Search
Appgate SDP

Appgate SDP Overview

Learn how Appgate SDP reduces risk and complexity, and why it's the industry's most comprehensive Zero Trust network access solution.

How Appgate SDP Works

Find out about the inner-workings of the most flexible and adaptable Zero Trust Network Access solution available today.

Zero Trust Platform
Integrations and Tech Partners
Appgate SDP for Developers
Use Cases for Securing:
Risk-Based Authentication
Overview
Learn how Risk-Based Authentication provides a frictionless, intelligent and data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web activity in real-time.
Secure Consumer Access for:
Digital Threat Protection
Overview
Discover how you can gain unparalleled threat visibility and the risk management tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our industry-leading Digital Threat Protection (DTP) solution.
SECURE NETWORK ACCESS

Jason GarbisApril 24, 2019

Service Providers: Don’t Be the Weakest Security Link

The understanding that third parties come with their own security risks is crucial to creating a strategy that ensures service providers aren't susceptible to attacks that can turn their own defense systems against them.


In today’s threat environment, enterprises must take a holistic approach to understanding their security posture. This means organizations cannot just protect their own networks and users – they must also consider third-party security risks.

These risks, unfortunately, are not theoretical. Earlier this month, KrebsOnSecurity reported that India-based IT outsourcing and consulting firm Wipro’s IT systems were compromised and used to launch attacks against their customers. Wipro’s customers found malicious and suspicious network activity in their partner systems that communicate directly with Wipro's network. The very company assigned to manage and secure its customers’ systems was inadvertently infecting them with malicious software.

It appears the same hackers have targeted Infosys and Cognizant, so Wipro surely will not be the last such victim. Managed service providers should be on high alert. So what can be done to limit cybersecurity risks so institutions do not become the weakest link in their customers’ security posture? We recommend three core principles:

1. Limit Access, Enforce Controls


The traditional perimeter-based approach to network security is failing to adequately protect organizations. Security tools such as VPNs, firewalls, and Network Access Control (NAC) don’t properly manage access controls, meaning enterprises are using them to control access in an all-or-nothing fashion. The result is that authenticated users typically have overly-broad network access, increasing the attack surface area and allowing wide-reaching breaches like the one at Wipro.

As a service provider, restricting users’ access to customer networks should be done by implementing an identity-centric, Zero Trust approach like a Software-Defined Perimeter (SDP). An SDP is designed around the user and addresses the shortcomings of the traditional network security methods. It limits access by using a need-to-know model, in which device posture and identity are verified before access to a network or application is granted. This helps reduce the attack surface by creating a discrete, encrypted network segment of one, making everything else invisible and inaccessible. The key is to focus on identity, context, and multi-dimensional user profile verification, and to grant access privileges based on attributes that you control. With SDP, you can ensure that your users only have access to customer networks when they require it – for example, driven by a business process such as a Service Desk ticket. This ensures appropriate business processes are being followed and can prevent malware from spreading into customer networks.

2. Secure the IoT Wildcard


Limiting network access is a good start, but it means nothing if the actual devices are not secure. We live in an Internet of Things (IoT) world; the ease and simplicity with which IoT devices can be onboarded and connected makes them a massive security risk. Add the fact that once online, those devices are typically “always on”, and attackers now have 24/7 access to this attack surface. It’s the perfect storm for additional vulnerabilities: IoT devices are notorious for having security issues, maintaining default credentials, and for an inability to be patched or upgraded.

Organizations must secure unmanaged and undermanaged IoT devices with a 360-degree perimeter protection approach. A solution such as Appgate SDP IoT Connector secures these unmanaged IoT devices, restricts lateral movement, and reduces the network attack surface – allowing you to leverage the full power of smart devices without putting your networks (or your customer networks) at risk.

3. Hybrid Environment Security


Managed service providers often need to support a wide range of customer environments, including clouds, both public and private, and hybrid architectures. You not only need to be nimble and adaptable, but also secure. It is important to adopt a Zero Trust model that is provider-agnostic and compatible with hybrid environments that encompass cloud, hosted, and on-premise. Implementing a solution that allows for user access entitlements and policies to work across data centers and cloud environments prevents you from having to manage different security plans for each environment. Appgate SDP is a Zero Trust access solution with granular controls that is cloud-friendly. Its Live Entitlements are flexible, easy to build and define, and leverage cloud providers’ metadata to make access decisions.

Conclusion


Third-party risk is not new, but today we are entering new territory with this type of high-profile and successful attack on service providers.

Your customers know that a successful cybersecurity defense needs to look beyond the boundaries of their organization and include high standards for any third-party service providers with access to their networks. As a service provider, your customer relationships are built on trust – your customers trust you and your employees to access and manage their systems while keeping them secure.

In our world of heightened risk, increasing your organization’s defensive capabilities and maturity level is not just good security, it’s good for business. Using a modern SDP architecture can be a differentiator for your firm, and a foundation for stronger trust between you and your customers. That’s a winning proposition for all parties.

Receive News and Updates From Appgate