SDA

Isolating applications from the world,
while providing secure and transparent access

Recent researches show that six out of ten organizations around the globe have suffered at least one Cyber-attack incident on their enterprise services which are exposed to the Internet.

 

This statistic is made possible, since the need of exposing enterprise services to the world (in order to interact with 3rd party vendors or partner), combined with the old way of designing perimeter networks (e.g. DMZ segments) and application access (VPNs, RDP, open firewalls), is no longer working. Attackers are still getting through.

 

It is clear then, that a paradigm change is needed in order to overcome the challenges of providing simple and transparent access to internet facing services, while effectively combatting cyber-attack and threats.

 

Safe-T®’s Secure Data Access (SDA), a component of the Safe-T High-risk Data Security solution, is an advanced software-defined perimeter (SDP) and logical segmentation solution, purpose built to create a bulletproof data center perimeter, protecting all applications while enabling access.

Built on top of Safe-T’s disruptive, breakthrough, and patented secure reverse-access technology as well as the Safe-T’s Integrated Data Security Platform, Safe-T SDA:

  • Isolates applications, services and networks from attackers
  • Prevents un-authorized access to data, applications, networks, or APIs
  • Controls and manages access to your applications and data
  • Eliminates the need for VPNs, removing network access, allowing only direct application access
  • Closes all incoming firewall ports

Dual Node Technology

Safe-T SDA is a dual node patented technology, which removes the need to open any ports within a firewall, while allowing secured application access between networks (through the firewall).

  • External SDA Node – installed in the DMZ / external / non-secured segment
  • Internal SDA Node – installed in the internal / secured segment

Located in the organization’s DMZ (on-premise or cloud), the role of the external SDA node is to act as a front-end to all services/applications published to the Internet. It operates without the need to open any ports within the internal firewall and ensures that only legitimate session data can pass through into the internal network. The external SDA nodes performs TCP offloading, allowing it to support any TCP based application without the need to perform SSL decryption.

 

The role of the internal SDA node it to pull the session data into the internal network from the external SDA node, decrypt the SSL traffic, authenticate the user, scan the data for malware and viruses, pass the data to 3rd party security solutions for scanning, and only if the session is legitimate, pass it to the destination application server.

 

diag01

Robust Secure Access Use Cases:

  • Software-defined Perimeter (SDP) – provide secure access to your entire organization’s data center with a one-of-a-kind software-defined-perimeter solution. Completely hide your organization’s true location and architecture from external users and attackers.
  • Secure Partner Access – provide secured, authenticated, and scanned direct-access to any application for your business partners and providers, without opening any ports in the firewall, or needing to provide VPN client-software
  • Logical Network Segmentation – logically segment your network, deploying a Zero Trust model, to reduce the risk of cyber-attacks from reaching internal network segments, or laterally moving throughout your network.
  • Secure Application Access – provide secured, authenticated, and scanned direct-access to any application for your business users, without opening any ports in the firewall

Request a demo

Safe-T Secure Data Access Brochure 

Register For Our Webinar

Download the DDoS Attacks white paper 

Secure Data Access (SDA) Features

  • Patented Reverse-Access secure gateway
  • TCP offloading technology
  • Bi-directional traffic is handled on outbound connections from the LAN to the outside world
  • Multi-factor authentication
  • Deep packet inspection
  • SecureStreamTM policy and workflow engine
  • Broker traffic to 3rd party security and IAM products
  • Dynamic URL rewriting supporting multi-domain applications
  • Publish multiple internal applications on a single IP
  • Client-less and VPN-less application access
  • Deployed on-premise or as a hybrid-cloud DMZ

Secure Data Access (SDA) Benefits

  • Support any type of application or service
  • Bi-directional traffic over outbound connections
  • Augment existing firewalls, closing incoming ports
  • Reinforces firewalls to isolate applications, services and networks from attackers
  • Drives down costs through simplification, operational efficiency and decommissioning of DMZ components
  • Eliminates storing any SSL certificates or user credentials in the DMZ
  • Permits only authorized access to data, services, networks, and APIs
  • Removes the need for VPN
  • Prevents network access, allow only direct application access