Ericsson unveils clientless ZTNA to boost 5G network security
Ericsson has announced an expansion of its NetCloud SASE offering with a new clientless Zero Trust Network Access (ZTNA) solution designed to improve security for organisations managing third-party and BYOD access.
The announcement comes as KPMG data highlights the prevalence of cyber incidents linked to third-party access, with 73 per cent of organisations experiencing at least one significant disruption from such events in the last three years.
The new clientless ZTNA solution provides corporations with the ability to grant secure, role-based access for contractors and personal device users to authorised resources without the need for VPN software, dedicated clients, or browser plug-ins. According to Ericsson, this approach aims to deliver greater flexibility for information technology teams working in dynamic, wireless-first environments where both managed and unmanaged devices are frequently in use.
The NetCloud SASE clientless ZTNA introduces an isolation mechanism within cloud containers for each application session when accessed via unmanaged or BYOD devices. The embedded isolation technology enforces an air gap between corporate systems and the accessing device, lowering the risk that malware could be introduced into the enterprise network.
Pankaj Malhotra, Head of WWAN & Security, Enterprise Wireless Solutions at Ericsson, commented on the development by saying, "5G uniquely introduces a surge of IoT and OT assets, which are frequently monitored and maintained by third-party suppliers and contractors. Unlike legacy VPNs that provide broad network access and are difficult to implement, NetCloud ZTNA offers a straightforward, policy-based solution that ensures users have isolated access to resources based on the principle of least privilege."
Key features highlighted for the new solution include: secure access for contractors and BYOD users through a secure URL without extra software; protection for IoT, OT assets, and business applications by mediating interactions in isolated environments; and granular policy enforcement to ensure least-privilege access. The system also performs continuous risk assessment, using real-time analytics and intrusion detection or prevention systems to allow for dynamic adjustment of access based on changing risk criteria.
The architecture is zero-trust based, meaning it eliminates the need for static public IP addresses, conceals all internal network addresses, defaults to a deny-all policy, and supports micro-segmentation. This configuration seeks to prevent lateral movement from compromised access points within enterprise networks.
The platform is managed centrally via NetCloud Manager, allowing organisations to unify deployment, monitoring, and policy administration across 5G WWAN, SD-WAN, and integrated SASE security features. Ericsson also notes that the clientless ZTNA seamlessly integrates with existing identity and access management tools, aiming to reduce complexity and prevent issues associated with fragmented identities.
John Grady, Principal Analyst at Enterprise Strategy Group, now part of Omdia, provided an independent analyst perspective, stating, "VPNs fail to address modern secure access needs due to their complexity, management overhead, security vulnerabilities, and performance issues, making ZTNA a must. But ZTNA solutions that rely on agents make it difficult for overburdened IT teams to deploy to third-parties needing access to corporate resources. For organisations adopting a wireless-centric strategy, NetCloud SASE clientless ZTNA offers a unique, isolation-based approach which grants access to specified assets, while providing effective protection against malicious activity and the threat of malware."
NetCloud SASE with clientless ZTNA is available as part of the NetCloud ZTNA licence, with Ericsson reporting that this is the first occasion that an enterprise 5G router vendor has delivered a fully integrated, clientless ZTNA solution with unified management for deployment, visibility, and policy enforcement.
