ZTNA
Zero Trust Network Access
Secure private access without detouring traffic to a distant cloud broker.
Secure remote access for users and devices – without the hassle of VPNs. Just log in, and connect securely to what you need.
Decentralised by design
Cloud ZTNA is good enough if you're stuck in a SaaS world, but there are ways of avoiding the traditional, hypercentralised, DPI-everything approach.
Our integrated Universal ZTNA is made for intelligent, private, low-latency WANs as well as internet-first, cloud-first organisations.
No unnecessary bandwidth hairpinning to get to your apps, whether on premise or in the cloud.
Client and clientless
Universal ZTNA for your organisation
For managed devices such as corporate laptops, push the secure client, and control access to all applications with any protocols.
For unmanaged devices, secure web apps behind browser based captive portals with full identity management.
Check device posture
No updates, no access
Devices are checked in real time for the the latest software updates, OS versions and the presence of your chosen endpoint security products.
Ensure traffic is only accepted from specific geographic locations. Block untrusted countries.
Restrict access to specific times of day.
Policy enforcement
No "one-size-fits-all" like VPN
Access policies are defined as granular as you need them to be, and not based solely on authentication like traditional VPNs.
Allow the marketing team access to the marketing apps, while restricting them from seeing the HR systems.
Add and remove access instantly and seamlessly without users having to log out and in again.
Replace your aging VPN
VPN is the new FAX machine
Upgrade from primitive, allow-all, authentication-only tunnels to indentity-integrated, policy-based, trust-based ZTNA.
Easy migration paths available. Move at your pace and ensure a smooth transition.
Eliminate NGFW need
Reduce spend on bloated security stacks that don't protect the modern workplace.
Next-gen firewalls can't give the level of granular security that ZTNA does. Concentrate your efforts on user and app microsegmentation, and adopt a Zero Trust Firewall to complement. No need for top tier firewall features when paired with ZTNA and a zero-trust stance across the network.
Flexible deployment options
Slot in an EVX for seamless ZTNA gateway experience
Make the EVX your intelligent gateway with built in ZTNA and network segmentation features.
If you already have EVXs as part of your WAN, then enabling the ZTNA Gateway feature allows you to turn on full ZTNA without deploying any additional VMs or containers.
The EVX acts as the app connector, stopping all traffic flows from the network unless secured by the ZTNA software.
Deploy EVXs to hub sites and cloud tenancies to control all access to your application stores.
Why hyper-centralisation matters
Traditional cloud-based ZTNA involves not only brokering the connection across the internet and in the provider's cloud servers, but backhauling all the traffic as well to and from the user and app, even if the app is in the same location as the user.
Remove cloud bottlenecks
Avoid unnecessary bandwidth hairpinning, and keep LAN latency for local users by hosting the trust enforcement point as close to the users as possible.
Coffee shop style access
All users, whether local or remote take the shortest path to their apps. No matter their location, the way they access apps and data is the same. No more second class user experience.
Cloud ZTNA native to ZERO
Hook up your cloud apps, whether with a virtual EVX, IPsec tunnels or dedicated ExpressRoute style interconnects, and evolving ZERO will secure them natively with no additional deployments.
