Page 125 - Cyber Defense eMagazine August 2023
P. 125

You’re Blind to Endpoint Risk

            This  is  perhaps  the  most  egregious  miss  for  ZTNA.  Authentication  is  great,  but  as  everyone  knows,
            devices  are the  most  used  vehicle  to  compromise  enterprise  networks  and  systems.  So,  if  you  can’t
            monitor  the risk  posture  of an endpoint  after it connects,  you’re out  of luck  if the device  is vulnerable
            because its anti-virus is out of date, or its firewall is turned off.

            Traditional  ZTNA  does  not  deliver  endpoint  risk  monitoring  or  remediation.  And  since  it’s  really  only
            focused on applications, it’s not outside the realm of possibility for a device to move laterally across the
            network after it’s authenticated if the user is sophisticated enough. In this sense, ZTNA can actually make
            you  more  vulnerable  than  you  even  realize.  Again,  as  with  the  previous  problem,  this  security  gap
            necessitates a solution like NAC, which can monitor endpoint risk and remediate devices that fall out of
            compliance.



            Think Bigger, Think Universal Zero Trust

            Despite all these problems  with ZTNA, there is hope for zero trust, it just requires those considering  a
            move to this security model to expand their mindset.  It also means that instead  of patching  together a
            portfolio of highly focused security tools like ZTNA or NAC, companies need to invest in unified, cloud-
            native,  and  friction-less  solutions  that  can  address  all  key  zero  trust  use  cases  in  a  centralized  and
            scalable fashion.

            Fortunately, emerging technology  is bridging these gaps to deliver “universal zero trust,” which extends
            zero  trust  access  control  to  networks,  applications  and  infrastructure  for  employees,  guests  and
            contractors  working  on-campus  and remotely.  This is the  holy grail of zero  trust – where  all critical IT
            assets are covered by a never trust, always verify security model. This is something ZTNA alone cannot
            do.





            About the Author

            Denny LeCompete  is the CEO of Portnox. He is responsible for overseeing
            the  day-to-day  operations  and  strategic  direction  of  the  company.  Denny
            brings  over  20  years  of  experience  in  IT  infrastructure  and  cyber  security.
            Prior to joining Portnox, Denny held executive leadership  roles at leading IT
            management and security firms, including SolarWinds and AlienVault. Denny
            holds a Ph.D. in cognitive psychology from Rice University.

            Denny  can  be reached  online  at  [email protected]  and  at our company
            website https://www.portnox.com/.








            Cyber Defense eMagazine – August 2023 Edition                                                                                                                                                                                                               125
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   120   121   122   123   124   125   126   127   128   129   130