Industries across the board manage more sensitive data and applications than ever before. When you blend together more complicated data collections with changing application sophistication levels, network expectations, and user locations, a solution must arise to protect the most sensitive components of an enterprise network. Zero trust networking policies and software fill potential security gaps that emerge in the age of big data.
The concept of zero trust roots itself in “trusting no one and verifying everything.” Enterprise networks often include several power users and applications, but in the zero trust networking model, network administrators recognize that no one and no thing needs constant, unmitigated access to network features.
Regardless of your industry, zero trust networking software offers solutions to secure your data against both malicious and accidental security breaches that compromise your safety and authority. Learn more below about how zero trust networking solutions can help your enterprise and what top zero trust companies offer in 2021.
Learn more about zero trust networking here: Steps to Building a Zero Trust Network
Top Zero Trust Solutions
- Benefits of Zero Trust Networking Software
- Top Software Companies and Products
- How to Choose Zero Trust Networking Software
Zero trust software provides several key advantages to enterprises that implement these solutions, particularly in the areas of security breach prevention and overall network visibility for administrators:
Preventing Malicious Attacks on Your Network
- Attacks can be prevented, or at the very least, stopped in one microsegment of your network with zero trust policies and technology. Since zero trust limits the lateral movements that an attacker can make, the software limits the total damage to your network when a breach occurs.
- Certain devices on your network and outside of your network, such as in-home IoT devices, are vulnerable to threats like DDoS attacks. You can’t completely control what happens on devices outside of your network, but you can use zero trust software to protect your own network against outside security breaches.
Increased Visibility for Your Network Administrators
- Increased visibility is a huge asset for your network administrators who need to validate and assess the quality of network interactions on a momentary basis. Zero trust software includes built-in authentication features, firewalls, and hierarchies of user permissions, so you can keep users out and identify and track the actions of verified users once they make it into your network.
- With more employees working remotely and on public networks, it’s important that sensitive network access points are secured against greater public access. With zero trust, your users can work outside of the traditional network perimeter while still having the same or stronger levels of endpoint security.
Akamai highlights three pillars that set them apart from their competitors: their unmatched platform, their trusted brand, and their expertise. Akamai stays true to their pillars on several fronts, offering sophisticated security features at the network and workload level, while constantly advocating for ZTX, or Zero Trust eXtended principles that align security goals with global changes like increased teleworking. The company continues to grow their capabilities internally, but they also rank highly in the APIs and integrations that they extend to their customers.
- Identity and application-specific access
- Single sign-on with multi-factor authentication (MFA)
- App performance and security management
- Advanced threat protection with proven success in DDoS damage prevention
- Inline data inspection
- Cloud-native software
Although Akamai still ranks highly in ease of use and the overall user experience, some customers find the user interface confusing. Customers have also expressed a need for more support resources when working on long-term zero trust projects.
Appgate is a relative newcomer to the zero trust space, after spinning off from Cyxtera’s data center infrastructure company in January 2020. However, Appgate SDP is keeping up with and surpassing many of its competitors in moving corporate security away from the traditional firewall model.
Appgate’s newness is actually an advantage in customer service and innovation; end users have reported that the company is always willing to rework their zero trust portfolio when customers discover problems or holes, and they do not rely on the legacy models that many of their competitors have.
- Identity-centric microperimeters
- Dynamic user entitlement changes
- Concurrent access and posture checking
- Patented port cloaking technology to hide your secured apps
- Integrations with AWS, Azure, vSphere, and GCP metadata
Appgate SDP is a new and exciting solution for zero trust software, but because they are so new to the space, their products frequently undergo quality assurance and improvements. These changes can be difficult to keep up with as a network administrator.
Centrify Zero Trust Privilege runs the gamut of user and device privilege levels that your network might need. As far as customer service goes, users tout their strong support in software launch and ongoing expansions and implementations, as well as a helpful user community forum for continuing questions.
Centrify brings cloud-ready solutions to address all potential attack surfaces in your enterprise network, so you can rest assured that your infrastructure, DevOps, cloud, containers, and data are secure.
- Password vaulting and identity brokering
- Multi-factor authentication (MFA)
- Compatible with Linux OS
- On-premises multi-tenant SaaS deployment
- Hierarchical zones model
- Partnerships with AWS, Apple, Docker, EMC, HashiCorp, Hortonworks, HPE, IBM, Microsoft, Palo Alto Networks, Red Hat, SailPoint, and ServiceNow
Some users report that support tickets for more complex or specific use cases take an extended period of time to resolve. Some customers also felt that a gap existed in end-user training beyond the launch and implementation guidance offered to administrators.
Cisco made waves in the zero trust networking market when it acquired Duo Security in 2018. Many tech experts have praised their smooth integration of Duo’s best practices, which are exemplified in Cisco’s commitment to three zero trust pillars: workforce, workplace, and workloads (WWW).
The post-acquisition Cisco puts forth several advanced zero trust features, such as automated security updates across the network, users, and devices, even when changes happen at the “trust level”. Its features lean into high security for administrators and high useability for end users, with many reviewers noting the improved UI over the past few years.
- Integrated analytics
- Automated decision making and security measure deployments
- Indicators and changed trust levels during compromises
- Least privilege access for applications, network resources, workload communications, users, and administrators
- Device identity, posture, and vulnerability verification
- Commitment to social responsibility and environmental sustainability
Although Cisco zero trust software is designed to integrate with your existing network architecture, current customers recommend that your enterprise already works with or has familiarity with the Cisco ecosystem. They caution that their zero trust software can be challenging to use if you don’t already have Cisco brand foreknowledge.
Cloudflare’s zero trust software embraces role-based access controls like most other zero trust software, but they evaluate every application access request based on four different categories: identity, device, location, and security context. They also recognize the pains of onboarding and offboarding temporary employees and contractors on a zero trust network, which is why they allow application access through multiple identity providers simultaneously. Administrators can add or remove different identities at any time.
- Cloud, hybrid, or on-premises implementations
- Application access and multiple identity providers
- DDoS resistant edge network with Anycast addressing and routing method
- Integrations with Azure AD, Okta, Ping, Tanium, Crowdstrike, and Carbon Black
- Activity log aggregation and cloud log storage exports
- Identity and cloud agnostic
Cloudflare zero trust packages come in free, standard, and enterprise tiers, with the free package offering huge benefits to enterprises with smaller zero trust budgets. However, it’s important to note that some users have expressed concerns about the customer service quality in the free package. The free package only offers space for 50 users, and instead of having access to the Cloudflare support team, you can only access the user community forum for troubleshooting needs.
Illumio has long led the way in analytics and network infrastructure visibility, but after integrating with CrowdStrike in mid-2020, they have also grown their endpoint security and other zero trust capabilities. This partnership has benefited enterprise networks with a growing number of remote workers who require regular endpoint access.
Customers have praised Illumio Core’s approach of tacking their software onto existing security infrastructure in an organization. They also highlighted the perks of having a dedicated Illumio engineer to guide companies through their questions, ensure that launch runs smoothly, and enforce zero trust best practices.
- Vulnerability exposure insights
- Illumination real-time application dependency map
- Policy generator and segmentation templates
- Virtual Enforcement Node (VEN)
- Policy Compute Engine (PCE)
- SecureConnect workload-to-workload encryption
Illumio does not currently apply their zero trust packages to mobile devices, which could be a drawback for organizations with several users that require casual access. However, there’s talk that they will develop this capability or work with a partner in this area soon.
Okta zero trust infrastructure is not necessarily known as a holistic zero trust solution. However, nearly every other zero trust vendor integrates with their authentication mechanism via Okta’s API. Okta may not be the most well-rounded solution, but many of the most well-rounded solutions rely on Okta’s top functionality.
Okta’s customers applaud the organization’s integration wizard. Most notably, Okta products integrate with Amazon AWS, Google Suite, Box, Zoom, WorkDay, Microsoft Suite, Salesforce, and Slack, allowing customers to easily apply zero trust authentication practices across all of their business technology portfolio.
- Single sign-on and multi-factor authentication (MFA)
- Lifecycle management
- Over 7,000 integrations available
- Advanced server access
- API access management
- Access gateway
The top concern that most experts and Okta customers share is doubt regarding Okta’s commitment to stay in the zero trust backend space. Given their great success in frontend authentication and integration efforts, there’s a chance that they’ll move away from more traditional zero trust package offerings, such as user and lifecycle management.
Palo Alto Networks has considerably extended its zero trust networking capabilities, with at least nine acquisitions of zero trust and security companies from 2018 to 2020. Many of these companies offered disparate security solutions, but Palo Alto has worked to wholly integrate all of those solutions and add some of their own to create a full zero trust portfolio. Their products are considered strong options for enterprises with heavy cloud and application users.
- On-premise, data center, and cloud implementations
- Partnership throughout launch and implementation
- Design service and custom roadmap
- Blogs, tech docs, and community forums for network administrators
- Product vulnerability reporting tools
Palo Alto’s large portfolio of software makes it difficult for some users to determine which solution(s) will fit their needs.
Perimeter 81 offers mostly standard zero trust software features, including the option for network administrators to establish trust zones and microsegmented areas of network security.
This zero trust software company is a viable financial solution for businesses of all sizes. Their essentials package offers a price point of $8 a month per team member. This price point is especially advantageous for SMEs, but larger businesses can discuss enterprise price points with the Perimeter 81 team.
- Agentless user access
- Identity-based policies with IdP
- Integrations with Amazon AWS, Microsoft Azure, Google Cloud, Heroku, Salesforce, and Splunk
- Support center, glossary, product walkthroughs, white papers, knowledge base, and webinars
- Private network gateways and edge security
- Four different pricing packages
Beyond some of its limited capacity to implement specialty features, buyers should also be cautious of Perimeter 81’s limited format offerings. The company offers zero trust infrastructure in cloud, mobile, Android, and Apple infrastructure; however, they do not offer on-premise solutions or Windows and Linux OS solutions.
In 2020, Unisys Stealth launched a hackathon event for their zero trust security portfolio, and incredibly, no one hacked the system or moved laterally across the network during this event.
Users have complimented the improved user interface and administrator capabilities recently added to Stealth. Unisys Stealth has also provided customizable solutions for specific industries, most notably as a leading COVID-19 testing and tracing program for healthcare companies in the United States.
- Rapid deployment and scalability of secure remote access
- Cloud ecosystem
- Stealth capability Smart Wire for securing connected devices
- Dynamic isolation to prioritize threat response
- Free demo and video resources
Experts don’t expect Unisys to expand their more traditional zero trust offerings any time soon, and they emphasize that multi-cloud enterprise networks especially need to develop a technical focus in order to successfully deploy Unisys Stealth solutions.
Zero trust networking software can be a huge investment for an enterprise, so it’s a good idea to review your wish list and requirements before making a decision. Consider these key deciding factors that differentiate different zero trust networking software companies on the market:
Zero trust networking software comes at a variety of price points. Most zero trust networking software companies rarely advertise their exact packages and pricing on their websites, so it’s important to speak to the companies’ customer service representatives about your needs and what they will cost.
The majority of the companies offer free trials so if you feel unsure about the price, go through the free trial period to see if it’s worth the investment.
Service and support features for your administrators
Zero trust companies walk you through setup and implementation, but what kind of support do you receive over the long haul? Take a look at the company’s customer service and support reviews. Look for solutions with available support staff, training materials, peer communities, and even dedicated account managers in your search.
Performance in major security breaches
If you operate in a sensitive data environment, you’ll want to know how different companies have fared in major security breaches. Distributed Denial of Service (DDoS) attacks slow network capabilities significantly when they infiltrate network devices and IoT devices outside of your network. But several zero trust software solutions have consistently warded off DDoS attacks.
Specific protections and integrations for your organization
Depending on your industry and the types of data that you use, you’ll want to look for a zero trust solution that offers customizations or integrations with your industry-specific tools.
Current brand expertise within your organization
If you’ve already found a technology brand that your company loves working with, check out their portfolio and see what they offer in the realm of zero trust. A preexisting relationship and/or your in-house experts on their brand can make for a smooth zero trust transition.