The industry group is offering $10,000 to the first person to break into former CIA Chief Technology Officer Bob Flores’ account, which is protected by the technology. As a sweetener, the organizers will publicly publish Flores’ username and password. Two previous challenges have yet to produce a breach, calling to mind the seemingly impossible-to-hack Gibson supercomputer from the 1995 film Hackers.
So what is a software-defined perimeter? In short, it manages network access by sending login requests through a central software controller, which grants access to cloud-based applications on a case-by-case basis, rather than to the network as a whole.
It’s one approach to solving the breakdown of classic approaches to network security, which focus on the perimeter around a company’s network — a little like building a wall around a city, but not hiring a police force. It works when users and applications are always in one place (and users can be trusted with full access), but has come under threat by the introduction of mobile devices and cloud applications.
“One concept we stole ideas from was software-defined networking,” says Mark Hoover, CEO of security startup Vidder, which makes a commercial product built on the CSA framework. “Software-defined perimeter builds access control from users to servers, similar to how SDN creates associations of servers.”
The approach requires software on end-users’ devices and uses device authentication to head off attacks using stolen credentials — the reason the CSA challenge’s organizers will give would-be hackers a valid password.
“The LAN was built for the enterprise of the 90s, not the 2010s,” says Hoover. “Now your users are all over the place; your applications are moving into the cloud. The physical model just doesn’t fit anymore.”
This post has been updated with additional information.
Check out our full RSA Conference 2015 coverage.