COVID-19 EMERGENCY RESPONSE We stand with our partners, business customers, and especially our first and emergency responders on the front lines of this crisis. Read More

Blog

Making direct Internet access safe for the distributed enterprise

Author Image

Cradlepoint

Making direct Internet access safe for the distributed enterprise

Addressing network security challenges at the Edge

For the distributed enterprise, emerging technology and tools are a blessing and a curse. They can greatly benefit a company’s efficiency and the bottom line, but they also often present additional security challenges at the Edge.

Gartner Research estimates that by 2016 more than 30% of advanced targeted threats will target the branch office/Network’s Edge as the vulnerability entry point. It’s important to consider not only the risks at hand, but also the types of solutions that will be most effective for your unique situation.

The Move to Cloud Apps Raises New Security Issues

From a network perspective, branch offices have been treated as extensions of the corporate office, connected to the main hub using MPLS. But since MPLS is so expensive, companies have used alternatives, including broadband DSL with IPsec VPNs.

But if you are moving more cloud applications to your branch offices, do you want that traffic to go through a VPN tunnel to corporate for filtering, have policies slapped on it, and then go out to the Internet? Or do you want it to go directly from that branch to the Internet?

Local Internet Paths Replace Older Networking Solutions

Known as Direct Internet Access (AKA Direct to Net or Direct to Internet), DIA leverages local Internet paths for public cloud and Internet access. DIA is an efficient way to provide cloud services such as Office365, email, productivity tools, web-based content, and collaboration tools like Salesforce. It’s cost effective, and it provides a better user experience.

The problem with DIA is that when users go directly to the Internet, it opens the doors to all kinds of potential attacks. If an employee using gmail as a personal account is the target of a phishing attack, the next time he or she logs on at work, malware can reach the main corporate network. How do you as a network administrator prevent that from happening — not just at this one employee’s computer, but also at every computer, smartphone, and any other devices in this BYOD world?

UTM Appliances Increase Latency

One approach is to buy an all-in-one device such as a UTM (Unified Threat Management) appliance. Then, as your requirements grow, you just add more of these devices. But when you start turning on a variety of security devices on each appliance, you run into the problem of increased cycle time and latency.

As your organization moves to cloud-based apps that have animation video and other latency-sensitive content, you need to either add more appliances (and, in the process, continue to increase latency) or add a significant cloud-based component to your security strategy.

Cradlepoint Has a Better Idea

Focused as we are on computing at the Edge, Cradlepoint has developed a deep understanding of the pros and cons of various branch office security solutions. We believe that DIA has a lot to offer distributed enterprises, as long as the accompanying threat of attacks is successfully addressed.

That’s why we’ve formed partnerships with Trend Micro and Zscaler. Provisioned using our network management and application platform, NetCloud Manager, Trend Micro and Zscaler streamline the process of centralized on-premise and cloud-based security to companies with large numbers of branch locations both stationary and mobile.

Providing On-Premise Security

On-premise attacks can take many forms: a hacker getting on your network locally at a branch office, a WiFi attack against a vehicle, targeting devices that gains access to the network and allow hackers to run special “intrusion tools,” or maybe a USB drive loaded with malware that gets slipped into a retail computer.

Trend Micro’s Intrusion Protection System (IPS) monitors incoming traffic and actively prevents intrusions that it detects. If, for example, Trend Micro sees someone executing a brute force attack against remote desktop protocols, the Trend IPS engine will notify NetCloud Manager. The attack can be automatically blocked or as an operator, you will see the Trend alert and can manually block the attack.

Implementing Cloud Security

For web security, Zscaler enables you to identify what kinds of content you want users to be able to access. This can be particularly useful if you are making WiFi browsing available on a school bus and want to make sure specific kinds of content are blocked to meet CIPA requirements.

For threat security, Zscaler basically stays in block mode. It prevents the downloading of malware and keeps users from taking links to known phishing sites, or to sites that are known security threats.

One of Zscaler’s most helpful features is that it has IP reputation built in. Zscaler has its own threat lab — and it gets feeds from other threat labs located all around the world. If a lab in Kuala Lumpur explodes some executable and finds a security problem, Zscaler instantly puts that IP address on its list of known malware and prevents your users from accessing it.

Where some high-end security companies tout the effectiveness of their threat labs — and charge a lot of money for their protection from the bad actors they discover — Zscaler’s participation in a broad network of threat labs provides much more thorough and up-to-date protection.

Stay Safe and Save Money

Many companies are still struggling to find a combination of web onsite and browsing security tools. Many also are weighing the relative merits of MPLS versus IP sec VPNs, and while at the same time paying more for security solutions that deliver less. Cradlepoint is helping solve these challenges — and allowing IT managers to breathe a little easier.

Network administrators and IT staff working for distributed enterprises can use our complete security package to take advantage of Direct Internet Access, knowing that NetCloud Manager, Trend Micro IPS, and Zscaler are in place to turn back the many emerging security threats at the Edge.

To learn more, watch our on demand webinar: Security Architectures at the Edge

Back to Blog

You might be interested in

Does your agency have a continuity plan?

Does your agency have a continuity plan?

How to keep public safety and election operations running when emergencies arise Public sector agencies provide critical services and perform essential functions that citizens depend on every day as well as during emergencies. Continuity plans ensure that the essential functions of agencies stay operational if a natural or manmade emergency should occur. While it’s difficult […]

Security at the network edge is a year-round endeavor

Security at the network edge is a year-round endeavor

Cradlepoint offers security features that help protect branch, mobile & IoT networks Our first Cradlepoint Security Week has come and gone. We had some great conversations, learned a lot, and enjoyed sharing what we know about security at the network’s edge with you. When we planned this weeklong conversation about network and data security, we didn’t know how […]

Context matters: turning data into threat intelligence

Context matters: turning data into threat intelligence

Guest Post Written By Webroot 1949, 1971, 1979, 1981, 1983 and 1991. Yes, these are numbers. You more than likely even recognize them as years. However, without context you wouldn’t immediately recognize them as years in which Sicily’s Mount Etna experienced major eruptions. Data matters, but only if it’s paired with enough context to create meaning. […]