Appgate SDP

Appgate SDP Overview

Learn how the industry’s most comprehensive universal ZTNA solution strengthens security and transforms your network with the flexibility, extensibility and integration advantages of direct-routed architecture.

How Appgate SDP Works

Find out about the inner-workings of the most flexible and adaptable Zero Trust Network Access solution available today.

Zero Trust Platform
Integrations and Tech Partners
Appgate SDP for Developers
Use Cases for Securing:
Risk-Based Authentication
Learn how Risk-Based Authentication provides a frictionless, intelligent and data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web activity in real-time.
Secure Consumer Access for:
Digital Threat Protection
Discover how you can gain unparalleled threat visibility and the risk management tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our industry-leading Digital Threat Protection (DTP) solution.

Greg ShieldsApril 3, 2023

Inside ZTNA: The Secret Sauce of Better Single Packet Authorization

Much has been written about the basic concepts of single packet authorization (SPA), a sophisticated form of port knocking that helps cloak internet ports that if left exposed are easy targets for threat actors. And CSA’s Zero Trust Software Defined Perimeter (SDP) Specification guide elevates SPA as a key architecture design principle. So, when it comes to Zero Trust Network Access (ZTNA) built on SDP principles, what if the simplistic concept of SPA could be made even better than it already is?

Appgate SDP, our universal ZTNA solution built for complex enterprise networks, has a proprietary TCP/UDP SPA mechanism that leverages the best of both protocol options and can approve who on the network is able to “open the door” to your enterprise network. And that’s just one ingredient in our better “SPA secret sauce,” if you will.

Before diving deeper into what makes Appgate SDP’s SPA implementation better, you can find background on the topic in previous blogs: Why is Your Network’s Front Door Still Unlocked? and Make Resources Invisible with Single Packet Authorization.

Now let’s review key differentiation highlights of the SPA implementation built into Appgate SDP:

  • Isolated key distribution: Appgate SDP employs an overall protective key distribution system, which utilizes specific keys for each interaction. There are keys used for Clients to interact with Controllers, and these keys are unique from those used to communicate with the Gateways within a given site. Likewise, the inter-appliance interactions between Controllers, Gateways and other appliances are protected with unique SPA keys. 

    Zero Trust Network Access - ZTNA - Single Packet Authorization - SPA - Zero Trust Security - Enterprise Security
  • Spoof protection (revolving key assignment): Another important benefit of the Appgate SDP SPA approach over a typical SPA implementation is the fact that it does not leverage static keys for authorization requests. With static keys, a bad actor can spoof a SPA packet and gain access to the critical resource in question. The SPA implementation within Appgate SDP uses a revolving key, which means that within seconds a new key has been generated and a spoofed SPA packet is denied access because the key being spoofed is obsolete.

    ZTNA - SPA - Network Security - Single Packet Authorization - Zero Trust security
  • Replication protection: Each Appgate SPA message is also crafted in a special way so that malicious users cannot recreate it, replay it, or do any other action that would compromise each authorization interaction.

    SPA - Single Packet Authorization - Zero Trust access - ZTNA - Zero Trust security

And when it comes customers, it’s the “make resources invisible” benefits of single packet authorization and our robust implementation of it that they cite as one of the top reasons they love Appgate SDP.

For a SPA primer and the full list of what makes our SPA implementation unique, read the whitepaper which covers additional benefits including full verification of authorization, user protection behind NAT gateways, and ensured SPA delivery complete with SPA flow diagrams for the extra techy folks. And did you know that SPA also helps protect against DDoS attacks? Check out our whitepaper on that subject here.

Additional ZTNA resources

Video: Watch How Appgate SDP Works
Whitepaper: Today’s Top Cyberthreats and How ZTNA Protects Against Them
eBook: Securing the Hybrid Enterprise
Case study: Jellyvision Enables Secure Access Across Hybrid Environments

Receive News and Updates From Appgate