Search
Appgate SDP

Appgate SDP Overview

Learn how the industry’s most comprehensive universal ZTNA solution strengthens security and transforms your network with the flexibility, extensibility and integration advantages of direct-routed architecture.

How Appgate SDP Works

Find out about the inner-workings of the most flexible and adaptable Zero Trust Network Access solution available today.

Zero Trust Platform
Integrations and Tech Partners
Appgate SDP for Developers
Use Cases for Securing:
Risk-Based Authentication
Overview
Learn how Risk-Based Authentication provides a frictionless, intelligent and data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web activity in real-time.
Secure Consumer Access for:
Digital Threat Protection
Overview
Discover how you can gain unparalleled threat visibility and the risk management tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our industry-leading Digital Threat Protection (DTP) solution.
SECURE NETWORK ACCESS

Jason GarbisDecember 18, 2017

Software-Defined Perimeter: Identity-Based Security for Hybrid Environments

Software-Defined Perimeter: Identity-Based Security for Hybrid Environments


I’ve talked a lot about what is a software-defined perimeter (SDP) and the benefits of SDP over network access control (NAC) solutions. At a high level, a software-defined perimeter looks like the following image.


And it offers:

  • Individualized perimeter for each user
  • Fine-grained authorization for on-premises and cloud
  • Contextual awareness that drives access and authorization
  • Simplified firewall and security group rules
  • The ability to dynamically adjust to new server instances
  • Consistent access policies across heterogeneous environments


SDP overcomes security issues compared to traditional TCP/IP.

TCP/IP was designed for a more open world

Its “connect, authenticate second” approach puts organizations at risk, and exhibits many security vulnerabilities:

  • Servers are subject to reconnaissance scans
  • Unauthenticated users can exploit servers
  • Systems are vulnerable to DDoS attacks
  • Unauthorized users consume server resources

The Software-Defined Perimeter stops attackers but allows authorized users connect


It takes an “authenticate ‑first, connect second” approach, ensuring that only authorized users can connect to network resources. This reduces the attack surface and significantly improves security:

  • All resources are invisible to potentially dangerous reconnaissance
  • Only authenticated users can connect
  • DDoS attacks are ineffective
  • Unauthorized users cannot impact servers

AppGate SDP Implements the Software-Defined Perimeter Specification


AppGate SDP is a distributed, scalable and highly available architecture that is protected by Single-Packet Authorization

Here you can see how AppGate’s Software-Defined Perimeter solution works in a production environment:


1

  • Controller integrates with PKI and IAM systems
  • Controller is an authentication point and policy store
  • System is administered via graphical admin console


2

  • Secure client onboarding process
  • Client authenticates to Controller
  • Communication secured with mutual TLS


3

  • Distributed Gateways protect cloud and network resources
  • Clients securely access resources via Gateways with mutual TLS tunnels
  • Real-time policy enforcement by Gateway
  • Gateways dynamically adjust user access as systems change


4

  • Controller continuously monitors for context changes, adapts entitlements accordingly


Want to see it in more detail? Learn more about Appgate SDP here

Receive News and Updates From Appgate