SDPAutofence
An SDP continuously ensures only trusted devices, used by authorized users, can access trusted systems. The unified access solution protects internal/cloud networks and applications.
Authorized Users
Zero-Trust Model
SDP
Based on Zero Trust
Verify every request Cyber Protection
Authenticate First
Connect Second
VPN
Based on Implicit Trust
Unrestricted access Firewall Overheads
Connect First
Authenticate Second
Features
Principle of
Zero TrustTrust is not assumed. Trust starts from the level of 0, and this level increases or decreases depending on the security checks made by the SDP.
Identity
CentricAuthenticate users on the basis of a complete user profile, not based on an IP address. User profile contains details such as the user role, privileges and location.
Principle of
least privilegeAs the user proves his/her identity (by passing the security checks), his/her trust score increases. To gain access to resources of a higher privilege level, users need to pass strict security checks.
Build like a cloud,
for the cloudAutoFence SDP is designed to support cloud architecture. Unlike traditional network security, SDP has no centralized network choke point. The migration costs are also minimal as AutoFence SDP is completely compatible with corporate networks.
SDP Autofence Architecture
Client
A daemon installed on the users device that periodically sends device information and user credentials to the Controller
Controller
Where users are authenticated, policies are applied and trust score is generated
Gateway
Brokers access to protected resources and assets
- User opens the client application to connect to the network and enters his credentials.
- Client device sends device information and user credentials to the controller.
- Controller evaluates credentials and applies an access policy based on the context provided.
- Controller issues a token, granting the user their individual network entitlement/access.
- Access request is forwarded to the gateway, that brokers access to protected resources.
- Once access is granted, all accessed resources move through an encrypted connection
- The client, controller, and gateway work together to monitor any changes or malicious activity.