Perimeter81 and Zero Trust Network Access(ZTNA)
Zero Trust Network Access (ZTNA) is a security model that ensures secure access to corporate resources by granting access based on identity and context rather than physical location. This means that each user has access only to the resources they need, and this access is determined by identity and context. Perimeter81 is a ZTNA solution that integrates several technologies, including identity provider-based authentication and single sign-on, policy-based network segmentation, encrypted tunneling, and real-time activity monitoring, to help organizations manage network access for on-premises or remote employees while reducing the maintenance and hardware costs of physical alternatives.
Policy rules
Policy rules are at the core of ZTNA, and Perimeter81 allows organizations to quickly segment their users into groups and create policies that define which of their connected resources (on-prem servers or apps, public cloud apps, etc.) are accessible to specific groups. Perimeter81’s Firewall as a Service feature, Network Traffic Control, also allows IT to control how traffic flows within the network between objects including users, groups, services, and addresses. Additionally, Device Posture Check grants the power to block access for endpoints that don’t meet posture parameters like certificates, anti-virus software, disk encryption and more. Perimeter81 ZTNA also supports agentless, browser-based connections for application-specific access, allowing organizations to give third-party contractors access to specific applications without exposing the entire corporate network, while controlling and monitoring access with rules based on identity, time, location, and other relevant details.
Monitor and Logging
Zero Trust does not assume that users have good intentions or security hygiene. Therefore, Perimeter81 offers network activity monitoring and logging by default in all their plans. Administrators have access to logs of network activity such as logins, gateway deployments, app access, connected device inventory and more, and can choose to integrate a variety of SIEM services including Amazon S3, Splunk, and Azure Sentinel for more in-depth reporting and analysis.
Identify providers(IdP)
Identity Providers (IdP) act as the foundation for security authentication that can be applied to users and groups. Perimeter81 integrates with Identity Providers, including Google, Azure Directory, and multiple SAML 2.0 solutions like OKTA and OneLogin. This allows organizations to offer seamless network access to employees via Single Sign-On, and grant them specific privileges or limited access that suit their individual role, device, or location.
Backbone of global PoPs for fast remote access
Perimeter81’s backbone of global Points of Presence offers organizations the ability to quickly create a gateway that gives remote employees a lower latency, faster, and encrypted connection to their corporate network. They encrypt with bank-level AES-256 encryption in multiple protocols, including OpenVPN, WireGuard, and IPSec, encouraging organizations to keep connections private in the way that works best for their network infrastructure.
ZTNA versus a Legacy VPN
In comparison to a Legacy VPN, ZTNA offers better scalability, cost-effectiveness, and a higher level of security that serious businesses require. Open-source or self-deployed VPNs like OpenVPN are inexpensive, but insecure (without variable privileges or effective access limitations) and hard to orchestrate for larger firms. VPN services from major firewall providers are overpriced and don’t offer the support that growing businesses require to get set up quickly and easily, or to scale up as their organization expands.
Perimeter81’s ZTNA offers IT teams better encryption over faster connections and enables them to implement security that helps visualize and control the entire network from a single platform. Security professionals are able to create rules that enforce device posture, limit resource access by user and group, orchestrate traffic between network addresses and objects, and monitor activity to ensure everything is working as intended.
