Powering Next Generation MSPs

Todyl unites networking and security into a single cloud platform trusted by MSPs and MSSPs around the world

Unpacking the Secure Global Network Cloud Platform: ZeroTrust Strategy and Capabilities

Zach Dressander
Posted by Zach Dressander on Nov 28, 2021 10:43:51 AM

This is the second in a series of blogs that will explain each part of our platform in detail.

From inception, we built the Secure Global NetworkTM (SGN) Cloud Platform based on the principles of ZeroTrust. We uniquely implement ZeroTrust at the LAN, WAN, and within the SGN through a multi-layered approach that we unpack in more detail below. Throughout all our features and capabilities, ZeroTrust is incorporated to continuously verify users and devices, limit user access to only necessary resources, and reduce the attack surface area. 

The SGN Cloud Platform covers all four ZeroTrust principles as defined by Forrester:

    1. 1. Assume every network is hostile
    2. 2. Create an invisible network to operate in
    3. 3. Segment and isolate users and applications
    4. 4. Deemphasize the physical network and perimeter, implement security everywhere

The philosophy behind ZeroTrust, in short, is “Never Trust, Always Verify.” ZeroTrust in and of itself is not a technology, product, or tool. It’s a culture shift and a strategy where you eliminate implicit trust from your network, assume every connection starts from an unknown and potentially hostile device, segment employees, and limit access to only the data and systems that employees need to do their job. ZeroTrust addresses the challenges stemming from modern, distributed, and hyper-connected infrastructures.

What Can you Accomplish with Todyl’s ZeroTrust Features and Capabilities?

The SGN Cloud Platform has two primary ZeroTrust capabilities: ZeroTrust Network Access (ZTNA) and LAN ZeroTrust (LZT). We explain each of these in detail below along with the associated security benefits and use cases.

ZTNA is a core component of our Secure Access Service Edge (SASE) solution. ZTNA, as opposed to legacy solutions like firewalls or VPNs, provides secure access to applications and other resources. It leverages a deny by default design and integrates with identity to allow a user to only access specific applications or services. User identities determine which applications or services they can access. ZTNA prevents access from unverified devices and prevents lateral movement to other devices or systems on the network.

There are several different use cases with our ZTNA, including:

    • VPN Replacement: VPNs are notoriously slow, easy for threat actors to circumvent, and challenging to manage.
    • Securing Access to Resources: As companies become more distributed and networks become more fragmented, ZTNA delivers granular access control at scale.
    • Mitigating Third-Party Risk: Contractors and other third parties often have more access to systems than they should, leading to significant security risks. ZTNA's deny by default prevents unauthorized access. 

To provide more comprehensive security, we also developed LZT. LZT is a unique prevention and isolation technology for your internal networks. Essentially, LZT is a firewall for the LAN.

In a typical setup, networks assume devices connected internally behind a firewall are safe and allow traffic to flow freely. Ransomware and other cyberattacks bank on this assumption. Threat actors aim to infect one device and then spread laterally across the entire LAN to lock down and encrypt everything.

Our LZT reduces lateral movement with granular segmentation of internal networks. The capabilities enable you to:

    • Segment Internal Networks: You can easily segment your internal network without overhauling your architecture, VLANs, or other complex solutions. Devices on the LAN are isolated from each other, meaning they cannot communicate or see each other. Employees working from home, co-working spaces, hotels, coffee shops, and everywhere else are invisible on that network. LZT policies also leverage multi-factor authentication (MFA) capabilities. With MFA, you can better meet compliance requirements. Combining MFA with our LZT also empowers our partners to develop sophisticated configurations where a user needs to MFA before a device can access the LAN. 
    • Conditional Access to Sensitive Resources: You can add another layer of protection for sensitive applications and services by requiring users to authenticate to access them. After authenticating, they can only access that specific asset and nothing else.
    • Rapid Lockdown During a Cyber Incident: With LZT, you can rapidly lock down your entire LAN during a cyber incident. With the touch of a button, all communications on the LAN stop, instantly quarantining the infected device before it spreads.

In this blog, we focused on our ZeroTrust features and capabilities. ZeroTrust, including ZTNA, is a core component of our SASE solution. We have several other capabilities such as our Security Information & Event Management (SIEM) and Governance Risk & Compliance (GRC) modules that empower you to do even more. If you’d like to learn more about ZeroTrust, or any other modules, you can schedule a meeting with us here.

Topics: Use Cases, ZeroTrust

Subscribe

Trending Posts