Demystifying Zero Trust Network Access (ZTNA) : A Strategy For Evolving Secure Access
Demystifying Zero Trust Network Access (ZTNA) : A Strategy For Evolving Secure Access
Zero Trust is a network security model that trusts no one, regardless of their
location. Increasingly, trust can no longer be established based on whether a
user is “inside” or “outside” the network. Every user is vetted before – and during What’s the difference between Zero Trust as a security model and Zero Trust
– a connection, and every connection is governed by a policy that controls what Network Access as a security architecture?
resources can be accessed.
Zero Trust Model Zero Trust Network Access Architecture
Leveraging Zero Trust means that enterprises enhance their security posture by:
No “inside” or “outside” distinction Centralized authentication of user, devices,
applications, and stateful device security
compliance checks
3 4
Is it possible to augment your secure access architecture to achieve a Zero
Trust model without the extreme of throwing out your existing investments?
Zero Trust Network Access extends these
tenets by centralizing policy enforcement
Pulse Secure
so that every user – and their device – is Zero Trust
Zero Trust delivers several important capabilities: governed by a granular policy for every
Capabilities
resource they access. It authenticates
Zero Trust Network Access (ZTNA)—also known as Software Defined Perimeter every user before the connection is made,
ensuring that unauthorized users or Pulse Secure delivers a
(SDP)—can be gradually deployed, even in complex organizations.
devices are unable to access any resource comprehensive approach
whatsoever. to Zero Trust:
A hybrid model that encompasses both Zero Trust and ZTNA is possible.
• User identity,
ZTNA’s architecture lends itself to improved performance and scalability. Moreover, it also re-verifies a device’s including multifactor
security posture during a connection to authentication
Pulse Secure’s dual-mode capability offers investment protection, enabling you determine if the security state is no longer
• User role and
to use VPN and ZTNA architectures simultaneously. acceptable. In such cases, devices can be
permissions
quarantined or remediated, depending on a
policy set by the administrator. • Type and location of
the device used for
Finally, ZTNA renders resources “dark”. In access
other words, no DNS, internal IP address, • Stateful device
or visible port information is communicated compliance checks
until proper authorization takes place. before, and during, a
So, unauthorized users can’t traverse the connection
network, “looking” for resources to infiltrate. • Type of network used
This reduces the attack surface significantly (e.g. public hotspot)
by mitigating or eliminating numerous
threats like APTs and malware. • Per-application/per-
resource rules and
permissions
• Granular policy
enforcement
5 6
Unique Advantages of Pulse Secure Zero Trust Solutions
With Pulse Secure, you get Zero Trust today and can implement ZTNA architecture
when and where you need it.
1 Pulse Secure is a pioneer of VPN technology. Our proven expertise has been in Enhanced user experience: Comprehensive Endpoint Compliance:
establishing secure, protected connections—coupled with the most advanced Pulse’s unified client offers easy and seamless Offering the most comprehensive device
access options for multiple applications compliance for mobile, IoT and laptop/desktop
modes of user and device authentication, authorization and verification. simultaneously. devices, Pulse Secure employs an array of agent
and agent-less client assessment techniques to
2 Despite the new prominence of the term, Zero Trust has always been built into Simultaneous dual-mode connectivity: ensure that only compliant devices connect to
our Secure Access platform. Deploy industry-leading SSL VPN and ZTNA on
your network.
the same virtual or physical appliance depending
3 Pulse Secure’s Zero Trust addresses immediate access issues and data on how you want to treat individual applications Powerful, granular role-based
or resources. For example, certain legacy or non- access control:
protection concerns. At the same time, it enables organizations to implement sensitive applications may not warrant ZTNA and A high-performance policy engine, wizard policy
ZTNA for specific use cases as necessary. the additional requirements for access control. editing, and SSO capabilities enable unified
access closest to applications residing in multi-
4 With Pulse Secure, enabling Zero Trust does not require changes to existing Deployable across the entire infrastructure:
cloud or data centers.
Pulse SDP can be used on all networks and data
security or networking infrastructure, and it will only fortify access to centers—on-premise, private cloud and public Flexible Deployment:
designated resources while preserving user experience. cloud. Pulse Secure offers the industry’s most flexible,
Integration with existing SSO and scalable deployment options to choose from:
data center hardware or virtual appliances
identity solutions:
and private cloud, public cloud or SaaS. Pulse
Pulse Secure Zero Trust preserves integrations
Secure has been deployed among the largest
with identity solutions from providers such as Okta,
enterprises and service providers in the world
“
Ping Identity and Microsoft ADFS. In addition, Pulse
due to proven performance and scale.
SDP augments these identity-based integrations by
Zero trust network access replaces traditional technologies, which supplementing multi-factor authentication (MFA)
with in-depth device- and host-based security
require companies to extend excessive trust to employees and compliance checks.
partners to connect and collaborate. Security and risk management
leaders should plan pilot ZTNA projects for employee/partner-facing
applications.
SIMULTANEOUS
DUAL MODE
Pulse SDP DEPLOYS ACROSS
ON-PREM
Market Guide for Zero Trust Network Access, April 29, 2019, Gartner CONNECTIVITY
“ ENHANCED
PRIVATE CLOUD AND
ACCESS UX
PUBLIC CLOUD
9 10
ABOUT PULSE SECURE
Pulse Secure provides easy, comprehensive software-driven Secure
Access solutions for people, devices, things and services that improve
visibility, protection and productivity for our customers. Our suites
uniquely integrate cloud, mobile, application and network access to
enable hybrid IT in a Zero Trust world. Over 20,000 enterprises and
service providers across every vertical entrust Pulse Secure to empower
their mobile workforce to securely access applications and information in
the data center and cloud while ensuring business compliance.
Learn more at www.pulsesecure.net.
Copyright 2019 Pulse Secure, LLC. All rights reserved. Pulse Secure, Pulse Secure logo, and Pulse SDP are registered trademarks of Pulse Secure, LLC. All
trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Pulse Secure assumes no responsibility for any
inaccuracies in this document. Pulse Secure reserves the right to change, modify, transfer, or otherwise revise this publication without notice.