Legacy security technologies are based on a secure perimeter paradigm that implicitly trusts the resources, devices, and people connected to a protected network. Appropriate to network architectures of the 1980s, the secure perimeter has become a liability in today’s decentralized, cloud-based, work-from-home world.
Consider some of VPN’s weaknesses:
Designed for today’s decentralized networks and workforces, ZTNA is based on three core principles:
Assume breach |
Verify explicitly |
Least privilege |
Any network, device, credential, or user could be compromised at any time. Never assume trust for any of them. | Authenticate user identity, confirm device posture, and evaluate the context of every request. | Only authorize access to specific resources the user needs for their work. |
ZTNA is network-agnostic, creating direct connections between users wherever they are located and a company’s resources whether on-premises or in the cloud. Some of the benefits of ZTNA include:
Unified access control | ZTNA lets companies manage access for remote and on-premises workforces within a single system. |
Securing development environments | ZTNA improves the security of a company’s most sensitive resources while improving developers’ access. |
Universal multi-factor authentication | Exium’s ZTNA solution lets you extend MFA to every resource — even to services such as SSH |
Improved security | ZTNA lets you apply granular, role-based access controls based on the principle of least privilege. |
As the name suggests, the Agent-based approach requires an agent running on the user’s device. This agent collects the identity, security posture, and context evaluation before sending the information to the ZTNA system. Once the user is authenticated, ZTNA solutions such as Exium create encrypted tunnels between an authorized resource and the user’s device.
Which approach you choose will depend on several factors unique to your organization. These three scenarios highlight some of the trade-offs:
Exium supports both agent-based and agentless ZTNA. In this document, we will guide you on how you can easily start your agentless ZTNA journey by following simple steps below.
In the agentless ZTNA approach, the user opens a browser to access the company’s ZTNA portal. This browser session collects data on the device’s security posture and the context of the network connection. Integrated with an Identity Provider (IdP), the browser verifies the user’s identity with a login password, single sign-on, or multi-factor authentication.
With the user’s identity authenticated, the browser session redirects to whatever web-based resources the user is authorized to access.
Exium's agentless ZTNA approach provides secure remote access to your public-facing as well as internal private applications, regardless of whether they are hosted by a public cloud service provider or in your organization’s private data center.
With all traffic directed through a fully encrypted tunnel and HTTPS, your private applications are never exposed to the public internet. This, combined with its granular zero trust capabilities, ensures a higher level of security for remote employees, partners and suppliers connecting to your public-facing as well as internal private applications.
The workspace admins follow the steps below to add users in the admin console:
Step 1: Log into the partner admin console and navigate to the company workspace
Step 2: Add users using one of the user onboarding methods.
If this is first time you are accessing the Company ZTNA Portal, you will need to reset your password and set up Multi-Factor Authentication (MFA).
After you click on the web link for your Company's ZTNA Portal, you will be presented with a web page similar to below. Click on “Reset Password?”
Enter first part of your email. For example if your email address is John.Doe@exium.net
, Enter John.Doe
and Click on “RESET”
You will receive an email similar to the one below to reset your password. Click on “Reset”
Enter New Password and Repeat new password.
You will be asked to register your mobile device for Multi-Factor Authentication (MFA). Click on “Register device”.