Software-Defined-Perimeter-

If you can’t be seen, you can’t be hacked

A recent report by Gartner, called It’s Time to Isolate Your Services From the Internet Cesspool sheds light on a the fact that current perimeter designs and organizations expose too much of their services (applications, APIs, etc) to the world, creating more risk to organizations. It introduces a new concept called the Software Defined Perimeter (SDP) as a means to resolve this.

 

The fact is that organizations have been exposing their services to the world in the same way for years, and no matter how many layers of security are added, hackers have been able to get through or bring down the services using DDoS attacks.

 

It’s time to recalibrate the way organizations expose services. What if, instead of statically exposing and publishing services to the world and then layering security measures to prevent an-authorized access and prevent DDoS attacks, you exposed them on-demand and only for authenticated users. Essentially, you hide your services from the Internet until it is absolutely necessary to allow someone to access the service.

Introducing the On-Demand Perimeter

Safe-T Secure Data Access (SDA)  is a unique Software Defined Perimeter (SDP) solution. Safe-T SDA is built on top of Safe-T’s disruptive, breakthrough and patented secure reverse-access technology as well as the Safe-T’s Integrated Data Security Platform. By deploying SDA in a Software Defined Perimeter architecture organizations can now design and deploy the On-Demand Perimeter. The On-Demand perimeter creates access rules for authenticated users into applications, in a fully automated and dynamic fashion.

The On-Demand perimeter works as follows:

  1. User logs into dedicated authentication portal published by Safe-T SDA Forefront
  2. The user can be authenticated to the service using – 3rd party IAM solutions, anonymous login, Microsoft Active Directory, SAML, OTP, etc
  3. The user selects the application which should be accessed.
  4. The Safe-T SDA Forefront instructs the Internal SDA unit to configure a reverse-access rule for the specific user to the specific application, and redirects the user to the new published URL/IP
  5. The user accesses the newly published service.

04

Request a demo

Safe-T Secure Data Access Brochure 

Register For Our Webinar

Download the DDoS Attacks white paper 

Benefits of Deploying SDA for Partner Access

  • Support any type of application or service
  • Bi-directional traffic over outbound connections
  • Hide enterprise services from the Internet
  • Firewall is constantly in deny-all state, no open port (inbound or outbound) required for access
  • Define new reverse-access rules on-demand
  • Allow client-less access to data, services, networks, and APIs
  • Robust partner authentication options
  • Remove the need to distribute VPN certificates
  • Perform SSL decryption in a secure zone
  • Scan any incoming traffic using the organization’s security solutions
  • Hide DMZ components which can be hacked and utilized to access the network
  • Provide only direct application/service access, blocking network access
  • Support a variety of applications – HTTP/S, SMTP, SFTP, SSH, APIs, RDP