About Us

Software-Defined Perimeter- Everything you Need to Know in 2022!

Most firms previously relied on a perimeter-focused security strategy. This security paradigm assumes that all risks come from outside the company and that everyone who has access to the internal network is trustworthy. This security method inspects all inbound and outbound traffic and aims to keep attackers on the outside and sensitive data on the inside by placing security solutions at the network perimeter.

A software-defined perimeter solution, according to the specialists at Infosecurity Outlook, is designed to solve this difficulty. Limiting internal network access based on user identity significantly reduces the organization’s threat surface and cyber risk.

What is the Purpose of a Software-Defined Perimeter?

An SDP solution limits access to resources only to authorized users through a multi-stage process:

  1. SDP is an identity-driven access management solution with robust user authentication. An SDP solution will securely authenticate the user before granting access to any network information or resource. SDP strives to ensure that a user is who they claim to be by supporting multi-factor authentication and other advanced authentication techniques. This reduces the risk of a breach caused by poor credential security, such as weak passwords or those compromised through phishing attempts or other data breaches.
  2. Zero-trust is intended to replace companies’ previous too permissive access control practices. Rather than having complete access to an organization’s network, users are only allowed to access the resources they require to do their tasks. Access control lists are generated depending on their roles inside an organization to establish and enforce their level of access.
  3. The device authentication procedure of an SDP solution is not confined to the user requesting access. An SDP can also impose restrictions on the device used to connect. This can restrict access to sensitive data or resources to corporate devices or just those that comply with current security regulations.
  4. SDP establishes a direct link between an authorized user and the resource they’re accessing. Based on comprehensive threat intelligence, this link can be encrypted and subjected to complete content inspection to identify and stop potential attacks. This private, secure connection protects users’ connections to important resources from being monitored or hijacked by an adversary.

The benefits of a software-defined perimeter

In simplest terms, a software-defined perimeter is a corporate network security solution that is trusted, comprehensive, robust, and flexible which helps:

  • Improve end-user experience with connectors and automation  
  • Strengthen and simplify access restrictions
  • Reduce attack surfaces
  • Remove policy administration burden for admins

SDP implementation has long been regarded as best practice. It allows a company to design and enforce a zero-trust security paradigm successfully. Organizations drastically reduce their cybersecurity risk by doing so – and shifting away from the old perimeter-focused paradigm. Even if an attacker successfully compromises a user’s account, the permissions provided to that person limit their access and ability to move laterally across the organization’s network.

All these possible dangers to an organization’s security can be addressed with SDP. Before access to any network, the resource is provided, SDP guarantees that all endpoints attempting to access enterprise infrastructure are authenticated and approved. Hiding network resources from unauthorized or unlicensed users follows the concept of least privilege and decrease your attack surface.

Read more:

Quadrant Knowledge Solutions Market Insights on Software Defined Perimeter (SDP) for Zero Trust Network Security

AT&T Cybersecurity Offers New SASE Solution to Connect and Protect the Multi-Cloud, Hybrid Enterprise

AT&T is adding a new product to its global, managed Secure Access Service Edge (SASE) portfolio. AT&T SASE with Cisco is a converged network and security management platform that contains software-defined wide area networking (SD-WAN) technology and security capabilities to connect and protect businesses. Expert policy design and configuration, as well as 24/7 network control, are all included in the full package. Organizations may boost cloud adoption with AT&T SASE with Cisco by providing efficient, highly secure, and dependable digital experiences.

Why is this important?

The requirements for business connectivity are evolving. Employees are connecting from more locations and devices, whether it’s to assist the remote workforce during a worldwide pandemic or to link and defend branch offices, labs, or manufacturing facilities. Expectations on experiences are rising and IT teams are pushed. Networks must be able to meet increased bandwidth demands, which are being driven mostly by new cloud applications and edge computing. Companies must also be able to track and protect sensitive data throughout the network while providing an excellent user experience.

Company must be able to innovate in this new mixed workplace. This implies allowing people to connect and collaborate at any time and from any location.

What makes this new SASE solution different?

AT&T and Cisco’s combined networking and security expertise offer a unique perspective, providing a future-ready, unified solution from a single source. AT&T SASE with Cisco allows for site-by-site network optimization and dynamic traffic routing over numerous wide area network connections. These features, when combined with unified security controls, enable businesses to cut the time and cost of provisioning, managing, and scaling new connections to meet business objectives.

Organizations can regulate access for any device connected to any network via centralised visibility. In businesses such as healthcare, this functionality is crucial for validating user access to patient data. The AT&T SASE with Cisco solution delivers accurate, identity-based permissions for every session to confirm the health of devices. For the hybrid workforce, AT&T SASE with Cisco enables highly secure, direct connectivity to the web and SaaS applications. Remote users get a quick, reliable path to the cloud for enhanced computing experiences thanks to performance improvements at the edge.

AT&T Cybersecurity Consulting provides professional services to assist customers in through the SASE process.

“While SASE continues to generate significant interest in the market, the nature of the initiative leaves many users wondering where to begin and which vendors to engage with. Choosing proven network and security technologies is a good start, but working with managed service providers, especially those offering strategy, design, and implementation services, can help organizations accelerate their adoption of SASE and ultimately reduce time to value,” said John Grady, Senior Analyst, Enterprise Strategy Group.

“As a leading MSSP and trusted advisor, it’s important to provide customers with a choice of managed SASE solutions to meet their unique needs. Through our collaboration with Cisco, we’re offering an integrated, modern solution that addresses the connectivity and security demands of a multi-cloud, network environment while enabling innovation,” said Rupesh Chokshi, VP, AT&T Cybersecurity.

“The shift to remote work has accelerated the need for SASE solutions, so that users and devices are secure anywhere they work. The AT&T SASE with Cisco offer will provide customers with an innovative way to gain seamless, secure access to any application, from any location in a way that is straightforward to procure, easy to set up, and simple to use and manage through a single cloud dashboard,” Shailaja Shankar, Senior Vice President and General Manager, Cisco Security Business Group.

Quadrant Knowledge Solutions Market Insights on Software Defined Perimeter (SDP) for Zero Trust Network Security

Quadrant Knowledge Solutions announces the addition of the “Market Insights: Software Defined Perimeter (SDP) for Zero Trust Network Security, 2020” report to their strategic technology research offerings.

Software Defined Perimeter is an approach in network security that safeguards user access to application and information irrespective of the location, time and nature of the device used. Software Defined Perimeter follows zero trust approach, wherein the default network security posture is that of deny. Access is granted upon authenticating and authorizing both user and device. By pre-authorizing users and devices prior to making the application layer access (applications and resources), SDP protects enterprises from a range of attacks, such as denial of service, credential theft, server exploitation, connection hijacking and APT/Lateral movement. Unlike security models that work at the network layer, SDP works to the application layer. It provides granular control for secure communications directly from the user and device to the application.

Software Defined Perimeter technology is emerging as an advanced network security solution for today’s complex, interconnected world. A Software Defined Perimeter isolates network services from the internet, allowing access only after successful authentication, and restricting connections to only pre-authorized services. Network assets are hidden from unauthenticated users, leaving attackers with no visible target. Software Defined Perimeter protects organizations by substantially reducing the attack surface.

An SDP solution includes functionalities for adaptive authentication, granular and contextual access control, separation of control and data plane, complete access visibility and audit, the principle of least privilege access, and masking of applications and resources to unauthorized users. The primary use cases for SDP solution includes application security in the hybrid IT, breach prevention and data protection, direct access to public cloud applications, effective BYOD and IoT security, secure privilege and third-party access to applications and compliance to ever-increasing global regulations.

Quadrant Knowledge Solutions SDP Market Insights research provides detailed insight into the SDP technology overview, Zero Trust Network Security overview, SDP characteristics, SDP architecture, market drivers & trends, and vendor landscape. The market insights include a detailed market recommendation for considering an SDP solution. The report also addresses the debate around VPN versus SDP solution.

Software Defined Perimeter Market Insights is a part of Quadrant’s Security & Risk Management practice.

Quadrant Knowledge Solutions is a global advisory and consulting firm focused on helping clients in achieving business transformation goals with Strategic research, consulting, and advisory services.

Contact:
Riya Mehar

rmehar@quadrant-solutions.com
See available research: https://quadrant-solutions.com/market-research/

Decoding Zero Trust Security | Concept and various Models (Part-2)

The previous part of the blog talked about the concept of Zero Trust security, its relevance, and how it is catching traction in today’s time. This part talks about the different models to implement Zero Trust security in organizations. There are three different ways in which organizations can choose to implement Zero Trust security.

1. Software Defined Perimeter (SDP)

Software Defined Perimeter is an approach in network security that safeguards user access to applications and information irrespective of the location, time, and nature of the device used. Software Defined Perimeter follows a zero trust approach, wherein the network security posture is that of default deny. Access is granted upon authenticating and authorizing both user and device.

By making the applications and resources invisible and preauthorizing users and devices, SDP protects enterprise applications from a range of attacks like- denial of service, credential theft, server exploitation, connection hijacking, and APT/Lateral movement. Unlike the previous security models that worked till the network layer, SDP works right up to the application layer. It provides granular control on applications as users are allowed access only on authorized applications and not others.

2. Network Micro-Segmentation

Micro-segmentation or network Micro-segmentation is slicing the network into small logical segments and controlling access to applications and data on those segments. Diving the network into smaller segments reduces the attack surface for malicious attackers. Micro-segmentation policies are based on logical attributes or resource identity versus the user’s identity or IP addresses. Micro-segmentation creates an intelligent grouping of workloads based on their characteristics. It provides centralized dynamic policy management across networks, independent of the infrastructure.

3. Identity Aware Proxy (IAP)

IAP architecture offers access to applications through a cloud-based proxy. It follows the principle of least privileged access like SDP, but applications are accessed through standard HTTPS protocols at the application layer. Unlike SDP, which uses a direct tunnel for data transfer, IAP architecture provides authenticated and authorized secured access to particular applications using a proxy layer.

Google was the first one to implement zero-trust security architecture in their business using BeyondCorp, through an Identity Aware Proxy model. BeyondCorp is their internal network and access security platform designed for employees to access internal resources. BeyondCorp is a web proxy-based solution that supports HTTP, HTTPS, and SSH protocols. Following BeyondCorp, Google also launched Cloud Identity Aware Proxy for access control and protecting data in the cloud. Cloud IAP shifts access controls from the network perimeter to individual users.

Irrespective of whichever zero trust model companies choose to implement; it should be able to integrate with the company’s existing security infrastructure seamlessly.

(This is Part 2 of the blog and it explains the various models to implement Zero Trust security in organizations. To read on the concept of Zero Trust security refer HERE)