Pulse Secure Adds Software Defined Perimeter to Secure Access Platform

Looking beyond traditional access control, Pulse Secure is now integrating a Software Defined Perimeter architecture to help organizations reduce risk.

Pulse Secure SDP

Pulse Secure announced the launch of a new Software Defined Perimeter (SDP) offering on Feb. 19, that integrates with the company's existing Secure Access platform.

SDP is an industry standard framework approach led by the Cloud Security Alliance (CSA) that provides access and authentication components to protect cloud and virtualized workloads. Pulse Secure will be adding SDP component integration into its Secure Access platform, which already includes Network Access Control (NAC), Application Delivery Controller (ADC) and VPN features among others.

"Pulse SDP provides additional benefit that are different and additive to Pulse’s Secure Access capabilities," Scott Gordon, Chief Marketing Officer at Pulse Secure, told eWEEK. "It provides a simple, direct, trusted connection between the entity and cloud application resource."

Pulse Secure was spun out from Juniper Networks in July 2014, with an initial core focus on mobile secure access. The company has expanded in the years since with capabilities to secure access for both data center-based applications and devices as well as cloud-based services.

Pulse SDP

Pulse SDP is a new product comprised of three key components, the SDP Controller, the SDP Client and the SDP Gateway.  The client component sits on end user devices, while the gateway helps to direct traffic to the right data center or cloud resources. The SDP controller defines the polices by which clients can connect and get access to the different resources.

Gordon explained that the SDP architecture allows for a separate control plane, which verifies identity, device and security state prior to granting access, and a data plane which allow for direct, high speed data transfer between the entity and the application. 

"Since a device connected via an SDP-based process will only connect to a Controller and have conditional access to the resources that have been defined in a centrally managed policy held by the Controller, the overall attack surface is reduced," he said. "It would be impossible for an attacker or malware to move laterally movement inside a perimeter - everything else on the network is effectively undiscoverable."

SDP vs. VPN

The basic concept of an SDP was first outlined by the Cloud Security Alliance (CSA) in November 2013. SDP is now a formalized specification from the CSA, providing a way for different organizations to implement SDP compliant approaches. Gordon commented that Pulse SDP aligns to the CSA version 2.0 specification for SDP, which provides the base architecture for Software Defined Perimeter (SDP)-compliant systems.

An SDP is a somewhat different than a VPN based approach for secure access, which typically only has one data and control plane. VPNs require interoperability components to manage each type of connection where the user is remotely connecting to the corporate network and typically through the network to the cloud. 

"Pulse Secure has a variety of features that provide for streamlined administration, broad endpoint coverage, multi-factor authentication and SSO (single sign-on) for on-premises and cloud access," Gordon said. "In addition, Pulse Secure from our inception offered extensive Zero Trust access capabilities including user, device and security posture authentication, and stateful, granular policy assessment, pre-and post connection."

Gordon commented that many organizations will deploy both VPN and SDP for secure access. He added that by providing VPN and SDP in its offering, Pulse Secure is looking to enable its customers with a single platform for secure access.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.