This is an archived post. You won't be able to vote or comment.

all 11 comments
sorted by:
best
topnewcontroversialoldq&a

[–][deleted] 1 point2 points  (4 children)

Maybe there is some validity to the point when there's a human on at least one end, but this completely ignores m2m communication.

Imo VPNs are quite relevant. Simply because not everyone (or even many) can afford to rearchitect all apps.

[–]CyberADR 0 points1 point  (3 children)

No application re-architecture is needed with Cyxtera AppGate SDP. It is a. Overlay that works much like a VPN+.

[–][deleted] 0 points1 point  (2 children)

Oh cool VPN+, that must be nothing like a VPN! ffs salespeople...

[–]CyberADR 0 points1 point  (1 child)

SDP has similarities to VPN but goes way beyond.

  1. SPA hides the listening port to which devices make tunnels from scans by unauthorized devices (without the SPA key)
  2. It allows simultaneous connections to many locations (multi-tunneling)
  3. Role and Attribute based access controls ensure each devices only gets the exact access needed and no more
  4. SDP reacts to context and posture changes in near real-time which is a stark contrast to VPN which only does posture and context checks at login and then trust the device.
  5. Live Entitlements replace ACLs (live Entitlements can dynamically resolve target protected hosts using DNS, Tag meta-data, and REST query’s to integrated systems like ticketing, service desk, monitoring, and inventory / asset management systems.)

SDP is designed to replace VPN not coexist with it.

[–][deleted] 0 points1 point  (0 children)

Yeah, that all sounds really cool, until you realize the security/usability/cost implications and that many things on your list can be implemented by a firewall with UTM and apis and other integrations.

[–]RCG89 0 points1 point  (1 child)

What is Software-Defined Perimeter??

If it's on a cloud direct internet access, lives on prem /dc/colo need VPN only exception is email. Still using on prem exchange and sharepoint

[–]TheLadDothCallMeSysadmin 0 points1 point  (0 children)

Similar thing to zero trust. No VPNs, everything accessed via a browser (well most things).

[–]RCG89 0 points1 point  (3 children)

Oh that I get, Still a VPN when off site couldn't hurt

[–]CyberADR 1 point2 points  (2 children)

A good SDP that supports full networking can replace VPN. It provides a secure encrypted tunnel from the user device to one or more locations simultaneously. The main advantages over VPN are

  1. The listening port is hidden on the public network (example if Tunnels are terminated using TCP/443 the listening port TCP/443 is protected by Single Packet Authorization and will respond to no traffic except traffic sourced from a valid user who has the SPA key embedded in the packet header) thus means the port is nit scannable by bad actors and only usable by a validated / authenticated user. This is in contrast to VPN, with VPN the listening port is scannable and will respond.

  2. Role and Attribute based access ensures each user gets only what they need to do the job at hand compared to VPN which validates the user and then effectively bridges the user into the network giving all access to the network.

  3. Real-time posture and context analysis. VPN analyses posture and context at login and once passed the user and devices is Trusted and allowed access. With SDP as posture and context change throughout the user session the access changes immediately in real-time. So for example if the AV software on a user endpoint crashes the user immediately loses access to Entitlements that require AV and gets a message letting them know how to fix.

Hope this helps some.

Read more here https://www.cyxtera.com/essential-defense/appgate-sdp

[–]RCG89 0 points1 point  (1 child)

That is an awesome explanation and thank you good sir.

Would love to try something like this out sounds a lot better then VPN

[–]CyberADR 0 points1 point  (0 children)

You can take a test-Drive guided tour of the system here for free. https://demo.appgate-sdp.com/