Software-defined perimeter

<p>A software-defined perimeter (SDP), sometimes referred to as a black cloud, is a method of enhancing computer security. The SDP framework was developed by the <a href="/facts/Cloud_Security_Alliance/t6yGx93Q">Cloud Security Alliance</a> to control access to resources based on identity. In an SDP, connectivity follows a need-to-know model, where both device posture and identity are verified before access to application infrastructure is granted. The application infrastructure in a software-defined perimeter is effectively "black"—a term used by the <a href="/facts/United_States_Department_of_Defense/dWAvf7e3">Department of Defense</a> to describe an undetectable infrastructure—lacking visible <a href="/facts/Domain_Name_System/rfxdWFsj">DNS</a> information or <a href="/facts/IP_address/z9V22Sw9">IP addresses</a>.[<i>dubious – discuss</i>] Proponents of these systems claim that an SDP mitigates many common network-based attacks, including server scanning, denial-of-service, <a href="/facts/SQL_injection/QD0cwbk5">SQL injection</a>, operating system and application vulnerability exploits, <a href="/facts/Man-in-the-middle_attack/dx4cojdz">man-in-the-middle attacks</a>, <a href="/facts/Pass_the_hash/es1D51Rt">pass-the-hash</a>, pass-the-ticket, and other attacks by unauthorized users.
</p>

Software-defined perimeter open-in-new

Software-defined perimeter