Introduction

IBM® Zero Trust Connect® is a suite of products that uses DNS to deliver simple, seamless, and lightweight zero trust connectivity for applications. It enables the establishment of secure connections that are easy to implement. Zero Trust Connect saves time and resources required to implement zero trust architectures, deployments and maintenance while allowing applications to include zero trust connectivity as a built in feature.

The first solution provided by the Zero Trust Connect tool is Protective DNS®. Zero Trust Connect Protective DNS protects your network resources from unauthorized access and improves your organization’s security posture without using VPNs or on-device agents. This private, SaaS-based cloud resolver integrates with your existing unified endpoint management (UEM) solutions, identity providers (IdP), and network infrastructure to provide:

• Global network threat defence.
• Per-device or per-user traffic steering capabilities.
• Encrypted, authenticated DNS resolution.

The core principle behind zero trust is to assume that any user or system could be compromised, therefore access to resources should be verified. Protective DNS applies this principle to your recursive infrastructure by:

• Requiring strong, verifiable authentication of each device and identity.
• Authenticating and encrypting all incoming DNS requests.
• Decoupling identity from network location.

This enables admins to easily build and manage policies that control and protect your organization's network resources.