sb-nz logo
Story image

Enterprises look to zero trust network access to thwart VPN attacks

08 Nov 2019

An increase in the number of vitual private network (VPN) attacks is causing businesses to shift towards a new model of network security: Zero Trust Network Access.

According to a report from Zscaler and Cybersecurity Insiders, 78% of the 315 polled IT and security professionals plan to implement Zero Trust Network Access (ZTNA) at some time in the future; 59% plan to implement it in the next 12 months, and 15% have already implemented done so.

Zscaler explains that ZTNA services are built to ensure that only authorised users can access specific applications based on business policies. Unlike VPNs, users are never placed on the network and apps are never exposed to the internet. According to the company, this creates a zero attack surface, protecting the business from threats like the recent wave of malware and successful VPN attacks.

Two-thirds of polled IT security professionals (66%) say they are most excited about zero trust’s ability to deliver least privilege access to protect private apps. This is followed by apps no longer being exposed to unauthorized users or the Internet (55%), and access to private apps no longer requiring network access (44%).

Zscaler CIO Patrick Foxhoven comments that state-sponsored groups exploit known flaws in VPNs, which means organisations need to reduce their attack surface. They can do this by rethinking how they secure and provide access to their apps in a cloud and mobile-first world.

The report found that 53% of respondents believe their current security technology can mitigate their risk even though legacy technologies directly connect users to the network - expanding the attack surface.

“Though it is encouraging to see so many organisations are pursuing ZTNA to close gaps created by VPNs, I am surprised that more than half of those surveyed believe their current infrastructure is reliable enough to protect the enterprise,” Foxhoven continues.

The highest security priority for application access is privileged account management of users and multi-factor authentication (68%). This is followed by detection of, and response to, anomalous activity (61%) and securing access from personal, unmanaged devices (57%).

Additionally, 61% of organisations are concerned about partners with weak security practices accessing internal applications, despite their own internally weak security practices.

Furthermore, BYOD is still an IT security reality in 2019 as 57% of organisations are prioritizing secure access from personal, unmanaged devices.

The 2019 Zero Trust Adoption report surveyed 315 IT and cybersecurity professionals across multiple industries.

Story image
Oracle combines cloud automation with comms security in new solution
The Oracle Communications Security Shield (OCSS) Cloud is built on the company’s cloud infrastructure, and uses AI and real-time enforcement to combat the heightened risk of infrastructure attacks presented to contact centres and enterprises.More
Story image
Okta, CrowdStrike, Netskope and Proofpoint create shared zero trust security strategy
Okta, CrowdStrike, Netskope and Proofpoint have joined forces to develop and launch an integrated, zero trust security strategy, stating that this is crucial for today’s digital and remote working environments.More
Link image
Scale-out multi-protocol storage & data management with Hedvig
The advantages of data growth are clear if they are harnessed properly: Agility, scalability, and lower costs are but a few of those advantages. Find out how you can make these a reality with Hedvig.Register Here
Story image
Illumio launches Zero Trust endpoint protection solution for our digital, remote world
“As organisations were forced to transform overnight to allow for remote work, a host of endpoint security issues that have either been ignored or invisible until now were brought to the forefront."More
Story image
Cybersecurity spending slumps - but swift recovery expected
New research from GlobalData found that the industry will recover after this initial slump to be worth almost US$238 billion by 2030.More
Link image
Networks integrate threat awareness for stronger cybersecurity
Security threats can be challenging to address, but you can build more awareness into your networks.More