Publications

Software-Defined Perimeter (SDP) and Zero Trust

A Zero Trust implementation using Software-Defined Perimeter enables organizations to defend new variations of old attack methods that are constantly surfacing in existing network and infrastructure perimeter-centric networking models. Implementing SDP improves the security posture of businesses facing the challenge of continuously adapting to expanding attack surfaces that are increasingly more complex. This paper will show how SDP can be used to implement ZTNs and why SDP is applied to network connectivity, meaning it is agnostic of the underlying IP-based infrastructure and hones in on securing all connections using said infrastructure – it is the best architecture for achieving Zero Trust. 

Multilevel Security Framework for NFV Based on Software Defined Perimeter (SDP)

The rapid increase in global IP traffic and the adoption of mobile devices have challenged network service providers to scale and improve infrastructure to meet this new demand. To improve return on investment for scaling networking infrastructure and capitalize on advancements in virtualization technologies, Network Function Virtualization (NFV) has been proposed. This paper describes the results of a combined NFV-Software Defined Perimeter (SDP) architecture as a framework to provide logical perimeters around these services, restricting network access and connections to the SDP-enabled Virtual Network Functions (VNFs) to trusted clients only. 

Performance Analysis of SDP For Secure Internal Enterprises

Security has become of paramount importance in recent times, especially due to the advent of cloud computing and Internet of Things. With so many devices in the mix, users have the choice of working from anywhere they want. But it also raises the possibility of being able to multiply the impact of any attack by using all devices at hand. Another important aspect to consider is the prevention of access to sensitive data by unauthorized users using authorized machines. Software Defined Perimeter (SDP) provides one such solution.

On IoT applications: a proposed SDP Framework for MQTT

In this work, the Software-Defined Perimeter (SDP) is considered for the Message Queuing Telemetry Transport (MQTT) protocol framework in the IoT applications. In fact, the SDP provides an additional layer of security with or without SSL/TLS by replacing the traditional login method (username/password) with a Single-Packet Authorization (SPA) process. This will blacken the end devices, by cloaking and causing them to be inaccessible by attackers. Consequently, this prevents the login information from being compromised in the absence of encryption. Eventually, the framework is evaluated through an implementation testbed and system proved to be secure against DOS active and off-line dictionary types of attacks, even with the use of weak login credentials. All the while, achieving measurable efficiency over the traditional use of MQTT.

On the Security of SDN: A Completed Secure and Scalable Framework Using the Software-Defined Perimeter

The widespread adoption and evolution of Software Defined Networking (SDN) have enabled the service providers to successfully simplify network management. Along with the traffic explosion, there is decreasing CAPEX and OPEX as well as an increase in the average revenue per user. However, this wide adoption of SDNs is posing real challenges and concerns in terms of security aspects. The main challenges are how to provide proper authentication, access control, data privacy, and data integrity among others for the API-driven orchestration of network routing. The proposed Integrated frameworks are examined through virtualized network testbeds. The testing results demonstrate that the proposed framework is malleable to both port scanning (PS) attack and Denial of Service (DoS) bandwidth attack. In addition, it clarifies some interesting potential integration points between the SDP systems and SDNs to further research in this area.

Engineering Digital Risk Protections Using Software Defined Perimeter

The current state of cyber security is slowly transforming from a compliance-based approach to a risk-based approach. This challenge is increasing the need for information security professionals to understand and be able to explain risk from a business perspective. To do this, requires an understanding of the differences between cyber security, cyber risk and digital risk. This paper addresses digital risk and how the Software Defined Perimeter (SDP) helps to reduce risk from cyber threats. 

 

Software Defined Perimeter to Prevent DDoS Attacks

The software defined perimeter (SDP) is a new and proven approach to cyber security that prevents network-based attacks, including but not limited to brute force large scale Distributed Denial of Service (DDoS) attacks. Software defined perimeter protects both legacy IT assets and cloud services of all classification levels. This white paper will inform Chief Information Officers (CIOs) of large organizations and agencies how the software defined perimeter works, map the technical design and workflow, describe all its features, identify the protections gained, introduce benchmarks and monitoring, and conclude with the anti-DDoS use case.

 

Customer Experience Leaders Must Step Up to the Cybersecurity Challenge

This research brief is a transcript of an interview between Connie Moore, Vice President, Research, at Digital Clarity Group, and Juanita Koilpillai, CEO and founder of Waverley Labs, and one of the co-founders of the Digital Risk Management (DRM) Institute. The interview focused on two nascent but important trends for 2017: cybersecurity collaboration and Software Defined Perimeter (SDP). It also underscores the importance of CMOs and other customer experience leaders taking immediate steps to get involved in cybersecurity planning and measures.

Software Defined Perimeter – Specification 1.0

This technical white paper describes the Software Defined Perimeter (SDP) protocol, which is designed to provide on-demand, dynamically provisioned, air-gapped networks. Air-gapped networks are trusted networks that are isolated from all unsecured networks and this may allow them to mitigate network-based attacks. The software defined perimeter can be used in government applications such as enabling secure access to FedRAMP certified cloud networks, as well as commercial enterprise applications such as enabling secure mobile phone access to public clouds.

NIST Cloud Computing Security Reference Architecture SP 500-299

This document helps to demystify the process of describing, identifying, categorizing, analyzing, and selecting cloud-based services for the cloud Consumer seeking to determine which cloud service offering most effectively addresses their cloud computing requirement(s) and supports their business and mission-critical processes and services in the most secure and efficient manner. It was developed as part of a collective effort by the National Institute of Standards and Technology (NIST) Cloud Computing Public Security Working Group and is referred to as NIST Special Publication 500-299. NIST was tasked by the U.S. Chief Information Officer with specific activities aimed at accelerating the adoption of cloud computing. The study collected, aggregated, and validated data for a Public cloud, considering all three cloud service models – Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS) – and all cloud Actors (i.e., Consumer, Provider, Broker, Carrier, and Auditor). The NCC-SRA is agnostic with respect to cloud deployment model, and its methodology can easily be applied to Private, Community, or Hybrid clouds.