The Fast Mode spoke to Glen Pendley, Chief Technology Officer of Tenable on the impact of traffic visibility on ZTNA networks. Glen joins us in a series of discussions with leading cybersecurity and networking vendors, assessing the evolution of ZTNA technologies, the roadmap for ZTNA deployments, the benefits of ZTNA for enterprise and telco networks, and the need for real-time traffic visibility technologies such as DPI for ZTNA.
Ariana: Why is ZTNA the future of enterprise security?
Glen: Zero Trust Network Access (ZTNA) is increasingly pegged as being the future of enterprise security due to its ability to adapt to modern network environments. These are challenging networks that often include private, public and multi-cloud deployments, remote workforces, and a variety of interconnected IoT and OT devices.
Traditional security models, which historically relied heavily on the concept of implementing a secure perimeter (like VPNs), are less effective at handling these complex, constantly changing, cloud-based environments.
ZTNA addresses these challenges by implementing strict verification protocols for every interaction, user and device before granting access to internal resources. In essence it is about “trusting no one, and verifying everything.”
This approach is especially pertinent given the increase in remote workforces and the vulnerabilities associated with consumer devices and unsecured networks. ZTNA offers centralised control, scalability, flexibility, and granular access controls, which are crucial for modern enterprise security needs especially when dealing with diverse and dispersed digital infrastructure. Making it a suitable fit for contemporary and future enterprise security landscapes.
Ariana: What do you consider are the core features (must haves) of ZTNA?
Glen: There are 5 core must have features for ZTNA:
- Visibility of the overall infrastructure and services: Organisations often struggle to identify everything across the attack surface and understand the hygiene of those systems. The widespread adoption of SaaS, remote work structures, the integration of operational technology and third-party services has given rise to a multifaceted attack surface. In this regard, the foundational principle of “never trust, always verify” extends beyond merely scrutinizing user credentials to now encompassing a thorough evaluation of the assets users interact with and the level of access granted post-authentication.
- Segmentation and Isolation: Critical in preventing domain-wide breaches, ZTNA's ability to segment and isolate systems enhances security by containing potential threats within manageable boundaries. By compartmentalising the network, ZTNA ensures that any potential threats are confined to limited areas, thus mitigating the risk of a domain-wide security crisis.
- Integration with Data Lakes and APIs: ZTNA's effectiveness is augmented by its integration with data lakes and APIs, which facilitate the gathering and analysis of critical security data, thereby enhancing threat detection and response.
- Policy-Driven Access Control: ZTNA is characterised by its granular, policy-driven approach to access control, focusing on entitlement and the environment as much as on authentication. Leveraging policy-drive access control also means policies can be dynamically adjusted based on real-time security intelligence and user behaviour.
- Adaptability to Complex Environments: ZTNA is tailored to address the complexity inherent in modern IT infrastructures, including cloud environments, remote access scenarios, and evolving attack surfaces. ZTNA is inherently flexible and responsive and thus can keep up with IT infrastructures that are constantly in flux in today’s business environment.
These core features allow ZTNA to function as an intelligent and robust framework that can navigate and secure complex behemoths that are today’s network environments.
Glen Pendley is chief technology officer (CTO) at Tenable, where he is responsible for driving the company's long-term vision, strategy and continued product innovation. Glen has more than 20 years of experience in the industry and deep roots leading cutting-edge engineering, research and product teams for global cybersecurity brands. Before his role as CTO, Glen served as Tenable's deputy CTO and senior vice president of research & development where he led the global engineering and security research teams. Prior to joining Tenable, he was director for research, development and product management at McAfee, Inc., where he oversaw engineering and product functions across the globe. Glen serves as an executive advisor to a number of companies and began his career in the United States Marine Corps.
This interview is a part of The Fast Mode's Next-Gen DPI Traffic Visibility for ZTNA segment, featuring over 40 leading cybersecurity and networking solution providers and their views on the importance of traffic visibility for ZTNA. A research report on this topic will be published in January 2024 - for more information, visit here.
