Cyber Defense eMagazine September Edition for 2022 #CDM
#CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
#CYBERDEFENSEMAG @CyberDefenseMag by @Miliefsky a world-renowned cyber security expert and the Publisher of Cyber Defense Magazine as part of the Cyber Defense Media Group as well as Yan Ross, Editor-in-Chief and many more writers, partners and supporters who make this an awesome publication! Thank you all and to our readers! OSINT ROCKS! #CDM #CDMG #OSINT #CYBERSECURITY #INFOSEC #BEST #PRACTICES #TIPS #TECHNIQUES
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
SSL VPNs are available as stand-alone appliances, as part of next-gen firewalls (NGFWs) and other<br />
security products like Hillstone Networks’ solutions, and as cloud services. Early in the pandemic, when<br />
governments attempted to lock down their populations to prevent the spread of COVID-19, many<br />
corporate IT teams turned to SSL VPNs to support workers who suddenly needed to work from home.<br />
Now, however, the distributed work<strong>for</strong>ce has become a reality rather than a phenomenon, and the need<br />
to support remote workers in large numbers has brought certain issues and limitations of SSL VPN to the<br />
<strong>for</strong>e, including:<br />
Common Vulnerabilities: Over the years, numerous vulnerabilities in enterprise-class VPNs have become<br />
apparent, raising red flags <strong>for</strong> many cybersecurity professionals. In 2021, <strong>for</strong> example, multiple U.S.<br />
federal civilian organizations faced the potential of data breaches via the Pulse Connect Secure VPN<br />
vulnerability. Two years earlier, in response to active exploitations of certain VPNs, the U.S. National<br />
Security Agency issued an advisory.<br />
Licensing Costs and Expansion Limitations: Usually, commercial SSL VPNs are licensed per-user and<br />
per-capacity, meaning that scaling to support additional remote workers can be expensive both in<br />
purchase of licenses as well as in IT staff labor. Physical SSL VPN appliances might also require the<br />
purchase of additional modules in order to expand capacity.<br />
User Authentication: Visibility into users and devices that are connected to the network is one of the<br />
bedrock principles of cybersecurity. A typical enterprise VPN will per<strong>for</strong>m authentication just once, on<br />
initial login and set-up of the VPN tunnel, and then access is granted <strong>for</strong> all the network resources <strong>for</strong><br />
which the user is pre-approved. This can create a security risk if, <strong>for</strong> example, user credentials are stolen<br />
by an attacker.<br />
As mentioned, SSL VPNs are in broad use; the market in 2021 was estimated at nearly $5b USD. There’s<br />
a cost connected with a <strong>for</strong>klift upgrade to a new secure remote access technology, but with the issues<br />
and concerns raised above, many security teams are considering ZTNA as another option.<br />
ZTNA: Basic Definition<br />
At its most basic, the mantra of ZTNA is ‘never trust, always verify.’ To expand upon that, ZTNA is<br />
intended to abolish absolute trust of devices and users and to allow only the minimum access and<br />
authorization based on user role, position or other factor. Under ZTNA, authentication is constant and<br />
ongoing – a change in the user’s or device’s security posture can result in revocation of access, <strong>for</strong><br />
example. If it’s executed well, ZTNA can deliver extremely fine-grained visibility and control with improved<br />
scalability, flexibility and reliability.<br />
From a technological viewpoint, ZTNA employs a user-to-application approach, rather than the traditional<br />
network-centric focus, which completely inverts the concept of authentication. With ZTNA, users and<br />
devices are examined at a deeper level – encompassing identity as well as the context of network and<br />
application resources being requested.<br />
<strong>Cyber</strong> <strong>Defense</strong> <strong>eMagazine</strong> – <strong>September</strong> <strong>2022</strong> <strong>Edition</strong> 155<br />
Copyright © <strong>2022</strong>, <strong>Cyber</strong> <strong>Defense</strong> Magazine. All rights reserved worldwide.