Protection of private apps, through deception mechanisms and privileged remote access
Zscaler, a leader in cloud security, today introduces its Security Service Edge (SSE) innovations of the Zero Trust Network Access (ZTNA) solution “Zscaler Private Access”, which replace traditional firewalls and VPNs. As part of the security platform Zscaler Zero Trust Exchange, the new functions establish a standard for ZTNA in order to minimize the attack surface of companies and prevent lateral movements of attackers in the network. Private App Protection stops compromised users and insider threats through integrated deception mechanisms and privileged remote access functionality is introduced for business and Operational technology (OT) systems.
Today, employees are highly mobile and important applications have been moved to the cloud and are no longer within the corporate network, which is protected by a secure perimeter. This fundamental shift towards cloud and mobility requires companies to abandon the old, network-centric VPN approach in favor of a modern user- and application-centric security model. Such an approach is based on zero-trust and establishes a direct connection from the user to his private application, which is secured by dynamic identity and context-dependent control.
“The volume of cyber attacks and data breaches has increased across all industries and the threat situation from state actors and advanced attack methods has escalated,” says Tony Paterra, Senior Vice President of Emerging Products at Zscaler . “As enterprise applications move more and more to the cloud and hybrid workstations become the norm, a zero trust architecture is needed to support distributed users, devices, applications and workloads. With the help of our Next Generation ZTNA solution, secure access to private applications is easy to manage and offers extensive protection. It contributes to the transformation of traditional network security and helps to minimize the attack surface and to prevent modern attacks.“
Secure access to private applications by ZTNA is an important pillar of SSE and Zscaler’s cloud security platform helps to meet modern business and security requirements. A holistic zero trust architecture replaces traditional VPNs. As a result, employees receive a remote access solution that provides unsurpassed security and at the same time offers an excellent user experience. Zscaler defines its Next Generation ZTNA offering through the following innovations:
Private App Protection
Based on more than 10 years of experience in inline inspection to secure Internet traffic and SaaS apps, Zscaler’s platform offers new preventive security controls that prevent compromised users and attackers from abusing private applications and services. These innovations include inline inspection of private app traffic to stop the most common attacks, including the OWASP Top 10, with constantly evolving defenses by the Zscaler ThreatLabZ research team and support for custom signatures.
An industry-wide novel deception mechanism with integrated app baits enables the detection of lateral movements of modern attacks. With this new feature, the Zscaler platform reduces fatigue from constant alerts. Alerts triggered by baits can detect compromised users and insider threats, and these users can be blocked from accessing. This is ensured by the integration with the Zscaler Zero Trust Exchange platform.
Privileged remote access for industrial IoT and OT systems
Building on the existing browser-based access functions, the Zscaler platform has been extended to support Remote Desktop Protocol (RDP) and Secure Shell Protocol (SSH) for unmanaged devices, both for IIoT/OT devices and for private apps. These features enable secure, direct remote access for third parties, which is why companies can introduce zero Trust connectivity for IoT devices and thus abolish VDI solutions for private applications.
The new features go hand in hand with the requirements for an SSE solution and set a new standard for the management of a Secure Access Service Edge (SASE) architecture. The new features are now available to customers as part of Zscaler Private Access (ZPA) or as a separate option depending on the ZPA edition.
“Zero Trust has become an integral part of our M&A integration strategy and implementation at Sanmina. By working with Zscaler, we were able to ensure the productivity of our acquired employees from day one and thus create immediate added value“” says Matt Ramberg, Vice President of Information Security at Sanmina. “The advantage of Zscaler’s Next Generation Zero Trust Network Access platform is that our users get fast, hassle-free access to the applications they need, while the IT department has virtually reduced our cyber risk to zero – including protection against zero–day attacks that could crash our private applications. Zscaler Private Access has become an indispensable tool for our users and has changed the way we operate mergers & acquisitions.“
“Zscaler Private Access has significantly accelerated our transition to Zero Trust by replacing our legacy VPNs with true user-to-app segmentation that minimizes our external attack surface and eliminates lateral movement,” says John Pratezina, Senior Network Operations Administrator, Commonwealth Superannuation Corporation (CSC). “The introduction of the built-in deception feature in ZPA helps us track down compromised users and insider threats, which gives us another line of defense against sophisticated attackers and more insight into their tactics. By integrating these new features into our incident response process, we now have the most reliable alerts and the strongest security measures.“
“The demand for ZTNA is growing rapidly, as companies are now looking for solutions that are scalable, support all use cases and ward off threats in a way that older VPN tools have never been able to,” says Christopher Rodriguez, Research Director, Security &Trust at IDC. “The new Zscaler ZPA functions meet the core requirements of companies that are taking the important step of modernizing their security architecture.”