Zero Trust Network Access(ZTNA) solutions provide vast security improvements compared to traditional VPNs thanks to only allowing users access to the applications they need. Migrating from a VPN solution to a ZTNA mindset requires a deep understanding of the applications within the network and what access is needed. Netskope recently released a new feature called NPA App Discovery which assists administrators in identifying the applications and required access.
Netskope’s Professional Services team has been using this feature to mitigate end-user risk while speeding up NPA deployments. With App Discovery enabled, selected users will have a traditional VPN experience and temporary access to all resources on the network. Netskope will identify all of the domains, IP’s, and ports for applications these pilot users access, taking the guesswork out of defining the applications. Netskope administrators can view this data in the Netskope UI and quickly create definitions and access policies for these applications. Depending on the size of the network, additional pilot users/groups are sometimes needed to ensure all applications in the network have been defined. Once all of the applications are defined in Netskope, the last step, and the most important one, is to disable App Discovery. Leaving App Discovery enabled forever reduces the benefits of a ZTNA solution. While great for deployments and ongoing discovery of private applications, App Discovery should be used in a controlled manner to ensure your users only have access to the applications they are approved to access.
More information about App Discovery can be found here.
To find out more about this deployment strategy, or how the Netskope’s Professional Services team can help with your next deployment, please speak with your Netskope contact.