Palo Alto Networks today urged the industry to move to Zero Trust Network Access 2.0 (ZTNA 2.0) — the foundation for a new era of secure access. ZTNA was developed as a replacement for virtual private networks (VPNs) when it became clear that most VPNs did not adequately scale and were overly permissive, but the first-generation ZTNA products (ZTNA 1.0) are too trusting and can put customers at significant risk. ZTNA 2.0 solves these problems by removing implicit trust to help ensure organizations are properly secured.
“This is a critical time for cybersecurity. We are in an era of unprecedented cyberattacks, and the past two years have dramatically changed work — for many, work is now an activity, not a place. This means that securing employees and the applications they need is both harder and more important,” said Nir Zuk, founder and chief technology officer at Palo Alto Networks. “Zero trust has been embraced as the solution — and it is absolutely the right approach! Unfortunately, not every solution with Zero Trust in its name can be trusted. ZTNA 1.0 — for example — falls short.”
For modern organizations where hybrid work and distributed applications are the norm, ZTNA 1.0 has several limitations. It is overly permissive in granting access to applications because it can’t control access to sub-applications or particular functions. Additionally, there is no monitoring of changes in user, application or device behavior, and it can’t detect or prevent malware or lateral movement across connections. ZTNA 1.0 also cannot protect all enterprise data.
ZTNA 2.0-capable products, such as Palo Alto Networks Prisma Access, help organizations meet the security challenges of modern applications, threats and the hybrid workforce. ZTNA 2.0 incorporates the following key principles:
- Least-privileged access — enables precise access control at the application and sub-application levels, independent of network constructs like IP addresses and port numbers.
- Continuous trust verification — after access to an application is granted, continuous trust assessment is ongoing based on changes in device posture, user behavior and application behavior.
- Continuous security inspection — uses deep and ongoing inspection of all application traffic, even for allowed connections to help prevent threats, including zero-day threats.
- Protection of all data — provides consistent control of data across all applications, including private applications and SaaS applications, with a single data loss prevention (DLP) policy.
- Security for all applications — consistently secures all types of applications used across the enterprise, including modern cloud native applications, legacy private applications and SaaS applications.
New Prisma Access Capabilities
Palo Alto Networks Prisma Access is the industry’s only solution that meets today’s ZTNA 2.0 requirements. Prisma Access protects all application traffic with best-in-class capabilities while securing both access and data.
New additions to Prisma Access announced today add the following capabilities:
- ZTNA connector — simplifies the process of onboarding cloud native and traditional applications into the service, helping make ZTNA 2.0 easier to deploy and more secure.
- The industry’s only unified SASE product — providing a common policy framework and data model for all SASE capabilities, managed from a single cloud management console.
- Self-serve autonomous digital experience management (ADEM) — helps proactively notify users of issues that require prompt attention and provides them with guidance on how to remediate.
Prisma Access is generally available today with full support for ZTNA 2.0. The new ZTNA connector, unified SASE, and self-service ADEM will be available in the next 90 days.