Recent researches show that six out of ten organizations around the globe have suffered at least one Cyber-attack incident on their enterprise services which are exposed to the Internet.
This statistic is made possible, since the need of exposing enterprise services to the world (in order to interact with 3rd party vendors or partner), combined with the old way of designing perimeter networks (e.g. DMZ segments) and application access (VPNs, RDP, open firewalls), is no longer working. Attackers are still getting through.
It is clear then, that a paradigm change is needed in order to overcome the challenges of providing simple and transparent access to internet facing services, while effectively combatting cyber-attack and threats.
Safe-T®’s Secure Data Access (SDA), a component of the Safe-T High-risk Data Security solution, is an advanced software-defined perimeter (SDP) and logical segmentation solution, purpose built to create a bulletproof data center perimeter, protecting all applications while enabling access.
Built on top of Safe-T’s disruptive, breakthrough, and patented secure reverse-access technology as well as the Safe-T’s Integrated Data Security Platform, Safe-T SDA:
- Isolates applications, services and networks from attackers
- Prevents un-authorized access to data, applications, networks, or APIs
- Controls and manages access to your applications and data
- Eliminates the need for VPNs, removing network access, allowing only direct application access
- Closes all incoming firewall ports
Dual Node Technology
Safe-T SDA is a dual node patented technology, which removes the need to open any ports within a firewall, while allowing secured application access between networks (through the firewall).
- External SDA Node – installed in the DMZ / external / non-secured segment
- Internal SDA Node – installed in the internal / secured segment
Located in the organization’s DMZ (on-premise or cloud), the role of the external SDA node is to act as a front-end to all services/applications published to the Internet. It operates without the need to open any ports within the internal firewall and ensures that only legitimate session data can pass through into the internal network. The external SDA nodes performs TCP offloading, allowing it to support any TCP based application without the need to perform SSL decryption.
The role of the internal SDA node is to pull the session data into the internal network from the external SDA node, decrypt the SSL traffic, authenticate the user, scan the data for malware and viruses, pass the data to 3rd party security solutions for scanning, and only if the session is legitimate, pass it to the destination application server.