Zero trust security for hybrid IT

“The advantages that vendors like Pulse Secure provide are unified visibility and control, broad endpoint and IoT security coverage, consistent policy enforcement and faster mean time to response to access issues. Those advantages result in an improved security posture and reduced attack surface,” said Paula Musich, research director of security and risk management at Enterprise Management Associates. “At the same time, consolidating multiple tools into a Secure Access platform reduces cost of ownership and operational overhead.”

Pulse Secure’s Zero Trust Network Access platform allows organizations to centrally manage policy and automate secure access to applications, data and services that are delivered on-premise or in private and public cloud environments. The company continues to incorporate open standards and proprietary means to extend platform interoperability and automation that provide customers greater operational oversight, policy management and threat response economies.

Management

Many enterprises supplement conventional desktop and mobile remote access to hybrid IT applications and resources utilizing Virtual Desktop Infrastructure. Having to manage multiple secure access mechanisms often introduces user experience issues, as well as provisioning delays. Pulse Secure has enhanced its VDI integration with RDS (Remote Desktop Services) Broker to simplify user experience and management support for Citrix XenApp/XenDesktop, VMware Workspace ONE and Microsoft RDP.  Additional management enhancements include:

·         Pulse VPN can now use DHCP-based networking configuration to automate endpoint access provisioning

·         OpenStack interoperability to streamline managing multiple virtual Pulse Secure appliances through popular IT orchestration tools

·         Easier, broader network switch support for Layer-2 enforcement utilizing a template-based CLI framework for Pulse NAC that negates the need for RADIUS

·         Building in Pulse Secure VPN and NAC attributes within Pulse vADC to facilitate policy-based load balancing to improve user experience and access resiliency

 

Threat Mitigation

Organizations are seeking means to improve mobile workforce user experience, while assuring data protection measures are always active and audit-ready in order to support numerous internal and regulatory compliance specification. Pulse Secure has enhanced its popular Pulse VPN Lockdown mode feature that prevents users from modifying VPN Client settings or disconnecting from gateways. Ensuring always-on and protected connections with rich user authentication and device security posture enforcement significantly reduces endpoint and access security threats. Additional threat mitigation enhancements include:

·         Bi-directional integration with IBM QRadar and Splunk SIEMs allowing Pulse NAC to receive SIEM alerts and take network threat response actions

·         Identity-based integration between Pulse NAC and the Fortigate Next Gen firewall (NGFW) using RADIUS Accounting allowing Pulse to send identity context to the NGFW for role-based access enforcement to corporate resources

·         Pulse NAC can provision users’ authentication details and resource/IoT access enforcement policies to specific Palo Alto Network's NGFW virtual instances (VSYS)

·         User Entity Behavior Analytics (EUBA) enhancements to further extend adaptive access control based on anomalous and malicious user or device activity

 

“Our customers have come to expect our solutions to be highly interoperable to address the broadest range of secure access needs, reduce operating costs and enable expedited threat response,” said Prakash Mana, vice president of product management. “With these platform advancements, our customers can further leverage their IT investments and gain greater access visibility, security, compliance and productivity.”