Examining the differences between two models of network security at the WAN edge As the world’s dependence on Internet-based applications continues to climb, so does the rate of cybercrime. In 2021 alone, global cybercrime damages are estimated to amount to $6 trillion per year, $500 billion per month, $115.4 billion per week, $16.4 billion per day, $684.9 million per hour, $11.4 million […]
All-in-one cloud-managed solutions enable new architectures at the edge
In recent years, direct-to-Internet traffic — also known as Direct Internet Breakout (DIB) or Direct Internet Access (DIA) — has taken shape as a viable alternative to a traditional MPLS setup. Cloud storage providers and lower-cost WAN links such as wired broadband and LTE enable organizations to take much of their network traffic straight to the cloud — bypassing the data center altogether. It’s a much simpler process that decreases costs, latency, complexity, and IT man-hours.
Even with its many benefits, taking data directly to the Internet poses one clear challenge: security. Does bypassing the data center, with its fortress of security appliances, leave enterprises too vulnerable to attacks, as well as to security mishaps from employees’ laptops, tablets smartphones, and other network-connected devices?
What You Need to Secure Direct-to-Internet Traffic
To allow direct-to-Internet network traffic without sacrificing security, enterprises should consider all-in-one solutions that check several boxes:
Flexible Internet Access
A router that supports wired broadband Internet links and has an embedded LTE modem with dual-carrier capabilities gives IT teams the network diversity to ensure high availability and the flexibility to set up Internet access in a wide variety of locations.
A router featuring an integrated firewall with centralized rule-based policies serves as an extension of the network administrator. This prevents unauthorized or unknown traffic from entering the branch network, provides network address translation (NAT), and can be used to limit what applications are allowed. A firewall with segration also can be used to separate business-critical applications from other types of traffic. For instance, guest WiFi users shouldn’t be able to access the corporate network.
With so many employees and devices accessing the Internet, many organizations need content filtering so they can protect themselves from malicious or inappropriate traffic — whether it’s a K-12 school restricting children’s access to certain sites or a company preventing staff from downloading malware or visiting phishing sites.
Cloud-managed routers that either support or include cloud-based web filtering tools such as Zscaler Internet Security give enterprises the option to increase visibility and business intelligence by accessing extensive security analytics.
IPS & IDS
Intrusion detection systems (IDS) and intrusion prevention systems (IPS) are key tools for enterprises seeking another level of protection against cyber attacks. IPS sifts through traffic coming into the router, detects attack attempts, and rejects malicious packets. If the router has a cloud management system, an IPS tool such as Trend Micro’s deep-pack inspection (DPI) engine can work with the cloud manager to provide real-time alerts that notify the organization when an attack is taking place and should be blocked.
Allowing web, SaaS, and cloud traffic to exit the branch and go directly to the Internet improves the user experience, reduces latency, and reserves expensive links for data center traffic — but the addition of security risks must be considered. Utilzing an all-in-one branch solution that includes flexible Internet access, a firewall, content filtering, and IPS/IDS helps ensure you have the security protections your users need.
Even so, layering on complexity in the branch carries its own cost, and to receive the benetifs of direct-to-Internet architecture without bloating your branch infrastructure and adding management costs, an integrated branch SD-WAN router is the ideal solution.
Explore All-in-One Branch Solutions
Learn about Cradlepoint’s cloud-managed all-in-one branch connectivity solutions.