Overview

Proofpoint Zero Trust Network Access (ZTNA) delivers user-centric computing to enterprises. It is an overlay network that is global and multi-tenant. However, it functions as a private enterprise-wide area network for each customer’s organization. The infrastructure of this network is provided by Proofpoint ZTNA in the cloud, so there is no hardware to deploy. ZTNA has a dense network of points-of-presence (POP) around the world. End-users, legacy data centers, branch offices, and clouds all connect to ZTNA via the nearest local POP.

There are two ways that users connect to ZTNA. One is an always-on VPN-based connection, which is recommended for managed corporate devices. The other is browser-based secure remote access, which is most appropriate for personal devices, as well as contractors, partners, and consultants. All user traffic—WAN, LAN, and internet—flows through this network, where it is secured and audited. Internet traffic breaks out at the local POP.

From a technology perspective, this network serves as a distributed identity-based router that Proofpoint ZTNA deploys in the cloud. Policies abstract physical topology and deal with users and resources. ZTNA is built upon a zero-trust architecture where each user is bound by a software-defined perimeter. Each user has a unique, fixed identity – irrespective of rom where they connect to the network. The software defined perimeter security framework allows one-to-one network connections that are dynamically created on-demand between the user and the specific resources they need to access. All other resources are invisible to the user. Access is impossible unless it is explicitly granted, and continuously verified at the packet level. This model effectively provides organizations with dynamically-provisioned secure network segmentation.