Managed Security
Service Overview
Cloud connectivity, mobility, unified communications, and the perimeter-less nature of distributed customers, workers and partners, has unleashed a Pandora’s box of new and widening attack vectors.
The methods used by a malicious actor, range from malware, viruses, and email attachments, to web pages, text messages and social engineering, just to name a few.
IT and security professionals struggle with fragmented security infrastructure, comprised of identity and access management, intrusion prevention, antivirus, content filtering, and other security functions.
It’s no surprise that with this jumble, security vulnerabilities from users clicking on a malicious link, to device mis-configurations, can go unnoticed until a hacker finds and exploits them.
AireSpring Cybersecurity Protection
Security is a critical factor when choosing an SD-WAN solution. AireSpring’s Global Managed SD-WAN is powered by the VMware® SD-WAN by VeloCloud™ platform, a robust architecture that simplifies the process of securing traffic and data. AireSpring Global Managed SD-WAN provides deep visibility and identification of over 2500 applications, within any environment, including on-premises, private and public clouds, and SaaS. AireSpring enables organizations with the flexibility to apply security and business policies, where and when they need them, while eliminating challenges associated with a perimeter-less network. Customers with AireSpring Gateway Access service can take advantage of AireSpring DDoS mitigation service that adds another layer of defense to your network (Available at no additional cost within the USA).
Security at the Edge
Security is a critical factor when choosing an SD-WAN solution. AireSpring’s Global Managed SD-WAN is powered by the VMware® SD-WAN by VeloCloud™ platform, a robust architecture that simplifies the process of securing traffic and data. AireSpring Global Managed SD-WAN provides deep visibility and identification of over 2500 applications, within any environment, including on-premises, private and public clouds, and SaaS. AireSpring enables organizations with the flexibility to apply security and business policies, where and when they need them, while eliminating challenges associated with a perimeter-less network. Customers with AireSpring Gateway Access service can take advantage of AireSpring DDoS mitigation service that adds another layer of defense to your network (Available at no additional cost within the USA).
Core SD-WAN Security Capabilities
Security is fundamental to VMware SD-WAN, which is built on an architecture that ensures secure communication between the management, control, and data planes:
- Between management and data planes
- Between data plane and control plane components
- Within public key infrastructure-based authentication
Security functions:
- Encryption
- Authentication
- Key generation/exchange options
Stateful firewall
Included in the SD-WAN Edge, provides secure connectivity between locations.
PCI compliance
Can be enforced on a per segment basis to maintain regulatory compliance.
Segmentation
supports VLAN functionality across the enterprise, ensuring discrete connectivity between employees and business applications.
Next Generation Firewall (NGFW)
Virtual network functions (VNF) on Edge software and devices enable the insertion of NGFW functionality.
User traffic inspection
Inspection for threat detection and prevention (e.g. IDS/IPS, anti-malware, URL filtering) is available locally within the VMware SD-WAN Edge via service chaining through a firewall VNF, or remotely, by steering traffic to cloud-hosted security services through policy.
Network segmentation
Network segmentation logically divides the network into multiple, discrete subnets. A segmented network can be isolated and controlled, by allowing and disallowing traffic, based upon a variety of management and security factors.
Network segmentation use cases can include:
- Line-of-business segmentation, such as engineering, sales, and support, etc.
- Separating user data, for guest WiFi, ATM, PCI, etc.
- Overlap IP addresses in different virtual routing and forwarding (VRF) scenarios
- Secure firewall service can segregate voice, video and compliance traffic
- Group prefixes can be inserted within a unique routing table, to make a business policy and segment-aware
Deployment Options
WAN architectures are as varied as the customers who deploy them. Manufacturing, Retail, Healthcare, Financial, and Construction are examples of industries with varied requirements. The AireSpring Global SD-WAN solution offers a flexible set of components to address the needs of every enterprise. While traditional approaches encompass management of numerous VPN tunnels and PKI infrastructure, this is drastically reduced with AireSpring’s Managed Security solution. A centralized Orchestrator with the ability to distribute settings from a “single pane of glass” takes a legacy process and streamlines connectivity when and where it is needed.
Managed Security
Affords the organization the ability to reduce the burden of maintaining the security infrastructure.
Segmentation
Provides for the secure breakout of communications between SD-WAN locations.
Edge device functionality
Provides the ability to bring the security stack close to the user. Cost and complexity are reduced by adopting a managed approach to Security while providing the ability to scale as organizational needs change over time.
Benefits
A stateful Firewall offers branch office security along with network segmentation and layered NextGen Firewall features in NFV form, providing comprehensive end-to-end security.
Get In touch
Get in touch today and explore project options