Main Use Cases
Increases security without increased cost compared to the current generation of VPN
Provides additional security without additional throughput degradation
Improves user experience—consistent, easy way to connect on premise or off
Make your applications invisible, rendering them undetectable and inaccessible to outsiders
Enhance your application and data access security for internal wired and wireless-based network perimeter devices
Addresses regulatory compliance for a wide variety of industries
Protect your data with mutual TLS encryption both within your perimeter and beyond
Protects against credential theft, connection hijacking and data loss
Greater security based on application-session only (least-privileged) zero-trust access model
SafeConnect SDP Benefits
Software-Defined Perimeter (SDP)
The Internet is a marvelous achievement. Its ability to share information instantaneously across the globe has fundamentally transformed businesses and enhanced our quality of life. Ironically, it is that same openness and collaborative nature of the Internet that now represents its most challenging impediment to continued growth and sustainability – Security.
The foundation of the Internet is built on a communication access protocol (TCP/IP) that allows every IP addressable device on the Internet to effectively “see” every other device. Secure access to applications and data is based on an outdated “trust and verify” approach, which has become a treasure-trove of opportunity for malicious activity and hackers. The security industry has valiantly focused on implementing countless layers of security to guard against the never-ending deluge of cybersecurity attacks and threats. Unfortunately, it’s not a matter of if, but when the next security event or data breach will occur. The security industry has now resorted to focusing on how quickly it can identify an exploitation and remediate to limit the organization’s risk exposure.
Additionally, the accelerated movement towards remotely accessing cloud-based applications and data from outside an organization’s traditional network perimeter (e.g. through Public Wi-Fi and Mobile 4G-5G networks) represents an even greater challenge of securing valuable data and preventing credential theft.
Organizations have been exposing their critical computing resources to the world in the same way for over 30 years (since the invention of the firewall), and no matter how many layers of security are added, hackers are able to infiltrate cybersecurity defenses services or bring down services using Advanced Persistent Threats and Distributed Denial of Service (DDoS) attacks.
It’s time to rethink the way organizations allow access to their valuable data and application services.
Securing the New Perimeter
What if all critical Internet resources were inherently “invisible” to all users? And what if only users and their devices were authorized and verified “prior-to” accessing those hidden business critical application and data resources? It would be like having your own “Cloak of Invisibility” to shield yourself from the Death Eaters, and only those individuals that you can identify and who can recite the secret incantation password would be able to see you.
The good news is you don’t need to travel to the Harry Potter™ universe to get this type of security. Impulse has developed a NAC industry-first solution that extends visibility and device security for remotely connected Public Wi-Fi and Mobile 4G-5G devices accessing private cloud or public cloud application resources.
SafeConnect Software-Defined Perimeter (SDP) cloud-based service offering “hides” enterprise application and data resources from the Internet and internal networks and adheres to a “verify first, connect second” Zero-Trust access model as compared to today’s “connect first, authenticate second” approach. SafeConnect SDP encrypts communications between user devices and enterprise applications, and integrates with Multi-Factor Authentication and Identity Access Management providers to deliver a seamless and consistent user experience.
SafeConnect SDP is comprised of three main components:
- SDP Client – is available for Windows, macOS, iOS and Android devices that ensures the certificate-based mutual TLS VPN only connects to services in which the user is authorized. The SDP Client becomes the network-level device security assessment and policy enforcement point where access control and network isolation is performed after the user’s device and identity have been cryptographically verified. The SDP Client can be distributed to managed devices or downloaded as part of a Patent-Pending BYOD onboarding process.
- SDP Controller – functions as a trust broker between the SDP Client and security policy controls such as Identity Access Management, Issuing Certificate Authority, and Device Compliance. Once the identity of the SDP client has been verified and applicable application services authorized, the SDP Controller configures a mutual TLS VPN session between the SDP Client and SDP Gateway to enable per-session application access. The SDP Controller is cloud-hosted and fully integrated with SafeConnect’s Policy Manager.
- SDP Gateway – is the termination point for the mutual TLS VPN connection from SDP Client. It is usually deployed as topologically close to the protected application as possible. The SDP Gateway is provided with the SDP Client’s IP address and Certificates after the identity of the requesting device has been verified and the authorization of the user is determined by the SDP Controller.
SafeConnect SDP includes a cloud-hosted SDP Gateway connector for Public Cloud SaaS applications, and offers a downloadable VMware virtual appliance or docker container SDP Gateway instance to protect private cloud and internally-hosted application environments.