Search
Appgate SDP

Appgate SDP Overview

Learn how the industry’s most comprehensive universal ZTNA solution strengthens security and transforms your network with the flexibility, extensibility and integration advantages of direct-routed architecture.

How Appgate SDP Works

Find out about the inner-workings of the most flexible and adaptable Zero Trust Network Access solution available today.

Zero Trust Platform
Integrations and Tech Partners
Appgate SDP for Developers
Use Cases for Securing:
Risk-Based Authentication
Overview
Learn how Risk-Based Authentication provides a frictionless, intelligent and data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web activity in real-time.
Secure Consumer Access for:
Digital Threat Protection
Overview
Discover how you can gain unparalleled threat visibility and the risk management tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our industry-leading Digital Threat Protection (DTP) solution.
SECURE NETWORK ACCESS

Jason GarbisMay 16, 2017

How to Prevent Wildfires

WannaCry, Cyberattacks and the Software-Defined Perimeter


As has been widely reported, the WannaCry ransomware worm has exploded across the Internet in the past few days.

Infecting more than 200,000 systems in 150 countries, this attack has caused a great deal of economic harm, ruined weekends for harried IT and InfoSec staff and quite literally put lives at risk with the virtual shutting-down of Britain’s National Health Service.

WannaCry and its variants spread primarily through a vulnerability in unpatched Windows systems with exposed file-sharing ports. Most infected systems appear to be on internal corporate networks, which tend to be wide open targets for malware. Some vulnerable systems are directly exposed to the Internet, which can serve as an easy entry point to a corporate network. Because of this, in many ways this ransomware has spread like a pandemic of a highly contagious disease – with infections not only spreading within a local community–the corporate network–, but also actively expanding to neighboring systems by scanning for and actively infecting vulnerable exposed hosts across the internet.

While we’re never going to be able to prevent malware from obtaining a foothold in our organizations, we absolutely can limit its “blast radius”. WannaCry is a horrific example of why network access needs to be treated as a privilege – the damage we’re seeing is the direct result of leaving network access controls too open and too unmanaged.

Organizations need to act now, and to aggressively put in place active policies around “who can access what, and under which conditions,” and have this enforced through automated policies at the network level. Automation is key – enterprise environments are simply too complex, heterogeneous, and dynamic for this to be attempted manually.

Specifically, security teams need to look at new, dynamic approaches such as the software-defined perimeter. This security architecture not only treats network access a granted on a zero-trust or “need-to-know” basis, it automatically adjusts user access based on policies and context. For example, it can quarantine or block user workstations that don’t have the latest OS patch installed, don’t the correct anti-virus signatures running, or on which the malware is detected. It also can support fine-grained network segmentation to contain the blast radius of an attack, restricting the ability of the worm to move laterally. Said differently, each user will only have access – via a segment of one – to explicitly assigned network resources. This will prevent infected remote or third-party systems from infecting a network, unlike a traditional VPN.

A software-defined perimeter can even be configured to adapt in response to the overall security ecosystem – for example, having a policy that automatically quarantines all unpatched workstations if the system is in “Red Alert” mode, like today. (In yellow or green states, the policy might only warn the user that a patch is encouraged, for example). This is a good example of a security policy that balances risk with user productivity – and avoids interfering with users unless the situation warrants it.

Unfortunately, as we all know, this won’t be the last such aggressive cyber-attack. Now is the time for organizations to not only ensure they have the basics in place, but to use this crisis as a catalyst for changing the way they’re approaching network security. Learn more about how the Software-Defined Perimeter security architecture works and how it can help your organization be better prepared for the next such attack.

Jason Garbis is Vice President, Products for Appgate. He is leading the development of the SDP specification version 2 for the Cloud Security Alliance’s Software-defined Perimeter working group.

Receive News and Updates From Appgate