Software Defined Perimeter (SDP) to Prevent DDoS Attacks

White Paper Author

Juanita Koilpillai, Founder and CEO of Waverley Labs.

Abstract

The software defined perimeter (SDP) is a new approach to cyber security that prevents network-based attacks. It protects both legacy IT assets and cloud services of all classification levels. It works by hiding critical IT assets within an undetectable, invisible, black cloud, whether the assets are on premise or in a public or private cloud, a DMZ, a server in a data center, or even inside an application server.

SDP uses a combination of tried and true security protocols that were previously not integrated together until the Department of Defense (DoD) announced them working in concert. The Cloud Security Alliance adapted the generalized DoD workflow but modified SDPs for commercial use and made it compatible with existing enterprise security controls. Where applicable, SDP follows NIST guidelines on cryptographic protocols and securing applications in the cloud. Department of Homeland Security (DHS) is now funding the development of an open source version of the SDP for both public and private organizations to defend against Distributed Denial of Service (DDoS) attacks. Other uses of the SDP beyond DDoS protection are mentioned and will be covered with greater depth in future white papers.

This white paper will inform Chief Information Officers (CIOs) of large organizations and agencies how the software defined perimeter works, map the technical design and workflow, describe all its features, identify the protections gained, introduce benchmarks and monitoring, and conclude with the use case.