Lookout announced new Windows and macOS endpoint agents for its Zero Trust Network Access (ZTNA) solution, Lookout Secure Private Access, that facilitate the full replacement of overextended virtual private networks (VPNs) with cloud-delivered security.
Businesses can now fully realize the benefits of a zero trust architecture while dramatically simplifying network design. According to Gartner, at least 70% of new remote access deployments will be served mainly by ZTNA instead of VPN services by 2025 – up from less than 10% at the end of 2021.
Early ZTNA products offer only limited traffic forwarding capabilities. Legacy VPN solutions, on the other hand, support an expansive set of protocols and complex use cases, making full VPN replacement impractical in many enterprise environments. IT security teams are often forced to run both ZTNA and VPN architectures simultaneously in support of certain legacy applications, such as VoIP phones. This constraint leads to a complex network design that’s costly to operate and maintain.
Lookout’s new endpoint agents for Windows and macOS facilitate the full transition to zero trust architecture with support for traffic steering at both the network and application levels. When deployed in conjunction with cloud-delivered Lookout Secure Private Access, IT security teams can now fully replace the myriad of use cases supported by legacy VPNs, taking full advantage of the benefits a Zero Trust Architecture offers.
The core principle behind Zero Trust is “never trust, always verify.” All users and devices are considered potential threats and must be continuously verified and restricted to only the resources needed to complete a required task. VPNs, on the other hand, take an all-or-nothing approach to connectivity by allowing users to authenticate only once and roam freely throughout the network thereafter.
This full network-level access sets the stage for lateral attacks. If a bad actor, or malware, can make it past the VPN, they have full access to all applications and sensitive data on the corporate network.
Lookout Secure Private Access with Windows and macOS endpoint agents provide important security benefits, including:
- Visibility into private application traffic: IT security teams can better understand how their users interact with private applications, with visibility up and including actual data accessed.
- Advanced data security: The agent helps facilitate the use of advanced data security controls for private enterprise apps, including our data loss prevention (DLP) and enterprise digital rights management (EDRM).
- Granular traffic steering to meet heterogeneous environments: The agent can be configured to steer traffic to specific destinations, based on user, device, and location. This helps to ensure only authorized users have access to sensitive data.
- Enhanced user experience with multi-tunnel traffic steering: The agent steers traffic to one of Lookout’s many cloud-edge locations distributed worldwide, providing the shortest path between the user and the enterprise.
- Highly available redundant multi-path routing: The agent leverages our globally distributed Cloud Security Platform to offer end users a highly available security service edge (SSE) experience by leveraging advanced path selection and routing algorithms.
- Consistent zero-trust enforcement with integrated endpoint security: The agent continuously monitors endpoint posture when integrated with endpoint protection platforms (EPPs), OS security centers and other endpoint security products.
“For more than two decades, VPNs have been the go-to technology for enterprise remote access. While their effectiveness has declined as applications have shifted to the cloud, the alternatives have been limited because of the myriad of complex use cases they support,” said Sundaram Lakshmanan, CTO, Lookout. “Now, with the introduction of Windows and macOS endpoint agents on our Cloud Security Platform, Lookout facilitates full VPN replacement while filling inherent security gaps in these legacy architectures.”