{"id":48428,"date":"2022-09-13T22:33:00","date_gmt":"2022-09-13T22:33:00","guid":{"rendered":"https:\/\/www.networkworld.com\/article\/3673316\/software-defined-perimeter-what-it-is-and-how-it-works.html#tk.rss_security"},"modified":"2022-09-13T22:33:00","modified_gmt":"2022-09-13T22:33:00","slug":"software-defined-perimeter-what-it-is-and-how-it-works","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/software-defined-perimeter-what-it-is-and-how-it-works\/","title":{"rendered":"Software-defined perimeter: What it is and how it works"},"content":{"rendered":"
<\/div>\n

A growing number of organizations are drawing an invisible line around their internet-connected resources in an effort to keep attackers at bay. Called software-defined perimeter (SDP), it is based on the relatively simple idea of throwing a virtual barrier around servers, routers, printers, and other enterprise network components.<\/p>\n

The goal of SDP is to protect networks behind a flexible, software-based perimeter. “Advantages include stronger security and greater flexibility and consistency,” says Ron Howell, principal SD-WAN<\/a> and SASE<\/a> architect at IT and business consulting firm Capgemini Americas.<\/p>\n

It can address security challenges that have become more complex with the advent of applications built out of microservices that may be housed on more than one server rather than traditional, monolithic apps that generally resided on a dedicated server. “More recently, applications have been further modularized\u2014they are now composed of multiple workload types and microservices in the organization\u2019s data center or the public cloud,\u201d says Chad Skipper, global security technologist for VMware.<\/p>\n

What is an SDP?<\/h2>\n

The SDP framework obfuscates servers or nodes, typically on an internal network, says Chalan Aras, managing director, cyber and strategic risk, at business advisory firm Deloitte. “SDP uses identity and other substantiation methods to permit visibility and connectivity to network nodes or servers on a least-privilege or need-to-access basis.”<\/p>\n

An SDP is specifically designed to prevent infrastructure elements from being viewed externally. Hardware, such as routers, servers, printers, and virtually anything else connected to the enterprise network that are also linked to the internet are hidden from all unauthenticated and unauthorized users, regardless of whether the infrastructure is in the cloud or on-premises. “This keeps illegitimate users from accessing the network itself by authenticating first and allowing access second,” says John Henley, principal consultant, cybersecurity, with technology research advisory firm ISG. “SDP not only authenticates the user, but also the device being used.<\/p>\n

Benefits of SDPs<\/h2>\n

When compared with traditional fixed-perimeter approaches such as firewalls<\/a>, SDP provides greatly enhanced security. Because SDPs automatically limit authenticated users\u2019 access to narrowly defined network segments, the rest of the network is protected should an authorized identity be compromised by an attacker. “This also offers protection against lateral attacks, since even if an attacker gained access, they would not be able to scan to locate other services,” Skipper says.<\/p>\n