Security "Bits"

Zero Trust Done Right

By Nat Kausik | May 16, 2021 at 5:59 PM

Zero Trust

Last week, a major financial services firm switched from another ZTNA vendor to Bitglass.   They routed SAML SSO via Bitglass for a highly sensitive internal app and flipped the switch.  Much to their surprise, logging into the app triggered MFA twice.  The bankers were annoyed at the inconvenience.  What gives?

Turns out, the app had two authentication paths, one of which was a serious vulnerability.   The first path was the standard browser session.  The second path was a proprietary session ticket outside the browser's security model.  The proprietary session ticket could easily be exploited for remote replay attack.    A wee bit of cross-site scripting, copy and paste the ticket into a chat room, and boom, a major data breach.  With the help of our engineers, the customer quickly patched the hole in the app.

The prior ZTNA solution was agent-based and simply allowed the user to access the app via a network tunnel, without federating SAML. With Bitglass's unique agentless ZTNA, SAML SSO was federated using our patented Zero Trust Access Control technology, enforcing control on each of the authentication paths.   What was thought to be an inconvenience was actually a loophole that surfaced under the Zero Trust spotlight.

Bitglass offers the industry's only agentless ZTNA with AJAX-VM technology to enable surgical access to private apps from any device, anywhere without the need for agents or network tunnels. And when we say Zero Trust, we mean it.  Get a free trial today!






see all