How to know which one is right for you?
Verizon is now offering a Software Defined Perimeter (SDP) in a software-as-a-service (SaaS) delivery model. It is significant as it allows Verizon to offer private access to Verizon customer applications and also marks broad recognition and validation of the SDP as a game changing development in IT security.
Verizon’s SDP is an ideal virtual private network (VPN) solution for customers who utilize multi-factor authentication (MFA) and VPNs to manage access, and for enterprises that need to update their solution architecture to include CASB and other mobile/cloud needs. Typically, these organizations primary consideration is the need to simply replace what exists with something that is more flexible, and easy to implement and manage. This is one way to qualify the use of the SDP.
There is another type of SDP for large enterprises with highly critical applications and infrastructure that are network-exposed to a broad combination of internal and external users. For these organizations, typically the primary consideration is the need to mitigate threats of discovery, reconnaissance, attack, lateral movement and credential theft that could compromise the application. In this situation, a customized, API-based version of SDP that incorporates their specific requirements would be the preferred solution.
These comprehensive, enterprise-grade SDPs go beyond simple MFA and VPN integrations to:
- Enable risk reduction by reducing the attack surface and therefore the exposure to cyber attacks
- Protect critical assets/infrastructures by separating the access control and data planes to render them ‘black’ and blocking potential network-based attacks
- Provide an integrated security architecture that is hard to achieve today with the various security point products. It integrates:
- Applications that are user-aware
- Devices that are client-aware
- Firewalls/Gateways that are network-aware
- Provide a connection-based security architecture (as opposed to an IP-based one) that is designed for the scalability necessary for today’s explosion of IPs and loss of the perimeter with the use of cloud environments
- Allows you to ‘control’ all connections as it is aware of who connected, from what device, to what service/infrastructure – a task that is currently very expensive.
For those interested in learning more about using SDP to protect critical applications and infrastructure check out this white paper.
Also feel free to check out the industry’s first open source reference implementation of SDP developed by Waverley Labs. The reference architecture and repository can be accessed and downloaded here.