Palo Alto Networks is pushing for the adoption of Zero Trust Network Access 2.0 (ZTNA 2.0) among organizations, which is touted to be the foundation for a new era of secure access, according to the cybersecurity solutions company.
“ZTNA was developed as a replacement for virtual private networks (VPNs) when it became clear that most VPNs did not adequately scale and were overly permissive,” Palo Alto Networks said in a media release. “But the first-generation ZTNA products (ZTNA 1.0) are too trusting and can put customers at significant risk. ZTNA 2.0 solves these problems by removing implicit trust to help ensure organizations are properly secured.”
Citing its own cybersecurity report for 2022, the company said it found that 94% of organizations in the Philippines and Southeast Asia have experienced an increase in cyberattacks in 2021. To combat the rising threats in a hybrid workplace, 57% of organizations in the Philippines have focused on implementing Identity and Access Management, an architecture enabling Zero Trust Network Access (ZTNA) 1.0 solution which supports only coarse-grained access controls, incorporates an “allow and ignore” approach for both users and app traffic, and provide either little or no advanced security consistently across all apps.
“Zero trust has been embraced as the solution — and it is absolutely the right approach,” said Nir Zuk, founder and chief technology officer at Palo Alto Networks. “Unfortunately, not every solution with Zero Trust in its name can be trusted. ZTNA 1.0 — for example — falls short.”
Compared to ZTNA 2.0, the ZTNA 1.0 isn’t as stringent as the former. Learning from the inadequacies of its predecessor, ZTNA 2.0 was developed to meet the security challenges of modern applications, threats, and the hybrid workforce.
Palo Alto Networks Prisma Access is ZTNA capable and incorporates the following key principles:
- Least-privileged access. Enables precise access control at the application and sub-application levels, independent of network constructs like IP addresses and port numbers.
- Continuous trust verification. After access to an application is granted, a continuous trust assessment is ongoing based on changes in device posture, user behavior, and application behavior.
- Continuous security inspection. Uses deep and ongoing inspection of all application traffic, even for allowed connections to help prevent threats, including zero-day threats.
- Protection of all data. Provides consistent control of data across all applications, including private applications and SaaS applications, with a single data loss prevention (DLP) policy.
- Security for all applications. Consistently secures all types of applications used across the enterprise, including modern cloud-native applications, legacy private applications, and SaaS applications.