Software-Defined Perimeter: Identity-Based Security for Hybrid Environments
Written by Jason Garbis on December 18, 2017
I’ve talked a lot about what is a software-defined perimeter (SDP) and the benefits of SDP over network access control (NAC) solutions. At a high level, a software-defined perimeter looks like the following image.
And it offers:
SDP overcomes security issues compared to traditional TCP/IP.
TCP/IP was designed for a more open world
Its “connect, authenticate second” approach puts organizations at risk, and exhibits many security vulnerabilities:
The Software-Defined Perimeter stops attackers but allows authorized users connect
It takes an “authenticate ‑first, connect second” approach, ensuring that only authorized users can connect to network resources. This reduces the attack surface and significantly improves security:
Cyxtera AppGate SDP Implements the Software-Defined Perimeter Specification
Cyxtera AppGate SDP is a distributed, scalable and highly available architecture that is protected by Single-Packet Authorization
Here you can see how Cyxtera’s Software-Defined Perimeter solution works in a production environment:
• Controller integrates with PKI and IAM systems
• Controller is an authentication point and policy store
• System is administered via graphical admin console
• Secure client onboarding process
• Client authenticates to Controller
• Communication secured with mutual TLS
• Distributed Gateways protect cloud and network resources
• Clients securely access resources via Gateways with mutual TLS tunnels
• Real-time policy enforcement by Gateway
• Gateways dynamically adjust user access as systems change
• Controller continuously monitors for context changes, adapts entitlements accordingly
Want to see it in more detail? Download the Software-Defined Perimeter infographic.