Discover Cradlepoint near you

We have dedicated teams in regions the world over. We’re here to answer your questions and connect you with the perfect Wireless WAN solution for your unique business needs.

North America
Latin America

For a full list of where our solutions are available, please visit our Availability Page.


Growing and securing your direct-to-Internet traffic in the branch

Anthony Lawson

All-in-one cloud-managed solutions enable new architectures at the edge

In recent years, direct-to-Internet traffic — also known as Direct Internet Breakout (DIB) or Direct Internet Access (DIA) — has taken shape as a viable alternative to a traditional MPLS setup. Cloud storage providers and lower-cost WAN links such as wired broadband and LTE enable organizations to take much of their network traffic straight to the cloud — bypassing the data center altogether. It’s a much simpler process that decreases costs, latency, complexity, and IT man-hours.

Even with its many benefits, taking data directly to the Internet poses one clear challenge: security. Does bypassing the data center, with its fortress of security appliances, leave enterprises too vulnerable to attacks, as well as to security mishaps from employees’ laptops, tablets smartphones, and other network-connected devices?

What You Need to Secure Direct-to-Internet Traffic

To allow direct-to-Internet network traffic without sacrificing security, enterprises should consider all-in-one solutions that check several boxes:

Flexible Internet Access

A router that supports wired broadband Internet links and has an embedded LTE modem with dual-carrier capabilities gives IT teams the network diversity to ensure high availability and the flexibility to set up Internet access in a wide variety of locations.


A router featuring an integrated firewall with centralized rule-based policies serves as an extension of the network administrator. This prevents unauthorized or unknown traffic from entering the branch network, provides network address translation (NAT), and can be used to limit what applications are allowed. A firewall with segration also can be used to separate business-critical applications from other types of traffic. For instance, guest WiFi users shouldn’t be able to access the corporate network.

Content Filtering

With so many employees and devices accessing the Internet, many organizations need content filtering so they can protect themselves from malicious or inappropriate traffic — whether it’s a K-12 school restricting children’s access to certain sites or a company preventing staff from downloading malware or visiting phishing sites.

Cloud-managed routers that either support or include cloud-based web filtering tools such as Zscaler Internet Security give enterprises the option to increase visibility and business intelligence by accessing extensive security analytics.


Intrusion detection systems (IDS) and intrusion prevention systems (IPS) are key tools for enterprises seeking another level of protection against cyber attacks. IPS sifts through traffic coming into the router, detects attack attempts, and rejects malicious packets. If the router has a cloud management system, an IPS tool such as Trend Micro’s deep-pack inspection (DPI) engine can work with the cloud manager to provide real-time alerts that notify the organization when an attack is taking place and should be blocked.

Software-Defined Branch

Allowing web, SaaS, and cloud traffic to exit the branch and go directly to the Internet improves the user experience, reduces latency, and reserves expensive links for data center traffic — but the addition of security risks must be considered. Utilzing an all-in-one branch solution that includes flexible Internet access, a firewall, content filtering, and IPS/IDS helps ensure you have the security protections your users need.

Even so, layering on complexity in the branch carries its own cost, and to receive the benetifs of direct-to-Internet architecture without bloating your branch infrastructure and adding management costs, an integrated branch SD-WAN router is the ideal solution.

Explore All-in-One Branch Solutions

Learn about Cradlepoint’s cloud-managed all-in-one branch connectivity solutions.

You might be interested in

Cradlepoint and Palo Alto Networks technology partnership accelerates Secure Access Service Edge to the Wireless WAN Edge

Cradlepoint and Palo Alto Networks technology partnership accelerates Secure Access Service Edge to the Wireless WAN Edge

Integrated solution makes it easier to deploy SASE across wireless networks for fixed and temporary sites, vehicles, and IoT  Since Gartner’s introduction of Secure Access Service Edge (SASE) in 2019, there has been a lot of debate whether SASE is real or just another marketing buzzword. Gartner’s SASE model unifies networking and security with the […]

Does your agency have a continuity plan?

Does your agency have a continuity plan?

How to keep public safety and election operations running when emergencies arise Public sector agencies provide critical services and perform essential functions that citizens depend on every day as well as during emergencies. Continuity plans ensure that the essential functions of agencies stay operational if a natural or manmade emergency should occur. While it’s difficult […]

Security at the network edge is a year-round endeavor

Security at the network edge is a year-round endeavor

Cradlepoint offers security features that help protect branch, mobile & IoT networks Our first Cradlepoint Security Week has come and gone. We had some great conversations, learned a lot, and enjoyed sharing what we know about security at the network’s edge with you. When we planned this weeklong conversation about network and data security, we didn’t know how […]