Securing Network Access in a Distributed, Zero-Trust World

As new generations of computing technologies and IT deployment models materialize, they don’t simply replace their predecessors overnight. New and old operate side-by side, often for many years. IT’s evolution is an additive, not zero-sum, game.

This fact means that the IT landscape becomes ever more complex, and securing it becomes ever more challenging. Gone are the days when computer users, applications and databases all sat behind their respective corporations’ firewalls and other perimeter defenses. Today, users are as likely to be remotely located or mobile as they are to be sitting in centralized buildings. For their part, applications and data are spread across a hodgepodge of corporate databases, cloud environments and websites.

In one notable milestone, an April 2019 global survey of more than 500 IT and business executives – conducted by ClearPath Strategies for the Cloud Foundry Foundation – found that 51% of the organizations had moved their mission-critical app to the cloud, surpassing the percentage deploying these apps in legacy environments for the first time.

This distribution and fragmentation of the IT environment has meant that multiple security controls and regimes must interact. Organizations are dealing with employees and partners in different locations and using a variety of devices, all attempting to access applications, services and data that may be in corporate data centers, cloud infrastructures, or increasingly distributed among multiple hybrid environments.

No surprise that it has become difficult to ensure the identities and authorizations of users and devices as they attempt to access these distributed digital resources, especially when the different environments use a mixture of poorly integrated or incompatible security systems.

We at Symantec have worked for years to assemble a portfolio of controls to provide a comprehensive and integrated security solution that addresses every aspect of today’s IT deployment models and communications networks. We’ve built this portfolio both through internal development as well as via strategic acquisitions. Our acquisition of Luminate Security this February, for example, expanded our ability to support a zero-trust model for accessing corporate applications.

Symantec now has an unparalleled suite of network security products and services that deliver best-of-breed functionality, tight integration and operational simplicity. Combined, our offerings provide secure access for every workflow and networking scenario, including accessing websites, corporate applications on-premises or in the cloud, software-as-a-service applications, and email. Organizations no longer have to integrate and maintain a patchwork quilt of individual solutions and can move beyond the security limitations associated with VPNs and other legacy solutions.

Among the most important and powerful of our network security offerings:

• Symantec CloudSOC Cloud Access Security Broker (CASB) – this gateway service helps companies confidently and compliantly support employee access to SaaS applications, whether the employees are using managed or unmanaged devices. In the latter, BYOD case, our patent-pending CloudSOC Mirror Gateway capability greatly simplifies the protection of users of such unmanaged devices. Among its many threat prevention features, the Cloud SOC CASB provides user and entity behavior analytics (UEBA) to establish baseline activity patterns and identify abnormal or malicious deviations from those patterns. The offering’s DLP identifies, classifies and monitors different categories of regulated data to help meet compliance demands.
   
• Symantec Secure Access Cloud – offering stronger security than VPNs by providing zero-trust access to corporate applications, this service incorporates Luminate’s Software Defined Perimeter technology. The Secure Access Cloud creates a secure but transient connection between the user and the application, a connection that is terminated as soon as the user completes his or her task. Managers gain full visibility, governance and contextual enforcement capabilities, as well a detailed audit trail of each user’s activity. Thanks to its contextual policy enforcement, the Secure Access Cloud can permit or deny access based on such variables as the user’s identity, the user’s device state, the time of access, the sensitivity of the application, and even the specific actions the user attempts after being initially authorized and authenticated.  Now with CloudSOC integration, customers can extend the CASB solution’s information protection, threat prevention and UEBA capability for  IaaS and PaaS applications.
   
• Symantec Web Security Service – this cloud-delivered secure web gateway includes sophisticated malware detection capabilities and provides Symantec Web Isolation to create a safe container in which to open and run sessions. If a site sends malware or exhibits other risky behavior, the threat is contained and eliminated before ever reaching the user’s machine. To support compliance demands, the Web Security Service management console provides deep visibility into, for example, which SaaS applications users are accessing. We examine as many as 60 attributes to evaluate the risks associated with more than 15,000 cloud environments.
   
• Symantec Email Security.cloud – designed as a complete email security solution, this service blocks spear phishing, ransomware, and other threats, protecting Office 365, GSuite and other email systems. Email Security.cloud leverages the insights and intelligence that we gain from our global base of installed security products and services, which, combined, processes more than 2.4 billion emails each day. Among its many features, this offering also includes threat isolation technology to create secure virtual containers between users and suspect links or attachments.

All of these network security elements not only work easily and efficiently with one another, of course, but also with the other offerings within our Symantec Integrated Cyber Defense Platform