This post originally appeared on blog.sonicwall.com on November 12, 2020.
With the global pandemic showing no signs of abating anytime soon, businesses worldwide are finding creative ways to adapt. Survival and continued growth often mean expanding services beyond traditional areas, being more agile and embracing work-from-anywhere policies.
In this inverted environment — one in which most employees are offsite, reliance on external business partners is increasing, and the nature of hyper-distributed offices has become almost nomadic — how do you enforce consistent and effective security policies?
Since 2019, SonicWall has been delivering a full set of new product portfolios to help IT managers alleviate these challenges. But today, with many workforces 100% remote and cyberthreats on the rise, adopting a Boundless Cybersecurity model has never been more crucial.
The Security Perimeter must follow wherever humans work and extend to wherever the assets reside.
Last January, SonicWall announced a partnership with Perimeter 81, the leading Zero-Trust Secure Network-as-a-Service provider, to firmly establish our presence in SASE. And now we’re delivering on that promise — starting with the new worldwide Cloud Edge Secure Access service, designed to free businesses from the notion of fixed locations and rigid cybersecurity solutions.
Cloud Edge Secure Access enables a simple Network-as-a-Service (NaaS) for site-to-site and hybrid cloud connectivity with integrated Zero-Trust and Least-Privilege security. Organizations can now empower remote workforces outside the traditional perimeter while protecting high-value business assets, regardless of location.
Cloud Edge Secure Access effectively provides a dedicated and invisible “rail and fence” for every employee and partner device. It offers secure access to apps and data anywhere in the cloud, including private, AWS, Azure, Google and more.
The inherent Least-Privilege Access security allows users and devices access to what’s necessary and nothing more, similar to the concept of a “need-to-know basis.” By limiting the exposure to other sensitive areas of the network, organizations can prevent threats from moving laterally, thereby securing their resources without sacrificing their operational flexibility. The illustration below shows how the Zero-Trust security follows the user anywhere and gives choices to use any devices, as both managed and unmanaged.
Worldwide cloud-native service that takes minutes to deploy.
The global infrastructure of SonicWall Cloud Edge is supported by over 30 global points of presence (PoPs). The solution is built on the Software-Defined Perimeter (SDP) architecture, making Cloud Edge service impervious to common cyberattacks like DDoS, Slowloris and SYN Flood.
IT managers can take advantage of the powerful cloud-native service via a simple SaaS interface. Built with ease of use in mind, SonicWall Cloud Edge can be configured by IT managers in as little as 15 minutes, and self-installed by end users in just 5 minutes.
But this is just the beginning of how SonicWall Cloud Edge increases IT agility and accelerates employee productivity.
Instant, high-performance multi-regional private network service.
With Cloud Edge Secure Access’ NaaS, a geographically distributed enterprise can quickly interconnect with a single virtual multi-regional private network. This makes it an ideal solution for connecting nomadic kiosks, temporary retail stores, mobile point of sales or remote branch offices in areas underserved by telcos’ MPLS, where only commodity internet is available.
The ability to not be bounded by a telco’s service map is a big plus, because it allows you to use a location that aligns with strategic business objectives and can offer considerable cost savings.
If you have legacy firewalls and routers, SonicWall Cloud Edge Secure Access will inter-operate seamlessly regardless of their location and bridge them to the nearest PoP gateways via IPsec tunnels. However, SonicWall recommends the WireGuard tunnel, which can deliver up to four times faster performance. In this race, SonicWall leads the industry as the only incumbent security vendor to offer WireGuard support.
How does Zero-Trust network and application access work?
Here’s how easy it is to enable the Cloud Edge Secure Access service and enforce Zero-Trust security:
- A home user can turn any desktop machine or notebook running macOS or Windows into a managed device with the SonicWall Cloud Edge app client. The client includes Wi-Fi security support that automatically enables a VPN connection in an unsecured public hotspot. When a Wi-Fi hijacking attempt is detected, the client will instantly disable the outbound internet connection to prevent any masquerade attack from exfiltrating data out of the target device.
- A roaming user with an iOS or Android mobile device can install the lightweight version of SonicWall Cloud Edge app to benefit from the work-from-anywhere protection.
- A business partner with an unmanaged device and a browser can also securely connect to the network and access authorized applications and data. This generic browser support is handy in public locations, such as libraries, airports or hotels where only a shared device is available.
In each of these scenarios, Cloud Edge Secure Access enforces Zero-Trust access, starting with a user login. Both internal and external logins will be directed to a centralized controller, which facilitates the interactions between the endpoint and the identity management system (such as LDAP, Okta, Azure Active Directory or Google Cloud Identity) for proper authentication.
Upon successful verification, the traffic will be relayed to one of the 30 gateways nearest the user to ensure optimal performance and the best application experience. The gateway brokers the connection by decrypting the incoming traffic and microsegmenting the traffic flow to prevent lateral movements.
An all-inclusive solution for enterprises with lean IT, and a revenue-generating platform for MSSPs.
Moving security and networking services to the cloud eliminates many hardware and software costs, such as purchasing network security appliances and security applications from several vendors.
SonicWall Cloud Edge Secure Access offers enterprises with lean IT an all-inclusive package. It integrates state-of-the-art WireGuard cryptography, built-in protection against volumetric DDoS attacks, Slowloris and SYN flood as well as Wi-Fi hijacking. It also offers service redundancy with automatic traffic load balancing, and it works seamlessly with SIEMs including Splunk and modern identity management providers (IdP).
The addition of a subscription model offered by Cloud Edge Secure Access means that services can be scaled up or down on demand, without waiting weeks or months for equipment to arrive and dedicated circuits to be installed.
And because multi-tenancy, monitoring and reporting for compliance audits come standard, SonicWall Cloud Edge Secure Access is also ideal for MSSPs.
While other vendors talk about disparate technologies when referring to their SASE solutions, SonicWall offers networking and security as a single, unified service stack, starting with Zero-Trust security built into a worldwide Network-as-a-Service. To learn more, read here.