ZTNA vs. VPNs: Solving for the Status Quo
VPNs are the status quo of cybersecurity. While they’re capable of conducting “posture checks” that ensure users have anti-virus tools activated or are logging in from trusted devices, these posture checks are fire-and-forget.
“They’re one-time checks,” says Steven Austin, regional systems engineer at Fortinet. “If the posture of that device changes after users have connected to the VPN, there’s nothing that can be done.” In addition, VPNs have no insight into the content they’re delivering. This means that if attackers can compromise VPNs, they can become conduits for malware to make its way onto corporate networks.
ZTNA takes a different approach. Instead of assuming trust after a single check, zero-trust models continuously verify users, behaviors and devices. This makes it possible for IT teams to detect and identify potential problems, whenever and wherever they occur.
68%
The percentage of IT leaders who say that last-generation cybersecurity tools such as firewalls and VPNs lack the strength to facilitate secure digital transformation.
Source: Venturebeat.com, 2023
What are the Benefits of ZTNA?
ZTNA offers multiple benefits for companies, including:
- Continual operation. ZTNA works constantly in the background to verify users, check posture, identify changes and — if necessary — terminate sessions to protect business networks.
- Attack surface reduction. “In a traditional VPN network, remote desktop protocol access requires a rule that allows TCP port 3389 to get through,” Austin says. “If an attacker connects, they can run a scanning tool to look for these open ports and tell what services are available.” Zero-trust frameworks reduce a company’s overall attack surface by hiding business-critical applications and network conditions from the internet.
- Routine verification. Users are verified and authenticated when they first connect to an application or service, and then are verified at regular intervals to ensure their posture has not changed.
- Security in every location. With employees now connecting from home offices, airports and coffee shops, security anywhere is paramount — and it depends on key device characteristics. According to Austin, “If you’re using ZTNA, you can verify that the device being used belongs to your organization. You could look for registry entries and active directory group membership, or even write a hidden text file to all authorized devices and scan for that file before authorizing connection requests.”
LEARN MORE: Explore how SASE can help your business achieve a zero-trust framework.
How Fortinet Facilitates ZTNA
Austin notes, “The most important thing for people to understand is that ZTNA is not a product. Instead, it’s a process built into the core of multiple products. It’s the interaction of these products that makes zero trust possible.”
For Fortinet, facilitating ZTNA is all about the security fabric: creating an interwoven framework that connects multiple solutions to deliver zero trust.
“All of our products communicate with the security fabric,” Austin says. “By default, posture checking happens once per minute. The fabric is synced across solutions, and all data is reported upstream.” This facilitates both automatic actions and incident notifications.
For example, if an employee connects using a remote desktop protocol and then turns off his or her firewall, that employee is automatically dropped from the network. He or she won’t be able to reconnect until the security posture matches network policy.
DISCOVER: Learn about how you can bolster your security solutions today.
With more than 50 security products capable of ongoing communication, Fortinet provides a single-vendor source to help companies create a comprehensive security fabric. Austin puts it simply: “ZTNA is a process enabled by communication.” The Fortinet fabric facilities this conversation.
Brought to you by:
