www.appgate.com
Open in
urlscan Pro
35.80.176.213
Public Scan
Submitted URL: https://ww3.appgate.com/e/863411/blog-vpn-vs-ztna-vs-sdp-vs-nac/61fn7t/1421482907?h=_VHS93wcEyZbqUCk-2Kc3I7XoCFm4wBdHdRd...
Effective URL: https://www.appgate.com/blog/vpn-vs-ztna-vs-sdp-vs-nac
Submission: On April 23 via api from SE — Scanned from DE
Effective URL: https://www.appgate.com/blog/vpn-vs-ztna-vs-sdp-vs-nac
Submission: On April 23 via api from SE — Scanned from DE
Form analysis 3 forms found in the DOM
/search
<form action="/search" class="">
<input
class="js-search-input-responsive w-[345px] h-[40px] text-[15px] rounded-[50px] border-0 outline-0 py-[20px] pr-[40px] pl-[70px] leading-[1] tracking-[0.7px] text-[#333] bg-[url('https://d3aafpijpsak2t.cloudfront.net/images/forms-search-default.svg')] bg-no-repeat bg-5% bg-22 bg-[30px_center] md:text-[18.8px] md:w-[528px] md:h-[18.8px]"
type="search" name="q" placeholder="Search for...">
<!--<button class="h-24 px-8 search" type="submit"></button>-->
</form>/search
<form action="/search" class="">
<input
class="js-search-input max-w-[800px] w-[60vw] h-[50px] text-[18px] rounded-[50px] border-0 outline-0 py-[20px] pr-[40px] pl-[70px] leading-[1] tracking-[0.7px] text-[#333] bg-[url('https://d3aafpijpsak2t.cloudfront.net/images/forms-search-default.svg')] bg-no-repeat bg-[30px_center] xl:bg-[22] xl:text-[22.5px] xl:h-[unset] font-light"
type="search" name="q" placeholder="Search for...">
<!--<button class="h-24 px-8 search" type="submit"></button>-->
</form><form action="" class="col-span-12 md:col-span-8 lg:col-span-6 md:col-start-3 lg:col-start-4 flex flex-col grid gap-6" id="newsletter-form-handler" handler="/l/863411/2020-12-03/271pj8">
<input type="text" name="firstName" placeholder="First Name" aria-placeholder="First Name" required="required" class="border-solid border col-span-12 md:col-span-8 lg:col-span-3 px-8 py-4 self-center">
<input type="text" name="lastName" placeholder="Last Name" aria-placeholder="Last Name" required="required" class="border-solid border col-span-12 md:col-span-8 lg:col-span-3 px-8 py-4 self-center">
<input type="email" name="email" placeholder="Email Address" aria-placeholder="Email Address" required="required" class="border-solid border col-span-12 md:col-span-8 lg:col-span-6 px-8 py-4 self-center">
<div style="position:absolute; left:-9999px; top: -9999px;">
<label for="pardot_extra_field">Comments</label>
<input type="text" id="pardot_extra_field" name="pardot_extra_field">
</div>
<div class="actions col-span-12 md:col-span-8 lg:col-span-6 ml-0 md:ml-8 mt-8 md:mt-0 self-center w-auto text-center">
<input type="submit" value="Subscribe" class="btn orange cursor-pointer">
</div>
<div class="err-mssg hidden col-span-2 lg:col-span-1 lg:col-start-2 flex flex-row items-center justify-between"></div>
</form>Text Content
REQUEST A DEMO
* Zero Trust Access
APPGATE SDP
* SDP OVERVIEW
Learn how Appgate SDP reduces risk and complexity, and why it's the
industry's most comprehensive Zero Trust network access solution.
* HOW APPGATE SDP WORKS
Find out about the inner-workings of the most flexible and adaptable Zero
Trust Network Access solution available today.
* SDP INTEGRATIONS
Explore security, IT and business-system integrations that can enhance and
help you adapt Appgate SDP to your existing workflows
* SDP FOR DEVELOPERS
Access developer tools and resources to maximize the value of your Appgate
SDP deployment.
ZERO TRUST NETWORK ACCESS FOR:
Secure Remote Access Secure Hybrid Enterprise Zero Trust for Cloud
Third-Party Access Secure DevOps Access
* Secure Consumer Access
RISK-BASED AUTHENTICATION
* OVERVIEW
Learn how Risk-Based Authentication provides a frictionless, intelligent
and data-informed approach to user authentication.
* STRONG AUTHENTICATION
Find out how you can provide secure, frictionless access with the right
multi-factor authentication method.
* TRANSACTION MONITORING
Explore the tools you can use to intelligently identify and prevent online
fraud.
* BEHAVIORAL BIOMETRICS SERVICE
Learn how behavioral analysis and machine learning stop fraudulent online
web activity in real-time.
DIGITAL THREAT PROTECTION
* OVERVIEW
Discover how you can gain unparalleled threat visibility and the risk
management tools that enable early identification and elimination of
potential attacks.
* KEY FEATURES
Take a deep dive into the features and tools contained within our
industry-leading Digital Threat Protection (DTP) solution.
SECURE CONSUMER ACCESS FOR:
Consumer Protection Fraud Protection Phishing Protection Risk Orchestration
Mobile Protection
* Threat Services
* Federal
OTHER
* Resources
*
* Resource Center
* Blog
* Podcast
* Webinar Library
* Partners
*
* Partner Program Overview
* Zero Trust Program
* MSP Program
* About Appgate
*
* Overview
* Leadership
* News & Press
* Investor Relations
* Contact Us
* Support
*
* Customer Support Portal
* Appgate SDP Support
* Fraud Support
Search
Resources
Resource Center
Blog
Podcast
Webinar Library
Partners
Partner Program Overview
Zero Trust Program
MSP Program
About Appgate
Overview
Leadership
News & Press
Investor Relations
Contact Us
Support
Customer Support Portal
Appgate SDP Support
Fraud Support
Zero Trust Access
Secure Consumer Access
Threat Services
Federal
TALK TO AN EXPERT
Search
Appgate SDP
SDP Overview
Learn how Appgate SDP reduces risk and complexity, and why it's the industry's
most comprehensive Zero Trust network access solution.
How Appgate SDP Works
Find out about the inner-workings of the most flexible and adaptable Zero Trust
Network Access solution available today.
SDP Integrations
Explore security, IT and business-system integrations that can enhance and help
you adapt Appgate SDP to your existing workflows
SDP for Developers
Access developer tools and resources to maximize the value of your Appgate SDP
deployment.
Zero Trust Network Access for:
Secure Remote Access Secure Hybrid Enterprise Zero Trust for Cloud Third-Party
Access Secure DevOps Access
Risk-Based Authentication
Overview
Learn how Risk-Based Authentication provides a frictionless, intelligent and
data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right
multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online
fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web
activity in real-time.
Secure Consumer Access for:
Consumer Protection Fraud Protection Phishing Protection Risk Orchestration
Mobile Protection
Digital Threat Protection
Overview
Discover how you can gain unparalleled threat visibility and the risk management
tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our
industry-leading Digital Threat Protection (DTP) solution.
SECURE NETWORK ACCESS
Chris ScheelsSeptember 18, 2021
VPN VS. ZTNA VS. SDP VS. NAC: WHAT’S THE DIFFERENCE?
These days, shopping for agile, enterprise-grade secure network access solutions
can be likened to spooning through a bowl of alphabet soup. Beyond understanding
all the acronyms, what’s most important when it comes to safeguarding access to
your data and workloads by anyone from anywhere, anytime?
Share
You’re certainly familiar with the ins and outs of virtual private network (VPN)
and network access control (NAC) solutions. Software-defined perimeter (SDP) and
Zero Trust Network Access (ZTNA) are newer industry terms that you also likely
know about but might not yet use to augment or replace older technology in your
network security stack.
One thing’s for sure: if you want comprehensive, adaptive secure network access,
you need to understand what each of these network security solutions is capable
of and where they differ. Some have served their purpose and are headed for the
sunset. Others are modern options designed to handle the evolving threat
landscape and meet the “now and next” scalable secure access needs of complex
and dispersed hybrid IT ecosystems.
Here we demystify the most common secure access options to help you make a more
informed decision about where to take your network security strategy.
WHAT IS A VIRTUAL PRIVATE NETWORK (VPN)? POPULAR, BUT NOT SECURE ENOUGH
VPNs have been a network security staple for more than 25 years and in the “old
world” of defined perimeters and physical offices, they sufficed. But they
weren’t built to protect hybrid enterprise environments and workforce sprawl and
now come with significant performance and security flaws that create
vulnerabilities. Even the National Security Agency (NSA) has previously warned
about VPN limitations and potential vulnerabilities.
Virtual private networks can only scale with more hardware (physical or
virtual), which means a major investment of capital and time. And they’re
famously temperamental, with connectivity and latency issues that throttle
productivity. Additional VPN limitations include:
* Exposed ports: VPNs can be easily found and queried to discover the
manufacturer and version, paving the way for threat actors to get in using
common hacking tools
* Over-privileged access: VPNs are dependent on overly complex rules to prevent
lateral movement
* Limited throughput: a typical VPN maxes out below 1Gbps which adds extra cost
and complexity
* Vulnerable to man-in-the-middle attacks: VPNs don’t validate certificates on
both sides of the communication path
* Centralized architecture: users coming into a central VPN access point are
routed to the ultimate destination on the backend over some type of wide area
network (WAN) … a topology that adds latency, causes performance issues,
frustrates users and creates complicated routing dependencies
* Lack dynamic scale: VPNs must be architected to handle a certain volume of
remote users and can’t dynamically scale up or down to handle unforeseen user
fluctuations
WHAT IS NETWORK ACCESS CONTROL (NAC)? IT ONLY ADDRESSES PART OF THE ISSUE
Like VPNs, network access control solutions are antiquated technology designed
for a time when most people were in the office. They restrict access to endpoint
devices that adhere to a defined security policy and perform authentication and
authorization before granting access. However, NAC solutions also fall short:
they can’t segment a network and can only protect on-premises devices … and that
means they only offer a partial solution.
While providing a barrier to entry, NAC solutions are ineffective when it comes
to protecting an environment once user access is granted. Over the years, NAC
technology has become less effective and therefore isn’t seen as a long-term
solution to secure your network access. Ultimately, network access control
flounders for several reasons:
* Can’t provide fine-grained least privilege access and rely on existing
network segmentation or VLANs (Virtual LAN)
* Have limited ability to make access decisions based on user context
* Don’t provide secure, encrypted communications between clients and services
* Must be used with another solution (such as a VPN) for remote users, which
adds more cost, complexity and administration
* Aren’t practical to manage or scale due to the IT administration required to
add devices and firewall rules for networks with large amounts of diverse
users and devices that constantly change
* Don’t enable cloud security
WHAT IS SOFTWARE-DEFINED PERIMETER (SDP)? A MORE SECURE ALTERNATIVE
After decades of use, VPNs and NACs have taught some lessons and paved the road
for a new, more secure way of granting access to networks.
Using Zero Trust principles—meaning no user or device is trusted until
authenticated and no resources are visible unless access is
granted—software-defined perimeter creates one-to-one connections between users
and the resources they need—and only the resources they need—to do their work.
And as the name implies, SDP is a software-defined solution rather than a
hardware solution, making it very flexible and scalable for multifaceted hybrid
IT environments.
SDP solutions were created to enforce the principle of least privilege, which
reduces the attack surface by making all resources invisible unless a user is
authorized and authenticated. A software-defined perimeter also surveys the
environment and creates entitlements and the appropriate access level for each
user in near real-time and continuously re-evaluates operational context, not
just at the initial request.
WHAT IS ZERO TRUST NETWORK ACCESS (ZTNA)? REFINING THE SOFTWARE-DEFINED
PERIMETER
Zero Trust Network Access, the newest network security industry term, is now
used interchangeably with software-defined perimeter to distinguish the more
secure “authenticate first, connect second” principle of least privilege.
ZTNA is the most effective secure access method available. In contrast to a
“default allow” mode of VPNs, NAC and firewalls, ZTNA is based on Zero Trust
theory and takes a “default deny” approach to digital resources. ZTNA and SDP
are built on three core pillars:
1. Identity-centric: designed around the user identity, not the IP address, and
requires user authentication before granting network access
2. Zero Trust: applies the principle of least privilege to the network and
users by using micro-segmentation to make unauthorized resources invisible
3. Cloud-centric: engineered to operate natively in the cloud and deliver
scalable security
ZTNA is quickly becoming the standard for network access across the hybrid
workplace for enterprise environments and workforces. In fact, according to
Gartner, “by 2024, at least 40% of all remote access usage will be served
predominantly by Zero Trust Network Access, up from less than 5% at the end of
2020.
And Zero Trust maturity is paying off, as stated in the Cost of a Data Breach
Report 2021 by IBM Security and the Ponemon Institute. The average cost of a
data breach was 35% lower ($1.76M) per breach for organizations “in the mature
stage of Zero Trust deployment” compared to those without Zero Trust deployed.
INDUSTRY-LEADING ZTNA: APPGATE SDP
Appgate SDP delivers industry-leading Zero Trust Network Access to anything from
anywhere by anyone. It requires users to be authenticated across a range of
identity-centric and context-based parameters, such as role, time, date,
location and device posture, before allowing access to enterprise resources …
which prevents unsanctioned lateral movement.
Working with your existing security ecosystem to enforce Zero Trust principles,
Appgate SDP features a single policy decision point that controls access across
your organization’s entire IT ecosystem. In addition, exceptional API
integrations mean less rip and replace and more augment and optimize to
strengthen and simplify access controls by putting existing systems and data to
work.
Additional resources
Five Steps for Successful VPN to ZTNA Migration ebook
Forrester New Wave: Zero Trust Network Access, Q3 2021
Zero Trust Starts With Secure Access infographic
Demo Appgate SDP
RELATED BLOGS
April 22nd, 2022
THE CISA ZERO TRUST MATURITY MODEL SERIES – PART 4: APPLICATION WORKLOAD
Read More
April 20th, 2022
WRITING A LINUX KERNEL REMOTE IN 2022
Read More
April 8th, 2022
THE CISA ZERO TRUST MATURITY MODEL SERIES – PART 3: NETWORK
Read More
RECEIVE NEWS AND UPDATES FROM APPGATE
Comments
THANK YOU FOR SUBSCRIBING
©Appgate 2022. All Rights Reserved.
*
*
*
*
*
2 Alhambra Plaza, Suite PH-1-B,
Coral Gables, Florida 33134
+1 (866) 524-4782
ZERO TRUST ACCESS FOR
Secure Hybrid Enterprise Secure Remote Access Zero Trust for Cloud Third-Party
Access Secure DevOps Access
RESOURCES
Resource Center Podcasts Webinar Library
ABOUT APPGATE
Overview Leadership News & Press Investor Relations Careers
LEGAL
Terms of Use Privacy Policy Cookie Policy Colombia Privacy Notice GDPR
Subprocessors
PRODUCTS & SERVICES
Zero Trust Network Access Risk-Based Authentication Digital Threat Protection
Threat Advisory Services Federal Division
PARTNERS
Partner Program Overview Partner Portal Zero Trust Program MSP Program
SUPPORT
Customer Support Portal Appgate SDP Support Fraud Support
Close
PRIVACY PREFERENCE CENTER
* YOUR PRIVACY
* TARGETING COOKIES
* STRICTLY NECESSARY COOKIES
* FUNCTIONAL COOKIES
* PERFORMANCE COOKIES
YOUR PRIVACY
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to block
or alert you about these cookies, but some parts of the site will not then work.
These cookies do not store any personally identifiable information.
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then some
or all of these services may not function properly.
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
Back Button Back
Vendor Search
Filter Button
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Clear
checkbox label label
Apply Cancel
Confirm My Choices
Allow All
ABOUT APPGATE'S USE OF COOKIES
We use cookies to personalize and enhance your browsing experience, to help us
understand how you use our website, and to assist in our marketing efforts. By
using our website, you agree to our use of cookies in accordance with our Cookie
Policy.
Manage Cookies Accept All Cookies
×
We Value Your Privacy
Settings
NextRoll, Inc. ("NextRoll") and our advertising partners use cookies and similar
technologies on this site and use personal data (e.g., your IP address). If you
consent, the cookies, device identifiers, or other information can be stored or
accessed on your device for the purposes described below. You can click "Allow
All" or "Decline All" or click Settings above to customize your consent.
NextRoll and our advertising partners process personal data to: ● Store and/or
access information on a device; ● Create a personalized content profile; ●
Select personalised content; ● Personalized ads, ad measurement and audience
insights; ● Product development. For some of the purposes above, our advertising
partners: ● Use precise geolocation data. Some of our partners rely on their
legitimate business interests to process personal data. View our advertising
partners if you wish to provide or deny consent for specific partners, review
the purposes each partner believes they have a legitimate interest for, and
object to such processing.
If you select Decline All, you will still be able to view content on this site
and you will still receive advertising, but the advertising will not be tailored
for you. You may change your setting whenever you see the Manage consent
preferences on this site.
Decline All
Allow All
Manage consent preferences