Appgate SDP

Appgate SDP Overview

Learn how the industry’s most comprehensive universal ZTNA solution strengthens security and transforms your network with the flexibility, extensibility and integration advantages of direct-routed architecture.

How Appgate SDP Works

Find out about the inner-workings of the most flexible and adaptable Zero Trust Network Access solution available today.

Zero Trust Platform
Integrations and Tech Partners
Appgate SDP for Developers
Use Cases for Securing:
Risk-Based Authentication
Learn how Risk-Based Authentication provides a frictionless, intelligent and data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web activity in real-time.
Secure Consumer Access for:
Digital Threat Protection
Discover how you can gain unparalleled threat visibility and the risk management tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our industry-leading Digital Threat Protection (DTP) solution.

What makes Appgate SDP tick?

We know that you value flexibility. That's why Appgate SDP is the most versatile and feature-rich ZTNA solution ... so you can pick the right deployment model for you, your team and your organization.
any user / device / access point
on site users
remote users
Suppliers / Third Party
Unified Policy Engine
Identity Centric
single packet authorization (spa)
api integration
Least Privilege access
any resource / location
CLOUD (IaaS/Containers)
Any User, Any Device
Policy Decision Engine
Any Resource, Any Workload

Get more value with the Zero Trust platform

Powered by the industry’s most comprehensive ZTNA solution, the Zero Trust platform extends value-add to your operators of Appgate SDP so they can easily deploy and maintain a cohesive security ecosystem.

Explore Now

See Appgate SDP in action and ask questions live

Join us live every other Wednesday at 11am ET to experience a zero pressure live demo and ask questions of our ZTNA experts. We'll cover how it works, the architecture and core components of the solution and demonstrate the critical aspects of Appgate SDP. Join live or watch an on-demand recording at your leisure.

Register Now
A tablet with an open calendar for 2021 year on a 2021 09 02 07 10 49 utc 3x 2022 03 15 135051 somf

We’re just scratching the surface

If you want to learn how the Appgate SDP Zero Trust architecture weaves into the fabric of your IT and security ecosystem, explore our Zero Trust platform and integration library. Or, you can request a Zero Trust Network Access demo.

Enhance your Appgate SDP deployment
No matter your workflow, we got you covered.

Getting started step-by-step

No matter which deployment model works best for your organization, deploying Appgate SDP takes place in four primary steps.

  • Start where you are

    The Appgate SDP architecture is infrastructure agnostic and can be deployed anywhere resources need secure access. Deploy, monitor and maintain the SDP architecture through our as a service model or as a self-hosted deployment.

  • Develop ZTNA policies

    Create the rules that control any device or user’s access from any location and to any enterprise resource in a unified policy engine that simplifies configuration and management.

  • Onboard users

    Easy onboarding and seamless user experience are key to user adoption and reducing help desk requests. Select from client- or browser-based access options for complete user population coverage.

  • Launch automation

    Weave Appgate SDP into the fabric of your business and IT operations with bi-directional APIs that automate access. Extensive scripting capabilities give you the freedom to deploy security-as-code and mature DevOp practices.


Frequently asked questions

Don't see your question? Contact us anytime and one of ZTNA experts will get you the answer you need.

What are the core components of the Appgate SDP infrastructure?
We call this the Appgate SDP collective. The Appgate SDP architecture is infrastructure agnostic and can be deployed anywhere resources need secure access. The core component of Appgate SDP is the appliance. Appliances can be virtual or physical. Each appliance is configured to serve a role in the Appgate collective. The primary roles are Controller (the policy engine and decision point) and Gateway (the policy enforcement point).

Additional optional roles are:

- Connector (alternate enforcement point that enables branch office and IoT/OT security)
- Portal (to enable clientless, browser-based access)
- Log Server (built in ELK stack for log aggregation and reporting)
- Log Forwarder (aggregates logs and forwards to an enterprise SIEM or syslog server)

The Appgate SDP collective is designed for high availability, performance and linear scale for small to very large enterprise deployments. All appliances are delivered as a virtual machine at no cost and alternatively available as a physical device for an additional charge
What does Appgate SDP Controller do?
The Appgate SDP Controller role is the brains of the collective and acts as the policy engine and policy decision point (PDP). It manages the authentication, policies, conditions and entitlements granting access for all users, devices and workloads from a single dashboard or via API.
What does the Appgate SDP Gateway do?
The Appgate SDP Gateway role acts as the policy enforcement point (PEP). Gateways control the flow of access to protected resources. It dynamically builds session-based microfirewalls or microperimeters based on granted entitlements that limit lateral movement and attack surface.
What is single packet authorization (SPA)?
We call this cloaking the infrastructure. Single packet authorization (SPA) uses proven cryptographic techniques to make internet-facing resources invisible to unauthorized users. SPA makes enterprise resources invisible and enables the Appgate SDP collective to distinguish authorized and unauthorized connection attempts, while only needing to evaluate a single network packet. Only devices that have been seeded with the cryptographic secret will be able to generate a valid SPA packet, and subsequently be able to establish a network connection. This in essence is how SPA reduces the attack surface and makes the infrastructure invisible to adversarial reconnaissance. For more information, read the Appgate SPA blog.
How is connectivity between the user and gateway secured?
Once an entitlement has been granted, all traffic from the client to the gateway travels across a secure, encrypted network tunnel. All access is logged through the LogServer, ensuring that there’s a permanent, auditable record of the user access details. Appgate SDP leverages mTLS FIPS 140-2 compliant and third-party validated encryption on every connection to an authorized gateway - regardless of the user’s location.
What are microperimeters?
Appgate SDP builds individual just-in-time session-based “micro” firewalls or 1-1 connections between users and the resources they are authorized to access behind a gateway. This small set of individualized rules can be processed near-instantaneously to deliver ultra-high performance connections and throughput. These microperimeters provide least privilege access and reduces the attack surface.
Can Appgate SDP integrate with my existing security or business systems?
Yes. As an open platform, Appgate SDP is based on REST APIs allowing for seamless integration with other security tools, including IAM, Directory Services, EDR and SIEM, as well as business and workflow systems like an ITSM. This allows security professionals to create a cohesive security ecosystem and to build security into business processes.
Does Appgate SDP support both Up and Down rules?
Yes. Appgate SDP supports both up and down rules. Many solutions work well in use cases that require user/device policies to connect to resources, also known as “up rules.” However, most sophisticated security teams must support “down rules” that deal with interactions between a server, service, or resource “down” to the user device. Remote desktop support, centralized endpoint products (EPP/EDR/AV) and VoIP are good examples, where access control needs to flow in both directions.
Does Appgate support access to on-premises and cloud resources?
Yes. Appgate SDP is architected to protect private access across a complex hybrid IT environment including on-premises, in data centers, in one or more clouds (multi-cloud) or a combination of all three (i.e., a hybrid architecture) with a unified policy engine.
Is Appgate SDP a VPN?
No. Software-defined perimeter architectures are very different from VPNs. VPN has been traditionally used to provide remote workers with access to corporate resources, its only real security features are user authentication to the network. In comparison, Appgate SDP is fundamentally an identity-centric and security-driven solution, offering enhanced authentication and encryption while also adding other modern features that will increase security and reduce operational complexity. For more information read our VPN Replacement blog.

Featured Resources

Got ZTNA a question?

Want to see a demo? Interested in Appgate SDP? Want to take a deeper dive into how it works? We're happy to answer all of these questions and more—just fill out this form and one of our Zero Trust Network Access experts will be in touch directly.

Talk To An Expert