MANILA, Philippines, February 15, 2022 — Palo Alto Networks (NASDAQ: PANW), a 10-time leader in…
Palo Alto Networks Calls on Cybersecurity Industry to Adopt ZTNA 2.0 — Zero Trust with Zero Exceptions
- First-gen ZTNA solutions have major gaps in security protection and can put organizations at significant risk
- Palo Alto Networks introduces ZTNA 2.0 to equip businesses with hybrid-work ready security
Philippines, June 7, 2022 — Palo Alto Networks (NASDAQ: PANW), the global cybersecurity leader, today urged the industry to move to Zero Trust Network Access 2.0 (ZTNA 2.0) — the foundation for a new era of secure access. ZTNA was developed as a replacement for virtual private networks (VPNs) when it became clear that most VPNs did not adequately scale and were overly permissive, but the first-generation ZTNA products (ZTNA 1.0) are too trusting and can put customers at significant risk. ZTNA 2.0 solves these problems by removing implicit trust to help ensure organizations are properly secured.
Palo Alto Network’s The State of Cybersecurity Report 2022 found that 94% of organizations in the Philippines and Southeast Asia have experienced an increase in cyberattacks in 2021. To combat the rising threats in a hybrid workplace, 57% of organizations in the Philippines have focused on implementing Identity and Access Management, an architecture enabling Zero Trust Network Access (ZTNA) 1.0 solution which supports only coarse-grained access controls, incorporates an “allow and ignore” approach for both users and app traffic, and provide either little or no advanced security consistently across all apps.
“This is a critical time for cybersecurity. We are in an era of unprecedented cyberattacks, and the past two years have dramatically changed work — for many, work is now an activity, not a place. This means that securing employees and the applications they need is both harder and more important,” said Nir Zuk, founder, and chief technology officer at Palo Alto Networks. “Zero trust has been embraced as the solution — and it is absolutely the right approach! Unfortunately, not every solution with Zero Trust in its name can be trusted. ZTNA 1.0 — for example — falls short.”
For a zero trust solution, ZTNA 1.0 has several limitations. It is overly permissive in granting access to applications because it can’t control access to sub-applications or particular functions. Additionally, there is no monitoring of changes in user, application, or device behavior, and it cannot detect or prevent malware or lateral movement across connections. ZTNA 1.0 also cannot protect all enterprise data.
ZTNA 2.0 — Zero trust solution with zero exceptions
To help ensure organizations meet the security challenges of modern applications, threats, and the hybrid workforce, Palo Alto urges businesses to adopt ZTNA 2.0-capable products, such as Palo Alto Networks Prisma® Access, which incorporates the following key principles:
- Least-privileged access — enables precise access control at the application and sub-application levels, independent of network constructs like IP addresses and port numbers.
- Continuous trust verification — after access to an application is granted, continuous trust assessment is ongoing based on changes in device posture, user behavior, and application behavior.
- Continuous security inspection — uses deep and ongoing inspection of all application traffic, even for allowed connections to help prevent threats, including zero-day threats.
- Protection of all data — provides consistent control of data across all applications, including private applications and SaaS applications, with a single data loss prevention (DLP) policy.
- Security for all applications — consistently secures all types of applications used across the enterprise, including modern cloud-native applications, legacy private applications, and SaaS applications.
In a new report, John Grady, ESG senior analyst, said: “[F]irst-generation/ZTNA 1.0 solutions fall short in many ways on delivering on the promise of true zero trust. In fact, they grant more access than is desired. What’s more, once access is granted in ZTNA 1.0 solutions, the connection is implicitly trusted forever, allowing a handy exploit route for sophisticated threats and/or malicious actions and behavior.” Grady also said, “It is time to embrace a new approach to ZTNA, one that has been designed from the ground up to meet the specific challenges of modern applications, threats, and a hybrid workforce.“
“Securing today’s hybrid workforce, with an increase in cloud and mobile technologies and evolving requirements, can be complicated,” said Jerry Chapman, engineering fellow, Optiv. “Rethinking Zero Trust is essential for modern, hybrid organizations to prevent threats. Together with Palo Alto Networks, we’re advising our customers to incorporate ZTNA 2.0 principles like a continuous review of identity and connection across their domains to stay secure.”
Prisma® Access, is the first to meet ZTNA 2.0 requirements
Palo Alto Networks Prisma Access is the industry’s only solution that meets today’s ZTNA 2.0 requirements. Prisma Access protects all application traffic with best-in-class capabilities while securing both access and data.
“Largely traditional industries such as banking, retail, and government have had to accelerate their digital transformation journey to keep pace with the radical shift to hybrid working. And now that more Filipino companies are beginning to understand the threats that these cyberattacks pose to the hybrid work setup, Palo Alto Networks will continue to provide and develop technologies like this that would keep employees safe in and out of the office,” said Oscar Visaya, Philippine Country Manager at Palo Alto Networks.
New additions to Prisma Access announced today to add the following capabilities:
- ZTNA connector — simplifies the process of onboarding cloud-native and traditional applications into the service, helping make ZTNA 2.0 easier to deploy and more secure.
- The industry’s only unified SASE product — providing a common policy framework and data model for all SASE capabilities, managed from a single cloud management console.
- Self-serve autonomous digital experience management (ADEM) — helps proactively notify users of issues that require prompt attention and provides them with guidance on how to remediate them.
Prisma Access is generally available today with full support for ZTNA 2.0. The new ZTNA connector, unified SASE, and self-service ADEM will be available in the next 90 days.
About Palo Alto Networks
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. Our mission is to be the cybersecurity partner of choice, protecting our digital way of life. We help address the world’s greatest security challenges with continuous innovation that seizes the latest breakthroughs in artificial intelligence, analytics, automation, and orchestration. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. Our vision is a world where each day is safer and more secure than the one before. For more information, visit www.paloaltonetworks.com.
Palo Alto Networks, Prisma, and the Palo Alto Networks logo are registered trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names, or service marks used or mentioned herein belong to their respective owners.
This release contains forward-looking statements that involve risks and uncertainties, including regarding the benefits or potential benefits to customers of our products. These forward-looking statements are not guarantees of future performance, and actual results, developments, and business decisions may differ from those envisaged by such forward-looking statements. We identify the principal risks and uncertainties that affect our performance in our Annual Report on Form 10-K, filed on September 3, 2021, and our other filings with the U.S. Securities and Exchange Commission, which are available on our website at investors.paloaltonetworks.com and on the SEC’s website at www.sec.gov. All forward-looking statements in this release are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made.