Secure Network Modernization and SD-WAN

SD-WAN Solutions Are Not Security Solutions

The key drivers for adopting SD-WAN are to improve agility, simplify management, and reduce costs in the form of reduced CAPEX, OPEX, as well as savings in network service provider expenses. However, security is becoming a bigger SD-WAN concern. Challenges and risks that users of SD-WAN may likely be experiencing include:

  • Egressing of traffic in places that is not getting inspected by a Next-Generation Firewall
  • Internal traffic between sites on the internal network can be vulnerable to lateralization attacks and the propagation of malware or other threats
  • False sense of security from SD-WAN solutions; SD-WAN solutions are not security solutions

Learn more in this OPAQ lighboard video:



The OPAQ Cloud Integrates with SD-WAN Solutions and Protects from the Internet to the Endpoint

The OPAQ Cloud integrates with SD-WAN providers supporting IPSec connectivity from the SD-WAN appliance or SD-WAN gateway. OPAQ’s Firewall-as-a-Service (FWaaS) solves for potential security gaps by inspecting all traffic and securing it with Palo Alto Networks Next-Generation Firewall protection. In addition, OPAQ’s integrated Endpoint Protection solves for potential security gaps between sites and prevents lateral east-west movement and the propagation of threats inside the network.

OPAQ is partnered with SD-WAN providers such as Silver Peak, empowering their customers with enterprise-grade security protection along with the performance and flexibility that SD-WAN delivers.

Securing Remote Workers

Securing Remote Workers With OPAQ SASE

Distributed computing requirements are boosting the rationale for remote access and work-at-home. SASE provides a secure, agile network architecture.

Work-life balance, the need for distributed computing, and now disease containment, continue to build the case for telecommuting, work-at-home, and reliable and secure remote access.

The secure access service edge (SASE) provides a secure network architecture that can shift to meet changing business and human requirements. It empowers people to work remotely by supporting connectivity, distributed computing and security all at the edge of the network, removing inefficient data-center-based traffic patterns and backhauling. It gives them access to nearby cloud data or software tools without having to request that service from a far-away data center, hence reducing network latency and improving performance.

But this access, while allowing employees to work remotely, is not necessarily secure.

Malicious actors prey upon remote users via their laptops and other portable computing devices, and via the untrusted networks and programs these users connect to, particularly when outside of an organization’s private network.

According to 451 Research, 63 percent of global organizations indicate they have moderate to no visibility over all their distributed network assets. How can you patch the next vulnerability in your network computing infrastructure when you have no way to identify all the legitimate endpoints (including employees’ personal devices) trying to connect to your network? And how do you distribute central security policy to those devices without first reconfiguring all of your physical network equipment and/or hairpinning traffic back through your core network for policy enforcement?

With the OPAQ SASE Cloud, you can simply provide always-on, next-generation protection within days, without the costly backhaul that can toll your central private network. Security delivered from the cloud facilitates advanced remote security, providing a remote secure controller from which consistent network policy can be rapidly enforced on distributed endpoints.

Read more to better understand the need for advanced security at remote and highly distributed computing endpoints.

Bring Your Own Device (BYOD) Policies

During times of stress, organizational defenses against infection get spread thin as the lifeblood network expands for sustenance and survival. To stay connected and serve customers, distributed workforces must utilize the Internet to keep workflow and production going. They might use over-the-top (OTP) IP telephony communication apps, SaaS licenses from clouds, and hosted workflow. It’s a boulder on your shoulder, as IT departments are tasked to support and secure this sudden remote access and management demand.

Devoted employees will increasingly connect into the network from a remote location to provide value exchange. But their personally owned distributed devices are suddenly more exposed as they utilize public Wi-Fi, network file-shares, and link-based videoconferencing apps. With private data now part of a burst of Internet-carried traffic, your employees and customers are exposed to greater risk, as spam, scams, hacker and malware activities mobilize into a predatory formation, trying to get in, hurt your people, and capitalize on your enterprise jewels.

Most security architectures aren’t built to handle this bursting challenge of secure remote work access and interaction to and from the cloud or company servers. Companies that haven’t equipped employees with corporate-issue computing devices now need to support individual employee personal devices. As employees gain access remotely, sensitive company information shifts increasingly to the personal device level as a consequence, increasing overall risk. This often brings a sudden scramble for a secure bring your own device (BYOD) company policy.

What is BYOD?

Bring your own device, or BYOD, is an organizational policy allowing employees to use personal computing devices to access data and do their jobs.

Oh, I use my VPN to protect that traffic. No worries.

Many organizations attempt to leverage the VPN capabilities in their firewall to protect their distributed or remote employees and devices from computer viruses, malware and ransomware. The problem is enterprise security leaders have no way to ensure that workers in small remote offices or outside the private network (i.e., roaming, or squatting to use public, hotel, coffee shop, the airport, or train Wi-Fi) will first log into the company VPN, where the reinforced security lies. Despite basic on-device protections such as antivirus software and endpoint encryption, when these workers reconnect to your private network, sometimes using BYOD, they can introduce lateral infection into your network.

How do you defend against these remote workforce security threats, which go beyond just laptops seeking access from your perceived private network?

OPAQ provides agile advanced endpoint protection, a secure access service edge (SASE) that is rapidly deployed and always on, even when the employee is not connected to your VPN.

OPAQ BYOD policy provides:

  • Frequent, automatic software updates that don’t harass business-focused, non-technical home officer workers. Leverage security-as-a-service (SECaaS) to rapidly orchestrate and automate advanced security and smart cyber risk management.
  • Virtual firewall as a service (FWaaS) that blocks unwanted traffic from your defined and controllable network endpoints, including wandering user devices.
  • A VPN, or similar secure tunnel, that segments ISP traffic from private network traffic. This VPN capability should be “always on,” noninvasively coating the attack surface and protecting company used-devices from breach and deeper infection.
  • Multifactor authentication (MFA), which helps to ensure the person or system trying to access a device, network or system is the same person or device authorized for access.
  • Cloaking of a device’s and network’s unique identifiers or presence, making it difficult for other people and devices in range to detect.
  • Encryption and private circuit use to mitigate outsiders from viewing, stealing or ransoming sensitive data.
  • Device hardening, so the endpoint can block legacy or unnecessary ports and services that act as doors for easy infiltration.
  • DNS filtering. These are the oft-color-coded listings and commands, which involve preconfiguring devices with software agents to prevent infection from dangerous sites and other network entities.
  • Avoidance of direct peer-to-peer computing or peer-to-private-server communication approaches. Remote Desktop Protocol and similar P2P network services are an easy gameboard for hackers. RDP sessions store credentials which can be stolen and wielded in “pass the hash” attacks. If you use P2P apps, it’s critical to orchestrate advanced, layered security mechanisms, including identity access control, encryption, and zero trust architecture.
  • Seamless support of the latest Wi-Fi authentication and encryption standards, which can help to protect on-device data and access points.

With the OPAQ Cloud, enterprises and service providers can apply uniform, consistent security policies across all users and endpoints for each of their customers.

Talk to us about your remote access security and segmentation needs.

Visit the OPAQ Endpoint Protect page.

MPLS Alternative; Backhaul Offload

Tired of the cost and latency associated with MPLS?

Many enterprises rely on MPLS telecommunications providers to handle security infrastructure and management. MPLS services can be very costly, and since Internet access is private it is often misunderstood to be secure. Organizations are also hairpinning traffic through their headquarters to apply security. This creates a latency drag on networking performance and negatively impacts user experience.

OPAQ’s fully encrypted SD-WAN delivers reliable performance at an affordable cost

With the OPAQ Cloud, service providers can help enterprises to displace MPLS and utilize our private, reliable network backbone that is more cost-effective, fast, and secure. With OPAQ, backhauling can be eliminated, since traffic goes through the OPAQ Pods directly to its destination – all the while protected by the robust OPAQ Cloud.

 

Ransomware & Threat Mitigation

Sophisticated Attacks Continue to Target Security Gaps

Service providers recognize that enterprises face difficulties securing and controlling existing infrastructure due to the large number of products and vendors, lack of resources, budget and security expertise. Top challenges include:

  • Protecting against ransomware and other malware-targeted attacks – Cyber criminals increasingly develop new strains of ransomware and malware for targeted attacks against organizations of all sizes.
  • Insider threats or supply chain access control – Many enterprises remain concerned over insider threats and supply chain access control.
  • Mobile, remote workforce/ BYOD – As remote workforce and Bring Your Own Device (BYOD) trends continue to expand, organizations are forced to secure an increasingly distributed network.

 

The OPAQ Cloud Integrates Enterprise-Grade Security Capabilities

OPAQ alleviates these challenges by integrating enterprise-grade security capabilities into the OPAQ Cloud and our private networking backbone, which frees up resources and reduces costs. The OPAQ 360 Portal empowers partners to deliver tighter control to organizations by allowing them to apply a consistent security policy and centralize visibility across their customer’s entire distributed network. The OPAQ Cloud scans all inbound, outbound, and site-to-site communications and content running on an end user’s network to identify and mitigate malicious traffic. The OPAQ Cloud is always upgraded real-time with our patented NFV technology to equip organizations with the most advanced protection.

The OPAQ Cloud addresses a multitude of threats including:

  • Protecting against ransomware and other malware-targeted attacks – The OPAQ Cloud empowers service providers to easily manage vulnerabilities and exploits; malware, spyware and ransomware; botnets, command and control systems; Advanced Persistent Threats; and Zero Day threats.
  • Insider threats or supply chain access control – OPAQ’s Software-Defined Network Segmentation delivers micro-segmentation, quarantine, and other capabilities that prevent east-west lateral movement inside your customer’s network. You will be able to isolate and quarantine compromised workstations to prevent infections from spreading throughout your customer’s network.
  • Mobile, remote workforce/ BYOD – With the OPAQ Cloud, service providers can apply uniform, consistent security policies across all users and endpoints for each of their enterprise customers.

 

On Demand Security Deployment

Legacy security product implementation slows business agility

Many organizations currently evaluate, acquire, implement, manage and update new products and services in a lengthy process that can take months to years. The process of acquiring, deploying and maintaining these legacy security products and services is time consuming and resource intensive. Change means an exorbitant amount of time, money, and resources, which most organizations simply don’t have. For example, if a merger and acquisition were to be on the horizon, are you agile and adaptive enough to immediately accommodate those needs?

The OPAQ Cloud secures your environment in minutes, rather than months

OPAQ eliminates the burden associated with the deployment, testing, acquisition and management of security products so organizations can be empowered with instant-on security that can accommodate practically any change or business requirement. OPAQ has been shown to reduce deployment time by 91% when compared to the time and logistics typically required to roll out traditional, legacy security tools.

 

SaaS Application Protection

Tired of juggling legacy point solutions to protect your growing number of SaaS Apps?

Service providers recognize enterprises are constantly adapting their environments to meet end users’ needs by increasingly adopting a multitude of SaaS applications. The growing importance of mobility also intensifies the difficulties of managing a distributed network environment. This constant state of change and expansion creates security challenges for the enterprises and their service providers. Traditional and legacy security tools do not provide service providers and their customers with the ability to maintain control and visibility over multiple SaaS applications and mobile users.

The OPAQ Cloud centralizes security control over all SaaS applications

The OPAQ Cloud simplifies and tightens control by applying a unified security policy over all SaaS applications and mobile users. Partners will be able to achieve centralized visibility over their customer’s network with the OPAQ 360 Portal, which delivers 24/7/365 monitoring and reporting capabilities.

 

Security Product Displacement

So many security products, so little money and time

Evolving business requirements have forced organizations to manage and control security across multiple applications. The new applications, branch offices, and remote users require additional security tools that involve length, cost-intensive acquisition, implementation and management process. Organizations also face vendor fatigue with abundant numbers of businesses offering a range of products and services.

No more hardware, software and logistics

OPAQ delivers a groundbreaking solution that allows organizations to eliminate the cost and complexity associated with acquisition, testing, deployment and management of legacy security tools. OPAQ has helped clients:

  • Reduce complexity by 80% via the elimination of security products, policies, and vendors.
  • Slash costs by more than 40% by eliminating costs associated with product acquisition, support, implementation, device management, and security operations.

 

Distributed Branch Enablement and Optimization

Midsize Companies have an Average of 13 Branch Offices and a Growing Number of Remote Users

A typical organization today has a headquarters office and multiple branch offices, as well as mobile and remote users. Businesses may find their environments changing on sudden notice through mergers and acquisitions or divestitures. Many organizations found securing distributed branch offices using legacy tools is insufficient without big budgets, infrastructure and expertise to maintain control, visibility and security.

Centralize Branch Office Security with OPAQ

The OPAQ Cloud is purpose-built to simplify and tighten control by applying a consistent security policy across an organization’s branch offices, mobile and remote users. Each branch office and network asset connects to OPAQ. Organizations achieve centralized visibility over their network through the OPAQ secure portal, which delivers monitoring and reporting capabilities.