Financial services data partner, secure web upload

Use Case: Trusted partners secure access to web application

A financial services provider relied on periodic uploads through an Internet-exposed web application. Although the application was actively maintained, it posed substantial value and risk to the organization due to the highly confidential, proprietary investment information it contained.

The goal: Eliminate the attack surface of the highly confidential, internally-built web application used for collecting proprietary investment information. Trusted third parties and business partners would be required to log in to Knocknoc before accessing the web application, enhancing edge security and mitigating risks to the application.

The result: The web application's exposure to the public Internet was eliminated without significantly disrupting the access flow for external business partners and data providers. Pre-auth web application paths, API routes, and other potential attack vectors were removed. Both Knocknoc and the web application were integrated with the same Identity Provider (IdP), delivering a seamless user experience without requiring any end-user installation.

Technical how:

In this example, a reverse proxy (HAProxy in this case) was orchestrated by Knocknoc, opening up access to layer-7/HTTP filtered paths to trusted IP addresses only after they successfully authenticated to Knocknoc.