Software Defined Perimeter

If you can’t be seen, you can’t be hacked™

A report by Gartner, called It’s Time to Isolate Your Services From the Internet Cesspool sheds light on current perimeter designs and the fact that organizations expose too much of their services (applications, APIs, etc) to the worldare obsolete and create too much risk to organizations. It highlights the numerous advantages of a concept called Software Defined Perimeter as a means to mediate this risk.

Organizations have been exposing their services (HTTP/S, RDP, APIs, etc) in the same way for years. Yet no matter how many layers of security are added, hackers have been able to breach the defenses or bring down the services using DDoS attacks.


What if instead of statically exposing and publishing services to the world and then layering security measures on top, you exposed them only on-demand and for authenticated users?


The ability to hide your services from the Internet until access is absolutely necessary can prevent DDoS attacks and unauthorized connections.

Introducing the On-Demand Perimeter

Safe-T Secure Data Access (SDA)  is a unique Software Defined Perimeter (SDP) solution. SDA is built on top of Safe-T’s disruptive, breakthrough and patented secure reverse-access technology and Safe-T’s Integrated Data Security Platform. By deploying SDA, with its Software Defined Perimeter architecture, organizations can now design and deploy an On-Demand Perimeter. The On-Demand perimeter creates access rules for authenticated users into applications and services, in a fully automated and dynamic fashion.

The On-Demand Perimeter works as follows:

  1. User logs into dedicated authentication portal published by Safe-T SDA Forefront
  2. The user can be authenticated to the service using: 3rd party IAM solutions, SecureAuth IDP, anonymous login, Microsoft Active Directory, SAML, OTP, etc
  3. The user selects the desired application
  4. Safe-T SDA Forefront instructs the Internal SDA unit to configure a reverse-access rule for the specific user to the specific application, redirecting the user to the new published URL/IP
  5. The user accesses the newly published service
  6. Once the user disconnects from the service, the reverse-access rule is removed
04Figure 1 – Safe-T Software Defined Perimeter

The Safe-T Software Defined Perimeter solution, provides the ultimate cyber threat protection for published services, supporting protocols such as HTTP/S, RDH5, WebDAV, etc.


Now, using a complete access suite, remote users and partners can securely access an organization’s internal services, including web, RDP, NTFS, email, and more. And throughout the whole process, no client software installation is required, a VPN is not needed, and the organization’s services are completely hidden from the world.

Request a demo

Safe-T Secure Data Access Brochure 

Register For Our Webinar

Download the DDoS Attacks white paper 

Deploying a Software Defined Perimeter provides the following capabilities:

  • Firewall is constantly in deny-all state, no open port (inbound or outbound) required

    for access

  • Support a variety of applications – HTTP/S, SMTP, SFTP, SSH, APIs, RDH5, WebDAV
  • Bi-directional traffic is handled on outbound connections from the LAN to the outside world
  • Define new reverse-access rules on-demand
  • Allow client-less access to data, services, networks, and APIs
  • Robust partner authentication options
  • Remove the need for VPN
  • Perform SSL decryption in a secure zone
  • Scan any incoming traffic using the organization’s security solutions
  • Hide DMZ components which can be hacked and utilized to access the network
  • Provide only direct application/service access, blocking network access


  • Support any type of application or service
  • Bi-directional traffic over outbound connections
  • Hide enterprise services from the Internet
  • Only authenticated users access the service
  • Prevent DDoS attacks on protected services
  • Simple and easy application access
  • Reduce client-server VPN overhead
  • Block network access, allow application access
  • Integrate all security and IAM solutions into data access flow