What is a Software-Defined Perimeter?

June 13, 2016 |

Many recent headlines have highlighted the fact that the traditional perimeter-based approach to network security has failed to adequately protect organizations, and that a new approach is needed. Traditional security tools like VPNs, firewalls, and NACs are labor-intensive to manage, don’t leverage user context to make access decisions, and can’t keep up with the pace to of the business. As a result, organizations typically use them to control access in an all-or-nothing fashion. The implication? Authenticated users have overly-broad network access, increasing the attack surface area and enabling the types of wide-reaching breaches that we see far too often.

Traditional network security

This is why, increasingly, forward-looking organizations are considering a new approach to network security – a Software-Defined Perimeter model.

What is a Software-Defined Perimeter?

Based on work done within the U.S. Department of Defense, the Software-Defined Perimeter is a security framework developed by the Cloud Security Alliance, and is designed to provide on-demand, dynamically provisioned secure network segmentation. A Software-Defined Perimeter ensures that all endpoints attempting to access a given infrastructure are authenticated and authorized prior to being able to access any resources on the network. All unauthorized network resources are made inaccessible. This not only applies the principle of least privilege to the network, it also reduces the attack surface area by hiding network resources from unauthorized or unauthenticated users. To summarize, a Software-Defined Perimeter overcomes the constraints of traditional tools by effectively creating a dynamic, individualized perimeter for each user – a network ‘segment of one’.

What is a Software-Defined Perimeter

The Software-Defined Perimeter model has gained considerable momentum across the security community. Gartner stated, as part of their 2016 security predictions: “SDP technology enables organizations to provide people-centric, manageable, ubiquitous, secure and agile access to networked systems, services and applications. It does this by solving a core design flaw in the unsecure manner in which TCP/IP was developed.”[1]

Increase Network Security and Decrease Complexity and Costs. Get the Whitepaper.

As enterprise organizations come to the realization that traditional network security is failing them, a Software-Defined Perimeter solution needs to be considered to secure not only on-premises environments, but just as important, cloud-based IaaS environments like Amazon Web Services (AWS) and Microsoft Azure. The good news is that the SDP model works well across heterogeneous and hybrid environments.

To learn more about how Cryptzone’s Software-Defined Perimeter solution, watch a two-minute video on Closing the Security Gap with a ’Segment of One.’ Want a more technical introduction? Download the whitepaper on Dynamic Policy-Based Access Control with AppGate XDP.

Individualize Network Access to Only the Resources Each User is Authorized to Use. Learn How. Get the white paper.


[1] Gartner Predicts 2016: Security Solutions, December 2015, Analysts: Ruggero Contu, Deborah Kish, Perry Carpenter, Sid Deshpande, Lawrence Pingree

Back to Blog Home

Jason Garbis

Vice President of Products, Cryptzone
Jason Garbis is Vice President of Products for Cryptzone, where he's responsible for the company's product strategy and product management. Garbis has over 25 years of experience with technology vendors, including roles in engineering , professional services, product management, and marketing. Jason joined Cryptzone from RSA, and holds a CISSP certification.

Leave a Reply

Your email address will not be published. Required fields are marked *