As part of Sophos Workspace Protection, ZTNA enables secure, seamless access for hybrid and remote workers, improves security posture, and eliminates the risk of lateral movement by making applications invisible to unauthorized users.
What’s special about Sophos ZTNA?
- VPN Replacement with Granular App Access
Sophos ZTNA delivers a superior alternative to VPN by granting access only to specific applications—not the entire network—eliminating implicit trust.
- Integrated Identity, Device Health & Synchronized Security
Access policies evaluate:
- User identity (with MFA)
- Device posture
- Endpoint health via Synchronized Security
- Applications Become Invisible to the Internet
ZTNA hides internal applications and systems by placing them behind a gateway, making them unreachable and undiscoverable by attackers.
- Seamless User Experience
Sophos ZTNA is integrated into the Sophos Protected Browser, providing transparent access with built‑in RDP and SSH support.
- Integrated with Sophos Firewall, Endpoint & Central
- ZTNA gateway is built into every Sophos Firewall, requiring no additional gateway deployment.
- Deploys alongside Sophos Endpoint to use device posture in policy decisions.
- Fully managed through Sophos Central with reporting and XDR/MDR data‑lake visibility.
Key Capabilities
- Granular Zero‑Trust Access Control
ZTNA enforces identity‑driven, least‑privilege access to applications, not network segments, preventing unauthorized lateral movement.
- Sophos Central Cloud Management
Unified cloud console to:
- Manage ZTNA gateways
- Configure policies
- Deploy clients
- Monitor events
- Integrate with XDR and MDR for threat hunting
- Deployment Flexibility: Cloud or On‑Premises Gateways
ZTNA supports two deployment options:
- On‑Premises Gateway – Managed locally via your data center
- Sophos Cloud Gateway – Managed through Sophos cloud POPs (99.999% availability)
Each gateway type can be swapped or migrated based on evolving network needs.
- Sophos Protected Browser Integration
Built‑in RDP & SSH client for seamless access to private apps and management interfaces.
- Continuous Posture & Identity Verification
ZTNA continuously verifies:
- Device OS and security posture
- Endpoint health state
- Identity with MFA
ZTNA Deployment Models
- Sophos Cloud Gateway
- Secure access via global Sophos POPs
- No inbound firewall ports required
- Infrastructure hidden from the internet
- On‑Premises Gateway
- Deployed in your data center
- Ideal for fully internal or restricted applications
Business Impact
- Replace VPN with more secure, scalable, user‑friendly access
- Reduce attack surface by hiding apps and enforcing least‑privilege access
- Prevent lateral movement through app‑centric segmentation
- Enhance security by verifying device health and identity on every access request
- Unify management under Sophos Central alongside Firewall, Switch, AP6, Endpoint, and MDR/XDR
- Improve performance with cloud POPs and hardware‑accelerated firewall gateways
