What is Software Defined Perimeter (SDP)?

The Need for Software Defined Perimeter (SDP)

In the past, most organizations relied upon a perimeter-focused security strategy. This security model assumes that all of the threats originate outside of the organization and that everyone with access to the internal network is trusted. By deploying security solutions at the network perimeter, this security approach inspects all inbound and outbound traffic and tries to keep the attackers on the outside and the organization’s sensitive data on the inside.

While this approach was never 100% effective, the rise of cloud computing and a remote workforce made it even less applicable. Now, a large percentage of an organization’s resources and employees are located outside of the traditional perimeter.

As a result, organizations must routinely allow external parties access to the internal network and sensitive information to flow outside of the perimeter. The challenge becomes ensuring that these information flows are secured and going to the right places.

A software-defined perimeter solution is designed to meet this challenge. By limiting access to the internal network based upon user identity, it dramatically limits the organization’s threat surface and exposure to cyber risk.

What Does a Software Defined Perimeter Do?

An SDP solution limits access to resources only to authorized users through a multi-stage process:

1. Robust User Authentication: SDP is an identity-driven access management solution. Before providing access to any information or resource within the network, an SDP solution will securely authenticate the user. With support for multi-factor authentication and other advanced authentication solutions, SDP tries to guarantee that a user is who they claim to be. This minimizes an organization’s potential exposure to breaches caused by poor credential security, such as weak passwords or ones compromised via phishing attacks or other data breaches.
2. Device Authentication: An SDP solution’s authentication process is not limited to the user requesting access. An SDP can also enforce rules regarding the device used for the connection. This can limit access to sensitive data or resources to corporate devices or only ones that are currently compliant with company security policies.
3. Zero-Trust Enforcement: Zero trust is designed to replace the overly-permissive access control policies that organizations have used in the past. Instead of being granted free rein within an organization’s network, a user is only permitted to access the resources that they need in order to do their job. Their level of access is defined by and enforced via access control lists generated based upon their role(s) within an organization.
4. Secure Access to Resources: SDP creates a one-to-one connection between an authorized user and the resource that they are using. This connection can be encrypted and undergo full content inspection to identify and block potential threats based upon robust threat intelligence. This secure, individual connectivity helps to protect users’ connections to sensitive resources from being eavesdropped upon or hijacked by an attacker.

Software Defined Perimeter - The Cloud and the Remote Workforce

Implementing SDP has been considered best practice for some time now. It enables an organization to effectively implement and enforce a zero trust security model. By doing so – and moving away from the traditional perimeter-focused model – organizations dramatically decrease their cybersecurity risk. Even if an attacker successfully compromises a user’s account, their access and ability to move laterally within the organization’s network is limited by the permissions assigned to that particular user.

However, the importance of deploying an SDP solution has grown dramatically due to recent events. A mostly or wholly remote workforce dramatically increases an organization’s vulnerability to cyber threats. Some common examples of the risks of a remote workforce include:

• Compromised Accounts: Employees working from home are more vulnerable to phishing attacks, and remote access portals like virtual private network (VPNs) and Remote Desktop Protocol (RDP) are common targets of cyberattack. If an attacker can learn a user’s credentials or crack them via a password guessing attack, they can use them to masquerade as the user on the network.
• Exploitation of Cloud Security Vulnerabilities: Cloud security is challenging, and the rapid adoption of Software as a Service (SaaS) applications in response to COVID-19 has increased organizations’ attack surfaces. Exploitation of configuration errors or security holes in cloud services leaves the data and resources that they host vulnerable to attack.
• Insecure/Personal Devices: Employees working from home are more likely to use personal devices. Additionally, remote users’ devices are less likely to be promptly updated or to conform with corporate security policies. This increases the probability that an attacker can compromise a user’s device and use it as a stepping stone to compromising corporate network security.

SDP is ideally suited to address all of these potential threats to an organization’s security. Check Point CloudGuard offers a number of different features that help to protect cloud infrastructure and remote workers. To learn more about CloudGuard’s capabilities, check out this solution brief.

To learn more about CloudGuard and how it can help to protect your organization, contact us. Then, request a demo to see CloudGuard in action.