Features

 

Designed for Certificate-Based Authentication

Cloud RADIUS is the only product in its class that was designed from the ground up for certificate-based authentication. Other vendors use insecure authentication protocols that expose users to MITM attacks by sending their credentials via Cleartext over the internet.

Cloud RADIUS provides everything an organization needs to switch from WPA2-PSK Wi-Fi to secure WPA2-Enterprise encrypted Wi-Fi using the EAP-TLS protocol for certificate-based authentication.

Built with 802.1x Device Configuration Software

Cloud RADIUS comes with built-in 802.1x Device Configuration Software that is powered by SecureW2’s onboarding software. By using onboarding software, you can easily configure thousands of devices by empowering end users to self-enroll themselves for certificates to gain a secure WPA2-Enterprise encrypted Wi-Fi connection. This is critically important as it’s incredibly easy to misconfigure devices for WPA2-Enterprise, leaving them at high-risk for credential theft.

Cloud RADIUS provides a turnkey solution for a seamless EAP-TLS certificate-based authentication process by giving the means to users to efficiently enroll themselves for certificates, while simultaneously configuring their devices for WPA2-Enterprise.

Certificate-Enrollment Gateways for Managed and IoT Devices

SecureW2 offers robust Gateway APIs to simplify MDM, BYOD, and IoT certificate management & enrollment. Using our intuitive management portal, IT admins are able to configure network payloads using any Mobile Device Management software (Jamf, Intune, Airwatch.. etc), or GPO for AD-Domain joined devices, with automated enrollment policies to push to network devices. Each device is automatically configured to enroll for and authenticate a unique digital certificate.

Single-Pane AAA, Device Onboarding and Certificate Management Software

Cloud RADIUS is built-in SecureW2’s network security platform, giving full, single-pane visibility into all the authentication activity going on to the network. View RADIUS logs, WPA2-Enterprise device configuration history, and certificate enrollment and status all in real-time. Network admins can grant view-only permissions for any of these logs to help-desk personnel as well, empowering the entire IT team to remotely troubleshoot network connectivity issues on the spot.

Integrates with any Identity Provider

Unlike other RADIUS servers, Cloud RADIUS is vendor-agnostic – meaning it’s designed to integrate with every major vendor. From AD and Azure AD, to Okta and Google Apps, we’ve got you covered.

You can use your existing credentials to enroll for certificates and grant WPA2-Enterprise access. We even support Identity Lookup with SAML-based IDPs, providing the ultimate security to your network, something no one else in the industry can say.

Eliminates Over-the-Air Credential Theft

Using Secure W2’s Cloud Radius eliminates over-the-air credential theft as a threat by replacing the use of vulnerable passwords with certificates. The implementation of certificate-driven security guarantees that users go through a secure enrollment process to confirm their identity, ensuring that no unauthorized users are able to access your network.

Using server certificate validation on your network can help prevent credential theft. However, misconfiguring server certificate validation is easy. Luckily, Secure W2’s #1 rated onboarding service ensures that your network’s security will be ready for any attack by getting rid of passwords and ensuring every device is correctly configured to only connect to your Cloud RADIUS server and not a malicious actor harvesting credentials.

Doesn’t Send Passwords via Cleartext (EAP-TTLS/PAP)

Although information sent through the EAP Tunnel is protected by a layer of encryption, that does not mean it’s completely safe. If a bad actor is able to set up a successful Man-in-the-Middle attack, they can intercept the communication.

This is a major threat to the EAP-TTLS/PAP authentication method. While other auth methods encrypt the data within the EAP Tunnel, TTLS/PAP does not. The information can be read as plainly as this anecdote and presents an easy target for would-be cybercriminals. Other vendors still rely on this vulnerable method, but SecureW2 puts security first, and authenticates users with certificate-based EAP-TLS authentication.