Any way you look at it, network resilience and security – or lack thereof – has a price tag. If you right-size your solution, however, you can make it secure and affordable.
How to Secure Your Network, Affordably
Traditionally, Next Generation Firewalls (NGFW) are deployed as the primary security appliance for a corporate network – providing a fierce barrier to the outside world. Over the years, this solution has evolved and more robust features have been added to keep up with emerging threats. But, ask any security expert and they will tell you a standalone firewall is not adequate for securing your network, especially in regulated industries. You need additional security components deployed in a multi-layered approach throughout critical points in your network.
Banking and healthcare IT managers are well aware of the need for robust security to meet compliance requirements. Because of highly publicized data breaches and the high costs of recovering from ransomware attacks, many other companies are recognizing the need as well.
Security can also be achieved by making communication paths private. Carrier services like Multi-Protocol Label Switching (MPLS) and traditional T1 connections provide more secure connections from remote sites to a headquarters or Co-Lo site.
MPLS is expensive when you factor the cost per megabit and T1s are an aging technology with similar bandwidth restrictions and availability.
Businesses today are rapidly adopting low-cost, high-bandwidth carrier services that leverage the public internet. These services are easy to integrate into an existing network and are often available with incentives to boot. The challenge is providing a good level of security over the public internet, easily.
Securing Your Wide Area Network with SD-WAN
Software Defined Wide Area Network (SD-WAN) technology provides a secure transport path between corporate sites and the cloud using any WAN carrier services. Think MPLS-like security with fiber broadband throughput.
How? It uses encrypted, encapsulated tunnels that traverse any type of connections you have in your business network, even wireless. Think automatically managed VPNs across your public connections – secure connections for any traffic, over any connection.
For SD-WAN, the equipment cost and network engineering time to architect a system are not insignificant. However, the potential cost of lost revenues with downtime, diminished productivity, fines, penalties and a tarnished reputation from a data breach can be the highest price to pay.
Using SD-WAN with your existing firewall provides multiple layers of security for your network – Secure SD-WAN. These days, every line of defense is welcome.
How Does Ecessa’s Secure SD-WAN Work?
Ecessa premises-based controllers allow organizations to combine up to 25 connections of any service types (MPLS, DSL, broadband, satellite, microwave, 4G/LTE, etc.) from any providers, to create an affordable, resilient network with as much bandwidth as needed. Multiple, diverse links are recommended to protect against network outages in the event of a carrier service issue, whether the issue is spotty service, or a damaged line from a construction mishap. Often, an expensive MPLS connection can be replaced or augmented by low-cost broadband services, increasing bandwidth exponentially. The Ecessa SD-WAN solution allows you to keep your IP addresses and not change your network architecture – fitting seamlessly into your existing or desired architecture.
Ecessa SD-WAN solutions are purpose-built to optimize wide area network connections and create a Never Down™ network – never experience an outage again. The best-in-class, enterprise-grade features include the ability to control traffic down to the packet level and allow different routing options for different kinds of traffic. In addition to giving network administrators flexibility to set specific criteria for failover and failback, load balancing, authoritative DNS and other customizations, advanced features such as generic routing encapsulation (GRE) tunneling, encapsulation and encryption allow organizations to create private networks over public broadband connections. You can even fold MPLS into the mix.
Ecessa’s solutions also include a stateful firewall that provides additive security at the network edge. The embedded basic firewall features may provide enough security for smaller branch offices. Other organizations may elect to backhaul traffic that needs to be scrutinized to their central office or head end for processing through a best-in-class firewall with advanced features. NGFW and Unified Threat Management (UTM) features included in those highly specialized appliances are great at inspecting large amounts of data, detecting the latest malware and email threats, alerting against DDoS attacks and more. Ecessa SD-WAN products and purpose-built firewalls work well together to create robust, resilient and secure enterprise networks.
Can a single appliance provide the best firewall protection and the best SD-WAN features? It depends on what you want for your network. To be honest, most firewall manufacturers who claim they integrate SD-WAN are light on network control features, and most SD-WAN providers who integrate firewalls capabilities are light on security features. Why? It’s a matter of specialization, and we rarely see a single manufacturer deliver best-in-class coverage in both areas. That’s why we recommend businesses deploy each technology using the best solution in each class for their network architecture.
To learn more about the difference between Ecessa solutions and firewalls, download our technology brief.
You can also contact us to discuss your specific needs.