Security - To the Very Edge Of Your Network

Today, employees access cloud applications and security as a service (SaaS) solutions from both company headquarters and branch offices. This makes operating a wide area network (WAN) and its perimeter security more difficult than ever. In addition, Internet of things devices added to such branch office networks create new risks. It is important to protect against these threats.

  #Container Platform   #Perimeter Security   #Security Awareness   #Network as a Service  
17.03.20
Ferdinand Haider
+41 58 510 17 28
ferdinand.haider@umb.ch

Fortinet's new secure SD industry platform (SD stands for software-defined) offers a solid approach to solving this problem. It allows firewall protection provided to a customer in a data center to be extended to the edge of the network. This means that access switches and access points in the company's office are directly protected by the data center firewall. How does this work?

 

An integrated solution for WAN and LAN - with shared management

Secure SD WAN technology can be integrated directly at the network access point. This allows branch offices to be connected to the network while maintaining the highest security standards. Many users want this: Current surveys show that a secure WAN solution that can be integrated and jointly managed with existing LAN networks will be very much in demand.
Secure SD-Branch is based on Fortinet secure access technology, whereby an encrypted control link integrates the firewall operating system and the LAN and WLAN services into the security infrastructure. Key benefits of such an integration include a common management platform and enhanced security. This allows Ethernet switches and WLAN interfaces to be controlled with the same level of enforcement as firewall interfaces. In a well-rounded package, no additional licenses will be required for switches and WLAN integration. Both should be included in the scope of delivery.

 

What does implementation in the company look like?

The company's network infrastructure is integrated into the security structure of the company's data center firewall. Here, all edge switches act as an "extended arm" of the firewall. The edge ports to the company can be considered firewall ports. This provides setting options that are usually reserved for a firewall port. These include traffic shaper, NAC, application monitor, QoS, and UTM feature control. This leads to a considerable added value, directly in the company, without the need for additional complex and cost-intensive umbrella systems or firewalls on site.
WAN access can be established via worknet of a Swiss provider. A worknet can be seen as a cost-effective alternative to an MPLS network. It enables the data center customer to operate a central server farm in the data center, available cost-effectively throughout the country via a redundant connection. On site, apart from end devices (laptops, PCs, etc.), only a small amount of local network infrastructure will be required. The final link is the security structure in the data center. The customer's virtual firewall in the data center will assume control of all network components in the company's branches. Both LAN and WLAN will be controlled in this manner. Using control link technology, an encrypted control channel will be implemented via the WAN. Authentication and access can be controlled via the company firewall.

 

Specialists for the security of your network: UMB and Fortinet

UMB is a Fortinet Platinum Partner and benefits from many years of successful cooperation with Fortinet. UMB customers use the integrated, centrally managed network solution featuring security, LAN, WLAN and SD-WAN on one platform. Secure Access is an integral part of our firewall operating system and thus directly integrated into our security services. We would be pleased to discuss the protection of your networks with you in detail. Please contact me.