The Fast Mode spoke to Aaron Bugal, Field Chief Technology Officer of Asia Pacific & Japan at Sophos on the impact of traffic visibility on ZTNA networks. Aaron joins us in a series of discussions with leading cybersecurity and networking vendors, assessing the evolution of ZTNA technologies, the roadmap for ZTNA deployments, the benefits of ZTNA for enterprise and telco networks, and the need for real-time traffic visibility technologies such as DPI for ZTNA.
Ariana: Why is ZTNA the future of enterprise security?
Aaron: We’re at a point where technological advances have seen the proliferation of always-on and connected devices spread across all facets of our personal and professional lives. And with internet connectivity being readily available, reliable, and fast enables us to work anywhere. The traditional method of ring-fencing our desktops and servers is no longer a best practice. Instead, we need to accept that the model of shrinking our perimeters down to our client-access systems and enforcing constant evaluation of a device’s health, activity, and conformance to policy is the best way to ensure secure access to services and data.
The added benefit is that ZTNA is just not a product that you can purchase. It also enforces organisations looking to adopt zero trust to understand how information systems are accessed, and requires the creation of policies that maintain “trusted access is only ever granted when it’s both ultimately needed and when the accessing system has a verified healthy posture.” These improvements in process and policy within an organisation can be cathartic and go on to promote an overall increase in cyber resilience well before ZTNA is fully implemented.
Ariana: How important is traffic visibility for ZTNA vendors?
Aaron: Understanding the applications that are being requested and accessed by your fleet of systems can provide analytical insight and allow you to best understand typical patterns of use. Take the example of an organisation deciding to procure a specific cloud storage product and providing its users with access. It wasn’t until post-deployment of the new cloud tool that they discovered the persistent use of other cloud storage tools outside of the sanctioned application recently purchased. With the analytical data showing the users and their departmental memberships, this allowed the information management team to discuss with this group leader why an alternative application was used. It turned out the sanctioned application wasn’t evaluated for ease of sharing communal information outside of the business and forced this group to devise their own method. This scenario, also known as shadow IT, was only exposed by the insight and analytics around users and their normal patterns. This scenario is a bigger problem than many realise, as we’ve seen many user-side applications exist within environments that are unsanctioned, improperly configured, and in some cases left unpatched. This exposes a great deal of risk to the business if an application that is unpatched and unchecked is used to access a malicious resource that could in turn trigger a vulnerability – it could be an information disclosure right up to a remote code execution on the client side. An interesting fact comes from our Sophos incident response services, typically we see application vulnerabilities used by attackers to gain access to an environment. Those vulnerabilities existed in products in use everyday by the business, but they had no awareness or process to check if the application needed maintenance. If they had awareness of the applications being used and addressed their vulnerabilities, an attack could have been avoided.
Aaron Bugal is the Field Chief Technology Officer of Asia Pacific & Japan at Sophos.
This interview is a part of The Fast Mode's Next-Gen DPI Traffic Visibility for ZTNA segment, featuring over 40 leading cybersecurity and networking solution providers and their views on the importance of traffic visibility for ZTNA. A research report on this topic will be published in January 2024 - for more information, visit here.
