Uploaded byalfredacavx97
DOCX, PDF41 views

Market Guide for Zero Trust Network AccessPublished 29 Apri.docx

The document outlines Zero Trust Network Access (ZTNA) as a modern security approach that replaces traditional trusted networking models. It emphasizes the need for organizations to implement ZTNA to enhance security while enabling flexible access to applications for employees and partners, predicting that a significant shift from traditional VPNs will occur by 2023. Recommendations for security leaders include conducting pilot ZTNA projects, replacing legacy VPN models, and ensuring robust user and device authentication to mitigate risks associated with excessive trust granted in traditional access methods.

Embed presentation

Download to read offline
Market Guide for Zero Trust Network Access Published: 29 April 2019 ID: G00386774 Analyst(s): Steve Riley, Neil MacDonald, Lawrence Orans Zero trust network access replaces traditional technologies, which require companies to extend excessive trust to employees and partners to connect and collaborate. Security and risk management leaders should plan pilot ZTNA projects for employee/partner-facing applications. Key Findings ■ Digital business transformation requires that systems, services, APIs, data and processes be accessible through multiple ecosystems anywhere, anytime, from any device over the internet. This expands the surface area for attackers to target. ■ Secure access capabilities must evolve to the cloud, where the users are and where applications and services are moving. Many software-defined perimeter offerings are cloud- based. ■ IP addresses and location are no longer practical to establish sufficient trust for network access. ■ Zero trust network access provides adaptive, identity-aware,
precision access. Removing network location as a position of advantage eliminates excessive implicit trust. ■ ZTNA improves flexibility, agility and scalability, enabling digital ecosystems to work without exposing services directly to the internet, reducing risks of distributed denial of service attacks. ■ Although virtual private network replacement is a common driver for the adoption of ZTNA, ZTNA can also offer a solution for allowing unmanaged devices to securely access applications. Recommendations Security and risk management leaders responsible for secure network access should: ■ Go beyond using IP addresses and network location as a proxy for access trust. Use ZTNA for application-level access only after sufficient user and device authentication. ■ Replace designs for employee- and partner-facing applications that expose services to direct internet connections. Pilot a ZTNA deployment using a digital business service that needs to be accessible to partners as a use case. ■ Phase out legacy VPN-based access for high-risk use cases and begin phasing in ZTNA. This reduces the ongoing need to support widely deployed VPN clients and introduces clientless identity- and device-aware access. Support unmanaged devices
for employees. ■ Choose ZTNA products/services that expand identity assurance beyond a single factor, which is an important supplement to the ZTNA principle of context- based/adaptive access control. Strategic Planning Assumptions By 2022, 80% of new digital business applications opened up to ecosystem partners will be accessed through zero trust network access (ZTNA). By 2023, 60% of enterprises will phase out most of their remote access virtual private networks (VPNs) in favor of ZTNA. By 2023, 40% of enterprises will have adopted ZTNA for other use cases described in this research. Market Definition ZTNA, which is also known as a software-defined perimeter (SDP), creates an identity- and context- based, logical-access boundary around an application or set of applications. The applications are hidden from discovery, and access is restricted via a trust broker to a set of named entities. The broker verifies the identity, context and policy adherence of the specified participants before allowing access. This removes the application assets from public visibility and significantly reduces the surface area for attack. Market Description The old security mindset of “inside means trusted” and “outside means untrusted” is broken in the
world of digital business, which requires anywhere, anytime, any device access to services that may not be located “inside” an on-premises data center. Similarly, the old model expects all programmers to be security engineers, building intrinsically secure networked applications, and incorporating sophisticated authentication and access controls. That does not scale today. The new model presents an approach in which a trust broker mediates connections between applications and users. ZTNA abstracts away and centralizes the security mechanisms so that the security engineers and staff can be responsible for them. ZTNA starts with a default deny posture of zero trust. It grants access based on identity, plus other attributes and context (such as time/date, geolocation and device posture), and adaptively offers the appropriate trust required at the time. The result is a more resilient environment with improved flexibility and better monitoring. ZTNA will appeal to organizations looking for adaptive and secure ways to connect and collaborate with their digital business ecosystem, remote workers and partners. ZTNA provides controlled access to resources, reducing the surface area for attack. The isolation afforded by ZTNA improves connectivity, removing the need to directly expose applications to the Page 2 of 15 Gartner, Inc. | G00386774 internet. The internet becomes an untrusted transport and access to applications occurs through an
intermediary. The intermediary can be a cloud service controlled by a third-party provider or a self- hosted service. In either case, incoming traffic to applications always passes through the intermediary after users have successfully authenticated to it. In many cases, entity behavior is continuously monitored for abnormal activity, as described in Gartner’s Continuous Adaptive Risk and Trust Assessment (CARTA) framework (see “Zero Trust Is an Initial Step on the Roadmap to CARTA”). In a sense, ZTNA creates individualized “virtual perimeters” that encompass only the user, the device and the application. ZTNA normalizes the user experience, removing the access distinctions that exist when on, versus off, the corporate network. Market Direction The ZTNA notion has been gaining momentum since an initial specification for software-defined perimeters (SDP) was introduced at the Cloud Security Alliance Summit in 2014. The initial SDP specification addressed web-based applications only, and updates to the specification have lagged, but they are expected later in 2019. Commercial products roughly based on this initial specification are available, as are products based on Google’s BeyondCorp zero trust networking vision — also limited to web-enabled applications only. In addition, a large number of alternative commercial products using other approaches that are not limited to web applications have entered the market. The ZTNA market is still nascent, but it’s growing quickly. It has piqued the interest of organizations seeking a more flexible alternative to VPNs and those seeking
more precise access and session control to applications located on-premises and in the cloud. ZTNA vendors continue to attract venture capital funding. This, in turn, encourages new startups to enter the market and seek ways to differentiate. Merger and acquisition (M&A) activity in this market has begun, with three startup vendors now having been acquired by larger networking, telecommunications and security vendors. Although ZTNA offerings differ in their technical approaches, they provide generally the same fundamental value proposition: ■ Removing applications and services from direct visibility on the public internet. ■ Enabling precision (“just in time” and “just enough”) access for named users to specific applications only after an assessment of the identity, device health (highly encouraged) and context has been made. ■ Enabling access independent of the user’s physical location or the device’s IP address (except where policy prohibits — e.g., for specific areas of the world). Access policies are based on user, device and application identities. ■ Granting access only to the specific application, not the underlying network. This limits the need for excessive access to all ports and protocols or all applications, some of which the user may not be entitled to. ■ Providing end-to-end encryption of network communications.
Gartner, Inc. | G00386774 Page 3 of 15 https://cloudsecurityalliance.org/artifacts/sdp-specification-v1- 0/ https://www.beyondcorp.com/ ■ Providing optional inspection of the traffic stream for excessive risks in the form of sensitive data handling and malware. ■ Enabling optional monitoring of the session for indications of unusual activity, duration or bandwidth requirements. ■ Providing a consistent user experience for accessing applications — clientless or via a ZTNA client regardless of network location. Gartner has identified different approaches vendors have adopted as they develop products and services for the market. Client-Initiated ZTNA These offerings more closely follow the original Cloud Security Alliance (CSA) SDP specification. An agent installed on authorized devices sends information about its security context to a controller. The controller prompts the user on the device for authentication and returns a list of allowed applications. After the user and device are authenticated, the controller provisions connectivity from the device through a gateway that shields services from direct internet access. The shielding
protects applications from distributed denial of service (DDoS) attacks. Some products remain in the data path once the controller establishes connectivity; others remove themselves. This approach is difficult, if not impossible, to implement on an unmanaged device, due to the requirement to install an agent. In some cases, a third- party mobile threat defense (MTD) product — which users may be more willing to accept than full device management — can provide a posture assessment to the trust broker. (See Figure 1 for a conceptual model.) Figure 1. Conceptual Model of Client-Initiated ZTNA Page 4 of 15 Gartner, Inc. | G00386774 Service-Initiated ZTNA These models more closely follow the Google BeyondCorp vision. A connector installed in the same network as the application establishes and maintains an outbound connection to the provider’s cloud. Users authenticate to the provider to access protected applications. The provider then typically authenticates to an enterprise identity management product. Application traffic passes through the provider’s cloud, which provides isolation from direct access via a proxy. Enterprise firewalls require no openings for inbound traffic. However, the provider’s network becomes another element of network security that must be evaluated.
The advantage of this model is that no agent is required on the end user’s device, making it an attractive approach for unmanaged devices. The disadvantage is that the application’s protocols must be based on HTTP/HTTPS, limiting the approach to web applications and protocols such as Secure Shell (SSH) or Remote Desktop Protocol (RDP) over http. (See Figure 2 for a conceptual model.) Figure 2. Conceptual Model of Service-Initiated ZTNA Some vendors offer both alternatives. This provides enterprises with the ability to mix and match, as needed, to address specific use cases. Market Analysis The internet was designed to connect things easily, not to block connections. The internet uses inherently weak identifiers (specifically, IP addresses) to connect. If you have an IP address and a route, you can connect and communicate to other IP addresses, which were never designed to be authentication mechanisms. The messy problem of authentication is handled by higher levels of the Gartner, Inc. | G00386774 Page 5 of 15 stack, typically the OS and application layers. For network connectivity, this default allow posture creates an excessive amount of implicit trust. Attackers abuse this trust. The first companies that connected to the public internet quickly found
out that they needed a demarcation point where their internal network connected to the internet. This ultimately created what has become a multibillion dollar market for perimeter firewalls. Networked systems on the inside were “trusted” and free to communicate with each other. External systems were “untrusted” and communications with the outside, inbound or outbound, were blocked by default. If needs arose for communication with the outside, these required a series of exceptions (i.e., holes) in the firewall, which were difficult and cumbersome to maintain and monitor. This trusted/untrusted network security model is a relatively coarse and crude control, but it was initially effective. However, it creates excessive trust (on the inside) that is abused by attackers from the outside (once they penetrate the defenses and reach the inside). When external access to our systems and services is needed, we typically do one of two things. For some users, we create a VPN to allow the user to pass through the firewall and connect to the internal network. Once “inside,” the VPN connection is treated as trusted. Alternatively, we place the front end to the service in a segmented part of the network with direct internet connectivity — referred to as a demilitarized zone (DMZ) — so users can access it. Both alternatives create excessive trust and do little to restrict lateral movement, resulting in latent risk. In the case of VPNs, attackers with credentialed access now have access to our networks. (The Target HVAC breach is an example.) Likewise, if the service is exposed in the DMZ, anyone on the internet — including all the attackers — can see it as well, even if it is
protected by a web application firewall (WAF). Excessive network trust leads to excessive latent risk. This will inevitably be exploited, leading to breaches and bringing legal, financial and regulatory exposure. Network connectivity (even the right to “ping” or see a server) should not be an entitlement; it should be earned based on trust. Gartner believes the time has come to isolate services and applications from the dangers of the public internet, and to provide compartmentalized access only to required applications in any given context. The tremendous increase in the number of internet- connected services, and the growing likelihood that services and users could be located at virtually any IP address, exacerbate the weaknesses of the old model. Benefits and Uses The benefits of ZTNA are immediate. Similar to a traditional VPN, services brought within the ZTNA environment are no longer visible on the public internet and, thus, are shielded from attackers. In addition, ZTNA brings significant benefits in user experience, agility, adaptability and ease of policy management. For cloud-based ZTNA offerings, scalability and ease of adoption are additional benefits. ZTNA enables digital business transformation scenarios that are ill-suited to legacy access approaches. As a result of digital transformation efforts, most enterprises will have more applications, services and data outside their enterprises than inside. Cloud-based ZTNA services place the security controls where the users and applications are
— in the cloud. Some of the larger ZTNA vendors have invested in dozens of points of presence worldwide for low-latency user/device access. Page 6 of 15 Gartner, Inc. | G00386774 Several use cases lend themselves to ZTNA: ■ Opening applications and services to collaborative ecosystem members, such as distribution channels, suppliers, contractors or retail outlets, without requiring a VPN or DMZ. Access is more tightly coupled to applications and services. ■ Normalizing the user experience for application access — ZTNA eliminates the distinction between being on and off the corporate network. ■ Carrying encryption all the way to the endpoints for scenarios where you don’t trust the carrier or cloud provider. ■ Providing application-specific access for IT contractors and remote or mobile employees as an alternative to VPN-based access. ■ Extending access to an acquired organization during M&A activities, without having to configure site-to-site VPN and firewall rules. ■ Permitting users in potentially dangerous areas of the world to interact with applications and data in ways that reduce or eliminate the risks that originate in
those areas — pay attention to requirements for strong identity and endpoint protection. ■ Isolating high-value enterprise applications within the network or cloud to reduce insider threats and affect separation of duties for administrative access. ■ Authenticating users on personal devices — ZTNA can improve security and simplify bring your own device (BYOD) programs by reducing full management requirements and enabling more- secure direct application access. ■ Creating secure enclaves of Internet of Things (IoT) devices or a virtual-appliance-based connector on the IoT network segment for connection. ■ Cloaking systems on hostile networks, such as systems that would otherwise face the public internet, used for collaboration. ■ Enabling SaaS applications to connect back to enterprise systems and data for processes that require SaaS applications to interact with enterprise on- premises or infrastructure as a service (IaaS)-based services. Risks Although ZTNA greatly reduces overall risks, it doesn’t eliminate every risk completely, as these examples illustrate: ■ The trust broker could become a single point of any kind of failure. Fully isolated applications using ZTNA will stop working when the ZTNA service is down.
Well-designed ZTNA services include physical and geographic redundancy with multiple entry and exit points to minimize the likelihood of outages affecting overall availability. Furthermore, a vendor’s SLA (or lack thereof) can be an indicator of how robust it views their offering. Favor vendors with SLAs that minimize business disruptions. Gartner, Inc. | G00386774 Page 7 of 15 ■ Attackers could attempt to compromise the trust broker system. Although unlikely, the risk isn’t zero. ZTNA services built on public clouds or major internet carriers benefit from the provider’s strong tenant isolation mechanisms. Nevertheless, collapse of the tenant isolation would allow an attacker to penetrate the systems of the vendor’s customers and move laterally within and between them. A compromised trust broker should fail over to a redundant one immediately. If it can’t, then it should fail closed — that is, if it can’t deflect abuse, it should disconnect from the internet. Favor vendors who adopt this stance. ■ Compromised user credentials could allow an attacker on the local device to observe and exfiltrate information from the device. ZTNA architectures that combine device authentication with user authentication contain this threat to a degree, stopping the attack from propagating beyond the device itself. We suggest that, wherever possible, stronger authentication for access be used.
■ Some ZTNA vendors have chosen to focus their developments on supporting web application protocols only (HTTP/HTTPS). Carrying legacy applications and protocols through a ZTNA service could prove to be more difficult. ■ The market is in flux, and smaller vendors could disappear or be acquired. Evaluation Factors When evaluating ZTNA technologies, here are the key questions to ask: ■ Does the vendor require that an endpoint agent be installed? What OSs are supported? What mobile devices? How well does the agent behave in the presence of other agents? ■ Does the offering support single packet authentication (SPA) as an initial form of identity verification to the trust broker? SPA allows the broker to ignore any attempts to communicate, unless the first attempt contains a specialized, encrypted packet. ■ Does the offering provide the ability to perform a security posture assessment of the device (OS version, patch levels, password and encryption policies, etc.), without requiring a unified endpoint management (UEM) tool? Is any option provided for achieving this on unmanaged devices? ■ Does the offering integrate with UEM providers, or can the local agent determine device health
and security posture as a factor in the access decision? What UEM vendors has the ZTNA vendor partnered with? ■ What authentication standards does the trust broker support? Is integration with an on- premises directory or cloud-based identity services available? Does the trust broker integrate with the organization’s existing identity provider? Does the trust broker support common options for multifactor authentication (MFA)? Can the provider enforce strong user authentication for administrators? ■ Is there user and entity behavior analytics (UEBA) functionality that can identify when something anomalous happens within the ZTNA-protected environment? Page 8 of 15 Gartner, Inc. | G00386774 ■ Some ZTNA products are delivered partly or wholly as cloud- based services. Does this meet the organization’s security and residency requirements? Has the vendor undergone one or more third-party attestations, such as SOC 2 or ISO 27001? ■ How geographically diverse are the vendor’s entry and exit points (referred to as edge locations and/or points of presence) worldwide? What edge/physical infrastructure providers or colocation facilities does the vendor use? ■ What is the vendor’s technical behavior when the ZTNA service comes under sustained attack?
Does the service fail closed (thus blocking digital business partners from accessing enterprise services) or does the service fail open? Is it possible to selectively choose fail-closed or fail- open for specific enterprise applications? If fail-open is a requirement, don’t forget to add in other layers of defense to protect applications no longer shielded by the ZTNA service. ■ Does the offering support only web applications, or can legacy applications also gain the same security advantages? ■ What algorithms and key lengths has the vendor chosen? What third-party certifications has the vendor obtained? Does the vendor’s product description demonstrate an understanding of contemporary cryptographic practices, or is it laced with too- good-to-be-true crypto “snake oil”? ■ After the user and device pass authentication, does the trust broker remain resident in the data path? This approach deserves consideration. Trust brokers that remain in the data path offer greater visibility and can monitor for unusual and suspicious activities. They could, however, become bottlenecks or single points of failure. Designs that include failover support mitigate this concern, but could be vulnerable to DDoS attacks that attempt to bypass inspection. ■ Can the vendor provide inspection of session flows and content for inappropriate sensitive data handling, malware detection and unusual behaviors?
■ To what extent is partial or full cloaking, or allowing or prohibiting inbound connections, a part of the isolated application’s security requirements? Perhaps the more minimal protection of a content delivery network (CDN) is sufficient. Different enterprise applications might have different requirements. ■ Does the provider maintain a bug bounty program and have a credible, responsible, public or private disclosure policy? It is critical for software providers to constantly test for and remove product vulnerabilities. Favor providers that actively do so. ZTNA Alternatives There are several alternative approaches to ZTNA: ■ Legacy VPNs remain popular, but they might not provide sufficient risk management for exposed services and may be difficult to manage, given the dynamic nature of digital business. Always-on VPNs that require device and user authentication align with the ZTNA model; however, basic network-access VPNs do not. Factor security requirements into VPN models Gartner, Inc. | G00386774 Page 9 of 15 and user satisfaction expectations. For third-party, privileged access into enterprise systems, a privileged access management (PAM) tool can be a useful alternative to a VPN.
■ Exposing web applications through a reverse-proxy-based WAF is another option. With WAF as a service (i.e., cloud WAF), traffic passes through the provider’s WAF service for inspection before delivery to its destination. To avoid false positives or potential application malfunctions, cloud WAFs, like any other WAF, typically require some time for testing and adjusting rules. Because the protected services are still visible to attackers on the public internet, the isolation is limited to the strength of the WAF. However, partner- and employee-facing applications are not normally candidates for WAFs. ■ Choosing to retain existing design patterns and exposing digital business applications in traditional DMZs remain alternatives. However, DMZs provide limited isolation against modern attacks (typically a reverse-proxy WAF). Furthermore, DMZs still leave the application discoverable to all attackers. ■ A remote browser isolation product (see “Innovation Insight for Remote Browser Isolation”) offers another option, specifically for the isolation of web- enabled application access. Here, the browser session itself is rendered from the end user’s device and, typically, in a service, from the enterprise network (e.g., a cloud-based remote browser service), providing isolation on both sides. ■ CDNs can absorb DDoS attacks, reduce the noise and threats of bot attacks, and guard against website defacement. However, they offer no application-level protection and no anonymity —
attackers targeting sites can discover the site is protected with a CDN and might attempt to exploit vulnerabilities present in the CDN. Many CDNs include a basic cloud WAF. ■ Applications that don’t require full, interactive internet connectivity, but instead expose only APIs to the public internet could be protected by an API gateway, although ZTNA can also work here. API gateways enforce authentication, validate authorization and mediate the correct use of application APIs. This is especially useful if the application lacks mechanisms for ensuring API security. Most API gateways also expose logs of all activity through a native monitoring tool or integration with popular security information and event management (SIEM) tools. Favor API gateways that integrate with enterprise directories and single sign-on (SSO) protocols — or use a ZTNA service instead. ■ It is possible to go full IaaS. When ZTNA or other isolation measures are not good enough, moving the application off-enterprise completely is the best alternative. Many of the suggested isolation mechanisms are available to workloads placed in the cloud and are designed more for primary protection, rather than enterprise isolation. The goal shifts to protecting the application and data, with less concern for isolation. However, this still leaves systems exposed to attack, especially if legacy DMZ architectures are replicated in the cloud. Representative Vendors The vendors listed in this Market Guide do not imply an
exhaustive list. This section is intended to provide more understanding of the market and its offerings. Page 10 of 15 Gartner, Inc. | G00386774 Market Introduction ZTNA products and services are offered by vendors in one of two ways: ■ As a service from the cloud ■ As a stand-alone offering that the customer is responsible for supporting As-a-service offerings (see Table 1) require less setup and maintenance than stand-alone offerings. As-a-service offerings typically require provisioning at the end- user or service side and route traffic through the vendor’s cloud for policy enforcement. Stand-alone offerings (see Table 2) require customers to deploy and manage all elements of the product. In addition, several of the major IaaS cloud providers offer ZTNA capabilities for their customers. Table 1. Representative Vendors of ZTNA as a Service Vendor Product or Service Name Akamai Enterprise Application Access Cato Networks Cato Cloud Cisco Duo Beyond (acquisition by Cisco)
CloudDeep Technology (China only) DeepCloud SDP Cloudflare Cloudflare Access InstaSafe Secure Access Meta Networks Network as a Service Platform New Edge Secure Application Network Okta Okta Identity Cloud (Acquired ScaleFT) Perimeter 81 Software Defined Perimeter SAIFE Continuum Symantec Luminate Secure Access Cloud (acquisition by Symantec) Verizon Vidder Precision Access (acquisition) Zscaler Private Access Source: Gartner (April 2019) Gartner, Inc. | G00386774 Page 11 of 15 Table 2. Representative Vendors of Stand-Alone ZTNA Vendor Product or Service Name BlackRidge Technology Transport Access Control
Certes Networks Zero Trust WAN Cyxtera AppGate SDP Google Cloud Platform (GCP) Cloud Identity-Aware Proxy (Cloud IAP) Microsoft (Windows only) Azure AD Application Proxy Pulse Secure Pulse SDP Safe-T Software-Defined Access Suite Unisys Stealth Waverley Labs Open Source Software Defined Perimeter Zentera Systems Cloud-Over-IP (COiP) Access Source: Gartner (April 2019) Market Recommendations Given the significant risk that the public internet represents and the attractiveness of compromising internet-exposed systems to gain a foothold in enterprise systems, enterprises need to consider isolating digital business services from visibility by the public internet. Don’t mistake Gartner’s recommendation for the tried, yet true “security by obscurity is no security at all” axiom. Although ZTNA cloaks services from discovery and reconnaissance, it erects true barriers that are proving to be more challenging for attackers to circumvent than older notions of simple obfuscation. For legacy VPN access, look for scenarios in which targeted
sets of users performing their work through a ZTNA service can provide immediate value in improving the overall security posture of the organization. In most cases, this could be a partner- or employee-facing application. A ZTNA project is a step toward a more widespread zero trust networking (default deny) security posture. Specifically, nothing can communicate (or even see) an application resource until sufficient trust is established, given the risk and current context to extend network connectivity. For DMZ-based applications, evaluate what sets of users require access. For those applications with a defined set of users, plan to migrate them to a ZTNA service during the next several years. Use the migration of these applications to public cloud IaaS as a catalyst for this architectural shift. Specific Recommendations ■ Budget and pilot a ZTNA project to demonstrate the benefits of ZTNA to the organization. Page 12 of 15 Gartner, Inc. | G00386774 ■ Plan for user-to-application mapping. Role-based access control (RBAC) can help with this. Avoid allowing all users to access all applications. ■ Identify which applications and workflows are not candidates for ZTNA, and exclude them from the scope. This includes access to and download of unstructured data not protected by
application- and consumer-facing applications. ■ The ZTNA market is emerging, so sign only short-term contracts for no more than 12 to 24 months to retain greater vendor selection flexibility as the market grows and matures. ■ For most digital business scenarios, favor vendors that offer ZTNA as a service for easier deployment, higher availability and protection against DDoS attacks. Favor vendors that require no openings in firewalls for listening services (inbound connections), which is typical for most as-a-service flavors of ZTNA. ■ When security requirements demand an on-premises installation of a ZTNA product, favor vendors that can reduce the number of firewall openings as much as possible. ■ If unmanaged devices will be used by named users, plan to deploy a reverse-proxy-based ZTNA product or service to avoid the need for agent installation. ■ Ensure that the vendor supports the authentication protocols the organization and partners use now, including the enterprise’s standard identity store, as well as any it expects to use in the future. The wider the available range, the better, including cloud SSO providers and SaaS- delivered access management providers. ■ Don’t expect partners to use your identity store. Require support for SAML, OAuth, OIDC and similar identity federation capabilities.
■ Evaluate the effectiveness of a vendor’s ability to query other kinds of device agents, such as UEM, endpoint detection and response (EDR) and MTD, to gain additional context for improved adaptive access decisions. ■ Attackers will target ZTNA trust brokers. For on-premises ZTNA products, harden the host OSs using a cloud workload protection platform (CWPP) tool that supports on-premises deployments (see “Market Guide for Cloud Workload Protection Platforms”). Rely primarily on default deny allow-listing to explicitly define the code allowed to execute on the system. Don’t rely solely on patching to keep the system hardened. ■ If you choose a smaller provider, plan for potential acquisitions by placing appropriate clauses in contracts and having a list of alternative providers lined up, if needed. Gartner Recommended Reading Some documents may not be available as part of your current Gartner subscription. “Zero Trust Is an Initial Step on the Roadmap to CARTA” Gartner, Inc. | G00386774 Page 13 of 15 “Hype Cycle for Enterprise Networking and Communications, 2018” “Hype Cycle for Cloud Security, 2018”
“Fact or Fiction: Are Software-Defined Perimeters Really the Next-Generation VPNs?” Note 1 Representative Vendor Selection The vendors named in this guide were selected to represent two types of ZTNA offerings: as-a- service and stand-alone. For these categories, we list the vendors known to Gartner as of April 2019. Note 2 Gartner’s Initial Market Coverage This Market Guide provides Gartner’s initial coverage of the market and focuses on the market definition, rationale for the market and market dynamics. Page 14 of 15 Gartner, Inc. | G00386774 GARTNER HEADQUARTERS Corporate Headquarters 56 Top Gallant Road Stamford, CT 06902-7700 USA +1 203 964 0096 Regional Headquarters AUSTRALIA BRAZIL JAPAN UNITED KINGDOM
For a complete list of worldwide locations, visit http://www.gartner.com/technology/about.jsp © 2019 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner's prior written permission. It consists of the opinions of Gartner's research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see "Guiding Principles on Independence and Objectivity." Gartner, Inc. | G00386774 Page 15 of 15 http://www.gartner.com/technology/about.jsp https://www.gartner.com/technology/about/policies/usage_polic y.jsp http://www.gartner.com/technology/about/ombudsman/omb_gui de2.jsp
http://www.gartner.com/technology/about/ombudsman/omb_gui de2.jspStrategic Planning AssumptionsMarket DefinitionMarket DescriptionMarket DirectionClient-Initiated ZTNAService- Initiated ZTNAMarket AnalysisBenefits and UsesRisksEvaluation FactorsZTNA AlternativesRepresentative VendorsMarket IntroductionMarket RecommendationsSpecific RecommendationsGartner Recommended ReadingList of TablesTable 1. Representative Vendors of ZTNA as a ServiceTable 2. Representative Vendors of Stand-Alone ZTNAList of FiguresFigure 1. Conceptual Model of Client- Initiated ZTNAFigure 2. Conceptual Model of Service-Initiated ZTNA ENG 130: Literature and Comp Descriptive Imagery Response Eng 130: Essay for ENG 130: Descriptive Writing This assignment focuses on your ability to: research academic and reliable sources; translate the information from those sources into a cohesive piece of writing; respond creatively to artwork. The purpose of completing this assignment is: as a student and a career professional, and individual, you will often be required to research information that will further a school assignment, a work-related project, or a personal endeavor. Also, you might be asked to translate research into a
written or oral presentation that you can share with coworkers and peers in a way that will describe, persuade, or evoke emotion. This assignment has all of these skills! _____________________________________________________ _________ Prompt (What are you writing about?): Find a famous work of art. Write a researched history of the artist and the artwork and create a Descriptive Poem that uses imagery to describe the artwork and your reaction to it. Instructions (how to get it done): re of a famous work of art. Note: Be very careful about plagiarism. The purpose of this section is for you to research the work of art and the artist, put the summary of history and life into your own words, and then provide in text citations for the researched information. examples, create a descriptive poem that
uses imagery words to provide a visual description of your chosen artwork and your reaction to it. Note: Your poem needs to be at least 14 lines. Remember in writing poetry, that not all poems need to rhyme. The important skill here is to use imagery descriptions to describe the artwork and the author. Requirements: -3 pages (not including the pasted picture). should not be factored into the 2-3 page length of the essay. ced, written in Times New Roman, in 12 point font and with 1 inch margins. Essay should conform to APA formatting and citation style. Can use creative style in poetry section. to create a properly-
formatted APA reference page. -text citations and references when using outside sources and textual evidence. -text citations for direct quotes, paraphrases, and new information. Sources: “Poetry Sampler: Poetry and Art” pages PS-1 through PS-7 Rubric for Descriptive Writing Literary Response Does Not Meet Expectations 0-11 Below Expectations 12-13
Needs Improvement 14-15 Satisfactory 16-17 Meets Expectations 18-20 Content Writing is disorganized or not clearly defined and/or shows a misunderstanding of the task. Writing is minimally organized. Narrative is underdeveloped. Writing is effective. Narrative is basic.
Writing contains related, quality paragraphs. Thought provoking narrative. Writing is purposeful and focused. Narrative goes beyond the obvious and basic. Vocabulary/ Word Choice Word choice is weak. Language and phrasing is inappropriate, repetitive or lacks meaning. Word choice is limited. Language and phrasing lack inspiration.
Word choice attempts to create a picture in the reader’s mind. Thoughtful language evokes some meaning within the piece. Lively word choice adds to the meaning of the piece. Some colorful language and unusual phrasing encourage reflection. . Powerful word choice enhances meaning. Original phrasing and memorable language prompts reflective thoughts and insights. Voice Writer’s personality is not evident. Connection to audience and
purpose is lacking. Writing evokes Minimal emotion in the reader. Writer’s personality is undefined; writing is cautious. Connection to audience and purpose is limited. Writing evokes limited emotion in the reader Writer’s personality is limited; confidence and feeling fade in and out. Connection to audience and purpose is adequate. The writing evokes adequate emotion in the reader. Writer’s
personality pokes through; confidence and feeling are basic. Connection to audience and purpose is appropriate. The writing evokes consistent emotion in the reader The writer’s personality is expressed; confidence and feeling are apparent. Connection to audience and purpose is excellent. Writing evokes strong emotion in the reader. Grammar and Mechanics Grammar and mechanics’ errors make the essay incomprehensible Grammar,
spelling, punctuation, and mechanics errors occur throughout document. Several errors in grammar, punctuation, spelling and mechanics present. Some spelling, grammar, punctuation and mechanical errors are evident. Free of punctuation, spelling, grammar, and other mechanical errors. APA Formatting APA format not used. Errors in four of the following areas: Title page, 1 inch margins, Times New Roman 12 font, double
spacing. Errors in three of the following areas: Title page, 1 inch margins, Times New Roman 12 font, double spacing. Errors in two of the following areas: Title page, 1 inch margins, Times New Roman 12 font, double spacing. No errors in the areas of: Title page,1 inch margins, Times New Roman 12 font, double spacing. 22/03/2020 Project Report Submission
https://eccouncil.instructure.com/courses/476/assignments/1381 0 1/8 Project Report Submission Due No Due Date Points 60 Submitting a file upload Available Mar 16 at 3am - Mar 23 at 2:59am 7 days Submit Assignment Summative Assessment Research Project: 60 pts. Directions on Project: Guidelines on Graduate Project Following are the guidelines for your graduate project. Selecting a Topic Choose a project topic from one of your completed labs from the previous weeks. You may go back through the lab content to familiarize yourself with the information required to complete your project. Prepare a rough outline of project proposal you would like to submit. Discuss the topic and draft project proposal with the instructor. Conduct further research on the topic. Make a detailed proposal. In the project proposal you should: a. Introduce the topic scenario b. Describe the methodology to be adopted fro
performing the test. c. State the timeline for the project completion. d. Include references and authorization letters Working on the Project You have to complete your project within the stipulated deadlines. Plan your project accordingly While meeting the executives of a company in relation to your project, make sure you have appropriate approvals and request letters from the concerned university department or company. Make sure your instructor approves questionnaires designed for any survey in relation to the project. You must use any data collected in course of the research, only for the approved project. You must not share collected information with other students. Make notes of key points during the course of research. It would save lot of time in preparation of project report. 22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 2/8 Make sure all relevant journals, magazines, papers and books are available in the university library. Analysis is the most critical part of the project and forms basis for all findings. Make sure you make use of appropriate statistical tools in analysis.
Writing a Project Report Review the style guidelines for project report The project report should not exceed 7,000 words Abstract should be between 150-250 words Select A4 size; page orientation should be portrait. Specify “1” margin on all sides. Number all pages consecutively. Start every chapter on a new page. Provide double spacing You should use Times New Roman Font- “12” for text and “10” for footnotes. Use a larger font size for section headings. A project report must contain: Content Section a. Title Page Preliminariesb. Table of Contents c. Abstract d. Introduction and background Body of the report e. Problem statement f. Objectives of the project g. Literature review h. Methodology adopted i. Results - project findings
j. Recommendations k. Conclusion l. Bibliography References 22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 3/8 Research Paper (60) m. Appendix n. List of figures and tables o. Index words (if required) Be clear and precise. Express your ideas in a logical way. Abstract should reflect the essence of the project The introduction should provide the overview of the topic and highlight its significance Clearly indicate the objectives of your project. Describe all the methods used such as interviews, questionnaires in the methodology section. Ensure that literature review is in your own words. Analyze other person’s contribution to the topic. Identify the gaps in the literature. Emphasize on the likely contribution of your project to the existing literature on the topic. Describe your findings from analysis in the results section. As
this is the most critical part of the project, ensure that there are no errors in analysis. Make proper inferences from analysis and findings. The conclusion section should summarize your objectives, findings and learning’s from the project. Provide useful supplementary information in the Appendix. Avoid plagiarism. The project report should reflect your understanding of the topic. The majority of the paper should be in your own words and reflect your own ideas. Give credit for all referenced work. Provide appropriate citation and references for all quotations. Ensure that papers referenced are relevant and not outdated. Your paper should be reader friendly. Use footnotes to explain difficult terms. Don’t use text from Wikipedia in footnotes All tables and figures must be suitably numbered and titled. Give appropriate credit. On completion, go through the entire project. Ensure there are no proofing errors and you have adhered to all guidelines related to the project. 22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 4/8 Criteria Ratings Pts 6.0 pts
18.0 pts 18.0 pts Introduction 6.0 pts Exceeds Standards Strong introduction of topics key question(s), terms, Clearly delineates subtopics to be reviewed. Specific thesis statement 3.0 pts Meets Standards Conveys topic and key question(s). Clearly delineates subtopics to be reviewed. General thesis statement 2.0 pts Needs Some Improvement to Meet Standards Coveys topic, but not key question(s).
Describes subtopics to be reviewed. General thesis statement. 1.0 pts Needs Substantial Improvement to Meet Standards Does not adequately convey topic. Does not describe subtopics to be reviewed. Lacks adequate theses statement.Focus and Sequencing 18.0 pts Exceeds Standards All material clearly related to subtopic, main topic. Strong organization and integration of material within subtopics. Strong transitions linking subtopics, and main topic. 9.0 pts
Meets Standards All material clearly related to subtopic, main topic and logically organized within subtopics. Clear, varied transitions linking subtopics, and main topic. 5.0 pts Needs Some Improvement to Meet Standards Most material clearly related to subtopic, main topic. Material may not be organized within subtopics. Attempts to provide variety of transitions. 1.0 pts Needs Substantial Improvement to Meet Standards Little evidence material is
logically organized into topic, subtopics or related to topic. Many transitions are unclear or unsubstantiated. Support, Citations, and References 18.0 pts Exceeds Standards Strong peer- reviewed research based support for thesis, references and citations are thoroughly and clearly indicated after every quote or an authors statement or idea. 9.0 pts Meets Standards Good research based support for thesis, references and citations are adequately and clearly indicated after most quotes or an authors
statement or idea. 5.0 pts Needs Some Improvement to Meet Standards Some research based support for thesis, references and citations are inconsistently indicated after a few quotes or an authors statement or idea. 1.0 pts Needs Substantial Improvement to Meet Standards limited or no peer- reviewed research based support for thesis, references and citations are absent.
22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 5/8 Criteria Ratings Pts 6.0 pts 6.0 pts 6.0 pts -- Spelling and Grammar 6.0 pts Exceeds Standards Work has no misspellings or grammatical errors. 3.0 pts Meets Standards Work has 1 or 2 misspellings or grammatical errors 2.0 pts
Needs Some Improvement to Meet Standards Work has several misspellings or grammatical errors 1.0 pts Needs Substantial Improvement to Meet Standards Work has numerous misspellings or grammatical errors Conclusion 6.0 pts Exceeds Standards Strong review of key conclusions and integration with thesis statement. Insightful and supported discussion of impact of the researched material. 3.0 pts Meets Standards Good review of key conclusions
and integration with thesis statement. Good discussion on impact of researched material. 2.0 pts Needs Some Improvement to Meet Standards Review of key conclusions. Some integration with thesis statement. Discusses impact of researched material on topic. 1.0 pts Needs Substantial Improvement to Meet Standards Does not summarize evidence with response to thesis
statements. Does not discuss the impact of researched material. Citations and References 6.0 pts Exceeds Standards All references and citations are correctly written and present. 3.0 pts Meets Standards One reference or citations missing or incorrectly written. 2.0 pts Needs Some Improvement to Meet Standards Two references or citations missing or incorrectly written.
1.0 pts Needs Substantial Improvement to Meet Standards Reference and citation errors detract significantly from paper. fundamental networking concepts, analyze networking protocols and implement established standards to design a robust networking infrastructure. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations
22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 6/8 Criteria Ratings Pts -- -- -- -- potential vulnerabilities and threats to network infrastructure, predict the implication of network security breaches and analyze the available countermeasures. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations
0.0 pts Does Not Meet Expectations different network security mechanisms, analyze available security controls and develop strategies to implement and configure these controls. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations role of network security policies, and develop comprehensive policies that help in protecting network
infrastructure. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations working of various networking devices, and develop strategies for secure configuration of these devices. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations
22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 7/8 Criteria Ratings Pts -- -- -- -- issues with operating systems and network-based applications, analyze the common vulnerabilities and implement best practices to harden networks. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations
0.0 pts Does Not Meet Expectations cryptography algorithms and encryption techniques, and design implementation strategies for privacy and security of information. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations contrast various network security tools, and make decisions to deploy proper security tools based on evidence,
information, and research. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations physical security mechanisms, examine the issues and recommend the countermeasures to safeguard the network infrastructure. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts
Does Not Meet Expectations 22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 8/8 Total Points: 60.0 Criteria Ratings Pts -- impact of an incident in the network and develop policies, processes, and guidelines for incident handling and disaster recovery. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet
Expectations 22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 1/8 Project Report Submission Due No Due Date Points 60 Submitting a file upload Available Mar 16 at 3am - Mar 23 at 2:59am 7 days Submit Assignment Summative Assessment Research Project: 60 pts. Directions on Project: Guidelines on Graduate Project Following are the guidelines for your graduate project. Selecting a Topic Choose a project topic from one of your completed labs from the previous weeks. You may go back through the lab content to familiarize yourself with the information required to complete your project. Prepare a rough outline of project proposal you would like to submit. Discuss the topic and draft project proposal with the instructor. Conduct further research on the topic. Make a detailed proposal.
In the project proposal you should: a. Introduce the topic scenario b. Describe the methodology to be adopted fro performing the test. c. State the timeline for the project completion. d. Include references and authorization letters Working on the Project You have to complete your project within the stipulated deadlines. Plan your project accordingly While meeting the executives of a company in relation to your project, make sure you have appropriate approvals and request letters from the concerned university department or company. Make sure your instructor approves questionnaires designed for any survey in relation to the project. You must use any data collected in course of the research, only for the approved project. You must not share collected information with other students. Make notes of key points during the course of research. It would save lot of time in preparation of project report. 22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 2/8
Make sure all relevant journals, magazines, papers and books are available in the university library. Analysis is the most critical part of the project and forms basis for all findings. Make sure you make use of appropriate statistical tools in analysis. Writing a Project Report Review the style guidelines for project report The project report should not exceed 7,000 words Abstract should be between 150-250 words Select A4 size; page orientation should be portrait. Specify “1” margin on all sides. Number all pages consecutively. Start every chapter on a new page. Provide double spacing You should use Times New Roman Font- “12” for text and “10” for footnotes. Use a larger font size for section headings. A project report must contain: Content Section a. Title Page Preliminariesb. Table of Contents c. Abstract d. Introduction and background Body of the report e. Problem statement f. Objectives of the project
g. Literature review h. Methodology adopted i. Results - project findings j. Recommendations k. Conclusion l. Bibliography References 22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 3/8 Research Paper (60) m. Appendix n. List of figures and tables o. Index words (if required) Be clear and precise. Express your ideas in a logical way. Abstract should reflect the essence of the project The introduction should provide the overview of the topic and highlight its significance Clearly indicate the objectives of your project. Describe all the methods used such as interviews, questionnaires in the methodology section.
Ensure that literature review is in your own words. Analyze other person’s contribution to the topic. Identify the gaps in the literature. Emphasize on the likely contribution of your project to the existing literature on the topic. Describe your findings from analysis in the results section. As this is the most critical part of the project, ensure that there are no errors in analysis. Make proper inferences from analysis and findings. The conclusion section should summarize your objectives, findings and learning’s from the project. Provide useful supplementary information in the Appendix. Avoid plagiarism. The project report should reflect your understanding of the topic. The majority of the paper should be in your own words and reflect your own ideas. Give credit for all referenced work. Provide appropriate citation and references for all quotations. Ensure that papers referenced are relevant and not outdated. Your paper should be reader friendly. Use footnotes to explain difficult terms. Don’t use text from Wikipedia in footnotes All tables and figures must be suitably numbered and titled. Give appropriate credit. On completion, go through the entire project. Ensure there are no proofing errors and you have adhered to all guidelines related to the project. 22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381
0 4/8 Criteria Ratings Pts 6.0 pts 18.0 pts 18.0 pts Introduction 6.0 pts Exceeds Standards Strong introduction of topics key question(s), terms, Clearly delineates subtopics to be reviewed. Specific thesis statement 3.0 pts Meets Standards Conveys topic and key question(s). Clearly delineates subtopics to be reviewed. General thesis statement 2.0 pts Needs Some
Improvement to Meet Standards Coveys topic, but not key question(s). Describes subtopics to be reviewed. General thesis statement. 1.0 pts Needs Substantial Improvement to Meet Standards Does not adequately convey topic. Does not describe subtopics to be reviewed. Lacks adequate theses statement.Focus and Sequencing 18.0 pts Exceeds Standards All material clearly related to subtopic, main topic. Strong organization and integration of material within
subtopics. Strong transitions linking subtopics, and main topic. 9.0 pts Meets Standards All material clearly related to subtopic, main topic and logically organized within subtopics. Clear, varied transitions linking subtopics, and main topic. 5.0 pts Needs Some Improvement to Meet Standards Most material clearly related to subtopic, main topic. Material may not be organized within subtopics. Attempts to provide variety of transitions. 1.0 pts Needs
Substantial Improvement to Meet Standards Little evidence material is logically organized into topic, subtopics or related to topic. Many transitions are unclear or unsubstantiated. Support, Citations, and References 18.0 pts Exceeds Standards Strong peer- reviewed research based support for thesis, references and citations are thoroughly and clearly indicated after every quote or an authors statement or idea. 9.0 pts Meets Standards Good research based support for
thesis, references and citations are adequately and clearly indicated after most quotes or an authors statement or idea. 5.0 pts Needs Some Improvement to Meet Standards Some research based support for thesis, references and citations are inconsistently indicated after a few quotes or an authors statement or idea. 1.0 pts Needs Substantial Improvement to Meet Standards limited or no peer- reviewed research based support for
thesis, references and citations are absent. 22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 5/8 Criteria Ratings Pts 6.0 pts 6.0 pts 6.0 pts -- Spelling and Grammar 6.0 pts Exceeds Standards Work has no misspellings or grammatical errors. 3.0 pts Meets Standards
Work has 1 or 2 misspellings or grammatical errors 2.0 pts Needs Some Improvement to Meet Standards Work has several misspellings or grammatical errors 1.0 pts Needs Substantial Improvement to Meet Standards Work has numerous misspellings or grammatical errors Conclusion 6.0 pts Exceeds Standards Strong review of key conclusions and integration with thesis statement. Insightful and supported discussion of impact of the researched material.
3.0 pts Meets Standards Good review of key conclusions and integration with thesis statement. Good discussion on impact of researched material. 2.0 pts Needs Some Improvement to Meet Standards Review of key conclusions. Some integration with thesis statement. Discusses impact of researched material on topic. 1.0 pts Needs Substantial Improvement to Meet
Standards Does not summarize evidence with response to thesis statements. Does not discuss the impact of researched material. Citations and References 6.0 pts Exceeds Standards All references and citations are correctly written and present. 3.0 pts Meets Standards One reference or citations missing or incorrectly written. 2.0 pts Needs Some Improvement to
Meet Standards Two references or citations missing or incorrectly written. 1.0 pts Needs Substantial Improvement to Meet Standards Reference and citation errors detract significantly from paper. fundamental networking concepts, analyze networking protocols and implement established standards to design a robust networking infrastructure. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets
Expectations 0.0 pts Does Not Meet Expectations 22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 6/8 Criteria Ratings Pts -- -- -- -- potential vulnerabilities and threats to network infrastructure, predict the implication of network security breaches and analyze the available countermeasures. threshold: 3.0 pts 5.0 pts
Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations different network security mechanisms, analyze available security controls and develop strategies to implement and configure these controls. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations
role of network security policies, and develop comprehensive policies that help in protecting network infrastructure. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations working of various networking devices, and develop strategies for secure configuration of these devices. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets
Expectations 0.0 pts Does Not Meet Expectations 22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 7/8 Criteria Ratings Pts -- -- -- -- issues with operating systems and network-based applications, analyze the common vulnerabilities and implement best practices to harden networks. threshold: 3.0 pts 5.0 pts
Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations 7. Analyze cryptography algorithms and encryption techniques, and design implementation strategies for privacy and security of information. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations 8. Compare and
contrast various network security tools, and make decisions to deploy proper security tools based on evidence, information, and research. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations physical security mechanisms, examine the issues and recommend the countermeasures to safeguard the network infrastructure. threshold: 3.0 pts 5.0 pts Exceeds Expectations
3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations 22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 8/8 Total Points: 60.0 Criteria Ratings Pts -- impact of an incident in the network and develop policies, processes, and guidelines for incident handling and disaster recovery. threshold: 3.0 pts 5.0 pts Exceeds Expectations
3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations

More Related Content

PDF
ztna-2-0-report.pdf
byAnto664537
 
PPTX
Zero trust model for cloud computing.pptx
bykkhhusshi
 
PPTX
Zero Trust Network Access
byEr. Ajay Sirsat
 
PDF
A new Frontier in Cybersecurity - ZTNA.pdf
byBert Blevins
 
PDF
Moving Beyond Remote Access: Discover the Power of Zero Trust Network Access
byEnterprise Management Associates
 
PDF
Fortinet ZTNA - Um contexto de sua Implementação
bymjssbahia
 
PPTX
What Comes After VPN?
byZscaler
 
PPT
Pulse Zero Trust Access simplifies management and mitigates cyber risks.ppt
byKendraJohnson54
 
ztna-2-0-report.pdf
byAnto664537
 
Zero trust model for cloud computing.pptx
bykkhhusshi
 
Zero Trust Network Access
byEr. Ajay Sirsat
 
A new Frontier in Cybersecurity - ZTNA.pdf
byBert Blevins
 
Moving Beyond Remote Access: Discover the Power of Zero Trust Network Access
byEnterprise Management Associates
 
Fortinet ZTNA - Um contexto de sua Implementação
bymjssbahia
 
What Comes After VPN?
byZscaler
 
Pulse Zero Trust Access simplifies management and mitigates cyber risks.ppt
byKendraJohnson54
 

Similar to Market Guide for Zero Trust Network AccessPublished 29 Apri.docx

PPTX
ivanti-swapout_967754 presentation decks
byamitkumarsingh545
 
PPTX
Implementing Zero Trust Network Access: Enhancing Security in Modern Enterprises
byBert Blevins
 
PDF
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
byIvanti
 
PPTX
Zero Trust: Redefining Security in the Digital Age
byArnold Antoo
 
PPTX
How sdp delivers_zero_trust
byZscaler
 
PPTX
Adopting A Zero-Trust Model. Google Did It, Can You?
byZscaler
 
PDF
ZTNA(7.2 CONFIG AND LAB TEST FORTINET 2022
bygagip37481
 
PDF
Nitel USA_ Enhancing Data Security with Zero Trust Network Access.pdf
byNitel USA
 
PDF
BATbern48_How Zero Trust can help your organisation keep safe.pdf
byBATbern
 
PDF
Fortifying Cybersecurity_ The Imperative of Zero Trust Network Access
byNitel USA
 
PDF
BeyondCorp - Google Security for Everyone Else
byIvan Dwyer
 
PPTX
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
byCristian Garcia G.
 
PDF
Why Integrating Network Technology & Security Makes Sense Now
byAbaram Network Solutions
 
PPTX
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
byMaganathin Veeraragaloo
 
PPTX
COSAC 2021 presentation - AWS Zero Trust
byFrans Sauermann
 
PPTX
Faster, simpler, more secure remote access to apps in aws
byZscaler
 
PDF
Un enfoque práctico para implementar confianza cero en el trabajo híbrido
byCristian Garcia G.
 
PPTX
SECURE ACCESS SERVICE EDGE - SSE/SASE(CLOUD)
byfayish001
 
PPTX
3 reasons-sdp-is-replacing-vpn-in-2019
byZscaler
 
PDF
TIC-TOC: VPN Is Dead; Are you Monetizing Its Replacement?
bySaraPia5
 
ivanti-swapout_967754 presentation decks
byamitkumarsingh545
 
Implementing Zero Trust Network Access: Enhancing Security in Modern Enterprises
byBert Blevins
 
Cybersecurity Insiders Webinar - Zero Trust: Best Practices for Securing the...
byIvanti
 
Zero Trust: Redefining Security in the Digital Age
byArnold Antoo
 
How sdp delivers_zero_trust
byZscaler
 
Adopting A Zero-Trust Model. Google Did It, Can You?
byZscaler
 
ZTNA(7.2 CONFIG AND LAB TEST FORTINET 2022
bygagip37481
 
Nitel USA_ Enhancing Data Security with Zero Trust Network Access.pdf
byNitel USA
 
BATbern48_How Zero Trust can help your organisation keep safe.pdf
byBATbern
 
Fortifying Cybersecurity_ The Imperative of Zero Trust Network Access
byNitel USA
 
BeyondCorp - Google Security for Everyone Else
byIvan Dwyer
 
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
byCristian Garcia G.
 
Why Integrating Network Technology & Security Makes Sense Now
byAbaram Network Solutions
 
ZERO TRUST ARCHITECTURE - DIGITAL TRUST FRAMEWORK
byMaganathin Veeraragaloo
 
COSAC 2021 presentation - AWS Zero Trust
byFrans Sauermann
 
Faster, simpler, more secure remote access to apps in aws
byZscaler
 
Un enfoque práctico para implementar confianza cero en el trabajo híbrido
byCristian Garcia G.
 
SECURE ACCESS SERVICE EDGE - SSE/SASE(CLOUD)
byfayish001
 
3 reasons-sdp-is-replacing-vpn-in-2019
byZscaler
 
TIC-TOC: VPN Is Dead; Are you Monetizing Its Replacement?
bySaraPia5
 

More from alfredacavx97

DOCX
Continually in our changing society we are learning how to interact .docx
byalfredacavx97
 
DOCX
Context There are four main categories of computer crimeComput.docx
byalfredacavx97
 
DOCX
Continue to use the case study  (A&D High Tech) and Risk Management .docx
byalfredacavx97
 
DOCX
Continue to use the case study, evaluate, and assess risk. Use quali.docx
byalfredacavx97
 
DOCX
CONTEXT ASSIGNMENT # 6For this assignment, we are going to take .docx
byalfredacavx97
 
DOCX
Media and SocietyMedia HistoryJOHN DEWEY – 185.docx
byalfredacavx97
 
DOCX
Coping with Terrorism  Is the United States making progress in re.docx
byalfredacavx97
 
DOCX
MEDIA AND DIVERSITY IN CULTURECOM-530 MEDIA AND DIVE.docx
byalfredacavx97
 
DOCX
Medeiros LNB de, Silva DR da, Guedes CDFS et al. .docx
byalfredacavx97
 
DOCX
Measuring to Improve Medication Reconciliationin a Large Sub.docx
byalfredacavx97
 
DOCX
Meaningfulness vs. S.docx
byalfredacavx97
 
DOCX
Contributing to the Team’s Work Score 20 pts.20 - 25 pts..docx
byalfredacavx97
 
DOCX
Measuring Performance at Intuit A Value-Added Component in ERM Pr.docx
byalfredacavx97
 
DOCX
Controversial Issue in Microbiology Assignment Use of antibacte.docx
byalfredacavx97
 
DOCX
Control measures for noncommunicable disease may start with basic sc.docx
byalfredacavx97
 
DOCX
Contrasting Africa and Europes economic development.Why did Europ.docx
byalfredacavx97
 
DOCX
Measure the dependence of the resistance in the spinel Lu2V2O7 on .docx
byalfredacavx97
 
DOCX
Measures of Similaritv and Dissimilaritv 65the comparison .docx
byalfredacavx97
 
DOCX
MDS 4100 Communication Law Case Study Privacy CASE .docx
byalfredacavx97
 
DOCX
MDDtoDOC - GSS2018 Ballot 1 - English Table Of Contents.docx
byalfredacavx97
 
Continually in our changing society we are learning how to interact .docx
byalfredacavx97
 
Context There are four main categories of computer crimeComput.docx
byalfredacavx97
 
Continue to use the case study  (A&D High Tech) and Risk Management .docx
byalfredacavx97
 
Continue to use the case study, evaluate, and assess risk. Use quali.docx
byalfredacavx97
 
CONTEXT ASSIGNMENT # 6For this assignment, we are going to take .docx
byalfredacavx97
 
Media and SocietyMedia HistoryJOHN DEWEY – 185.docx
byalfredacavx97
 
Coping with Terrorism  Is the United States making progress in re.docx
byalfredacavx97
 
MEDIA AND DIVERSITY IN CULTURECOM-530 MEDIA AND DIVE.docx
byalfredacavx97
 
Medeiros LNB de, Silva DR da, Guedes CDFS et al. .docx
byalfredacavx97
 
Measuring to Improve Medication Reconciliationin a Large Sub.docx
byalfredacavx97
 
Meaningfulness vs. S.docx
byalfredacavx97
 
Contributing to the Team’s Work Score 20 pts.20 - 25 pts..docx
byalfredacavx97
 
Measuring Performance at Intuit A Value-Added Component in ERM Pr.docx
byalfredacavx97
 
Controversial Issue in Microbiology Assignment Use of antibacte.docx
byalfredacavx97
 
Control measures for noncommunicable disease may start with basic sc.docx
byalfredacavx97
 
Contrasting Africa and Europes economic development.Why did Europ.docx
byalfredacavx97
 
Measure the dependence of the resistance in the spinel Lu2V2O7 on .docx
byalfredacavx97
 
Measures of Similaritv and Dissimilaritv 65the comparison .docx
byalfredacavx97
 
MDS 4100 Communication Law Case Study Privacy CASE .docx
byalfredacavx97
 
MDDtoDOC - GSS2018 Ballot 1 - English Table Of Contents.docx
byalfredacavx97
 

Recently uploaded

PDF
java full stack programming and interview questions
byrajuashokit
 
PPTX
Drug acting on ANS.pptx (Drug acts on Sympathetic and parasympathetic NS)
byManarat International University
 
PPTX
Q4_PPT MUSIC & ARTS 7 week 1-2, matatag curriculum
byZEN
 
PPTX
How to Create_Generate Engineering Change Orders ECOs in Odoo 18
byCeline George
 
PPTX
Renal Physiology- Juxtaglomerular Apparatus.pptx
byDisha Soriya
 
PPTX
Methods & Applications of Enzyme Immobilization Technique.pptx
byAnupkumar Sharma
 
PPTX
Plant fibres used as surgical dressings & Sutures – Surgical Catgut and Ligat...
bySai Meer College of Pharmacy
 
PPTX
Plato's Insight model teaching and learning.pptx
byNikhitaDS
 
PDF
How "Raiders of the Lost Ark" and "Ordinary People" Employ Non-Verbal Acting
by6x5csns4pn
 
PPTX
13 February 2026 - Bullying in education prevalence, impact and responses acr...
byEduSkills OECD
 
PDF
Beyond the Absurd: A Comparative Reading of Waiting for Godot and the Bhagava...
byKruti Vyas
 
PPTX
ELIMINATION NEEDS Fundamentals of Nursing .pptx
bySonali Gupta
 
PPTX
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
PPTX
Return For Exchange in Odoo 18 Inventory
byCeline George
 
PDF
Chapter 05 Drugs Acting on the Central Nervous System: Anti-Depressant Drugs
bySandeshSul
 
PPTX
Greengnorance Toolkit Module1 Climate Change
byKarl Donert
 
PDF
Holm Community Heritage at St Nicholas Kirk - 2025 AGM Minutes (30.04.2025)
byAntoine Pietri
 
PPTX
How to Track & Manage My Time Section in Odoo 18 Time Off
byCeline George
 
PDF
The Sheep and the Goat: Beckett’s Subversion of Divine Justice in Waiting for...
bysejadchokiya
 
PDF
BP502T Industrial Pharmacy I (Theory) UNIT– I (Part 1)
byRushi Mandali
 
java full stack programming and interview questions
byrajuashokit
 
Drug acting on ANS.pptx (Drug acts on Sympathetic and parasympathetic NS)
byManarat International University
 
Q4_PPT MUSIC & ARTS 7 week 1-2, matatag curriculum
byZEN
 
How to Create_Generate Engineering Change Orders ECOs in Odoo 18
byCeline George
 
Renal Physiology- Juxtaglomerular Apparatus.pptx
byDisha Soriya
 
Methods & Applications of Enzyme Immobilization Technique.pptx
byAnupkumar Sharma
 
Plant fibres used as surgical dressings & Sutures – Surgical Catgut and Ligat...
bySai Meer College of Pharmacy
 
Plato's Insight model teaching and learning.pptx
byNikhitaDS
 
How "Raiders of the Lost Ark" and "Ordinary People" Employ Non-Verbal Acting
by6x5csns4pn
 
13 February 2026 - Bullying in education prevalence, impact and responses acr...
byEduSkills OECD
 
Beyond the Absurd: A Comparative Reading of Waiting for Godot and the Bhagava...
byKruti Vyas
 
ELIMINATION NEEDS Fundamentals of Nursing .pptx
bySonali Gupta
 
Greengnorance Toolkit Module 6 Water Resources
byKarl Donert
 
Return For Exchange in Odoo 18 Inventory
byCeline George
 
Chapter 05 Drugs Acting on the Central Nervous System: Anti-Depressant Drugs
bySandeshSul
 
Greengnorance Toolkit Module1 Climate Change
byKarl Donert
 
Holm Community Heritage at St Nicholas Kirk - 2025 AGM Minutes (30.04.2025)
byAntoine Pietri
 
How to Track & Manage My Time Section in Odoo 18 Time Off
byCeline George
 
The Sheep and the Goat: Beckett’s Subversion of Divine Justice in Waiting for...
bysejadchokiya
 
BP502T Industrial Pharmacy I (Theory) UNIT– I (Part 1)
byRushi Mandali
 

Market Guide for Zero Trust Network AccessPublished 29 Apri.docx

  • 1.
    Market Guide forZero Trust Network Access Published: 29 April 2019 ID: G00386774 Analyst(s): Steve Riley, Neil MacDonald, Lawrence Orans Zero trust network access replaces traditional technologies, which require companies to extend excessive trust to employees and partners to connect and collaborate. Security and risk management leaders should plan pilot ZTNA projects for employee/partner-facing applications. Key Findings ■ Digital business transformation requires that systems, services, APIs, data and processes be accessible through multiple ecosystems anywhere, anytime, from any device over the internet. This expands the surface area for attackers to target. ■ Secure access capabilities must evolve to the cloud, where the users are and where applications and services are moving. Many software-defined perimeter offerings are cloud- based. ■ IP addresses and location are no longer practical to establish sufficient trust for network access. ■ Zero trust network access provides adaptive, identity-aware,
  • 2.
    precision access. Removing networklocation as a position of advantage eliminates excessive implicit trust. ■ ZTNA improves flexibility, agility and scalability, enabling digital ecosystems to work without exposing services directly to the internet, reducing risks of distributed denial of service attacks. ■ Although virtual private network replacement is a common driver for the adoption of ZTNA, ZTNA can also offer a solution for allowing unmanaged devices to securely access applications. Recommendations Security and risk management leaders responsible for secure network access should: ■ Go beyond using IP addresses and network location as a proxy for access trust. Use ZTNA for application-level access only after sufficient user and device authentication. ■ Replace designs for employee- and partner-facing applications that expose services to direct internet connections. Pilot a ZTNA deployment using a digital business service that needs to be accessible to partners as a use case. ■ Phase out legacy VPN-based access for high-risk use cases and begin phasing in ZTNA. This reduces the ongoing need to support widely deployed VPN clients and introduces clientless identity- and device-aware access. Support unmanaged devices
  • 3.
    for employees. ■ ChooseZTNA products/services that expand identity assurance beyond a single factor, which is an important supplement to the ZTNA principle of context- based/adaptive access control. Strategic Planning Assumptions By 2022, 80% of new digital business applications opened up to ecosystem partners will be accessed through zero trust network access (ZTNA). By 2023, 60% of enterprises will phase out most of their remote access virtual private networks (VPNs) in favor of ZTNA. By 2023, 40% of enterprises will have adopted ZTNA for other use cases described in this research. Market Definition ZTNA, which is also known as a software-defined perimeter (SDP), creates an identity- and context- based, logical-access boundary around an application or set of applications. The applications are hidden from discovery, and access is restricted via a trust broker to a set of named entities. The broker verifies the identity, context and policy adherence of the specified participants before allowing access. This removes the application assets from public visibility and significantly reduces the surface area for attack. Market Description The old security mindset of “inside means trusted” and “outside means untrusted” is broken in the
  • 4.
    world of digitalbusiness, which requires anywhere, anytime, any device access to services that may not be located “inside” an on-premises data center. Similarly, the old model expects all programmers to be security engineers, building intrinsically secure networked applications, and incorporating sophisticated authentication and access controls. That does not scale today. The new model presents an approach in which a trust broker mediates connections between applications and users. ZTNA abstracts away and centralizes the security mechanisms so that the security engineers and staff can be responsible for them. ZTNA starts with a default deny posture of zero trust. It grants access based on identity, plus other attributes and context (such as time/date, geolocation and device posture), and adaptively offers the appropriate trust required at the time. The result is a more resilient environment with improved flexibility and better monitoring. ZTNA will appeal to organizations looking for adaptive and secure ways to connect and collaborate with their digital business ecosystem, remote workers and partners. ZTNA provides controlled access to resources, reducing the surface area for attack. The isolation afforded by ZTNA improves connectivity, removing the need to directly expose applications to the Page 2 of 15 Gartner, Inc. | G00386774 internet. The internet becomes an untrusted transport and access to applications occurs through an
  • 5.
    intermediary. The intermediarycan be a cloud service controlled by a third-party provider or a self- hosted service. In either case, incoming traffic to applications always passes through the intermediary after users have successfully authenticated to it. In many cases, entity behavior is continuously monitored for abnormal activity, as described in Gartner’s Continuous Adaptive Risk and Trust Assessment (CARTA) framework (see “Zero Trust Is an Initial Step on the Roadmap to CARTA”). In a sense, ZTNA creates individualized “virtual perimeters” that encompass only the user, the device and the application. ZTNA normalizes the user experience, removing the access distinctions that exist when on, versus off, the corporate network. Market Direction The ZTNA notion has been gaining momentum since an initial specification for software-defined perimeters (SDP) was introduced at the Cloud Security Alliance Summit in 2014. The initial SDP specification addressed web-based applications only, and updates to the specification have lagged, but they are expected later in 2019. Commercial products roughly based on this initial specification are available, as are products based on Google’s BeyondCorp zero trust networking vision — also limited to web-enabled applications only. In addition, a large number of alternative commercial products using other approaches that are not limited to web applications have entered the market. The ZTNA market is still nascent, but it’s growing quickly. It has piqued the interest of organizations seeking a more flexible alternative to VPNs and those seeking
  • 6.
    more precise accessand session control to applications located on-premises and in the cloud. ZTNA vendors continue to attract venture capital funding. This, in turn, encourages new startups to enter the market and seek ways to differentiate. Merger and acquisition (M&A) activity in this market has begun, with three startup vendors now having been acquired by larger networking, telecommunications and security vendors. Although ZTNA offerings differ in their technical approaches, they provide generally the same fundamental value proposition: ■ Removing applications and services from direct visibility on the public internet. ■ Enabling precision (“just in time” and “just enough”) access for named users to specific applications only after an assessment of the identity, device health (highly encouraged) and context has been made. ■ Enabling access independent of the user’s physical location or the device’s IP address (except where policy prohibits — e.g., for specific areas of the world). Access policies are based on user, device and application identities. ■ Granting access only to the specific application, not the underlying network. This limits the need for excessive access to all ports and protocols or all applications, some of which the user may not be entitled to. ■ Providing end-to-end encryption of network communications.
  • 7.
    Gartner, Inc. |G00386774 Page 3 of 15 https://cloudsecurityalliance.org/artifacts/sdp-specification-v1- 0/ https://www.beyondcorp.com/ ■ Providing optional inspection of the traffic stream for excessive risks in the form of sensitive data handling and malware. ■ Enabling optional monitoring of the session for indications of unusual activity, duration or bandwidth requirements. ■ Providing a consistent user experience for accessing applications — clientless or via a ZTNA client regardless of network location. Gartner has identified different approaches vendors have adopted as they develop products and services for the market. Client-Initiated ZTNA These offerings more closely follow the original Cloud Security Alliance (CSA) SDP specification. An agent installed on authorized devices sends information about its security context to a controller. The controller prompts the user on the device for authentication and returns a list of allowed applications. After the user and device are authenticated, the controller provisions connectivity from the device through a gateway that shields services from direct internet access. The shielding
  • 8.
    protects applications fromdistributed denial of service (DDoS) attacks. Some products remain in the data path once the controller establishes connectivity; others remove themselves. This approach is difficult, if not impossible, to implement on an unmanaged device, due to the requirement to install an agent. In some cases, a third- party mobile threat defense (MTD) product — which users may be more willing to accept than full device management — can provide a posture assessment to the trust broker. (See Figure 1 for a conceptual model.) Figure 1. Conceptual Model of Client-Initiated ZTNA Page 4 of 15 Gartner, Inc. | G00386774 Service-Initiated ZTNA These models more closely follow the Google BeyondCorp vision. A connector installed in the same network as the application establishes and maintains an outbound connection to the provider’s cloud. Users authenticate to the provider to access protected applications. The provider then typically authenticates to an enterprise identity management product. Application traffic passes through the provider’s cloud, which provides isolation from direct access via a proxy. Enterprise firewalls require no openings for inbound traffic. However, the provider’s network becomes another element of network security that must be evaluated.
  • 9.
    The advantage ofthis model is that no agent is required on the end user’s device, making it an attractive approach for unmanaged devices. The disadvantage is that the application’s protocols must be based on HTTP/HTTPS, limiting the approach to web applications and protocols such as Secure Shell (SSH) or Remote Desktop Protocol (RDP) over http. (See Figure 2 for a conceptual model.) Figure 2. Conceptual Model of Service-Initiated ZTNA Some vendors offer both alternatives. This provides enterprises with the ability to mix and match, as needed, to address specific use cases. Market Analysis The internet was designed to connect things easily, not to block connections. The internet uses inherently weak identifiers (specifically, IP addresses) to connect. If you have an IP address and a route, you can connect and communicate to other IP addresses, which were never designed to be authentication mechanisms. The messy problem of authentication is handled by higher levels of the Gartner, Inc. | G00386774 Page 5 of 15 stack, typically the OS and application layers. For network connectivity, this default allow posture creates an excessive amount of implicit trust. Attackers abuse this trust. The first companies that connected to the public internet quickly found
  • 10.
    out that theyneeded a demarcation point where their internal network connected to the internet. This ultimately created what has become a multibillion dollar market for perimeter firewalls. Networked systems on the inside were “trusted” and free to communicate with each other. External systems were “untrusted” and communications with the outside, inbound or outbound, were blocked by default. If needs arose for communication with the outside, these required a series of exceptions (i.e., holes) in the firewall, which were difficult and cumbersome to maintain and monitor. This trusted/untrusted network security model is a relatively coarse and crude control, but it was initially effective. However, it creates excessive trust (on the inside) that is abused by attackers from the outside (once they penetrate the defenses and reach the inside). When external access to our systems and services is needed, we typically do one of two things. For some users, we create a VPN to allow the user to pass through the firewall and connect to the internal network. Once “inside,” the VPN connection is treated as trusted. Alternatively, we place the front end to the service in a segmented part of the network with direct internet connectivity — referred to as a demilitarized zone (DMZ) — so users can access it. Both alternatives create excessive trust and do little to restrict lateral movement, resulting in latent risk. In the case of VPNs, attackers with credentialed access now have access to our networks. (The Target HVAC breach is an example.) Likewise, if the service is exposed in the DMZ, anyone on the internet — including all the attackers — can see it as well, even if it is
  • 11.
    protected by aweb application firewall (WAF). Excessive network trust leads to excessive latent risk. This will inevitably be exploited, leading to breaches and bringing legal, financial and regulatory exposure. Network connectivity (even the right to “ping” or see a server) should not be an entitlement; it should be earned based on trust. Gartner believes the time has come to isolate services and applications from the dangers of the public internet, and to provide compartmentalized access only to required applications in any given context. The tremendous increase in the number of internet- connected services, and the growing likelihood that services and users could be located at virtually any IP address, exacerbate the weaknesses of the old model. Benefits and Uses The benefits of ZTNA are immediate. Similar to a traditional VPN, services brought within the ZTNA environment are no longer visible on the public internet and, thus, are shielded from attackers. In addition, ZTNA brings significant benefits in user experience, agility, adaptability and ease of policy management. For cloud-based ZTNA offerings, scalability and ease of adoption are additional benefits. ZTNA enables digital business transformation scenarios that are ill-suited to legacy access approaches. As a result of digital transformation efforts, most enterprises will have more applications, services and data outside their enterprises than inside. Cloud-based ZTNA services place the security controls where the users and applications are
  • 12.
    — in thecloud. Some of the larger ZTNA vendors have invested in dozens of points of presence worldwide for low-latency user/device access. Page 6 of 15 Gartner, Inc. | G00386774 Several use cases lend themselves to ZTNA: ■ Opening applications and services to collaborative ecosystem members, such as distribution channels, suppliers, contractors or retail outlets, without requiring a VPN or DMZ. Access is more tightly coupled to applications and services. ■ Normalizing the user experience for application access — ZTNA eliminates the distinction between being on and off the corporate network. ■ Carrying encryption all the way to the endpoints for scenarios where you don’t trust the carrier or cloud provider. ■ Providing application-specific access for IT contractors and remote or mobile employees as an alternative to VPN-based access. ■ Extending access to an acquired organization during M&A activities, without having to configure site-to-site VPN and firewall rules. ■ Permitting users in potentially dangerous areas of the world to interact with applications and data in ways that reduce or eliminate the risks that originate in
  • 13.
    those areas —pay attention to requirements for strong identity and endpoint protection. ■ Isolating high-value enterprise applications within the network or cloud to reduce insider threats and affect separation of duties for administrative access. ■ Authenticating users on personal devices — ZTNA can improve security and simplify bring your own device (BYOD) programs by reducing full management requirements and enabling more- secure direct application access. ■ Creating secure enclaves of Internet of Things (IoT) devices or a virtual-appliance-based connector on the IoT network segment for connection. ■ Cloaking systems on hostile networks, such as systems that would otherwise face the public internet, used for collaboration. ■ Enabling SaaS applications to connect back to enterprise systems and data for processes that require SaaS applications to interact with enterprise on- premises or infrastructure as a service (IaaS)-based services. Risks Although ZTNA greatly reduces overall risks, it doesn’t eliminate every risk completely, as these examples illustrate: ■ The trust broker could become a single point of any kind of failure. Fully isolated applications using ZTNA will stop working when the ZTNA service is down.
  • 14.
    Well-designed ZTNA services includephysical and geographic redundancy with multiple entry and exit points to minimize the likelihood of outages affecting overall availability. Furthermore, a vendor’s SLA (or lack thereof) can be an indicator of how robust it views their offering. Favor vendors with SLAs that minimize business disruptions. Gartner, Inc. | G00386774 Page 7 of 15 ■ Attackers could attempt to compromise the trust broker system. Although unlikely, the risk isn’t zero. ZTNA services built on public clouds or major internet carriers benefit from the provider’s strong tenant isolation mechanisms. Nevertheless, collapse of the tenant isolation would allow an attacker to penetrate the systems of the vendor’s customers and move laterally within and between them. A compromised trust broker should fail over to a redundant one immediately. If it can’t, then it should fail closed — that is, if it can’t deflect abuse, it should disconnect from the internet. Favor vendors who adopt this stance. ■ Compromised user credentials could allow an attacker on the local device to observe and exfiltrate information from the device. ZTNA architectures that combine device authentication with user authentication contain this threat to a degree, stopping the attack from propagating beyond the device itself. We suggest that, wherever possible, stronger authentication for access be used.
  • 15.
    ■ Some ZTNAvendors have chosen to focus their developments on supporting web application protocols only (HTTP/HTTPS). Carrying legacy applications and protocols through a ZTNA service could prove to be more difficult. ■ The market is in flux, and smaller vendors could disappear or be acquired. Evaluation Factors When evaluating ZTNA technologies, here are the key questions to ask: ■ Does the vendor require that an endpoint agent be installed? What OSs are supported? What mobile devices? How well does the agent behave in the presence of other agents? ■ Does the offering support single packet authentication (SPA) as an initial form of identity verification to the trust broker? SPA allows the broker to ignore any attempts to communicate, unless the first attempt contains a specialized, encrypted packet. ■ Does the offering provide the ability to perform a security posture assessment of the device (OS version, patch levels, password and encryption policies, etc.), without requiring a unified endpoint management (UEM) tool? Is any option provided for achieving this on unmanaged devices? ■ Does the offering integrate with UEM providers, or can the local agent determine device health
  • 16.
    and security postureas a factor in the access decision? What UEM vendors has the ZTNA vendor partnered with? ■ What authentication standards does the trust broker support? Is integration with an on- premises directory or cloud-based identity services available? Does the trust broker integrate with the organization’s existing identity provider? Does the trust broker support common options for multifactor authentication (MFA)? Can the provider enforce strong user authentication for administrators? ■ Is there user and entity behavior analytics (UEBA) functionality that can identify when something anomalous happens within the ZTNA-protected environment? Page 8 of 15 Gartner, Inc. | G00386774 ■ Some ZTNA products are delivered partly or wholly as cloud- based services. Does this meet the organization’s security and residency requirements? Has the vendor undergone one or more third-party attestations, such as SOC 2 or ISO 27001? ■ How geographically diverse are the vendor’s entry and exit points (referred to as edge locations and/or points of presence) worldwide? What edge/physical infrastructure providers or colocation facilities does the vendor use? ■ What is the vendor’s technical behavior when the ZTNA service comes under sustained attack?
  • 17.
    Does the servicefail closed (thus blocking digital business partners from accessing enterprise services) or does the service fail open? Is it possible to selectively choose fail-closed or fail- open for specific enterprise applications? If fail-open is a requirement, don’t forget to add in other layers of defense to protect applications no longer shielded by the ZTNA service. ■ Does the offering support only web applications, or can legacy applications also gain the same security advantages? ■ What algorithms and key lengths has the vendor chosen? What third-party certifications has the vendor obtained? Does the vendor’s product description demonstrate an understanding of contemporary cryptographic practices, or is it laced with too- good-to-be-true crypto “snake oil”? ■ After the user and device pass authentication, does the trust broker remain resident in the data path? This approach deserves consideration. Trust brokers that remain in the data path offer greater visibility and can monitor for unusual and suspicious activities. They could, however, become bottlenecks or single points of failure. Designs that include failover support mitigate this concern, but could be vulnerable to DDoS attacks that attempt to bypass inspection. ■ Can the vendor provide inspection of session flows and content for inappropriate sensitive data handling, malware detection and unusual behaviors?
  • 18.
    ■ To whatextent is partial or full cloaking, or allowing or prohibiting inbound connections, a part of the isolated application’s security requirements? Perhaps the more minimal protection of a content delivery network (CDN) is sufficient. Different enterprise applications might have different requirements. ■ Does the provider maintain a bug bounty program and have a credible, responsible, public or private disclosure policy? It is critical for software providers to constantly test for and remove product vulnerabilities. Favor providers that actively do so. ZTNA Alternatives There are several alternative approaches to ZTNA: ■ Legacy VPNs remain popular, but they might not provide sufficient risk management for exposed services and may be difficult to manage, given the dynamic nature of digital business. Always-on VPNs that require device and user authentication align with the ZTNA model; however, basic network-access VPNs do not. Factor security requirements into VPN models Gartner, Inc. | G00386774 Page 9 of 15 and user satisfaction expectations. For third-party, privileged access into enterprise systems, a privileged access management (PAM) tool can be a useful alternative to a VPN.
  • 19.
    ■ Exposing webapplications through a reverse-proxy-based WAF is another option. With WAF as a service (i.e., cloud WAF), traffic passes through the provider’s WAF service for inspection before delivery to its destination. To avoid false positives or potential application malfunctions, cloud WAFs, like any other WAF, typically require some time for testing and adjusting rules. Because the protected services are still visible to attackers on the public internet, the isolation is limited to the strength of the WAF. However, partner- and employee-facing applications are not normally candidates for WAFs. ■ Choosing to retain existing design patterns and exposing digital business applications in traditional DMZs remain alternatives. However, DMZs provide limited isolation against modern attacks (typically a reverse-proxy WAF). Furthermore, DMZs still leave the application discoverable to all attackers. ■ A remote browser isolation product (see “Innovation Insight for Remote Browser Isolation”) offers another option, specifically for the isolation of web- enabled application access. Here, the browser session itself is rendered from the end user’s device and, typically, in a service, from the enterprise network (e.g., a cloud-based remote browser service), providing isolation on both sides. ■ CDNs can absorb DDoS attacks, reduce the noise and threats of bot attacks, and guard against website defacement. However, they offer no application-level protection and no anonymity —
  • 20.
    attackers targeting sitescan discover the site is protected with a CDN and might attempt to exploit vulnerabilities present in the CDN. Many CDNs include a basic cloud WAF. ■ Applications that don’t require full, interactive internet connectivity, but instead expose only APIs to the public internet could be protected by an API gateway, although ZTNA can also work here. API gateways enforce authentication, validate authorization and mediate the correct use of application APIs. This is especially useful if the application lacks mechanisms for ensuring API security. Most API gateways also expose logs of all activity through a native monitoring tool or integration with popular security information and event management (SIEM) tools. Favor API gateways that integrate with enterprise directories and single sign-on (SSO) protocols — or use a ZTNA service instead. ■ It is possible to go full IaaS. When ZTNA or other isolation measures are not good enough, moving the application off-enterprise completely is the best alternative. Many of the suggested isolation mechanisms are available to workloads placed in the cloud and are designed more for primary protection, rather than enterprise isolation. The goal shifts to protecting the application and data, with less concern for isolation. However, this still leaves systems exposed to attack, especially if legacy DMZ architectures are replicated in the cloud. Representative Vendors The vendors listed in this Market Guide do not imply an
  • 21.
    exhaustive list. Thissection is intended to provide more understanding of the market and its offerings. Page 10 of 15 Gartner, Inc. | G00386774 Market Introduction ZTNA products and services are offered by vendors in one of two ways: ■ As a service from the cloud ■ As a stand-alone offering that the customer is responsible for supporting As-a-service offerings (see Table 1) require less setup and maintenance than stand-alone offerings. As-a-service offerings typically require provisioning at the end- user or service side and route traffic through the vendor’s cloud for policy enforcement. Stand-alone offerings (see Table 2) require customers to deploy and manage all elements of the product. In addition, several of the major IaaS cloud providers offer ZTNA capabilities for their customers. Table 1. Representative Vendors of ZTNA as a Service Vendor Product or Service Name Akamai Enterprise Application Access Cato Networks Cato Cloud Cisco Duo Beyond (acquisition by Cisco)
  • 22.
    CloudDeep Technology (Chinaonly) DeepCloud SDP Cloudflare Cloudflare Access InstaSafe Secure Access Meta Networks Network as a Service Platform New Edge Secure Application Network Okta Okta Identity Cloud (Acquired ScaleFT) Perimeter 81 Software Defined Perimeter SAIFE Continuum Symantec Luminate Secure Access Cloud (acquisition by Symantec) Verizon Vidder Precision Access (acquisition) Zscaler Private Access Source: Gartner (April 2019) Gartner, Inc. | G00386774 Page 11 of 15 Table 2. Representative Vendors of Stand-Alone ZTNA Vendor Product or Service Name BlackRidge Technology Transport Access Control
  • 23.
    Certes Networks ZeroTrust WAN Cyxtera AppGate SDP Google Cloud Platform (GCP) Cloud Identity-Aware Proxy (Cloud IAP) Microsoft (Windows only) Azure AD Application Proxy Pulse Secure Pulse SDP Safe-T Software-Defined Access Suite Unisys Stealth Waverley Labs Open Source Software Defined Perimeter Zentera Systems Cloud-Over-IP (COiP) Access Source: Gartner (April 2019) Market Recommendations Given the significant risk that the public internet represents and the attractiveness of compromising internet-exposed systems to gain a foothold in enterprise systems, enterprises need to consider isolating digital business services from visibility by the public internet. Don’t mistake Gartner’s recommendation for the tried, yet true “security by obscurity is no security at all” axiom. Although ZTNA cloaks services from discovery and reconnaissance, it erects true barriers that are proving to be more challenging for attackers to circumvent than older notions of simple obfuscation. For legacy VPN access, look for scenarios in which targeted
  • 24.
    sets of usersperforming their work through a ZTNA service can provide immediate value in improving the overall security posture of the organization. In most cases, this could be a partner- or employee-facing application. A ZTNA project is a step toward a more widespread zero trust networking (default deny) security posture. Specifically, nothing can communicate (or even see) an application resource until sufficient trust is established, given the risk and current context to extend network connectivity. For DMZ-based applications, evaluate what sets of users require access. For those applications with a defined set of users, plan to migrate them to a ZTNA service during the next several years. Use the migration of these applications to public cloud IaaS as a catalyst for this architectural shift. Specific Recommendations ■ Budget and pilot a ZTNA project to demonstrate the benefits of ZTNA to the organization. Page 12 of 15 Gartner, Inc. | G00386774 ■ Plan for user-to-application mapping. Role-based access control (RBAC) can help with this. Avoid allowing all users to access all applications. ■ Identify which applications and workflows are not candidates for ZTNA, and exclude them from the scope. This includes access to and download of unstructured data not protected by
  • 25.
    application- and consumer-facingapplications. ■ The ZTNA market is emerging, so sign only short-term contracts for no more than 12 to 24 months to retain greater vendor selection flexibility as the market grows and matures. ■ For most digital business scenarios, favor vendors that offer ZTNA as a service for easier deployment, higher availability and protection against DDoS attacks. Favor vendors that require no openings in firewalls for listening services (inbound connections), which is typical for most as-a-service flavors of ZTNA. ■ When security requirements demand an on-premises installation of a ZTNA product, favor vendors that can reduce the number of firewall openings as much as possible. ■ If unmanaged devices will be used by named users, plan to deploy a reverse-proxy-based ZTNA product or service to avoid the need for agent installation. ■ Ensure that the vendor supports the authentication protocols the organization and partners use now, including the enterprise’s standard identity store, as well as any it expects to use in the future. The wider the available range, the better, including cloud SSO providers and SaaS- delivered access management providers. ■ Don’t expect partners to use your identity store. Require support for SAML, OAuth, OIDC and similar identity federation capabilities.
  • 26.
    ■ Evaluate theeffectiveness of a vendor’s ability to query other kinds of device agents, such as UEM, endpoint detection and response (EDR) and MTD, to gain additional context for improved adaptive access decisions. ■ Attackers will target ZTNA trust brokers. For on-premises ZTNA products, harden the host OSs using a cloud workload protection platform (CWPP) tool that supports on-premises deployments (see “Market Guide for Cloud Workload Protection Platforms”). Rely primarily on default deny allow-listing to explicitly define the code allowed to execute on the system. Don’t rely solely on patching to keep the system hardened. ■ If you choose a smaller provider, plan for potential acquisitions by placing appropriate clauses in contracts and having a list of alternative providers lined up, if needed. Gartner Recommended Reading Some documents may not be available as part of your current Gartner subscription. “Zero Trust Is an Initial Step on the Roadmap to CARTA” Gartner, Inc. | G00386774 Page 13 of 15 “Hype Cycle for Enterprise Networking and Communications, 2018” “Hype Cycle for Cloud Security, 2018”
  • 27.
    “Fact or Fiction:Are Software-Defined Perimeters Really the Next-Generation VPNs?” Note 1 Representative Vendor Selection The vendors named in this guide were selected to represent two types of ZTNA offerings: as-a- service and stand-alone. For these categories, we list the vendors known to Gartner as of April 2019. Note 2 Gartner’s Initial Market Coverage This Market Guide provides Gartner’s initial coverage of the market and focuses on the market definition, rationale for the market and market dynamics. Page 14 of 15 Gartner, Inc. | G00386774 GARTNER HEADQUARTERS Corporate Headquarters 56 Top Gallant Road Stamford, CT 06902-7700 USA +1 203 964 0096 Regional Headquarters AUSTRALIA BRAZIL JAPAN UNITED KINGDOM
  • 28.
    For a completelist of worldwide locations, visit http://www.gartner.com/technology/about.jsp © 2019 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner's prior written permission. It consists of the opinions of Gartner's research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see "Guiding Principles on Independence and Objectivity." Gartner, Inc. | G00386774 Page 15 of 15 http://www.gartner.com/technology/about.jsp https://www.gartner.com/technology/about/policies/usage_polic y.jsp http://www.gartner.com/technology/about/ombudsman/omb_gui de2.jsp
  • 29.
    http://www.gartner.com/technology/about/ombudsman/omb_gui de2.jspStrategic Planning AssumptionsMarketDefinitionMarket DescriptionMarket DirectionClient-Initiated ZTNAService- Initiated ZTNAMarket AnalysisBenefits and UsesRisksEvaluation FactorsZTNA AlternativesRepresentative VendorsMarket IntroductionMarket RecommendationsSpecific RecommendationsGartner Recommended ReadingList of TablesTable 1. Representative Vendors of ZTNA as a ServiceTable 2. Representative Vendors of Stand-Alone ZTNAList of FiguresFigure 1. Conceptual Model of Client- Initiated ZTNAFigure 2. Conceptual Model of Service-Initiated ZTNA ENG 130: Literature and Comp Descriptive Imagery Response Eng 130: Essay for ENG 130: Descriptive Writing This assignment focuses on your ability to: research academic and reliable sources; translate the information from those sources into a cohesive piece of writing; respond creatively to artwork. The purpose of completing this assignment is: as a student and a career professional, and individual, you will often be required to research information that will further a school assignment, a work-related project, or a personal endeavor. Also, you might be asked to translate research into a
  • 30.
    written or oralpresentation that you can share with coworkers and peers in a way that will describe, persuade, or evoke emotion. This assignment has all of these skills! _____________________________________________________ _________ Prompt (What are you writing about?): Find a famous work of art. Write a researched history of the artist and the artwork and create a Descriptive Poem that uses imagery to describe the artwork and your reaction to it. Instructions (how to get it done): re of a famous work of art. Note: Be very careful about plagiarism. The purpose of this section is for you to research the work of art and the artist, put the summary of history and life into your own words, and then provide in text citations for the researched information. examples, create a descriptive poem that
  • 31.
    uses imagery wordsto provide a visual description of your chosen artwork and your reaction to it. Note: Your poem needs to be at least 14 lines. Remember in writing poetry, that not all poems need to rhyme. The important skill here is to use imagery descriptions to describe the artwork and the author. Requirements: -3 pages (not including the pasted picture). should not be factored into the 2-3 page length of the essay. ced, written in Times New Roman, in 12 point font and with 1 inch margins. Essay should conform to APA formatting and citation style. Can use creative style in poetry section. to create a properly-
  • 32.
    formatted APA referencepage. -text citations and references when using outside sources and textual evidence. -text citations for direct quotes, paraphrases, and new information. Sources: “Poetry Sampler: Poetry and Art” pages PS-1 through PS-7 Rubric for Descriptive Writing Literary Response Does Not Meet Expectations 0-11 Below Expectations 12-13
  • 33.
    Needs Improvement 14-15 Satisfactory 16-17 Meets Expectations 18-20 Content Writing is disorganized or notclearly defined and/or shows a misunderstanding of the task. Writing is minimally organized. Narrative is underdeveloped. Writing is effective. Narrative is basic.
  • 34.
    Writing contains related, quality paragraphs. Thought provoking narrative. Writingis purposeful and focused. Narrative goes beyond the obvious and basic. Vocabulary/ Word Choice Word choice is weak. Language and phrasing is inappropriate, repetitive or lacks meaning. Word choice is limited. Language and phrasing lack inspiration.
  • 35.
    Word choice attempts to createa picture in the reader’s mind. Thoughtful language evokes some meaning within the piece. Lively word choice adds to the meaning of the piece. Some colorful language and unusual phrasing encourage reflection. . Powerful word choice enhances meaning. Original phrasing and memorable language prompts reflective thoughts and insights. Voice Writer’s personality is not evident. Connection to audience and
  • 36.
    purpose is lacking. Writing evokes Minimalemotion in the reader. Writer’s personality is undefined; writing is cautious. Connection to audience and purpose is limited. Writing evokes limited emotion in the reader Writer’s personality is limited; confidence and feeling fade in and out. Connection to audience and purpose is adequate. The writing evokes adequate emotion in the reader. Writer’s
  • 37.
    personality pokes through; confidence and feelingare basic. Connection to audience and purpose is appropriate. The writing evokes consistent emotion in the reader The writer’s personality is expressed; confidence and feeling are apparent. Connection to audience and purpose is excellent. Writing evokes strong emotion in the reader. Grammar and Mechanics Grammar and mechanics’ errors make the essay incomprehensible Grammar,
  • 38.
    spelling, punctuation, and mechanics errors occurthroughout document. Several errors in grammar, punctuation, spelling and mechanics present. Some spelling, grammar, punctuation and mechanical errors are evident. Free of punctuation, spelling, grammar, and other mechanical errors. APA Formatting APA format not used. Errors in four of the following areas: Title page, 1 inch margins, Times New Roman 12 font, double
  • 39.
    spacing. Errors in threeof the following areas: Title page, 1 inch margins, Times New Roman 12 font, double spacing. Errors in two of the following areas: Title page, 1 inch margins, Times New Roman 12 font, double spacing. No errors in the areas of: Title page,1 inch margins, Times New Roman 12 font, double spacing. 22/03/2020 Project Report Submission
  • 40.
    https://eccouncil.instructure.com/courses/476/assignments/1381 0 1/8 Project ReportSubmission Due No Due Date Points 60 Submitting a file upload Available Mar 16 at 3am - Mar 23 at 2:59am 7 days Submit Assignment Summative Assessment Research Project: 60 pts. Directions on Project: Guidelines on Graduate Project Following are the guidelines for your graduate project. Selecting a Topic Choose a project topic from one of your completed labs from the previous weeks. You may go back through the lab content to familiarize yourself with the information required to complete your project. Prepare a rough outline of project proposal you would like to submit. Discuss the topic and draft project proposal with the instructor. Conduct further research on the topic. Make a detailed proposal. In the project proposal you should: a. Introduce the topic scenario b. Describe the methodology to be adopted fro
  • 41.
    performing the test. c.State the timeline for the project completion. d. Include references and authorization letters Working on the Project You have to complete your project within the stipulated deadlines. Plan your project accordingly While meeting the executives of a company in relation to your project, make sure you have appropriate approvals and request letters from the concerned university department or company. Make sure your instructor approves questionnaires designed for any survey in relation to the project. You must use any data collected in course of the research, only for the approved project. You must not share collected information with other students. Make notes of key points during the course of research. It would save lot of time in preparation of project report. 22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 2/8 Make sure all relevant journals, magazines, papers and books are available in the university library. Analysis is the most critical part of the project and forms basis for all findings. Make sure you make use of appropriate statistical tools in analysis.
  • 42.
    Writing a ProjectReport Review the style guidelines for project report The project report should not exceed 7,000 words Abstract should be between 150-250 words Select A4 size; page orientation should be portrait. Specify “1” margin on all sides. Number all pages consecutively. Start every chapter on a new page. Provide double spacing You should use Times New Roman Font- “12” for text and “10” for footnotes. Use a larger font size for section headings. A project report must contain: Content Section a. Title Page Preliminariesb. Table of Contents c. Abstract d. Introduction and background Body of the report e. Problem statement f. Objectives of the project g. Literature review h. Methodology adopted i. Results - project findings
  • 43.
    j. Recommendations k. Conclusion l.Bibliography References 22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 3/8 Research Paper (60) m. Appendix n. List of figures and tables o. Index words (if required) Be clear and precise. Express your ideas in a logical way. Abstract should reflect the essence of the project The introduction should provide the overview of the topic and highlight its significance Clearly indicate the objectives of your project. Describe all the methods used such as interviews, questionnaires in the methodology section. Ensure that literature review is in your own words. Analyze other person’s contribution to the topic. Identify the gaps in the literature. Emphasize on the likely contribution of your project to the existing literature on the topic. Describe your findings from analysis in the results section. As
  • 44.
    this is themost critical part of the project, ensure that there are no errors in analysis. Make proper inferences from analysis and findings. The conclusion section should summarize your objectives, findings and learning’s from the project. Provide useful supplementary information in the Appendix. Avoid plagiarism. The project report should reflect your understanding of the topic. The majority of the paper should be in your own words and reflect your own ideas. Give credit for all referenced work. Provide appropriate citation and references for all quotations. Ensure that papers referenced are relevant and not outdated. Your paper should be reader friendly. Use footnotes to explain difficult terms. Don’t use text from Wikipedia in footnotes All tables and figures must be suitably numbered and titled. Give appropriate credit. On completion, go through the entire project. Ensure there are no proofing errors and you have adhered to all guidelines related to the project. 22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 4/8 Criteria Ratings Pts 6.0 pts
  • 45.
    18.0 pts 18.0 pts Introduction6.0 pts Exceeds Standards Strong introduction of topics key question(s), terms, Clearly delineates subtopics to be reviewed. Specific thesis statement 3.0 pts Meets Standards Conveys topic and key question(s). Clearly delineates subtopics to be reviewed. General thesis statement 2.0 pts Needs Some Improvement to Meet Standards Coveys topic, but not key question(s).
  • 46.
    Describes subtopics to be reviewed. Generalthesis statement. 1.0 pts Needs Substantial Improvement to Meet Standards Does not adequately convey topic. Does not describe subtopics to be reviewed. Lacks adequate theses statement.Focus and Sequencing 18.0 pts Exceeds Standards All material clearly related to subtopic, main topic. Strong organization and integration of material within subtopics. Strong transitions linking subtopics, and main topic. 9.0 pts
  • 47.
    Meets Standards All material clearly relatedto subtopic, main topic and logically organized within subtopics. Clear, varied transitions linking subtopics, and main topic. 5.0 pts Needs Some Improvement to Meet Standards Most material clearly related to subtopic, main topic. Material may not be organized within subtopics. Attempts to provide variety of transitions. 1.0 pts Needs Substantial Improvement to Meet Standards Little evidence material is
  • 48.
    logically organized into topic, subtopics orrelated to topic. Many transitions are unclear or unsubstantiated. Support, Citations, and References 18.0 pts Exceeds Standards Strong peer- reviewed research based support for thesis, references and citations are thoroughly and clearly indicated after every quote or an authors statement or idea. 9.0 pts Meets Standards Good research based support for thesis, references and citations are adequately and clearly indicated after most quotes or an authors
  • 49.
    statement or idea. 5.0pts Needs Some Improvement to Meet Standards Some research based support for thesis, references and citations are inconsistently indicated after a few quotes or an authors statement or idea. 1.0 pts Needs Substantial Improvement to Meet Standards limited or no peer- reviewed research based support for thesis, references and citations are absent.
  • 50.
    22/03/2020 Project ReportSubmission https://eccouncil.instructure.com/courses/476/assignments/1381 0 5/8 Criteria Ratings Pts 6.0 pts 6.0 pts 6.0 pts -- Spelling and Grammar 6.0 pts Exceeds Standards Work has no misspellings or grammatical errors. 3.0 pts Meets Standards Work has 1 or 2 misspellings or grammatical errors 2.0 pts
  • 51.
    Needs Some Improvement to MeetStandards Work has several misspellings or grammatical errors 1.0 pts Needs Substantial Improvement to Meet Standards Work has numerous misspellings or grammatical errors Conclusion 6.0 pts Exceeds Standards Strong review of key conclusions and integration with thesis statement. Insightful and supported discussion of impact of the researched material. 3.0 pts Meets Standards Good review of key conclusions
  • 52.
    and integration with thesis statement.Good discussion on impact of researched material. 2.0 pts Needs Some Improvement to Meet Standards Review of key conclusions. Some integration with thesis statement. Discusses impact of researched material on topic. 1.0 pts Needs Substantial Improvement to Meet Standards Does not summarize evidence with response to thesis
  • 53.
    statements. Does not discuss the impactof researched material. Citations and References 6.0 pts Exceeds Standards All references and citations are correctly written and present. 3.0 pts Meets Standards One reference or citations missing or incorrectly written. 2.0 pts Needs Some Improvement to Meet Standards Two references or citations missing or incorrectly written.
  • 54.
    1.0 pts Needs Substantial Improvement to MeetStandards Reference and citation errors detract significantly from paper. fundamental networking concepts, analyze networking protocols and implement established standards to design a robust networking infrastructure. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations
  • 55.
    22/03/2020 Project ReportSubmission https://eccouncil.instructure.com/courses/476/assignments/1381 0 6/8 Criteria Ratings Pts -- -- -- -- potential vulnerabilities and threats to network infrastructure, predict the implication of network security breaches and analyze the available countermeasures. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations
  • 56.
    0.0 pts Does NotMeet Expectations different network security mechanisms, analyze available security controls and develop strategies to implement and configure these controls. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations role of network security policies, and develop comprehensive policies that help in protecting network
  • 57.
    infrastructure. threshold: 3.0 pts 5.0pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations working of various networking devices, and develop strategies for secure configuration of these devices. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations
  • 58.
    22/03/2020 Project ReportSubmission https://eccouncil.instructure.com/courses/476/assignments/1381 0 7/8 Criteria Ratings Pts -- -- -- -- issues with operating systems and network-based applications, analyze the common vulnerabilities and implement best practices to harden networks. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations
  • 59.
    0.0 pts Does NotMeet Expectations cryptography algorithms and encryption techniques, and design implementation strategies for privacy and security of information. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations contrast various network security tools, and make decisions to deploy proper security tools based on evidence,
  • 60.
    information, and research. threshold: 3.0pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations physical security mechanisms, examine the issues and recommend the countermeasures to safeguard the network infrastructure. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts
  • 61.
    Does Not Meet Expectations 22/03/2020Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 8/8 Total Points: 60.0 Criteria Ratings Pts -- impact of an incident in the network and develop policies, processes, and guidelines for incident handling and disaster recovery. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet
  • 62.
    Expectations 22/03/2020 Project ReportSubmission https://eccouncil.instructure.com/courses/476/assignments/1381 0 1/8 Project Report Submission Due No Due Date Points 60 Submitting a file upload Available Mar 16 at 3am - Mar 23 at 2:59am 7 days Submit Assignment Summative Assessment Research Project: 60 pts. Directions on Project: Guidelines on Graduate Project Following are the guidelines for your graduate project. Selecting a Topic Choose a project topic from one of your completed labs from the previous weeks. You may go back through the lab content to familiarize yourself with the information required to complete your project. Prepare a rough outline of project proposal you would like to submit. Discuss the topic and draft project proposal with the instructor. Conduct further research on the topic. Make a detailed proposal.
  • 63.
    In the projectproposal you should: a. Introduce the topic scenario b. Describe the methodology to be adopted fro performing the test. c. State the timeline for the project completion. d. Include references and authorization letters Working on the Project You have to complete your project within the stipulated deadlines. Plan your project accordingly While meeting the executives of a company in relation to your project, make sure you have appropriate approvals and request letters from the concerned university department or company. Make sure your instructor approves questionnaires designed for any survey in relation to the project. You must use any data collected in course of the research, only for the approved project. You must not share collected information with other students. Make notes of key points during the course of research. It would save lot of time in preparation of project report. 22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 2/8
  • 64.
    Make sure allrelevant journals, magazines, papers and books are available in the university library. Analysis is the most critical part of the project and forms basis for all findings. Make sure you make use of appropriate statistical tools in analysis. Writing a Project Report Review the style guidelines for project report The project report should not exceed 7,000 words Abstract should be between 150-250 words Select A4 size; page orientation should be portrait. Specify “1” margin on all sides. Number all pages consecutively. Start every chapter on a new page. Provide double spacing You should use Times New Roman Font- “12” for text and “10” for footnotes. Use a larger font size for section headings. A project report must contain: Content Section a. Title Page Preliminariesb. Table of Contents c. Abstract d. Introduction and background Body of the report e. Problem statement f. Objectives of the project
  • 65.
    g. Literature review h.Methodology adopted i. Results - project findings j. Recommendations k. Conclusion l. Bibliography References 22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 3/8 Research Paper (60) m. Appendix n. List of figures and tables o. Index words (if required) Be clear and precise. Express your ideas in a logical way. Abstract should reflect the essence of the project The introduction should provide the overview of the topic and highlight its significance Clearly indicate the objectives of your project. Describe all the methods used such as interviews, questionnaires in the methodology section.
  • 66.
    Ensure that literaturereview is in your own words. Analyze other person’s contribution to the topic. Identify the gaps in the literature. Emphasize on the likely contribution of your project to the existing literature on the topic. Describe your findings from analysis in the results section. As this is the most critical part of the project, ensure that there are no errors in analysis. Make proper inferences from analysis and findings. The conclusion section should summarize your objectives, findings and learning’s from the project. Provide useful supplementary information in the Appendix. Avoid plagiarism. The project report should reflect your understanding of the topic. The majority of the paper should be in your own words and reflect your own ideas. Give credit for all referenced work. Provide appropriate citation and references for all quotations. Ensure that papers referenced are relevant and not outdated. Your paper should be reader friendly. Use footnotes to explain difficult terms. Don’t use text from Wikipedia in footnotes All tables and figures must be suitably numbered and titled. Give appropriate credit. On completion, go through the entire project. Ensure there are no proofing errors and you have adhered to all guidelines related to the project. 22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381
  • 67.
    0 4/8 Criteria RatingsPts 6.0 pts 18.0 pts 18.0 pts Introduction 6.0 pts Exceeds Standards Strong introduction of topics key question(s), terms, Clearly delineates subtopics to be reviewed. Specific thesis statement 3.0 pts Meets Standards Conveys topic and key question(s). Clearly delineates subtopics to be reviewed. General thesis statement 2.0 pts Needs Some
  • 68.
    Improvement to Meet Standards Coveys topic, butnot key question(s). Describes subtopics to be reviewed. General thesis statement. 1.0 pts Needs Substantial Improvement to Meet Standards Does not adequately convey topic. Does not describe subtopics to be reviewed. Lacks adequate theses statement.Focus and Sequencing 18.0 pts Exceeds Standards All material clearly related to subtopic, main topic. Strong organization and integration of material within
  • 69.
    subtopics. Strong transitions linking subtopics,and main topic. 9.0 pts Meets Standards All material clearly related to subtopic, main topic and logically organized within subtopics. Clear, varied transitions linking subtopics, and main topic. 5.0 pts Needs Some Improvement to Meet Standards Most material clearly related to subtopic, main topic. Material may not be organized within subtopics. Attempts to provide variety of transitions. 1.0 pts Needs
  • 70.
    Substantial Improvement to Meet Standards Little evidence materialis logically organized into topic, subtopics or related to topic. Many transitions are unclear or unsubstantiated. Support, Citations, and References 18.0 pts Exceeds Standards Strong peer- reviewed research based support for thesis, references and citations are thoroughly and clearly indicated after every quote or an authors statement or idea. 9.0 pts Meets Standards Good research based support for
  • 71.
    thesis, references and citationsare adequately and clearly indicated after most quotes or an authors statement or idea. 5.0 pts Needs Some Improvement to Meet Standards Some research based support for thesis, references and citations are inconsistently indicated after a few quotes or an authors statement or idea. 1.0 pts Needs Substantial Improvement to Meet Standards limited or no peer- reviewed research based support for
  • 72.
    thesis, references and citations are absent. 22/03/2020Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 5/8 Criteria Ratings Pts 6.0 pts 6.0 pts 6.0 pts -- Spelling and Grammar 6.0 pts Exceeds Standards Work has no misspellings or grammatical errors. 3.0 pts Meets Standards
  • 73.
    Work has 1or 2 misspellings or grammatical errors 2.0 pts Needs Some Improvement to Meet Standards Work has several misspellings or grammatical errors 1.0 pts Needs Substantial Improvement to Meet Standards Work has numerous misspellings or grammatical errors Conclusion 6.0 pts Exceeds Standards Strong review of key conclusions and integration with thesis statement. Insightful and supported discussion of impact of the researched material.
  • 74.
    3.0 pts Meets Standards Good reviewof key conclusions and integration with thesis statement. Good discussion on impact of researched material. 2.0 pts Needs Some Improvement to Meet Standards Review of key conclusions. Some integration with thesis statement. Discusses impact of researched material on topic. 1.0 pts Needs Substantial Improvement to Meet
  • 75.
    Standards Does not summarize evidence with responseto thesis statements. Does not discuss the impact of researched material. Citations and References 6.0 pts Exceeds Standards All references and citations are correctly written and present. 3.0 pts Meets Standards One reference or citations missing or incorrectly written. 2.0 pts Needs Some Improvement to
  • 76.
    Meet Standards Two references orcitations missing or incorrectly written. 1.0 pts Needs Substantial Improvement to Meet Standards Reference and citation errors detract significantly from paper. fundamental networking concepts, analyze networking protocols and implement established standards to design a robust networking infrastructure. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets
  • 77.
    Expectations 0.0 pts Does NotMeet Expectations 22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 6/8 Criteria Ratings Pts -- -- -- -- potential vulnerabilities and threats to network infrastructure, predict the implication of network security breaches and analyze the available countermeasures. threshold: 3.0 pts 5.0 pts
  • 78.
    Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts DoesNot Meet Expectations different network security mechanisms, analyze available security controls and develop strategies to implement and configure these controls. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations
  • 79.
    role of network securitypolicies, and develop comprehensive policies that help in protecting network infrastructure. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations working of various networking devices, and develop strategies for secure configuration of these devices. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets
  • 80.
    Expectations 0.0 pts Does NotMeet Expectations 22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 7/8 Criteria Ratings Pts -- -- -- -- issues with operating systems and network-based applications, analyze the common vulnerabilities and implement best practices to harden networks. threshold: 3.0 pts 5.0 pts
  • 81.
    Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts DoesNot Meet Expectations 7. Analyze cryptography algorithms and encryption techniques, and design implementation strategies for privacy and security of information. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations 8. Compare and
  • 82.
    contrast various network security tools,and make decisions to deploy proper security tools based on evidence, information, and research. threshold: 3.0 pts 5.0 pts Exceeds Expectations 3.0 pts Meets Expectations 0.0 pts Does Not Meet Expectations physical security mechanisms, examine the issues and recommend the countermeasures to safeguard the network infrastructure. threshold: 3.0 pts 5.0 pts Exceeds Expectations
  • 83.
    3.0 pts Meets Expectations 0.0 pts DoesNot Meet Expectations 22/03/2020 Project Report Submission https://eccouncil.instructure.com/courses/476/assignments/1381 0 8/8 Total Points: 60.0 Criteria Ratings Pts -- impact of an incident in the network and develop policies, processes, and guidelines for incident handling and disaster recovery. threshold: 3.0 pts 5.0 pts Exceeds Expectations
  • 84.