Transcript
One Private Access. Now today's demo is going to be through the lens of Universal Zero Trust Network Access, also known as UZTNA. Now UZTNA is a unified security architecture that replaces fragmented VPN and NAC by applying consistent context-driven Zero Trust access policies to all users and devices, whether they are connecting locally or through the cloud. Okay so let's start with the setup, and this involves three simple steps that are really your path to UZTNA. The first step is to deploy a Netscope publisher. Now this is a lightweight virtual machine that can live in your data center, public cloud, or even on a Netscope One gateway appliance. And what the publisher does is it establishes a secure outbound only connection to Netscope New Edge, and it brokers access without exposing your network. This is a big difference between what this does and, for example, a VPN concentrator that's open to the outside world, it's open to attacks, etc. You don't have that issue with this outbound only connection. Now when configured as a local broker, the publisher can also manage access directly on your own local network. This keeps the traffic at the edge, it ensures lightning-fast performance for on-site users without need to hairpin them to the cloud. So that's the first step. You got the publisher, local broker configuration. The next step is we need to onboard our applications into this Zero Trust network access world. And what happens is the publisher automatically discovers private applications, and then this allows you to seamlessly configure access via FQDN, IP address, or port configurations. Now Zero Trust is only effective if it follows the principle of least privilege. To ensure your configs stay tight, Netscope uses an AIOps agent to analyze actual traffic patterns against your current private app configuration. For example, here's an app configured with a broad IP range. Now the AIOps agent has detected that only 2% of that range is actually used. And with one click, we can grant the agent permission to right-size the policy, effectively swapping the broad range for specific active IPs that are actually being used. It's the same story for ports. Instead of leaving a wide open range, the AIOps recommends narrowing it down to only three ports actually in use. Now this proactively closes those security gaps. Okay, so now that we've performed the first two steps, we've deployed publisher, we've effectively configured local broker, and then we've discovered and onboarded our apps. The third and final step is we need to create Zero Trust policies. Now unlike a VPN that hands out keys to the kingdom, these policies grant access only to specific segments based on identity, device posture, and location. It's really the signals and context that inform a more effective Zero Trust policy posture, if you will. Now that we have a configuration in place, let's see it in action. Here's a remote user accessing a help desk application. Their identity and device posture are verified instantly, and they have fast and secure access directly to this application. However, if they try to touch an engineering app, they're immediately denied because they lack the privilege. If that same user drives to HQ, uZTNA follows them. Because they're now local to the app, the local broker in this case establishes the connection within the same subnet. The security is just as tight, but the latency is nearly zero. For third parties or BYOD, Netscope offers a number of deployment options. The Netscope One Enterprise Browser is very popular for governing Zero Trust access to third parties, BYOD, or environments where you can't put a Netscope client. This extends the same Zero Trust controls to that Netscope One Enterprise Browser. You can also layer in advanced protections, like advanced DLP and threat protection. For DLP, you want to make sure sensitive data does not leak into unmanaged devices, a very important use case. Netscope One Private Access also handles server-initiated flows. In this scenario, a server needs to access a user's desktop for remote assistance. This connection is still brokered via ZTNA, allowing a secure session without exposing the device to the open network. And then finally, uZTNA can be extended to the world of IoT and OT devices, where devices are discovered, they're classified, and the risk of the devices is assessed and scored. And then you can extend Zero Trust policies all the way to those IoT and OT devices. And that is how Netscope enables universal Zero Trust network access. Thank you for watching.
