Zero-trust model for application access enables organizations to shift away from relying on traditional VPN tunnels to secure assets being accessed remotely

Rajesh Maurya, Regional Vice President, India & SAARC, Fortinet

Measures to be taken for Cyber threats

The massive shift to remote work and a continually expanding attack surface has made the concept of perimeter-based security naïve at best and dangerous at worst. The major trends and factors of the past year include the erosion of barriers between corporate and home offices and the expansion of targets. In today’s work-from-home world, organizations need to find ways to give users secure access to the network and applications so they can do their jobs without compromising security. 

Using the zero-trust model for application access or zero-trust network access (ZTNA), makes it possible for organizations to shift away from only relying on traditional virtual private network (VPN) tunnels to secure assets being accessed remotely. A VPN often provides unrestricted access to the network, which can allow compromised users or malware to move laterally across the network seeking resources to exploit. 

With Zero Trust Network Access (ZTNA), access is only granted to network resources on a policy-based, per-session basis to individuals and applications after devices and users have been authenticated and verified. The system applies this policy equally whether users are on or off the network. So, you have the same zero trust protections no matter from where a user is connecting.

Solutions for sophisticated attacks

FortiGuard Labs goes on the threat hunt every day, not just to react to existing threats, but to get ahead of the curve and research everything from the latest targets to following recent attacks campaigns. It is interesting to note as well that there has been a lot of information disclosure that could have consequences. People are going to public, open-source platforms with samples of emails or other information because they believe they are being targeted. While those people may have good intentions, cybercriminals can get access to that information and use it to launch spear phishing attacks. Some of the information people upload can also contain sensitive corporate information and personal identifiable information (P.I.I.), which really leaves no work for cybercriminals other than downloading the documents and public information that has been shared with the forum.

For organizations it is important to work collaboratively to respond to events and trust is also a key solution. The zero trust model is super important here, as operating on a zero trust model significantly scales down the room for cybercriminals to enter. This solution was paramount during the shift to telework and should be carried through for the shift to hybrid work, or work from anywhere.