MetaAccess SDP  

Software Defined Perimeter

The Challenge

The foundation of the Internet is built on a communication access protocol (TCP/IP) that allows every IP addressable device on the Internet to effectively “see” every other device.  Secure access to applications and data is based on an outdated “trust and verify” approach, which has become a treasure-trove of opportunity for malicious activity and hackers. Additionally, the ability to use traditional device management techniques do not work for remote and/or personal devices.


Securing the New Perimeter

What if all critical Internet resources were inherently “invisible” to all users? The good news is this “Cloak of Invisibility” is available now with Software Defined Perimeter (SDP). OPSWAT SDP, a cloud-based service offering, hides enterprise application and data resources and adheres to a “verify first, connect second” Zero-Trust access model as compared to today’s “connect first, authenticate second” approach.

Use Cases

Next-Gen VPN

Increase security by darkening visibility to the protected applications and preventing east-west traversal. This security is added without increased cost or additional throughput degradation compared to the current generation of VPN solutions. At the same time, user experience is improved with a consistent, easy way to connect while on premise or off.

App Security

Makes your applications invisible, rendering them undetectable and inaccessible to outsiders, while enhancing your application and data access security for internal wired and wireless-based network perimeter devices. This application security addresses regulatory compliance for a wide variety of industries, especially with the ability to block unauthorized access.

Address Regulatory Compliance

Meet regulatory requirements by preventing access to corporate data, based on device risk. MetaAccess provides reports that can be used to meet regulatory compliance audits, such as FINRA, HIPAA, Sarbanes-Oxley, and others.

Borderless Security

Protect your data with mutual TLS encryption both within your perimeter and beyond, ensuring the required secure access. This security protects against credential theft, connection hijacking and data loss, and common attacks such as DDOS, Man-in-the-Middle and more. SDP enables greater security based on an application-session only (least-privileged) zero-trust access model.

SDP Architecture

How it Works

SafeConnect SDP is comprised of three main components:

SDP Client

Available for Windows, macOS, iOS and Android devices. Ensures the certificate-based mutual TLS VPN only connects to authorized user services. The SDP Client can be distributed to managed devices or downloaded as part of a Patent-Pending BYOD onboarding process.

SDP Controller

Trust Broker between the SDP Client and security policy controls such as Identity Access Management, Issuing Certificate Authority, and Device Compliance. Once authorized, the SDP Controller configures a mutual TLS VPN to enable per-session application access.

SDP Gateway

Termination point for the mutual TLS VPN connection from SDP Client. The SDP Gateway acts as a “Deny-All Firewall” to block visibility and access to the network. It is usually deployed as topologically close to the protected application as possible, and multiple Gateways are supported.

Why OPSWAT?

Address Regulatory Compliance

OPSWAT's MetaAccess not only includes an SDP, but also protects cloud apps through an IdP approach and on-premise network through MetaAccess NAC. All in one platform.

Adheres to Zero-Trust/Least Privileged Model

Verify first-connect second access to private and public cloud applications; resources are protected by a DENY ALL dynamic firewall; Traffic is protected in a mutually authenticated TLS tunnel (mTLS).

Customer-Provisioned Cloud Offering

Rapid deployment in a matter of hours; 24/7 Support; No additional hardware or network integration required; seamlessly overlays your existing network access controls.

Decreases Network Attack Surface

Hide your applications from the Internet and corporate networks to address DDoS attacks, credential theft, connection hijacking and data loss.

Get Started With Up To

50 Free Devices

See MetaAccess

In Action