ZTNA: what is it and how does it encourage information security specialists to put themselves in the place of hackers?

How can information security specialists reduce the number of possible weaknesses and the attack surface? One possible solution is to apply a zero–trust model to the weakest point of the network – unprotected access points that are easy to hack.

If you are not familiar with the concept of a network access with “zero trust” (Zero Trust Network Access or ZTNA), we suggest you learn more about it. Together we will figure out what key principles underlie ZTNA solutions, how they protect networks, how they differ from traditional solutions and how they encourage specialists to put themselves in the place of hackers.

We don’t trust anyone – we restrict and check access

A zero-trust approach to security is a key principle of the ZTNA system. In fact, ZTNA restricts the privileges of users regardless of who they are and where they connect from. It provides zero trust for networks by matching the access level for different employees connecting to the network. In order for users to be allowed to be online, it must be clearly stated that a person is granted a certain level of access to resources. If a user has a certain role, they see a certain part of the network and the data to which they are granted access. This approach strengthens the security of the network and the data that is inside the system.

How does ZTNA work in practice?

When ZTNA works in an organization’s network, it performs several tasks:

Ensures compliance with the zero trust policy;

Restricts user access according to their role;

Filters traffic.

If a user tries to log in to their account, they must be logged in. ZTNA compares the entered credentials with the data in the database of employees working in the organization. The user’s identity must be verified and linked to the role and level of access that he has. After authorization, the user can log in and access a part of the system according to their access level.

ZTNA also filters incoming traffic to detect and block any malicious activity.

ZTNA vs VPN

ZTNA, unlike VPN, does not give wide access to the network to authenticated users, since the system treats any user as a potential hacker and gives access only to part of the network.

Another advantage of ZTNA is that it is easier to scale. Compared to a VPN that covers a limited number of devices, ZTNA can cover the ecosystem of the entire network. This is very convenient for companies where many remote employees work, as they will receive access corresponding to the same security parameters, regardless of the device from which the employee connects to the company’s network.

Amateurs hack systems, professionals hack people!

Attacks using social engineering, including fraud and manipulation of people, are one of the most popular methods of attacks among hackers. They have become popular because they work – especially when using more sophisticated methods aimed at unsuspecting employees.

ZTNA also saves from this, because even if the attackers managed to deceive employees with phishing emails or malicious links, the principle of zero trust will not allow hackers to penetrate deep into the system, since he simply will not be able to go through numerous authentication processes, even if the password stolen from the employee allowed him to get initial access.

New systems – new weaknesses

When IT teams rebuilt their systems for remote work, they unintentionally opened up new opportunities for hackers. During this period, the number of hacking attempts and security breaches increased dramatically, so ZTNA has become a real panacea protecting confidential data and corporate information, as well as employees working remotely.

The ZTNA system simply does not allow hackers to exploit weaknesses in the network by questioning every authentication step when logging in. Such a system allows you to gain time and reduce the attack surface at the stage when the organization is most vulnerable – during adaptation to new changes, tools and while IT teams are setting up security systems.

Data protection in the cloud

The introduction of cloud environments has helped companies adapt to remote work, as well as scale quickly and cost-effectively. However, this has also become the weakest point in their security. Deploying a multi-cloud environment significantly increases the attack surface for enterprises. In this case, just a firewall and antivirus software were no longer enough.

But here, too, ZTNA comes to the aid of IT teams, limiting access to cloud resources and reducing the attack surface, while not preventing enterprises from developing using the cloud. The method of operation remains the same as in conventional networks – the system applies restrictions based on permissions for each user trying to get into the cloud.

Integration of ZTNA into the company’s infrastructure

Another advantage of ZTNA is its painless integration into the company’s infrastructure. The system can be implemented without the need to rebuild the company’s infrastructure, and in many different ways:

As a network gateway;

As SD-WAN;

As a cloud environment.

Summing up the results

ZTNA forces IT teams to think the way hackers think, to assume that anyone can be a cybercriminal and that there are vulnerabilities that have already been exploited and allowed attackers to gain access to the network. The zero-trust network access security model encourages IT teams to think like their opponents, assuming that anyone can be a hacker and that there are vulnerabilities that have already been exploited and allowed attackers to gain access to the network. By applying an adversarial approach to security, ZTNA closes the weakest point in the protection of any company – the people who manage and use the system.