Trend Micro Zero Trust Secure Access

What is Trend Micro Zero Trust Secure Access?

Trend Micro Zero Trust Secure Access (ZTSA) is a secure access solution based on Zero Trust principles. It combines ZTNA, SWG, and CASB in a single platform with continuous risk-based verification.

Key differentiators:

• Risk-based access - access based on real-time risk assessment
• Continuous verification - continuous verification, not one-time
• ZTNA + SWG + CASB - complete SASE solution
• XDR integration - correlation with Vision One

Zero Trust Architecture

graph TB
    subgraph "Users"
        A[Remote Worker]
        B[Office User]
        C[Mobile User]
    end

    subgraph "Trend ZTSA"
        D[Identity Verification]
        E[Device Risk Assessment]
        F[Continuous Monitoring]
        G[Policy Engine]
    end

    subgraph "Resources"
        H[Private Apps]
        I[SaaS Apps]
        J[Internet]
    end

    A --> D
    B --> D
    C --> D
    D --> E --> F --> G
    G --> H
    G --> I
    G --> J

ZTSA Components

Zero Trust Network Access (ZTNA)

Secure access to private applications:

• Application-centric access - access to applications, not networks
• Least privilege - only necessary permissions
• Identity-based - identity verification before access
• Micro-segmentation - application isolation

Benefits vs VPN:

VPN	ZTNA
Access to entire network	Access only to applications
One-time verification	Continuous verification
Implicit trust	Zero Trust
Visible attack surface	Hidden applications

Secure Web Gateway (SWG)

Internet access protection:

• URL filtering - blocking malicious and unproductive sites
• Malware protection - downloaded file scanning
• SSL inspection - encrypted traffic analysis
• Data Loss Prevention - data leak protection

Cloud Access Security Broker (CASB)

SaaS application security:

• Shadow IT discovery - unauthorized application detection
• Access control - SaaS access control
• DLP for cloud - cloud data protection
• Threat protection - SaaS threat protection

Risk-Based Access Control

ZTSA uses continuous risk assessment:

[User Identity] ----+
                    |
[Device Posture] ---+--> [Risk Score] --> [Access Decision]
                    |
[Behavior] ---------+
                    |
[Threat Intel] -----+

Risk Factors:

• User risk - user history, behavior anomalies
• Device risk - device security status, compliance
• Location risk - location, network, access time
• Application risk - application sensitivity

Use Cases

Remote Work

• Secure access to corporate applications from home
• Device status verification (patch, AV)
• Internet protection for remote workers

BYOD

• Limited access for personal devices
• Corporate data isolation
• DLP for documents

Third-Party Access

• Contractor access to selected applications
• Temporary permissions
• Full activity audit

Cloud Migration

• Secure SaaS access
• Shadow IT control
• Unified on-prem and cloud policies

Integration with Trend Vision One

ZTSA as part of Vision One:

• Risk scoring - leveraging risk score from entire platform
• XDR correlation - access correlation with other events
• Automated response - automatic access restriction during incident
• Unified policy - consistent security policies

Supported Platforms

Platform	Agent	Agentless
Windows 10/11	✅	✅ (Web)
macOS	✅	✅ (Web)
iOS	✅	✅ (Web)
Android	✅	✅ (Web)
Linux	✅	✅ (Web)

Who is it for?

Trend Micro ZTSA is for organizations that:

• Want to replace VPN with modern ZTNA
• Need secure access for remote workers
• Require SaaS control and Shadow IT
• Seek risk-based access control

Deployment with nFlo

1. Assessment - current remote access analysis
2. Identity Integration - IdP integration (Azure AD, Okta)
3. Application Onboarding - application access configuration
4. Policy Design - access policy design
5. Pilot - pilot deployment
6. Rollout - full deployment with VPN migration