Pulse Zero Trust Access:
Cloud-based Service for Hybrid IT

Enhance productivity. Simplify management.
Increase visibility. Mitigate risks.

Banner ZTA2

Securely Access Any Public, Private or Hybrid Cloud
Application and Data Center Resource

Cyberattacks, threat vectors, and data breaches have increased. Traditional security perimeters have morphed, and organizations must extend dynamic, on-demand application access to users without compromising security or sacrificing user experience. In the face of these challenges, enterprises must find effective and cost-efficient solutions to enable secure access for their increasingly remote and mobile workforce. With Pulse Zero Trust Access (PZTA), secure access in a Zero Trust world is possible.

Streamline multi-cloud & data center access
Column Icon

Users from any location can access any application from any device

Stateful user and endpoint compliance
Column Icon

Verify identify and device security posture before establishing a connection

Simplify access management
Column Icon

Single pane-of-glass visibility, rich analytics, and automated provisioning

Enhance access threat mitigation
Column Icon

Mitigate insider threats, external attacks, account compromise, and other access risks

End-to-End Zero Trust access
Column Icon

Authenticate users and devices prior to establishing

Pulse ZTA Advantages

The Pulse Zero Trust Access (PZTA) service enables diverse users from any location to easily, directly and securely access public, private, and multi-cloud applications as well as data center resources. Unlike other offerings, PZTA is a multi-tenant platform that offers organizations the most flexible deployment options, data privacy and sovereignty, and a seamless user experience. It monitors user and device security postures and provides analytics for end-to-end access visibility, risk scoring, and detection to mitigate malware propagation and data leakage threats. Best of all, PZTA coexists with our entire secure access portfolio, enabling organizations to deliver comprehensive secure access to their remote and mobile workforce.

Broad application support

PZTA supports HTTP and TCP/UDP-based applications, multi-factor authentication (MFA), single sign-on (SSO), and protected connectivity options for the widest array of use cases. Other vendors only offer HTTP and limited support - requiring workarounds and leaving legacy systems unprotected

Multi-tenant, Zero Trust access platform

The ZTA Controller is hosted by Pulse Secure and individual ZTA Gateways can be flexibly deployed closest to the applications on-premises or multi-cloud, for optimal performance, low latency, and a streamlined user experience

Data privacy and sovereignty

All user and application data is fully encrypted, and application data is never shared on the Pulse Secure-hosted data plane

Aligns with Cloud Security Alliance (CSA)

PZTA fully aligns with the CSA Software Defined Perimeter (SDP) architecture: a centralized ZTA Controller and ZTA Gateways that can be deployed on-premises or across multi-cloud. The resulting “Dark Cloud” support fortifies network micro-segmentation and thwarts attack propagation -- attackers can’t attack what they can’t see. Other solutions apply partial SDP specifications with workarounds and added components that introduce operational and security considerations

End-to-end analytics

PZTA takes access analytics further with built-in activity monitoring, risk scoring and threat detection that other SDP offerings do not. This approach can reduce malicious access and data leakage, expedite troubleshooting, and enable rapid response to issues and threats.

Continuous security posture verification

User and device security postures are constantly monitored and evaluated, improving an organization’s security profile and compliance based on well-vetted, accepted standards. . Failure to maintain the level of trust required to access an application could result in session suspension or termination

Avoid rip-and-replace

Many vendors suggest that organizations entirely replace their existing secure access solutions. This approach often yields access and applications gaps and introduces additional management overhead and access risks. PZTA works seamlessly with Pulse Secure’s existing remote, mobile and network access solution portfolio and Pulse Access Suites leveraging our unified, multi-tunnel Client for rapid deployment, simplified administration and superior user experience

Feature Highlights

Block Icon

End-to-end Zero Trust Architecture

Secure, direct device-to-application access anytime, anywhere

Block Icon

Continuous, stateful identity, device, and security authentication

Negates unauthorized user and vulnerable device access before session establishment

Block Icon

Flexible On-premises and Multi-Cloud Deployment

Deploy ZTA Gateways closest to applications for optimized performance and scale

Block Icon

Maximum data privacy and sovereignty

All user and application data encrypted between client and gateway

Block Icon

Single pane-of-glass administration

End-to-end visibility, automated provisioning, and unified policy enforcement

Block Icon

Broad Application Support

Segmented Layer 3 and 4, micro-segmented application-specific access, plus MFA and SSO

Block Icon

Adaptive security control

Extensive user and device attributes analyzed before and during access

Block Icon

Dark Cloud

User and device resource shielding – attackers can’t hack what they can’t see

Block Icon

User and Entity Behavior Analytics (UEBA)

Track, detect and respond to malicious and anomalous activity

Block Icon

Complete Data Sovereignty

All user and application data are fully encrypted. Application data is never shared with the Pulse Secure service

PZTA Architecture

PZTA offers users streamlined application access while allowing organizations to govern every request by automatically verifying identity, device and security posture before granting a direct, encrypted connection between that user's device and applications residing in public clouds, private clouds or data centers.

The PZTA service consists of the ZTA Controller, which is hosted and managed by Pulse Secure, the virtual ZTA Gateway that customers deploy on-premises or in the cloud, and the unified PZTA Client which runs natively on each user’s Microsoft Windows, Apple macOS and iOS, and Google Android device. PZTA Clients support simultaneous, protected connections to multiple applications.

Every direct device-to-application session requires explicit authentication and authorization, and each session is governed by a centrally deployed and managed policy. PZTA augments contextual and identity-centric policies with built-in User and Entity Behavior Analytics (UEBA) whereby attributes for every session are monitored and assessed, applying proprietary risk scoring algorithms to identify non-compliant, malicious and anomalous activity, and take expedited threat mitigation actions.

Flowchart of PZTA zero trust security model



  • Seamless anytime, anywhere direct device-to-application trusted connectivity for employees, contractors, and 3rd parties
  • Simple, streamlined, and secure user experience accessing applications on-premises or across multi-cloud, especially for BYOD
  • Automatic user and device authentication and authorization with stateful endpoint device verification for improved security compliance
  • Continuous anomaly and malicious activity detection and risk scoring to reduce data leakage risks
  • Micro-segment and isolate high-value applications to reduce insider threats and provide least-privileged access capabilities
  • Broad application support that includes HTTP and TCP/UDP-based applications for comprehensive usage
  • Cloud-native service with deployment flexibility and rapid implementation for improved operational efficiency
  • Single pane-of-glass visibility and automated provisioning for simplified management
  • Coexists with Pulse Secure’s remote, mobile, and network access solutions for transparent, uninterrupted, simultaneous access with investment protection

With its inherent deployment flexibility across on-premises and data centers, PZTA uniquely offers wide support for various organizations’ needs. Access is always streamlined for the user, and administrators retain fine-grained control of users’ and device access.

  • Zero Trust to Any Application, Anywhere
    Provide employees, contractors, 3rd parties, M&A businesses and organizations, partners, suppliers, and retail outlets with secure connectivity – from any device and from any location. PZTA ensures all access is checked for compliance before establishing a session (reducing the chance of malware penetration). Centrally deployed policies ensure that administrators retain complete control of who gets access to one or more applications.
  • Enhanced Compliance
    The ZTA Controller offers a single pane-of-glass for policy enforcement, management, and User Behavioral Entity Analytics (UEBA) reporting. All devices are thoroughly checked before and during each session. Given increased workforce mobility and BYOD, this enables network, security, and cloud teams to increase organizations’ security postures and compliance profiles.
  • Improved Risk and Trust Assessment
    PZTA enables organizations to better respond to changes in user session activity since every session is checked for device compliance and security posture, usage behavior, time of day and location. Administrators can restrict or suspend access based on these parameters, mitigating data loss and leakage risks.
  • Automated Anomaly Detection
    PZTA’s built-in anomaly detection applies proprietary risk scoring algorithms to every session, helping to identify malicious and anomalous activity. Any anomalous activity is flagged, logged, and displayed, allowing organizations to respond quickly and troubleshoot issues that arise.
  • Holistic Analytics
    Administrators can obtain a world-wide view of users and applications accessed. This offers rapid visualizations of the relationships between users, every device used, each application accessed, and the gateways used. Drill down to individual user groups and show their behavior and risk scores. View all events, logs, and reports that illustrate the scores, behavior, and usage.
  • Investment Protection
    PZTA coexists with Pulse Secure’s comprehensive Secure Access portfolio. It leverages the same client, so there’s no retraining or redeployment necessary. Existing users of Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) can simply add PZTA to their connection profile. Organizations can continue providing network-level access through PCS and now offer per-application access with PZTA – on a schedule of their choosing for their specific needs.

PZTA allows enterprises of any size to gain comprehensive Secure Access with a simple, scalable, cloud-native service that can be implemented in a matter of hours.

  • Provides deployment flexibility and cohesive policy management for enterprises migrating applications from data center to cloud
  • Offers comprehensive secure access capabilities to organizations with pure multi-cloud environments
  • Allows broad support for legacy applications and popular cloud apps such as Amazon, Atlassian, Box, Google, Microsoft, Oracle, Salesforce, SAP and Zoom
  • Offered with flexible, per-user subscription licensing, with volume and multi-year discounts available
  • Rapidly deployable and scalable implementation that fits virtually any organization
  • Client-initiated architecture provides extensive security and compliance, including remote and mobile workforces leveraging BYOD
  • Maximal data privacy and sovereignty with full encryption of all user and application data


GI 68083 Esg Logo

Enterprise Strategy Group

Pulse Secure SDP can be implemented on-premise or in the cloud and operated by the organization or as a managed or hosted service adding to deployment flexibility. Pulse Secure's solution portfolio, install base, and experience give it a bit of a leg up against the competition.

- Jon Oltsik, Senior Principal Analyst and Fellow, Enterprise Strategy Group

Logo Open Minded Copy


We are impressed with the Pulse Zero Trust Access service as it does offer users an easier means to access network and cloud applications while providing organizations greater hybrid IT access agility, oversight and management.

 - Herve Rousseau, Chief Executive Officer, Openminded

Macnica Networks Partner Logo

Macnica Networks Corporation

With demand of remote working and work-life balance increasing, this new cloud-based service released by Pulse Secure will enable enterprises fully adopt zero-trust networking with visibility, compliance, and user experience enhancements.

 - Jun Ikeda, Chief Executive Officer, Macnica Networks Corporation

Quadrant Knowledge Solutions Logo PNG Format File

Quadrant Knowledge Solutions

Pulse Secure has made significant investments to offer end-to-end visibility, ease of use, deployment flexibility, scalability, interoperability and automation capabilities within its Pulse Access Suites. Pulse SDP approach further extends its secure access capabilities in accordance with Zero Trust principles.

 - Piyush Dewangan, Principal Industry Analyst, Quadrant Knowledge Solutions


Axians Networks UK

Pulse ZTA promises to be a great solution to deliver this in an easily deployable offer, using much of our customers’ existing investment.

 - Andy Butcher, General Manager, Axians Networks UK

“With Pulse Secure, users are easily able to access internal resources securely. It’s also easier for us to show compliance during audits.”

System Administrator, Medium Enterprise Real Estate Company