Portnox & ZTNA: Elevating Your Network Access to Zero Trust & Beyond

Why ZTNA? Why Now?

Zero Trust Network Access (ZTNA) has emerged as a new model for securing remote access to an organization’s applications, data, and services based on clearly defined access control policies. ZTNA differs from VPNs in that they grant access only to specific services or applications, where VPNs grant access to an entire network. As an increasing number of users access resources from outside the office, ZTNA is helping to eliminate gaps in other secure remote access technologies and methods.

ZTNA offers a way to connect users, applications, and data – even outside of an organization’s network, a scenario that’s becoming more and more common in today’s multi-cloud environments. Companies today need to have their digital assets available anywhere, anytime, from any device by a distributed user base. ZTNA fills this need by offering the granular, context-aware access for business-critical applications, without having to expose other services to possible attackers.

The ZTNA model was coined by Gartner to help eliminate the granting of excessive trust to employers, contractors, and other users who only need very limited access. The model expresses the concept that nothing is to be trusted until proven trustworthy, and more importantly that trust must be reauthenticated whenever anything about the connection (location, context, IP address, etc.) changes.

Portnox & ZTNA

Today, your network is expanding by the minute. Employees are using their devices – personal or work-issued – from home, hotels, airports, restaurants, or any place with an internet connection. This poses a unique security challenge, particularly as the critical resources your remote workforce needs access to consist of both cloud-based platforms AND internally-hosted business systems. The million-dollar question keeping network security professionals awake at night is: how do we extend the same level of awareness and access control as is done on the LAN to this growing number of remote devices that might not connect directly to the LAN for weeks or months?

The Answer: Portnox CLEAR

Portnox CLEAR has been purpose-built to easily enhance ZTNA with full endpoint risk awareness and access controls. Put simply, CLEAR delivers remote access control as a cloud service.

Endpoint Risk Awareness & Access Control

As a cloud-based solution, Portnox CLEAR is always aware of the current risk of remote devices, regardless of if they’re “on” or “off” the network – giving you full, continuous visibility and risk awareness. Awareness is only a piece of the puzzle, however. Actionable awareness is where Portnox CLEAR separates itself. By leveraging the current risk posture of a device – which can be configured in line with your compliance policies, like having antivirus up-to-date or the latest patches in place – Portnox CLEAR can automatically allow or block remote access through your VPN, VDI or cloud applications via Okta.

Portnox CLEAR also extends this awareness to geo-location. So, for instance, if you want to allow users from the U.S, but block access attempts from North Korea, you can do so. For VPN connecting devices, Portnox CLEAR can even dynamically direct trusted devices to their proper VLANs based on policy.

Ensuring Remote Device Compliance

Continuous, anywhere awareness of device risk paired with the ability to dynamically control access based on policy is a critical part of the ZTNA model. Portnox CLEAR goes one step further with automated corrective and preventative actions (CAPA). With CAPA, Portnox CLEAR is able to take real-time actions on remote endpoints to ensure they remain compliant with your risk policy.

This includes ensuring the firewall is always on, AV is running and updated, or even restricting the use of a USB drive for someone on the team working remotely. These are merely some examples of the proactive remediation actions that Portnox CLEAR can take to maintain that devices used by off-site employees remained trusted and healthy at all times.

How it Works

Portnox CLEAR works with your existing remote access infrastructure. Simply create your Portnox CCLEAR instance and define your remote access group policy within the platform (i.e. remote users/devices, risk/compliance policy, remediation policy and access control policy). Configure your VPN, VDI or Okta to connect to your Portnox CLEAR instance…and voila, you’re done!

Case Study: University Federal Credit Union

Profile:

• Based in Salt Lake City, UT
• 100K+ members
• 17 branches in operation
• Nearly 400 employees

Challenges:

• Employees forced to work from home due to pandemic
• Initially, no ability to monitor or control VPN access
• Directive given to secure VPN access
• Very short timeframe to implement
• All employees using managed corporate devices

Solution:

• Deployed Portnox ZTNA
• All remote employee devices on-boarded & authenticated in under one week
• Certainty that all devices attempting to connect are UFCU employees
• Can block users out of compliance in real-time
• Can remediate employees devices out of compliance
• Have extended security overlay to WiFi
• Currently testing on wired ports

Read the case study in full here.