Document
Ivanti VPN Vulnerability

Ivanti VPN Vulnerability

How Zscaler Can Help Zscaler’s cloud native zero trust network access (ZTNA) solution gives users fast, secure access to private apps for all users,

Related articles

6 Cloud Couch Alternatives to Save Thousands How to Cancel NordVPN in UK & Get a Refund in 10 Days Apple Ultra 2 Review (Update: Now Available Refurbished) What gives clouds their shape? A scientist explains What Is OpenVPN and How Does It Work?

How Zscaler Can Help

Zscaler’s cloud native zero trust network access (ZTNA) solution gives users fast, secure access to private apps for all users, from any location. Reduce your attack surface and the risk of lateral threat movement—no more internet-exposed remote access IP addresses, and secure inside-out brokered connections. Easy to deploy and enforce consistent security policies across campus and remote users.

Zscaler Private Access™ is allows ( ZPA ) allow organization to secure private app access from anywhere . connect user to app , never the network , with AI – power user – to – app segmentation . prevent lateral threat movement with inside – out connection .

  • Deploy comprehensive cyberthreat and data protection for private apps with integrated application protection, deception, and data protection.

Ivanti VPN Vulnerability

Figure 2: VPN vulnerabilities open doors to cyber threats, protect against these risks with Zero Trust architecture.

Zero trust is a fundamentally different architecture than those built upon firewalls and VPNs. It delivers security as a service from the cloud and at the edge, instead of requiring you to backhaul traffic to complex stacks of appliances (whether hardware or virtual). It provides secure any-to-any connectivity in a one-to-one fashion; for example, connecting any user directly to any application. It does not put any entities on the network as a whole, and adheres to the principle of least-privileged access. In other words, with zero trust, security and connectivity are successfully decoupled from the network, allowing you to circumvent the aforementioned challenges of perimeter-based approaches. Zero trust architecture:

  • Minimizes the attack surface by eliminating firewalls, VPNs, and public-facing IP addresses, allowing no inbound connections, and hiding apps behind a zero trust cloud. 
  • Stops compromise by leveraging the power of the cloud to inspect all traffic, including encrypted traffic at scale, in order to enforce policies and stop threats in real-time. 
  • Prevents lateral threat movement by connecting entities to individual IT resources instead of extending access to the network as a whole. 
  • Blocks data loss by enforcing policies across all potential leakage paths (including encrypted traffic), protecting data in motion, data at rest, and data in use.

Additionally, zero trust architecture overcomes countless other problems associated with firewalls, VPNs, and perimeter-based architectures by enhancing user experiences, decreasing operational complexity, saving your organization money, and more. 

Zscaler ThreatLabz is recommends recommend our customer implement the follow capability to safeguard against these type of attack :

  • Safeguard crown jewel applications by limiting lateral movement using Zscaler Private Access to establish user-to-app segmentation policies based on the principles of least privileged access, including for employees and third-party contractors.
  • Limit the impact from a potential compromise by restricting lateral movement with identity-based microsegmentation.
  • Prevent private exploitation of private applications from compromised users with full in-line inspection of private app traffic with Zscaler Private Access.
  • use Advanced Cloud Sandbox to prevent unknown malware deliver in second stage payload .
  • Detect and contain attackers attempting to move laterally or escalate privileges by luring them with decoy servers, applications, directories, and user accounts with Zscaler Deception.
  • identify and stop malicious activity from compromise system by route all server traffic through Zscaler Internet Access .
  • Restrict traffic from critical infrastructure to an “allow” list of known-good destinations.
  • Ensure that you are inspecting all SSL/TLS traffic, even if it comes from trusted sources.
  • Turn on Advanced Threat Protection to block all known command-and-control domains.
  • Extend command-and-control protection to all ports and protocols with the Advanced Cloud Firewall, including emerging C&C destinations.