Redefining Remote Access Security: VPN and PRA

Hello, I'm Jeff Carpenter with Delinea here today to talk about some of the shortcomings of a tried and true remote access technology called VPN and what leading organizations are doing to address some of those concerns. I'm going to call this discussion VPN versus PRA and PRA is Privileged Remote Access, and that's a Delinea solution, and let's jump right in and see how this works.

Forever and ever and ever, the VPN has always been the remote access technology. So, if you had a remote employee, they could tunnel in to an encrypted tunnel here, and get access to their target applications in the network here. And they would do it, there's a VPN server that sits here. In the DMZ, and then you had your applications, right?

App 1, App 2. And the way this employee would get access is usually through, you know, credentials. Uh, username and password at first, and then multi-factor authentication. So, you hope MFA is how this person is, is getting access to this. And then they tunnel through and then they, they get what they need here.

They get here, they're in the network. Alright, so that's great. So, what's wrong with that? Well, the challenge is, once this person is, you know, authenticates here, then over here, the network and the applications are generally unaware of this person, whether it is this person, whether it's still that same legitimate user, and if this person's credentials are stolen or compromised, then the bad guy can actually get into the organization through the same way, So, our bad guy here using the same, maybe they've compromised through MFA prompt bombing, um, get into here, and once they're in, then they can do anything that that legitimate user can do with very little ability to actually detect, uh, what that user's doing.

The other, uh, Challenge with a VPN situation here is that this VPN server, and sometimes it's a dedicated appliance, it needs to be secured. Remember, it's sitting kind of in that DMZ zone here hanging out there between the Internet and the enterprise, and it needs to be patched, updated. Monitored, secured.

Um, and on a lot of cases, the VPN can be compromised, uh, the actual server and appliance. So, that has to be watched very carefully. Now, a better approach that organizations are discovering is something like Delinea is offering with our industry leading privilege remote access or PRA. Now, in this scenario, same thing applies, right?

You have your user, right? And user needs to get access to their target applications here. This is the enterprise. Only instead of going through a VPN, App 1, App 2, The user actually goes through the Delinea platform and uses our PRA So, the user will request, receive access to a targeted application. No password is required.

You can actually take that away. And since credential compromise is the leading cause, of all breaches, taking away this user's password right away is huge because then this user will request access. The Delinea platform can actually say, okay, the user can have access for this period of time. They can access this application, but not this one, and it's much more fine grained.

It's much more fine grained way for this user to get what they need very quickly and very securely. To the application that they need, but not have any password in the way and not have a password by the way for the user to reset or forget so much better way. And also, you'll notice here. There is the Delinea engine is here, but there is no server or appliance, a VPN appliance, sitting in the DMZ that can be proxied and potentially compromised. So, that's a number of different problems are solved here. More secure, more fine-grained, easier, actually, for this end user to get what they need and get where they're going. That's the difference between a VPN, Virtual Private Network, and Privileged Remote Access, Delinea’s solution in this area, and it's a major reason why organizations and organizations are turning away from their VPNs and going to other more secure methods of getting their users remote access. I'm Jeff Carpenter. Thank you for listening, and visit Delinea.com for more information.