At a Glance
Product: Pulse Software Defined Perimeter (SDP)
Vendor: Pulse Secure
Price: $66 per user, based on 1,000-user purchase.
What it does: Uses policies to apply granular application access rights based on the unique combination of a user profile and device type.
What we liked: Flexibility and ease of deployment.
The Bottom Line: The “zero trust” framework provides a very scalable an effective approach to securing applications.
As traditional network defenses have evolved, malicious players have shifted focus from infrastructure attacks to targeted software attacks. Whether the motivation is to obtain critical data or to simply disrupt operations, applications are now the prevailing target of opportunity, leaving many organizations unprepared and unprotected. The ease of access offered by web applications is a blessing for users but a curse for security teams as it adds a whole new dimension to the challenge of effectively securing applications.
Understanding such complexities, Pulse Secure has addressed the challenge head on with the Software Defined Perimeter (SDP) solution. This innovative platform offers users secured access to applications regardless of application location, user location or device.
The solution leverages the universal pulse client (agent), which supports multiple platforms. A clientless (agentless) version also is available for a defined set of applications. The SDP architecture is based on two primary components that include a controller and gateway. The gateway exists to transfer data between the data center and the cloud while the controller takes administrator policies and distributes them to the gateway. A standard deployment requires at least three different devices – a Pulse One appliance, an SDP Controller appliance and an SDP Gateway appliance – but additional SDP gateways may be necessary depending upon network and deployment requirements.
The whole premise of the platform is that an application requires establishing trust before a device connection is granted. Without a trust verification, the device is blocked from accessing an application. This approach is effective against malware attacks because it verifies both users and their devices. Different policies can be applied to different devices (such as a corporate-issued versus BYOD asset). SDP can also look at patch levels and configuration settings to match against defined policies and determine if a particular device will be allowed to connect. This approach protects against a stolen device moving to a different geography (geolocation validation) and then being used to access the network.
SDP is simple to deploy, provides great flexibility and supports relatively dynamic application access management to deliver secure access even when unexpected out-of-the-office access needs, like a snow day, have widespread impact on the workforce. Subscription pricing starts at $66 per user, which includes Gold Support with a 24/7 global support portal. Physical, virtual and cloud (AWS/Azure) deployment options are available.