Built for complex hybrid IT infrastructures, Appgate ZTNA is the industry’s leading universal Zero Trust Network Access (ZTNA) solution.

The vast majority of ZTNA solutions are cloud-routed, built on a proxy-based architecture that redirects traffic through a vendor cloud which adds latency and can’t scale to secure connections for all enterprise use cases. Appgate takes a unique approach by adopting a direct-routed software-defined perimeter model. This strategic design ensures optimal performance, low latency and enhanced security for all user-toresource and resource-to-resource connections. The direct-routed architecture empowers organizations with the flexibility and control required to secure diverse environments across remote and on-premises locations, multi-cloud scenarios and legacy infrastructures.

Appgate ZTNA has three key components: the Controller, acting as a trust broker and policy decision point; the Gateway, functioning as the policy enforcement point; and the Client, connecting users to authorized resources. Cloaked via single packet authorization (SPA), the Client makes an access request to the Controller. The Controller authenticates the user, checks the context, generates a live entitlement token and sends it to the Client via a signed certificate. Using SPA, the Client then sends the entitlement to the Gateway and when validated, establishes a dynamic ‘segment of one’ network for access to the protected resource. Appgate ZTNA continuously monitors the system, adapting or revoking access in near real-time to changes in context. The LogForwarder distributes access-related risks to security information and event management (SIEM) tools for correlation and centralized management of events.

Appgate ZTNA can be cloudhosted, self-hosted or isolated to meet diverse security and compliance needs across varied network topologies.