Zero trust security is a concept that’s been around for several years, but it may finally be starting to gain traction as a technology product. The problem is that zero trust can mean different things to different people – and not all vendors take the same approach. But buyers are beginning to express interest, and a number of security vendors have assembled some interesting approaches to zero trust security.
What is zero trust security?
Even analysts don’t entirely agree on what zero trust security is.
Gartner calls it zero trust network access (ZTNA) and sees ZTNA as something of a fine-grained approach to network access control (NAC), identity access management (IAM) and privilege access management (PAM) – and at least an adjunct to, if not a replacement for, VPNs and DMZ architectures. Users are granted access only to the data and applications they need rather than the entire network, reducing the risk of lateral movement on the network, and device security and behavior monitoring controls can further restrict access.
As Gartner analyst Steve Riley puts it, “Identity is the new perimeter.” He sees services taking a substantial early lead over standalone solutions and says that while it’s too soon for a zero trust Magic Quadrant, the analyst firm will have more to share on customer experiences in 2021.
Forrester – which coined the term zero trust 10 years ago – takes a broader approach. The Forrester Wave report covers “Zero Trust eXtended Ecosystem Platforms,” or ZTX for short. The firm urges microsegmentation at the identity, network or device level, along with policy enforcement and advanced identity management.
We’ll take a look at both approaches and some others in this top zero trust vendors piece. While it’s too soon to declare winners, a number of vendors have pieced together strong approaches. We looked at nearly 40 vendors in developing this list, so we’ll focus on eight of the more interesting solutions, from the simple to the complex, and list some other promising ones after that.
Top zero trust solutions
Twingate helps fast-growing companies easily implement a secure Zero Trust Network Access solution without compromising on usability or performance. Twingate's secure access platform replaces legacy VPNs with a modern Identity-First Networking solution that combines enterprise-grade security with a consumer-grade user experience. It can be set up in less than 15 minutes and works with all major cloud providers and identity providers. We believe that "Work from Anywhere" should just work.
Cisco Zero Trust offers a comprehensive solution to secure all access across your applications and environment, from any user, device, and location. This complete zero trust security model allows you to mitigate, detect, and respond to risks across your environment. Cisco Zero Trust provides solutions that establish trust in users and devices through authentication and continuous monitoring of each access attempt, with custom security policies that protect every application.
Illumio’s workload and endpoint security platforms fit nicely into the zero trust space, and with its microsegmentation and whitelisting abilities, the company says it can even prevent the spread of ransomware. With capabilities that span vulnerability management, microsegmentation, network visibility and encryption, Illumio has put together a strong security offering in general. Good automation and management features give Illumio’s Adaptive Security Platform broad appeal.
Protect supply chains, secure IoT deployments, and safeguard IT infrastructure and cloud deployments with Palo Alto Networks. Their approach establishes the right context to verify user, application, host, operating environments identity, as well as the integrity of devices, hosts, and operating environments. Palo Alto's ability to provide full lifecycle security – including context-based policies, endpoint security, and automation of tasks – prevents threats in cloud environments.
Akamai has leveraged its dominant position in edge data and content delivery into an impressive security platform, with zero trust at the center of that approach. Identity and application access, single sign-on with multi-factor authentication, and threat and DDoS protection are some of the ways Akamai cloaks and protects applications while accelerating performance. Stop attacks at the edge before they reach your apps, infrastructure, and people.
Move away from traditional perimeter-focused approaches to security and instead focus resources on enabling access for all users – regardless of their location, device, or network with Okta.There is no silver bullet or single-vendor solution for Zero Trust. Okta integrates with solutions across your security stack so you can strengthen your organization even more easily. With a simple and easy-to-manage approach, Okta offers users a way to implement zero trust without a lot of complexity.
Partner with Unisys to design, build, and maintain your Zero Trust security model. Unisys Stealth® and their five-step methodology provides you with a roadmap for quickly deploying a Zero Trust strategy. Implementing Zero Trust doesn’t need to be an all-or-nothing exercise. Every step you take both improves your organization’s security posture and brings you closer to realizing the benefits of a full Zero Trust environment.
Symantec solutions are powered by the largest civilian global security intelligence and research network in the world. Symantec Endpoint Security solutions prevent, harden, detect, and respond to emerging threats across laptops, desktops, tablets, mobile phones, servers, and cloud workloads. Symantec uses artificial intelligence and machine learning to correlate and contextualize threat data, delivering rich and actionable insights for your Security Operations Center (SOC).
Make sure the right people can access the right resources at the right time – and nothing more with Appgate. Enable your digital transformation with a security strategy that reduces risk, removes complexity and instills confidence in your future-proofed security posture. Make resources invisible, strengthen access controls and simplify network security with the most comprehensive and feature-rich ZTNA solution available.
In-depth zero trust solution profiles
Jump ahead to:
Key takeaway: With a strong offering spanning access management and segmentation, Cisco customers in particular have reason to look closely at the networking giant’s zero trust solutions.
Cisco’s acquisition of access management leader Duo has solidified its zero trust approach. Combined with the networking giant’s Tetration microsegmentation technology and SD-Access policy and network access solution, Cisco is becoming an early leader in the zero trust security market. That’s especially good news for Cisco customers, who will have an easier time with implementation with all the pieces integrated. Duo users have been particularly happy, so if Cisco can maintain that product satisfaction it could have a winner on its hands.
Key takeaway: Illumio goes beyond zero trust to fill a number of security needs, and automation and management features might even give it SMB appeal.
Illumio’s workload and endpoint security platforms fit nicely into the zero trust space, and with its microsegmentation and whitelisting abilities, the company says it can even prevent the spread of ransomware. Users are happy with everything from product capabilities to pricing. With capabilities that span vulnerability management, microsegmentation, network visibility and encryption, Illumio has put together a strong security offering in general. Good automation and management features give Illumio’s Adaptive Security Platform broad appeal.
Key takeaway: Palo Alto combines strong security with recent acquisitions to emerge as a zero trust player.
Palo Alto Networks is one vendor that’s not afraid of independent security tests, and the results across firewalls, intrusion prevention systems and endpoints have been impressive. With the recent acquisitions of Twistlock, RedLock, PureSec and CloudGenix, Palo Alto’s security offerings now extend into the cloud, containers and SD-WAN. Integrating all that may take some work, but Palo Alto is becoming a vendor to be reckoned with in zero trust security. CloudGenix users in particular seem wildly happy.
Key takeaway: Akamai has leveraged its CDN technology and internal security work to emerge as a zero trust leader.
Akamai has leveraged its dominant position in edge data and content delivery into an impressive security platform, with zero trust at the center of that approach. Identity and application access, single sign-on with multi-factor authentication, and threat and DDoS protection are some of the ways Akamai cloaks and protects applications while accelerating performance. Much like Google’s BeyondCorp, Akamai’s Identity Aware Proxy architecture began as an internal security effort.
Key takeaway: Looking for an easy way to implement zero trust? Okta should be on your list.
Seeing Okta on this list should come as no surprise, as the company has long been a leader in access management, authentication and single sign-on. It also shouldn’t come as a surprise that Okta is strongest in identity and access management. With a simple and easy-to-manage approach, Okta offers users a way to implement zero trust without a lot of complexity.
Key takeaway: This is SO not your father’s mainframe vendor.
For a vendor that started out in mainframes, Unisys Stealth is one of the coolest zero trust approaches on the market, leveraging the company’s work in high-security government agencies to create a platform that includes what Forrester called “one of the few real applications of actual machine learning that we’ve seen in production in any security analytics or automation system.” The Stealth software suite offers visibility, microsegmentation, identity, cloud and mobile support, and services. If you have high security requirements, you need to take a look at Unisys.
Key takeaway: The vendor known for one-stop shopping takes the same approach to zero trust.
Symantec, now part of Broadcom, has assembled a comprehensive portfolio of zero trust offerings:
- Secure Access Cloud
- Cloud Workload Protection
- Web Application Firewall
- Control Compliance Suite
- Symantec Protection Engine
Symantec positions Secure Access Cloud as a replacement for VPNs. It uses a software-defined perimeter approach to cloak data center resources, isolating them from end users and the internet and removing the network as an attack surface. And Symantec ties it all together and automates it through its Integrated Cyber Defense Platform, making the vendor a good choice for those who want one-stop shopping.
Key takeaway: Positive user experience and an innovative approach to zero trust makes AppGate one to watch.
AppGate SDP – part of Cyxtera’s cybersecurity business that was spun out last year into a separate company – is another software-defined perimeter product aimed at replacing legacy VPN systems. There’s not a lot of user feedback on AppGate SDP, but what there is is uniformly positive. Users say the product is innovative and offers very granular access control and supports multi-cloud environments. Support is responsive but a couple say the management interface can be difficult to use. Best for those looking to isolate specific environments and aren’t afraid of a leading-edge product. The product’s ability to dynamically adapt to risk is a plus too.
With so many security vendors going after the zero trust market, mergers and acquisitions are likely. Indeed, just in the last week, Check Point Software acquired Israeli zero trust startup Odo Security, and Fortinet acquired OPAQ Networks in July.
Other vendors taking noteworthy approaches to zero trust include:
- Google (BeyondCorp, Cloud IAP, Context-Aware Access)
- Microsoft (Azure AD and Web Application Proxy)
- Check Point
- Pulse Secure
- Perimeter 81
- Cato Networks