Use-Case Summaries

1. High-Security Subnet Access

• Just-in-time orchestration of firewall rules to grant temporary access (e.g., 60 minutes) to critical internal subnets.
• Systems remain inaccessible until an operator logs in, removing standing exposure.
• Prevents lateral movement and zero-day exploitation in OT/ICS or other sensitive networks by making them invisible outside authenticated sessions.
• Ingress or Egress can be managed, allowing you to control external or internal network flows, third-party access or outbound telemetry/connect-back third-parties.

2. Remove VPN Attack Surface & Enforce MFA

• Orchestrates existing firewalls to eliminate exposed VPN endpoints while tying access to IdP/MFA.
• Removes Internet-facing VPN exposure without re-architecture or client software.
• Stops credential-stuffing, brute-force, and VPN appliance zero-days; improves compliance by uplifting all accounts to MFA.

3. Third-Party Access to Restricted Webapps

• Dynamic IP allowlisting tied to Knocknoc login for sensitive cloud-hosted applications.
• Eliminates broad Internet exposure while still supporting unmanaged or mobile devices.
• Enables partners and contractors to access critical apps securely without VPN clients, balancing usability and risk.

4. Ephemeral Outbound Internet Access for Patching

• Time-bound outbound firewall exceptions orchestrated via Knocknoc.
• Admins can temporarily open Internet access for patching, automatically closing after the session.
• Maintains a strict default-deny posture while enabling operational maintenance – no more “sneaker-net” patching.

5. SSH Attack Surface in Distributed Environments

• Host-based firewall orchestration to render SSH ports invisible until authenticated.
• Zero added hops, latency, or routing changes; SSH access bound to identity.
• Eliminates pre-auth attack surface, closes compliance gaps by enforcing MFA on SSH, and scales seamlessly across distributed teams.

6. File Transfer Gateway & Ad-Hoc Uploads

• Orchestrates firewalls for just-in-time access to FTP/SFTP/file-transfer platforms.
• Keeps file-transfer services invisible to the Internet except during authenticated uploads.
• Prevents exploitation of unpatched file-transfer platforms while still supporting unmanaged endpoints like cameras and contractor laptops.

7. Trusted Partner Access to Web Applications

• Knocknoc integrates with IdP to secure custom or internal web applications with pre-authentication access control.
• Removes Internet exposure without changing the access flow for trusted business partners.
• Protects highly confidential data exchange (e.g., finance) while delivering a seamless, installation-free experience.

8. HPC, SFTP & Coexisting with ZTNA

• Just-in-time IP/port orchestration to support high-bandwidth, direct data transfers.
• Provides secure SFTP access without introducing routing changes or agent installations.
• Complements existing ZTNA deployments by securing file-transfer workflows at scale without breaking performance.