Gilroy, Koilpillai and Corrington discussed the emergence of Software Defined Perimeters (SDPs) called “Invisible Clouds” or “Black Clouds” as a new strategy for stopping and preventing cyberattacks on application infrastructure in enterprises and large Government organizations. Together they have developed new commercial and open source approaches to SDPs that combine on-device authentication, identity-based access and dynamically provisioned connectivity. While the security components in SDP are common place, the integration of the three components is groundbreaking. More importantly, the SDP security model has been tested and proven to stop all forms of network attacks including DDoS, Man-in-the-Middle, Server Query (OWASP10) as well as Advanced Persistent Threat (APT).
Corrington pointed to recent real world deployments of SDPs by large commercial organizations like Coca Cola, while Koilpillai broke news about Waverley Labs recently being selected to work with the DHS on the industry’s first open source SPD as part of a major DDoS initiative by DHS’ S&T Computer Science Division. DHS is supporting Waverley Labs new open source SDP as an innovative new component to protect against DDoS attacks.
“We are excited as we believe this marks the beginning of what we expect to be wide spread use of SDPs as the first layer in a new security paradigm,” Koilpillai said. “This first layer is to establish an undetectable application infrastructure. The primary objective of the SDP is to make the application infrastructure effectively ‘black’ or undetectable (hence the term ‘black cloud’) that shows no domain name system (DNS) information or IP addresses.”
Koilpillai provided some history on SDPs and how they are based upon protocols originally developed by the DoD and the NSA. She described the unique SDP specification and how it standardizes a “Need-to-Know” access model that has been deployed within the DoD for many years but rarely seen in the commercial world.
She described how it enforces device verification before authentication that was first published by NSA a decade ago but never commercialized, and how it promotes the use of Mutual TLS (Transport Layer Security), which is a great idea and standard that has yet to be widely adopted.
She emphasized that the result is the effective elimination of bandwidth denial of service, wireless and network attacks, and the top ten OWASP application attacks that have plagued companies for decades and continue to with increasing intensity.
Gilroy queried the two about the types of enterprises and Federal agencies that are the best candidates for deploying Black Clouds. Koilpillai and Corrington emphasized that any Federal agency that has data and applications that require the highest level of security in an unclassified or public environment should be considering SDPs. These types of environments and databases (health info, privacy info, financial info) are things that are not classified but are certainly proprietary and should secured in a much better way than they are currently.
Both also emphasized and described how an SDP could have stopped and prevented the high profile attacks like OPM, Anthem, and Target.
The show concluded with some predictions for where the Federal cloud is headed over the next five years, but to hear that you will need to listen to the Tech Talk podcast!
Thanks to John Gilroy and Fed News Radio for having us on the show. If you’re interested in learning more about the latest technology in the Federal marketplace, tune in to John’s show at 9 a.m. on Tuesdays or follow John on Twitter at @raygilray. For more information on Waverley Labs, visit http://www.waverleylabs.com.