Product Basics

What is SecKonnect?
SecKonnect is a software-defined Zero Trust Network Access (ZTNA) platform. A lightweight agent installs on every endpoint, binds device identity to the OS-level TPM or Secure Enclave, and opens mutually-authenticated tunnels only to the apps each user is authorized to reach — no credentials, no exposed network, no friction.
Why "Secure. Simple. Seamless."?
Three words for our design philosophy. Secure: cryptographic identity anchored in TPM. Simple: 60-second install, no reboot. Seamless: the agent runs invisibly — users get the same experience at HQ, home, or a hotel.
How do I get started?
An admin signs up, defines policies, and emails users an enrollment link. Users click the link, install the SecKonnect agent, and they're protected. Pilot programs include white-glove onboarding from our solutions team.
Which operating systems are supported?
Windows 10/11 (64-bit), macOS 12 Monterey and later (Apple Silicon and Intel), and Linux (Ubuntu 20.04+, Debian 11+, RHEL 8+). All from the same admin policy.

Security & Architecture

How does SecKonnect eliminate credentials?
At enrollment, the agent generates a device certificate whose private key lives inside the OS TPM 2.0 (Windows/Linux) or Secure Enclave (macOS). The key never leaves hardware. mTLS uses that certificate — there is no username, no password, no shared secret for an attacker to phish, dump, or replay.
What encryption is used?
AES-256 for symmetric encryption, mutual TLS (mTLS) for the transport layer, and TPM- or Secure-Enclave-backed key storage on every endpoint. Cryptographic operations on the keys happen inside the secure element, isolated from the host OS user space.
How is this different from a VPN?
A VPN authenticates a user with credentials and then exposes the entire network. SecKonnect authenticates a device with a TPM-bound certificate and exposes only the specific app the user is authorized to reach. It's least-privilege by default — VPNs are most-privilege by default.
What if a device is lost or stolen?
An admin revokes the device from the management panel with one click. Active sessions terminate instantly, the device certificate becomes invalid, and the agent cannot reconnect. Because the private key is locked inside the TPM, it cannot be extracted from the lost machine.
Does it protect against zero-day exploits?
SecKonnect's architecture eliminates entire classes of attack surface — no exposed VPN gateways, no public concentrators, no inbound listeners on the endpoint. Combined with device-bound identity, this delivers strong zero-day resilience compared to traditional VPNs.

Deployment & Operations

How long does deployment take?
A typical pilot for 25 – 50 users is operational within a week. Larger rollouts are phased: tenant setup, policy creation, integration with your IdP and SIEM, then staged user enrollment with progressive cutover from VPN.
Do I need any new infrastructure?
No. SecKonnect is delivered as an agent plus a cloud admin panel. Most customers reduce infrastructure by retiring VPN concentrators, jump hosts, and the associated licenses.
Can I integrate with my existing identity provider?
Yes. SecKonnect supports SAML 2.0 and OIDC for SSO. We integrate with Okta, Azure AD / Entra ID, Google Workspace, JumpCloud, and any standards-compliant IdP. SCIM provisioning is supported on Enterprise plans.
How does monitoring work?
Live session events stream to the SecKonnect admin panel. You can view active sessions, drill into device identity, view access scope per session, and forward events to your SIEM via Syslog, webhook, or our Splunk/Datadog connectors.
Can I deploy the agent via MDM / Intune / Jamf?
Yes. The agent ships as an MSI (Windows), PKG (macOS), and DEB/RPM (Linux). Deploy silently via Microsoft Intune, Jamf, Workspace ONE, Ansible, or any standard endpoint management tool.
Can I use SecKonnect for vendor or contractor access?
Yes — one of the most popular use cases. Issue an enrollment link per vendor, scope their policy to exactly the apps they need, and revoke instantly when the engagement ends. No shared VPN credentials.

Agent Details

How heavy is the agent on the endpoint?
Designed to be unnoticeable — minimal disk, memory, and CPU usage, with no kernel drivers required on modern OS versions.
Does the agent need admin rights to install?
Yes. Installing the agent requires administrator (root) privileges, since it registers the device certificate and system-level network components. For MDM-deployed fleets (Intune, Jamf, etc.), the management tool handles this silently — end users never see a prompt.
How does the agent update?
Silent background updates over the same outbound HTTPS channel — signed by SecKonnect's release key and verified before install. Admins can pin to a specific version per environment.
What network access does the agent need?
A single outbound HTTPS connection on port 443. No inbound listeners on the endpoint, no firewall changes required.
Does it work on devices without a TPM?
All Windows 10/11, recent macOS, and Linux laptops shipped in the last several years include a TPM 2.0 or Apple Secure Enclave. For older hardware, the agent falls back to software-protected keys with the same operational behavior at reduced assurance.

Compliance

Which compliance standards does SecKonnect support?
SecKonnect is designed against the control families of ISO/IEC 27001, SOC 2, GDPR, and NIST 800-171. TPM-backed key storage, end-to-end session logging, role-based access, and time-bound sessions are all built in.
Will it help with audit evidence?
Yes. Every session is logged end-to-end with device identity, time, scope, and outcome. Auditors get the evidence trail they expect without extra tooling.
Where is data stored?
Session metadata is stored in geographic regions you select to support data residency obligations under GDPR and similar regulations. We never store your traffic content — only metadata about the session.

Pricing & Pilot

How is SecKonnect priced?
Per-user, per-month subscription. Volume discounts are available, and most customers see net savings within the first year by retiring VPN infrastructure and licenses.
Do you offer a pilot?
Yes — typically a 30-day pilot scoped to a specific team or use case. Register an enquiry and we'll scope one with you.
What support is included?
All plans include email support and access to documentation. Enterprise plans add SLA-backed support, a named customer success contact, and security incident assistance. See our Service Level commitments for details.

Still have questions?

Our solutions team can usually answer specific technical questions within an hour. Drop us a note.