Definition
Zero Trust is a security architecture that eliminates the concept of a trusted internal network. Every user, device, and application is treated as potentially hostile until explicitly authenticated and authorized for the specific resource being accessed. The model replaces traditional perimeter-based security (firewalls + VPN as the trust boundary) with identity-driven, application-level controls. Implementing Zero Trust typically requires four building blocks: strong identity (MFA + IdP), device posture verification, application-level access (ZTNA replacing VPN), and continuous policy evaluation (microsegmentation, behavioral analytics). Symantec implements Zero Trust through its ZTNA platform, CloudSOC CASB, and Cloud SWG - collectively replacing the perimeter model with identity-and-context-driven access. The 2020 NIST SP 800-207 specification is the canonical Zero Trust reference.
Symantec products that implement this
- Symantec ZTNA (Zero Trust Network Access) - Identity-and-application-aware Zero Trust access to internal apps. Replace VPN with per-app policy enforcement, posture checks, and least-privilege access for hybrid work.
- Symantec CASB (CloudSOC) - Cloud Access Security Broker for SaaS - visibility into shadow IT, inline enforcement on sanctioned apps, API-based scanning for data at rest, and user behavior analytics.
- Symantec Cloud Secure Web Gateway - Cloud-delivered web security with SSL inspection, URL filtering, sandboxing, content disarm, and CASB integration. The cloud successor to the ProxySG appliance.
Related terms
- ZTNA (Zero Trust Network Access) - Identity-driven, application-level access to internal apps - the modern replacement for VPN.
- SSE (Security Service Edge) - The security half of SASE - cloud-delivered SWG, CASB, ZTNA, and DLP without the SD-WAN connectivity component.
- SASE (Secure Access Service Edge) - Convergence of WAN networking (SD-WAN) and cloud-delivered security services (SWG, CASB, ZTNA, FWaaS) into a single platform.
- MFA (Multi-Factor Authentication) - Authentication requiring two or more independent factors (something you know, have, or are).
- IAM (Identity and Access Management) - Discipline for managing digital identities, authentication, authorization, and access control across enterprise systems.
Deep-dives on Zero Trust
- ProxySG to Cloud SWG migration: a step-by-step engineer's guide - Migrating from on-prem ProxySG appliances to Symantec Cloud SWG (WSS) is the second-most-common Symantec project of 2026. The playbook: poli…
- How to replace VPN with Symantec ZTNA: a 90-day deployment plan - A pragmatic 90-day plan to start retiring legacy VPN concentrators with Symantec ZTNA. Discovery, identity readiness, pilot app selection, u…
- Microsoft 365 DLP with Symantec CloudSOC: the integration deep-dive - How to extend Symantec DLP into Microsoft 365 through CloudSOC - what API connectors provide, what inline integration adds, and where Symant…