Story image

Enterprises look to zero trust network access to thwart VPN attacks

08 Nov 2019

An increase in the number of vitual private network (VPN) attacks is causing businesses to shift towards a new model of network security: Zero Trust Network Access.

According to a report from Zscaler and Cybersecurity Insiders, 78% of the 315 polled IT and security professionals plan to implement Zero Trust Network Access (ZTNA) at some time in the future; 59% plan to implement it in the next 12 months, and 15% have already implemented done so.

Zscaler explains that ZTNA services are built to ensure that only authorised users can access specific applications based on business policies. Unlike VPNs, users are never placed on the network and apps are never exposed to the internet. According to the company, this creates a zero attack surface, protecting the business from threats like the recent wave of malware and successful VPN attacks.

Two-thirds of polled IT security professionals (66%) say they are most excited about zero trust’s ability to deliver least privilege access to protect private apps. This is followed by apps no longer being exposed to unauthorized users or the Internet (55%), and access to private apps no longer requiring network access (44%).

Zscaler CIO Patrick Foxhoven comments that state-sponsored groups exploit known flaws in VPNs, which means organisations need to reduce their attack surface. They can do this by rethinking how they secure and provide access to their apps in a cloud and mobile-first world.

The report found that 53% of respondents believe their current security technology can mitigate their risk even though legacy technologies directly connect users to the network - expanding the attack surface.

“Though it is encouraging to see so many organisations are pursuing ZTNA to close gaps created by VPNs, I am surprised that more than half of those surveyed believe their current infrastructure is reliable enough to protect the enterprise,” Foxhoven continues.

The highest security priority for application access is privileged account management of users and multi-factor authentication (68%). This is followed by detection of, and response to, anomalous activity (61%) and securing access from personal, unmanaged devices (57%).

Additionally, 61% of organisations are concerned about partners with weak security practices accessing internal applications, despite their own internally weak security practices.

Furthermore, BYOD is still an IT security reality in 2019 as 57% of organisations are prioritizing secure access from personal, unmanaged devices.

The 2019 Zero Trust Adoption report surveyed 315 IT and cybersecurity professionals across multiple industries.

Story image
09 Dec
New security distributor launches in A/NZ
Started by veteran channel leader, Paul Lim, industry experts Ben Minski and Bill Gatsios will work alongside Paul in spearheading the business.More
Story image
26 Dec
Citrix flaw puts 80,000 companies at risk
"Considering the high risk brought by the discovered vulnerability, and how widespread Citrix software is in the business community, we recommend information security professionals take immediate steps to mitigate the threat."More
Story image
13 Dec
Blink XT2 surveillance cams patched after 'severe' vulnerabilities found
If exploited, the vulnerabilities could give attackers full control of an affected device, allowing them to remotely view camera footage, listen to audio output and hijack the device for use in a botnet.More
Story image
16 Dec
Equifax breach vulnerability surfaces as top network attack in Q3 2019
WatchGuard’s latest Internet Security Report also reveals significant increases in malware and network attacks, as zero day malware accounts for 50% of all detections.More
Story image
18 Dec
Sophos extends MSP program in the name of advancing enterprise security
Sophos has extended its managed service provider (MSP) program to make it easier for MSPs to deploy, manage and sell the Sophos product portfolio.More
Story image
01 Jan
Endace expands channel partners globally, experiences significant growth
Endace has announced global growth in the packet capture market, and the importance of packet capture as a key source of data for network security, is contributing to significant growth of the company.More