How Zero-Trust Network Access Keeps Would-Be Attackers in the Dark

“The hands can’t hit what the eyes can’t see.”

Muhammad Ali’s famous quote about his elusive boxing style also describes the simple logic at the core of zero-trust network access (ZTNA) solutions. These products and services help protect applications and other network resources from unauthorized access by effectively making them invisible to prying eyes.

Using access controls, network segmentation, multifactor authentication and other techniques, ZTNA solutions create what Gartner analysts call “an identity- and context-based, logical-access boundary.” With this boundary in place, applications and network segments are cryptographically hidden from unauthorized users, which dramatically diminishes the surface area for network attacks.

Gartner estimates the ZTNA application market is growing at a year-over-year rate of 60 percent. The rise of remote, mobile and hybrid work models has fueled that growth by forcing organizations to ensure the distributed workforce can securely access applications, files and other network assets.

Isolating Assets

It’s no secret that remote work has forced a rethinking of traditional network security practices. For years, organizations relied on the public Internet to provide remote access, usually through virtual private networks (VPNs) or remote desktop applications. That’s a flawed approach, however, because Internet access exposes IP addresses. That visibility makes the network, users and devices vulnerable to malicious actors.

However, ZTNA solutions create a virtual “dark net” in which authorized network elements are simply not visible to unauthorized users. This invisible infrastructure is created by strictly controlling access not just with user authorization, but also with session-specific controls based on contextual variables. These variables can include the user’s identity, the user’s location, the time of day, the type of device being used, whether the device is running security software, and many more.

Another problem with legacy security models is the implicit trust for users and devices inside the network perimeter. Once malicious actors get past the firewall and other perimeter defenses, they can often move laterally through the network and access other endpoints, applications and servers to harvest credentials, steal data, conduct reconnaissance and spread malware.

Zero-trust creates a “never trust” posture that assumes malicious actors are both inside and outside the network. It augments perimeter security with a variety of tools designed to verify the identity of every user, validate every device and limit access on a need-to-know basis. ZTNA solutions also allow you to set up and manage detailed access policies via an intuitive administrator dashboard. You can customize policies for different users, devices, locations and other contextual factors.

Use Cases

Network segmentation is another technique employed by ZTNA to prevent lateral movement. It divides the network into smaller, isolated parts with unique security controls for each segment. Even when a user is authenticated, classification and encryption tools ensure that only those with proper access can see and access sensitive data. Content-level controls can also dictate what actions a user can and cannot take with data — for example, whether data can be downloaded or attached to an email.

Key ZTNA uses cases include:

• Replacing VPNs for remote access. VPN connections are primary targets for cybercriminals. Gartner predicts that 60 percent of enterprise organizations will replace VPNs with ZTNA by next year to provide remote access to the extended workforce.
• Reducing third-party risk. Companies often must provide network access to vendors and partners to do business effectively. ZTNA limits their access to specific applications and renders everything else invisible.
• Improving multi-cloud access. Most organizations have applications and data residing on multiple cloud instances. ZTNA’s identity-based boundaries and centralized access policies ensure secure, context-aware cloud access.
• Enhancing IoT security. ZTNA improves IoT security by ensuring devices and users are not visible from the Internet.

Providing the remote workforce with anytime, anywhere access to apps and data is fraught with risk. ZTNA solutions help thwart unauthorized access by isolating important network assets. Hackers can’t hit what they can’t see. Call us to discuss how your organization might benefit from a ZTNA solution.