Ericsson has expanded its NetCloud secure access service edge (SASE) offering with clientless zero-trust network access (ZTNA) capability.
The firm said that according to research from KPMG, 73% of organisations have experienced at least one major disruption tied to third-party cyber incidents over the past three years. To address these concerns, the Ericsson clientless ZTNA service is designed to enhance protection against these events with embedded isolation technology.
It claims the offering is ideal for enterprises needing to securely and easily grant access while eliminating the need for virtual private networks (VPNs), clients or browser plug-ins. To John Grady, principal analyst at Omdia-owned Enterprise Strategy Group, VPNs fail to address modern secure access needs due to their complexity, management overheads, security vulnerabilities and performance issues, making ZTNA a must.
“ZTNA solutions that rely on agents make it difficult for overburdened IT teams to deploy to third parties needing access to corporate resources,” he said. “For organisations adopting a wireless-centric strategy … clientless ZTNA offers a unique, isolation-based approach which grants access to specified assets, while providing effective protection against malicious activity and the threat of malware.”
Ericsson also stressed that – unlike typical ZTNA services that require agents or plugins – its new approach is fully agentless, enabling secure, isolated access via a single URL.
Furthermore, unlike other clientless offerings relying solely on access controls, NetCloud SASE activates application sessions in isolated cloud containers for unmanaged or bring-your-own-device (BYOD) access. This, said Ericsson, air-gaps corporate systems from potentially insecure devices, preventing malware spread into the enterprise.
This capability is designed to empower organisations to connect third-party and BYOD users to authorised resources with enhanced security. Building on Ericsson’s existing client-based ZTNA, the service is said to offer flexibility for lean IT teams navigating managed and unmanaged devices in dynamic, wireless-first settings.
Other key features of NetCloud SASE with clientless ZTNA include clientless secure access; internet of things (IoT)/operational technology (OT) asset and corporate application protection; granular access based on least privilege; continuous risk assessment; zero-trust; single-platform management; and “seamless” integration with existing identity providers.
This means, for example, contractors and BYOD users can access isolated applications, eliminating the need for VPNs, clients or special browsers, while interactions between unmanaged users and corporate systems are isolated in cloud containers, safeguarding applications from potential malware infections. Access is controlled by detailed policies based on user roles, device types and other factors, ensuring users receive only the necessary level of access.
Real-time analytics and intrusion detection system/intrusion prevention system allow for instant access revocation in response to changes in user context and risk levels. Ericsson claims this architecture is unique, removes the need for static public IP addresses, hides all internal IPs, defaults to deny all and enables micro-segmentation, which prevents lateral movement in the network.
The offering is also integrated into NetCloud Manager for simplified deployment, visibility and policy enforcement alongside 5G wireless wide area networks (WWAN), software-defined wide area networks and other secure access service edge features.
Pankaj Malhotra, head of WWAN and security for enterprise wireless solutions at Ericsson, said: “5G uniquely introduces a surge of IoT and OT assets, which are frequently monitored and maintained by third-party suppliers and contractors. Unlike legacy VPNs that provide broad network access and are difficult to implement, NetCloud ZTNA offers a straightforward, policy-based solution that ensures users have isolated access to resources based on the principle of least privilege.”
