Avoid the Biggest Pitfalls of ZTNA

Zero Trust Network Access (ZTNA) is one of the best preventative strategies you can employ to reduce the chances of a breach that will cause chaos and drive up costs for your business. However, even an advanced security posture isn’t without its downsides. In early 2022, Analyst firm Gartner laid out some of the greatest risks of using ZTNA services. The list includes some pretty serious security threats, as well as issues surrounding poor connectivity and latency. 

Here at Perimeter 81 we anticipated these issues, and we’ve already got you covered so that these risks don’t threaten your business.

A Single Point of Failure

If a cloud-based network security provider goes down it takes its customers with it. That’s why we have a service-level agreement (SLA) promising an annual uptime percentage of at least 99.9 percent. We have engineers monitoring our systems around the clock to ensure that we maintain our commitment. We also minimize dependency on third-party providers by running the majority of our servers and customer gateways on machines that we own and manage giving us better visibility and control.

Latency

The whole point of a cloud security solution is to bypass that on-premises VPN and go straight to the Internet where your company’s cloud resources reside. That’s why a cloud-based network security solution needs multiple points of presence around the globe to help customers with distributed employees and service providers connect quickly and easily. 

Perimeter 81 has more than 40 PoPs around the world reaching every continent. In addition, our PoPs have dedicated connections over dual tier-1 carrier networks with extensive peering agreements that reach every major cloud provider and Internet exchange point, with reserved bandwidth to ensure optimized delivery. 

This all adds up to an optimized user experience with minimal latency anywhere across the globe.

Compromised ZTNA Provider

Just as technical faults could bring the whole thing down, a compromised security provider will also cause trouble for its clients. No security system can be 100 percent resistant to attacks, but we do everything we can to reduce the attack surface. 

For starters, all our servers and the public gateways that run on them do not have discoverable IP addresses. Plus, the only way into these servers and gateways is through a Perimeter 81 desktop client or our agentless access web portals. 

This makes it much harder to compromise a server in the first place. On top of this we employ security monitoring and intrusion detection to ensure our servers stay secure.

Compromised User Credentials

A compromised user is one of the primary vectors that enables threat actors to get inside a company network. We strongly encourage our customers to take two steps before deploying our solution to reduce the chances of an exploit. 

The first is to use a single sign-on provider such as Microsoft Azure Active Directory, JumpCloud, or Okta. In addition, companies should employ multi-factor authentication (MFA). This makes it much harder to gain access to an employee account.

On top of that, the Perimeter 81 desktop client can enforce a device posture check (DPC). When DPC is deployed, devices must meet specific requirements before gaining access to company resources. These requirements can include specific operating system versions or antivirus solutions to reduce the chance of the network being exposed to an infected device. Perimeter 81 can also set context requirements in our Application Policies that are based on location. This means that users will only be allowed into the network if they come from specific countries or IP addresses. 

A proper Zero Trust strategy with Zero Trust Network Access (ZTNA), agentless access, and device posture checks resists infiltration, and ensures that even if a hack is successful, the impact is minimized.

Compromised ZTNA Administrators

One of the ultimate goals of any intrusion is to gain access to administrator credentials giving the attacker wide access to, and control of, the company network. That’s why Perimeter 81 advises its customers to minimize the number of administrator accounts with broad permissions.

You can also group together users with manager and administrator permissions and apply specific requirements for access from those accounts such as location or time of day. These rules need to be carefully thought out, however, so that admins can access the network for urgent tasks. 

Finally, our single-pane-of-glass management means there’s a single place to monitor administrator account actions. Perimeter 81’s admin activity events viewer enables you to see the most recent actions of all administrators and sort activities by type. This makes it much easier to discover any unusual activity. 

Legacy Applications and ZTNA

Most companies turn to converged security solutions like Perimeter 81 to help them provide a better secure connection experience to web apps on the public Internet, as well as connections to on-premises resources. However, there are times when companies need solutions for accessing resources that don’t use HTTP/HTTPS such as over RDP and SSH. We facilitate these use cases in two ways: employees can access these resources from their devices when connecting via the Perimeter 81 client. Then there is the agentless access option where employees connect with unmanaged devices or third-party contractors can use a web portal to access these applications. 

Manage Risks

Perimeter 81’s advanced and highly secure Zero Trust Network Access solution can help overcome potential pitfalls to minimize risk and goes a long way to keeping company resources secure. It ensures that employees only have access to the resources they need. Additional measures such as device posture check and context-based access also dictate how and when employees can use resources. Even in the unlikely event of a breach, the threat actor has limited opportunity for lateral movement, and the potential attack surface is greatly reduced.

If you want to learn more about how ZTNA can secure your companies without sacrificing connectivity performance for remote workers, book a demo with Perimeter 81 today.