Demands on IT departments across the globe are at an all-time high in our current business landscape.

CEO’s are pushing the boundaries between CX and UX to maintain a competitive edge; we see the rapid introduction of new cloud applications and IoT. To further complicate the changing landscape, employees are screaming out for flexible WFH & BYOD arrangements.

All of this is putting existing network architecture under pressure, and we need to accept the traditional methods to network and security are no longer effective.

What are you doing to improve your security posture?

  • Utilising a threat intelligence application?
  • Locking down machines/devices with vulnerability, patch and configuration management?
  • Firewall implementations

These are great tools and should continue to play a critical role in your overall security strategy, but think of them as preventative medicines; we propose total immunisation with SDP.

Traditional architectures are based on access then authenticate. This gives ALL users access to ALL of the services, good and bad: not log in, but access.

SDP addresses this flaw directly with authenticate THEN access to ALL users, and that is why SDP is critically important.

SDP Controller

The SDP controller is a centralised policy enforcement engine that governs the control and data plane for the SDP components. For centralised authentication and authorisation, the SDP controller keeps track of users, devices, and applications. It manages all of the SDP components and the connections to the services behind the gateways.

This controller allows initiating and accepting hosts to be authenticated before allowing communication. It determines the list of accepting hosts to which the initiating host is authorised to communicate to the controllers.

SDP Gateway

You can establish the gateway in either a public cloud or on-premise location and close to the requesting resource. The geolocation integration point is useful so that only specific locations, due to security reasons, can assess information or enhance the user experience by redirecting the services that are logically closer to the gateway that is protecting those services.

The gateway monitors incoming traffic at a TCP/IP level to identify the initiation hosts’ connection attempts. It silently monitors this traffic, and when it identifies a valid connection request, it dynamically modifies the firewall policy to accept the connection from that client.

SDP dashboard reporting:

  • Once security controls are passed there is still no direct connectivity path between the user and the application.
  • Dynamically discover unknown applications
  • Application health based on location and connectivity path

Status of the connection:

  • How many bytes sent per application (unlike your traditional VPN)
  • Policies used when accessing the application
  • Identity information for who was authenticated

SDP is not about putting a lock on a network to defend against attacks. SDP makes the entire network infrastructure dark to anyone who is not permitted to see them.

You cannot attack what you cannot see.

Feel free to reach out if you want to chat about improving your Cyber Security posture – coffee’s on me.