One of the main weaknesses of the traditional approach to security is that it assumes that everything inside an organization’s network can be trusted
One implication of this assumption is that it keeps us blind to threats that get inside the network, which are then left to freely roam and attack the network wherever they choose.
To overcome this deficiency, organizations must adopt a new approach to protect the modern network infrastructure and fluid network perimeter that extends to the cloud, and the increasing number of mobile or dispersed users. This new approach is called the zero trust security model or zero-trust network access (ZTNA).
What is Zero Trust Network Access (ZTNA)?
Zero Trust Network Access (ZTNA) is a shift in approach to security whereby access is denied unless it is explicitly granted and the right to have access is continuously verified. The idea behind zero trust is that the network devices should not be trusted by default, even if they are connected to a corporate network or have been previously verified.
The zero-trust approach advocates checking the identity and integrity of devices irrespective of location and providing access to applications and services based on the confidence of device identity and device health in combination with user authentication. ZTNA reduces insider threat risks by always verifying users and validating devices before granting access to sensitive resources. For outside users, services are hidden on the public internet, protecting them from attackers, and access will be provided only after approval from their trust broker. According to Gartner, by 2022 80% of new digital business applications will be accessed via zero-trust network access (ZTNA).
The best Zero Trust Security Vendors
1. Palo Alto
Palo Alto Networks is a well-known American enterprise cybersecurity company that provides network security, cloud security, endpoint protection, and various cloud-delivered security services. Palo Alto Networks was named a Challenger in the 2022 Gartner Magic Quadrant for Security Service Edge (SSE), and a leader in the Forrester New Wave Zero Trust Access.
The Palo Alto Networks Prisma Access is a cloud-delivered platform that consolidates networking and security capabilities into a single platform that enables flexible hybrid work culture for the modern business without compromising security and user experience.
Prisma Access security capabilities include the following technologies:
- ZTNA Prisma Access ZTNA provides a secure connection to applications and supports both agent-based and agentless connection methods regardless of a user’s location.
- Next-Gen Cloud Access Security Broker (CASB) Prisma Access CASB provides visibility, real-time data protection, and security for SaaS applications
- Cloud Secure Web Gateway Prisma Access provides cloud secure web gateway (SWG) functionality which is natively integrated with Next-Gen CASB to protect remote users from threats when accessing the web and non-web applications.
- Firewall as a Service (FWaaS) Prisma Access provides FWaaS capabilities with the full functionality of Palo Alto Networks Next-Generation Firewalls (NGFWs).
A virtual test drive that aims to give you hands-on experience with Palo Alto Networks Prisma Access is available on request.
Zscaler is an American cloud security company and one of the leading providers of ZTNA solutions and services. Zscaler was named a leader in the Gartner 2022 Magic Quadrant for Security Service Edge. Zscaler’s ZTNA products include the Zscaler Zero Trust Exchange, Zscaler Private Access (ZPA), and others.
The Zscaler Zero Trust Exchange is the platform that powers all Zscaler services to securely connect users, devices, and applications over any network. The platform leverages the zero trust principle of least-privileged access to secure applications, data, and users as they connect to work remotely via the public network (internet).
ZPA is a cloud-based service that provides zero trust access to private applications running on-premise, in the public cloud, or within the data center. ZPA protects applications from the public network (internet), making them invisible to unauthorized users. A free online demo is available on request.
3. Perimeter 81
Perimeter 81 is an Israeli cloud-based network security company that develops secure remote networks based on the zero trust architecture. Perimeter 81 is on a mission to transform traditional network security technology with one unified Zero Trust Network as a Service (ZTNaS).
Perimeter 81’s zero trust solution is offered via the following platforms:
- Zero Trust Application Access Helps to ensure zero trust access to web applications and remote network access protocols such as SSH, RDP, VNC, or Telnet, through IPSec tunnels – without an agent.
- Zero Trust Network Access Helps to ensure zero trust access to on-premises and cloud resources with one unified cloud platform.
- Software-Defined Perimeter Helps organizations conceal internal network resources and assets from external entities, whether it is hosted on-premises or in the cloud.
Perimeter 81 zero trust platforms are a scalable hardware-free solution that helps organizations provide secure access to their network infrastructure and digital assets including local and cloud resources from end-point to data-center to the cloud. It offers network visibility, resource access segmentation, and full integration with major cloud providers, giving organizations peace of mind in the cloud.
Perimeter 81 is ideal for SMBs, especially those looking for a modern alternative to traditional corporate VPN systems. It offers flexible payment plans with billing occurring on a yearly or monthly basis. When you sign up with Perimeter 81, you get a full management platform where you can build, manage, and secure your network.
Illumio delivers zero trust micro-segmentation from endpoints to data centers to the cloud to halt cyber-attacks and the spread of ransomware. You can also use Illumio’s zero-trust platform to protect against lateral movements across devices, applications, workloads, servers, and other infrastructure.
Illumio zero trust solution is offered via the following platforms:
- Illumio Core (formerly known as Illumio ASP) Delivers visibility and segmentation for workloads and containers in data centers, private clouds, and all public cloud environments.
- Illumio Edge Brings zero trust to the endpoint and helps prevent the peer-to-peer spread of ransomware and other malware.
With capabilities that span micro-segmentation, network visibility, encryption, and vulnerability management, Illumio’s zero-trust platform provides opportunities for organizations to embrace and implement zero-trust strategies. Pricing details can be obtained by directly contacting the vendor. However, the vendor provides a means to obtain a total cost of ownership (TCO) estimate for Illumio Core to help you build a business case for the elimination of unnecessary hardware in your data center. There is also a 30-day free trial available.
The NetMotion zero trust solution combines ZTNA, SDP, and enterprise VPN solutions to provide organizations with secure access to their digital assets and resources. It can be deployed on-premises, or in the cloud (public, private, and hybrid). The easiest way to take advantage of the NetMotion platform is to implement it as a service.
The NetMotion client installed on user devices acts as the controller, gathering real-time data about the host device, applications, network connections, and analyzing the context of every user request for resources. The data gathered is then used to build a risk profile of each request to determine whether the user can access the resource based on the immediate context. The NetMotion gateway which can be installed on-premises or in the cloud ensures that all company resources are protected. If the controller approves users’ access to a resource, traffic is routed to this gateway and directly to the destination requested.
NetMotion licenses are available in two subscription options:
- The Complete subscription This option grants customers access to the entire range of functionality – ZTNA, SDP, VPN, experience monitoring, and others.
- The Core subscription This option grants customers access to a limited range of functionality.
A 30-day free trial is available on request.
Appgate ZTNA solution is offered as software-defined perimeter, VPN alternative, secure third party, and DevOps access based on zero trust principles and built to support hybrid IT and a distributed workforce. It is infrastructure agnostic and can be deployed in all environments: on-premises, multi-cloud (AWS, Azure, GPC), virtualized containerized environments, and legacy networks and infrastructure. Appgate was named a leader in the Forrester Zero Trust New Wave 2021 report. The entire Appgate ZTNA solution is designed to be distributed and to offer high availability, and it can be deployed in physical, cloud, or virtual environments. The Appgate platform integrates seamlessly with third-party applications such as IdPs, LDAP, MFA, and SIEM, among others.
With the Appgate ZTNA solution, access can be controlled from any location and to any enterprise resource with centralized policy management for servers, desktops, mobile devices, and cloud infrastructure among others.
The Appgate ZTNA platform consists of three main components:
- Controller The controller manages user authentication and applies access policies assigned to users based on user attributes, roles, and context. It then issues entitlement tokens listing the resources the user is permitted to access.
- Client The Appgate client is software that runs on user devices, and connects with Appgate appliances to receive site-based entitlement tokens after successful authentication.
- Gateway The gateway evaluates user entitlements and opens connections to resources accordingly.
Twingate is a relatively young but fast-rising cloud-based ZTNA service provider. Twingate enables organizations to implement a modern zero-trust network without changing existing infrastructure, and centrally manage user access to company digital assets, whether they are on-premises or in the cloud. Twingate ZTNA solution is offered as an SDP service or an alternative to a traditional VPN. It is delivered as a cloud-based service, and delegates user authentication to a third-party Identity Provider (IdP).
No special technical knowledge is required from end-users other than to download and install the SDP client application and authenticate with an existing identity provider. The controller handles the rest, negotiating encrypted connections between clients and resources. Once everything is confirmed, users are routed to the appropriate resources.
The Twingate zero trust architecture relies on four components: Controller, Clients, Connectors, and Relays. These components work in tandem to ensure that only authenticated users gain access to the resources that they have been authorized to access.
8. Cisco Zero Trust Platform
Cisco’s zero trust solution helps organizations secure access to applications from device and location. The Cisco zero-trust approach is broken down into three pillars: workforce, workload, and workplace.
- Zero Trust for the workforce This pillar ensures that only the right users and devices that meet security requirements can access applications and systems, regardless of location. Zero Trust for the workforce solution is implemented via the Cisco Duo platform. A free version called Due free, a 30-day free trial as well as the various subscription plans and associated costs and features are all available.
- Zero Trust for workloads This pillar focuses on securing all connections and preventing unauthorized access within application environments across multi-cloud, irrespective of where they are hosted. The Cisco Zero Trust for workload solution is implemented via the Cisco Tetration platform. It can be deployed on-premises (physical or virtual) or as a SaaS application.
- Zero Trust for the workplace This pillar focuses on securing all users and devices (including IoT) access to the enterprise network. The Cisco Zero Trust for the workspace solution is offered via the Cisco Software-Defined Access (SDA) platform. The solution is targeted at medium to large enterprises.
Choosing the right ZTNA vendor
While ZTNA has many use cases, most organizations choose to use it as a means of access to hybrid and multi-cloud services, an alternative to VPN, and a means to eliminate over-privileged access to resources, among others. These solutions can be deployed as on-premises or standalone service, cloud service, or as a hybrid service, combining cloud and stand-alone offerings. With a variety of Zero Trust vendors out there, choosing the right one for your business and budget can be challenging. In this article, we’re going to review the eight best Zero Trust vendors in the market. Hopefully, this will guide you in the process of choosing the right solution for your business.