How To Create a More Secure World: replacing inadequate VPNs with ZTNA Follow-up
Director and Principal of Security, Versa Networks
July 21, 2023
Recently, Versa hosted a webinar to discuss how security and networking teams can create a more secure world by replacing inadequate VPNs with ZTNA. Due to the global pandemic and the rise in remote work organizations have been forced to review how they provide remote and hybrid workers access to IT resources. Existing solutions based on virtual private networks (VPN) cannot keep pace with the scale of remote users and often lead to a poor end user experience. And threat actors know that VPNs are easily compromised – and give open access to the underlying network. New security challenges present themselves that traditional remote access solutions were not designed to solve. To address this new reality, organizations are turning to Zero Trust Network Access – verifying identity, device, and application to enhance security and experience.
Since this webinar, I wanted to address questions I received about implementing a ZTNA solution.
The most common question focuses on how this can provide a reduction in complexity if the solution is offered as a service. This really depends on the vendor being chosen and exactly how they allow organizations to connect to their environment. A preferred method for this is to utilize a software-defined wide area networking (SD-WAN) solution with natively integrated security capabilities to deliver the best user and application experience while also enforcing all aspects of security. This allows an organization to connect to the cloud security platform, perform minimal configurations, and allow the solution to become more dynamic to meet the organizations needs quickly and easily.
We also received several questions on visibility. Because a ZTNA solution can establish trust using more than just user credentials, an organization can gather insight to users such as the posture of the machine, the location of that machine, security analysis on the traffic that machine generates to identify anomalies. If using a SD-WAN technology, then an organization can even get deep analytics from the traffic to help identify potential problem spots in order to remediate issues.
The third most common question that I received was about reducing the attack surface and how this helps increase the security posture vs. applying stringent policies to users. Most ZTNA providers use obfuscation to reduce the attack surface. This allows an organization to protect the enterprise’s identity and location, protect the traceability of your communications, and protect your network operations by implementing moving-target defense techniques by preventing traditional tools such as port scanners, NMAP scanners, etc. from “crawling” the network to discover the internal IP addressing and mapping the environment.
ZTNA is an easy, low impact solution to implement to start a ZTNA journey. If you are interested in knowing more about what Versa Networks offers for ZTNA, hit the Contact Us and drop us a line. We will get you in touch with a security expert to help identify the right security architecture from Versa Networks to fit your security needs.
