WHY A SOFTWARE-DEFINED PERIMETER?

You need to control your network to innovate

You need to be agile and innovative to enable successful digital transformation. Unfortunately, the agility you need is often hindered by your telco-controlled SD-WAN or MPLS network. Slow moving ISPs and the unwieldiness and expense of deploying custom hardware, telco circuits, and VPNs can stop transformation dead in its tracks. What's worse, most of these network architectures were not built for today's multi-cloud, hybrid networking world, so the jumbled spider webs of disparate security hardware and processes that define them are practically impossible to secure.

Unlike MPLS and SD-WAN, NetFoundry gives you total control of the network while baking application-controlled security directly into your solution. Networking becomes a trusted partner in your digital transformation, rather than a barrier.

NetFoundry's platform enables unmatched control and security in part because of our Software-Defined Perimeter (SDP) architecture.

“60% of enterprises will phase out network VPNs in favor of software-defined perimeters by 2021.”
Gartner
It’s Time to Isolate Your Services from the Internet Cesspool.

What Is A Software Defined Perimeter?

Since the beginning of digital time, companies have used firewalls to enforce perimeter security. The model works well enough as long as applications and users exist exclusively in the firmís own buildings. However, with a growing mobile workforce, a surge in the variety of devices used to access resources, architectural changes to support digital transformations, and the explosive growth of public, private, and hybrid clouds, the traditional perimeter philosophy has been stretched to the point of obsolescence.

Key assumptions of the perimeter model no longer hold: The perimeter is not just the physical location of the enterprise anymore. If the traditional perimeter is breached, an attacker has relatively easy access to an organizationís privileged internal network. That means that what lies inside the perimeter is no longer a blessed and safe place.

 

As a result, companies are abandoning traditional networking methods such as MPLS and implementing software-defined perimeters. Software defined perimeters (SDP) control access to resources based upon identity. Using SDP, any entity that is permitted access to any protected resources are fully authenticated before they connect, regardless of network or location.

While NetFoundry is a leader in software-defined perimeter, we're not alone. The Cloud Security Alliance has done tremendous work in defining SDP architectures and driving them across the globe, while powerhouses like Google have used SDP architectures to secure their next-generation networks.

Software Defined Perimeter and Application Specific Networking

NetFoundry's platform is application-first, enabling all of the benefits of SDP architectures. This application-first paradigm is referred to as Application-Specific Networking (ASN). ASN connects specific applications, rather than connecting WAN sites or devices. You don't have to rip and replace your legacy networks to take advantage of ASN and NetFoundry. As a software-only overlay fabric, it can supplement, extend, and drastically simplify existing networks.

NetFoundry's Software-Defined Perimeter Under the Hood

The NetFoundry Software-Defined Perimeter has four key components:

Image

Application-specific, user-specific and device specific

NetFoundry's IAM, hardware root of trust, digital certificate, and platform integrations enable policies and network authorization based upon who you are and what you are trying to do. Micron and NetFoundry recently partnered to use hardware of trust and NetFoundry's Software Defined Perimeter to secure connected vehicles.

Image

Zero trust

On the Internet, you connect before you authenticate, a security model that is inherently permissive and reactive. NetFoundry is built on a zero trust model, where you authenticate before you connect. Neustar and NetFoundry have partnered to use Zero Trust and NetFoundry's SDP for connected city applications.

Image

Least privilege access

Once authorized and authenticated, you're only given access to very specific applications, addresses, and ports. NetFoundry's web console, APIs, and IAM integrations enable you to quickly and easily set granular least privilege access policies. In contrast, traditional VPN connections are given access to an entire network. Zero trust is gaining traction in industries with extreme security needs such as Finance and Healthcare. NetFoundry and Alliance Technology Group partnered to provide least privilege access through zero trust software-defined perimeter to secure regional banks across the country.

Image

Application-level micro-segmentation

Every application is given its own private encrypted network overlay, isolated from underlay networks and infrastructure (we call this an 'AppWAN'). With NetFoundry's SDP, each AppWAN is independent and isolated. If, in the unlikely event that an AppWAN is compromised, the impact is quarantined to that specific AppWAN and cannot spread to other assets. NetFoundry powers cleverDome using application-layer micro-segmentation and SDP for financial services extranets.

Unshackle Your Network

Software Defined Perimeter (SDP) is the security architecture built to match the emerging digitally transformed application landscape. NetFoundry adds SDP to its security layers including partner integrations, encryption, DDoS protection, and Man-in-the-Middle prevention, so that you get multi-layered, application-centric security across the NetFoundry overlay fabric and AppWANs which you control, and are independent of any telco, hardware, or network, extending your security perimeter anywhere and everywhere your apps go.