Teldat’s Zero Trust Network Access (ZTNA) FAQ’s

Q: What is Zero Trust Network Access (ZTNA)?

ZTNA is a cloud-based service that provides access to internal applications only when necessary. It shifts away from traditional VPNs by providing granular access to applications, regardless of where users are located. The core premise is to limit general access to resources, applying policies based on identity and context, and restricting remote workers’ network access to only the applications they need.

Q: How does ZTNA improve a company's security posture?

ZTNA significantly reduces the company’s exposure to cyber threats by preventing unauthorized access and lateral movement within the network. It reduces the attack surface and helps secure information by implementing a “Default Deny” strategy, which isolates systems until a specified level of trust is confirmed.

Q: How is ZTNA different from a traditional Virtual Private Network (VPN)?

Traditional VPNs often provide overly permissive network access, meaning if a third party gains access to user credentials, they could gain unrestricted access to the entire network. VPNs are also often inadequate and not scalable enough for modern organizations. ZTNA, conversely, provides granular access only to specific applications or resources after authentication and authorization. Furthermore, ZTNA creates a “dark cloud” perimeter, making it difficult for attackers to scan for vulnerabilities, unlike traditional VPNs.

Q: What is meant by "granular access control" in ZTNA?

Granular access control means that access is strictly limited based on need. ZTNA policies provide specific access to internal company applications for designated users or groups, based on their access profile. It enables role-based access for each user and application.

Q: What is the ZTNA "dark cloud" concept?

The "dark cloud" concept is central to how ZTNA operates, similar to software-defined perimeters (SDPs). It prevents users from seeing applications or services they are not authorized to access. This security boundary makes it difficult for attackers to scan for vulnerabilities, which is a significant advantage over traditional VPNs.

Q: How does ZTNA verify user and device access?

Access verification is managed through a specific agent installed on the device. This agent is digitally signed by the user (to prevent unauthorized access due to credential theft). It checks if the device complies with security policies before granting access to applications or resources based on the user’s access profile. ZTNA also supports two-factor authentication and host-based controls to prevent credential theft.

Q: What happens if a user’s account is compromised in a ZTNA environment?

If a user’s account is compromised, ZTNA is designed to reduce access permissions. Because ZTNA operates on a "Default Deny" strategy and only grants access to specific applications, the potential damage is mitigated, unlike traditional VPNs which might grant unrestricted network access upon credential compromise.

Q: What are the key components of a ZTNA solution (e.g., Teldat’s be.Safe Pro)?

Teldat’s be.Safe Pro solution features three key components: 1. An agent installed on each device. 2. A cloud-based Broker that manages connections and enforces granular access policies. 3. A connector deployed as a virtual image in the area where internal applications are accessed, which establishes a secure tunnel to the cloud Broker.

Q: How are applications registered and policies applied in ZTNA?

Applications can be registered individually or in groups. Applications are registered by Host, URL, IP, and port. Authorization settings are synchronized with the directory, allowing administrators to create detailed access policies tailored to individual user profiles.

Q: How does ZTNA handle scalability for a growing organization?

ZTNA solutions, particularly those hosted in the public cloud, are designed to be dynamically scalable. They adapt to varying data demands and traffic within the office, enhancing scalability.

1. What is Secure Access Service Edge (SASE) and why is it necessary?

2. How does ZTNA improve a company’s security posture?

3. How is ZTNA different from a traditional Virtual Private Network (VPN)?

4. What is meant by “granular access control” in ZTNA?

5. What is the ZTNA “dark cloud” concept?

6. How does ZTNA verify user and device access?

7. What happens if a user’s account is compromised in a ZTNA environment?

8. What are the key components of a ZTNA solution (e.g., Teldat’s be.Safe Pro)?

9. How are applications registered and policies applied in ZTNA?

10. How does ZTNA handle scalability for a growing organization?

11. Can ZTNA be used to secure devices other than traditional user equipment?

12. How does ZTNA integrate with broader cybersecurity frameworks like SASE and XDR?

13. Does ZTNA include advanced threat protection capabilities?

14. What are some typical business challenges ZTNA helps solve?

15. How does ZTNA benefit organizations dealing with distributed applications and remote workers?

1. What is Zero Trust Network Access (ZTNA)?

ZTNA is a cloud-based service that provides access to internal applications only when necessary. It shifts away from traditional VPNs by providing granular access to applications, regardless of where users are located. The core premise is to limit general access to resources, applying policies based on identity and context, and restricting remote workers’ network access to only the applications they need.

2. How does ZTNA improve a company’s security posture?

ZTNA significantly reduces the company’s exposure to cyber threats by preventing unauthorized access and lateral movement within the network. It reduces the attack surface and helps secure information by implementing a “Default Deny” strategy, which isolates systems until a specified level of trust is confirmed.

3. How is ZTNA different from a traditional Virtual Private Network (VPN)?

Traditional VPNs often provide overly permissive network access, meaning if a third party gains access to user credentials, they could gain unrestricted access to the entire network. VPNs are also often inadequate and not scalable enough for modern organizations. ZTNA, conversely, provides granular access only to specific applications or resources after authentication and authorization. Furthermore, ZTNA creates a “dark cloud” perimeter, making it difficult for attackers to scan for vulnerabilities, unlike traditional VPNs.

4. What is meant by “granular access control” in ZTNA?

Granular access control means that access is strictly limited based on need. ZTNA policies provide specific access to internal company applications for designated users or groups, based on their access profile. It enables role-based access for each user and application.

5. What is the ZTNA “dark cloud” concept?

The “dark cloud” concept is central to how ZTNA operates, similar to software-defined perimeters (SDPs). It prevents users from seeing applications or services they are not authorized to access. This security boundary makes it difficult for attackers to scan for vulnerabilities, which is a significant advantage over traditional VPNs.

6. How does ZTNA verify user and device access?

Access verification is managed through a specific agent installed on the device. This agent is digitally signed by the user (to prevent unauthorized access due to credential theft). It checks if the device complies with security policies before granting access to applications or resources based on the user’s access profile. ZTNA also supports two-factor authentication and host-based controls to prevent credential theft.

7. What happens if a user’s account is compromised in a ZTNA environment?

If a user’s account is compromised, ZTNA is designed to reduce access permissions. Because ZTNA operates on a “Default Deny” strategy and only grants access to specific applications, the potential damage is mitigated, unlike traditional VPNs which might grant unrestricted network access upon credential compromise.

8. What are the key components of a ZTNA solution (e.g., Teldat’s be.Safe Pro)?

Teldat’s be.Safe Pro solution features three key components:

1. An agent installed on each device.

2. A cloud-based Broker that manages connections and enforces granular access policies.

3. A connector deployed as a virtual image in the area where internal applications are accessed, which establishes a secure tunnel to the cloud Broker.

9. How are applications registered and policies applied in ZTNA?

A modern security approach is needed by any industry that relies on a network of geographically dispersed offices to serve local customers. Sectors mentioned include financial services, insurance, travel, distribution, healthcare, and administration.

10. How does ZTNA handle scalability for a growing organization?

ZTNA solutions, particularly those hosted in the public cloud, are designed to be dynamically scalable. They adapt to varying data demands and traffic within the office, enhancing scalability.

11. Can ZTNA be used to secure devices other than traditional user equipment?

Yes, ZTNA provides secure access for unsecured IoT devices (like sensors, cameras, and automation systems). For some IoT devices, ZTNA allows access from remote physical devices that establish a tunnel to the service without needing an installed agent, enabling the implementation of visibility and control policies.

12. How does ZTNA integrate with broader cybersecurity frameworks like SASE and XDR?

ZTNA is expected to become a key element of SASE services, which integrate network and security functions at the client level. Additionally, integrating ZTNA with visibility tools like Extended Detection & Response (XDR) strengthens security by detecting anomalous behavior (e.g., failed access attempts, unusual data transfers) across OT and IT networks.

13. Does ZTNA include advanced threat protection capabilities?

Yes, some ZTNA solutions, like Teldat’s, offer a Threat Prevention subscription alongside ZTNA. This combination allows for the detection of suspicious behavior and known attacks against applications and internal resources.

14. What are some typical business challenges ZTNA helps solve?

ZTNA addresses several modern challenges, including:

• Segmenting access to internal networks to compartmentalize networks and contain viruses or breaches within specific environments.

• Providing secure and personalized remote connectivity for SMBs migrating applications to the cloud.

• Allowing organizations, such as financial institutions, to increase control and obtain greater visibility into how users are accessing corporate servers and resources.

15. How does ZTNA benefit organizations dealing with distributed applications and remote workers?

ZTNA streamlines application access by integrating private cloud, VPN, and SaaS access into a unified approach. It offers centralized control and the necessary flexibility and scalability to provide appropriate access to users regardless of their location, based on their device, location, and time of day.