According to Gartner, 60% of enterprises will phase out network VPNs in favor of software defined perimeter by 2021. That’s quite the shift from the status quo of MPLS and SD-WAN deployments, so what’s the big deal?
Since the beginning of digital time, companies have used firewalls to enforce perimeter security. The model works well enough as long as applications and users exist exclusively in the firm’s own buildings. However, with a growing mobile workforce, a surge in the variety of devices used to access resources, architectural changes to support digital transformations, and the explosive growth of public, private, and hybrid clouds, the traditional perimeter philosophy has been stretched to the point of obsolescence.
Key assumptions of the perimeter model no longer hold: The perimeter is not just the physical location of the enterprise anymore. If the traditional perimeter is breached, an attacker has relatively easy access to an organization’s privileged internal network. That means that what lies inside the perimeter is no longer a blessed and safe place. As a result, companies are abandoning traditional networking methods such as MPLS and implementing software-defined perimeters. Software defined perimeters (SDP) control access to resources based upon identity. Using SDP, any entity that is permitted access to any protected resources are fully authenticated before they connect, regardless of network or location.
Software Defined Perimeter and Application Specific Networking
Unlike MPLS and SD-WAN, NetFoundry gives you total control of the network while baking application-controlled security directly into your solution. Networking becomes a trusted partner in your digital transformation, rather than a barrier.
NetFoundry’s platform enables unmatched control and security in part because of our Software-Defined Perimeter (SDP) architecture.
NetFoundry’s platform is application-first, enabling all of the benefits of SDP architectures. This application-first paradigm is referred to as Application-Specific Networking (ASN). ASN connects specific applications, rather than connecting WAN sites or devices. You don’t have to rip and replace your legacy networks to take advantage of ASN and NetFoundry. As a software-only overlay fabric, it can supplement, extend, and drastically simplify existing networks.
NetFoundry’s Software-Defined Perimeter Under the Hood
The NetFoundry Software-Defined Perimeter has four key components:
- Application-specific, user-specific and device specific – NetFoundry’s IAM, hardware root of trust, digital certificate, and platform integrations enable policies and network authorization based upon who you are and what you are trying to do. Micron and NetFoundry recently partnered to use hardware of trust and NetFoundry’s Software Defined Perimeter to secure connected vehicles.
- Zero trust – On the Internet, you connect before you authenticate, a security model that is inherently permissive and reactive. NetFoundry is built on a zero trust model, where you authenticate before you connect. Neustar and NetFoundry have partnered to use Zero Trust and NetFoundry’s SDP for connected city applications.
- Least privilege access – Once authorized and authenticated, you’re only given access to very specific applications, addresses, and ports. NetFoundry’s web console, APIs, and IAM integrations enable you to quickly and easily set granular least privilege access policies. In contrast, traditional VPN connections are given access to an entire network. Zero trust is gaining traction in industries with extreme security needs such as Finance and Healthcare. NetFoundry and Alliance Technology Group partnered to provide least privilege access through zero trust software-defined perimeter to secure regional banks across the country.
- Application-level micro-segmentation – Every application is given its own private encrypted network overlay, isolated from underlay networks and infrastructure (we call this an “AppWAN”). With NetFoundry’s SDP, each AppWAN is independent and isolated. If, in the unlikely event that an AppWAN is compromised, the impact is quarantined to that specific AppWAN and cannot spread to other assets. NetFoundry powers cleverDome using application-layer micro-segmentation and SDP for financial services extranets.
Unshackle Your Network
Software Defined Perimeter (SDP) is the security architecture built to match the emerging digitally transformed application landscape. NetFoundry adds SDP to its security layers including partner integrations, encryption, DDoS protection, and Man-in-the-Middle prevention, so that you get multi-layered, application-centric security across the NetFoundry overlay fabric and AppWANs which you control, and are independent of any telco, hardware, or network, extending your security perimeter anywhere and everywhere your apps go.
