The Inner Circle

Team,

I am reviewing leveraging ZTNA, ZT Network Access "connectors".  Some examples SASE vendors are Zscaler, Palo Alto, Netskope, CloudFlare, etc...

I believe Zscaler might be leading the market at the moment regarding application "connectors": Zscaler Client Connector

I am interested in feedback from early adopters regarding this technology, pros and cons etc...

Please reply in the thread or reach out directly...

Be well,

On what basis do you think they are leading the market on this Joe? Is it a single or blended metric? Are we talking most deployed endpoints, ability to deploy on most endpoints/environments/use cases supported, features and functions delivered? Also, wrt Zscaler are we talking access to private apps (ZPA) or public apps (ZIA)??

Team,

I am reviewing leveraging ZTNA, ZT Network Access "connectors".  Some examples SASE vendors are Zscaler, Palo Alto, Netskope, CloudFlare, etc...

I believe Zscaler might be leading the market at the moment regarding application "connectors": Zscaler Client Connector

I am interested in feedback from early adopters regarding this technology, pros and cons etc...

Please reply in the thread or reach out directly...

Be well,

I appreciate your engagement...

The focus is on the client "connect" aspects of ZTNA, ZPA.  The use case is removing publicly facing apps and putting them behind "the vpn".  Allowing employees to access the app via the ZTNA connect via the ZT Exchange.  The technology is attractive as connections are initiated "from" the application "connect proxy" outbound to the exchange, so corporate applications are never exposed to the public Internet.  Not to mention the detailed identity aspects of the authorization for the application ;-)

Similar technology from Palo Alto Prisma is still on the road-map...

Palo Alto recently acquired Talon to help in this area...

I hope this helps clarify the ask...

On what basis do you think they are leading the market on this Joe? Is it a single or blended metric? Are we talking most deployed endpoints, ability to deploy on most endpoints/environments/use cases supported, features and functions delivered? Also, wrt Zscaler are we talking access to private apps (ZPA) or public apps (ZIA)??

Team,

I am reviewing leveraging ZTNA, ZT Network Access "connectors".  Some examples SASE vendors are Zscaler, Palo Alto, Netskope, CloudFlare, etc...

I believe Zscaler might be leading the market at the moment regarding application "connectors": Zscaler Client Connector

I am interested in feedback from early adopters regarding this technology, pros and cons etc...

Please reply in the thread or reach out directly...

Be well,

Hey Joe, thanks for the clarification. Zscaler and ZPA is definitely doing well in this regard, but I think NetFoundry is more advanced. I should note, I do work for NetFoundry so I am biased. That said, lets look at why I believe this:

• NetFoundry built and maintains OpenZiti, an open source ZTNA. While we also deliver a commercial equivalent, the open source nature means it is and will become the de facto standard that everyone adopts. Company adopting it include a cyber security unicorn, one of the 4 hyperscalers, several large industrial OEMs, large US defence contractors and many more.
• NetFoundry can support any use case, not just remote access (incl. N-S, E-W, OT/IoT, M2M) to extend ZTN to anything. This is part of why is is being adopted in the OT space where they need machine to machine, airgapped, real-time and L2 connections, and more.
• NetFoundry provides its own PKI instead of using external OICD/SAML. This ensures mTLS and E2EE everywhere (Zscaler uses TLS so you 'trust' their infra) while supporting external identity provides to replace primary or additional secondary.
• NetFoundry follows the same outbound-only, deny-by-default, least privilege, microsegemented model, though it can also operate like a VPN if you want it to.
• NetFoundry can operate anywhere, and brings its own resilient, HA, smart routing overlay (think ZTNA + SDWAN having a baby); this is part of the reason for adoption in defence where airgapped is standard.
• NetFoundry includes SDKs so we can embed ZTN as part of the Software Development Lifecycle which is far more secure and easier for users. This includes 'clientless' endpoints which actually bring mTLS, E2EE, and more to the browser without the user or IT admins doing any hacks in the background.

If you fancy it, I did a presentation at the CSA a few weeks back - 'Zero Trust Networking for difficult use cases-Multi-Cloud/OT/IoT, air-gapped networks and more' which acts as a good intro - https://www.linkedin.com/feed/update/urn:li:activity:7221461016088375297. 

Regards

Philip

I appreciate your engagement...

The focus is on the client "connect" aspects of ZTNA, ZPA.  The use case is removing publicly facing apps and putting them behind "the vpn".  Allowing employees to access the app via the ZTNA connect via the ZT Exchange.  The technology is attractive as connections are initiated "from" the application "connect proxy" outbound to the exchange, so corporate applications are never exposed to the public Internet.  Not to mention the detailed identity aspects of the authorization for the application ;-)

Similar technology from Palo Alto Prisma is still on the road-map...

Palo Alto recently acquired Talon to help in this area...

I hope this helps clarify the ask...

On what basis do you think they are leading the market on this Joe? Is it a single or blended metric? Are we talking most deployed endpoints, ability to deploy on most endpoints/environments/use cases supported, features and functions delivered? Also, wrt Zscaler are we talking access to private apps (ZPA) or public apps (ZIA)??

Team,

I am reviewing leveraging ZTNA, ZT Network Access "connectors".  Some examples SASE vendors are Zscaler, Palo Alto, Netskope, CloudFlare, etc...

I believe Zscaler might be leading the market at the moment regarding application "connectors": Zscaler Client Connector

I am interested in feedback from early adopters regarding this technology, pros and cons etc...

Please reply in the thread or reach out directly...

Be well,

Philip,

I actually attended the CSA call where you presented...good stuff.

I am hoping to get feedback from folks who have used this tech... ;)

Ty for your continued collaboration...

Hey Joe, thanks for the clarification. Zscaler and ZPA is definitely doing well in this regard, but I think NetFoundry is more advanced. I should note, I do work for NetFoundry so I am biased. That said, lets look at why I believe this:

• NetFoundry built and maintains OpenZiti, an open source ZTNA. While we also deliver a commercial equivalent, the open source nature means it is and will become the de facto standard that everyone adopts. Company adopting it include a cyber security unicorn, one of the 4 hyperscalers, several large industrial OEMs, large US defence contractors and many more.
• NetFoundry can support any use case, not just remote access (incl. N-S, E-W, OT/IoT, M2M) to extend ZTN to anything. This is part of why is is being adopted in the OT space where they need machine to machine, airgapped, real-time and L2 connections, and more.
• NetFoundry provides its own PKI instead of using external OICD/SAML. This ensures mTLS and E2EE everywhere (Zscaler uses TLS so you 'trust' their infra) while supporting external identity provides to replace primary or additional secondary.
• NetFoundry follows the same outbound-only, deny-by-default, least privilege, microsegemented model, though it can also operate like a VPN if you want it to.
• NetFoundry can operate anywhere, and brings its own resilient, HA, smart routing overlay (think ZTNA + SDWAN having a baby); this is part of the reason for adoption in defence where airgapped is standard.
• NetFoundry includes SDKs so we can embed ZTN as part of the Software Development Lifecycle which is far more secure and easier for users. This includes 'clientless' endpoints which actually bring mTLS, E2EE, and more to the browser without the user or IT admins doing any hacks in the background.

If you fancy it, I did a presentation at the CSA a few weeks back - 'Zero Trust Networking for difficult use cases-Multi-Cloud/OT/IoT, air-gapped networks and more' which acts as a good intro - https://www.linkedin.com/feed/update/urn:li:activity:7221461016088375297. 

Regards

Philip

I appreciate your engagement...

The focus is on the client "connect" aspects of ZTNA, ZPA.  The use case is removing publicly facing apps and putting them behind "the vpn".  Allowing employees to access the app via the ZTNA connect via the ZT Exchange.  The technology is attractive as connections are initiated "from" the application "connect proxy" outbound to the exchange, so corporate applications are never exposed to the public Internet.  Not to mention the detailed identity aspects of the authorization for the application ;-)

Similar technology from Palo Alto Prisma is still on the road-map...

Palo Alto recently acquired Talon to help in this area...

I hope this helps clarify the ask...

On what basis do you think they are leading the market on this Joe? Is it a single or blended metric? Are we talking most deployed endpoints, ability to deploy on most endpoints/environments/use cases supported, features and functions delivered? Also, wrt Zscaler are we talking access to private apps (ZPA) or public apps (ZIA)??

Team,

I am reviewing leveraging ZTNA, ZT Network Access "connectors".  Some examples SASE vendors are Zscaler, Palo Alto, Netskope, CloudFlare, etc...

I believe Zscaler might be leading the market at the moment regarding application "connectors": Zscaler Client Connector

I am interested in feedback from early adopters regarding this technology, pros and cons etc...

Please reply in the thread or reach out directly...

Be well,

Team,

I am reviewing leveraging ZTNA, ZT Network Access "connectors".  Some examples SASE vendors are Zscaler, Palo Alto, Netskope, CloudFlare, etc...

I believe Zscaler might be leading the market at the moment regarding application "connectors": Zscaler Client Connector

I am interested in feedback from early adopters regarding this technology, pros and cons etc...

Please reply in the thread or reach out directly...

Be well,