Secure Access

AppGate SDP

Secure your enterprise

AppGate SDP delivers the industry’s most comprehensive Software-Defined Perimeter solution. It is a proven, more secure alternative to traditional VPNs, so-called next-generation firewalls and NACs.

LIVE ENTITLEMENTS: DYNAMIC, CONTEXT-SENSITIVE ACCESS POLICIES

Your users are dynamic – they need to work anywhere at any time. AppGate SDP replaces static access rules with live entitlements – dynamic, context-sensitive access policies. Live Entitlements allow you to dynamically change your security based on what your users are doing, where and when. This fine-grained access control ensures individual users access only what they need to do their jobs. You benefit from consistent, automated security and remove the human error factor.

Live Entitlements evaluate whether the user can access the production SAP server database based on a variety of criteria, such as:

CYX_appgatesdp_keyfeatures_infographic_1.svg#asset:1940

A Software-Defined Perimeter uses Live Entitlements to evaluate a user's situation before granting access. In this case, the administrator sets a policy that considers three attributes - identity, project/time, and location.

CYX_appgatesdp_keyfeatures_infographic_2.svg#asset:1941

AppGate SDP determines what network resources the user can access based on those attributes. AppGate SDP "learns" what resources exist in the network. It does this by importing a fixed list of IP addresses, using the auto-resolver or APIs.



Live Entitlements automatically and constantly adjust access based on a user’s identity and environment without manual interactions. When a user’s context changes, access to network resources change in real time based on access criteria pre-determined by your administrators. These criteria are easily configured and can be based on a wide range of information about the user, device and environment. 

AppGate SDP also integrates with existing enterprise operations and business systems. The RESTful API allows you to incorporate any external system as you build access policy around your business, rather than the other way around. Regardless of how your hybrid environment changes, AppGate SDP ensures consistent, secure access across all workloads.

Fine-grained, individualized network access

Traditional network security like VPNs or firewalls connect various roles or groups to a network segment and then rely on application level permissions for authorization. AppGate SDP is fundamentally different. It uses a real-time understanding of policy to create individualized perimeters for each user.

AppGate SDP ensures that all endpoints attempting to access a given infrastructure are authenticated and authorized prior to being able to access any resources.

Once authorized, AppGate SDP creates an encrypted tunnel – a “Segment Of One” – allowing traffic to flow only from the user device to the protected resource.
Even while the session is open, live entitlements detect changes in the posture of the user, his or her environment and infrastructure, including changes in the cloud, and automatically adjust access privileges. AppGate SDP can force a step-up authentication or terminate the session completely based on newly detected changes.

AppGate SDP’s Ringfence feature further isolates and protects both the protected resource and the user device from all inbound connections by securing the latter from inbound connections. It’s useful for deploying devices onto untrusted networks such as a coffee shop or airport’s WiFi. Access to internal resources can be granted without concern about malicious users on the local network. Local outbound traffic (DNS, etc.) is untouched.

Benefit from secure, encrypted user traffic that changes based on your users identity and device.

Completely cloaked from prying eyes

Single-Packet Authorization technology cloaks infrastructure so that only verified users can communicate with the system. It’s invisible to port scans and cryptographically hashed as further defense. Gateways and controllers are completely cloaked so they cannot be probed, scanned, or attacked. So, a port scan of the system would show NO open ports. This significantly reduces the network attack surface by preventing network reconnaissance and limiting lateral movement on the network.

Cloud Native, Cloud Scale

AppGate SDP is cloud and hybrid native. This massively scalable system provides consistent security across all your workloads and applications - on dedicated infrastructure as well as public clouds including AWS and Azure. AppGate SDP is not simply a modified perimeter-based device placed into a virtual machine. It is engineered to operate natively in cloud networks, with a network architecture that is completely decentralized, distributed and stateless. Gateways can be deployed anywhere and combined to deliver hyper scale, high performance, and highly available network throughput.

This approach is as scalable as the internet itself, hybrid native and cloud agnostic, yet completely compatible with existing networks. Users can connect to unlimited resources simultaneously, unlike perimeter-based solutions that require massive WAN links to connect diverse backend networks. It integrates with and augments your existing enterprise class network and security infrastructure such as SIEM and IAM.

AppGate SDP is built from the ground up to be highly resilient and scalable to support enterprise-grade, mission-critical and global environments.

How it worksUse Cases