Twingate Customers Can Trim 80% of Unnecessary Access within 90 Days

Daniel Dong

Sep 8, 2023

With the rise of remote work and cloud-based operations, enforcing least-privileged access and a Zero Trust model within an organization’s network have become important levers for organizations to reduce attack surface and risk to breaches. However, practitioners often throw in the towel due to the complexity of implementation. Since its launch in 2020, Twingate has persistently pushed for a new implementation that makes it easy for organizations to leapfrog their Zero Trust network access without painful configuration and maintenance. Recent NetworkChuck coverage has exemplified the simple elegance for Twingate’s model to scale from a homelab access to enterprise businesses. 

In order to better understand how we are helping our customers view and manage network access,  Twingate recently conducted a review of more than 250+ of Twingate’s largest customers. Our findings suggest that more than 80% of access granted by organizations using traditional cloud-based VPNs may be unnecessary. Simply by switching to a product like Twingate, customers can reduce their exposure to attacks by 5x.

Twingate Customers Can Trim 80% of Unnecessary Access

With Twingate, customers have the ability to implement granular access controls on specific cloud-based (AWS, Azure, Google) or on-premise resources directly within the admin panel. In this way, we can calculate exactly how many accesses are granted by looking at the number of users allowed on each cloud resource. We then compare the actual number of access on Twingate against the number that would’ve been granted if the customer was running on a monolithic, cloud-based VPN gateway.

The results reveal that Twingate customers utilize only 17.9% of access they would have theoretically granted to organizational users before switching to Twingate. With Twingate, IT and Security administrators can directly manage access to cloud resources from Twingate and trim as much as 82.1% of access within the first 3 months of using Twingate. 

*Compared to Monolithic VPN

Unnecessary Access is a ticking time bomb for your enterprise security

Conceptually, the number of unnecessary resource access granted to users is directly correlated to the size of the attack surface and the opportunity for lateral movements. With the rise of remote work and access to IT resources outside of corporate networks, a traditional VPN’s “drawbridge” model can no longer adequately compartmentalize and minimize attacks. 

In fact, many of the recent breaches to companies such as CircleCI, Okta, Uber, and Twilio were made possible because of unpruned access privileges. Many of them followed a similar pattern:

  1. An employee’'s device was infected with malware, which hijacked a 2FA backed SSO session

  2. Attacker used that session cookie to access production and escalate privileges

  3. Attacker then began to search across their environment and exfiltrate data

In addition to best practices in authentication and device controls, pruning access privileges is another antidote to reducing the probability and magnitude of breaches. 

Understanding Your Access Graph and Testing Twingate

By administering access on a per-resource basis, Twingate is the next-generation solution that helps IT and Security teams understand and manage how their users currently access all IT resources. Usually, an initiative for granular visibility and control can require a herculean effort from cross-functional teams. However, Twingate’s unique architecture and admin interface allow deployment behind any of your AWS, Azure, GCP, and SaaS resources within 15 minutes. Twingate also provides native MFA and device control capabilities, in addition to integrations of all your favorite security tools. 

Even if a user's credentials are compromised, you want to limit the damage that can be done. Twingate does that for enterprises of all sizes and saves costs on alternatives such as complicated MeshVPN implementations.

If you’re curious to compare how Twingate can dramatically reduce and prune unnecessary access while you sip your coffee, request a demo here and our sales engineers will reach out to set up a free test for you. Or if you prefer, you can give Twingate a try by signing up for a free account here

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

Trimmed Access Analysis

Twingate Customers Can Trim 80% of Unnecessary Access within 90 Days

Daniel Dong

Sep 8, 2023

With the rise of remote work and cloud-based operations, enforcing least-privileged access and a Zero Trust model within an organization’s network have become important levers for organizations to reduce attack surface and risk to breaches. However, practitioners often throw in the towel due to the complexity of implementation. Since its launch in 2020, Twingate has persistently pushed for a new implementation that makes it easy for organizations to leapfrog their Zero Trust network access without painful configuration and maintenance. Recent NetworkChuck coverage has exemplified the simple elegance for Twingate’s model to scale from a homelab access to enterprise businesses. 

In order to better understand how we are helping our customers view and manage network access,  Twingate recently conducted a review of more than 250+ of Twingate’s largest customers. Our findings suggest that more than 80% of access granted by organizations using traditional cloud-based VPNs may be unnecessary. Simply by switching to a product like Twingate, customers can reduce their exposure to attacks by 5x.

Twingate Customers Can Trim 80% of Unnecessary Access

With Twingate, customers have the ability to implement granular access controls on specific cloud-based (AWS, Azure, Google) or on-premise resources directly within the admin panel. In this way, we can calculate exactly how many accesses are granted by looking at the number of users allowed on each cloud resource. We then compare the actual number of access on Twingate against the number that would’ve been granted if the customer was running on a monolithic, cloud-based VPN gateway.

The results reveal that Twingate customers utilize only 17.9% of access they would have theoretically granted to organizational users before switching to Twingate. With Twingate, IT and Security administrators can directly manage access to cloud resources from Twingate and trim as much as 82.1% of access within the first 3 months of using Twingate. 

*Compared to Monolithic VPN

Unnecessary Access is a ticking time bomb for your enterprise security

Conceptually, the number of unnecessary resource access granted to users is directly correlated to the size of the attack surface and the opportunity for lateral movements. With the rise of remote work and access to IT resources outside of corporate networks, a traditional VPN’s “drawbridge” model can no longer adequately compartmentalize and minimize attacks. 

In fact, many of the recent breaches to companies such as CircleCI, Okta, Uber, and Twilio were made possible because of unpruned access privileges. Many of them followed a similar pattern:

  1. An employee’'s device was infected with malware, which hijacked a 2FA backed SSO session

  2. Attacker used that session cookie to access production and escalate privileges

  3. Attacker then began to search across their environment and exfiltrate data

In addition to best practices in authentication and device controls, pruning access privileges is another antidote to reducing the probability and magnitude of breaches. 

Understanding Your Access Graph and Testing Twingate

By administering access on a per-resource basis, Twingate is the next-generation solution that helps IT and Security teams understand and manage how their users currently access all IT resources. Usually, an initiative for granular visibility and control can require a herculean effort from cross-functional teams. However, Twingate’s unique architecture and admin interface allow deployment behind any of your AWS, Azure, GCP, and SaaS resources within 15 minutes. Twingate also provides native MFA and device control capabilities, in addition to integrations of all your favorite security tools. 

Even if a user's credentials are compromised, you want to limit the damage that can be done. Twingate does that for enterprises of all sizes and saves costs on alternatives such as complicated MeshVPN implementations.

If you’re curious to compare how Twingate can dramatically reduce and prune unnecessary access while you sip your coffee, request a demo here and our sales engineers will reach out to set up a free test for you. Or if you prefer, you can give Twingate a try by signing up for a free account here

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

Twingate Customers Can Trim 80% of Unnecessary Access within 90 Days

Daniel Dong

Sep 8, 2023

With the rise of remote work and cloud-based operations, enforcing least-privileged access and a Zero Trust model within an organization’s network have become important levers for organizations to reduce attack surface and risk to breaches. However, practitioners often throw in the towel due to the complexity of implementation. Since its launch in 2020, Twingate has persistently pushed for a new implementation that makes it easy for organizations to leapfrog their Zero Trust network access without painful configuration and maintenance. Recent NetworkChuck coverage has exemplified the simple elegance for Twingate’s model to scale from a homelab access to enterprise businesses. 

In order to better understand how we are helping our customers view and manage network access,  Twingate recently conducted a review of more than 250+ of Twingate’s largest customers. Our findings suggest that more than 80% of access granted by organizations using traditional cloud-based VPNs may be unnecessary. Simply by switching to a product like Twingate, customers can reduce their exposure to attacks by 5x.

Twingate Customers Can Trim 80% of Unnecessary Access

With Twingate, customers have the ability to implement granular access controls on specific cloud-based (AWS, Azure, Google) or on-premise resources directly within the admin panel. In this way, we can calculate exactly how many accesses are granted by looking at the number of users allowed on each cloud resource. We then compare the actual number of access on Twingate against the number that would’ve been granted if the customer was running on a monolithic, cloud-based VPN gateway.

The results reveal that Twingate customers utilize only 17.9% of access they would have theoretically granted to organizational users before switching to Twingate. With Twingate, IT and Security administrators can directly manage access to cloud resources from Twingate and trim as much as 82.1% of access within the first 3 months of using Twingate. 

*Compared to Monolithic VPN

Unnecessary Access is a ticking time bomb for your enterprise security

Conceptually, the number of unnecessary resource access granted to users is directly correlated to the size of the attack surface and the opportunity for lateral movements. With the rise of remote work and access to IT resources outside of corporate networks, a traditional VPN’s “drawbridge” model can no longer adequately compartmentalize and minimize attacks. 

In fact, many of the recent breaches to companies such as CircleCI, Okta, Uber, and Twilio were made possible because of unpruned access privileges. Many of them followed a similar pattern:

  1. An employee’'s device was infected with malware, which hijacked a 2FA backed SSO session

  2. Attacker used that session cookie to access production and escalate privileges

  3. Attacker then began to search across their environment and exfiltrate data

In addition to best practices in authentication and device controls, pruning access privileges is another antidote to reducing the probability and magnitude of breaches. 

Understanding Your Access Graph and Testing Twingate

By administering access on a per-resource basis, Twingate is the next-generation solution that helps IT and Security teams understand and manage how their users currently access all IT resources. Usually, an initiative for granular visibility and control can require a herculean effort from cross-functional teams. However, Twingate’s unique architecture and admin interface allow deployment behind any of your AWS, Azure, GCP, and SaaS resources within 15 minutes. Twingate also provides native MFA and device control capabilities, in addition to integrations of all your favorite security tools. 

Even if a user's credentials are compromised, you want to limit the damage that can be done. Twingate does that for enterprises of all sizes and saves costs on alternatives such as complicated MeshVPN implementations.

If you’re curious to compare how Twingate can dramatically reduce and prune unnecessary access while you sip your coffee, request a demo here and our sales engineers will reach out to set up a free test for you. Or if you prefer, you can give Twingate a try by signing up for a free account here