How Appgate SDP Works

Appgate’s Software-Defined Perimeter architecture exceeds the NIST Zero Trust Architecture Specifications by delivering a truly superior Zero Trust access solution.

Watch How Appgate SDP Works

A Step-by-Step Walkthrough

Explore the workflow and core appliances of Appgate SDP

Verify
Identity
Grant
Entitlements
Permit
Access
Monitor for
Changes

Verify
Identity

Before any connection is made, the device and user must authenticate to the Controller, which evaluates a multi-dimensional identity profile.

User and Device Context:

User Roles & Projects
Time and Date
Location
Device Security Posture
Customizable Conditional Requirements

Grant
Entitlements

Based on the context and permissions associated with user or device, the Controller returns a cryptographically signed token back to the Client, which contains the authorized set of network resources.

Entitlements Adjust Based On Conditions and Risk

Trusted access
Limited access
No access

Software Defined Perimeter Entitlements 2x

Permit
Access

The Client uploads the Entitlement, which the Gateway uses to discover applications matching the user’s identity. When the user attempts to access a resource, the network driver forwards the token to the appropriate cloaked Gateway.

The Gateway:

Permits access
Denies access
Requires an additional action from the user, such as a one-time password

Once granted, all access to the resource travels from the Client across a secure, encrypted network tunnel to the Gateway, then through a micro-firewall to the only the approved resource.

Monitor for
Changes

Appgate SDP continuously monitors for changes to the user and device context. If context changes, the users' network and application entitlements dynamically adjust in real time based on policies.

Privileges Adjust Immediately:

Require additional authentication from the user
Restrict access to critical systems
Revoke access until resolution

Software Defined Perimeter Dyanmic Access 2x

Critical Features

Cloaked from Prying Eyes

Single Packet Authorization (SPA) makes your infrastructure invisible to minimize your attack surface. Unlike pinholes and open ports, with SPA you can’t attack what you can’t see.

Concurrent Access

Users gain seamless access to all entitled resources across heterogeneous environments without VPN switching. Avoid costly backhaul and latency with 1Gbps throughput that utilizes internet connectivity for high availability.

Dynamic Policy Resolution

Using plain language tagging and environmental meta-data, user policies remain in-sync with infrastructure regardless of underlying addresses or dynamic scaling.

Programmable & Adaptable

As an open platform, Appgate SDP includes a bi-directional API interface that integrates into the fabric of your organization, including: Identity and Access Management, Directory Services, ITSM, SIEM and Business Support Systems.

Ready to Go Deeper?

How to Implement

Learn More

Demo SDP

Start Now

Related Materials

Appgate SDP Overview

A detailed description of the features, functionality and core components of Appgate’s Software-Defined Perimeter

Read Data Sheet

SDP0307 Democast always on Website card 2x

Join Our Next Live Demo

Every Wednesday at 11am EST you can join a live session with an Appgate SDP engineer. See how the software works, solves for common use cases and get answers to your questions live.

Appgate Reference Architecture Wordwall Small 2x

SDP Reference Architecture

Illustrates and documents how Appgate’s Software-Defined Perimeter works within different network architectures

Read Whitepaper

Talk to a Secure Access Expert

Our team is available to help answer questions about remote access or Zero Trust, demo Appgate SDP solution and discuss pricing. How can we help you deliver secure access with confidence?