Appgate SDP

Appgate SDP Overview

Learn how the industry’s most comprehensive universal ZTNA solution strengthens security and transforms your network with the flexibility, extensibility and integration advantages of direct-routed architecture.

How Appgate SDP Works

Find out about the inner-workings of the most flexible and adaptable Zero Trust Network Access solution available today.

Zero Trust Platform
Integrations and Tech Partners
Appgate SDP for Developers
Use Cases for Securing:
Risk-Based Authentication
Learn how Risk-Based Authentication provides a frictionless, intelligent and data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web activity in real-time.
Secure Consumer Access for:
Digital Threat Protection
Discover how you can gain unparalleled threat visibility and the risk management tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our industry-leading Digital Threat Protection (DTP) solution.

Arlette HartFebruary 5, 2024

CISO Perspectives: Ivanti VPN CVEs and Zero-day Exploits Reinforce Top Reasons to Move to Universal Zero Trust Network Access 

Four Ivanti CVEs … wow, what a hard place to be. But these are just the latest zero-day critical infrastructure exploits to underscore the inherent security flaws of VPNs. Last Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an unprecedented emergency directive mandating all federal agencies disconnect Ivanti appliances in 48 hours. So, how many more critical VPN CVEs will it take for IT and security teams to scrap open port, risky VPNs in favor of cloaking infrastructure with proven universal Zero Trust Network Access (ZTNA)?

Initially, Ivanti Connect Secure and Policy Secure flaws surfaced in mid-January. They were actively being exploited by Chinese-backed hackers. The flaws were a command injection bug (CVE-2024-21887) and an authentication bypass flaw (CVE-2023-46805). Two more vulnerabilities (CVE-2024-21888 and CVE-2024-21893) were reported by Ivanti last week.

These Ivanti CVEs (Common Vulnerabilities and Exposures) serve as a stark reminder of VPN weaknesses and the dangers of exposed infrastructure. Despite the urgency to fix the issues—not just for government agencies, but for all Ivanti customers—Ivanti’s challenges have been compounded by delays in a staggered patch release schedule currently projected to end the week of Feb. 19.

Cloak your infrastructure with universal Zero Trust Network Access

Let’s face it, those very devices meant to keep you safe can shift and become the source of the attack ... what happens when the cybersecurity appliances ARE the attack vector? Cybersecurity 101: make sure your protection devices are not the path for exploitation.

During my career, including serving six years as FBI CISO, I became keenly aware that we must find a different way. The answer isn’t waiting on an exploit to be discovered so a vendor can issue a patch. The answer is for federal agencies and private enterprises to cloak their infrastructure with universal Zero Trust Network Access (ZTNA) so hackers can’t see the infrastructure ... if they can’t find it, they can’t attack it.

And Appgate SDP—our industry-leading ZTNA solution trusted by the DoD, other federal agencies and global enterprises—does just that with proprietary single packet authorization (SPA) technology. This means even if your authorized users are compromised, threat actors can’t scan for additional systems to move laterally, because those systems are cloaked and the infrastructure itself is invisible. This whitepaper is a SPA primer and includes a full list of what makes the SPA implementation in Appgate SDP unique.

What’s next?

The Ivanti vulnerabilities are a clarion call that highlights a trend we’ve been tracking here at Appgate ... advanced persistent threat tactics used by adversaries have shifted from targeting endpoints to targeting exposed infrastructure. We need a sense of urgency when it comes to protecting our enterprise house because most organizations will never be as fast as the adversary, especially state-sponsored efforts that employ vast resources.

We can’t pretend that legacy solutions, like internet-facing VPNs, are secure and that castle and moat strategies still work. It’s simply not enough. CISOs and their teams must take the next step to cloak enterprise infrastructure with the only universal ZTNA solution with SPA built in ... and that’s Appgate SDP.

Want to learn more? Register to join our monthly ZTNA Table Talks learning sessions or visit our Zero Trust access Demo Hub.

Additional ZTNA resources

Comparison Guide: Cloud-routed vs. Direct-routed ZTNA: What’s the Difference?
Analyst report: 2023 Nemertes Real Economic Value of Appgate SDP
Blog: Universal ZTNA Advances Enterprise Innovation, Reduces OpEx and Simplifies Security
eBook: Zero Trust Maturity Model Roadmap

Receive News and Updates From Appgate