Background: Modernizing Network Security for a Global Enterprise
A global aerospace and defense company, operating complex and distributed networks, sought to modernize its cybersecurity infrastructure. The organization recognized the limitations of its existing security solutions, specifically looking to replace a legacy Network Access Control (NAC) system (such as PacketFence). The challenge lay in implementing a robust, next-generation security framework capable of securing diverse user communities and network segments, including VPN users behind various firewall solutions on multiple downstream subnets, which made traditional ARP enforcement impossible.
Seeking Unified Control and Operational Efficiency
The company aimed for a comprehensive security solution that could provide advanced network access control functionalities while also addressing broader Zero Trust Network Access (ZTNA) requirements. A key consideration was to find a single, unified platform that inherently included NAC capabilities, thereby avoiding the complexity and overhead of managing separate solutions. This approach would streamline security management and enhance operational efficiency across their global footprint.
Solution: Genians ZTNA On-Prem – Rapid Adoption, Comprehensive Capabilities
The company initiated a Proof of Concept (PoC) with Genians ZTNA On-Prem version. Impressively, after just one month of testing, the company made a decisive move to subscribe, purchasing a Genian ZTNA On-Prem 1000 Annual Subscription. This choice allowed for a beneficial shift from traditional CAPEX (Capital Expenditure) to OPEX (Operational Expenditure), providing greater budget flexibility and predictability. This rapid adoption underscored their confidence in Genians’ solution.
The strategic choice to deploy Genian ZTNA was driven by its comprehensive nature: Genian ZTNA inherently includes and builds upon robust NAC functionalities, offering a unified platform for both network access control and advanced Zero Trust capabilities.
During the PoC and initial deployment, the company extensively tested and successfully implemented key features:
- Advanced Enforcement Modes: They rigorously tested both ARP enforcement and In-Line On-Prem enforcement. For user communities behind specific firewall solutions (e.g., pfSense firewall) on multiple downstream subnets (including VPN users), where ARP enforcement was not feasible, they successfully tested legacy In-Line enforcement as an option.
- Genians’ Responsive Development: Genians demonstrated exceptional agility by directly responding to the client’s unique needs during testing. This included:
- Improving the In-Line mode to automatically create nodes for any source IPs the sensor observed packets from.
- Improving the Global Mirror Enforcement Mode to recognize ZTNA Permissions Policies.
- Seamless Identity Integration: Genians ZTNA was successfully integrated with SAML, utilizing a leading Identity Provider (IdP) (such as Keycloak).
Summary: Accelerated Security Transformation and Future Expansion
By selecting Genians ZTNA On-Prem via an Annual Subscription, the global aerospace and defense company achieved a rapid and successful security transformation. The decision to move directly to ZTNA, recognizing its inherent NAC capabilities, provided a unified and comprehensive security framework.
A Blueprint for Scalable, Integrated Security
This implementation demonstrates the power of Genians ZTNA in delivering robust network access control and advanced Zero Trust security across complex, distributed environments. The successful integration of various enforcement modes and identity providers showcases the solution’s flexibility and adaptability. Based on this successful initial deployment, the company plans to expand the Genian ZTNA solution company-wide, establishing a scalable, integrated security posture that meets the rigorous demands of a global enterprise. This case serves as a compelling blueprint for organizations seeking to consolidate their security tools and accelerate their journey towards a comprehensive Zero Trust architecture.
