ZTNA (Zero Trust Network Access) implements Zero Trust for remote access. Replaces VPNs with granular, identity-based access to individual applications using the 'dark cloud' concept.

● Cybersecurity Glossary

What Is Zero Trust?

Zero Trust is a cybersecurity model built on the principle of “never trust, always verify.” Unlike traditional perimeter-based security that implicitly trusts everything inside the network, Zero Trust assumes no user, device, or connection is trustworthy by default. Every access request must be continuously authenticated, authorized, and validated. Defined by NIST in Special Publication 800-207, Zero Trust has become the foundational security framework for modern enterprise networks.

1Definition & Principles 2NIST Zero Trust Framework 3Zero Trust vs. Perimeter Security 4ZTNA: Zero Trust Network Access 5Zero Trust SD-WAN 6How to Implement Zero Trust 7Teldat Zero Trust Solutions 8Frequently Asked Questions

Zero Trust Definition and Core Principles

Zero Trust is a cybersecurity paradigm that eliminates implicit trust and requires continuous verification of every user, device, and network flow. As defined by NIST SP 800-207, it moves defenses from static perimeters to focus on users, assets, and resources.

The model emerged in response to remote workforces, BYOD, cloud applications, and dissolved network perimeters. Traditional “castle and moat” security leaves organizations vulnerable to lateral movement by attackers who breach the perimeter.

1

Never Trust, Always Verify

Authenticate and authorize every access request, every time. No implicit trust based on network location or previous authentication.

2

Least Privilege Access

Grant only the minimum permissions needed. Users access only what their role requires—nothing more.

3

Assume Breach

Design security as if attackers are already inside. Drives microsegmentation, continuous monitoring, and automated response.

4

Microsegmentation

Divide the network into isolated zones. Prevents lateral movement—access to one zone does not grant access to others.

5

Continuous Monitoring & Validation

Trust is not one-time. Continuously evaluate identity, device posture, location, and behavior—revoking access if conditions change.

The NIST Zero Trust Framework (SP 800-207)

NIST SP 800-207 is the definitive reference for Zero Trust Architecture. Complemented by NIST SP 1800-35 (finalized June 2025), it establishes seven core tenets: all resources require access control; all communication is secured regardless of location; access is per-session; access decisions are dynamic; the enterprise monitors all assets; authentication is strictly enforced; and the enterprise collects maximum state information.

Architecture Components

NIST defines three logical components: the Policy Engine (PE) that makes trust decisions, the Policy Administrator (PA) that manages communication paths, and the Policy Enforcement Point (PEP) that enables and terminates connections. Implemented through ZTNA, SASE, SDP, identity governance, and microsegmentation.

NIST SP 1800-35 (2025): The NCCoE worked with 24 technology collaborators to build 19 example ZTA implementations. This is the most comprehensive practical guide for implementing Zero Trust, with mappings to the NIST CSF and SP 800-53r5.

Zero Trust vs. Traditional Perimeter Security

Dimension	Perimeter Security	Zero Trust
Trust Model	Trust inside, block outside	Never trust, always verify
Access Scope	Network-wide after auth	Per-application, per-session
Remote Access	VPN (full network)	ZTNA (app-level)
Lateral Movement	Unrestricted inside	Blocked by segmentation
Verification	One-time at login	Continuous
Cloud & Remote	Poorly suited	Designed for distributed

ZTNA: Zero Trust Network Access

ZTNA implements Zero Trust for secure access. It replaces VPNs by providing granular, identity-based access to individual applications using the “dark cloud” principle: applications are hidden from unauthorized users through outbound-only connections.

ZTNA verifies identity, device posture, location, and compliance before granting access to the specific application—not the network. Authentication is continuous, device compliance is checked every session, and if credentials are compromised, damage is limited to the specific application.

Zero Trust SD-WAN

Zero Trust SD-WAN applies Zero Trust to SD-WAN environments: identity-based segmentation, continuous verification, and granular access policies for all connections.

SD-WAN alone does not provide security. Zero Trust SD-WAN adds authentication, segmentation, and policy enforcement to every connection. The architecture uses a Broker as central hub where encrypted tunnels from branches and remote users are authenticated and access policies enforced. Connectors are deployed close to applications in data centers or cloud.

How to Implement Zero Trust

Zero Trust is not a single product but a strategic approach implemented progressively:

1

Identify and Map Resources

Catalog all users, devices, applications, data flows. You cannot protect what you cannot see.

2

Strengthen Identity & Access Management

Implement MFA, SSO, and RBAC. Identity is the new perimeter.

3

Deploy Microsegmentation

Isolate zones. Application-level policies. Use NGFW and Zero Trust SD-WAN at every branch.

4

Replace VPN with ZTNA

Application-level access instead of network-level. Dark cloud model to hide apps from unauthorized users.

5

Enable Continuous Monitoring

Deploy XDR, SIEM, and behavioral analytics. Automate response. Zero Trust is ongoing, not one-time.

Teldat Zero Trust Solutions

Teldat provides a comprehensive Zero Trust ecosystem integrating ZTNA, Zero Trust SD-WAN, NGFW, and XDR into a unified platform.

Zero Trust SD-WAN

Internal segmentation and advanced security with integrated ZTNA. Secure overlay connecting remote sites with data centers or cloud. Broker-based architecture enforcing authentication, device compliance, and granular policies. Hardware-agnostic.

ZTNA with be.Safe Pro

Three components: agent (digitally signed, device compliance), cloud Broker (connections and access policies), and connector (virtual image near applications). Dark cloud architecture. Threat Prevention integration. Default Deny policy.

Full Ecosystem Integration

Natively integrates with be.Safe Pro (NGFW/SASE), be.Safe XDR, and the complete SD-WAN suite. Zero Trust policies, firewall rules, XDR detection, and SD-WAN routing—all from a single console.

Teldat’s advantage: As both network hardware manufacturer and security software provider, Teldat implements Zero Trust at every layer—from physical router to cloud service. Zero Trust SD-WAN with embedded NGFW and integrated ZTNA enforces identity-based segmentation, continuous verification, and threat prevention at every branch and connection without separate appliances.

Discover Zero Trust SD-WAN →

Frequently Asked Questions

❯ What is Zero Trust in simple terms?

A cybersecurity approach: “never trust, always verify.” No user, device, or connection is trusted by default. Every access request is continuously verified.

❯ What is the NIST Zero Trust framework?

NIST SP 800-207 defines ZTA. Core tenets: no implicit trust, per-session authorization, least privilege, continuous monitoring. SP 1800-35 (2025) provides 19 example implementations.

❯ What is the difference between Zero Trust and ZTNA?

Zero Trust is the philosophy. ZTNA is the technology implementing it for remote access—replacing VPNs with granular, identity-based application access using the “dark cloud” concept.

❯ What is Zero Trust SD-WAN?

Zero Trust applied to SD-WAN: identity-based segmentation, continuous verification, granular policies for all connections. Teldat integrates ZTNA with secure overlay networks.

❯ Does Zero Trust replace firewalls?

No—but changes their role. Firewalls handle traffic inspection and IPS. Zero Trust adds identity-based control, microsegmentation, and continuous verification. ZTNA replaces VPNs specifically.