What is AppGate SDP?
AppGate SDP is a Software-Defined Perimeter solution that is:
1. Designed around the individual: authentication and authorization are based on the person, environment and infrastructure. It’s context-aware, dynamically adapting access based on environmental, infrastructure or organizational changes.
2. Built for the cloud: it’s distributed and stateless, built for hyper scale, with a micro-services architecture.
3. Based on the zero-trust model: It takes an “authenticate first, connect second” approach, ensuring that only authorized users can connect over an encrypted connection to network resources. This reduces the attack surface and significantly improves security.
AppGate SDP delivers fine grained access control by dynamically creating a network segment of one that’s tailored for each user session. It adjusts access automatically based on changes in context while hiding all network resources – except those that the user is authorized to see. By making the rest of the network invisible, enterprises can simplify their security infrastructure, while granting access with confidence.
AppGate SDP policies make access decisions based on attributes from the person – user device, anti-virus, department, group membership, app permissions; the environment – location, time, security posture; and the infrastructure – network analytics, security groups, tags, host-names. It’s dynamic and scriptable, and encrypts one-to-one connections between the user and application or service.
Superior integrations with SIEM and IDS systems builds bridges among security tools. The result is improved security and more efficient compliance reporting.
How Does AppGate SDP Work?
AppGate SDP is designed to provide on-demand, dynamically provisioned secure network segmentation and ensures that all endpoints attempting to access a given infrastructure are authenticated and authorized prior to being able to access any resources on the network. All unauthorized network resources are made inaccessible. This not only applies the principle of least privilege to the network, it also reduces the attack surface area by hiding network resources from unauthorized users.
Client devices authenticate to the Controller, which evaluates credentials, and applies access policies (based on the person, environment and infrastructure). The Controller returns a cryptographically signed token back to the Client, which contains the authorized set of network resources.
When the user attempts to access a resource – for example by opening a web page on a protected server – the network driver forwards the token to the appropriate cloaked Gateway, which then applies additional policies in real time – for example, to control access based on network location, device attributes, or time of day. The Gateway may permit access, deny access, or require an additional action from the user, such as prompting for a one-time password.
Once granted, all access to the resource travels from the Client across a secure, encrypted network tunnel, and through the Gateway to the server. Access is logged through the LogServer, ensuring that there’s a permanent, auditable record of user access. AppGate SDP also feeds alerts into a SIEM or IDS for analysis and response. AppGate SDP supports all major desktop and mobile operating systems, and all major cloud and virtualization platforms.
• Access based on context-sensitive identity
• Secure, encrypted connection between user and approved system
• Makes entire network completely invisible
• Eliminates lateral movement on internal networks
• Built like cloud – massively scalable, distributed & resilient
• Unified user access control policy management and reporting across physical, virtual and cloud-based systems
|Packaging||Software ApplicationXaaS(as a service)|
|Categories||Networking > Virtual Network Functions > SD-WAN and Virtual CPE (vCPE)|
Networking > Virtual Network Functions > Security, Policy, Identity, NAT
Other > Other SDx Infrastructure Products
Security > Infrastructure Security, FW, IPS, DDoS
Security > Security Management and Analytics
Use of the SDxCentral service directory is governed by our Terms of Service, including without limitation those sections under the headings "CONTENT", "LICENSING AND OTHER TERMS APPLYING TO CONTENT POSTED ON THE SDXCENTRAL SITES", "INDEMNITY; DISCLAIMER; LIMITATION OF LIABILITY" AND "COPYRIGHTS". Under no circumstances will SDxCentral be liable in any way for any Content, including, but not limited to, liability for any errors or omissions in any Content or for any loss or damage of any kind incurred as a result of the use of any Content posted, emailed or otherwise transmitted via the Sites.