Protect your network with our SASE solution

The COVID-19 pandemic has accelerated the rate at which applications, data, devices and users are moving off premise. Legacy network security solutions designed for traditional, on-premise architectures are struggling to support the evolving demands of the business. This includes the heightened cyber security threat that has developed over recent weeks and months.

This article will provide a short introduction to the PROTECT pillar of our SASE platform. Consolidating multiple security capabilities into one fully managed, cloud native solution can protect your network, data and users more effectively than traditional methods.

We'll kick things off with a closer look at Firewall-as-a-Service and the benefits you can expect to realise by switching to a cloud based security infrastructure. We will then dive into Zero Trust Network Architecture and Internet Protections too. Let's get started!

Firewall-as-a-Service

Firewall-as-a-Service, or FWaaS for short, is the delivery of firewall and other network security capabilities as a cloud-based service or hybrid solution. It offers perimeter protection without requiring organisations to deploy dedicated firewall devices to each business location. This reduces the administrative burden on IT teams responsible for managing and maintaining security hardware, capacity and policies.

The aim of FWaaS is to make sure the network is secure, and that security policy can be applied consistently across the network from a central location or application. It utilises multiple enterprise firewall features, including Anti-Virus, Anti-Malware, Deep PacketInspection, IPS/IDS, and Geo-IP blocking, as well as traffic tunnelling to partially or fully move security inspections to a cloud infrastructure. This architecture provides organisations with a solution that protects them from data breaches and cyber security threats, while also facilitating complete visibility of their network, users and data.

Furthermore, having cloud-based security means it is easier to scale, adjust and manage without having to manually update physical firewall infrastructure or replace hardware. Providers will evaluate emerging threats on the security landscape, then design, build, test, and deploy new rules and policies to combat them. Users can benefit from an enhanced security posture without additional cost or disruption.

Zero Trust Network Architecture

As the name implies, ZTNA technology is driven by the need for organisations to embrace a zero trust security model built for mobility and a cloud-first world. It provides seamless and secure connectivity to private applications without ever placing users on the network or exposing apps to the internet.

The key principle of a zero trust networking approach is that network access is based on the identity of the user, the device and the application — not on the IP address or physical location of the device. Network access based on the individual user means there is more control over who can access what, and what functions they can perform when they get there. ZTNA delivers greater control over privileges and permissions to better secure the network from untrusted parties.

The adoption of ZTNA strategies has been accelerated by increased demand for secure remote access during the pandemic. Traditional technologies did not afford organisations the degree of agility and scalability they needed to respond decisively. As businesses continue to move towards hybrid and multicloud strategies ZTNA will be the method by which organisations ensure access to the network remains secure.

Web borne threats

In simple terms, a Secure Web Gateway (SWG) provides your organisation with a set of security protections specifically designed to repel web-borne threats, enforce company security policies, and filter malicious internet traffic in real-time. This reduces the risk and impact of data leaks and other security incidents, such as phishing and malware attacks.

As networks evolve and grow, the security perimeter typically becomes more distributed, disjointed, and challenging to manage. SWGs facilitate secure access for remote users, BYOD, IoT, and third parties, without the need to maintain and update policies across multiple point solutions.

A SWG will typically offer URL filtering, application controls for web applications, data loss protection, and the detection and filtering of malicious code. Bundling SWG capabilities with other network security services creates a more robust and comprehensive security posture for the business, while also making it easier to manage and maintain for IT teams.

The same logic can be applied when considering a Web Application Firewall (WAF). They provide an enhanced set of protections that can be configured to secure and protect web applications, whether hosted in the cloud or on-premise.

Check out the Protect your Network with SASE infographic below for a snappy summary of the key technologies underpinning the PROTECT pillar of our SASE platform.