Replace the legacy VPN with a modern Software-Defined Perimeter (SDP)

Design a flexible, stronger access policy playbook around user and device authentication with a Software-Defined Perimeter. Whether your critical corporate resources are in the cloud or local servers, SDP enables IT to easily build a wall around the entire network. 

Block hackers from the network, in one swift motion

SDP deploys multiple cutting-edge security tools and is easily implemented, even and especially for modern organizations with complex cloud networks, many remote users, and varying access requirements.

Zero Trust Access

Multiple layers of authentication come before access, including user and device verification.

Reduced Attack Surface

Give each user his or her own encrypted connection and relevant, limited access to the network.

Granular Access Control

Easy, central management of granular access policies across users and groups.

Hybrid Security

Software-Defined Perimeters are hardware and cloud agnostic, fitting any network.

How Does a Software-Defined Perimeter Work?

SDP network architecture has three important components: the SDP Client, the SDP Controller, and the gateway PoP.

SDP Client: Access Control

The client verifies identities using an Identity Provider, such as Okta, Google, or Azure. It routes whitelisted applications to authorized remote connections, ensuring that the certificate-based mutual TLS VPN only connects to authorized services. Network traffic is encrypted and tunneled between the user’s device and the corresponding gateway.

SDP Controller: Trust Broker

The controller establishes trust between the SDP Client and backend security controls by authenticating users and devices. By evaluating the controller, Issuing Certificate Authority and Identity Provider, the user and network entitlements are verified, and the SDP Controller configures the gateway in real time to provision a mutual TLS connection. 

The Gateway: Termination Point

The gateway grants access to previously private resources, allowing employees to have a private and uncongested connection. This termination point for the mutual TLS connection from the Client verifies the identity of the requesting device, authorizes the user, and grants access to the requested network. 

Secure, user-specific resource access

Secure, user-specific resource access

Before a user gains access to the network, ensure that their identity and device are checked. Third-party identity providers and Single Sign-On make authenticating users easy while device posture check rules and other endpoint tools verify their devices are safe.

Segment the network for a safer network

Segment the network for a safer network

Security tools like VPNs might offer encrypted access to the network, but they cannot provide access to only certain network resources for individual users or groups. Perimeter 81’s SDP provides built-in micro-segmentation utility so that your most sensitive resources aren’t exposed.

Central policy management for teams

Central policy management for teams

IT has one central dashboard where they can create custom access policies based on user, device, location, and other granular attributes. This saves the need to deploy multiple solutions in order to achieve sophisticated policy management.

Easily-integrated edge security

Easily-integrated edge security

Perimeter 81 enables organizations to take advantage of the full SDP model, with integration across any on-premises or cloud infrastructure. Instant deployment of encrypted gateways across the world offers low latency for remote workers and their devices.

The greatest benefits of SDP for organizations

Overcome Hardware Limitations

While perimeter-based network security tools are effective at defending against the most basic attacks, these tools fail to fully protect data where it changes hands in the modern era. They’re also expensive. SDP provides customized and restricted access to individual users – something that hardware could never do.

Multi-Layered Security Protection 

A Software-Defined Perimeter enables encrypted traffic tunnels which create one-to-one network connections between users and resources, and allows IT to enforce the tunnels’ use before access occurs. Also enforceable are 2FA, Single Sign-On, and other security tools that together reduce the organization’s attack surface.

Seamless Remote Work Power

With a Software-Defined Perimeter architecture and comprehensive management platform, gateways can be automatically deployed in any location, enabling simplified, secure and low-latency connections to resources. Workers anywhere on the globe will be able to access resources quickly and safely, no matter where they are.

“The best feature so far has been the ability to deploy gateways, we were able to roll out a gateway relatively close to our employees in just a few minutes. Having the ability to roll out an entire office with access to internal resources in just minutes is the best thing I can ask for.”
Maks Suski
IT Manager, Kustomer
Read the Case Study

The perimeter has evolved – so must security.

Transitioning critical resources to the cloud, allowing employees access from off-premises, and encouraging BYOD presents security challenges that only SDP is flexible enough to address – from inside and outside the network.