.

As more organisations recognise the need to adopt a Zero Trust approach to network security, cyber startups outside of the UK are rising to the challenge. Enclave wants to work with the UK government to become a globally significant Zero Trust solution that can be used by UK-based companies.