The 10 Hottest Zero-Trust Vendors To Watch In 2021
From scrutinizing users and forsaking VPN to embracing micro-segmentation and authentication throughout the network, here’s a look at 10 zero-trust vendors fighting for the dominant position in this booming market.
Taking Nothing For Granted
The COVID-19 pandemic has accelerated the journey to zero-trust platforms as virtually the world’s entire workforce was shoved outside a defined network perimeter, forcing organizations to secure end users who are working remotely as well as fix anomalies and configuration issues revealed by the new approach, according to Forrester.
A zero-trust approach to security reflects four principles: no user should be trusted by default since they could be compromised; VPN and firewalls can’t do it alone since they just guard the perimeter; identity and device authentication should took place throughout the network rather than just on the perimeter; and micro-segmentation really helps minimize damage from hackers by creating interior walls and locks.
Good zero-trust platforms integrate security functions into nearly invisible tooling, Forrester said, making it so that users have no choice but to operate in a more secure fashion. The most successful zero-trust vendors can layer new functions on top of existing security infrastructure components, meaning that clients don’t have to remove or replace the security investments they’ve already made.
From scrutinizing users and forsaking VPN to embracing micro-segmentation and authentication throughout the network, here’s a look at 10 zero-trust vendors fighting for the dominant position in this burgeoning market.
Akamai’s Enterprise Application Access locks down the corporate network with dial-out only access to applications behind the firewall. Regardless of whether applications are hosted on-premises or in IaaS or SaaS environment, Akamai’s technology makes it so that application access is based solely on entitlement, identity, authentication, and authorization at a per-application level.
The company’s Kona Site Defender web application firewall protects internal applications against SQL injection attacks and other insider threats from formerly trusted hosts, Akamai said. Using a zero-trust approach to gain visibility and context for all traffic across users, devices, locations, and applications not only reduces risk, but also streamlines the corporate application deployment process, Akamai said.
Akamai additionally leverages device posture for dynamic access decisions, which complements and enhances existing authentication, authorization, access control rules, and reporting capabilities by providing additional context and signals. And Enterprise Defender enables companies to ensure secure access to applications they control, while mitigating risks around applications they don’t control.
Appgate Software Defined Perimeter (SDP) is a zero-trust network access offering designed to simplify and strengthen access controls for every user on any device. It reduces the attack surface by making ports, workloads, and applications invisible unless a user is authenticated and authorized to access, with access permissions based on user context such as role, date, time, location, and device posture.
The offering prevents lateral movement and eliminates visibility and access to unauthorized resources through surgical micro-segmentation and controlling bi-directional connections between resources on the network. Appgate SDP offers a single framework for all users, devices, networks, and infrastructure, while a consistent experience and configuration across hybrid IT reduces administrative burden.
Appgate SDP leverages data from identity and directory systems as well as environmental metadata to dynamically create or extend policies and entitlements. The offering can also push detailed access log activity as well as use risk data from other tools - such as SIEMs and UEBAs - as access criteria, according to Appgate.
Cisco Zero Trust offers a comprehensive approach to securing access across an organization’s applications and environment regardless of user, device, or location. This complete zero trust security model allows businesses to mitigate, detect and respond to risks across their environment.
The platform provides tools that establish trust in users and devices through authentication and continuous monitoring of each access attempt, with custom security policies that protect every application. Cisco Zero Trust also secures connections for all APIs, microservices, and containers that access a business’ applications, whether in the cloud, data center, or other virtualized environment.
Cisco Zero Trust’s automated network segmentation capabilities allow businesses to set micro-perimeters for users, devices, and application traffic without requiring network redesign. The platform also provides businesses with detailed logs, reports, and alerts that can help them better detect and respond to threats, as well as automate threat containment based on any changes in the trust level.
Guardicore Centra classifies assets and maps application dependencies that are critical to creating segmentation policy for zero trust micro-perimeters. It also provides micro-segmentation and breach detection capabilities to prevent the spread of breaches and detect them faster.
Applying a zero-trust approach to segmentation of the network and critical assets with Guardicore Centra reduces the scope of compliance initiatives such as PCI, DSS, and SWIFT, according to the company. Guardicore provides real-time and historical maps to identify sensitive connections and flows across any infrastructure, allowing customers to fully understand application dependencies.
The company provides a software-defined segmentation offering that is decoupled from the network, allows segmentation down to the application level and ensuring policies follow the workload across any infrastructure. Guardicore provides methods to detect malicious behavior, including dynamic deception to analyze malicious lateral movement, and reputation analysis to detect malicious processes and traffic.
Illumio delivers end-to-end zero trust micro-segmentation from the data center and cloud to endpoints to stop the spread of ransomware and bad actors. The company said it protects against lateral movement across users, end-user devices, applications, workloads, network devices, servers, and other infrastructure.
The company said it leverages existing investments including host firewalls, switches, and load balancers to enforce segmentation across legacy and hybrid systems. And Illumio’s enterprise-level role-based access control ensures segregation of duties across policy owners, provisioners, security ops, compliance, and auditors.
Meanwhile, Illumio Edge protects remote user devices from the spread of ransomware whether on the network, remote, or using public WiFi. It also whitelists peer-to-peer application connections across laptops and endpoints. The company’s segmentation is a compensating control for unpatched devices, while Illumio’s encryption secures all data in motion between workloads, agnostic of OS or location.
The zero-trust security approach undertaken by MobileIron, which was acquired by Ivanti, goes beyond identity management by using a more comprehensive set of attributes to determine compliance. The company’s approach validates the device, establishes user context, checks app authorization, verifies the network, and detects and remediates threats before granting secure access to a device or user.
The company ensures that devices, apps, users, and networks meet compliance requirements before allowing access to business apps and data. MobileIron Access supports a zero-trust security framework by ensuring only authorized resources can access and share corporate data from any device, OS, or location to any service.
Meanwhile, MobileIron Threat Defense (MTD) provides zero trust security using built-in threat detection and remediation across devices, apps, and networks without the need for Internet connectivity. It ensures complete user adoption of mobile threat protection and provides in-depth threat visibility through a dashboard as well as forensics data.
Microsoft’s zero-trust implementation strategy addresses strong user identity, device health verification, and least-privilege access to corporate resources and services, all backed by data that reduces the risk of unauthorized lateral movement across the corporate network. Through these authentication and verification methods, Microsoft can ensure that users are only given access that is explicitly authorized.
Customers can implement multifactor authentication through Azure Authenticator, which allows them to grant access to the specific corporate resources explicitly approved for each individual user, in a mobile-friendly environment and across multiple devices. As things continue to move forward, Microsoft said its end goal is to completely eliminate passwords.
Cloud management software like Microsoft Intune can ensure that every device is healthy before being allowing access to major productivity applications like Microsoft Exchange, SharePoint, and Teams. Customers can also establish a set of managed virtualized services that make applications and full Windows desktop environments available to users with unmanaged devices, according to Microsoft.
Okta approaches zero trust security by processing a variety of contextual insights about a user—including their credential, device, location, network, and the application or browser a resource is accessed from. Based on the conditions the customer has defined, Okta’s policy engine will respond with actions such as allow, deny, prompt for multi-factor authentication, and more.
Behavioral detection policies enhance the Okta policy framework by tracking unusual activity such as anomalous location, anomalous IP, and anomalous devices, the company said. Okta’s rogue accounts report compares assignments in Okta to accounts that exist in a specified app and lists the differences, allowing customers to find accounts that were created directly in the app without going through Okta.
Okta plays a critical role to ensure that your users are only able to access applications and resources from devices that you can trust by first recognizing if access is initiated from the correct user, and then assessing that it is a known device. From there, Okta said it needs to assess if the platform and client that the user is attempting to access from follows the customer’s security policy.
Palo Alto Networks
Palo Alto Networks’ approach to zero-trust is oriented around a well-coordinated architecture that validates, authenticates, and applies threat prevention capabilities across a firm’s entire infrastructure. The company said its PAN-OS offerings enable deployment of granular policy enforcement and threat prevention capabilities, including IoT security, regardless of location.
Prisma Access is built upon the requirements of zero-trust network access, authenticating a user at the secure access service edge, provisioning access to privileged resources, and monitoring user behavior once they connect. It shields private applications from public exposure to the internet, provisions user access according to the policies the organization sets, and monitors all authenticated user traffic.
Meanwhile, Palo Alto Networks said Prisma Cloud enables all different aspects of zero trust for public or private clouds across all compute form factors. And as far as the security operations center (SOC) is concerned, Palo Alto Networks said Cortex applies automation and analytics to double check all the trust decisions that have been made previously and enables change in near-real time.
Zscaler Private Access (ZPA) provides seamless, zero trust access to private applications running on public cloud or within the data center, ensuring they remain completely invisible to unauthorized users by avoiding having them exposed to the internet. The service never places users on the network itself, and supports both managed and unmanaged devices and any private application (not just web apps).
ZPA ensures that only authorized users have access to specific private applications by creating secure segments of one between individual devices and apps, according to Zscaler. It uses lightweight software to connect apps and users to the Zscaler security cloud, where the brokered micro-tunnels are stitched together in the location closest to the user.
The service provides visibility into previously undiscovered internal applications running in the data center or public cloud, allowing admins to set granular policies for discovered applications to ensure least-privilege access. With ZPA, authorized users have access to specific private apps without the need to access the network, reducing the risk of lateral movement and the spread of ransomware.