Software-defined Protection, SDP is a computer network security architecture and methodology that combines network security devices and defensive protections which leverage both internal and external intelligence sources. An SDP infrastructure is designed to be modular, scalable, and secure. The SDP architecture partitions the security infrastructure into three interconnected layers. The Enforcement Layer inspects traffic and enforces protection within well-defined network segments. The Control Layer generates security policies and deploys those protections to enforcement points. The Management Layer orchestrates the infrastructure and integrates security with business processes.

Enforcement Layer

The SDP Management Layer provides security administrators with real-time visualization of security incidents. With this information they can enhance their incident response and overall insight into the network security posture. Because it is open and modular, the Management Layer provides administrators with a great deal of flexibility in definition and delegation of security

Control Layer

At the core of the SDP architecture, the Control Layer generates software-defined protections that adapt rapidly in the face of new threats and changing network configurations. It develops these protections using advanced threat intelligence and then deploys precision policy updates using the enforcement points created by the Enforcement Layer.

Managment Layer

The Enforcement Layer segments the network, grouping together elements that share the same policy and protection characteristics. Segmentation allows for modular protection, preventing attacks from proliferating within the network and establishing trusted channels in which authorized traffic can flow unimpeded.

Ссылки

• Wiki
• Check Point Software Technologies Ltd.