Enhancing software-defined perimeters with integrated identity solutions and threat detection for robust zero trust security

Enhancing software-defined perimeters with integrated identity solutions and threat detection for robust zero trust security

연구 분야: Safety

학회: International Journal of Information Security

As cyber threats continue to evolve, modern organizations face increasing challenges in securing their digital infrastructure. Traditional security approaches like Virtual Private Networks (VPNs) often fall short due to their inherent trust assumptions and broad access once authenticated, which can be exploited if credentials are compromised. To address these limitations, this paper proposes an enhanced Software-Defined Perimeter (SDP) architecture that aligns with Zero Trust security principles. By integrating Identity and Access Management (IAM) using Keycloak and Intrusion Detection Systems (IDS), the architecture strengthens authentication processes and introduces continuous monitoring and real-time threat detection. This integration mitigates risks associated with credential theft, unauthorized access, and insider threats while ensuring dynamic access control. However, these enhancements introduce a slight performance overhead. Evaluation across various network topologies shows that while connection setup time increases by approximately 75-100ms, the overall network throughput remains largely unaffected. The findings suggest that the enhanced SDP architecture offers a robust security solution for modern enterprises adopting Zero Trust, balancing advanced threat mitigation with minimal performance trade-offs. This work provides valuable insights into integrating IAM and IDS within SDP frameworks, reinforcing the need for adaptable and resilient cybersecurity strategies.