Perimeter 81 SASE Cybersecurity Solutions

Perimeter 81 SASE Solutions: Comparisons, Review, Benefits, Use Cases, Pros & Cons

Author: Netify Research Team

If you have questions about Perimeter 81 and how their capability is aligned to your needs, email the Netify research team. UK: uk@netify.co.uk North America: northamerica@netify.com 

(Please use the UK email for ROW - Rest of the World - questions or inquiries)

Netify Review

Perimeter 81 is a relatively new entrant into the cybersecurity market. However, already the company has achieved Leader ranking in the Q3 2021 Forrester New Wave report for Zero Trust Network Access. This ranking shows an ability to hold their own, even with a limited market presence, placing amongst established names such as VMware, Zscaler and Palo Alto Networks. Perimeter 81’s SASE offering, though missing some key features, shows a commitment to expanding their portfolio and capabilities making this up-and-comer definitely one to watch. Perimeter 81 is ideally suited to Small to Medium Enterprises looking for a Security Network Management Platform that covers all areas of corporate network architecture with a focus on security for remote users. 

About Perimeter 81

Perimeter 81 was founded in 2018 by SaaS and cybersecurity experts Amit Bareket and Sagi Gidali. Using their expertise, the company focuses on building an advanced SASE and ZTNA platform, to help businesses to replace their legacy equipment. Recently Perimeter 81 was named a 2021 Forrester New Wave™  Leader in Zero Trust Network Access (ZTNA). 

What are Perimeter 81's Solutions?

All Perimeter 81 services are included in a single platform, with a tiered pricing structure.

These include: 

• Zero Trust Application Access (ZTAA): ZTAA allows clients to manage identity-based policies for access to business-critical applications, without granting access to the network as a whole. With agentless access users can reach applications using a range of protocols, including, HTTPS, RDP, VNC, SSH and VoIP. Application access is tracked by the user and can be limited by user identity, day and time. Clients can also use identity providers to recognize users, locations and devices to apply relevant policies. 

• VPN Alternative: An alternative to legacy VPN technology, Perimeter 81 offer VPN Alternative, which combines ZTA, global gateways, integration with applications from cloud providers and traffic encryption using VPN protocols such as OpenVPN, IPsec and WireGuard. 

• Cloud VPN: Designed to offer users connectivity to cloud resources from both remote and on-premise locations, replacing legacy technology using a cloud platform accessible from the public Internet. The solution allows secure network access for remote users worldwide, securing the cloud in shared responsibility models (where the client is responsible for access point security in a network, whilst the cloud provider offers network infrastructure).

What is the Perimeter 81 SASE security solution?

Perimeter 81 offers a SASE solution which is designed to protect all areas of a client’s network, supporting on-premise and remote users by securing branch offices, data centres and cloud resources in one solution. Clients are able to implement a least-privileged strategy with strictly enforced access control. Using this, clients can control how users interact with business resources, such as application access, user and group identity and sensitive data. 

Perimeter 81’s SASE solution is capable of integrating with local and cloud resources, and can be deployed as either hardware or software, offering the capability to integrate with third-party solutions to create improved visibility across the network. The Perimeter 81 SASE solution includes the following features:

•  Zero Trust Network Access (ZTNA): Provides centralized network management of all hardware and software infrastructure. The Perimeter 81 ZTNA offering features: DNS filtering, automatic Wi-Fi security, Unified platform for managing cloud resources, unlimited bandwidth and data availability, multiple global private and public VPN gateways, 24/7 customer support, monitoring and logging utilities as well as auditing and reporting capabilities. The Perimeter 81 ZTNA solution enables multi-tenant cloud, 2FA and single sign-on clients in a unified network platform supported by zero trust access when used in conjunction with SASE. This provides a simplified enterprise network topology that provisions security on all devices, allowing for safe, low latency remote access. The solution is supported by cloud agnostic integrations and content filtering such as IP whitelisting and precise user segmentation secured with IPsec tunneling for total endpoint encryption.

• Firewall as a Service (FWaaS):See, What FWaaS (Firewall as a Service) solution is supported by Perimeter 81?
  
  
• Device Posture Security: Perimeter 81 offer Device Posture Check, which ensures that access to critical resources is only granted to devices that meet security posture rules. Those who do not meet standards are blocked. The Device Posture Check solution is able to analyze devices such as iOS, MacOS, Linux, Windows and Android to check for Windows Registry keys, specific files and processes, anti-virus software, certificates and disk encryption. The solution is also capable of monitoring device inventories, providing login history, failed and successful posture checks and general health. Session information such as user, device type, time, attached policy and OS are also included. Further, the solution offers clients a multi-layered security model, which includes segmented networks, with optional security functions such as Automatic Wi-Fi Security, Domain Name System (DNS) filtering and 2FA.
   
• Networking as a Service (NaaS) with Integrated Security: Perimeter 81 offer NaaS, which integrates security and network management into a client’s local and cloud-based resources on one platform, delivered as a Service. The solution is often chosen to replace legacy VPNs as they use less hardware, and do not require the same level of management for configuration and maintenance. NaaS encrypts traffic with a range of TLS protocols available such as SSL, Wireguard and IPsec. It offers networking and security integration in cloud-based SaaS applications such as AWS, Salesforce and Google Suite, whilst offering automatic Wi-Fi security, DNS filtering and multi-factor authentication. The service offers low latency as clients can locate their resources near to one of Perimeter 81’s 50 global managed data centers and can be managed via a control panel. The solution includes applications for Android, Mac, Windows and iOS.
   
• Cloud Access Service Broker (CASB): Currently Perimeter 81 does not offer CASB capabilities, however when implemented, customer security policies can be extended to the architecture of Cloud Service Providers.
   
• Secure Web Gateway: Reduces the attack surface by ensuring that web browser traffic is compliant with company policies to mitigate web based threats. Perimeter 81 does not currently offer a Secure Web Gateway

What ZTNA (Zero Trust Network Access) solution is supported by Perimeter 81?

Perimeter 81’s ZTNA solution offers least-privilege access policies, rapid onboarding, identity based access control as well as 2FA and SSO integrations. This ensures the security of all devices and endpoints across the network, including encryption for teleworkers. 

• Agent & Agentless Access: Network access control can be provisioned through an installed agent or alternatively through a web browser based agentless access solution.
   
• Device Posture Check: Using pre-defined user criteria the device posture check ensures that only secure devices are able to connect to the enterprise network.
   
• Firewall-as-a-Service: See, What FWaaS (Firewall as a Service) solution is supported by Perimeter 81?
  
• Port & Protocols: Perimeter 81’s Zero Trust Network Access supports all major encryption protocols such as OpenVPN, IPSec and WireGuard.
   
• Zero Trust Application Access: Perimeter 81 offer agentless network access to users via a web browser. This allows access to resources to be segmented and restrictions applied using identity based policies. Application protocols include HTTPS, RDP, VNC, SSH and VoIP.  Resources can be defined as on-premises, cloud or by user and are encrypted, along with network layers, through the choice of multiple different encryption protocols to keep corporate assets secure. These encryption protocols include: WireGuard, IPSec, OpenVPN and SSL.
   
• Least-privileged Access: Traffic policies and resource access can be tailored to user role, devices, and location. Custom user authentication is enabled via identity providers ensuring that users on the network can be restricted to their essential resource and application needs.
   
• Multi-Layered Security: Zero Trust Application Access ensures the corporate network and resources are protected against both known and unknown threats through Domain Name System (DNS) Filtering, Access management and Two-Factor Authentication.
  
  
• Fully Monitored: All traffic and each application session is able to be monitored, audited and logged. Zero trust enables full monitoring in all cases, even if encryption, ports and protocols or hopping are used.
   
• Total Cloud Integration: Resources both on and off premises are secured through integrations with cloud providers such as: AWS, Azure Salesforce and Google enabled by Perimeter 81’s Application Programing Interface (API).

What CASB (Cloud Access Security Broker) solution is supported by Perimeter 81?

Perimeter 81 does not currently support a CASB solution as part of its SASE solution, however a new CASB solution is in progress to allow customers to extend security policies to the architecture of cloud service providers. 

What SWG (Secure Web Gateway) solution is supported by Perimeter 81?

Perimeter 81 have recently introduced a SWG solution. The offering allows admins to create Web Filter Rules, which continue to operate even whilst the user is not connected to the network for constant protection. The rules can be set per department - as an example, the marketing department may require access to social media, where others do not. However, some instances require Bypass Rules, which protect employees when they access sensitive information, such as financial or healthcare - Perimeter 81 SWG Bypass Rules does not allow employee information to be tracked in these instances. 

Monitoring and Tracking tracks all attempted access to prohibited or cautioned sites which allows companies to take action following suspicious activity. 

What FWaaS (Firewall as a Service) solution is supported by Perimeter 81?

Perimeter 81 offers a FWaaS solution that helps to ensure the security of data flows. Integrations with cloud providers such as Amazon Web Services (AWS), Azure and Salesforce ensure that this solution offers protection in any environment, including hybrid cloud. The FWaaS solution is cloud native to ensure scalability and smoothness of cloud provider integrations. Layer 3 and 4 restrictions and access can be segmented based on group or user identity as well as by IP address, port or protocol. Granular network policies can be applied at each layer allowing IT administrators to create traffic filtering rules based on subgroups such as: applications, addresses, locations, users and groups. The FWaaS solution provides visibility into corporate network traffic and management across the environment. The solution supports remote workers by providing low latency access to the corporate network via global private gateways when deployed to the network edge. The Perimeter 81 FWaaS solution offers TLS encryption, visibility into clients and endpoints, application and OS level security as well as management of access and identity to ensure regulatory compliance and network security.

How does Perimeter 81 deliver cloud security?

Perimeter 81 integrates with major cloud vendors such as Azure, AWS and Google Cloud, leveraging their Zero Trust framework for policy enforcement based on user permissions across the whole environment. The Perimeter 81 Knowledge Base also offers technical documentation with step-by-step instructions to help clients integrate with cloud service providers. 

• AWS: Perimeter 81 is an AWS Advanced Technology Partner, offering secure AWS network access for AWS applications and resources. The solution offers Amazon S3 bucket, which allows users to deposit data from the network in order to improve access controls. Further, site-to-site IPsec connections can be provisioned between Perimeter 81 and a client’s AWS resources, allowing users to access the cloud regardless of location. The solution leverages real-time security monitoring, traffic encryption, cloud-edge infrastructure, actionable intelligence and AWS access monitoring. The solution is designed to be deployed in minutes, helping clients to migrate to the cloud efficiently.
   
• Azure: Perimeter 81 offers integration with Azure, to offer clients private access to Azure applications for both on-premises and remote users. The solution includes Zero Trust which is based on Identity Providers such as Azure AD, compliance reporting with traffic logs and auditing, fast deployment for those migrating to the cloud, least privileged access, secure remote access including Bring Your Own Device (BYOD) and end-to-end encryption with AES 256-bit bank-level encryption and Perfect Forward Secrecy (PFS) where encryption keys are rotated every hour.
   
• Google Cloud: Perimeter 81 offers secure cloud access to Google Cloud, offering clients the ability to manage all identities and policy rules with visibility into the network. The solution uses private encrypted access to Google Cloud resources and applications, whilst private IPsec tunnels and identity-based logins allow users to access from the Internet. The solution includes: Zero Trust Access, which allows clients to create traffic and access policies based on Google, IsPs and SSO provides authentication for remote workers, and a multi-layered toolkit, which is deployed at a user level and offers device posture check (see, Perimeter 81 SASE), encrypted tunnels and DNS filtering. The solution can be deployed using global gateways leveraging Perimeter 81’s global IP backbone, which includes static IPs.

How does Perimeter 81 support remote users?

Remote users are supported by Perimeter 81’s Remote Access VPNs. This allows teleworkers to encrypt their data and traffic flows at any time, from anywhere, securing corporate networks and mobile devices against malicious attacks. The Perimeter 81 Cloud-based VPN alternative offers a variety of VPN protocols including OpenVPN, IPSec and WireGuard as well as the ability to deploy global gateways to reduce latency for remote workers. 

The solution allows clients to manage network, policies, device posture checks and users from a single platform. The Perimeter 81 solution is also capable of integrating with other security and network environments for granular insights including detection, activity logs, auditing and monitoring. The Remote Access VPN supports integration with SASE (see, Perimeter 81 SASE), cloud providers, Zero Trust Access and leverages Perimeter 81’s Global IP Backbone. 

What is the Perimeter 81 managed, co-managed and DIY services solution?

Perimeter 81 offer managed, co-managed and DIY services direct and also have a number of reseller and managed services provider partners offering services via their partner channel. 

What Reporting and Management is available via the Perimeter 81 Portal?

Perimeter 81’s single pane management portal enables monitoring of compliance status and enterprise security posture by offering customers increased network visibility. 

What is the Perimeter 81 SLA?

Customer Must Request Service Credit - In order to receive any of the Service Credits described above, customer must notify Perimeter 81 within thirty days from the time customer becomes eligible to receive a Service Credit. Failure to comply with this requirement will forfeit Customer's right to receive a Service Credit.

Maximum Service Credit - The aggregate maximum number of Service Credits to be issued by Perimeter 81 to customer for all Downtime that occurs in a single calendar month shall not exceed twenty days of Service (or the value of 20 days of Service in the form of a monetary credit to a monthly-billing customer’s account). Service Credits may not be exchanged for, or converted to, monetary amounts.

Perimeter 81 SLA Exclusions - The Perimeter 81 SLA does not apply to any services that expressly exclude this Perimeter 81 SLA (as stated in the documentation for such services) or any performance issues: (i) caused by "Force Majeure" or (ii) that resulted from one or more of customer’s equipment or third party equipment not within the primary control of Perimeter 81.

Perimeter 81 reserves the right to modify this Service Level Agreement at any time by updating the terms on the website.