Today’s workforce is becoming more interconnected and the threat landscape is growing more dangerous. Threat actors are working more quickly than ever to exploit vulnerabilities. When Microsoft disclosed a zero-day vulnerability in Exchange Server last year, the Hafnium hacking group began its scan for vulnerabilities in under five minutes.
To make our networks more secure, we need to think about perimeters differently. Instead of a network-centric approach to cybersecurity, an identity-centric strategy allows us to create a perimeter around each user and safely turn the internet into your organization’s new network.
Watch the presentation below to learn:
- The risks of using internet-based applications
- How to reduce the threat of zero-day attacks
- Why single-packet authorization (SPA) is the key to cloaking your network
Three benefits of making the internet your new network
Traditionally, a protected network is stretched across a physical office location, data centers and the cloud, making it difficult to protect individual applications that certain users need to access. Connecting from outside the network via a virtual private network (VPN) or network access control (NAC) requires tapping into an always-listening port, one that threat actors can also find easily.
By using a software-defined perimeter architecture, you can turn the internet into a safer solution for your organization’s network. Here are three benefits of taking this approach:
- Reduced attack surface. When the user is outside the enterprise network, they don’t have the typical over-entitlements granted when they connect on premises. This allows you to build a fortress around the applications—whether they’re on premises, in data centers or in the cloud—and keep the user outside the network. Adapting a policy according to the context of the user and device means you’re applying the principle of least privilege, one of the core tenets of Zero Trust security.
- Secure hybrid and cloud environments. You can be more agile by using a distributed software that is programmable and adaptable. For instance, you can make it so that an engineer is only granted access to assets if they have an open ticket. Because this approach is dynamic and on-demand, the user experience is the same whether the user is on premises or remote and regardless of where the asset lives.
- Cloaked infrastructure. You can protect assets by making gateways invisible on the internet using SPA. This makes it so that no assets have to answer to any TCP/IP. It can’t be pinged, hacked or zero-day’d. You need a valid key and time-based token to ping on the User Datagram Protocol (UDP) port before the Transport Layer Security (TLS) port opens.
Here are more resources on a software-defined perimeter architecture approach to solving an interconnectivity issue:
eBook: Securing the Hybrid Enterprise
Podcast: Bringing Zero Trust Access to the Corporate LAN
Resource hub: Everything you need to evaluate the Appgate SDP ZTNA Solution