Review: How Perimeter 81 provides a near plug-and-play network security service

Starting with the concept of zero trust, VPN tunneling and secure network access as a service, Perimeter 81 is now providing an almost plug-and-play solution for more elements of cybersecurity served through the cloud and on demand.

Insider Pro  >  Plug-and-play network security
Malerapaso / Ivanastar / Getty Images

The ways that most people and organizations use computers has radically changed over the past couple decades. Most work is no longer done inside traditional offices. Desktop computers are less popular than laptops, tablets, smartphones and other portable devices. And business is being conducted all the time, not just Monday to Friday, and not only from nine to five. But the way many organizations handle cybersecurity, with things like internal firewalls, traffic monitors and IPS devices has not really changed. Supporting a cybersecurity infrastructure today is just as much work as (and is sometimes more difficult than) building and maintaining a core network.

The clever folks at Perimeter 81 are trying to change that. Starting with the concept of zero trust networking, VPN tunneling and secure network access as a service, they recently branched out and are now providing a near plug and play solution for more elements of cybersecurity served through the cloud and on demand.

Getting started

Locally, Perimeter 81 is installed on a network as a management console and a series of software agents. Everything else exists in the cloud as a secure service. As such, the installation process is extremely quick. Once the management console was installed, it took less than 20 minutes to use the Lightweight Directory Access Protocol tables to onboard users of a test network. You can also send out manual invites to users to get them to join the Perimeter 81 protection platform. Agents work with Windows, Linux and Mac systems, and agents are also available for mobile platforms.

Having an agent on a system provides full firewall protection and access to some of the advanced security services offered by the platform. However, guest access is also available through Perimeter 81 for people like contractors or temporary visitors. The guest access enables secure VPN tunneling and access to apps as defined by the security settings. Pricing is based on the number of users being protected by the system on a monthly or yearly basis.

Perimeter 81 starts with zero trust networking. In other words, whereas most cybersecurity platforms assume that everything inside the network is safe, under Perimeter 81, every device and user must authenticate before using network services. It essentially looks at everything a user touches as an external asset and works to protect both the internal resources used by those devices as well as the connections between them. That starts with two-factor authentication, which can be accomplished through a variety of methods like SMS messaging.

Testing Perimeter 81

At its most basic level, you can think of Perimeter 81 as secure way to connect users to network resources that are stored in the cloud in places like Amazon Web Services, Microsoft Azure or Google Cloud. From the management console, cybersecurity teams can define which users are allowed to connect to what assets, and how those connections must be protected. For example, we were able to take a web server used to create new web pages and restrict access to it by anyone outside of the web developer group. We could additionally prevent anyone outside of a specific office from accessing it. And we could define how the valid users could interact with the asset by, for example, forcing them to use a specific browser and requiring that it was fully patched and up to date. You can even define what protocols are valid in conjunction with any specific asset.

Perimeter 81 Apps CSO

Perimeter 81 can be used to connect almost any user to any app. Supported protocols include HTTPS, SSH, Remote Desktop Protocol, Remote Frame Buffer protocol and others. (Click image to expand.)

Perimeter 81 App Permissions CSO

Once the allowed apps have been established, general permissions for each one can be configured, such as which groups are allowed to access them. (Click image to expand.)

Perimeter 81 Policies CSO

Perimeter 81 allows for very granular control over how users interact with applications. Settings include things like which browser can be used, if the browser must be the latest version, what times the app should be accessible or closed, the location of users, and many more factors. (Click image to expand.)

Perimeter 81 Policy Break CSO

During the testing, workarounds to policy were tested, but the platform was able to stop them all. Users can be shown a detailed message about why an action was denied, or kept in the dark about the reasoning to further thwart hackers looking to probe defenses. (Click image to expand.)

Whenever a user tried to either access an asset that they were not allowed to touch, or to do so in such a way that broke protocol, like being outside of a geofence or past defined access times, Perimeter 81 blocked that from happening. In the demo environment, users were told why they were being blocked, basically what rules they were breaking. However, you can customize those error messages to provide less or even no information if you want to be a little more secure.

When Perimeter 81 first got started in 2018, protecting network resources and creating a zero trust environment were the platform’s two main features. Recently the company has started to partner with other companies to provide more services such as web security and the ability to manage site to site connectivity, with other cybersecurity solutions seamlessly riding on the secure, cloud-based security architecture provided by the Perimeter 81 platform.

Some of those features that were already available were also tested in the demo environment, and they worked flawlessly. The really ingenious thing about the Perimeter 81 platform is that because it’s locking down the network’s user-to-asset connections, it already has a tight hold on security. Adding to that platform to do things like make web browsing secure, or even to provide browser isolation protection, is relatively easy compared with trying to do all that from scratch. Most of those features can use the same management interface for defining access to applications. It’s conceivable that a company that employs Perimeter 81 in the future would eventually be able to replace not just their legacy VPNs, but also web security solutions and even WANs, SD-WANs and firewalls, and get all their cybersecurity as a cloud-based service.

Perimeter 81 Networks CSO

In addition to setting policies for applications, you can also define the network structure of an organization, and how people and devices in one office should and can interact with others. (Click image to expand.)

What's next

It’s easy to see that Perimeter 81 is still growing. They don’t plan to have inner-branch connectivity (the WAN side of networking) added until 2020. And while the web-based cybersecurity tasks that are available now worked fine, it’s also clear that at least in terms of the interface, it’s still a little green. For example, as of the evaluation period for this feature, network events were only collected within the main program interface. Users could export them as a CSV file, but not automatically send them to a Security Information Event and Management (SIEM) system like Splunk or LogRhythm, which is how most cybersecurity teams like to operate. The company is working on that, but it was not ready as of July 2019 when this was being written.

Perimeter 81 in its current form is impressive for a few reasons. The ability for an organization to create a highly secure, zero trust network though the cloud using a plug and play interface, and to have it up and running in a few minutes, is remarkable. But what is potentially more interesting is where Perimeter 81 could go in the near future. Using the zero trust network as a baseline, any number of cybersecurity abilities could be built onto the platform, which is already starting to happen. If Perimeter 81 is able to keep up that momentum, a day could come very soon when an organization could use it to provide total network cybersecurity as a service.

We aren’t quite there yet. But Perimeter 81 shows that it’s getting pretty close.