Home > News > featured news > Palo Alto Networks Calls on Cybersecurity Industry to Adopt ZTNA 2.0 -- Zero Trust with Zero Exceptions

SOFTWARE SECURITY

Palo Alto Networks Calls on Cybersecurity Industry to Adopt ZTNA 2.0 -- Zero Trust with Zero Exceptions

Palo Alto Networks | May 12, 2022

Palo Alto Networks
Palo Alto Networks , the global cybersecurity leader, today urged the industry to move to Zero Trust Network Access 2.0 (ZTNA 2.0) — the foundation for a new era of secure access. ZTNA was developed as a replacement for virtual private networks (VPNs) when it became clear that most VPNs did not adequately scale and were overly permissive, but the first-generation ZTNA products (ZTNA 1.0) are too trusting and can put customers at significant risk. ZTNA 2.0 solves these problems by removing implicit trust to help ensure organizations are properly secured.

"This is a critical time for cybersecurity. We are in an era of unprecedented cyberattacks, and the past two years have dramatically changed work — for many, work is now an activity, not a place. This means that securing employees and the applications they need is both harder and more important. Zero trust has been embraced as the solution — and it is absolutely the right approach! Unfortunately, not every solution with Zero Trust in its name can be trusted. ZTNA 1.0 — for example — falls short."

Nir Zuk, founder and chief technology officer at Palo Alto Networks

For modern organizations where hybrid work and distributed applications are the norm, ZTNA 1.0 has several limitations. It is overly permissive in granting access to applications because it can't control access to sub-applications or particular functions. Additionally, there is no monitoring of changes in user, application or device behavior, and it can't detect or prevent malware or lateral movement across connections. ZTNA 1.0 also cannot protect all enterprise data.

ZTNA 2.0-capable products, such as Palo Alto Networks Prisma® Access, help organizations meet the security challenges of modern applications, threats and the hybrid workforce. ZTNA 2.0 incorporates the following key principles:

  • Least-privileged access — enables precise access control at the application and sub-application levels, independent of network constructs like IP addresses and port numbers.
  • Continuous trust verification — after access to an application is granted, continuous trust assessment is ongoing based on changes in device posture, user behavior and application behavior.
  • Continuous security inspection — uses deep and ongoing inspection of all application traffic, even for allowed connections to help prevent threats, including zero-day threats.
  • Protection of all data — provides consistent control of data across all applications, including private applications and SaaS applications, with a single data loss prevention (DLP) policy.
  • Security for all applications — consistently secures all types of applications used across the enterprise, including modern cloud native applications, legacy private applications and SaaS applications.

In a new report, John Grady, ESG senior analyst, said: "[F]irst-generation/ZTNA 1.0 solutions fall short in many ways on delivering on the promise of true zero trust. In fact, they grant more access than is desired. What's more, once access is granted in ZTNA 1.0 solutions, the connection is implicitly trusted forever, allowing a handy exploit route for sophisticated threats and/or malicious actions and behavior." Grady also said, "It is time to embrace a new approach to ZTNA, one that has been designed from the ground up to meet the specific challenges of modern applications, threats, and a hybrid workforce."

"Securing today's hybrid workforce, with an increase in cloud and mobile technologies and evolving requirements, can be complicated," said Jerry Chapman, engineering fellow, Optiv. "Rethinking Zero Trust is essential for modern, hybrid organizations to prevent threats. Together with Palo Alto Networks, we're advising our customers to incorporate ZTNA 2.0 principles like continuous review of identity and connection across their domains to stay secure."

New Prisma Access Capabilities
Palo Alto Networks Prisma Access is the industry's only solution that meets today's ZTNA 2.0 requirements. Prisma Access protects all application traffic with best-in-class capabilities while securing both access and data.

New additions to Prisma Access announced today add the following capabilities:

  • ZTNA connector — simplifies the process of onboarding cloud native and traditional applications into the service, helping make ZTNA 2.0 easier to deploy and more secure.
  • The industry's only unified SASE product — providing a common policy framework and data model for all SASE capabilities, managed from a single cloud management console.
  • Self-serve autonomous digital experience management (ADEM) — helps proactively notify users of issues that require prompt attention and provides them with guidance on how to remediate.

Availability
Prisma Access is generally available today with full support for ZTNA 2.0. The new ZTNA connector, unified SASE, and self-service ADEM will be available in the next 90 days.

About Palo Alto Networks
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world's greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before.

Spotlight

Inventory All Your APIs and Classify Sensitive Data

Noname Security Posture Management helps you maintain an accurate inventory of all your APIs, including legacy and shadow APIs. We can scale to hundreds or thousands of pieces of infrastructure, monitoring load balancers, APIs gateways, and web application firewalls to help you locate and catalog every type of API, including HTTP, RESTful, GraphQL, SOAP, XML-RPC, JSON-RPC, and gRPC.

More featured news

Spotlight

Inventory All Your APIs and Classify Sensitive Data

Noname Security Posture Management helps you maintain an accurate inventory of all your APIs, including legacy and shadow APIs. We can scale to hundreds or thousands of pieces of infrastructure, monitoring load balancers, APIs gateways, and web application firewalls to help you locate and catalog every type of API, including HTTP, RESTful, GraphQL, SOAP, XML-RPC, JSON-RPC, and gRPC.

Related News

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Armorblox to Enhance its NLU-based Data Protection Platform

Armorblox | December 26, 2022

Contents 1. Enhancement in the Company’s Email Security Solutions 2. How is Enhancements in the Solution Benefiting the Customers? Armorblox, anemerging email security solutions provider, recently announced the inclusion of Custom Role-Based Access Controls to its innovative cloud-delivered email security platform for enhancing the maintenance of data compliance and reducing data blindspots for individuals across the organization. Not every email is the same. When it comes to incoming threats, attackers tend to focus on emails that involve sensitive credentials or valuable data. According to the Armorblox Email Security Threat Report, in 2022, 87% of credential phishing attacks looked like common corporate workflows to trick victims, and 70% of spoofing attacks got past native email security layers. Thus, Armorblox has made improvements to Armorblox Advanced Data Loss Prevention and added Custom Role-Based Access Controls to make it safer from insider threats (RBAC). 1. Enhancement in the Company’s Email Security Solutions "According to a recent Market Research Future study, the demand for email security is anticipated to exceed US$ 11 billion by 2030." Armorblox has always been committed to putting security first, and this dedication goes beyond offering a best-in-class email security solution. Armorblox Advanced Data Loss Prevention's enhanced capabilities ensure that customers' most sensitive information is reliably protected across all content types and storage mediums. Coupled with its Armorblox Custom DLP Policies, companies are now able to set automated encryption actions and exceptions for sensitive data and confidential content per department or per user. Armorblox Custom Role-Based Access Controls provide fine-grained controls to security teams, which are necessary to set restriction levels and access for individuals, teams, and groups across the organization. 2. How is Enhancements in the Solution Benefiting the Customers? Through the enhancements to the Advanced DLP solution and the addition of Custom Role-Based Access Controls to the Armorblox platform, Armorblox is supporting the security-first approach that companies require. Customers will benefit in a variety of ways, including: Custom Access Controls: Create and assign custom roles with granular permissions to groups or individuals across security teams based on their job responsibilities. Sensitive Data Encryption: Prevent unauthorized disclosure of PII, PCI, and PHI by identifying and encrypting sensitive data across emails, attachments, and documents automatically. Reduce Data Blindspots: Ensure the implementation of appropriate restrictions and access levels for employee, organization, and third-party data. About Armorblox Founded in 2017, Armorblox is an email security solutions company headquartered in California, U.S., backed by Next47 and General Catalyst. The company provides technology that secures enterprise communications over email and other cloud office applications by leveraging deep learning and natural language technologies. The Armorblox platforms connect via APIs and analyze millions of signals to comprehend the context of communications in order to safeguard individuals and data from compromise. Over 58,000 enterprises use Armorblox to prevent BEC and targeted phishing attacks, protect critical PII and PCI, and automate the repair of user-reported email threats.

Read More

DATA SECURITY, ENTERPRISE SECURITY, PLATFORM SECURITY

Contrast Security Launches New Partner Program, Security Innovation Alliance

Contrast Security | February 02, 2023

On February 1, 2023, Contrast Security (Contrast), a leading code security platform, announced the launch of its new partner program, the Security Innovation Alliance (SIA), a worldwide ecosystem of system integrators (SIs), cloud, channel, and technology alliances. SIA's mission is to provide customers with unrivaled, fully integrated application security solutions from Contrast and its strategic alliance partners, which include Amazon/Amazon Web Services (AWS), GitLab Inc., Microsoft, VMware, Armor Code, PagerDuty, Zimperium, Anchore, Wallarm, Neosec, Noname Security, Ermetic, Cloudwize, BLST Security, ProtectOnce, Scribe Security, Wiz, and Legit Security. Furthermore, the team will concentrate on expanding collaborations with SIs, technology providers, and independent software providers (ISVs). SIA and Contrast's robust strategic partner integrations will not only enable partners to integrate with the Contrast Secure Code Platform seamlessly but will also enable clients to realize the following benefits: To use Contrast's services confidently as part of a more extensive program for application security (AppSec). Increase the predictability of security and decrease the risk of implementing new code and AppSec technologies. Increased trust and confidence in already implemented technologies. SIA is designed to boost its partners' business capabilities to satisfy AppSec clients' demands. Contrast collaborates with each partner to deliver a customized experience that meets their specific interests and business requirements, including a streamlined onboarding process, joint marketing campaigns, integration support and access to the company's impressive install base. SIA is led by Goodman, a seasoned Alliance professional, and several other industry leaders, including Tracey Mead, Vice President, Strategic Alliances, System Integrators; Frank Gasparovic, Director, Ecosystem Engineering; Rachael Mott, Senior Director, Strategic Alliances, Technology Partners; Callie McCormick, Global Director of Channel Sales; and Ram Yonish, VP of EMEA Alliances. About Contrast Security Founded in 2014, Contrast Security is a leading code security platform firm purposely created for developers to get secure code flowing quickly and trusted by security teams to protect business applications. With Contrast, developers, security, and operations teams can swiftly secure code across the entire Software Development Life Cycle (SDLC) to defend against today's targeted Application Security (AppSec) threats. It also provides free security testing to all developers through CodeSec. Established by cybersecurity industry experts to replace old AppSec solutions that cannot secure modern organizations, the company defends its customers from major cybersecurity attacks, which include some of the world's top brands, such as BMW, AXA, DocuSign, Zurich, Sompo Japan, and American Red Cross, as well as several other prominent leading Fortune 500 companies.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Edgio Enhances Its Security Platform Capabilities to Improve Edge Security

Edgio | February 28, 2023

On February 27, 2023, Edgio, Inc. announced major enhancements to its security platform to enable enterprises to better identify and respond to emerging threats while ensuring the integrity, confidentiality, and availability of their data and applications. The platform's new capabilities aim to reduce the damage caused by the upsurge in the severity of Distributed Denial of Service (DDoS) and other advanced application attacks. Edgio's DDoS scrubbing solution delivers dedicated DDoS mitigation capacity that safeguards all protocols and direct-to-origin attacks, complementing Edgio's 250+ Tbps edge network to provide full-spectrum DDoS protection. Furthermore, the new enhancements to its Web Application and API Protection (WAAP) capabilities include advanced outbound data leak prevention, rule customizer, enhanced configurability, proxy detection and region code support to help customers comply with geographical compliance rules. DDoS attacks are on the rise, and according to the 2022 Verizon Data Breach Investigations Report, the top security threat is a DDoS attack. The addition of Edgio's DDoS scrubbing solution ensures maximum resiliency and uptime of customers' networks and applications by providing full-spectrum protection against all networks and applications, including direct-to-origin network attacks against non-web applications. Moreover, the new outbound security rules with added outbound traffic scan prevent attackers from causing a data breach by exploiting known vulnerabilities, thereby offering an additional layer of protection for confidential customer data and preventing the customer from executing malicious code. Additionally, Edgio can now detect and block requests originating from anonymous proxies, therefore allowing additional control over access to customers' applications. Edgio's advanced rules customizer allows customers to control the sensitivity of individual security rules and increases its accuracy while minimizing false positives. Finally, enhanced configuration management enables developers to directly import and export configuration JSON via UI and API to deploy protection for new applications rapidly. Edgio also enables clients to control access to their applications through advanced access control rules. The latest enhancements now support more profound regional control, down to the province or region level, in its custom security rules and WAAP's access rules, supporting ongoing compliance requirements in the modern geopolitical environment. About Edgio Headquartered in Phoenix, AZ, Edgio helps companies deliver online experiences and content safer, faster and with more control. Its globally scaled edge network and integrated media and application solutions provide businesses with the tools necessary to deliver high-performance, secure web properties and streaming content quickly and securely. The company's platform and suite of edge services enable enterprises to boost their revenue and overall business value by delivering their content more efficiently and securely. Companies across various industries, including entertainment, technology, retail, and finance, depend on Edgio's technology and services to defend and accelerate their online properties.

Read More

DATA SECURITY,PLATFORM SECURITY,SOFTWARE SECURITY

Armorblox to Enhance its NLU-based Data Protection Platform

Armorblox | December 26, 2022

Contents 1. Enhancement in the Company’s Email Security Solutions 2. How is Enhancements in the Solution Benefiting the Customers? Armorblox, anemerging email security solutions provider, recently announced the inclusion of Custom Role-Based Access Controls to its innovative cloud-delivered email security platform for enhancing the maintenance of data compliance and reducing data blindspots for individuals across the organization. Not every email is the same. When it comes to incoming threats, attackers tend to focus on emails that involve sensitive credentials or valuable data. According to the Armorblox Email Security Threat Report, in 2022, 87% of credential phishing attacks looked like common corporate workflows to trick victims, and 70% of spoofing attacks got past native email security layers. Thus, Armorblox has made improvements to Armorblox Advanced Data Loss Prevention and added Custom Role-Based Access Controls to make it safer from insider threats (RBAC). 1. Enhancement in the Company’s Email Security Solutions "According to a recent Market Research Future study, the demand for email security is anticipated to exceed US$ 11 billion by 2030." Armorblox has always been committed to putting security first, and this dedication goes beyond offering a best-in-class email security solution. Armorblox Advanced Data Loss Prevention's enhanced capabilities ensure that customers' most sensitive information is reliably protected across all content types and storage mediums. Coupled with its Armorblox Custom DLP Policies, companies are now able to set automated encryption actions and exceptions for sensitive data and confidential content per department or per user. Armorblox Custom Role-Based Access Controls provide fine-grained controls to security teams, which are necessary to set restriction levels and access for individuals, teams, and groups across the organization. 2. How is Enhancements in the Solution Benefiting the Customers? Through the enhancements to the Advanced DLP solution and the addition of Custom Role-Based Access Controls to the Armorblox platform, Armorblox is supporting the security-first approach that companies require. Customers will benefit in a variety of ways, including: Custom Access Controls: Create and assign custom roles with granular permissions to groups or individuals across security teams based on their job responsibilities. Sensitive Data Encryption: Prevent unauthorized disclosure of PII, PCI, and PHI by identifying and encrypting sensitive data across emails, attachments, and documents automatically. Reduce Data Blindspots: Ensure the implementation of appropriate restrictions and access levels for employee, organization, and third-party data. About Armorblox Founded in 2017, Armorblox is an email security solutions company headquartered in California, U.S., backed by Next47 and General Catalyst. The company provides technology that secures enterprise communications over email and other cloud office applications by leveraging deep learning and natural language technologies. The Armorblox platforms connect via APIs and analyze millions of signals to comprehend the context of communications in order to safeguard individuals and data from compromise. Over 58,000 enterprises use Armorblox to prevent BEC and targeted phishing attacks, protect critical PII and PCI, and automate the repair of user-reported email threats.

Read More

DATA SECURITY, ENTERPRISE SECURITY, PLATFORM SECURITY

Contrast Security Launches New Partner Program, Security Innovation Alliance

Contrast Security | February 02, 2023

On February 1, 2023, Contrast Security (Contrast), a leading code security platform, announced the launch of its new partner program, the Security Innovation Alliance (SIA), a worldwide ecosystem of system integrators (SIs), cloud, channel, and technology alliances. SIA's mission is to provide customers with unrivaled, fully integrated application security solutions from Contrast and its strategic alliance partners, which include Amazon/Amazon Web Services (AWS), GitLab Inc., Microsoft, VMware, Armor Code, PagerDuty, Zimperium, Anchore, Wallarm, Neosec, Noname Security, Ermetic, Cloudwize, BLST Security, ProtectOnce, Scribe Security, Wiz, and Legit Security. Furthermore, the team will concentrate on expanding collaborations with SIs, technology providers, and independent software providers (ISVs). SIA and Contrast's robust strategic partner integrations will not only enable partners to integrate with the Contrast Secure Code Platform seamlessly but will also enable clients to realize the following benefits: To use Contrast's services confidently as part of a more extensive program for application security (AppSec). Increase the predictability of security and decrease the risk of implementing new code and AppSec technologies. Increased trust and confidence in already implemented technologies. SIA is designed to boost its partners' business capabilities to satisfy AppSec clients' demands. Contrast collaborates with each partner to deliver a customized experience that meets their specific interests and business requirements, including a streamlined onboarding process, joint marketing campaigns, integration support and access to the company's impressive install base. SIA is led by Goodman, a seasoned Alliance professional, and several other industry leaders, including Tracey Mead, Vice President, Strategic Alliances, System Integrators; Frank Gasparovic, Director, Ecosystem Engineering; Rachael Mott, Senior Director, Strategic Alliances, Technology Partners; Callie McCormick, Global Director of Channel Sales; and Ram Yonish, VP of EMEA Alliances. About Contrast Security Founded in 2014, Contrast Security is a leading code security platform firm purposely created for developers to get secure code flowing quickly and trusted by security teams to protect business applications. With Contrast, developers, security, and operations teams can swiftly secure code across the entire Software Development Life Cycle (SDLC) to defend against today's targeted Application Security (AppSec) threats. It also provides free security testing to all developers through CodeSec. Established by cybersecurity industry experts to replace old AppSec solutions that cannot secure modern organizations, the company defends its customers from major cybersecurity attacks, which include some of the world's top brands, such as BMW, AXA, DocuSign, Zurich, Sompo Japan, and American Red Cross, as well as several other prominent leading Fortune 500 companies.

Read More

DATA SECURITY, ENTERPRISE SECURITY, SOFTWARE SECURITY

Edgio Enhances Its Security Platform Capabilities to Improve Edge Security

Edgio | February 28, 2023

On February 27, 2023, Edgio, Inc. announced major enhancements to its security platform to enable enterprises to better identify and respond to emerging threats while ensuring the integrity, confidentiality, and availability of their data and applications. The platform's new capabilities aim to reduce the damage caused by the upsurge in the severity of Distributed Denial of Service (DDoS) and other advanced application attacks. Edgio's DDoS scrubbing solution delivers dedicated DDoS mitigation capacity that safeguards all protocols and direct-to-origin attacks, complementing Edgio's 250+ Tbps edge network to provide full-spectrum DDoS protection. Furthermore, the new enhancements to its Web Application and API Protection (WAAP) capabilities include advanced outbound data leak prevention, rule customizer, enhanced configurability, proxy detection and region code support to help customers comply with geographical compliance rules. DDoS attacks are on the rise, and according to the 2022 Verizon Data Breach Investigations Report, the top security threat is a DDoS attack. The addition of Edgio's DDoS scrubbing solution ensures maximum resiliency and uptime of customers' networks and applications by providing full-spectrum protection against all networks and applications, including direct-to-origin network attacks against non-web applications. Moreover, the new outbound security rules with added outbound traffic scan prevent attackers from causing a data breach by exploiting known vulnerabilities, thereby offering an additional layer of protection for confidential customer data and preventing the customer from executing malicious code. Additionally, Edgio can now detect and block requests originating from anonymous proxies, therefore allowing additional control over access to customers' applications. Edgio's advanced rules customizer allows customers to control the sensitivity of individual security rules and increases its accuracy while minimizing false positives. Finally, enhanced configuration management enables developers to directly import and export configuration JSON via UI and API to deploy protection for new applications rapidly. Edgio also enables clients to control access to their applications through advanced access control rules. The latest enhancements now support more profound regional control, down to the province or region level, in its custom security rules and WAAP's access rules, supporting ongoing compliance requirements in the modern geopolitical environment. About Edgio Headquartered in Phoenix, AZ, Edgio helps companies deliver online experiences and content safer, faster and with more control. Its globally scaled edge network and integrated media and application solutions provide businesses with the tools necessary to deliver high-performance, secure web properties and streaming content quickly and securely. The company's platform and suite of edge services enable enterprises to boost their revenue and overall business value by delivering their content more efficiently and securely. Companies across various industries, including entertainment, technology, retail, and finance, depend on Edgio's technology and services to defend and accelerate their online properties.

Read More

More featured news