Appgate SDP

An Introduction to the Industry Leading

Software-Defined Perimeter
IT Changed.
Security Didn’t.

• The perimeter is dead

• Built around networks, not users
• Inherent over-entitlement
• Broad attack surface
• Complexity impedes agility

2
A Better Way: Appgate SDP,
a Zero Trust Solution

• Reinvents security for a hybrid,

multi-cloud world
• Moves beyond outdated perimeter
security model
Appgate
• Eliminates “default trust” that leads
to attacks from within the network
• Designed to address internal and
external threats
• Makes security continuous
and adaptive

3
 Appgate SDP
Software-Defined Perimeter

Role and Group

Operating System

Location

Time of Day

Network

Device Posture

External Systems

Identity-Centric Live Entitlements Segment of One

4
Identity Centric

• Focus on the user, not the IP Role and Group

• Integrates with directory services and IAM
Operating System
• Business and risk context-aware
Location
Time of Day
Network
Device Posture
External Systems

5
Live Entitlements

• Dynamic and context sensitive

• Extensible and scriptable
• Continuously monitored

6
Live Entitlements

• Dynamic and context sensitive

• Extensible and scriptable
• Continuously monitored

7
Live Entitlements

• Dynamic and context sensitive

• Extensible and scriptable
• Continuously monitored

8
Live Entitlements

• Dynamic and context sensitive

• Extensible and scriptable
• Continuously monitored

9
Segment of One

• Secure encrypted
communication
• Connects user to only
authorized resources
• Eliminates problem of
lateral movement
• Access adjusted in real
time as necessary
• Support for hybrid IT with
multi-tunnel capability

10
Use Cases

Remote & Enabling Secure

Third-Party Access Cloud Migration DevOps

• Enforce identity-centric • Automatically secure • Remove onerous

policies workloads management
• Remove over-privileged • Enforce consistent, hybrid • Grant timely and precise
access controls access
• Granular Access • Cloud Agnostic • Dynamic access
Control provisioning

11
How Appgate SDP Works

1 Using Single-Packet Authorization, client makes

access request to controller

CONTROLLER IDENTITY PROVIDER

2 Controller checks context,
passes Live Entitlement to client

3 Using SPA, client uploads Live Entitlement,

which gateway uses to discover applications
matching the user’s context

4 Dynamic Segment of One network is built for

this session
CLIENT
APPLICATION
5 Continuously monitors for any context
changes, adapts Segment of One accordingly

APPLICATION
GATEWAY

APPLICATION
Cloud Scale and Resilience

• Decentralized, distributed and stateless

• Hybrid ready/native and cloud agnostic APPLICATION

ON PREM

• Any device, any user, any workload

CLIENT

• Hyper scale and high performance

• Multi-tunnel capable APPLICATION

• Resilient and highly available

CONTROLLER

APPLICATION

RESOURCE
GATEWAY

14
Programmable
and Adaptable

LDAP

15
Enterprise Grade.
Cloud Scale.

ADVANCED
TECHNOLOGY
PARTNER

SECURITY
COMPETENCY

Scalable and Secure and Resilient Integrated Solution

High-Performance Dynamically adjust Unified policy
High availability; access controls; 100% framework for any user,
Linear scale API driven device, or workload

16
Platform of Choice for
the Public Sector

CONTINUOUS COMMON
DIAGNOSIS AND CRITERIA
MI T I G ATI O N CERTIFIED
PROGRAM

APPROVED O N LY S D P
PRODUCT OFFERING

Compliant Certified Approved and Available

Adheres to industry Rigorous Standards- CDM listed product; on
and government best Based 3rd Party multiple contracting
practices and architecture Validation for Common vehicles
Criteria

17
“Easy implementation, innovative features, incredible
support and guidance”
IDENTITY AND ACCESS SERVICE MANAGER  IN
T HE   S E RV I C E S I N D U S T RY BROADEST
F E ATU R E S E T

SOFTWARE-
DEFINED
“Ability to customize the product is amazing. PERIMETER

Team customized everything we needed.”  ////////////////////

V I CE P RES I DEN T  I N THE   FI NANCE INDUS TRY GARTNER PEER

INSIGHTS:
4 . 8 O F 5 S TA R S

“Exemplary deployment experience and vendor

relationship. Appgate SDP exceeds expectations.”
C I S O   I N T H E   T R A N S P O R TAT I O N I N D U S T R Y

18
“Any enterprise seeking a simple
but effective way to eliminate the
threats present for enterprises
LEADER
using hybrid infrastructure should
explore Appgate’s offerings. ”
ZERO-TRUST
EXTENDED
ECOSYSTEMS

ZERO TRUST EXTENDED ECOSYSTEM

PROVIDERS, Q3 2020

19
Appgate SDP:
The Zero Trust Solution

Reinvents security for a hybrid, multi-

cloud world
Moves beyond outdated perimeter
security model
Eliminates “default trust” that leads to
attacks from within the network
Designed to address internal and
external threats
Makes security continuous and adaptive

20
Next Steps

• Suggest test-drive experience

• Schedule technical review with key stakeholders
• Evaluate and prioritize the most relevant use cases
• Review Easy Evaluation program and installation
• Establish timeline / project plan

21
Remote & Third-Party Access
ENTERPRISE

Virtual workers and third-party contractors need

access to your critical systems from anywhere on
any device. But VPNs treat all users the same: an IP
address allowed to connect to your network—or not. SUPPLIERS
ZERO TRUST
NETWORK 2
Problem

• Granting access to only specific resources required

• Removing access immediately upon completion of work
• Lack visibility into audit details for compliance
• Limit exposure to internal attack surface if vendor is CONTRACTORS
ZERO TRUST
compromised NETWORK 1

Benefits
• Grants access based on identity with business and risk
awareness
• Secure encrypted 1:1 connection between user and PROTECTED
ASSETS
approved system only
• Unauthorized resources are completely invisible
• Eliminates lateral movement on internal networks

22
Cloud Migration

Appgate SDP works across heterogenous

environments, providing a unified secure access
solution and simplifying network security.

Problem
• Datacenter migration requires months of planning Seamless
and testing connection
• Difficult to stage migration to minimize downtime between data
• Migration involves coordination between compute, center and cloud
network, and SecOps

Benefits
• Simplify planning and execution of staged migration
• Reduce downtime with dynamic entitlements
• Unified policy framework across all clouds
• Eliminate cloud vendor lock-in

23
Speed up security.
Unleash DevOps DEV TEAM 1

Appgate SDP provides secure and automated

multi-tunnel access to developers, removing
DEV TEAM 2
VPN hurdles and unleashing productivity.
SEATTLE

Benefits
• Simultaneous access
• Location agnostic Access STAGING
• Entitlements by attributes (AWS tags) NEW YORK

Implications
• Precise, fine-grained access control
• Transparent user experience
• User access dynamically adjust based on server tags REMOTE PRODUCTION

• Simplified security groups

• Clear user access policies
• Streamlined operations
• Eliminated VPNs
• Strong device validation and Jamf integration

24
Eliminate VPNs
Virtual workers and third-party contractors need
access to your critical systems from anywhere
ENTERPRISE
on any device. But VPNs treat all users the
same: an IP address allowed to connect to your
network—or not.

Problem EMPLOYEES
ZERO TRUST
NETWORK 2
• Granting access to only specific resources required
• Removing access immediately upon completion
of work
• Lack visibility into audit details for compliance
• Limit exposure to internal attack surface if vendor
is compromised
CONTRACTORS ZERO TRUST
NETWORK 1
Benefits
• Grants access based on identity with business and
risk awareness
• Secure encrypted 1:1 connection between user and
approved system only PROTECTED
ASSETS
• Unauthorized resources are completely invisible
• Eliminates lateral movement on internal networks

25