The Fast Mode spoke to Sachin Natu, Vice President of Product Management at Ivanti on the impact of traffic visibility on ZTNA networks. Sachin joins us in a series of discussions with leading cybersecurity and networking vendors, assessing the evolution of ZTNA technologies, the roadmap for ZTNA deployments, the benefits of ZTNA for enterprise and telco networks, and the need for real-time traffic visibility technologies such as DPI for ZTNA.
Ariana: How has ZTNA transformed today’s networks and what are its greatest benefits?
Sachin: ZTNA dramatically enhances the security of application access in today’s network. ZTNA architecture protects against cyber threats that have become more damaging as the economy becomes more networked/digital. In a typical attack, a single user is compromised to gain access to the network. Once bad actors gain access to the network, they can spread to all parts of the network / all applications. Providing known and trusted users access to specific applications based on their entitlements secures the network.
This application access provided by ZTNA is specifically suitable when many enterprises are using a hybrid deployment model for their applications, where applications are now hosted on public clouds such as AWS, Azure, and GCP in addition to private DCs. In this distributed app deployment, ZTNA provides comprehensive security, where no single element is ever fully trusted and every part of the solution is continuously verified for security/integrity.
Ariana: What do you consider are the core features (must have) of ZTNA?
Sachin: We consider the following key principles to deliver a true “Zero Trust” solution to customers:
- The user is provided access to specific applications based on their entitlement. The user does not get network access. This capability removes lateral movement risks that may be present in network access methodologies.
- Application access is given only from a known enrolled device. The device security posture is an important consideration for providing access to a specific application.
- User identity is verified with advanced MFA and password-less authentication techniques.
- All data is secured with advanced encryption in transit and at rest.
- A continuous real-time risk assessment by monitoring risk signals from all parts of the network – from device posture to user behavior to gateway status is performed on a cloud-hosted data lake with sophisticated error correlation and analysis.
- Adaptive real-time policy-driven action to control application access based on various risk assessments.
Sachin Natu is a Vice President of Product Management at Ivanti responsible for network security products such as Ivanti Neurons for Zero Trust Access, VPN, and Unified Clients. He is spearheading efforts to drive seamless migration from older VPN architecture to modern Zero Trust Architecture under a unified Secure Services Edge offering.
This interview is a part of The Fast Mode's Next-Gen DPI Traffic Visibility for ZTNA segment, featuring over 40 leading cybersecurity and networking solution providers and their views on the importance of traffic visibility for ZTNA. A research report on this topic will be published in January 2024 - for more information, visit here.
