Verizon & Vidder Put SD-Perimeter Around Enterprise Security
Verizon Enterprise Solutions has launched a new managed security service for enterprises, the Software Defined Perimeter (SDP) platform, that establishes connectivity at the application layer and verifies user and device identities before allowing access to protected servers.
Verizon Enterprise Solutions ' SDP service utilizes application layer access control technology from Vidder to make network services natively secure and prevent threats like credential theft and the spread of malware. In addition, SDP addresses emerging security concerns as enterprises increasingly utilize mobile devices and public clouds. (See Vidder Selected by Verizon Enterprise Solutions for Software Defined Perimeter Offering.)
"We actually go from the software process inside your laptop to the software process on the server," says Junaid Islam, president and CTO of Vidder. "So what this means is, if there's malware on your system, it just can't get through … The reason this is important for Verizon is that they want to embed this cyber attack countermeasure -- that's what we are -- right inside their network services."
Islam says this is a new approach to security -- instead of obtaining network services from an operator and security services from a security vendor, he asks, "What if the network service itself was secure? That's a new concept and what we're working on."
The security service is complementary to other network services from Verizon, such as SD-WAN and Secure Cloud Interconnect (SCI), as well as Verizon's Virtual Network Services. By utilizing Vidder's technology, Verizon's SDP service establishes application layer connectivity to block the spread of malware, and protects against server attacks in data center and cloud environments, for example.
Lawrence Pingree, research VP for Gartner, says Vidder's technology "requires authentication between two systems with a controller architecture before it allows connectivity to go between them." The SDP service blocks connectivity to application data center and cloud servers, and device and user identities are verified before they're able to access protected servers.
"We have ultra-secure need-to-know networking capabilities that are application-specific that we build in real-time, that we've been able to prove and demonstrate can withstand network-based attacks and the effects of potential spread of malware … I haven't seen anyone else get anywhere close to that," says Jeffrey Schweitzer, chief innovation architect for business products and new business innovation at Verizon.
In addition to enhancing security in SD-WAN and for global enterprises, Islam says for law enforcement SDP is important in establishing end-to-end encryption at the application layer and meeting their stringent requirements to secure sensitive data.
"We can quickly create, on an ad-hoc basis, secure networks to allow any combination of state agencies or emergency personnel to work together," says Islam.
In June, Verizon simulated a mega-disaster to demonstrate how the operator can provide support to first responders during disasters and to demo the security capabilities of the SDP service to public officials. At the Operation Convergent Response event in Perry, Ga., Verizon worked with 40 technology partners in addition to 200 first responders, public safety officers, and state and local officials. Simulated scenarios ranged from natural disasters to terrorist attacks and utilized Verizon LTE with SDP to demonstrate their ability to quickly build secure networks, and connect to IoT sensors and smart city infrastructure to better respond to the staged emergencies.
In addition to law enforcement and government, Islam says SDP is key to protecting the global outsourcing market and regulated markets, such as finance and medical, as these groups have strict security requirements and mandates.
Gartner's Lawrence Pingree says in addition to Vidder, there are other solutions also marketed under software-defined perimeter such as Zscaler Inc. Private Access, Akamai Technologies Inc. (Nasdaq: AKAM)'s remote access service, and offerings from Waverley Labs, SAIFE and Safe-T. Vidder's Islam is also one of the Software Defined Working Group co-founders in the Cloud Security Alliance, which established an SDP Version 1 specification in 2014.
"These other offerings have different implementations which offer some similar functionality," says Pingree. "They essentially can 'perimiterize' the network or offer remote access, based on a similar construct, but just not based on the software-defined perimeter specification."
Pingree says Vidder and Verizon are unique in the way they implement SDP and are first to market with SDP technology. In the future, Pingree sees SDP as a way to enable machine-to-machine communications using the controller architecture as the authenticator.
— Kelsey Kusterer Ziser, Senior Editor, Light Reading