Software Defined Perimeter (SDP) is a network security framework that protects cloud-based or Software as a Service(SaaS) applications and data. SDP allows businesses to restrict network access and to deploy gateways over the cloud or on-premises with customizable secure access to their networks. Rather than verifying IP addresses, identification-centric Tgate SDP confirms identity of each device before granting network access.
TgateSDP makes your security mechanism easy to manage, and agile, and controls through scalable, policy-driven, and security architecture without requiring any high-level expertise.
SDP provides granular identity-based security and access controls, while helping your business navigate through high cybersecurity demands with limited budget. Our solution continuously monitor activity and verify network access requests. You can customize and manage on-demand access to services, networks, and applications upon verification with simple and comprehensive Tgate SDP admin portal.
Accomplish zero-trust network access using SDP
Idea of trusting anyone or anything based on where they sit on the network is simply outdated. With SDP every single connection attempt is verified until trust can be established, resources are completely hidden from the network leaving unauthorized users and devices segmented from even seeing anything else on the network.
Two elements of verification to establish trust: Human and device elements
The human element involves verifying the user is who he claims he is through authentication and that he has the privilege to the resource he is requesting through authorization. While this verifies the user we also need to know that he is coming from a trusted device that has not been compromised. By verifying the device we limit the exposure a compromised device could have to confidential data and prevent lateral movements across the network.
Three main components of SDP: SDP client, SDP controller and SDP gateway
SDP client is often installed on the endpoint which handles a wide range of functions including device verification and tunnel set up to the SDP gateway. Device verification usually includes monitoring endpoint for various behaviors that could be indicative of a compromised device.
SDP controller functions as a trust between the client and the backend resource authenticating and checking authorization for any given request. Controller only provides access for the specific resource a client is requesting and has authorization for.
SDP gateway grants access the previously private and unknown resource. Once a gateway confirms with the controller that a client can access the given resource, the connection to the application is allowed. SDP controller and gateway operate up through layer 7. This means a user can be authorized to access application A on server A-1 but not applications B or C running on that same server. SDP does not let an unauthorized user be able to see that there are any other applications running on that server without being authorized first. By comparison, an authorized user in VPN