Search
Appgate SDP

Appgate SDP Overview

Learn how the industry’s most comprehensive universal ZTNA solution strengthens security and transforms your network with the flexibility, extensibility and integration advantages of direct-routed architecture.

How Appgate SDP Works

Find out about the inner-workings of the most flexible and adaptable Zero Trust Network Access solution available today.

Zero Trust Platform
Integrations and Tech Partners
Appgate SDP for Developers
Use Cases for Securing:
Risk-Based Authentication
Overview
Learn how Risk-Based Authentication provides a frictionless, intelligent and data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web activity in real-time.
Secure Consumer Access for:
Digital Threat Protection
Overview
Discover how you can gain unparalleled threat visibility and the risk management tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our industry-leading Digital Threat Protection (DTP) solution.
SECURE NETWORK ACCESS

Jason GarbisJanuary 31, 2018

Cisco’s Critical VPN Vulnerability Fuels the Mandate for Software-Defined Perimeters

Cisco’s Critical VPN Vulnerability Fuels the Mandate for Software-Defined Perimeters


Cisco’s critical security vulnerability
in its SSL VPN solution, Adaptive Security Appliance (ASA), is the latest proof that it’s time for a different approach to traditional network security.

Traditional VPNs like Cisco’s expose an open port to the internet, so that any remote user on the planet can connect to it. Due to this vulnerability, unauthenticated attackers can remotely execute code on the VPN box and potentially gain access to the corporate network.

Hundreds of thousands of these Cisco devices are deployed worldwide. And unfortunately there are no workarounds – organizations must manually identify and patch all Cisco ASA VPN servers to address this vulnerability.

Rod Soto, director of security research at JASK told SC Media the vulnerability is serious because the flaw means VPN devices can be probed from anywhere on the internet without the need of software or pre-existing certificates. He said:

“This is added to the fact that you can run commands via the web interface, which makes it even more dangerous. Attackers could use this to gather info on accounts, reset passwords or create their own and then access the affected companies' networks, or use routing commands to pivot from these devices or reroute traffic.“

Cloak the System from Attackers

This kind of vulnerability is exactly why organizations need to use a Software-Defined Perimeter (SDP). It addresses the perimeter-less enterprise by dynamically creating one-to-one network connections between users and the data they access.

According to Gartner*:

“Network designs that expose services and accept unsolicited connections present too much risk. Not meant for a complex and interconnected world, they're now obsolete… Favor software-defined perimeters (SDP) and other isolation technologies capable of precise, context-based, application-level access only after successful authentication.”


With an SDP, anyone attempting to access a resource must authenticate first. All unauthorized resources are invisible. This applies the principle of least privilege (or zero trust) to the network. This also completely reduces the attack surface.

AppGate's Software-Defined Perimeter solution, includes Single-Packet Authorization that’s specifically designed to solve critical vulnerabilities that expose services such as VPNs to unauthorized users. This feature cryptographically cloaks the infrastructure so that only verified users can communicate with the system, making it invisible to port scans.

Software-Defined Perimeter: A Matter of When, Not If


If a widely deployed security product from a well-regarded company can have such a vulnerability, imagine the other unknown vulnerabilities that exist in all your other internet-facing services.

The fundamentally open nature of TCP/IP is a risk that security organizations must overcome - now. The Software-Defined Perimeter is no longer a nice to have. It’s a practical and proven alternative for organizations that rely on VPNs to gate access their network.

Learn more about Appgate SDP

*Gartner, It's Time to Isolate Your Services from the Internet Cesspool,Refreshed: 17 November 2017 | Published: 30 September 2016

Receive News and Updates From Appgate