Overview:
Securely connect anyone, anywhere, to any application. Sophos ZTNA transparently connects users to important business applications and data, providing enhanced segmentation, security, and visibility over traditional remote access VPN. It works as a standalone product and as a fully integrated Synchronized Security solution with Sophos Firewall and Intercept X.
Improve Your
Security Posture
ZTNA improves your security posture and reduces your attack surface in many ways: removing vulnerable and old VPN clients and infrastructure, eradicating implicit trust, incorporating device health into access policy, preventing lateral movement across the network, making your apps invisible to attackers, and providing much better insights into user and application activity.
Enable Remote
Workers
Remote access VPN has served us well, but it was never designed for this new world. ZTNA offers a much better alternative for remote access by providing better security and threat protection, an easier and more scalable management experience, and a more transparent and frictionless experience for end-users.
Micro-Segment Your Applications
With VPN, you’re providing network access. With Sophos ZTNA, you’re only providing access to specific applications. We micro-segment your applications, users, and devices, and with the integration of device health into access policies and continuous authentication verification, you get much better security. This eliminates all of the of implicit trust and the lateral movement that comes with VPN.
Stop Ransomware and Other Threats
Hackers are leveraging poorly secured remote systems and VPN vulnerabilities to get a foothold on networks to deploy ransomware. Sophos ZTNA helps reduce the surface area and risk of a ransomware attack by removing a new and growing vector. With ZTNA, remote systems are no longer connected “to the network” and only have specific application access.
Onboard New Apps and Users Quickly
Sophos ZTNA is much leaner, cleaner, and therefore easier to deploy and manage than traditional remote access VPN. It enables better security and more agility in quickly changing environments with users coming and going - making day-to-day administration a quick and painless task and not a full-time job.
Control Access to SaaS
Apps
As an alternative or supplement to SaaS application allowed IP ranges, you can utilize ZTNA and your Azure AD identity provider to control access to important SaaS applications – blocking denied devices and unauthorized users from accessing important cloud apps and data.
Highlights:
- Zero trust: trust nothing, verify everything
- Integrated with Sophos Intercept X
- Single agent, single console solution
- The ultimate remote-access VPN replacement
- Micro-segment and secure your network applications
- Works anywhere, on the network or off
- Cloud-managed, clouddelivered
- Transparent for end users
- Superior visibility and insights into your applications
- Integrates device health into access policies
- Simpler per-user annual subscription licensing with free gateways
Features:
Regain Trust in a World of Zero Trust
Sophos ZTNA delivers on the principles of zero trust: trust nothing, verify everything. Individual users and devices become their own micro-segmented perimeter that are constantly validated and verified. They are no longer “on the network” with all the implied trust and access that usually comes with it. Trust is now earned – not given.
Enable Remote Workers
Sophos ZTNA enables your remote workers to securely and seamlessly access the applications and data they need while making deployment, enrollment, and management much easier than traditional VPN.
Micro-Segment Your Applications
Sophos ZTNA provides the ultimate micro-segmentation so you can deliver secure application access whether your applications are hosted on premises, in a data center, or in your public cloud infrastructure. You also get real-time visibility into application activity for status, security posture, and usage. You can also control access to many SaaS applications with Sophos ZTNA using IP address restrictions to only allow connections from your ZTNA gateways.
Stop Ransomware and Threats
The possibility for ransomware and other threats to propagate across the network from a compromised user device is no longer a concern with ZTNA. Users and devices only have explicit policy-based access to specific applications. This eliminates the implied trust and broad network access that is one of the key challenges with VPN.
Deploy, Adapt, and Scale Quickly
Sophos ZTNA is built for the modern network that is dynamically changing, rapidly growing, and moving quickly to the cloud. It is a lean, clean solution that makes it quick and easy to stand up new applications securely, enroll or decommission users and devices, and get important insights into application status and usage.
Cloud-Delivered, Cloud-Managed
Sophos ZTNA has been designed from the start to make zero trust network access easy, integrated, and secure. Sophos ZTNA is cloud-delivered and cloud-managed, and integrated into Sophos Central, the world’s most trusted cybersecurity cloud management and reporting platform.
From Sophos Central, you can not only manage ZTNA, but also your Sophos firewalls, endpoints, server protection, mobile devices, cloud security, email protection, and so much more. You can log in and manage your IT security from anywhere, anytime, on any device.
Single Agent, Single Console, Single Vendor
Sophos ZTNA uniquely integrates with the full Sophos cybersecurity ecosystem to make your job a lot easier. You get a single agent solution for both ZTNA and your next-gen endpoint protection. You also get a single-pane-of-glass management console in Sophos Central for unprecedented insights across all your IT security products.
Customers agree: the time saving benefits of a fully integrated Sophos cybersecurity solution are enormous. They say it’s like doubling the size of their IT team.
Uniquely Integrated: ZTNA and Next-Gen Endpoint Protection
Sophos ZTNA is the only ZTNA solution that is tightly integrated with a next-gen endpoint product – Sophos Intercept X. This provides significant benefits in protection, deployment, and management.
- End-to-end protection: Secure your application access and protect your endpoints and networks from breaches and threats like ransomware with the most powerful machine learning and next-gen endpoint technology available.
- Synchronized Security: With your ZTNA and endpoint integrated, they are constantly sharing status and health information to automatically isolate compromised systems to prevent threats from moving or stealing data.
- Single agent, single console, single vendor convenience.
It’s a winning combination that you won’t find anywhere else.
Single Agent Deployment
Sophos ZTNA is tightly integrated with Sophos Intercept X next-gen endpoint protection, enabling a single client deployment option.
You can have the world’s best endpoint and ransomware protection along with the ultimate in application security and segmentation, all with a single client deployment.
Clientless access for browser-based applications is also an option.
Scalable Application Gateways
Sophos ZTNA gateways are free and easy to deploy where you need them. Available as a virtual appliance, you can easily deploy high-availability gateways and scale them as your organization grows.
Synchronized Device Health
Sophos ZTNA takes full advantage of Sophos Synchronized Security, utilizing the Security Heartbeat™ between Sophos Intercept X endpoints and Sophos Central and ZTNA to assess device health and identify active threats and signs of compromise. The result is an instant response to limit access, both on the network and off, for compromised or non-compliant devices.
Integrated Identity
With zero trust, identity is everything. Sophos ZTNA continuously verifies user identity with support for the most popular IDP solutions, including Microsoft Azure and Okta. Of course, you can also leverage your preferred multi-factor authentication (MFA) solution that integrates with these IDPs to guard against credential theft or compromised devices.
How It Works
Sophos ZTNA as a Service (ZTNAaaS) makes zero trust access easy with a single agent and single console, from a single vendor.
Sophos ZTNA Client
Run agentless or use our unique lightweight Sophos ZTNA agent that integrates with Sophos Intercept X to provide the ultimate zero trust endpoint solution with Synchronized Security. Sophos ZTNA also works with your existing endpoint protection product.
Sophos Central
Makes ZTNA as a Service easy with quick deployment, granular policy controls, and insightful visibility and reporting from the cloud. It integrates with popular identity providers to enable intelligent access enforcement for your applications through continuous user verification and device validation.
Sophos ZTNA Gateway
Available as a virtual appliance on Hyper-V, VMware, and Amazon Web Services, it’s free and easy to deploy. It makes your applications invisible to the public internet while providing a secure connection for verified users and their validated devices to the applications they need to do their job.
Documentation:
Download the Sophos ZTNA Data Sheet (PDF).
