Zero Trust Network Access and the Scale Problem

Zero Trust Network Access and the Scale Problem

Solution Briefs

In today's rapidly advancing digital landscape, the need for robust Zero Trust Network Access (ZTNA) solutions is more critical than ever. These solutions are essential for organizations to ensure seamless access for authorized users while effectively mitigating potential threats. However, balancing security with user experience poses a significant challenge. ZTNA solutions must meticulously authenticate and authorize every session and potentially introduce latencies that may impact day-to-day operations. This highlights the importance of comprehensive benchmarking and evaluation of ZTNA solutions to ensure they effectively prevent unauthorized access while maintaining user productivity and experience.

 

Recognizing this necessity, Keysight collaborated with a market-leading security vendor to conduct a practical analysis of modern ZTNA solutions, delivering actionable insights for organizations considering ZTNA deployment. This solution brief presents the outcomes of our rigorous benchmarking methodology, offering valuable insights into the performance, efficacy, and real-world suitability of these solutions. The analysis navigates the complexities of modern ZTNA solutions and identifies essential factors to help organizations select the most effective solution to safeguard their digital assets.

 

A critical scenario in many workplaces is the 9 AM login surge, where a ZTNA infrastructure experiences a considerable strain due to a surge in authentication and authorization requests. This heightened demand can lead to substantial pressure on the network infrastructure, resulting in delays and issues. The real concern is that it can prompt IT teams to relax certain policies to expedite login procedures, thus infringing upon ZTNA principles.

 

The industry has seen security policy compromises whenever higher security measures impact business operations through increased latencies, application failures, and false positives. A true ZTNA solution necessitates authenticating and authorizing all sessions without exception. Any deviation or relaxation in these policies can create vulnerabilities that expose organizations to potential intrusions.

 

Keysight collaborated with a market-leading firewall provider to simulate an environment reflecting the 9 AM flood scenario. The objective was to thoroughly evaluate the capabilities of a ZTNA deployment, identify optimization opportunities, and uphold the fundamental principles of Zero Trust. The Secure Access Service Edge (SASE) offering from a leading security vendor was tested across various scenarios, assessing the solution’s ability to handle large-scale user authentication, application traffic delivery, and attack prevention simultaneously.

 

The evaluation included three main tests:

1. Authentication scale test: Simulated the classic 9 AM rush, focusing on how well the SASE offering handles a surge of users logging in.

2. Application traffic test: Observed the system’s performance as users initiated various application requests during their day-to-day tasks.

3. Real-life scenario test: Combined scale, applications, and attacks to mimic real-world conditions.

4. The final test, termed "The Grand Finale," raised the stakes by introducing real-world threats alongside mass authentication requests and high-volume application traffic.

 

The SASE solution was required to detect and block exploits, prevent malicious URL access, and stop malware while ensuring a frictionless experience for legitimate users. This comprehensive evaluation assessed traffic behavior, latencies, packet drops, and security efficacy by determining the percentage of successfully blocked attacks.

 

This solution brief provides a performance-driven validation of ZTNA, backed by real-world data rather than just theoretical discussions. By conducting structured tests, you can evaluate how a SASE firewall manages authentication and authorization at scale, ensuring it meets both security and performance expectations. The initial test focuses on validating basic authentication handling, assessing how the system processes a surge of login requests without impacting other users within a shared SASE environment. This controlled approach establishes a baseline for further testing, uncovering critical insights into the solution’s behavior under different conditions.

 

Authentication alone is not enough—a ZTNA solution must balance security enforcement with a seamless user experience. This report highlights critical evaluation areas, showcasing how different test configurations influence security tools and identifying key performance metrics that matter when validating a real-world SASE device—assessing its scalability, performance, and threat-blocking capabilities. The SASE solution under test demonstrates its resilience, successfully navigating the challenges presented, reinforcing its ability to balance security, scale, and efficiency in demanding environments. If security vendors claim ZTNA readiness, can they prove it? Enterprises should challenge their vendors to undergo similar real-world testing to ensure their security policies won’t slow down workflows or fail to scale.