A report by Gartner, called It’s Time to Isolate Your Services From the Internet Cesspool sheds light on current perimeter designs and the fact that organizations expose too much of their services (applications, APIs, etc) to the worldare obsolete and create too much risk to organizations. It highlights the numerous advantages of a concept called Software Defined Perimeter as a means to mediate this risk.
Organizations have been exposing their services (HTTP/S, RDP, APIs, etc) in the same way for years. Yet no matter how many layers of security are added, hackers have been able to breach the defenses or bring down the services using DDoS attacks.
What if instead of statically exposing and publishing services to the world and then layering security measures on top, you exposed them only on-demand and for authenticated users?
The ability to hide your services from the Internet until access is absolutely necessary can prevent DDoS attacks and unauthorized connections.
Introducing the On-Demand Perimeter
Safe-T Secure Data Access (SDA) is a unique Software Defined Perimeter (SDP) solution. SDA is built on top of Safe-T’s disruptive, breakthrough and patented secure reverse-access technology and Safe-T’s Integrated Data Security Platform. By deploying SDA, with its Software Defined Perimeter architecture, organizations can now design and deploy an On-Demand Perimeter. The On-Demand perimeter creates access rules for authenticated users into applications and services, in a fully automated and dynamic fashion.
The On-Demand Perimeter works as follows:
- User logs into dedicated authentication portal published by Safe-T SDA Forefront
- The user can be authenticated to the service using: 3rd party IAM solutions, SecureAuth IDP, anonymous login, Microsoft Active Directory, SAML, OTP, etc
- The user selects the desired application
- Safe-T SDA Forefront instructs the Internal SDA unit to configure a reverse-access rule for the specific user to the specific application, redirecting the user to the new published URL/IP
- The user accesses the newly published service
- Once the user disconnects from the service, the reverse-access rule is removed
Figure 1 – Safe-T Software Defined Perimeter
The Safe-T Software Defined Perimeter solution, provides the ultimate cyber threat protection for published services, supporting protocols such as HTTP/S, RDH5, WebDAV, etc.
Now, using a complete access suite, remote users and partners can securely access an organization’s internal services, including web, RDP, NTFS, email, and more. And throughout the whole process, no client software installation is required, a VPN is not needed, and the organization’s services are completely hidden from the world.