With three years of pandemic behind us, people have for some months now been returning to their physical workplaces. Many, however, indicate that they prefer to continue working remotely. For most, of course, this means working from home from laptops and all manner of smart connected endpoints, from tablets to phones to IoT devices. IT managers have responded to this large-scale Work-from-Home (WFH) migration by hastening the move to Cloud-based solutions and doubling-down on cloud infrastructure, application, and data-hardening measures.
Legacy and on-premise environments, at the same time, require as much security protection focus as ever. Whether in the form of Windows systems that may now be end-of-life, environmental control systems such as HVAC and physical plant security deployments, or Point of Sales (PoS) systems, these all require cybersecurity attention as well. Indeed, as malware attacks continue on an upward trajectory year-over-year, and as stories of data exfiltration breaches likewise show no signs of abating, it’s clear that cybersecurity efforts across evolving network environments – from wired to wireless, campus to remote, on-prem to cloud, and legacy to IoT – continue to face significant challenges from cybercrime adversaries.
Is NAC right for your evolving network?
Beginning in 2005, NAC earned a reputation for providing effective access control for campus networks. But with the introduction of cloud systems, and the steady increase in malware and cyberthreats in general, it became clear over time that NAC alone wasn’t sufficient to address the full range of emerging infosecurity threats. Designed as an access control method for campus network environments, NAC was never meant to secure the ever-growing array of services and applications in the Cloud. What, then, was the right approach for protecting the quickly evolving world of “everything Cloud?” Should one consider stacking additional security solutions, like VPN and CASB, on top of NAC? With network, service, and data all quickly evolving in multi-vendor, multi-domain deployments, developing the best security solution for an organization’s needs was anything but trivial. Recognizing that, what were responsible infrastructure managers to do?
Is Zero Trust Network Access (ZTNA) a compelling solution?
More recently, Zero Trust Network Access has emerged as a compelling solution for securing remote access. Indeed, some cybersecurity practitioners have come to think of ZTNA as “a VPN solution on steroids,” even though legacy VPN technology has several limitations for remote access, such as:
- No granular network and application access control
- A lack of control on unknown or unmanaged BYOD, IoT devices
- A single point of failure if the VPN server is compromised
- Can be difficult to manage and configure, especially for large networks
- Can be vulnerable to attacks such as credential theft and man-in-the-middle attacks
- May require additional hardware or software to implement
- No secure access to cloud workloads and Infrastructure as a Service (laaS) including Amazon Web Services (AWS), Microsoft Azure, Google Cloud, and other Cloud Service Providers.
Having said that, is ZTNA truly the right answer for securing remote as well as campus networks?
“Default Allow” vs “Default Deny”
The key feature of ZTNA is that it provides explicit access only to appropriate IT assets and services, which can reside anywhere based on the specific user’s role and access privileges. This is a significant change from traditional NAC and VPN configurations, which operated in “Default Allow” mode. Thus, with ZTNA, IT security practitioners should adopt a “Default Deny” approach, no matter the specific access under considerations. In short, every time an entity (user, group, system) requests access to another network entity, all key characteristics that describe the requestor must be thoroughly interrogated: from user privileges to device security posture and on to include any relevant contextual information. Only then should access be granted. But how can we apply this approach to all campus and remote sites seamlessly?
Universal ZTNA is NAC-driven ZTNA
Gartner, seeing a gap between ZTNA and NAC, proposes deploying “Universal ZTNA.” Basically, the concept of Universal ZTNA is to ensure it is applied everywhere – securing from campus networks to remote sites, mobile users, and to all Cloud-based resources.. Simply stated, the following benefits can accrue from using Universal ZTNA:
- Security everywhere for all users, devices, and workloads
- A consistent and reliable user experience
- Real-time security posture checking and remediation
- Integration of ZTNA into Secure Access Service Edge (SASE) and SD-WAN solutions
- Reduction in maintenance costs (OpEx to CapEx)
What then would be the best way to implement Universal ZTNA?
Since Genian NAC was introduced back in 2005, it has supported the “Default Deny” approach by leveraging Genians’ non-disruptive Network Sensor. Now, Genians simply extends its Network Sensor capabilities to secure remote access and cloud resources. Basically, the Network Sensor acts as a Cloud Gateway to control all traffic coming from various remote sites & users and arriving at any managed destination. As a result, you can seamlessly secure campus or remote sites using a single platform, Genian ZTNA.
Genian ZTNA, A single platform for NAC-driven ZTNA
Genians thus extends its NAC capabilities to support Zero Trust Security initiatives by introducing Genian ZTNA, which establishes a trusted path for secure access from various endpoints anywhere to critical IT resources, whether they exist in On-prem, in the Cloud, or in Hybrid environments. Genian ZTNA also encompasses the following capabilities:
- Non-disruptive Layer 2 based Network Sensing Technology
NAC for Devices, Users, Applications, and Services in Wired, Wireless, Virtual, and Cloud Networks - Device Platform Intelligence (DPI) and Microsegmentation (over 1,000 conditions)
- Federated Authentication Methods (AD, SSO, RADIUS, MFA, SAML 2.0, FIDO)
- Secure Remote Access Anywhere, Anytime (from VPN to Universal ZTNA)
- Endpoint Security and Actionable Compliance (PCI, HIPAA, NIST, ISO 27002)
- IP Mobility, BYOD, Guest Management
- Multi-layered Policy Enforcements: ARP, 802.1x, Secure Web Gateway (SWG), Agent
- Flexible and Dynamic Deployment (On-premise, Cloud, Hybrid)
- Security Service Edge (SSE), White-labeled SASE Solution for MSSP
Seeing is believing
Just like this: Genian ZTNA delivers the most essential cybersecurity features for Zero Trust Security in an all-in-one format, while also offering flexible deployment options with an affordable pricing model. Come visit us to get started right away. No sales call. No credit card needed.