How Our Software-Defined Perimeter Works
Appgate’s Software-Defined Perimeter architecture exceeds the NIST Zero Trust Architecture Specifications by delivering a truly superior secure access solution.
Watch How Appgate SDP Works
A Step-by-Step SDP Walkthrough
Explore the workflow and core appliances that deliver secure access
Verify
Identity
Before any connection is made, the device and user must authenticate to the Controller, which evaluates a multi-dimensional identity profile.
User and Device Context:
- User Roles & Projects
- Time and Date
- Location
- Device Security Posture
- Customizable Conditional Requirements
Grant
Entitlements
Based on the context and permissions associated with user or device, the Controller returns a cryptographically signed token back to the Client, which contains the authorized set of network resources.
Entitlements Adjust Based On Conditions and Risk
- Trusted access
- Limited access
- No access
Permit
Access
The Client uploads the Entitlement, which the Gateway uses to discover applications matching the user’s identity. When the user attempts to access a resource, the network driver forwards the token to the appropriate cloaked Gateway.
The Gateway:
- Permits access
- Denies access
- Requires an additional action from the user, such as a one-time password
Once granted, all access to the resource travels from the Client across a secure, encrypted network tunnel to the Gateway, then through a micro-firewall to the only the approved resource.
Monitor for
Changes
Appgate’s Software-Defined Perimeter continuously monitors for changes to the user and device context. If context changes, the users' network and application entitlements dynamically adjust in real time based on policies.
Privileges Adjust Immediately:
- Require additional authentication from the user
- Restrict access to critical systems
- Revoke access until resolution
Explore SDP Further
Features That Make a Difference
Cloaked from Prying Eyes
Single Packet Authorization (SPA) makes your infrastructure invisible to minimize your attack surface. Unlike pinhole’s and open ports, with SPA you can’t attack what you can’t see.
Concurrent Access
Users gain seamless access to all entitled resources across heterogeneous environments without VPN switching. Avoid costly backhaul and latency with 1Gbps throughput that utilizes internet connectivity for high availability.
Dynamic Policy Resolution
Using plain language tagging and environmental meta-data, user policies remain in-sync with infrastructure regardless of underlying addresses or dynamic scaling.
Programmable & Adaptable
As an open platform, Appgate SDP includes a bi-directional API interface that integrates into the fabric of your organization, including: Identity and Access Management, Directory Services, ITSM, SIEM and Business Support Systems.
Choose Your Demo Preference
Get hands-on with Appgate SDP in our guided Test Drive, deploy in AWS for 15-days free, watch demo videos or request a customized demo for your organization. Choose your preference.
Explore Now
Remote Workforce Zero Trust Demo, Featuring Forrester
Watch DemoRelated Materials
Appgate SDP Overview
A detailed description of the features, functionality and core components of Appgate’s Software-Defined Perimeter
Read Data Sheet
SDP Reference Architecture
Illustrates and documents how Appgate’s Software-Defined Perimeter works within different network architectures
Read Whitepaper
Appgate SDP Visualized
A visual representation of how the core components of Appgate SDP architecture works to deliver secure access
View Infographic
Talk to a Secure Access Expert
Our team is available to help answer questions about remote access or Zero Trust, demo Appgate SDP solution and discuss pricing. How can we help you deliver secure access with confidence?