Palo Alto Urges Industry to Adopt Zero Trust Now

Palo Alto Networks has asked the industry to adopt the Zero Trust Network Access 2.0 (ZTNA 2.0), the foundation of a new era of secure access. ZTNA was developed as a replacement for Virtual Private Network (VPN) systems when it was shown that most VPNs did not scale well and were too permissive, but the first generation ZTNA products (ZTNA 1.0) are very trusting and can put customers at significant risk. The version ZTNA 2.0 addresses these issues by removing implicit trust to help ensure organizations are properly protected.

“This is a critical time for cybersecurity. We are in a time of unprecedented cyberattacks, and the last two years have radically changed work; For many, work is now an activity, not a place. This means that securing employees and the applications they use is more difficult and more important.”it states Nir Zuk, Founder and CTO of Palo Alto Networks. “Zero Trust has been adopted as the solution and it is absolutely the right approach. Unfortunately, not all solutions that carry the Zero Trust name are trustworthy. For example, ZTNA 1.0 has fallen short”.

Zero Trust has been adopted as the solution and it is absolutely the right approach

For modern organizations where hybrid working and distributed applications are the norm, ZTNA 1.0 has several limitations. It is excessively permissive when granting access to applications because it cannot control access to particular sub-applications or functions. Additionally, it does not have the ability to monitor changes in user, application, or device behavior, and cannot detect or prevent malware or traversal movement across connections. ZTNA 1.0 also cannot protect all company data.

ZTNA 2.0-compliant products, such as Palo Alto Networks Prisma Access, help organizations address the security challenges of modern applications, threats, and hybrid workers. ZTNA 2.0 incorporates the following key principles:

• Least privilege access: enables fine-grained access control at the application and sub-application level, regardless of network constructs such as IP addresses and port numbers.
• Continuous verification of confidence: once access to an application is granted, ongoing assessment of trust is based on changes in device posture, user behavior, and application behavior.
• Continuous security inspection: uses continuous, deep inspection of all application traffic, including allowed connections, to help prevent threats, including zero-day threats.
• Protection of all data: provides consistent data control across all applications, including private and SaaS applications, with a single data loss prevention (DLP) policy.
• Security for all applications: Consistently protects all types of apps used in the enterprise, including modern cloud-native apps, legacy private apps, and SaaS apps.

In a new report, John Grady, Principal ESG Analystit states: “The first generation/ZTNA 1.0 solutions fall short in many ways of delivering on the promise of true Zero Trust. In fact, they grant more access than desired. Furthermore, once access is granted in ZTNA 1.0 solutions, the connection is implicitly trusted forever, allowing a convenient exploit path for sophisticated threats or malicious actions and behaviors.”. Grady also notes: “It’s time for a new approach to ZTNA, which has been designed from the ground up to address the unique challenges of modern applications, threats, and a hybrid workforce.”

“Securing today’s hybrid workforce, with an increase in cloud and mobile technologies as well as evolving requirements can be challenging”comment Jerry Chapman, Engineering Fellow, Optiv. “Rethinking Zero Trust is essential for modern and hybrid organizations to prevent threats. Together with Palo Alto Networks, we are advising our customers to incorporate ZTNA 2.0 principles such as continuous identity and connection review across all of their domains to stay secure.”