Palo Alto Networks calls on cybersecurity industry to adopt ZTNA 2.0

First-gen ZTNA solutions have major gaps in security protection and can put organizations at significant risk.

Palo Alto Networks has urged the industry to move to Zero Trust Network Access 2.0 (ZTNA 2.0) — the foundation for a new era of secure access. ZTNA was developed as a replacement for virtual private networks (VPNs) when it became clear that most VPNs did not adequately scale and were overly permissive, but the first-generation ZTNA products (ZTNA 1.0) are too trusting and can put customers at significant risk. ZTNA 2.0 solves these problems by removing implicit trust to help ensure organizations are properly secured.



“This is a critical time for cybersecurity. We are in an era of unprecedented cyberattacks, and the past two years have dramatically changed work — for many, work is now an activity, not a place. This means that securing employees and the applications they need is both harder and more important,” said Nir Zuk, founder and chief technology officer at Palo Alto Networks. “Zero trust has been embraced as the solution — and it is absolutely the right approach! Unfortunately, not every solution with Zero Trust in its name can be trusted. ZTNA 1.0 — for example — falls short.”



For modern organizations where hybrid work and distributed applications are the norm, ZTNA 1.0 has several limitations. It is overly permissive in granting access to applications because it can’t control access to sub-applications or particular functions. Additionally, there is no ability to monitor changes in user, application or device behavior, and it can’t detect or prevent malware or lateral movement across connections. ZTNA 1.0 also cannot protect all enterprise data.



ZTNA 2.0-capable products, such as Palo Alto Networks Prisma® Access, help organizations meet the security challenges of modern applications, threats and the hybrid workforce. ZTNA 2.0 incorporates the following key principles:


Least-privileged access — enables precise access control at the application and sub-application levels, independent of network constructs like IP addresses and port numbers.

Continuous trust verification — after access to an application is granted, continuous trust assessment is ongoing based on changes in device posture, user behavior and application behavior.

Continuous security inspection — uses deep and ongoing inspection of all application traffic, even for allowed connections to help prevent threats, including zero-day threats.

Protection of all data — provides consistent control of data across all applications, including private applications and SaaS applications, with a single data loss prevention (DLP) policy.

Security for all applications — consistently secures all types of applications used across the enterprise, including modern cloud native applications, legacy private applications and SaaS applications.


In a new report, John Grady, ESG senior analyst, said: “[F]irst-generation/ZTNA 1.0 solutions fall short in many ways on delivering on the promise of true zero trust. In fact, they grant more access than is desired. What’s more, once access is granted in ZTNA 1.0 solutions, the connection is implicitly trusted forever, allowing a handy exploit route for sophisticated threats and/or malicious actions and behavior.” Grady also said, “It is time to embrace a new approach to ZTNA, one that has been designed from the ground up to meet the specific challenges of modern applications, threats, and a hybrid workforce.“



“Securing today’s hybrid workforce, with an increase in cloud and mobile technologies and evolving requirements can be complicated,” said Jerry Chapman, Engineering Fellow, Optiv. “Rethinking Zero Trust is essential for modern, hybrid organizations to prevent threats. Together with Palo Alto Networks, we’re advising our customers to incorporate ZTNA 2.0 principles like continuous review of identity and connection across their domains to stay secure.”

A new report from the Capgemini Research Institute finds that 51% of industrial organizations believe that the number of cyberattacks on smart factories is likely to increase over the next 12 months. Yet nearly half (47%) of manufacturers say cybersecurity in their smart factories is not a C-level concern. According to the Capgemini report, ‘Smart & Secure: Why smart factories need to prioritize cybersecurity’, few manufacturers have mature practices across the critical pillars of cybersecurity. The connected nature of smart factories is exponentially increasing the risks of attacks in the Intelligent Industry era.
New research reveals majority of large businesses can’t replace unsupported hardware, leaving potential vulnerabilities exposed.
With an unprecedented number of employees now working in hybrid or fully remote environments, compounded by an increase in cyber threats and a more overwhelmed, COVID-19 information fatigued workforce, there has never been a more critical time to effectively create and maintain a cyber-secure workforce and an engaged security culture.
Arcserve has published the first in a series of findings of its annual independent global research study on current experiences and attitudes of IT decision-makers (ITDMs) around data protection and recovery. Key findings from the research show that ransomware attacks continue to impact organisations worldwide with high costs, but they are still largely unprepared. With 50% of respondents targeted with ransomware attacks, the research indicates the critical need for companies to take a new approach to data resilience that fortifies disaster recovery strategies, backup systems, and immutable storage solutions to prevent the loss of mission-critical data.
A survey of WAN managers has revealed that multi-factor authentication and single sign-on are the top zero trust features implemented.
New research shows Log4Shell detections tripled, PowerShell scripts heavily influenced a surge in endpoint attacks, the Emotet botnet came back in a big way and malicious cryptomining activity increased.
Enterprise security solution underpinned by Versa SASE.
Hibernian FC is delighted to announce an innovative multi-year partnership with Acronis, the global leader in cyber protection, and Dunedin IT, one of Scotland's most trusted and experienced technology and connectivity providers providing end-to-end services.