* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Cloud-delivered Security](https://www2.paloaltonetworks.com/blog/sase/category/cloud-delivered-security/)
* ZTNA 1.0's Security Inspe...

# ZTNA 1.0's Security Inspection Problem

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F06%2Fsecurity-inspection-problem%2F)  
[](https://twitter.com/share?text=ZTNA+1.0%E2%80%99s+Security+Inspection+Problem&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F06%2Fsecurity-inspection-problem%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F06%2Fsecurity-inspection-problem%2F&title=ZTNA+1.0%E2%80%99s+Security+Inspection+Problem&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2022/06/security-inspection-problem/&ts=markdown)  
\[\](mailto:?subject=ZTNA 1.0’s Security Inspection Problem)  
Link copied  
By [Kumar Ramachandran](https://www.paloaltonetworks.com/blog/author/kumar-ramachandran/?ts=markdown "Posts by Kumar Ramachandran")  
Jun 01, 2022  
3 minutes  
[Cloud-delivered Security](https://www.paloaltonetworks.com/blog/sase/category/cloud-delivered-security/?ts=markdown)  
[Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown)  
[Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[Zero Trust](https://www.paloaltonetworks.com/blog/tag/zero-trust/?ts=markdown)  
[ZTNA](https://www.paloaltonetworks.com/blog/tag/ztna/?ts=markdown)  
[ZTNA 2.0](https://www.paloaltonetworks.com/blog/tag/ztna-2-0/?ts=markdown)  
[ZTNA Straight Talk](https://www.paloaltonetworks.com/blog/tag/ztna-straight-talk/?ts=markdown)

This post is also available in: [日本語 (Japanese)](https://www2.paloaltonetworks.com/blog/2022/06/security-inspection-problem/?lang=ja "Switch to Japanese(日本語)")

# ZTNA 2.0 Provides Deep and Ongoing Security Inspection

*This is part 3 of "* [*ZTNA Straight Talk,*](https://www.paloaltonetworks.com/blog/tag/ztna-straight-talk/)*" a 5-part series where we take a closer look at the five tenets of ZTNA 2.0, the new standard for securing access.*

The rapid move to hybrid work, brought about by the pandemic, drove the adoption of [ZTNA](https://www.paloaltonetworks.com/cyberpedia/what-is-zero-trust-network-access-ztna.html) as a new way to securely connect users with the applications that they need to get work done from anywhere. However, as I [discussed previously](https://www.paloaltonetworks.com/blog/2022/05/allow-and-ignore-model-is-a-recipe-for-disaster/), initial implementations of ZTNA have been deeply flawed.

In my previous post, I talked about how the ZTNA 1.0 concept of "[allow and ignore](https://www.paloaltonetworks.com/blog/2022/05/allow-and-ignore-model-is-a-recipe-for-disaster/)" is a recipe for disaster. This concept maintains that once a connection is established, all user and device behavior for that session is trusted implicitly and goes unchecked. Unfortunately, there is another limitation with the "allow and ignore" approach -- it prohibits security inspection of the traffic.

## ZTNA 1.0 Lacks Security Inspection

Because the "allow and ignore" model lacks security inspection, there is no means for a ZTNA 1 .0 solution to detect any malicious or other compromised traffic and respond accordingly. This means there are no in-line controls to expose and inspect the traffic payload and determine if anything malicious or unknown is being introduced. Likewise, there is no mechanism to take action by blocking traffic, terminating the session, or reporting anything unusual, at the very least.

This turns ZTNA 1.0 into a "security-through-obscurity-only" approach, which further puts organizations, their users, apps and data at risk of malware, compromised devices and malicious traffic.

## ZTNA 2.0 Includes Continuous Security Inspection

[ZTNA 2.0](https://www.paloaltonetworks.com/cyberpedia/what-is-zero-trust-network-access-2-0), delivered by [Prisma Access](https://www.paloaltonetworks.com/sase/access), provides deep and ongoing inspection of all traffic, to prevent all threats, including zero-day threats. This is especially important in scenarios where legitimate user credentials have been stolen and used to launch attacks against applications or infrastructure. ZTNA 2.0 offers complete protections that safeguard against even the most sophisticated threats, including WildFire sandboxing, Advanced URL Filtering, threat prevention, SaaS security, DNS security and more.

With our AI and ML-powered threat prevention technologies, we stop 95% of zero-day threats inline. This means you don't need a first victim or have to wait for signatures to be updated to be protected -- your environment is instantly protected.

The combination of continuous trust verification and continuous security inspection is a powerful model for delivering better security for today's hybrid workforces and overcoming some of the shortcomings of ZTNA 1.0 solutions.

## ZTNA 2.0 Is Zero Trust with Zero Exceptions

Pursuing a true Zero Trust posture is a journey, and ensuring that security inspection is conducted in a robust and consistent manner is an important step. That's why continuous security inspection is an important component of ZTNA 2.0.

[Watch our ZTNA 2.0 launch event](https://start.paloaltonetworks.com/zero-trust-with-zero-exceptions), where we'll discuss innovations and best practices for securing the hybrid workforce with ZTNA 2.0. Stay tuned for next week's [Palo Alto Networks blog](https://www.paloaltonetworks.com/blog/tag/ztna-straight-talk/), where I'll discuss the third principle of ZTNA 2.0.

*** ** * ** ***

## Related Blogs

### [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Consistent Data Protection Requires a New Approach to Securing Access](https://www2.paloaltonetworks.com/blog/2022/06/consistent-data-protection-requires-a-new-approach/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### We've Got Next...Again](https://www2.paloaltonetworks.com/blog/2022/06/weve-got-next-again/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Mobile Users](https://www.paloaltonetworks.com/blog/sase/category/mobile-users/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Why ZTNA 1.0's Allow-and-Ignore Model Is a Recipe for Disaster](https://www2.paloaltonetworks.com/blog/2022/05/allow-and-ignore-model-is-a-recipe-for-disaster/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### How ZTNA 1.0 Violates the Principle of Least Privilege](https://www2.paloaltonetworks.com/blog/2022/05/ztna-1-0-violates-principle-of-least-privilege/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Why the World Needs ZTNA 2.0](https://www2.paloaltonetworks.com/blog/2022/05/the-world-needs-ztna-2-0-for-todays-hybrid-workforce/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud-delivered Security](https://www.paloaltonetworks.com/blog/sase/category/cloud-delivered-security/?ts=markdown), [News \& Events](https://www.paloaltonetworks.com/blog/sase/category/news-events/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/sase/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Palo Alto Networks and Verizon Champion a New Cybersecurity Approach](https://www2.paloaltonetworks.com/blog/2022/11/a-new-cybersecurity-approach/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language