Vidder’s software works by isolating communications between applications and end-user devices. It takes applications off the public Internet and creates a real-time connection between the user and the application that exists only for the duration of that session and then disappears, explained Shawn Hakl, Verizon’s vice president of new products and innovation, earlier this year when he mentioned the company’s work with Vidder.
Servers are hidden from users until trust is established.
“The SDP is designed to stop all the big cyberattacks we see today,” said Junaid Islam, the CTO at Vidder. “When you turn on the SDP client the owner of the hardware is identified.”
The identity system then verifies that the owner of the hardware is ok, and it also specifies what that owner is allowed to do. It creates a process-to-process path in real time between the app on a particular device with the app on the server, whether in physical or virtual infrastructures.
“SDP not only lets the device in, but it determines what software programs are allowed to get through,” said Islam. “SDP is a network-based counter measure to cyberattacks. The network inherently blocks malware from propagating.”
Islam said this is made possible because the SDP client has an application router built into it. The network is actively blocking any packets not associated with the approved application.
Vidder’s SDP will run on Verizon’s VNS platform.
Verizon has only recently started touting VNS. The platform has evolved over the last couple of years. But Islam said, “The VNS is really about their universal CPE box. This box is a very fast server…They’ve created partitions in which they run gateway packages from different vendors. Their umbrella term is VNS. But it’s really this box that allows them to run different services.”
Verizon revealed its white box universal customer premises equipment (uCPE) earlier this year.
Although Islam said the uCPE is integral to Verizon’s VNS platform, the Vidder SDP security does not run on the uCPE, yet. “It will soon,” said Islam. “From a strategy standpoint, everything ends up on the VNS platform.” But he said Verizon is still working on automation and network management tools to install the software on its uCPE. “SDP from Verizon is available today,” he said. “You could manually load it onto a uCPE platform today. If you ordered it today we would probably put it in a cloud network.”
In addition to running virtual functions from security providers, Verizon’s uCPE will also run software-defined wide area networking (SD-WAN) from different vendors, including Versa and Viptela (which is now owned by Cisco).
“SDP is application-aware security,” said Islam. “SD-WAN is application-aware routing. You can put SDP on top of SD-WAN. You might not put SDP everywhere but selectively deploy it for apps that are very high value. SDP security builds on top of SD-WAN security. We’re trying to create this notion of a building a network that is secure instead of building a network and then making it secure.”