March 1, 2022 – Cyolo, a leading provider of Zero Trust solutions, announced today that it has been identified as a Representative Vendor in the 2022 Gartner® "Market Guide for Zero Trust Network Access.”1
Cyolo was named as a Representative Vendor for ZTNA. Gartner recommends security and risk management leaders responsible for infrastructure security to:
“Establish a high-level zero trust strategy first and ensure that your identity and access management technologies and processes are well understood and mature before selecting and implementing a ZTNA solution.
Assess your current VPN landscape if VPN replacement is the primary goal to quantify the capabilities of a ZTNA vendor — and if there are sufficient benefits of implementing ZTNA to replace the VPN.
Consolidate agent-based ZTNA selection with the choice of SSE provider as part of the wider SASE architecture decisions to avoid the complexity and potentially unsupported configurations of multiple agents on managed devices.
Prioritize ZTNA vendor selection based on the desired end-user access use cases, as well as the endpoint and application architecture of the organization.”
According to Gartner, ZTNA is “the products and services that create an identity- and context-based, logical-access boundary that encompass an enterprise user and an internally hosted application or set of applications. The applications are hidden from discovery, and access is restricted via a trust broker to a collection of named entities. The broker verifies the identity, context and policy adherence of the specified participants before allowing access, and minimizes lateral movement elsewhere in the network.
ZTNA removes excessive implicit trust that often accompanies other forms of application access, such as legacy VPN.”
Zero trust drives digital business transformation through enhanced security, accelerated agility, and an improved user experience. As a result, ZTNA is a powerful security solution for use cases like connecting various ecosystem members, remote access, supporting M&A, enabling BYOD, securing IoT, replacing VPNs and more.
But ZTNA doesn’t only reduce the security risk compared to VPNs. ZTNA also enables better business collaboration with employees, remote workers and third party vendors.
According to Gartner, although ZTNA greatly reduces overall risks, it doesn’t eliminate every risk completely as these examples illustrate:
“The trust broker could become a single point of any kind of failure. Fully isolated applications passing through a ZTNA service will stop working when the service is down. Well-designed ZTNA services include physical and geographic redundancy with multiple entry and exit points to minimize the likelihood of outages affecting overall availability. Furthermore, a vendor’s SLAs (or lack thereof) can indicate how robust they view their offerings. Favor vendors with SLAs that minimize business disruptions.
The location of the trust broker can create latency issues for users, negatively affecting the user experience. Well-designed ZTNA offerings provide multiple POPs with distributed copies of the enterprise’s policies, combined with peering relationships to improve redundancy while decreasing latency.
Attackers could attempt to compromise the trust broker system. Although unlikely, the risk isn’t zero. ZTNA services built on public clouds or housed in major internet carriers benefit from the provider’s strong tenant isolation mechanisms. Nevertheless, collapse of the tenant isolation would allow an attacker to penetrate the systems of the vendor’s customers and move laterally within and between them. A compromised trust broker should fail over to a redundant one immediately. If it can’t, then it should fail closed — that is, if it can’t deflect abuse, it should disconnect from the internet. Favor vendors that adopt this stance. In addition, verify that vendors maintain their own security operations teams that diligently monitor their infrastructure for issues affecting the integrity of the service (...).
Compromised user credentials could allow an attacker on the local device to observe and exfiltrate information from the device. ZTNA architectures that combine device authentication with user authentication contain this threat to a degree — stopping the attack from propagating beyond the device itself. We suggest that, when possible, MFA should accompany any ZTNA project (...).
Given the concerns with trust broker failure and user credentials, ZTNA administrator accounts are ripe for attack. Limit the number of administrators and monitor their activities to reduce insider threats, and to favor vendors that require strong authentication for administrators by default.
Some ZTNA vendors have chosen to focus their developments on supporting web application protocols only (HTTP/HTTPS). Carrying legacy applications and protocols through a ZTNA service could prove to be more technically challenging for vendors to develop and for customers to deploy. (...)”
Cyolo’s zero trust access solution provides the global workforce with convenient and secure access to applications, resources, workstations, servers and files, regardless of their location or the device used. In addition, Cyolo offers real zero trust security, as customers’ data is never stored on the Cyolo cloud or accessible to Cyolo employees. Instead, all data is kept on the customers’ premises, where it remains secure from supply chain attacks.
Zero Trust Network Access
Enable secure identity-based connectivity - empower your teams to connect everything, reduce your attack surface, and increase your operational productivity.
Easy Deployment
Deploying Cyolo takes less than 10 minutes with a single line of code. Integrate with any identity provider, cloud or on-premise, and immediately start protecting your organization without deploying agents.
Visibility and Control
Cyolo provides immense visibility with features such as Session Recording and Supervised Access. Record a full video transcript of a user's RDP or SSH session - or require your 3rd party users to request access from a supervisor before accessing a resource. Maintain a full audit trail with SIEM support for compliance.
Infrastructure Redundancy
Cyolo features over 30 global Points-of-Presence (PoPs) ensuring secure, low-latency connections for any user. Cyolo's architecture is globally dispersed with high-availability across every region to ensure zero downtime.
Multi-Factor Authentication (MFA)
MFA is a critical first step in enabling Secure Identity-Based Connectivity. Verify users' identities using Cyolo's MFA or your existing provider and extend MFA to legacy applications without native MFA support.
Real Zero Trust
The core principle behind Zero Trust is "never trust, always verify." Shouldn't this policy extend to our ZTNA vendors as well? Cyolo allows customers to keep all data, passwords, policies, and private keys within their own perimeter.
Multiple Use Case Support
Cyolo supports a wide variety of common and unique use cases, including OT, M&A, third parties, remote work, and more.
In our opinion, Cyolo’s recognition in the 2022 Gartner Market Guide for ZTNA is a significant milestone and an important validation of the path Cyolo is paving for ensuring secure access across organizations.
“We are proud to be recognized as a Representative Vendor for Zero Trust Network Access by Gartner. We believe their acknowledgement validates our vision for secure and simple connectivity for organizations,” says Almog Apirion, Cyolo’s CEO and co-founder.
“This recognition is a significant acknowledgement for our team, who have built a unique product that provides truly secure access for any type of network or application. We feel Gartner’s insights verify the market need for a ZTNA solution based on the most advanced technologies and security principles, while answering enterprise use cases.”
1 Gartner, “Market Guide for Zero Trust Network Access,” Aaron McQuaid, Neil MacDonald, John Watts, Shilpi Handa, 17 February 2022.
GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.