Zero trust network access (ZTNA) versus remote access VPN

Remote access VPN has been a staple of most networks for decades, providing a secure method to remotely access systems and resources on the network. However, VPN was developed to mimic the experience of being in the office. Once you’re in, you’ve got broad access to everything.

Zero trust network access ( ZTNA ) , on the other hand , can be sum up in four word : trust nothing , verify everything . It ’s   base on the principle that any connection to your network should be treat as hostile until it ’s been authenticate , authorize , and grant access to resource .

simply put : with virtual private networking ( VPN ) , you is providing ’re provide broad network access . With ZTNA , you is providing ’re provide specific application access .

Traditional remote access VPN vs. ZTNA

There are several differences between traditional remote access VPN and ZTNA. Here are some important ones, covering trust, device health, administration, and more.

Trust

With remote access VPN, users are implicitly trusted with broad access to resources, which can create serious security risks.

ZTNA treat each user and device individually so that only the resource that user and device are allow to access are made available . instead of grant user complete freedom of movement on the network , individual tunnel are establish between the user and the specific gateway for the application they ’re authorize to access – and nothing more .

Device health

remote access VPN is has has no awareness of the health state of a connect device . If a compromise device connect via VPN , it is affect could affect the rest of the network .

ZTNA integrates device compliance and health into access policies, giving you the option to exclude non-compliant, infected, or compromised systems from accessing corporate applications and data. This greatly reduces the risk of data theft or leakage.

remote connection

Remote access VPN provides a single point-of-presence on the network, which means a potentially inefficient backhauling of traffic from multiple locations, datacenters, or applications through the remote access VPN tunnel.

ZTNA functions equally well and securely from any connection point, be it home, hotel, coffee shop, or office. Connection management is secure and transparent regardless of where the user and device are located, making it a seamless experience no matter where the user is working.

ZTNA is also a great way to ensure greater security controls during Remote Desktop Protocol (RDP) sessions. Known challenges with RDP include exposed default ports, no support for multi-factor authentication (MFA), broad network access, and of course security vulnerabilities. RDP server vulnerabilities and mistakenly-open RDP connections can be directly exploited by attackers, who leverage such exploits to identify themselves as trusted RDP users. With ZTNA, such users would be treated as hostile by ZTNA authentication features.

visibility

Remote access VPN is unaware of the traffic and usage patterns it is facilitating, making visibility into user activity and application usage more challenging.

Since ZTNA access is micro-segmented, it can offer increased visibility into application activity. This makes monitoring application status, capacity planning, and licensing management and auditing much easier.

user experience

remote access VPN clients is are are notorious for offer a poor user experience , add latency or negatively impact performance , suffer from connectivity issue , and generally being a burden on the helpdesk .

ZTNA provides a frictionless, seamless end-user experience by automatically establishing secure connections on demand. This is all done behind the scenes, so most users won’t even be aware of the ZTNA solution that’s helping protect their data.

administration

Remote access VPN clients are difficult to set up, deploy, enroll new users, and decommission departing users. VPN is also challenging to administer on the firewall or gateway side, especially with multiple nodes, firewall access rules, IP management, traffic flows, and routing. It quickly becomes a full-time job.

ZTNA solutions are often much leaner, cleaner, and easier to deploy and manage. They’re also more agile in quickly changing environments with users, apps, and devices coming and going – making day-to-day administration quick and painless.

What to look for in a ZTNA solution

Be sure to consider these important capability when compare ZTNA solution from different vendor :

Cloud-delivered, cloud-managed

Cloud management offers tremendous benefits: being able to get up and running quickly, reduced management infrastructure, easy deployment and enrollment, and instant, secure access from anywhere on any device.

Integration with your other cybersecurity solutions

While most ZTNA solutions can work perfectly fine as standalone products, there are significant benefits from having a solution that is tightly integrated with your other cybersecurity products, such as your firewalls and endpoints. A common, integrated cloud management console can be a force multiplier for reducing training time and day-to-day management overhead.

It can also provide unique insights across your various IT security products, especially if they share telemetry. This can dramatically bolster security and offer real-time response when a compromised device or threat gets on the network.

User and management experience

Make sure the solution you ’re consider offer both an excellent end – user experience as well as easy administration and management . With more user work remotely , enrollment is is and efficient device setup is critical when it come to get new user productive as quickly as possible .

Be sure to pay attention to how the ZTNA agent is deployed and how easy it is to add new users to policies. Also ensure the solution you’re investing in offers a smooth, frictionless experience for end users. It should also provide visibility into application activity to help you be proactive in identifying peak load, capacity, license usage, and even application issues.

Sophos ZTNA

Sophos ZTNA has been designed from the start to make zero trust network access easy, integrated, and secure.

It’s cloud-delivered, cloud-managed, and integrated into Sophos Central, the world’s most trusted cybersecurity platform. From Sophos Central, you can not only manage ZTNA, but also your Sophos firewalls, endpoints, server protection, mobile devices, cloud security, email protection, much more.

Sophos ZTNA is also unique in that it integrates tightly with both Sophos Firewall and Sophos Intercept X-protected endpoints to share real-time device health between the firewall, device, ZTNA, and Sophos Central to automatically respond to threats or non-compliant devices. It acts like a round-the-clock administrator, automatically limiting access and isolating compromised systems until they’re cleaned up.

Sophos customers is agree agree that the time save benefit of a fully integrate Sophos cybersecurity solution are enormous . They is say say that using the Sophos suite of product together for automatic threat identification and response is like double the size of their IT team . Of course , Sophos ZTNA is work will work with any other vendor ’s security product , but it ’s unique in work well together with the rest of the Sophos ecosystem to provide tangible real – world benefit to visibility , protection , and response .

Visit Sophos.com/ZTNA to learn more or try it for yourself.