WORLD'S FIRST 5G SOLUTION FOR BUSINESS IS HERE The W-Series 5G Wideband Adapters are now available for sale in Australia on Telstra's network. Read More

Blog

Growing and securing your direct-to-Internet traffic in the branch

Anthony Lawson

Growing and securing your direct-to-Internet traffic in the branch

All-in-one cloud-managed solutions enable new architectures at the edge

In recent years, direct-to-Internet traffic — also known as Direct Internet Breakout (DIB) or Direct Internet Access (DIA) — has taken shape as a viable alternative to a traditional MPLS setup. Cloud storage providers and lower-cost WAN links such as wired broadband and LTE enable organizations to take much of their network traffic straight to the cloud — bypassing the data center altogether. It’s a much simpler process that decreases costs, latency, complexity, and IT man-hours.

Even with its many benefits, taking data directly to the Internet poses one clear challenge: security. Does bypassing the data center, with its fortress of security appliances, leave enterprises too vulnerable to attacks, as well as to security mishaps from employees’ laptops, tablets smartphones, and other network-connected devices?

What You Need to Secure Direct-to-Internet Traffic

To allow direct-to-Internet network traffic without sacrificing security, enterprises should consider all-in-one solutions that check several boxes:

Flexible Internet Access

A router that supports wired broadband Internet links and has an embedded LTE modem with dual-carrier capabilities gives IT teams the network diversity to ensure high availability and the flexibility to set up Internet access in a wide variety of locations.

Firewall

A router featuring an integrated firewall with centralized rule-based policies serves as an extension of the network administrator. This prevents unauthorized or unknown traffic from entering the branch network, provides network address translation (NAT), and can be used to limit what applications are allowed. A firewall with segration also can be used to separate business-critical applications from other types of traffic. For instance, guest WiFi users shouldn’t be able to access the corporate network.

Content Filtering

With so many employees and devices accessing the Internet, many organizations need content filtering so they can protect themselves from malicious or inappropriate traffic — whether it’s a K-12 school restricting children’s access to certain sites or a company preventing staff from downloading malware or visiting phishing sites.

Cloud-managed routers that either support or include cloud-based web filtering tools such as Zscaler Internet Security give enterprises the option to increase visibility and business intelligence by accessing extensive security analytics.

IPS & IDS

Intrusion detection systems (IDS) and intrusion prevention systems (IPS) are key tools for enterprises seeking another level of protection against cyber attacks. IPS sifts through traffic coming into the router, detects attack attempts, and rejects malicious packets. If the router has a cloud management system, an IPS tool such as Trend Micro’s deep-pack inspection (DPI) engine can work with the cloud manager to provide real-time alerts that notify the organization when an attack is taking place and should be blocked.

Software-Defined Branch

Allowing web, SaaS, and cloud traffic to exit the branch and go directly to the Internet improves the user experience, reduces latency, and reserves expensive links for data center traffic — but the addition of security risks must be considered. Utilzing an all-in-one branch solution that includes flexible Internet access, a firewall, content filtering, and IPS/IDS helps ensure you have the security protections your users need.

Even so, layering on complexity in the branch carries its own cost, and to receive the benetifs of direct-to-Internet architecture without bloating your branch infrastructure and adding management costs, an integrated branch SD-WAN router is the ideal solution.

Explore All-in-One Branch Solutions

Learn about Cradlepoint’s cloud-managed all-in-one branch connectivity solutions.

Back to Blog

You might be interested in

Does your agency have a continuity plan?

Does your agency have a continuity plan?

How to keep public safety and election operations running when emergencies arise Public sector agencies provide critical services and perform essential functions that citizens depend on every day as well as during emergencies. Continuity plans ensure that the essential functions of agencies stay operational if a natural or manmade emergency should occur. While it’s difficult […]

Security at the network edge is a year-round endeavor

Security at the network edge is a year-round endeavor

Cradlepoint offers security features that help protect branch, mobile & IoT networks Our first Cradlepoint Security Week has come and gone. We had some great conversations, learned a lot, and enjoyed sharing what we know about security at the network’s edge with you. When we planned this weeklong conversation about network and data security, we didn’t know how […]

Context matters: turning data into threat intelligence

Context matters: turning data into threat intelligence

Guest Post Written By Webroot 1949, 1971, 1979, 1981, 1983 and 1991. Yes, these are numbers. You more than likely even recognize them as years. However, without context you wouldn’t immediately recognize them as years in which Sicily’s Mount Etna experienced major eruptions. Data matters, but only if it’s paired with enough context to create meaning. […]