On-Demand Technical Webinar: Build a Stronger Zero Trust Foundation with Load Balancers

Cyberthreats don't discriminate. Whether you run a small business or a large enterprise, your business-critical applications are constantly under attack from cyber-criminals. The challenge most organizations face isn't a lack of security tools. It's failing to fully leverage the security capabilities already built into the infrastructure they have deployed.

Your load balancers sit in one of the most privileged positions in your entire network stack. They sit directly between your users and your applications, terminate TLS/SSL connections and can inspect every request before it reaches your back-end systems. That means it's not just an availability tool, but also a potential security asset that most organizations are dramatically underutilizing.

In a recent webinar, Kurt Jung, Senior Manager on the product team at Progress, outlined how the Progress Kemp LoadMaster load balancing solution can play an integral part in delivering a zero-trust network security model. Kurt has decades of experience in application delivery and security. He regularly works with organizations to translate load-balancing infrastructure into practical security assets. His presentation covered essential topics in using the LoadMaster solution to help deliver a zero-trust network security model. 

Watch the Full Webinar Recording

If you want to get the information Kurt covered directly from the webinar recording, then use the link below.

Build a Stronger Zero Trust Foundation with Load Balancers.

For a summary of what was covered, read on.

Key Points from the Webinar: Building a Layered Defense

Kurt opened by grounding attendees in what the LoadMaster solution is and how it fits into the broader infrastructure picture. He outlined that the LoadMaster load balancer solution is available as a hardware appliance, a virtual machine or a cloud-hosted instance, giving teams the flexibility to deploy in ways that suit their architecture.

He outlined how licensing follows a similarly flexible model. Organizations can choose subscription or perpetual licensing and Kurt highlighted that Progress recently introduced pooled licensing through LoadMaster 360.

Pooled licensing lets teams distribute available bandwidth across multiple LoadMaster instances, spin up new instances without going through procurement each time and then scale back down when demand drops, making per-application load balancing far more practical for organizations with varying or seasonal workloads.

LoadMaster 360 is a SaaS management layer that extends visibility across an entire suite of Loadmaster instances. It provides teams with consolidated insights into certificate health, application performance, authentication activity and security events. Kurt outlined that it was an essential addition to LoadMaster deployments, particularly when teams want to act on security data. 

LoadMaster 360 adds a management layer as a single pane of glass, providing your infrastructure management team with vital visibility into:

• Health and Performance - Real-time telemetry on application response times and server health.
• Certificate Management - Automated tracking of TLS/SSL certificates to prevent unexpected outages.
• Security Analytics - Consolidated dashboards that highlight blocked attacks and authentication trends.

Key Technologies for Delivering Zero Trust

The LoadMaster solution delivers four significant areas of functionality and technology for zero-trust:

Access Control Lists (ACLs)

Access Control Lists are a core part of the technology needed to implement zero-trust. The LoadMaster solution enables admins to allow or block access based on specific IP addresses or entire subnets. System admins can apply these rules at the global device level or at the individual virtual service level. This granularity helps lock down internal applications so that only users and devices on authorized corporate networks can attempt connections.

Web Application Firewall (WAF)

Moving deeper into the stack, Kurt discussed the WAF's capabilities. While ACLs examine "who" is connecting, the WAF examines "what" they are doing. It uses the OWASP Top 10 core ruleset to defend against common exploits such as SQL injection and cross-site scripting. Plus, you can add any additional rules you want to tailor the defense to your specific applications.

Key features of the WAF include:

• Custom Rule Creation - Tailor your defense to the specific needs of your application.
• IP Reputation - Leverage Progress' provided lists of known bad actors.
• Geographical Blocking – Helps block entire countries if you have no legitimate business reason to receive traffic from them. Note that sophisticated attackers will use botnets and VPNs in different countries to bypass geographical filters. You need multiple layers of defense in place.

Pre-authentication and SSO

AA core tenet of Zero Trust is "never trust, always verify." The LoadMaster solution supports this by handling authentication at the edge. By integrating with on-premises identity providers or modern solutions such as Azure Entra ID, the load balancer validates the user's identity before granting access to the back-end systems.

The LoadMaster solution supports robust verification methods, including Multi-Factor Authentication (MFA) and certificate-based authentication. For federal customers, it also supports Common Access Cards (CAC), helping maintain high levels of compliance.

Zero Trust Access Gateway (ZTAG)

Kurt's session also covered the innovative LoadMaster Zero Trust Access Gateway (ZTAG). This isn't a separate product but a sophisticated way to use LoadMaster's built-in content rules and policy engine.

The session demonstrated how ZTAG uses a PowerShell-based policy builder and XML files to create granular, policy-driven access controls. During the live demo, Kurt showed how this allows an organization to restrict AWS S3 storage traffic, granting "read-only" access to one security zone while allowing "read/write" access to another. And all managed via the LoadMaster load balancer.

Final Thoughts

The set it and forget it approach to security no longer works. Current threats require a dynamic, layered defense that adjusts to where your traffic flows. As Kurt demonstrated, the LoadMaster solution does much more than just distribute traffic. It acts as a gatekeeper by verifying every request.

We encourage you to watch the webinar recording to hear Kurt's robust overview of this topic and to see the demo, including the ZTAG policy builder in action. It provides a clear outline of how these technical solutions translate into real-world protection for your data and applications.