Zero trust, Identity, Network Security, RSAC

Zero trust everywhere: Redefining secure network access in a post-VPN world

Zero Trust Network Architecture

For many years, zero trust network access (ZTNA) has been framed as a replacement for perimeter-based security. But in practice, many implementations of ZTNA rely on legacy ideas such as frequent re-authentication, network-level trust zones, and complex VPN architectures.

ThreatLocker says it is redefining ZTNA by shifting zero-trust enforcement to the endpoint itself, binding access not just to credentials, but to verified devices and tightly controlled pathways.

"Access now requires three things: valid credentials, an approved device, and connection through a secure, ThreatLocker-managed broker," said ThreatLocker CEO and Co-Founder Danny Jenkins as the new feature was launched. "If one step is missing, access is denied, drastically reducing the impact of phishing attacks.”

As users, applications, and infrastructure become more distributed in enterprise environments, this reinvention of  ZTNA may offer a more practical and scalable way to secure network access without adding friction or complexity.

Taking deny-by-default to the network

At the core of ThreatLocker's platform is a deny-by-default philosophy: Nothing is allowed unless explicitly permitted. With the Zero Trust Network Access feature, that same principle is extended from applications and endpoints to the network layer itself.

Rather than assuming trust once a user is authenticated, ThreatLocker enforces access decisions based on a combination of user identity, device validation, and predefined policy. Access is granted only when all three conditions are met. Valid credentials alone will not be enough if the device or connection cannot be verified.

This mirrors the approach seen in passwordless authentication systems like passkeys, in which identity is tied to trusted hardware. By cataloging approved devices and treating them as enforcement points, ThreatLocker ensures that network access is intentional, contextual, and continuously verified.

The result should be a dramatic reduction in the potential attack surface, particularly regarding credential-based attacks like phishing or the theft and reuse of session tokens.

Limiting network connections

One of the defining strengths of ThreatLocker's ZTNA model is its granular policy control. Organizations are not limited to binary allow-or-deny decisions; instead, they can define precisely how, when, and where access may be permitted.

Administrators can specify:

  • Which users and devices are authorized
  • Which internal resources can be accessed
  • Which ports and protocols are allowed
  • Optional time-based restrictions and device-posture requirements

These controls let organizations create tightly scoped access pathways tailored to specific roles and use cases. For example, a remote employee might be allowed to access a particular internal application only during business hours, using a company-approved laptop and a defined protocol.

By enforcing these policies at the device level and filtering connections through a secure broker operated by ThreatLocker, the platform eliminates unnecessary exposure.

The protocol even works on smartphones managed by ThreatLocker. During a keynote address at the company's most recent annual Zero Trust World conference in March, Jenkins demonstrated that no one could break into his email account even if they had his username and password.

"I have 100,000 invalid logins on my email account every day," Jenkins said as he tried to log into his own account from an unmanaged phone. "When you get phished, no one is going to get into your account unless they actually have one of your devices."

These network controls not only impede a potential attacker's lateral movement within a network but also supports compliance requirements by enforcing least-privilege access in a measurable and auditable way.

How centralized control provides secure access everywhere

Many organizations still rely on VPNs to securely connect to remote offices and employees, but VPNs were designed for an era when users operated within defined perimeters and applications lived inside endpoints or data centers.

Today's environments are far more diffuse, spanning remote workforces, cloud services, and hybrid infrastructures. ThreatLocker addresses this shift by replacing VPNs with a centralized, broker-based access model that is at the heart of its Zero Trust Network Access model

Instead of opening inbound ports or maintaining complex VPN infrastructure, both endpoints and servers establish secure outbound connections through a ThreatLocker-managed broker. This eliminates exposure through network services while simplifying deployment and management.

Using this approach, organizations can provide seamless access to internal systems whether users are in the office, at home, or traveling, without sacrificing security. At the same time, centralized visibility lets administrators monitor connections and enforce policies across the entire environment.

By unifying access control across on-premises systems, remote endpoints, and cloud-hosted workloads, ThreatLocker delivers a cohesive approach to zero-trust network access that aligns with modern operational realities.

Paul Wagenseil

Paul Wagenseil is a custom content strategist for CyberRisk Alliance, leading creation of content developed from CRA research and aligned to the most critical topics of interest for the cybersecurity community. He previously held editor roles focused on the security market at Tom’s Guide, Laptop Magazine, TechNewsDaily.com and SecurityNewsDaily.com.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds