1. Home
  2. >
  3. Security
  4. >
  5. ZTNA (Zero Trust Network Access)

ZTNA

ACCURATE, DETAILED INSIGHTS TO RAISE EFFECTIVENESS OF ZERO TRUST NETWORK ACCESS

The Zero Trust Network Access (ZTNA) model is the cornerstone of SSE (Security Service Edge) and SASE solutions. It provides a flexible and convenient complement to (or replacement for) VPNs while strengthening overall network security. Embedding Enea Qosmos Next Generation Deep Packet Inspection (DPI) software in ZTNA provides the accurate, detailed application classification and contextual metadata required to more safely authenticate users and continuously assess their trustworthiness.

ENEA QOSMOS TECHNOLOGY: THE DATA FOUNDATION FOR ZTNA

Detect subtle authentication red flags with Enea Qosmos Technology

Enables detection of subtle authentication red flags

Safely breakout trustworthy traffic with Enea Qosmos Technology

Boosts accuracy in trusted-traffic breakout

Achieve fine-grained micro-segmentation with Enea Qosmos Technology

Supports fine-grained micro-segmentation

Rapidly detect sophisticated breaches with Enea Qosmos Technology

Improves detection of sophisticated breaches

Enea Qosmos Next Generation Deep Packet Inspection plays a key role in ZTNA, delivering the granular visibility required for rapid, secure and accurate access to private applications (on- or offsite) for unmanaged & managed devices.

Advanced first packet processing allows instantaneous breakout of on-premise traffic to the right SASE/SSE pillar: ZTNA, SWG or CASB. Real-time traffic analysis optimizes monitoring activities and immediately alerts the ZTNA solution to potential breaches allowing rerouting or traffic blocking. It also allows identification of evasive and anomalous traffic, making it easier to detect spoofing attacks, and to identify rogue private applications and devices in shadow IT. Ultra-reliable traffic classification, metadata and threat indicators support advanced micro-segmentation and fine-grained traffic handling rules.

ZTNA Components

THE ROLE OF ENEA QOSMOS TECHNOLOGY IN ZTNA FUNCTIONS

  • Identity-Based Authentication: In ZTNA, users (people, devices, apps, etc.) are authenticated using an identity-based schema that takes context into account. Enea’s Qosmos ixEngine® supports this process by providing telemetry-based profiles of devices, key location and time data, and identification of private applications and services. This telemetry-based data makes it easier to detect spoofing attacks, and to identify rogue private applications and devices in shadow IT.

    In the case of on-premise ZTNA authentication, Qosmos ixEngine’s unique first packet processing supports safe, instantaneous breakout of traffic to the right SASE/SSE pillar: ZTNA, SWG or CASB.
  • Segmentation: The data gathered in the trust evaluation process is used to support network segmentation, which provides least-privileged access to the target resource. Qosmos ixEngine provides ultra-reliable traffic classification, metadata and threat indicators to support advanced micro-segmentation and fine-grained traffic handling rules.
  • Continuous Trust Evaluation: In ZTNA, trust is never granted permanently; it must be continuously earned. This is handled through continuous monitoring supported by Qosmos ixEngine, which provides real-time traffic analysis that includes the identification of evasive and anomalous traffic.
  • Adaptive Access Control: If Enea Qosmos-powered monitoring indicates a potential breach, the ZTNA solution can invoke the necessary access controls, such as rerouting or traffic blocking.

DEPLOYMENT AGILITY

  • Deploy as an SDK, CNF, VNF (Qosmos ixEngine) or Software Sensor (Qosmos Probe) to adapt to continuously evolving network environments.
  • Gain the speed and flexibility needed to secure and manage forthcoming 5G mobile networks.

INDUSTRY RECOGNITION

Qosmos ixEngine wins Gold in the 2022 Cybersecurity Excellence Awards
Qosmos ixEngine wins the Editor’s Choice award for Embedded Security in the Global InfoSec Awards for 2021
Qosmos ixEngine: Next-Generation Deep Packet Inspection (DPI) for Maximum Traffic Visibility
How SSE Leaders Use Next Generation DPI for Market Success
Improve Suricata’s Ability to Detect Threats in Evolving Networks with Enea Qosmos Traffic Intelligence
DPI & Traffic Classification for SASE