product
- Web Protection Suite(SWG)
- Symantec Cloud SOC (CASB)
- Symantec Zero Trust Network Access(ZTNA)
- Symantec Endpoint Security(EPP・EDR)
- Symantec Email Security.cloud (Email Security)
- Symantec Ghost Solution Suite (kitting tool)
- SSL Visibility Appliance (SSL Composite)
- Macnica Cloud Security Security Package
- Other services/product information
Specifications/Technical Information
Zero Trust Network Access (ZTNA) VPN, a source of intrusion, becomes the next generation of remote access
Zero Trust Network Access (ZTNA) is literally zero trust network access, which enables network access while realizing the basic principle of zero trust: "Trust nothing." Until now, remote access using VPN has been the mainstream.
Especially around 2020, when the coronavirus was in full swing, VPNs became rapidly popular, and all employees started using VPNs to access internal systems, whereas previously only some employees could use them. There was a problem with the load easily increasing, which caused problems such as poor connections and delays.
In terms of security, attacks that target vulnerabilities in the VPN products themselves also occur, and if an external attacker is allowed to infiltrate via the VPN, they will be able to access all company resources, leading to a major incident.
Additionally, until now, the main routes for malware intrusion have been the web and email. Nowadays, VPNs account for over 60% to 80% of intrusions. For this reason, an increasing number of companies are replacing VPN with ZTNA. In the case of ZTNA, it is possible to design services and resources that can be accessed based on appropriate access rights for each user according to policies. Unlike a VPN, this means that you will not be able to access all of your company's resources, reducing risks.
In addition, ZTNA is deployed on the cloud, which solves the load problem, and because it operates like a reverse proxy on ZTNA's cloud, it has a structure that does not allow direct access to internal resources, providing stronger security. Masu.
Features of Symantec's ZTNA
- Software Defined P erimeter(SDP)
- Flexible access restrictions
Software Defined Perimeter(SDP)
A technology that virtually and dynamically configures the perimeter of a network using software, which enables the dynamic creation of one-to-one network connections between users and the resources they access using software. Masu.
In addition, authentication is performed each time communication is established, and once communication ends, connection will not be restarted unless a connection request is made. This mechanism is based on the principles of Zero Trust, and provides a secure network even in Zero Trust, where there is no concept of perimeter defense. Specifically, it is effective against attacks such as server scanning, DoS, and exploiting operating system and application vulnerabilities.
Symantec's ZTNA also uses SDP to provide a secure network. Specifically, the cloud application that provides ZTNA operates as a reverse proxy, and this is achieved by deploying a connector that runs on Docker to internal resources and IaaS such as AWS and GCP.
When users access ZTNA's cloud applications, they can safely access internal resources according to their access rights. It is also possible to check detailed access logs when accessing internal resources via ZTNA, making it easy to investigate any problems that occur.
Flexible access restrictions
With conventional remote access using VPN, it is difficult to flexibly restrict access, and once a connection is made, it is possible to freely access in-house resources. Conversely, if a malicious attacker were to illegally obtain your VPN account and impersonate your company, they could gain access to all company resources. Symantec's ZTNA allows you to give your employees the right access rights by flexibly combining user, site (location of connectors), and application (individual internal resources). It is also possible to provide ZTNA without an agent, and supports the following protocols: "HTTPS", "SSH", "RDP over HTTPS", and "TCP over SSH".
Agents provide protocol-independent access to resources. In this way, the operation differs depending on whether there is an agent or not, so it is possible to flexibly design access rights for external employees such as contract companies and temporary employees.
Even if you want to temporarily allow remote access to specific resources for maintenance, etc., you can grant access rights flexibly and safely.
Please download the rest of the document by clicking the button below.
Inquiry/Document request
In charge of Macnica Symantec Co., Ltd.
- TEL:045-476-2010
- E-mail:symantec-sales@macnica.co.jp
Mon-Fri 8:45-17:30