Scribd Logo
Upload

Welcome to Scribd!

  • ZTNA

    Uploaded by

    tejureddy779.r
    9 views24 pages

    Original Title

    ZTNA PPT

    Copyright

    © © All Rights Reserved

    Available Formats

    PPSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PPSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    9 views24 pages

    ZTNA

    Uploaded by

    tejureddy779.r

    Copyright:

    © All Rights Reserved
    Download as PPSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 24

    Zero Trust Network Access: “Unlocking the core principals of Skyhigh

    private access“

    May 2023
    Komal Grover
    Professional services consultant
    Hybrid Work Model: Changing the Security
    Landscape
    • Remote and hybrid work scenarios are transforming the
    workplace.
    • IT security must change to meet the needs of this new
    reality.

    • Traditional security can lead to:


    • Bypassing on-premises security
    • Malware intrusion
    • Data loss

    2
    VPN as a Security Target

    57% 2000%
    of cyberattacks occurred increase in VPN attacks as
    while using a VPN 4 companies embrace a hybrid
    workplace 5

    3
    4
    Forbes, Business VPN Users Safety, March 6, 2023
    5
    Help Net Security, VPN Attacks Up, June 15, 2021
    VPN Access Limitations

    VPN
    Implicit trust
    Network-level access
    No contextual access
    No content-malware
    inspection
    Unscalable and no support for
    BYOD

    4
    4
    The Era of Zero Trust

    • Zero Trust is the term for an evolving set of cybersecurity


    paradigms that move defenses from static, network-based
    perimeters to focus on users, assets, and resources.

    • A Zero Trust Architecture uses zero trust principles—

    ZERO
    including “never trust, always verify”—to plan industrial
    and enterprise infrastructure and workflows.

    TRUST • 60% of organizations will embrace Zero Trust as a starting


    point for security by 2025.

    5
    8
    Gartner Unveils the Top Eight Cybersecurity Predictions, June 21, 2022
    ZTNA: How It Works

    6
    6
    Introducing Skyhigh Private
    Access

    7
    Skyhigh Private Access

    Client based access

    Clientless access

    8
    Data-Aware ZTNA

    More Private Apps Outside Adhere to Zero Trust


    the Datacenter Principles
    Scalable Cloud Capacity

    • Skyhigh service provides infinite • No backhauling. Remote users • Tailored access policies (Identity,
    scalability connect to the applications hosted application, context and dynamic
    • No on-prem appliances in public cloud from our global device posture)
    • Reduce MPLS-costs network of PoPs • Secures the data flow using RBI,
    • User connects to the nearest PoP, • Low latency DLP and Advanced Threat
    to improve user experience • The private applications are protection
    • Allows access with an agent or invisible to internet • Access to individual resources is
    agentless granted on a per-session basis
    Gain Visibility About How Data Is Used – The Ideal use cases

    Skyhigh Private Access provides: Secure access for managed and unmanaged devices Unified policy across
    web, SaaS, and private applications from a fully converged platform managed by a single console.

    Integrated Data Loss Prevention (DLP) scanning and seamless Remote Browser Isolation (RBI) integration
    for robust data protection.

    Antimalware scanning and emulation-based sandboxing to prevent malware from being uploaded to private
    apps

    Provides auto discovery and application access visibility that helps to identify applications accessed by a
    user/set of users to provide granularity in the application access.

    10
    Understanding the
    architecture

    11
    Private access architecture
    Distributed Routing Table

    Internet Internet Connector 1

    Encrypted Tunnel Encrypted Tunnel

    Intranet

    Geo1 – PoP1 Geo2 – PoP2

    Internet
    En

    Engg App
    cr

    Connectivity HR App
    yp

    hr.acme.com engg.acme.com
    te

    Options
    d
    Tu
    n ne
    l

    Internet Connector 2

    Encrypted Tunnel Intranet


    End User
    Device

    Geo3 – PoP3

    HR App Mfg App


    hr.acme.com mfg.acme.com
    Private Access Workflow
    Customer IaaS environment

    Manage Connectors Marketing App


    Connector Group <> Application mkt.skyhigh.com
    PA
    Connector 1
    App List
    Device Info K8S Container
    TCP, RDP, SSH, HTTPs
    Application
    Customer Corporate Net – Site 1

    HR App
    Client-initiated
    hr.skyhigh.com
    Secure Channel

    SWG DLP RBI Malware Private Access


    (ZTNA) PA Engineering App
    Skyhigh & GTI
    Connector 2 eng.skyhigh.com
    Client Proxy

    Connector-initiated
    Secure Channel
    Customer Corporate Net – Site 2
    hr.skyhigh.com

    SCP checks if this is a HR App


    PA application hr.skyhigh.com

    C1234567890.wgcs.skyhighcloud Connector 2/3 PA Marketing App


    Connector 3 mark.skyhigh.com
    Skyhigh cloud
    configuration for Private
    access

    14
    Ease of Installation: Connector Installation Script

    Connector installation
    • Download the PoP package
    • extract the package to get the
    installation script : infra.sh
    • Run the script with the
    required parameters

    15
    Getting the provisioning key

    16
    Status of the deployed connectors

    17
    Creating an applications for managed and unmanaged devices

    18
    Creating access policies

    19
    Smooth SAML integration with all IDPs

    20
    Web Security ZTNA RBI CASB Network Security UBA Central Management
    Enabling Remote
    Working

    Use case: Access to SSE (Landing Portal)

    21
    22
    Private access analytics

    23
    Thank You!

    www.skyhighsecurity.com

    You might also like