Announcing TEG 1.2—Enterprise support and FedRAMP-ready FIPS builds for Envoy Gateway 1.2

Learn more › close
Tetrate Enterprise ready service mesh
Get Demo
Pricing
Home

|

Learning Center

|

Zero Trust Network Access (ZTNA)

Zero Trust Network Access (ZTNA)

Service Mesh Observability

Zero Trust Network Access (ZTNA) is the application of Zero Trust guidelines and policies to network security. It follows the “trust no one ” protocol when granting network access and requires users to go through different levels of verification. Companies that implement ZTNA experience higher levels of security than those still reliant on traditional perimeter network security.

Zero Trust Network Access involves the following principles:

  1. Identity-Based Access: Access to network resources is based on user identity rather than relying solely on network location. Users must authenticate themselves and be authorized before gaining access to specific resources.
  2. Microsegmentation: The network is divided into smaller segments or microsegments using techniques such as virtual LANs (VLANs), software-defined networking (SDN), or network overlays. This isolation helps contain potential breaches and restricts lateral movement within the network.
  3. Secure Access Brokers: Secure Access Brokers (SABs) act as intermediaries between users and network resources. They provide a secure and authenticated connection, enforcing access policies and verifying user identities.
  4. Least Privilege: Users and devices are granted the minimum level of access necessary to perform their tasks. Access rights are based on the principle of least privilege, reducing the attack surface and limiting potential damage in case of a security breach.
  5. Multi-Factor Authentication (MFA): Strong authentication mechanisms, such as two-factor or multi-factor authentication, are used to verify user identities. This adds an extra layer of security beyond passwords alone.
  6. Continuous Monitoring and Analytics: Network traffic, user behavior, and device health are continuously monitored to detect anomalies and potential security incidents. Advanced analytics and machine learning techniques can identify suspicious activities and trigger appropriate responses.
  7. Encryption and Zero Trust Network Segments: All network traffic, whether it’s within the organization’s network or across public networks, is encrypted to ensure confidentiality and integrity. Zero Trust network segments provide a secure overlay network for trusted communication between microsegments.
  8. Dynamic Policy Enforcement: Access policies are dynamically enforced based on real-time evaluation of user identities, device health, and contextual information. Policies can be adjusted dynamically as per changing circumstances.

Tetrate’s Zero Trust Network Access solution provides edge-to-workload security, agility and observability for all applications and APIs.