Secure your corporate network against cybercriminals using Zero Trust Network Access.
Zero–Trust (Network Access)
What is Zero Trust?
In a nutshell, Zero Trust assumes that every user, device and service that attempts to connect to a network or application is hostile until proven otherwise. The fundamental principle of Zero Trust is to secure an organization’s data wherever it resides. Only legitimate users, devices and entities are granted access to relevant data sources and assets.
Zero Trust addresses security issues an organization faces when it stores data in multiple locations, both within its own network and in private and public cloud environments, and allows broad access to that data by employees, contractors, partners, vendors and other authorized users, who use their own devices over which the organization has no direct control. Zero Trust itself is not a specific security architecture, product or software solution, but rather a methodology for secure access that requires an organization to rethink its security strategy and network architecture. The key to zero trust is understanding who is requesting access, what device the request is coming from, and then linking that request to an access policy by application or asset.
Essentially, Zero Trust is a whitelist method for granting access to specific enterprise applications based on the identity of the user, the device being used and the behavior or context within which it occurs.
What are the basic principles of the zero trust model?
The network is always hostile: before zero trust, it was assumed that if you connect to a known network, you could be fairly certain that the network is secure. From the zero trust principle, a known network is inherently insecure.
Accept that external and internal threats are always on the network: traditional cybersecurity assumed that the network was secure until a threat was detected. Zero trust turns this model on its head.
Knowing the location of the corporate network or cloud provider is not enough to trust a network: traditional security rules based on IP addresses are no longer secure.
Authenticate and authorize every device, user and network flow: a zero trust model authorizes and authenticates user access through per-session least-privilege access.
Implement a security policy that is dynamic and holistic: data analytics should be based on as many data sources as possible. These provide monitoring and proactive threat detection across the architecture.
Zero Trust Network Access
Zero Trust Network Access is a concrete implementation of the Zero Trust Security model:
- User identity gets even better In addition to traditional login credentials and multi-factor authentication, now the device is also part of the identity.
- The security status of the device is checked before access can be granted to the requested resources. A distinction can also be made between corporate and private devices. Some solutions mandate the use of Mobile Device Management.
- Access is granted only to those applications and resources to which you are authorized, and this according to the ‘least privilege’.
Barracuda Networks
Barracuda’s ZTNA solution is a mobile first and BYOD first solution that can be used without MDM dependency.
The CGA (CloudGen Access) integrates with your existing IAM / Single-Sign-On solution (Azure AD, Google Suite, One Identity, Okta, SAML, …), enabling a quick implementation. All applications that use this underlying authentication are now controlled by CGA.
To access these applications, the user needs a CGA client on their device. This client is available for all types of mobile devices and operating systems imaginable. As soon as the user accesses a secure application, all zero-trust checks are performed by CGA and a tunnel specific to this application is built to a proxy (mTLS).
The CGA client intercepts all DNS requests from the device. This allows not only detection and control of the use of the enterprise application, but also Web (URL filtering) and DNS security. So it is ideal for your employees to work securely anywhere.
The CloudGen Access offers the following benefits:
- Replace your traditional VPN (read: access to your entire network) with a Zero-Trust solution that only allows access to specific applications and resources without impacting client performance and battery.
- Provide contextual access using policies based on the role of the user or based on different attributes (RBAC/ABAC)
- Ideal solution to give both employees, contractors and partners just the access they need
- Your data remains yours at all times and does not leave your network
- Add an extra layer of security against phishing attacks thanks to DNS Security at the level of the user’s device
- URL and content filtering using web categories at the level of the user’s device
- Compliancy: gain control and insight into who is using which applications, when and with which devices (PCI-DSS, NIST-800, HIPAA)
- Easy management even in complex, multi-cloud and hybrid environments
Cato Networks SDP
Cato Networks offers an integrated client-based and clientless remote access solution as part of the Cato Cloud. Users benefit from optimized and secure access to all on-premises and cloud-based applications while at home or on the road. Cato enforces strong authentication and granular access control, as well as deep packet inspection of all traffic against threats. Cato’s cloud-scale global platform seamlessly supports any number of users and applications worldwide.
A client is installed on the user’s mobile device. This tunnels all traffic to the nearest Cato Cloud dial-up point.
Within the Cato Cloud, security policies are applied and the user is given access to those resources and applications they are entitled to. Internet traffic is also subjected to deep packet inspection. In short, the ideal solution to give your users secure and high-performance access to the Internet and the authorized applications.
The benefits:
- Secure access and authentication: Cato Cloud enforces multi-factor authentication and applies granular policies to access approved on-premise and cloud applications. Users are never granted unlimited access to the network layer.
- Scalability: the ZTNA is an integral part of the Cato Cloud, a global cloud architecture that scales with all your users, no matter where they are located.
- Permanent threat prevention by applying “deep packet inspection” to all traffic, not only from the applications, but also to all user Internet traffic.
- Optimal end-to-end performance thanks to Cato’s global private backbone, delivering a consistent and optimized user experience.
Sophos ZTNA
Sophos is best known for its powerful nextgen endpoint security solution: Intercept X. If you are already using this solution, all you have to do is activate the ZTNA functionality in the central management portal and you don’t need to install any additional client software. ZTNA and Intercept X work closely together to secure access to applications and are in constant dialogue with each other. Thanks to this synchronized security, compromised systems are automatically isolated from applications and the network.
The benefits:
- Central cloud management platform
- Synchronized protection between the different security solutions of Sophos: ZTNA, Endpoint, Firewall, Wireless, Mobile and Server
- Deploy the ZTNA agent alongside your endpoint protection with just one mouse click
- Get at-a-glance visibility into your application activity and security status
Why choose Kappa Data?
Technical expertise
Kappa data supports resellers and customers with extensive technical knowledge, training and guidance. Our certified technical and presales teams are always there for you!
Personal touch
At Kappa Data, you enjoy a particularly personal as well as professional approach, from quick quotes to demos and customer-friendly service with your regular contacts. We are there for you.
Outstanding service
Kappa Data is a value-added distributor that thinks solution-focused with you. We always ensure a good relationship between all parties and mediate conflicts where necessary.
What our customers say
“A more than reliable partner for more than 20 years.”
Snijders Compuservice, Jef Snijders
