Software Defined Perimeter (SDP)

Software defined perimeter (SDP) is a new approach for securing access to business applications. It’s become particularly important as mobile users access cloud-based applications.

Enterprises have long relied on virtual private networks (VPNs) to connect mobile or remote users to applications and other network resources. But, traditional VPNs are poorly suited for the shift to IaaS and SaaS. They rely on appliances, such as firewalls or VPN concentrators, binding mobile users to specific locations. Such an architecture adds latency, and creates a chokepoint for cloud access. And, to even reach the VPN gateways, users must rely on the unpredictable Internet. Once connected through a VPN, users are trusted with access to all resources on the network, increasing the risk of malware propagation and data breach. Overall, legacy VPN architectures expose enterprise to attacks and adversely impact the user experience, especially when accessing cloud applications.

SDP reduces risk by restricting network access to authorized resources. Most SDP point-solutions fail to address mobile performance problems, especially for global access. They also fail to continuously inspect traffic to application resources for threats post authentication. And they introduce management and deployment  complexity, requiring additional server software, network appliances, or cloud services.

SDP as a service (also known as cloud-based SDP) delivers secure mobile access as integral part of a company’s global network. Performance improves with direct, optimized access across a managed, cloud-based SD-WAN. Risk is minimized before and after users access the network through strong authentication and continuous traffic inspection. SDP as a service makes mobile access easy — easy to deploy, easy to use, and easy to secure.

SDP Point Solutions

The Cato Solution:

SDP built into Cato Cloud

Secure Access and Authentication

SDP point solutions provide secure access to application resources.

Cato Cloud provides multi-factor authentication. Policy-based access restricts users to approved to applications on premises and in the cloud.

Continuous Protection

SDP point solutions rarely include continuous deep packet inspection (DPI) to protect against threats post authentication.

Cato Cloud provides continuous protection post authentication, applying deep packet inspection (DPI) to all traffic regardless of source and destination.


SDP point solutions require mobile users to access resources across the public Internet. The increased latency and packet loss of public Internet routing undermines the mobile experience.

Mobile users access resources, on premises and in the cloud, through Cato’s optimized backbone not the unpredictable public Internet.

SDP Architecture

SDP point solutions require specialized cloud gateways, server software, or services,  complicating deployment and management.

SDP is an integral part of Cato Cloud’s support for secure and optimized mobile access requiring no additional hardware or server software.

The Cato Solution:

SDP as a Service Built into a Global Cloud Network

Cato provides cloud-based SDP as part of Cato Cloud. Cato optimizes secure access to cloud and on-premises applications for all users, both mobile and fixed. Continuous inspection reduces risk once users are authenticated.


White Paper

Cato Networks Advanced Security Services

Read how converging security and networking achieves next-generation firewall (NGFW), secure web gateway (SWG), advanced threat prevention, and network forensics

Download the White paper