I often get a quizzical look when I first mention the Software Defined Perimeter. The reaction is typically, “Is that the same thing as a software defined network?”
This is understandable because Software Defined Perimeters (SDP) are new while Software Defined Networks (SDN) are becoming established. They can be utilized together or independently, and both will play important roles as we focus on reshaping network and security design and architecture to improve the decaying state of IT security.
By definition, SDN is an approach to computer networking that allows network administrators to manage network services through abstraction of higher-level functionality. SDNs manage the networking infrastructure. This is done by decoupling the system that makes decisions about where traffic is sent (the control plane) from the underlying systems that forward traffic to the selected destination (the data plane).
It is dynamic, manageable, cost-effective, and adaptable, making it ideal for the high-bandwidth, dynamic nature of today’s applications.
SDP, also called a “Black Cloud,” is a new approach to computer security which evolved from the work done at the Defense Information Systems Agency (DISA) under the Global Information Grid (GIG) Black Core Network initiative around 2007, and now being adopted by the Cloud Security Alliance for its membership. SDPs secure all connections to the services running on the networking infrastructure.
Connectivity in a SDP is based on a need-to-know model, in which device posture and identity are verified before access to application infrastructure is granted. Application infrastructure is effectively “black” (a DoD term meaning the infrastructure cannot be detected), without visible DNS information or IP addresses. SDP mitigates the most common network-based attacks and is particularly applicable for preventing distributed denial of service (DDoS) attacks.
So while SDN is the notion of establishing a dynamic networking infrastructure… getting users to connect point to point, fast and efficiently, with as much throughput as possible, SDP is about the ability to secure every connection at all layers of the network based on the level of security that you, the business owner, define and establish.
SDPs address a variety of different security controls and can be applied in variety of industries and particularly those that are highly regulated. They are ideal to work synergistically to optimize the security of an SDN but they can just as easily be deployed to protect conventional, legacy networks.
And while the SDP is a new architecture, there are already large commercial deployments for industry giants like Coca, Mazda, Google, and in the public sector as the DHS is developing the industry’s first open source version of the SDP.
It has been proven as 100% effective based on numerous hack-a-thons that have challenged the world’s best to hack an SDP – all unsuccessful.
To learn more, check out our white paper that looks at SDP from the perspective of preventing DDoS attacks.