Our vision of Zero-Trust Network Access

Zero-Trust Model

The 3 base elements of the Zero-Trust Strategy

Regulated Access Control

Access to network resources is not granted based on the user's location or network membership, but rather on their identity, device, and ability to meet defined access policies.

Micro-segmentation

The network is divided into unique and isolated segments, called micro-segments. Each micro-segment represents a distinct security zone with its own access policies, enabling more precise control over access to network resources and reducing the attack surface in the event of a breach.

Overlay Networks and Software-Defined Perimeters (SDP)

While traditional cybersecurity solutions focus on securing networks and systems, SDP focuses on securing assets from an identity-centric perspective and an internet-overlaid network architecture, where resources are effectively invisible to unauthorized users and devices.

Logo Gartner
GartnerZTNA Market Guide, 2019
“ ZTNA improves flexibility, agility and scalability, enabling digital ecosystems to work without exposing services directly to the internet, reducing risks of distributed denial of service attacks.sans exposer les services ”
Logo Nist
NISTZero Trust Architecture, Special Publication, 2020
“Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network- based perimeters to focus on users, assets, and resources. ”
Zero-Trust

Next Generation Network Access

Zero-Trust Network Access offers a new vision for remote access to the corporate network. And with Chimere's ZTNA solution, we invite you to go further and adopt true Zero-Trust!

  • Elimination of internet service exposure and significant reduction of intrusion risks
  • End-to-end encryption: Zero Trust confidentiality and integrity
  • Total traceability of customer-side users: Zero-Trust traceability
  • Decentralized, multi-cloud, and participatory ZTNA infrastructure: Zero-Trust availability
Dashboard Chimere ZTNA
ZTNA VS. VPN

What are the differences between VPN and ZTNA?

The VPN (Virtual Private Network) and ZTNA (Zero Trust Network Access) are two technologies used to secure access to IT resources. The VPN, combined with the firewall, is still considered state of the art in some companies. However, ZTNA is beginning to gain a choice spot thanks to its different and more adapted approaches to current threats:


Operation

  • The VPN establishes a secure connection between a user and a private network, usually a company's network.
  • The ZTNA, on the other hand, creates logical access boundaries around specific applications rather than granting full access to the network. It applies security policies based on the user's identity and context rather than their location or network membership.

Scope

  • The VPN allows the user to securely access an organization's entire network, as if they were physically connected to the local network.
  • The ZTNA restricts access to specific applications based on the user's needs and defined security policies, without giving general access to the network. It natively brings a least privilege access policy.

Security Model

  • The VPN often relies on a "trust but verify" security model, where once the user is authenticated, they are generally allowed to access all network resources.
  • The ZTNA follows the "never trust, always verify" security model, where access is granted based on granular policies that continuously verify the user's identity, context, and compliance before allowing access to a specific application.

Visibility and Control

  • With the VPN, once a user is connected, they can potentially access all network resources, which can make it difficult to monitor and precisely control access.
  • The ZTNA offers more granular visibility and control, as it allows restricting access to specific applications based on defined security rules, enabling better risk management and reducing the attack surface.

Exposure

  • The VPN exposes a gateway on the internet which can itself be vulnerable (See Additional Resources). The VPN gateway is software or hardware and requires maintenance at the company's expense.
  • The ZTNA does not expose any company resources. The ZTNA infrastructure is exposed but is entirely managed and maintained by the provider. In the case of Chimere, this ZTNA infrastructure can be resilient to compromise.

In conclusion, ZTNA limits access to specific applications based on the user's identity and context, while the VPN creates a secure connection giving access to the entire private network of the organization.

Chimere

Why Chimere's ZTNA?

Today, dozens of ZTNA solution providers exist:

ZTNA Vendors

but none of them offers all of these features except Logo Chimere ZTNA large!


End-to-End Encryption

  • This security approach ensures that data is encrypted from its origin and decrypted only at its final destination, providing maximum protection against potential threats. By using end-to-end encryption, we guarantee that only authorized users can access the data, not even us.

Resilience to Compromise

  • Unlike other providers, we have developed a unique approach that ensures the security and functionality of the network available to our clients remain intact even in case of compromise. This resilience is made possible by our distributed architecture and the non-possession of cryptographic access keys to services by Chimere.

Availability

  • With a decentralized and distributed network on different independent infrastructures, we offer you unparalleled availability, ensuring reliable and uninterrupted connectivity.

Sovereignty

  • We are a French and European company! And in the current context of increasingly strict regulations regarding data protection, we understand that for many of you, data and exchange sovereignty is a crucial aspect of your security strategy. Finally bringing a sovereign French and European cybersecurity solution is at the heart of our mission.

All these aspects bring you a true Zero-Trust that you won't find anywhere else.

Additional Resources

Chimere Cyberstealth®