The Top 10 Zero Trust Security Solutions

Duo Beyond Features

Duo Beyond offers two major features: Trusted Endpoints and Duo Network Gateway. With trusted endpoints, you can define and manage devices connecting to your company accounts, and grant secure access with device certificate verification policies. Trusted, managed devices can be classed as safe with a Duo certificate, and are then allowed to gain access to sensitive accounts. Unmanaged endpoints without the certificate in place can be blocked from accessing applications according to admin policies. These can be configured at a group or user level.

The Duo Network Gateway allows users to securely access internal web applications using any device or browser, from any network in the world, without having to use remote access software or VPNs. Duo uses MFA to authenticate user access, and provides granular access control per application, SSH servers and user groups, so you can fine tune the security processes for each application.

Alongside Trusted Endpoints and the Network Gateway, Duo provides Trust Monitor, Single Sign-On, Directory Sync and more. Cisco recently announced Duo’s passwordless authentication capabilities would be added to its Zero Trust platform.

Duo Beyond Deployment

Deploying Duo requires that the Duo certificate is present on your organization’s trusted devices. This can be achieved through the Duo mobile app, integrations with Active Directory Domain Services, AirWatch, Cisco MSP, Cisco Meraki, and a range of other applications.

Duo Beyond Summary

Duo Beyond is a powerful tool for authenticating and managing user access – a central component of any strong Zero Trust Security solution. Duo Beyond is fully integrated into Cisco’s existing Zero Trust security portfolio, and the solution provides granular access controls for admins. Customers also report that the user interface is intuitive and easy to use, with powerful analytics and reporting available. Duo Beyond is a strong authentication solution for SMBs and enterprise customers to achieve Zero Trust security.

Akamai Intelligent Edge Platform Features

Akamai provides a range of Zero Trust security features. They provide scalable DDoS mitigation to defend against sophisticated website takedown requests, supported by a 24/7 security Operations Command Centre. Akamai also provides real-time threat detection and mitigation, to identify vulnerabilities and blind spots. Akamai goes beyond traditional endpoint protection, ensuring security for all internet-facing websites, apps and APIs – both on-premise and in the cloud.

Akamai helps to secure access to corporate applications though their Identity-Aware Access solution. This protects against unauthorized access and phishing attacks and provides improved visibility, scalability and intelligence. Akamai also provides protection against sophisticated bot attacks that can attempt to gain access to your company account with credential stuffing attacks. Akamai automates protection against bot attacks, using machine learning and threat intelligence.

Akamai Intelligent Edge Platform Deployment

The Intelligent Edge Platform is delivered fully through the cloud, providing centralized protection against web-based and identity threats. Akamai’s deployments are ‘high-speed’ and prioritize integrations with existing workflows. Akamai provides a range of integrations, including Failover Integrations, Sandbox Integrations and more, to help streamline the deployment process.

Summary

Akamai is a leader in Zero Trust solutions for enterprise organizations. In their Zero Trust wave, Forrester praises Akamai for its commitment to Zero Trust principles, and its strong Zero Trust features. Akamai provides powerful threat protection against identity and access management challenges, such as password cracking, DDoS and credential stuffing attacks. Akamai is popular with customers for its deployment processes and relative ease of use. Akamai is a strong solution for enterprise users looking to secure a range of applications and web services with Zero Trust security features.

Forcepoint Private Access Features

Private Access enables granular control over access to your enterprise applications, with enhanced visibility and threat protection. Admins are able to configure secure private access to internal applications for users, ensuring they can easily access accounts – but only the accounts they need to. This limits the risk of data breach from both from external and internal threat actors. Private Access also protects private apps and networks against threats with advanced intrusion protection technologies.

Private Access also provides enhanced visibility and control over who is accessing your private data, breaking down traffic volumes, per-user data, and threat protection in a seies of visual reports. You can also continuously monitor user access in real-time, with visibility into malicious behaviours and access. Private Access is an alternative to using VPN solutions for access to private apps, internal data centres and private clouds.

Forcepoint Private Access Deployment

Forcepoint Private Access is a cloud-based service, available as part of Forcepoint’s Data Advantage, Edge Advantage and Forcepoint Advantage solution packages. Forcepoint provides multiple deployment and purchasing options for their range of solutions, designed to meet the needs of a variety of mid- to large-sized enterprise requirements.

Summary

Private Access is part of Forcepoint’s ‘Zero Trust Security-as-a-service’ offering and so is built with many Zero Trust principles front and centre. It provides reduced risk against data breach by segmenting user access to private applications and provides much enhanced visibility and control for faster response to security breaches. Forcepoint removes the need for enterprises to use VPNs to secure private access, instead providing a more holistic security infrastructure that fits well with Forcepoint suite of security solutions, including email, endpoint and web protection.

Private Access is a strong solution for protecting a remote workforce, making it easy for remote users to access private applications without impacting on performance or productivity. Forcepoint also claims the solution will lower costs of securing access by reducing complexity and lowering support overheads. Private Access integrates with third-party single sign-on and browser isolation technologies to provide strong and effective access management and data protection. Forcepoint’s Zero Trust protection suite is a strong solution for enterprises looking to implement a Zero-Trust security.

Google BeyondCorp Enterprise Features

BeyondCorp provides a range of features to secure access to corporate applications, with integrated data and threat protection. Admins are able to configure risk-based access policies based on user identity, device health and other contextual factors to ensure that only authorized users can gain access to corporate applications, virtual machines and Google APIs. Google also provides data loss protection, with anti-malware and phishing protection built into the Chrome browser and automated alerts for IT admins.

BeyondCorp provides a range of integrations from leading cybersecurity vendors for greater control and visibility into your network. Google’s solutions are highly scalable, and BeyondCorp also provides integrated protection against DDoS attacks.

Google BeyondCorp Enterprise Deployment

BeyondCorp enterprise is delivered entirely via the cloud and requires no agents to deploy.  BeyondCorp uses Google’s global network infrastructure to support low-latency connections and elastic scaling. BeyondCorp allows users to connect to any SaaS apps, web apps and cloud resources from anywhere in the world. BeyondCorp is delivered as a subscription service with per-user-per-month pricing.

Summary

BeyondCorp provides continuous, multi-layered security for users, access data and applications that helps to prevent malware and reduces the risk of data breach. Google provides granular access management policies and controls for IT admins, while ensuring end users are able to quickly and easily gain access to the applications they need to. Google provides strong data and threat protection features, with integrated protection against DDoS attacks. Google is fully committed to Zero Trust principles and has partnered with a variety of market leading cybersecurity vendors to help customers implement a Zero Trust approach. Forrester credits Google as being one of the pioneers of Zero Trust solutions, with their range of solutions (BeyondCorp included) being suitable for SMBs and enterprises alike looking to implement a Zero Trust security model.

Illumio Core Features

Illumino Core provides multiple features that help organizations build a foundation for Zero-Trust security. Real-time Application and Dependency Maps provide visualization into your applications, user behaviors and interdependencies, enabling admins to create granular data segmentation policies and govern access. Security teams can create and manage policies with the Policy Generator tool, which allows you to build optimal micro-segmentation policies for each application and workflow. Admins can also configure role-based access controls to ensure that each user is only able to access essential data – a key pillar of Zero Trust security.

Core integrates with third-party vulnerability scanning tools to provide greater visibility and insights into potential vulnerabilities and attack paths across applications, data centers and cloud networks. Core also enables the encryption of data in motion between data centers and the user environment.

Illumio Core Deployment

Illumino Core is based on two components: The Virtual Enforcement Node (VEN) and the Policy Compute Engine (PCE). The VEN is an agent installed in the operating system of the host. This agent collects and transmits data from the endpoint and detects unauthorized connections and devolutions from policies. The PCE is the brain behind the solution, collecting information gathered by the VEN and recommending optimal rules and policies fine-tuned for your organization. The PCE can be deployed on-premise, or in the cloud.

Summary

Illumio Core is a strong offering for large enterprise organizations looking to implement a Zero Trust security solution. By allowing admins granular control over data segmentation and real time visibility into application and behaviors, Core provides effective mitigation against data breaches. Core also enhances patching strategies by helping SOC teams to visualize attach pathways and create policies to help limit the ability of attackers to gain access to sensitive data. Core provides real-time global visibility and is managed in a single control panel.

Illumio is recognized by Forrester as a market leader for Zero Trust, who praise their recent partnership with Crowdstrike, which provides greater endpoint protection alongside the data segmentation and access control focused on in this article. Illumio is designed with a focus on larger enterprises in particular, especially those looking to implement a secure approach to hybrid working.

Microsoft Azure Features

Using Azure, you can verify and secure each user with strong authentication standards across your Microsoft applications. Microsoft provides an easy-to-use authenticator smartphone app for free, which allows users to easily scan their fingerprint or generate an OTP. Microsoft also provides a range of reports around user access, improving visibility over who is accessing applications.

Using Azure, admins have greater control over in-app permissions for different user groups and can control user permissions and restrict access to sensitive data as needed. Microsoft also uses real-time monitoring to detect potentially malicious user behaviours to prevent data breaches. Microsoft’s status as a market leading provider means Azure is widely supported by third-party applications, enabling the use of single sign-on for users.

Microsoft Azure Pricing

Azure AD is included with all paid subscriptions to Microsoft 365. The Azure Active Directory service can be managed from the Microsoft 365 admin console.  From here you can create and manage user groups. Pricing options for Microsoft 365 varies depending on organization size, and level of functionality required.

Summary

Microsoft have made a strong commitment to Zero-Trust principles throughout their solutions. Many of the core features needed to execute an organization-wide Zero Trust policy are available across Microsoft 365, giving admins the tools they need to continuously and autonomously verify user identities and segment access to sensitive data. There are also a strong range of reports available to suit the needs of small and mid-sized organizations – although larger organizations and those with more stringent compliance needs may wish to augment Microsoft’s protection with a third-party solution. Forrester praises Microsoft as being one of the ‘dominant’ providers of Zero-Trust throughout the coronavirus pandemic, protecting hundreds of thousands of remote workers globally.

OKTA Identity Cloud Features

OKTA provides a number of different products and feature sets to help organizations achieve Zero Trust. OKTA Workforce Identity allows organizations to support remote workers and secure access with single sign-on, a universal user directory, server access controls, adaptive multi-factor authentication, granular provisioning controls and API controls. OKTA Customer Identity allows developers to implement MFA, secure authentication, user management and more, which can all be managed via one scalable platform. OKTA also provides a variety of platform services to support Zero Trust, including a range of integrations, reporting and data insights, customizable identity workflows and device management.

OKTA Identity Cloud Deployment/Integrations

OKTA can be deployed across cloud-based or on-premises applications. Deployment steps vary for different solutions and applications; OKTA offers comprehensive guides within their knowledge base. OKTA helps to manage easier deployment with their integration wizard, as part of the OKTA Integration Network. OKTA provides 7,000 pre-built integrations with cloud and on-premise systems, allowing you to easily provision SSO and MFA across third-party accounts and applications. This allows users to centralize user management and automate access to workflows and policies.

Summary

OKTA is a leading identity management vendor that helps organizations to implement a reliable and scalable Zero Trust policy, and developers to implement Zero Trust security controls into their applications. Forrester recognises OKTA as one of the leading Zero Trust vendors for its ‘powerful, broadly adopted platform.’ For end-users, OKTA’s SSO and MFA functionality is easy to use, providing easy authentication for applications. For admins and developers, OKTA provides a huge range of integrations, policies, controls and advanced functionality to support growth and security. OKTA is an enterprise-focussed solution, and best suited to mid-sized and large organizations. OKTA can help to achieve core Zero-Trust goals, prevent data breaches, centralize access controls, and automate onboarding and off-boarding of users.

Palo Alto Networks Features

Palo Alto Networks delivers Zero Trust security through their Network Security solution suite, which includes a range of different products and services. Palo Alto provides a market-leading firewall service, which provides intelligent network security for enterprise applications. Palo Alto Panorama provides centralized management features and insights into network traffic, reporting and automated threat response. With Panorama, admins can also create and edit security rules, and centrally manage connected devices and security configurations across firewalls. Palo Alto also provides web protection via DNS filtering and a secure web gateway, as well as a leading SD-WAN solution.

Palo Alto Networks Deployment

Palo Alto offer a Zero Trust design service to help customers successfully deploy and implement Zero Trust architecture. Their Panorama solution is available as an on-premises hardware solution, as a virtual appliance and can also be applied in public cloud environments. Specific deployment methods can differ if you are an existing Palo Alto firewall customer, and depending on the type of network environment.

Summary

Palo Alto are a leading provider of Zero Trust solutions, with a huge range of solutions on offer that are most suited to enterprise organizations who are looking for powerful, flexible and scalable Zero Trust security. Forrester recognizes Palo Alto as a “force to be reckoned with,” in the Zero Trust space. Palo Alto have focussed heavily on their Zero Trust offering, developing a range of services that they argue delivers an “end-to-end” solution for securing users, applications, data and devices, with granular controls and reports. Palo Alto also offers a Zero Trust design service for their enterprise customers, working with them to develop a custom Zero Trust roadmap for their organization.

Proofpoint Meta Features

Proofpoint Meta provides a software-defined perimeter, allowing organizations to securely connect remote employees to corporate cloud infrastructure and data centres, without the use of traditional VPN technologies, which can often provide slow connections and offer minimal admin controls. Meta provides segmented, verified and audited access for users, while ensuring users can still easily manage systems. Meta also features enhanced controls and visibility into connected users in the management console.

Meta allows you to segment access to data and applications – one of the core principles of Zero Trust. Admins can secure remote access to cloud applications such as Amazon Web Services, Microsoft Azure and Google Cloud. Admins are able to set up cross-cloud connections and apply security policies across applications, including automating API access and automatically applying workflows. Application policies can be configured to provide contextual protection, ensuring the user-experience remains consistent and easy for users inside and outside your network environment.

Proofpoint Meta Deployment

Proofpoint Meta is fully cloud-based. Deployment involves onboarding your user devices and network resources to Proofpoint’s cloud network, and then configuring your access policies, workflows and user groups, alerts and procedures. Access to private applications is protected by a software-defined perimeter at a per-user level, avoiding the need to deploy VPNs.

Summary

Proofpoint Meta provides powerful cloud-based access management and control to enterprise applications. It provides simple deployment, centralized policy management, and micro-segmented application access to help organizations implement Zero Trust for all users whether in the office, working remotely, or external contractors. Meta is a strong Zero Trust solution for enterprises looking to accelerate cloud migration, as this solution is fully cloud based, leveraging Proofpoint’s global cloud networks for flexibility and scalability. Proofpoint has continued its strategy of growing its platform though acquisition, adding to its Zero Trust offering with the acquisition of ObserveIT and a range of other security vendors.

Unisys Stealth Features

When a suspected attack occurs, Stealth promises to dynamically isolate suspicious users and devices in under 10 seconds, to prevent data exfiltration and financial lossas well as limit the spread of malware and preventing data loss. Stealth Smart Wire protects connected devices and isolated assets. Stealth Identity provides biometric identity management to control access to your networks and reducing reliance on weak and unsecure passwords. This also helps to ensure compliance and prevent unauthorized access to data and systems, reducing your risk of falling victim to a phishing or social engineering attack. Unisys Stealth also provides data micro-segmenting and security customized to your network.

Unisys Stealth Deployment

Unisys Stealth is a software-only solution that can be installed and deployed quickly and efficiently – Unisys claims it takes just 30 minutes to install and configure the management console. The deployment does not require any network configuration changes and can scale to support the growth of your organization. Stealth is also available as a managed service, with Unisys experts available to help design, implement and improve your network security as part of an ongoing service.

Summary

Unisys is a leader in the Zero Trust space, offering a range of powerful solutions to control and manage access to corporate applications. Unisys Stealth provides powerful protection against data exfiltration, and granular access controls for organizations to segment access to data. Unisys has a focus on quick deployment, and one of their unique features is a focus on biometric security controls, helping organizations to move away from password management to more secure authentication methods.

Unisys also offers a fully managed Zero Trust offering, allowing organizations to benefit from hands-on planning and design services, training, and managed deployment and segmentation of data. Unisys is a strong Zero Trust solution for large enterprise organizations and has a variety of customers in the US Government, including the Department of Defence and various other agencies.