The Problem: A Traditional VPN Becoming a Risk
One of our client companies was in a critical situation.
They were suffering continuous cyberattacks targeting various internet-exposed services, directly impacting daily operations: slowdowns, frequent disconnections, and productivity losses.
The Weak Point?
A traditional VPN that was no longer adequate, difficult to manage, and incapable of providing real access control.
Moreover, the existing firewall did not allow blocking traffic based on geolocation (GeoIP), exposing the network to attacks from anywhere in the world.
The network was visible. And therefore vulnerable.
The Intervention: Zero Trust + Next-Generation Firewall
We decided to implement a multi-layered security strategy, completely invisible from the outside but easy to use for employees.
1. Secure Access with Twingate
We replaced the VPN with Twingate, a solution based on the Zero Trust paradigm.
Unlike traditional VPNs, Twingate does not expose any public ports and allows access only to verified users.
In practice: from the outside, the network is invisible.
2. Integration with Microsoft 365 (Entra ID)
To avoid managing new credentials, we integrated Twingate with Microsoft Entra ID (Azure AD).
This way, authentication happens through the existing Microsoft account and can easily leverage MFA (multi-factor authentication) for an additional layer of protection.
3. Advanced Firewall with GeoIP, IDS, and IP Reputation
We also upgraded the firewall to a next-generation model equipped with:
- GeoIP filters to block access from unauthorized countries
- IDS/IPS, intrusion detection and prevention systems
- Real-time updated databases of malicious IPs
The Results: Zero Trust Security Without Compromise
The new infrastructure brought immediate benefits:
● DoS attacks fully mitigated
● No public ports exposed = network invisibility
● Centralized and secure access with Microsoft Entra ID
● Greater visibility on who accesses, when, and from where
● No impact on user experience for employees
From Vulnerable VPN to Zero Trust Infrastructure
This intervention demonstrated that true security starts with visibility (which attackers must not have) and centralized access control.
If you are still using a traditional VPN today, or if your firewall does not allow proactive blocking of attacks, it’s time to rethink your approach.
Is your network visible on the internet?
It might be visible to those who shouldn’t see it.
Learn more about the Centurio method and discover how we can make your infrastructure invisible, monitored, and secure.
