Show HN: Trasa – zero trust service access platform (opens in new tab)

Since you mentioned AWS, in a typical AWS organization, you will have services which fall into two categories; 1) external services that are used by your customers (let's say a web application) and 2) internal services that are used by your internal team, i.e., developers, DevOps team, administrators (let's say SSH, RDP, database, hosted GitLab). Most probably, you are protecting customer-facing services with web application firewalls, DDOS prevention. But how do you safeguard access to internal services?

Weak access to internal services are often overlooked and are one of the primary vectors of system compromise and data breach. With features such as agentless two-factor authentication, privilege access security(protecting keys to your kingdom), device authentication (verify user devices along with passwords), TRASA ensures that access to internal services is well protected.

TRASA compliments systems like Keycloak with additional security features, and you should use both; Keycloak to manage user and service identities and TRASA to ensure that those identities are not misused, compromised credentials do not lead to data breach and achieve compliance.

Think of Keycloak as human resource admin, which enrolls an employee and applications in an organization, and assign them a badge for security clearance to access those applications. TRASA is a system that polices misuse of their security clearance (malicious insider) and protects applications and services from compromised accounts threats (stolen credentials).