In a nutshell, Zero Trust assumes that every user, device and service that attempts to connect to a network or application is hostile until proven otherwise. The fundamental principle of Zero Trust is to secure an organization’s data wherever it resides. Only legitimate users, devices and entities are granted access to relevant data sources and assets.
Zero Trust addresses security issues an organization faces when it stores data in multiple locations, both within its own network and in private and public cloud environments, and allows broad access to that data by employees, contractors, partners, vendors and other authorized users, who use their own devices over which the organization has no direct control. Zero Trust itself is not a specific security architecture, product or software solution, but rather a methodology for secure access that requires an organization to rethink its security strategy and network architecture. The key to zero trust is understanding who is requesting access, what device the request is coming from, and then linking that request to an access policy by application or asset.
Essentially, Zero Trust is a whitelist method for granting access to specific enterprise applications based on the identity of the user, the device being used and the behavior or context within which it occurs.
The network is always hostile: before zero trust, it was assumed that if you connect to a known network, you could be fairly certain that the network is secure. From the zero trust principle, a known network is inherently insecure.
Accept that external and internal threats are always on the network: traditional cybersecurity assumed that the network was secure until a threat was detected. Zero trust turns this model on its head.
Knowing the location of the corporate network or cloud provider is not enough to trust a network: traditional security rules based on IP addresses are no longer secure.
Authenticate and authorize every device, user and network flow: a zero trust model authorizes and authenticates user access through per-session least-privilege access.
Implement a security policy that is dynamic and holistic: data analytics should be based on as many data sources as possible. These provide monitoring and proactive threat detection across the architecture.
Zero Trust Network Access is a concrete implementation of the Zero Trust Security model:
Barracuda’s ZTNA solution is a mobile first and BYOD first solution that can be used without MDM dependency.
The CGA (CloudGen Access) integrates with your existing IAM / Single-Sign-On solution (Azure AD, Google Suite, One Identity, Okta, SAML, …), enabling a quick implementation. All applications that use this underlying authentication are now controlled by CGA.
To access these applications, the user needs a CGA client on their device. This client is available for all types of mobile devices and operating systems imaginable. As soon as the user accesses a secure application, all zero-trust checks are performed by CGA and a tunnel specific to this application is built to a proxy (mTLS).
The CGA client intercepts all DNS requests from the device. This allows not only detection and control of the use of the enterprise application, but also Web (URL filtering) and DNS security. So it is ideal for your employees to work securely anywhere.
Cato Networks offers an integrated client-based and clientless remote access solution as part of the Cato Cloud. Users benefit from optimized and secure access to all on-premises and cloud-based applications while at home or on the road. Cato enforces strong authentication and granular access control, as well as deep packet inspection of all traffic against threats. Cato’s cloud-scale global platform seamlessly supports any number of users and applications worldwide.
A client is installed on the user’s mobile device. This tunnels all traffic to the nearest Cato Cloud dial-up point.
Within the Cato Cloud, security policies are applied and the user is given access to those resources and applications they are entitled to. Internet traffic is also subjected to deep packet inspection. In short, the ideal solution to give your users secure and high-performance access to the Internet and the authorized applications.
Sophos is best known for its powerful nextgen endpoint security solution: Intercept X. If you are already using this solution, all you have to do is activate the ZTNA functionality in the central management portal and you don’t need to install any additional client software. ZTNA and Intercept X work closely together to secure access to applications and are in constant dialogue with each other. Thanks to this synchronized security, compromised systems are automatically isolated from applications and the network.
Kappa data supports resellers and customers with extensive technical knowledge, training and guidance. Our certified technical and presales teams are always there for you!
At Kappa Data, you enjoy a particularly personal as well as professional approach, from quick quotes to demos and customer-friendly service with your regular contacts. We are there for you.
Kappa Data is a value-added distributor that thinks solution-focused with you. We always ensure a good relationship between all parties and mediate conflicts where necessary.