Market Guide for Zero Trust Network Access
Published: 29 April 2019 ID: G00386774
Analyst(s): Steve Riley, Neil MacDonald, Lawrence Orans
Zero trust network access replaces traditional technologies, which require
companies to extend excessive trust to employees and partners to connect
and collaborate. Security and risk management leaders should plan pilot
ZTNA projects for employee/partner-facing applications.
Key Findings
■ Digital business transformation requires that systems, services, APIs, data and processes be
accessible through multiple ecosystems anywhere, anytime, from any device over the internet.
This expands the surface area for attackers to target.
■ Secure access capabilities must evolve to the cloud, where the users are and where
applications and services are moving. Many software-defined perimeter offerings are cloud-
based.
■ IP addresses and location are no longer practical to establish sufficient trust for network
access.
■ Zero trust network access provides adaptive, identity-aware, precision access. Removing
network location as a position of advantage eliminates excessive implicit trust.
■ ZTNA improves flexibility, agility and scalability, enabling digital ecosystems to work without
exposing services directly to the internet, reducing risks of distributed denial of service attacks.
■ Although virtual private network replacement is a common driver for the adoption of ZTNA,
ZTNA can also offer a solution for allowing unmanaged devices to securely access applications.
Recommendations
Security and risk management leaders responsible for secure network access should:
■ Go beyond using IP addresses and network location as a proxy for access trust. Use ZTNA for
application-level access only after sufficient user and device authentication.
■ Replace designs for employee- and partner-facing applications that expose services to direct
internet connections. Pilot a ZTNA deployment using a digital business service that needs to be
accessible to partners as a use case.
■ Phase out legacy VPN-based access for high-risk use cases and begin phasing in ZTNA. This
reduces the ongoing need to support widely deployed VPN clients and introduces clientless
identity- and device-aware access. Support unmanaged devices for employees.
■ Choose ZTNA products/services that expand identity assurance beyond a single factor, which is
an important supplement to the ZTNA principle of context-based/adaptive access control.
Strategic Planning Assumptions
By 2022, 80% of new digital business applications opened up to ecosystem partners will be
accessed through zero trust network access (ZTNA).
By 2023, 60% of enterprises will phase out most of their remote access virtual private networks
(VPNs) in favor of ZTNA.
By 2023, 40% of enterprises will have adopted ZTNA for other use cases described in this research.
Market Definition
ZTNA, which is also known as a software-defined perimeter (SDP), creates an identity- and context-
based, logi.
Market Guide for Zero Trust Network AccessPublished 29 Apri.docx
1. Market Guide for Zero Trust Network Access
Published: 29 April 2019 ID: G00386774
Analyst(s): Steve Riley, Neil MacDonald, Lawrence Orans
Zero trust network access replaces traditional technologies,
which require
companies to extend excessive trust to employees and partners
to connect
and collaborate. Security and risk management leaders should
plan pilot
ZTNA projects for employee/partner-facing applications.
Key Findings
■ Digital business transformation requires that systems,
services, APIs, data and processes be
accessible through multiple ecosystems anywhere, anytime,
from any device over the internet.
This expands the surface area for attackers to target.
■ Secure access capabilities must evolve to the cloud, where the
users are and where
applications and services are moving. Many software-defined
perimeter offerings are cloud-
based.
■ IP addresses and location are no longer practical to establish
sufficient trust for network
access.
■ Zero trust network access provides adaptive, identity-aware,
2. precision access. Removing
network location as a position of advantage eliminates
excessive implicit trust.
■ ZTNA improves flexibility, agility and scalability, enabling
digital ecosystems to work without
exposing services directly to the internet, reducing risks of
distributed denial of service attacks.
■ Although virtual private network replacement is a common
driver for the adoption of ZTNA,
ZTNA can also offer a solution for allowing unmanaged devices
to securely access applications.
Recommendations
Security and risk management leaders responsible for secure
network access should:
■ Go beyond using IP addresses and network location as a
proxy for access trust. Use ZTNA for
application-level access only after sufficient user and device
authentication.
■ Replace designs for employee- and partner-facing
applications that expose services to direct
internet connections. Pilot a ZTNA deployment using a digital
business service that needs to be
accessible to partners as a use case.
■ Phase out legacy VPN-based access for high-risk use cases
and begin phasing in ZTNA. This
reduces the ongoing need to support widely deployed VPN
clients and introduces clientless
identity- and device-aware access. Support unmanaged devices
3. for employees.
■ Choose ZTNA products/services that expand identity
assurance beyond a single factor, which is
an important supplement to the ZTNA principle of context-
based/adaptive access control.
Strategic Planning Assumptions
By 2022, 80% of new digital business applications opened up to
ecosystem partners will be
accessed through zero trust network access (ZTNA).
By 2023, 60% of enterprises will phase out most of their remote
access virtual private networks
(VPNs) in favor of ZTNA.
By 2023, 40% of enterprises will have adopted ZTNA for other
use cases described in this research.
Market Definition
ZTNA, which is also known as a software-defined perimeter
(SDP), creates an identity- and context-
based, logical-access boundary around an application or set of
applications. The applications are
hidden from discovery, and access is restricted via a trust
broker to a set of named entities. The
broker verifies the identity, context and policy adherence of the
specified participants before
allowing access. This removes the application assets from
public visibility and significantly reduces
the surface area for attack.
Market Description
The old security mindset of “inside means trusted” and “outside
means untrusted” is broken in the
4. world of digital business, which requires anywhere, anytime,
any device access to services that may
not be located “inside” an on-premises data center. Similarly,
the old model expects all
programmers to be security engineers, building intrinsically
secure networked applications, and
incorporating sophisticated authentication and access controls.
That does not scale today.
The new model presents an approach in which a trust broker
mediates connections between
applications and users. ZTNA abstracts away and centralizes the
security mechanisms so that the
security engineers and staff can be responsible for them. ZTNA
starts with a default deny posture of
zero trust. It grants access based on identity, plus other
attributes and context (such as time/date,
geolocation and device posture), and adaptively offers the
appropriate trust required at the time.
The result is a more resilient environment with improved
flexibility and better monitoring. ZTNA will
appeal to organizations looking for adaptive and secure ways to
connect and collaborate with their
digital business ecosystem, remote workers and partners.
ZTNA provides controlled access to resources, reducing the
surface area for attack. The isolation
afforded by ZTNA improves connectivity, removing the need to
directly expose applications to the
Page 2 of 15 Gartner, Inc. | G00386774
internet. The internet becomes an untrusted transport and access
to applications occurs through an
5. intermediary. The intermediary can be a cloud service
controlled by a third-party provider or a self-
hosted service. In either case, incoming traffic to applications
always passes through the
intermediary after users have successfully authenticated to it.
In many cases, entity behavior is continuously monitored for
abnormal activity, as described in
Gartner’s Continuous Adaptive Risk and Trust Assessment
(CARTA) framework (see “Zero Trust Is
an Initial Step on the Roadmap to CARTA”). In a sense, ZTNA
creates individualized “virtual
perimeters” that encompass only the user, the device and the
application. ZTNA normalizes the user
experience, removing the access distinctions that exist when on,
versus off, the corporate network.
Market Direction
The ZTNA notion has been gaining momentum since an initial
specification for software-defined
perimeters (SDP) was introduced at the Cloud Security Alliance
Summit in 2014. The initial SDP
specification addressed web-based applications only, and
updates to the specification have lagged,
but they are expected later in 2019. Commercial products
roughly based on this initial specification
are available, as are products based on Google’s BeyondCorp
zero trust networking vision — also
limited to web-enabled applications only. In addition, a large
number of alternative commercial
products using other approaches that are not limited to web
applications have entered the market.
The ZTNA market is still nascent, but it’s growing quickly. It
has piqued the interest of organizations
seeking a more flexible alternative to VPNs and those seeking
6. more precise access and session
control to applications located on-premises and in the cloud.
ZTNA vendors continue to attract
venture capital funding. This, in turn, encourages new startups
to enter the market and seek ways to
differentiate. Merger and acquisition (M&A) activity in this
market has begun, with three startup
vendors now having been acquired by larger networking,
telecommunications and security vendors.
Although ZTNA offerings differ in their technical approaches,
they provide generally the same
fundamental value proposition:
■ Removing applications and services from direct visibility on
the public internet.
■ Enabling precision (“just in time” and “just enough”) access
for named users to specific
applications only after an assessment of the identity, device
health (highly encouraged) and
context has been made.
■ Enabling access independent of the user’s physical location or
the device’s IP address (except
where policy prohibits — e.g., for specific areas of the world).
Access policies are based on
user, device and application identities.
■ Granting access only to the specific application, not the
underlying network. This limits the need
for excessive access to all ports and protocols or all
applications, some of which the user may
not be entitled to.
■ Providing end-to-end encryption of network communications.
7. Gartner, Inc. | G00386774 Page 3 of 15
https://cloudsecurityalliance.org/artifacts/sdp-specification-v1-
0/
https://www.beyondcorp.com/
■ Providing optional inspection of the traffic stream for
excessive risks in the form of sensitive
data handling and malware.
■ Enabling optional monitoring of the session for indications of
unusual activity, duration or
bandwidth requirements.
■ Providing a consistent user experience for accessing
applications — clientless or via a ZTNA
client regardless of network location.
Gartner has identified different approaches vendors have
adopted as they develop products and
services for the market.
Client-Initiated ZTNA
These offerings more closely follow the original Cloud Security
Alliance (CSA) SDP specification. An
agent installed on authorized devices sends information about
its security context to a controller.
The controller prompts the user on the device for authentication
and returns a list of allowed
applications. After the user and device are authenticated, the
controller provisions connectivity from
the device through a gateway that shields services from direct
internet access. The shielding
8. protects applications from distributed denial of service (DDoS)
attacks.
Some products remain in the data path once the controller
establishes connectivity; others remove
themselves. This approach is difficult, if not impossible, to
implement on an unmanaged device, due
to the requirement to install an agent. In some cases, a third-
party mobile threat defense (MTD)
product — which users may be more willing to accept than full
device management — can provide
a posture assessment to the trust broker. (See Figure 1 for a
conceptual model.)
Figure 1. Conceptual Model of Client-Initiated ZTNA
Page 4 of 15 Gartner, Inc. | G00386774
Service-Initiated ZTNA
These models more closely follow the Google BeyondCorp
vision. A connector installed in the same
network as the application establishes and maintains an
outbound connection to the provider’s
cloud. Users authenticate to the provider to access protected
applications. The provider then
typically authenticates to an enterprise identity management
product. Application traffic passes
through the provider’s cloud, which provides isolation from
direct access via a proxy. Enterprise
firewalls require no openings for inbound traffic. However, the
provider’s network becomes another
element of network security that must be evaluated.
9. The advantage of this model is that no agent is required on the
end user’s device, making it an
attractive approach for unmanaged devices. The disadvantage is
that the application’s protocols
must be based on HTTP/HTTPS, limiting the approach to web
applications and protocols such as
Secure Shell (SSH) or Remote Desktop Protocol (RDP) over
http. (See Figure 2 for a conceptual
model.)
Figure 2. Conceptual Model of Service-Initiated ZTNA
Some vendors offer both alternatives. This provides enterprises
with the ability to mix and match, as
needed, to address specific use cases.
Market Analysis
The internet was designed to connect things easily, not to block
connections. The internet uses
inherently weak identifiers (specifically, IP addresses) to
connect. If you have an IP address and a
route, you can connect and communicate to other IP addresses,
which were never designed to be
authentication mechanisms. The messy problem of
authentication is handled by higher levels of the
Gartner, Inc. | G00386774 Page 5 of 15
stack, typically the OS and application layers. For network
connectivity, this default allow posture
creates an excessive amount of implicit trust.
Attackers abuse this trust. The first companies that connected to
the public internet quickly found
10. out that they needed a demarcation point where their internal
network connected to the internet.
This ultimately created what has become a multibillion dollar
market for perimeter firewalls.
Networked systems on the inside were “trusted” and free to
communicate with each other. External
systems were “untrusted” and communications with the outside,
inbound or outbound, were
blocked by default. If needs arose for communication with the
outside, these required a series of
exceptions (i.e., holes) in the firewall, which were difficult and
cumbersome to maintain and monitor.
This trusted/untrusted network security model is a relatively
coarse and crude control, but it was
initially effective. However, it creates excessive trust (on the
inside) that is abused by attackers from
the outside (once they penetrate the defenses and reach the
inside). When external access to our
systems and services is needed, we typically do one of two
things. For some users, we create a
VPN to allow the user to pass through the firewall and connect
to the internal network. Once
“inside,” the VPN connection is treated as trusted.
Alternatively, we place the front end to the service in a
segmented part of the network with direct
internet connectivity — referred to as a demilitarized zone
(DMZ) — so users can access it. Both
alternatives create excessive trust and do little to restrict lateral
movement, resulting in latent risk. In
the case of VPNs, attackers with credentialed access now have
access to our networks. (The Target
HVAC breach is an example.) Likewise, if the service is
exposed in the DMZ, anyone on the internet
— including all the attackers — can see it as well, even if it is
11. protected by a web application firewall
(WAF).
Excessive network trust leads to excessive latent risk. This will
inevitably be exploited, leading to
breaches and bringing legal, financial and regulatory exposure.
Network connectivity (even the right
to “ping” or see a server) should not be an entitlement; it should
be earned based on trust. Gartner
believes the time has come to isolate services and applications
from the dangers of the public
internet, and to provide compartmentalized access only to
required applications in any given
context. The tremendous increase in the number of internet-
connected services, and the growing
likelihood that services and users could be located at virtually
any IP address, exacerbate the
weaknesses of the old model.
Benefits and Uses
The benefits of ZTNA are immediate. Similar to a traditional
VPN, services brought within the ZTNA
environment are no longer visible on the public internet and,
thus, are shielded from attackers. In
addition, ZTNA brings significant benefits in user experience,
agility, adaptability and ease of policy
management. For cloud-based ZTNA offerings, scalability and
ease of adoption are additional
benefits. ZTNA enables digital business transformation
scenarios that are ill-suited to legacy access
approaches. As a result of digital transformation efforts, most
enterprises will have more
applications, services and data outside their enterprises than
inside. Cloud-based ZTNA services
place the security controls where the users and applications are
12. — in the cloud. Some of the larger
ZTNA vendors have invested in dozens of points of presence
worldwide for low-latency user/device
access.
Page 6 of 15 Gartner, Inc. | G00386774
Several use cases lend themselves to ZTNA:
■ Opening applications and services to collaborative ecosystem
members, such as distribution
channels, suppliers, contractors or retail outlets, without
requiring a VPN or DMZ. Access is
more tightly coupled to applications and services.
■ Normalizing the user experience for application access —
ZTNA eliminates the distinction
between being on and off the corporate network.
■ Carrying encryption all the way to the endpoints for scenarios
where you don’t trust the carrier
or cloud provider.
■ Providing application-specific access for IT contractors and
remote or mobile employees as an
alternative to VPN-based access.
■ Extending access to an acquired organization during M&A
activities, without having to configure
site-to-site VPN and firewall rules.
■ Permitting users in potentially dangerous areas of the world
to interact with applications and
data in ways that reduce or eliminate the risks that originate in
13. those areas — pay attention to
requirements for strong identity and endpoint protection.
■ Isolating high-value enterprise applications within the
network or cloud to reduce insider threats
and affect separation of duties for administrative access.
■ Authenticating users on personal devices — ZTNA can
improve security and simplify bring your
own device (BYOD) programs by reducing full management
requirements and enabling more-
secure direct application access.
■ Creating secure enclaves of Internet of Things (IoT) devices
or a virtual-appliance-based
connector on the IoT network segment for connection.
■ Cloaking systems on hostile networks, such as systems that
would otherwise face the public
internet, used for collaboration.
■ Enabling SaaS applications to connect back to enterprise
systems and data for processes that
require SaaS applications to interact with enterprise on-
premises or infrastructure as a service
(IaaS)-based services.
Risks
Although ZTNA greatly reduces overall risks, it doesn’t
eliminate every risk completely, as these
examples illustrate:
■ The trust broker could become a single point of any kind of
failure. Fully isolated applications
using ZTNA will stop working when the ZTNA service is down.
14. Well-designed ZTNA services
include physical and geographic redundancy with multiple entry
and exit points to minimize the
likelihood of outages affecting overall availability.
Furthermore, a vendor’s SLA (or lack thereof)
can be an indicator of how robust it views their offering. Favor
vendors with SLAs that minimize
business disruptions.
Gartner, Inc. | G00386774 Page 7 of 15
■ Attackers could attempt to compromise the trust broker
system. Although unlikely, the risk isn’t
zero. ZTNA services built on public clouds or major internet
carriers benefit from the provider’s
strong tenant isolation mechanisms. Nevertheless, collapse of
the tenant isolation would allow
an attacker to penetrate the systems of the vendor’s customers
and move laterally within and
between them. A compromised trust broker should fail over to a
redundant one immediately. If it
can’t, then it should fail closed — that is, if it can’t deflect
abuse, it should disconnect from the
internet. Favor vendors who adopt this stance.
■ Compromised user credentials could allow an attacker on the
local device to observe and
exfiltrate information from the device. ZTNA architectures that
combine device authentication
with user authentication contain this threat to a degree, stopping
the attack from propagating
beyond the device itself. We suggest that, wherever possible,
stronger authentication for access
be used.
15. ■ Some ZTNA vendors have chosen to focus their developments
on supporting web application
protocols only (HTTP/HTTPS). Carrying legacy applications
and protocols through a ZTNA
service could prove to be more difficult.
■ The market is in flux, and smaller vendors could disappear or
be acquired.
Evaluation Factors
When evaluating ZTNA technologies, here are the key questions
to ask:
■ Does the vendor require that an endpoint agent be installed?
What OSs are supported? What
mobile devices? How well does the agent behave in the presence
of other agents?
■ Does the offering support single packet authentication (SPA)
as an initial form of identity
verification to the trust broker? SPA allows the broker to ignore
any attempts to communicate,
unless the first attempt contains a specialized, encrypted packet.
■ Does the offering provide the ability to perform a security
posture assessment of the device (OS
version, patch levels, password and encryption policies, etc.),
without requiring a unified
endpoint management (UEM) tool? Is any option provided for
achieving this on unmanaged
devices?
■ Does the offering integrate with UEM providers, or can the
local agent determine device health
16. and security posture as a factor in the access decision? What
UEM vendors has the ZTNA
vendor partnered with?
■ What authentication standards does the trust broker support?
Is integration with an on-
premises directory or cloud-based identity services available?
Does the trust broker integrate
with the organization’s existing identity provider? Does the
trust broker support common
options for multifactor authentication (MFA)? Can the provider
enforce strong user
authentication for administrators?
■ Is there user and entity behavior analytics (UEBA)
functionality that can identify when something
anomalous happens within the ZTNA-protected environment?
Page 8 of 15 Gartner, Inc. | G00386774
■ Some ZTNA products are delivered partly or wholly as cloud-
based services. Does this meet the
organization’s security and residency requirements? Has the
vendor undergone one or more
third-party attestations, such as SOC 2 or ISO 27001?
■ How geographically diverse are the vendor’s entry and exit
points (referred to as edge locations
and/or points of presence) worldwide? What edge/physical
infrastructure providers or
colocation facilities does the vendor use?
■ What is the vendor’s technical behavior when the ZTNA
service comes under sustained attack?
17. Does the service fail closed (thus blocking digital business
partners from accessing enterprise
services) or does the service fail open? Is it possible to
selectively choose fail-closed or fail-
open for specific enterprise applications? If fail-open is a
requirement, don’t forget to add in
other layers of defense to protect applications no longer
shielded by the ZTNA service.
■ Does the offering support only web applications, or can
legacy applications also gain the same
security advantages?
■ What algorithms and key lengths has the vendor chosen?
What third-party certifications has the
vendor obtained? Does the vendor’s product description
demonstrate an understanding of
contemporary cryptographic practices, or is it laced with too-
good-to-be-true crypto “snake
oil”?
■ After the user and device pass authentication, does the trust
broker remain resident in the data
path? This approach deserves consideration. Trust brokers that
remain in the data path offer
greater visibility and can monitor for unusual and suspicious
activities. They could, however,
become bottlenecks or single points of failure. Designs that
include failover support mitigate
this concern, but could be vulnerable to DDoS attacks that
attempt to bypass inspection.
■ Can the vendor provide inspection of session flows and
content for inappropriate sensitive data
handling, malware detection and unusual behaviors?
18. ■ To what extent is partial or full cloaking, or allowing or
prohibiting inbound connections, a part
of the isolated application’s security requirements? Perhaps the
more minimal protection of a
content delivery network (CDN) is sufficient. Different
enterprise applications might have
different requirements.
■ Does the provider maintain a bug bounty program and have a
credible, responsible, public or
private disclosure policy? It is critical for software providers to
constantly test for and remove
product vulnerabilities. Favor providers that actively do so.
ZTNA Alternatives
There are several alternative approaches to ZTNA:
■ Legacy VPNs remain popular, but they might not provide
sufficient risk management for
exposed services and may be difficult to manage, given the
dynamic nature of digital business.
Always-on VPNs that require device and user authentication
align with the ZTNA model;
however, basic network-access VPNs do not. Factor security
requirements into VPN models
Gartner, Inc. | G00386774 Page 9 of 15
and user satisfaction expectations. For third-party, privileged
access into enterprise systems, a
privileged access management (PAM) tool can be a useful
alternative to a VPN.
19. ■ Exposing web applications through a reverse-proxy-based
WAF is another option. With WAF as
a service (i.e., cloud WAF), traffic passes through the
provider’s WAF service for inspection
before delivery to its destination. To avoid false positives or
potential application malfunctions,
cloud WAFs, like any other WAF, typically require some time
for testing and adjusting rules.
Because the protected services are still visible to attackers on
the public internet, the isolation
is limited to the strength of the WAF. However, partner- and
employee-facing applications are
not normally candidates for WAFs.
■ Choosing to retain existing design patterns and exposing
digital business applications in
traditional DMZs remain alternatives. However, DMZs provide
limited isolation against modern
attacks (typically a reverse-proxy WAF). Furthermore, DMZs
still leave the application
discoverable to all attackers.
■ A remote browser isolation product (see “Innovation Insight
for Remote Browser Isolation”)
offers another option, specifically for the isolation of web-
enabled application access. Here, the
browser session itself is rendered from the end user’s device
and, typically, in a service, from
the enterprise network (e.g., a cloud-based remote browser
service), providing isolation on both
sides.
■ CDNs can absorb DDoS attacks, reduce the noise and threats
of bot attacks, and guard against
website defacement. However, they offer no application-level
protection and no anonymity —
20. attackers targeting sites can discover the site is protected with a
CDN and might attempt to
exploit vulnerabilities present in the CDN. Many CDNs include
a basic cloud WAF.
■ Applications that don’t require full, interactive internet
connectivity, but instead expose only
APIs to the public internet could be protected by an API
gateway, although ZTNA can also work
here. API gateways enforce authentication, validate
authorization and mediate the correct use of
application APIs. This is especially useful if the application
lacks mechanisms for ensuring API
security. Most API gateways also expose logs of all activity
through a native monitoring tool or
integration with popular security information and event
management (SIEM) tools. Favor API
gateways that integrate with enterprise directories and single
sign-on (SSO) protocols — or use
a ZTNA service instead.
■ It is possible to go full IaaS. When ZTNA or other isolation
measures are not good enough,
moving the application off-enterprise completely is the best
alternative. Many of the suggested
isolation mechanisms are available to workloads placed in the
cloud and are designed more for
primary protection, rather than enterprise isolation. The goal
shifts to protecting the application
and data, with less concern for isolation. However, this still
leaves systems exposed to attack,
especially if legacy DMZ architectures are replicated in the
cloud.
Representative Vendors
The vendors listed in this Market Guide do not imply an
21. exhaustive list. This section is intended to
provide more understanding of the market and its offerings.
Page 10 of 15 Gartner, Inc. | G00386774
Market Introduction
ZTNA products and services are offered by vendors in one of
two ways:
■ As a service from the cloud
■ As a stand-alone offering that the customer is responsible for
supporting
As-a-service offerings (see Table 1) require less setup and
maintenance than stand-alone offerings.
As-a-service offerings typically require provisioning at the end-
user or service side and route traffic
through the vendor’s cloud for policy enforcement. Stand-alone
offerings (see Table 2) require
customers to deploy and manage all elements of the product. In
addition, several of the major IaaS
cloud providers offer ZTNA capabilities for their customers.
Table 1. Representative Vendors of ZTNA as a Service
Vendor Product or Service Name
Akamai Enterprise Application Access
Cato Networks Cato Cloud
Cisco Duo Beyond (acquisition by Cisco)
22. CloudDeep Technology (China only) DeepCloud SDP
Cloudflare Cloudflare Access
InstaSafe Secure Access
Meta Networks Network as a Service Platform
New Edge Secure Application Network
Okta Okta Identity Cloud (Acquired ScaleFT)
Perimeter 81 Software Defined Perimeter
SAIFE Continuum
Symantec Luminate Secure Access Cloud (acquisition by
Symantec)
Verizon Vidder Precision Access (acquisition)
Zscaler Private Access
Source: Gartner (April 2019)
Gartner, Inc. | G00386774 Page 11 of 15
Table 2. Representative Vendors of Stand-Alone ZTNA
Vendor Product or Service Name
BlackRidge Technology Transport Access Control
23. Certes Networks Zero Trust WAN
Cyxtera AppGate SDP
Google Cloud Platform (GCP) Cloud Identity-Aware Proxy
(Cloud IAP)
Microsoft (Windows only) Azure AD Application Proxy
Pulse Secure Pulse SDP
Safe-T Software-Defined Access Suite
Unisys Stealth
Waverley Labs Open Source Software Defined Perimeter
Zentera Systems Cloud-Over-IP (COiP) Access
Source: Gartner (April 2019)
Market Recommendations
Given the significant risk that the public internet represents and
the attractiveness of compromising
internet-exposed systems to gain a foothold in enterprise
systems, enterprises need to consider
isolating digital business services from visibility by the public
internet. Don’t mistake Gartner’s
recommendation for the tried, yet true “security by obscurity is
no security at all” axiom. Although
ZTNA cloaks services from discovery and reconnaissance, it
erects true barriers that are proving to
be more challenging for attackers to circumvent than older
notions of simple obfuscation.
For legacy VPN access, look for scenarios in which targeted
24. sets of users performing their work
through a ZTNA service can provide immediate value in
improving the overall security posture of the
organization. In most cases, this could be a partner- or
employee-facing application. A ZTNA project
is a step toward a more widespread zero trust networking
(default deny) security posture.
Specifically, nothing can communicate (or even see) an
application resource until sufficient trust is
established, given the risk and current context to extend
network connectivity.
For DMZ-based applications, evaluate what sets of users require
access. For those applications
with a defined set of users, plan to migrate them to a ZTNA
service during the next several years.
Use the migration of these applications to public cloud IaaS as a
catalyst for this architectural shift.
Specific Recommendations
■ Budget and pilot a ZTNA project to demonstrate the benefits
of ZTNA to the organization.
Page 12 of 15 Gartner, Inc. | G00386774
■ Plan for user-to-application mapping. Role-based access
control (RBAC) can help with this.
Avoid allowing all users to access all applications.
■ Identify which applications and workflows are not candidates
for ZTNA, and exclude them from
the scope. This includes access to and download of unstructured
data not protected by
25. application- and consumer-facing applications.
■ The ZTNA market is emerging, so sign only short-term
contracts for no more than 12 to 24
months to retain greater vendor selection flexibility as the
market grows and matures.
■ For most digital business scenarios, favor vendors that offer
ZTNA as a service for easier
deployment, higher availability and protection against DDoS
attacks. Favor vendors that require
no openings in firewalls for listening services (inbound
connections), which is typical for most
as-a-service flavors of ZTNA.
■ When security requirements demand an on-premises
installation of a ZTNA product, favor
vendors that can reduce the number of firewall openings as
much as possible.
■ If unmanaged devices will be used by named users, plan to
deploy a reverse-proxy-based
ZTNA product or service to avoid the need for agent
installation.
■ Ensure that the vendor supports the authentication protocols
the organization and partners use
now, including the enterprise’s standard identity store, as well
as any it expects to use in the
future. The wider the available range, the better, including
cloud SSO providers and SaaS-
delivered access management providers.
■ Don’t expect partners to use your identity store. Require
support for SAML, OAuth, OIDC and
similar identity federation capabilities.
26. ■ Evaluate the effectiveness of a vendor’s ability to query other
kinds of device agents, such as
UEM, endpoint detection and response (EDR) and MTD, to gain
additional context for improved
adaptive access decisions.
■ Attackers will target ZTNA trust brokers. For on-premises
ZTNA products, harden the host OSs
using a cloud workload protection platform (CWPP) tool that
supports on-premises
deployments (see “Market Guide for Cloud Workload Protection
Platforms”). Rely primarily on
default deny allow-listing to explicitly define the code allowed
to execute on the system. Don’t
rely solely on patching to keep the system hardened.
■ If you choose a smaller provider, plan for potential
acquisitions by placing appropriate clauses
in contracts and having a list of alternative providers lined up,
if needed.
Gartner Recommended Reading
Some documents may not be available as part of your current
Gartner subscription.
“Zero Trust Is an Initial Step on the Roadmap to CARTA”
Gartner, Inc. | G00386774 Page 13 of 15
“Hype Cycle for Enterprise Networking and Communications,
2018”
“Hype Cycle for Cloud Security, 2018”
27. “Fact or Fiction: Are Software-Defined Perimeters Really the
Next-Generation VPNs?”
Note 1 Representative Vendor Selection
The vendors named in this guide were selected to represent two
types of ZTNA offerings: as-a-
service and stand-alone. For these categories, we list the
vendors known to Gartner as of April
2019.
Note 2 Gartner’s Initial Market Coverage
This Market Guide provides Gartner’s initial coverage of the
market and focuses on the market
definition, rationale for the market and market dynamics.
Page 14 of 15 Gartner, Inc. | G00386774
GARTNER HEADQUARTERS
Corporate Headquarters
56 Top Gallant Road
Stamford, CT 06902-7700
USA
+1 203 964 0096
Regional Headquarters
AUSTRALIA
BRAZIL
JAPAN
UNITED KINGDOM
29. http://www.gartner.com/technology/about/ombudsman/omb_gui
de2.jspStrategic Planning AssumptionsMarket DefinitionMarket
DescriptionMarket DirectionClient-Initiated ZTNAService-
Initiated ZTNAMarket AnalysisBenefits and
UsesRisksEvaluation FactorsZTNA AlternativesRepresentative
VendorsMarket IntroductionMarket RecommendationsSpecific
RecommendationsGartner Recommended ReadingList of
TablesTable 1. Representative Vendors of ZTNA as a
ServiceTable 2. Representative Vendors of Stand-Alone
ZTNAList of FiguresFigure 1. Conceptual Model of Client-
Initiated ZTNAFigure 2. Conceptual Model of Service-Initiated
ZTNA
ENG 130: Literature and Comp
Descriptive Imagery Response
Eng 130: Essay for ENG 130: Descriptive Writing
This assignment focuses on your ability to: research academic
and reliable sources; translate the
information from those sources into a cohesive piece of writing;
respond creatively to artwork.
The purpose of completing this assignment is: as a student and a
career professional, and
individual, you will often be required to research information
that will further a school assignment, a
work-related project, or a personal endeavor. Also, you might
be asked to translate research into a
30. written or oral presentation that you can share with coworkers
and peers in a way that will describe,
persuade, or evoke emotion. This assignment has all of these
skills!
_____________________________________________________
_________
Prompt (What are you writing about?):
Find a famous work of art. Write a researched history of the
artist and the artwork and create a
Descriptive Poem that uses imagery to describe the artwork and
your reaction to it.
Instructions (how to get it done):
re of a famous work of art.
Note: Be very careful about plagiarism. The purpose of this
section is for you to
research the work of art and the artist, put the summary of
history and life into your
own words, and then provide in text citations for the researched
information.
examples, create a descriptive poem that
31. uses imagery words to provide a visual description of your
chosen artwork and your reaction
to it.
Note: Your poem needs to be at least 14 lines. Remember in
writing poetry, that not
all poems need to rhyme. The important skill here is to use
imagery descriptions to
describe the artwork and the author.
Requirements:
-3 pages (not including the pasted
picture).
should not be factored into the
2-3 page length of the essay.
ced, written in Times
New Roman, in 12 point font and
with 1 inch margins. Essay should conform to APA formatting
and citation style. Can use
creative style in poetry section.
to create a properly-
32. formatted APA reference page.
-text citations and references when
using outside sources and textual
evidence.
-text
citations for direct quotes,
paraphrases, and new information.
Sources: “Poetry Sampler: Poetry and Art” pages PS-1 through
PS-7
Rubric for Descriptive Writing Literary Response
Does Not Meet
Expectations
0-11
Below
Expectations
12-13
34. Writing contains
related, quality
paragraphs.
Thought
provoking
narrative.
Writing is
purposeful and
focused.
Narrative goes
beyond the
obvious and
basic.
Vocabulary/
Word Choice
Word choice is
weak.
Language and
phrasing is
inappropriate,
repetitive or lacks
meaning.
Word choice is
limited.
Language and
phrasing lack
inspiration.
35. Word choice
attempts to
create a picture in
the reader’s
mind.
Thoughtful
language evokes
some meaning
within the piece.
Lively word
choice adds to
the meaning of
the piece.
Some colorful
language and
unusual phrasing
encourage
reflection.
.
Powerful word
choice enhances
meaning.
Original phrasing
and memorable
language
prompts reflective
thoughts and
insights.
Voice Writer’s
personality is not
evident.
Connection to
audience and
36. purpose is
lacking.
Writing evokes
Minimal emotion
in the reader.
Writer’s
personality is
undefined; writing
is cautious.
Connection to
audience and
purpose is
limited.
Writing evokes
limited emotion
in the reader
Writer’s
personality is
limited;
confidence and
feeling fade in
and out.
Connection to
audience and
purpose is
adequate. The
writing evokes
adequate
emotion in the
reader.
Writer’s
37. personality pokes
through;
confidence and
feeling are basic.
Connection to
audience and
purpose is
appropriate.
The writing
evokes consistent
emotion in the
reader
The writer’s
personality is
expressed;
confidence and
feeling are
apparent.
Connection to
audience and
purpose is
excellent.
Writing evokes
strong emotion in
the reader.
Grammar and
Mechanics
Grammar and
mechanics’ errors
make the essay
incomprehensible
Grammar,
38. spelling,
punctuation, and
mechanics errors
occur throughout
document.
Several errors in
grammar,
punctuation,
spelling and
mechanics
present.
Some spelling,
grammar,
punctuation and
mechanical errors
are evident.
Free of
punctuation,
spelling,
grammar, and
other mechanical
errors.
APA Formatting APA format not
used.
Errors in four of
the following
areas:
Title page, 1 inch
margins, Times
New Roman 12
font, double
39. spacing.
Errors in three of
the following
areas:
Title page, 1 inch
margins, Times
New Roman 12
font, double
spacing.
Errors in two of
the following
areas:
Title page, 1 inch
margins, Times
New Roman 12
font, double
spacing.
No errors in the
areas of:
Title page,1 inch
margins, Times
New Roman 12
font, double
spacing.
22/03/2020 Project Report Submission
40. https://eccouncil.instructure.com/courses/476/assignments/1381
0 1/8
Project Report Submission
Due No Due Date Points 60 Submitting a file upload
Available Mar 16 at 3am - Mar 23 at 2:59am 7 days
Submit Assignment
Summative Assessment Research Project: 60 pts.
Directions on Project:
Guidelines on Graduate Project
Following are the guidelines for your graduate project.
Selecting a Topic
Choose a project topic from one of your completed labs from
the previous weeks. You may go back
through the lab content to familiarize yourself with the
information required to complete your project.
Prepare a rough outline of project proposal you would like to
submit. Discuss the topic and draft
project proposal with the instructor.
Conduct further research on the topic. Make a detailed proposal.
In the project proposal you should:
a. Introduce the topic scenario
b. Describe the methodology to be adopted fro
41. performing the test.
c. State the timeline for the project completion.
d. Include references and authorization letters
Working on the Project
You have to complete your project within the stipulated
deadlines. Plan your project accordingly
While meeting the executives of a company in relation to your
project, make sure you have
appropriate approvals and request letters from the concerned
university department or company.
Make sure your instructor approves questionnaires designed for
any survey in relation to the project.
You must use any data collected in course of the research, only
for the approved project. You must
not share collected information with other students.
Make notes of key points during the course of research. It
would save lot of time in preparation of
project report.
22/03/2020 Project Report Submission
https://eccouncil.instructure.com/courses/476/assignments/1381
0 2/8
Make sure all relevant journals, magazines, papers and books
are available in the university library.
Analysis is the most critical part of the project and forms basis
for all findings. Make sure you make
use of appropriate statistical tools in analysis.
42. Writing a Project Report
Review the style guidelines for project report
The project report should not exceed 7,000 words
Abstract should be between 150-250 words
Select A4 size; page orientation should be portrait. Specify “1”
margin on all sides.
Number all pages consecutively. Start every chapter on a new
page.
Provide double spacing
You should use Times New Roman Font- “12” for text and “10”
for footnotes. Use a larger font size
for section headings.
A project report must contain:
Content Section
a. Title Page
Preliminariesb. Table of Contents
c. Abstract
d. Introduction and background
Body of the report
e. Problem statement
f. Objectives of the project
g. Literature review
h. Methodology adopted
i. Results - project findings
43. j. Recommendations
k. Conclusion
l. Bibliography References
22/03/2020 Project Report Submission
https://eccouncil.instructure.com/courses/476/assignments/1381
0 3/8
Research Paper (60)
m. Appendix
n. List of figures and tables
o. Index words (if required)
Be clear and precise. Express your ideas in a logical way.
Abstract should reflect the essence of the project
The introduction should provide the overview of the topic and
highlight its significance
Clearly indicate the objectives of your project.
Describe all the methods used such as interviews,
questionnaires in the methodology section.
Ensure that literature review is in your own words. Analyze
other person’s contribution to the topic.
Identify the gaps in the literature. Emphasize on the likely
contribution of your project to the existing
literature on the topic.
Describe your findings from analysis in the results section. As
44. this is the most critical part of the
project, ensure that there are no errors in analysis. Make proper
inferences from analysis and
findings.
The conclusion section should summarize your objectives,
findings and learning’s from the project.
Provide useful supplementary information in the Appendix.
Avoid plagiarism. The project report should reflect your
understanding of the topic. The majority of
the paper should be in your own words and reflect your own
ideas.
Give credit for all referenced work. Provide appropriate citation
and references for all quotations.
Ensure that papers referenced are relevant and not outdated.
Your paper should be reader friendly. Use footnotes to explain
difficult terms.
Don’t use text from Wikipedia in footnotes
All tables and figures must be suitably numbered and titled.
Give appropriate credit.
On completion, go through the entire project. Ensure there are
no proofing errors and you have
adhered to all guidelines related to the project.
22/03/2020 Project Report Submission
https://eccouncil.instructure.com/courses/476/assignments/1381
0 4/8
Criteria Ratings Pts
6.0 pts
45. 18.0 pts
18.0 pts
Introduction 6.0 pts
Exceeds
Standards
Strong introduction
of topics key
question(s), terms,
Clearly delineates
subtopics to be
reviewed. Specific
thesis statement
3.0 pts
Meets
Standards
Conveys topic
and key
question(s).
Clearly
delineates
subtopics to be
reviewed.
General thesis
statement
2.0 pts
Needs Some
Improvement
to Meet
Standards
Coveys topic,
but not key
question(s).
46. Describes
subtopics to be
reviewed.
General thesis
statement.
1.0 pts
Needs
Substantial
Improvement to
Meet Standards
Does not
adequately
convey topic.
Does not describe
subtopics to be
reviewed. Lacks
adequate theses
statement.Focus and
Sequencing
18.0 pts
Exceeds
Standards
All material clearly
related to subtopic,
main topic. Strong
organization and
integration of
material within
subtopics. Strong
transitions linking
subtopics, and
main topic.
9.0 pts
47. Meets
Standards
All material
clearly related to
subtopic, main
topic and
logically
organized within
subtopics. Clear,
varied transitions
linking subtopics,
and main topic.
5.0 pts
Needs Some
Improvement to
Meet Standards
Most material
clearly related to
subtopic, main
topic. Material
may not be
organized within
subtopics.
Attempts to
provide variety
of transitions.
1.0 pts
Needs
Substantial
Improvement
to Meet
Standards
Little evidence
material is
48. logically
organized into
topic, subtopics
or related to
topic. Many
transitions are
unclear or
unsubstantiated.
Support, Citations,
and References
18.0 pts
Exceeds
Standards
Strong peer-
reviewed research
based support for
thesis, references
and citations are
thoroughly and
clearly indicated
after every quote or
an authors
statement or idea.
9.0 pts
Meets Standards
Good research
based support for
thesis, references
and citations are
adequately and
clearly indicated
after most quotes
or an authors
49. statement or idea.
5.0 pts
Needs Some
Improvement to
Meet Standards
Some research
based support for
thesis,
references and
citations are
inconsistently
indicated after a
few quotes or an
authors
statement or
idea.
1.0 pts
Needs
Substantial
Improvement
to Meet
Standards
limited or no
peer-
reviewed
research
based
support for
thesis,
references
and citations
are absent.
50. 22/03/2020 Project Report Submission
https://eccouncil.instructure.com/courses/476/assignments/1381
0 5/8
Criteria Ratings Pts
6.0 pts
6.0 pts
6.0 pts
--
Spelling and
Grammar
6.0 pts
Exceeds
Standards
Work has no
misspellings or
grammatical
errors.
3.0 pts
Meets
Standards
Work has 1 or 2
misspellings or
grammatical
errors
2.0 pts
51. Needs Some
Improvement to
Meet Standards
Work has several
misspellings or
grammatical
errors
1.0 pts
Needs
Substantial
Improvement to
Meet Standards
Work has
numerous
misspellings or
grammatical errors
Conclusion 6.0 pts
Exceeds
Standards
Strong review of key
conclusions and
integration with
thesis statement.
Insightful and
supported
discussion of impact
of the researched
material.
3.0 pts
Meets
Standards
Good review of
key conclusions
52. and integration
with thesis
statement. Good
discussion on
impact of
researched
material.
2.0 pts
Needs Some
Improvement
to Meet
Standards
Review of key
conclusions.
Some
integration with
thesis
statement.
Discusses
impact of
researched
material on
topic.
1.0 pts
Needs
Substantial
Improvement
to Meet
Standards
Does not
summarize
evidence with
response to
thesis
53. statements.
Does not
discuss the
impact of
researched
material.
Citations and
References
6.0 pts
Exceeds
Standards
All references and
citations are
correctly written
and present.
3.0 pts
Meets
Standards
One reference
or citations
missing or
incorrectly
written.
2.0 pts
Needs Some
Improvement to
Meet Standards
Two references
or citations
missing or
incorrectly
written.
54. 1.0 pts
Needs
Substantial
Improvement to
Meet Standards
Reference and
citation errors
detract
significantly from
paper.
fundamental
networking concepts,
analyze networking
protocols and
implement
established
standards to design
a robust networking
infrastructure.
threshold: 3.0 pts
5.0 pts
Exceeds
Expectations
3.0 pts
Meets
Expectations
0.0 pts
Does Not Meet
Expectations
55. 22/03/2020 Project Report Submission
https://eccouncil.instructure.com/courses/476/assignments/1381
0 6/8
Criteria Ratings Pts
--
--
--
--
potential
vulnerabilities and
threats to network
infrastructure, predict
the implication of
network security
breaches and
analyze the available
countermeasures.
threshold: 3.0 pts
5.0 pts
Exceeds
Expectations
3.0 pts
Meets
Expectations
56. 0.0 pts
Does Not Meet
Expectations
different network
security
mechanisms,
analyze available
security controls and
develop strategies to
implement and
configure these
controls.
threshold: 3.0 pts
5.0 pts
Exceeds
Expectations
3.0 pts
Meets
Expectations
0.0 pts
Does Not Meet
Expectations
role of network
security policies, and
develop
comprehensive
policies that help in
protecting network
57. infrastructure.
threshold: 3.0 pts
5.0 pts
Exceeds
Expectations
3.0 pts
Meets
Expectations
0.0 pts
Does Not Meet
Expectations
working of various
networking devices,
and develop
strategies for secure
configuration of
these devices.
threshold: 3.0 pts
5.0 pts
Exceeds
Expectations
3.0 pts
Meets
Expectations
0.0 pts
Does Not Meet
Expectations
58. 22/03/2020 Project Report Submission
https://eccouncil.instructure.com/courses/476/assignments/1381
0 7/8
Criteria Ratings Pts
--
--
--
--
issues with operating
systems and
network-based
applications, analyze
the common
vulnerabilities and
implement best
practices to harden
networks.
threshold: 3.0 pts
5.0 pts
Exceeds
Expectations
3.0 pts
Meets
Expectations
59. 0.0 pts
Does Not Meet
Expectations
cryptography
algorithms and
encryption
techniques, and
design
implementation
strategies for privacy
and security of
information.
threshold: 3.0 pts
5.0 pts
Exceeds
Expectations
3.0 pts
Meets
Expectations
0.0 pts
Does Not Meet
Expectations
contrast various
network security
tools, and make
decisions to deploy
proper security tools
based on evidence,
60. information, and
research.
threshold: 3.0 pts
5.0 pts
Exceeds
Expectations
3.0 pts
Meets
Expectations
0.0 pts
Does Not Meet
Expectations
physical security
mechanisms,
examine the issues
and recommend the
countermeasures to
safeguard the
network
infrastructure.
threshold: 3.0 pts
5.0 pts
Exceeds
Expectations
3.0 pts
Meets
Expectations
0.0 pts
61. Does Not Meet
Expectations
22/03/2020 Project Report Submission
https://eccouncil.instructure.com/courses/476/assignments/1381
0 8/8
Total Points: 60.0
Criteria Ratings Pts
--
impact of an incident
in the network and
develop policies,
processes, and
guidelines for
incident handling and
disaster recovery.
threshold: 3.0 pts
5.0 pts
Exceeds
Expectations
3.0 pts
Meets
Expectations
0.0 pts
Does Not Meet
62. Expectations
22/03/2020 Project Report Submission
https://eccouncil.instructure.com/courses/476/assignments/1381
0 1/8
Project Report Submission
Due No Due Date Points 60 Submitting a file upload
Available Mar 16 at 3am - Mar 23 at 2:59am 7 days
Submit Assignment
Summative Assessment Research Project: 60 pts.
Directions on Project:
Guidelines on Graduate Project
Following are the guidelines for your graduate project.
Selecting a Topic
Choose a project topic from one of your completed labs from
the previous weeks. You may go back
through the lab content to familiarize yourself with the
information required to complete your project.
Prepare a rough outline of project proposal you would like to
submit. Discuss the topic and draft
project proposal with the instructor.
Conduct further research on the topic. Make a detailed proposal.
63. In the project proposal you should:
a. Introduce the topic scenario
b. Describe the methodology to be adopted fro
performing the test.
c. State the timeline for the project completion.
d. Include references and authorization letters
Working on the Project
You have to complete your project within the stipulated
deadlines. Plan your project accordingly
While meeting the executives of a company in relation to your
project, make sure you have
appropriate approvals and request letters from the concerned
university department or company.
Make sure your instructor approves questionnaires designed for
any survey in relation to the project.
You must use any data collected in course of the research, only
for the approved project. You must
not share collected information with other students.
Make notes of key points during the course of research. It
would save lot of time in preparation of
project report.
22/03/2020 Project Report Submission
https://eccouncil.instructure.com/courses/476/assignments/1381
0 2/8
64. Make sure all relevant journals, magazines, papers and books
are available in the university library.
Analysis is the most critical part of the project and forms basis
for all findings. Make sure you make
use of appropriate statistical tools in analysis.
Writing a Project Report
Review the style guidelines for project report
The project report should not exceed 7,000 words
Abstract should be between 150-250 words
Select A4 size; page orientation should be portrait. Specify “1”
margin on all sides.
Number all pages consecutively. Start every chapter on a new
page.
Provide double spacing
You should use Times New Roman Font- “12” for text and “10”
for footnotes. Use a larger font size
for section headings.
A project report must contain:
Content Section
a. Title Page
Preliminariesb. Table of Contents
c. Abstract
d. Introduction and background
Body of the report
e. Problem statement
f. Objectives of the project
65. g. Literature review
h. Methodology adopted
i. Results - project findings
j. Recommendations
k. Conclusion
l. Bibliography References
22/03/2020 Project Report Submission
https://eccouncil.instructure.com/courses/476/assignments/1381
0 3/8
Research Paper (60)
m. Appendix
n. List of figures and tables
o. Index words (if required)
Be clear and precise. Express your ideas in a logical way.
Abstract should reflect the essence of the project
The introduction should provide the overview of the topic and
highlight its significance
Clearly indicate the objectives of your project.
Describe all the methods used such as interviews,
questionnaires in the methodology section.
66. Ensure that literature review is in your own words. Analyze
other person’s contribution to the topic.
Identify the gaps in the literature. Emphasize on the likely
contribution of your project to the existing
literature on the topic.
Describe your findings from analysis in the results section. As
this is the most critical part of the
project, ensure that there are no errors in analysis. Make proper
inferences from analysis and
findings.
The conclusion section should summarize your objectives,
findings and learning’s from the project.
Provide useful supplementary information in the Appendix.
Avoid plagiarism. The project report should reflect your
understanding of the topic. The majority of
the paper should be in your own words and reflect your own
ideas.
Give credit for all referenced work. Provide appropriate citation
and references for all quotations.
Ensure that papers referenced are relevant and not outdated.
Your paper should be reader friendly. Use footnotes to explain
difficult terms.
Don’t use text from Wikipedia in footnotes
All tables and figures must be suitably numbered and titled.
Give appropriate credit.
On completion, go through the entire project. Ensure there are
no proofing errors and you have
adhered to all guidelines related to the project.
22/03/2020 Project Report Submission
https://eccouncil.instructure.com/courses/476/assignments/1381
67. 0 4/8
Criteria Ratings Pts
6.0 pts
18.0 pts
18.0 pts
Introduction 6.0 pts
Exceeds
Standards
Strong introduction
of topics key
question(s), terms,
Clearly delineates
subtopics to be
reviewed. Specific
thesis statement
3.0 pts
Meets
Standards
Conveys topic
and key
question(s).
Clearly
delineates
subtopics to be
reviewed.
General thesis
statement
2.0 pts
Needs Some
68. Improvement
to Meet
Standards
Coveys topic,
but not key
question(s).
Describes
subtopics to be
reviewed.
General thesis
statement.
1.0 pts
Needs
Substantial
Improvement to
Meet Standards
Does not
adequately
convey topic.
Does not describe
subtopics to be
reviewed. Lacks
adequate theses
statement.Focus and
Sequencing
18.0 pts
Exceeds
Standards
All material clearly
related to subtopic,
main topic. Strong
organization and
integration of
material within
69. subtopics. Strong
transitions linking
subtopics, and
main topic.
9.0 pts
Meets
Standards
All material
clearly related to
subtopic, main
topic and
logically
organized within
subtopics. Clear,
varied transitions
linking subtopics,
and main topic.
5.0 pts
Needs Some
Improvement to
Meet Standards
Most material
clearly related to
subtopic, main
topic. Material
may not be
organized within
subtopics.
Attempts to
provide variety
of transitions.
1.0 pts
Needs
70. Substantial
Improvement
to Meet
Standards
Little evidence
material is
logically
organized into
topic, subtopics
or related to
topic. Many
transitions are
unclear or
unsubstantiated.
Support, Citations,
and References
18.0 pts
Exceeds
Standards
Strong peer-
reviewed research
based support for
thesis, references
and citations are
thoroughly and
clearly indicated
after every quote or
an authors
statement or idea.
9.0 pts
Meets Standards
Good research
based support for
71. thesis, references
and citations are
adequately and
clearly indicated
after most quotes
or an authors
statement or idea.
5.0 pts
Needs Some
Improvement to
Meet Standards
Some research
based support for
thesis,
references and
citations are
inconsistently
indicated after a
few quotes or an
authors
statement or
idea.
1.0 pts
Needs
Substantial
Improvement
to Meet
Standards
limited or no
peer-
reviewed
research
based
support for
72. thesis,
references
and citations
are absent.
22/03/2020 Project Report Submission
https://eccouncil.instructure.com/courses/476/assignments/1381
0 5/8
Criteria Ratings Pts
6.0 pts
6.0 pts
6.0 pts
--
Spelling and
Grammar
6.0 pts
Exceeds
Standards
Work has no
misspellings or
grammatical
errors.
3.0 pts
Meets
Standards
73. Work has 1 or 2
misspellings or
grammatical
errors
2.0 pts
Needs Some
Improvement to
Meet Standards
Work has several
misspellings or
grammatical
errors
1.0 pts
Needs
Substantial
Improvement to
Meet Standards
Work has
numerous
misspellings or
grammatical errors
Conclusion 6.0 pts
Exceeds
Standards
Strong review of key
conclusions and
integration with
thesis statement.
Insightful and
supported
discussion of impact
of the researched
material.
74. 3.0 pts
Meets
Standards
Good review of
key conclusions
and integration
with thesis
statement. Good
discussion on
impact of
researched
material.
2.0 pts
Needs Some
Improvement
to Meet
Standards
Review of key
conclusions.
Some
integration with
thesis
statement.
Discusses
impact of
researched
material on
topic.
1.0 pts
Needs
Substantial
Improvement
to Meet
75. Standards
Does not
summarize
evidence with
response to
thesis
statements.
Does not
discuss the
impact of
researched
material.
Citations and
References
6.0 pts
Exceeds
Standards
All references and
citations are
correctly written
and present.
3.0 pts
Meets
Standards
One reference
or citations
missing or
incorrectly
written.
2.0 pts
Needs Some
Improvement to
76. Meet Standards
Two references
or citations
missing or
incorrectly
written.
1.0 pts
Needs
Substantial
Improvement to
Meet Standards
Reference and
citation errors
detract
significantly from
paper.
fundamental
networking concepts,
analyze networking
protocols and
implement
established
standards to design
a robust networking
infrastructure.
threshold: 3.0 pts
5.0 pts
Exceeds
Expectations
3.0 pts
Meets
77. Expectations
0.0 pts
Does Not Meet
Expectations
22/03/2020 Project Report Submission
https://eccouncil.instructure.com/courses/476/assignments/1381
0 6/8
Criteria Ratings Pts
--
--
--
--
potential
vulnerabilities and
threats to network
infrastructure, predict
the implication of
network security
breaches and
analyze the available
countermeasures.
threshold: 3.0 pts
5.0 pts
78. Exceeds
Expectations
3.0 pts
Meets
Expectations
0.0 pts
Does Not Meet
Expectations
different network
security
mechanisms,
analyze available
security controls and
develop strategies to
implement and
configure these
controls.
threshold: 3.0 pts
5.0 pts
Exceeds
Expectations
3.0 pts
Meets
Expectations
0.0 pts
Does Not Meet
Expectations
79. role of network
security policies, and
develop
comprehensive
policies that help in
protecting network
infrastructure.
threshold: 3.0 pts
5.0 pts
Exceeds
Expectations
3.0 pts
Meets
Expectations
0.0 pts
Does Not Meet
Expectations
working of various
networking devices,
and develop
strategies for secure
configuration of
these devices.
threshold: 3.0 pts
5.0 pts
Exceeds
Expectations
3.0 pts
Meets
80. Expectations
0.0 pts
Does Not Meet
Expectations
22/03/2020 Project Report Submission
https://eccouncil.instructure.com/courses/476/assignments/1381
0 7/8
Criteria Ratings Pts
--
--
--
--
issues with operating
systems and
network-based
applications, analyze
the common
vulnerabilities and
implement best
practices to harden
networks.
threshold: 3.0 pts
5.0 pts
81. Exceeds
Expectations
3.0 pts
Meets
Expectations
0.0 pts
Does Not Meet
Expectations
7. Analyze
cryptography
algorithms and
encryption
techniques, and
design
implementation
strategies for privacy
and security of
information.
threshold: 3.0 pts
5.0 pts
Exceeds
Expectations
3.0 pts
Meets
Expectations
0.0 pts
Does Not Meet
Expectations
8. Compare and
82. contrast various
network security
tools, and make
decisions to deploy
proper security tools
based on evidence,
information, and
research.
threshold: 3.0 pts
5.0 pts
Exceeds
Expectations
3.0 pts
Meets
Expectations
0.0 pts
Does Not Meet
Expectations
physical security
mechanisms,
examine the issues
and recommend the
countermeasures to
safeguard the
network
infrastructure.
threshold: 3.0 pts
5.0 pts
Exceeds
Expectations
83. 3.0 pts
Meets
Expectations
0.0 pts
Does Not Meet
Expectations
22/03/2020 Project Report Submission
https://eccouncil.instructure.com/courses/476/assignments/1381
0 8/8
Total Points: 60.0
Criteria Ratings Pts
--
impact of an incident
in the network and
develop policies,
processes, and
guidelines for
incident handling and
disaster recovery.
threshold: 3.0 pts
5.0 pts
Exceeds
Expectations