{"id":162432,"date":"2022-06-01T06:00:02","date_gmt":"2022-06-01T13:00:02","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=162432"},"modified":"2022-06-15T16:24:01","modified_gmt":"2022-06-15T23:24:01","slug":"security-inspection-problem","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2022\/06\/security-inspection-problem\/","title":{"rendered":"ZTNA 1.0\u2019s Security Inspection Problem"},"content":{"rendered":"<h1><a id=\"post-162432-_v8b3cp7bycli\"><\/a>ZTNA 2.0 Provides Deep and Ongoing Security Inspection<\/h1>\n<p><em>This is part 3 of \u201c<\/em><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/tag\/ztna-straight-talk\/\"><em>ZTNA Straight Talk,<\/em><\/a><em>\u201d a 5-part series where we take a closer look at the five tenets of ZTNA 2.0, the new standard for securing access.<\/em><\/p>\n<p>The rapid move to hybrid work, brought about by the pandemic, drove the adoption of <a href=\"https:\/\/www.paloaltonetworks.com\/cyberpedia\/what-is-zero-trust-network-access-ztna.html\">ZTNA<\/a> as a new way to securely connect users with the applications that they need to get work done from anywhere. However, as I <a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2022\/05\/allow-and-ignore-model-is-a-recipe-for-disaster\/\">discussed previously<\/a>, initial implementations of ZTNA have been deeply flawed.<\/p>\n<p>In my previous post, I talked about how the ZTNA 1.0 concept of \u201c<a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2022\/05\/allow-and-ignore-model-is-a-recipe-for-disaster\/\">allow and ignore<\/a>\u201d is a recipe for disaster. This concept maintains that once a connection is established, all user and device behavior for that session is trusted implicitly and goes unchecked. Unfortunately, there is another limitation with the \u201callow and ignore\u201d approach \u2013 it prohibits security inspection of the traffic.<\/p>\n<h2><a id=\"post-162432-_ojtwzqhgjavy\"><\/a>ZTNA 1.0 Lacks Security Inspection<\/h2>\n<p>Because the \u201callow and ignore\u201d model lacks security inspection, there is no means for a ZTNA 1 .0 solution to detect any malicious or other compromised traffic and respond accordingly. This means there are no in-line controls to expose and inspect the traffic payload and determine if anything malicious or unknown is being introduced. Likewise, there is no mechanism to take action by blocking traffic, terminating the session, or reporting anything unusual, at the very least.<\/p>\n<p>This turns ZTNA 1.0 into a \u201csecurity-through-obscurity-only\u201d approach, which further puts organizations, their users, apps and data at risk of malware, compromised devices and malicious traffic.<\/p>\n<h2><a id=\"post-162432-_xks9vzgkypp5\"><\/a>ZTNA 2.0 Includes Continuous Security Inspection<\/h2>\n<div style=\"position: relative; display: block; max-width: 100%;\">\n<div style=\"padding-top: 56.25%;\"><iframe style=\"position: absolute; top: 0px; right: 0px; bottom: 0px; left: 0px; width: 100%; height: 100%;\" src=\"https:\/\/players.brightcove.net\/1050259881001\/default_default\/index.html?videoId=6306873792112\" allowfullscreen=\"allowfullscreen\" allow=\"encrypted-media\"><\/iframe><\/div>\n<\/div>\n<p><a href=\"https:\/\/www.paloaltonetworks.com\/cyberpedia\/what-is-zero-trust-network-access-2-0\">ZTNA 2.0<\/a>, delivered by <a href=\"https:\/\/www.paloaltonetworks.com\/sase\/access\">Prisma Access<\/a>, provides deep and ongoing inspection of all traffic, to prevent all threats, including zero-day threats. This is especially important in scenarios where legitimate user credentials have been stolen and used to launch attacks against applications or infrastructure. ZTNA 2.0 offers complete protections that safeguard against even the most sophisticated threats, including WildFire sandboxing, Advanced URL Filtering, threat prevention, SaaS security, DNS security and more.<\/p>\n<p>With our AI and ML-powered threat prevention technologies, we stop 95% of zero-day threats inline. This means you don\u2019t need a first victim or have to wait for signatures to be updated to be protected \u2013 your environment is instantly protected.<\/p>\n<p>The combination of continuous trust verification and continuous security inspection is a powerful model for delivering better security for today\u2019s hybrid workforces and overcoming some of the shortcomings of ZTNA 1.0 solutions.<\/p>\n<h2><a id=\"post-162432-_ouj86h526m7d\"><\/a>ZTNA 2.0 Is Zero Trust with Zero Exceptions<\/h2>\n<p>Pursuing a true Zero Trust posture is a journey, and ensuring that security inspection is conducted in a robust and consistent manner is an important step. That\u2019s why continuous security inspection is an important component of ZTNA 2.0.<\/p>\n<p><a href=\"https:\/\/start.paloaltonetworks.com\/zero-trust-with-zero-exceptions\">Watch our ZTNA 2.0 launch event<\/a>, where we\u2019ll discuss innovations and best practices for securing the hybrid workforce with ZTNA 2.0. Stay tuned for next week\u2019s <a href=\"https:\/\/www.paloaltonetworks.com\/blog\/tag\/ztna-straight-talk\/\">Palo Alto Networks blog<\/a>, where I\u2019ll discuss the third principle of ZTNA 2.0.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Once a connection is established, ZTNA 1.0 solutions trust the active session implicitly, performing no additional security inspection. <\/p>\n","protected":false},"author":723,"featured_media":162433,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6717],"tags":[73,7135,8529,8541],"coauthors":[7209],"class_list":["post-162432","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-products-and-services","tag-zero-trust","tag-ztna","tag-ztna-2-0","tag-ztna-straight-talk","sase_category-cloud-delivered-security","sase_category-mobile-users","sase_category-product-features"],"jetpack_featured_media_url":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2022\/05\/Woman-Looking-at-Phone.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/162432","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/723"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=162432"}],"version-history":[{"count":4,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/162432\/revisions"}],"predecessor-version":[{"id":163685,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/162432\/revisions\/163685"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/162433"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=162432"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=162432"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=162432"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=162432"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}