Palo Alto Networks Recommends Switching to ZTNA 2.0: Zero Trust with Zero Exceptions
Palo Alto Networks (NASDAQ: PANW), the world’s leading cybersecurity company, today challenged the industry to move to Zero Trust Network Access 2.0 (ZTNA 2.0) – the foundation for a new era of secure access. ZTNA was developed as a replacement for virtual private networks (VPNs) when it became clear that most VPNs were not sufficiently scalable and too permeable. However, first-generation ZTNA products (ZTNA 1.0) are too tolerant and can expose customers to significant risk. ZTNA 2.0 solves these problems by removing implicit trust and thus ensuring that companies are properly secured.
“This is a critical time for cybersecurity. We are in an era of unprecedented cyberattacks. The past two years have significantly changed work – for many, work is now an activity and no longer a place. This means that protecting employees and the applications they need has become both more difficult and more important,” explained Nir Zuk, Founder and Chief Technology Officer of Palo Alto Networks . “Zero Trust has been promoted as a solution – and is the absolutely right approach! Unfortunately, not every solution that has Zero Trust in its name is trustworthy. ZTNA 1.0 – for example – falls short.“
For modern enterprises, where hybrid work and distributed applications have become the norm, ZTNA 1.0 has several limitations. Thus, it is too permissive in granting access to applications, since it cannot control access to sub-applications or certain functions. In addition, there is no way to monitor changes in user, application, or device behavior. In addition, it cannot detect or prevent malware or lateral movements across connections. ZTNA 1.0 also cannot protect all corporate data.
ZTNA 2.0-enabled products such as Palo Alto Networks Prisma Access help organizations meet the security challenges of modern applications, threats, and hybrid workforces. ZTNA 2.0 includes the following key principles:
- Access according to the least privilege – enables precise access control at the application and sub-application level, regardless of network constructs such as IP addresses and port numbers.
- Continuous trust verification – after access to an application is granted, a continuous trust check is performed based on changes in device structure, user behavior, and application behavior.
- Continuous security review – uses a deep and continuous review of all application traffic, even on allowed connections, to prevent threats, including zero-day threats.
- Protection of all data – provides consistent control of data across all applications, including private applications and SaaS applications, with a single Data Loss Prevention (DLP) policy.
- Security for all applications – provides consistent protection for all types of applications used across the enterprise, including modern cloud-native applications, legacy private applications, and SaaS applications.
In a new report, the John Grady, ESG Senior Analyst, The following: “First generation solutions/ZTNA 1.0 in many ways do not fulfill the promise of true zero trust. Rather, they grant more access than desired. In addition, with ZTNA 1.0 solutions, once access is granted, the connection is implicitly trusted forever, which provides a practical way for sophisticated threats and/or malicious actions and behaviors. Grady continued, “It’s time to take a new approach to ZTNA, designed from the ground up to address the specific challenges of modern applications, threats, and hybrid workforces.“
“Securing today’s hybrid workforce with an increase in cloud and mobile technologies and changing requirements can be complicated,” said Jerry Chapman, Engineering Fellow, Optiv. “Rethinking zero Trust is essential for modern, hybrid enterprises to prevent threats. Together with Palo Alto Networks, we advise our customers to incorporate ZTNA 2.0 principles such as continuous identity and connection verification across their domains to stay secure.“
New features of Prisma Access
Palo Alto Networks Prisma Access is the industry’s only solution that meets today’s ZTNA 2.0 requirements. Prisma Access protects all application traffic with first-class features and secures both access and data.
The innovations of Prisma Access announced today include the following features:
- ZTNA Connector – simplifies the process of integrating native and traditional cloud applications into the service, helping to make ZTNA 2.0 easier and more secure to deploy.
- The industry’s only unified SASE product – provides a common policy framework and data model for all SASE functions managed through a single cloud management console.
- Self-Service Autonomous Digital Experience Management (ADEM) – helps to proactively inform users about issues that require immediate attention and gives them advice on how to fix them.
Prisma Access is now generally available and offers full support for ZTNA 2.0. The new ZTNA Connector, Unified SASE and Self-service ADEM will be available in the next 90 days.