Mike Riemer, Field Chief Technology Officer
Zero Trust is critical, especially in today’s hybrid digital era.
- Workforces are more mobile, using more devices (3-5 devices on average)
- Applications are moving to the cloud
- Users want seamless access to applications 24x7
- Key Takeaway 1
- PZTA enables seamless, secure access to specific applications in the cloud, SaaS, and data center
- PZTA leverages stateful endpoint device security posture checks to ensure that devices meet or exceed security compliance policies before connecting to applications
- PZTA offer dynamic, adaptive authentication and authorization for every user session
- MFA that can require deeper authentication based on device location, time of day, etc.
Anomaly detection and mitigation is needed in today’s environment of malware and threats.
- Malware is only getting more and more sophisticated
- More people are using more devices (especially in COVID era)
- Data breaches are becoming more frequent
- Some statistics
- From https://www.varonis.com/blog/data-breach-statistics/
- The average distributed denial-of-service (DDoS) attack grew to more than 26Gbps, increasing in size by 500% (Nexusguard).
- 53% of companies found over 1,000 sensitive files accessible to every employee (Varonis).
- 80% of companies with over 1 million folders found over 50,000 folders open to every employee (Varonis).
- 95% of companies found over 100,000 folders that contained stale data (Varonis).
- On average, 50% of user accounts are stale (Varonis).
- 58% of companies found over 1,000 folders that had inconsistent permissions (Varonis).
- From https://phoenixnap.com/blog/data-breach-statistics
- Experts agree that by the year 2020, the average cost of a data security breach for a major business would be over $150 million. This estimate is due to the higher level of digitalization and connectivity that the world has experienced over the last few years. [BigCommerce]
- The average total cost per data breach worldwide in 2019 amounted to a total of $3.92 million and $3.5 million in 2014. [IMB]
- The average price for a Business Email Compromise hack is $24,439 per case, according to a 2019 report by Verizon. [Verizon]
- Organizations reporting phishing and social engineering attacks are increasing by 16% year over year. [Accenture]
- Key Takeaway 2
- PZTA offers User Entity Behavior Analytics (UEBA) to identify anomalies
- PZTA offers anomaly detection and mitigation by assigning risk scores to each and every connection, and offering methods for administrators to act (such as reducing access privileges to specific applications) on anomalies
PZTA is an evolutionary product that coexists with Pulse’s product portfolio. It does not require a “rip and replace” approach.
- Key Takeaway 3
- Combined with PCS, organizations get the best of both worlds
- Single client for PZTA and the entire Pulse portfolio
- Simultaneous connections to applications through entire portfolio
- On-premises and off-premises connections
- Client and client-less connectivity
- Application and network access
- Visibility and analytics
Organizations get Data Privacy and Sovereignty with Pulse ZTA. Other solutions have the potential to obtain visibility into customer traffic.
- Key Takeaway 1
- PZTA adheres to the Cloud Security Alliance architecture with a centralized Controller and distributed Gateways.
- However, once the Controller enables connectivity between the client and applications, no data traverses the Pulse cloud. Organizations retain control over their data and Pulse has no visibility into that data.
E. Barlow Keener, JD, CIPP, Managing Director/Chief Information Security Officer/General Counsel
Summit Ridge Group, LLC
- Building ZTN into CIS Controls, NIST, FedRAMP, and ISO 27001 requirements
- Building ZTN into Compliance (Azure) settings
- Knowing the weak gaps of ZTN and addressing them in security documentation
- Security Gaps in ZTN resulting from Employee behaviors related to BYOD
- Educating CSOs regarding ZTN