According to the Ponemon Institute, incidents related to insider threats have grown by 44% over the past two years, with the cost per incident reaching $15.8 million. Single-vendor SASE platform provider Cato Networks continues to address the mounting security concerns posed by these threats.
A critical way to stop insider threats is by ensuring that users and IT administrators only have access to the necessary resources. To service this requirement, Cato became the first to extend ZTNA to users inside the office without requiring additional policies or infrastructure.
With RBAC+, Cato brings fine-grained controls over what IT administrators can do across SASE capabilities. Cato has also extended DNS protection to prevent insiders and attackers from exfiltrating data and exploiting all manners of potential DNS vulnerabilities.
Why ZTNA often fails to address access abuse
The risk of insider threats has only grown as enterprises undergo layoffs and adopt hybrid work models. Anyone from disgruntled users and employees to external attackers who have acquired credentials all pose threats to an enterprise's systems.
The challenge that enterprises faced was supposed to be solved by ZTNA, as it provided users secure access to only the necessary resources and then monitored traffic once users were admitted to the network. Therefore, organisations could identify and limit the risk posed by any user.
The problem, however, is that these solutions only apply access controls to remote users, not those on-premises. This complicates access management as they also lack the security engines to continually inspect traffic flows which expose enterprises to attacks from authorized users. There is also a lack of AI and ML algorithms to identify suspicious activity.
“Administrators should be able to construct a single application access policy for users in an office or on the road,” says John Grady, Principal Analyst with Enterprise Strategy Group.
“ZTNA tools supporting this help organizations not only improve their security posture but their operational efficiency as well.”
A simpler approach to ZTNA
Now thanks to Cato, it has extended its ZTNA capabilities to users within the office without the complexity of configuring additional policies.
Through a single ZTNA policy, enterprises maintain zero-trust security seamlessly and easily. Regardless if a user is in the office or outside the office, access to IT resources is guided by the same ZTNA policy and the same user identity. Besides user identity, Cato ZTNA policies consider an extensive range of parameters, including device posture, location, and time of day.
For control over IT administration, Cato also enhanced its role-based access control (RBAC) to enable secure, granular access in converged networking and security teams.
As enterprises adopt SASE, there is a growing need for a common management platform with granular networking, security, and access roles. With Cato, separate roles can be defined globally or by the site for networking, access, and security personnel. Roles can also be customized for editing or viewing the individual capabilities in each sector provided by Cato SASE Cloud, such as Internet Firewall, TLS Inspection, DLP Configurations and more.
“For too long, ZTNA solutions have focused on secure remote access only. But securing internal access is just as important, particularly with today’s hybrid workforce,” says Gur Shatz, Co-Founder, President, and Chief Operating Officer, Cato Networks.
“The work our team has done today makes ZTNA even easier and more effective, letting an enterprise secure access for a user in working remotely or in the office with the same policy.”
Once users have gained access to the network, Cato continually inspects user traffic to ensure conformance with company security policies.
All enhancements are currently available at no additional charge to Cato customers.
“It is no secret that lack of access control and authorization is a go-to weakness for threat actors. While MITRE and other frameworks point it out, the threat actors are not shy about it either,” says Etay Maor, Senior Director of Security Strategy, Cato Networks.
“They buy and sell privileged accounts on the Dark Web, offer discovery services, and even during discussion with them, they have advised companies to ‘check granted privileges for users, to make them maximum reduced privileges and access only exact applications'’.”