Software Defined Perimeter (SDP)

Revolutionize your organization’s access to secure data and application services with SafeConnect SDP.

Main Use Cases

Increases security without increased cost compared to the current generation of VPN

Provides additional security without additional throughput degradation

Improves user experience—consistent, easy way to connect on premise or off

Make your applications invisible, rendering them undetectable and inaccessible to outsiders

Enhance your application and data access security for internal wired and wireless-based network perimeter devices

Addresses regulatory compliance for a wide variety of industries

Protect your data with mutual TLS encryption both within your perimeter and beyond

Protects against credential theft, connection hijacking and data loss

Greater security based on application-session only (least-privileged) zero-trust access model

SafeConnect SDP Benefits

Easy to Install

No additional hardware or network integration required; seamlessly operates with existing network access control offerings

Address Regulatory Compliance


Adheres to Zero-Trust/Least Privileged Model

Verify first-connect second access to private and public cloud applications

Customer-Provisioned Cloud Offering

Rapid deployment and maintenance-free 24/7 support

Superior VPN Alternative

Least privileged per-session application access and higher performance Mutual TLS network encryption, while delivering a better user experience

SaaS Annual Subscription Model

Cost effective and predictable; Term commitment discounts

Extend Control Beyond Your Perimeter

Prevent data loss from devices accessing public or private cloud application and data resources from outside of your network perimeter

Decreases Network Attack Surface

Hide your applications from the Internet and corporate networks to address DDoS attacks, credential theft, connection hijacking and data loss

Software-Defined Perimeter (SDP)

The Challenge

The Internet is a marvelous achievement. Its ability to share information instantaneously across the globe has fundamentally transformed businesses and enhanced our quality of life. Ironically, it is that same openness and collaborative nature of the Internet that now represents its most challenging impediment to continued growth and sustainability – Security.

The foundation of the Internet is built on a communication access protocol (TCP/IP) that allows every IP addressable device on the Internet to effectively “see” every other device.  Secure access to applications and data is based on an outdated “trust and verify” approach, which has become a treasure-trove of opportunity for malicious activity and hackers.  The security industry has valiantly focused on implementing countless layers of security to guard against the never-ending deluge of cybersecurity attacks and threats.  Unfortunately, it’s not a matter of if, but when the next security event or data breach will occur. The security industry has now resorted to focusing on how quickly it can identify an exploitation and remediate to limit the organization’s risk exposure.

Additionally, the accelerated movement towards remotely accessing cloud-based applications and data from outside an organization’s traditional network perimeter (e.g. through Public Wi-Fi and Mobile 4G-5G networks) represents an even greater challenge of securing valuable data and preventing credential theft.

Organizations have been exposing their critical computing resources to the world in the same way for over 30 years (since the invention of the firewall), and no matter how many layers of security are added, hackers are able to infiltrate cybersecurity defenses services or bring down services using Advanced Persistent Threats and Distributed Denial of Service (DDoS) attacks.

It’s time to rethink the way organizations allow access to their valuable data and application services.

Securing the New Perimeter

What if all critical Internet resources were inherently “invisible” to all users?  And what if only users and their devices were authorized and verified “prior-to” accessing those hidden business critical application and data resources?  It would be like having your own “Cloak of Invisibility” to shield yourself from the Death Eaters, and only those individuals that you can identify and who can recite the secret incantation password would be able to see you.

The good news is you don’t need to travel to the Harry Potter™ universe to get this type of security.  Impulse has developed a NAC industry-first solution that extends visibility and device security for remotely connected Public Wi-Fi and Mobile 4G-5G devices accessing private cloud or public cloud application resources.

SafeConnect Software-Defined Perimeter (SDP) cloud-based service offering “hides” enterprise application and data resources from the Internet and internal networks and adheres to a “verify first, connect second” Zero-Trust access model as compared to today’s “connect first, authenticate second” approach.   SafeConnect SDP encrypts communications between user devices and enterprise applications, and integrates with Multi-Factor Authentication and Identity Access Management providers to deliver a seamless and consistent user experience.

SafeConnect SDP is comprised of three main components:

  • SDP Client – is available for Windows, macOS, iOS and Android devices that ensures the certificate-based mutual TLS VPN only connects to services in which the user is authorized.  The SDP Client becomes the network-level device security assessment and policy enforcement point where access control and network isolation is performed after the user’s device and identity have been cryptographically verified.  The SDP Client can be distributed to managed devices or downloaded as part of a Patent-Pending BYOD onboarding process.
  • SDP Controller – functions as a trust broker between the SDP Client and security policy controls such as Identity Access Management, Issuing Certificate Authority, and Device Compliance.  Once the identity of the SDP client has been verified and applicable application services authorized, the SDP Controller configures a mutual TLS VPN session between the SDP Client and SDP Gateway to enable per-session application access.  The SDP Controller is cloud-hosted and fully integrated with SafeConnect’s Policy Manager.
  • SDP Gateway – is the termination point for the mutual TLS VPN connection from SDP Client.  It is usually deployed as topologically close to the protected application as possible.  The SDP Gateway is provided with the SDP Client’s IP address and Certificates after the identity of the requesting device has been verified and the authorization of the user is determined by the SDP Controller.

SafeConnect SDP includes a cloud-hosted SDP Gateway connector for Public Cloud SaaS applications, and offers a downloadable VMware virtual appliance or docker container SDP Gateway instance to protect private cloud and internally-hosted application environments.

Impulse acquired by OPSWAT  |  December 12, 2019  | Press Release