Security Function Categories
The shift to an application environment will demand the adoption of SD-WAN security services strategies that possess the richness to support a programmable and multidimensional application-aware security model. Security as a function can be divided in following categories
Does not require Content Inspection
This includes security functions that form the 2nd level of defense with allow/deny/limit kind of any static authorization- For example- URL Filtering, Stateful Firewall etc.
Requires Content Inspection
This category utilizes agile compute and storage capacity to identify and prevent advanced threats like ransomware and other malwares, sandboxing etc.
Requires Anomaly Detection
Third category is deployed by detecting and triaging anomalies in user, application and network behaviour through analytics, artificial intelligence and machine learning. These functions are correlational in nature.
Our Approach to Security
While the Security functions on the appliance prevents classical threats, the flows for deeper inspection are steered to elastic computers available at the enterprise perimeter. ScaleAOn provides you the ability to utilize SD-WAN security policies to steer applications to multiple scanners based on specific application requirements. The advanced threats are prevented at the enterprise perimeter even before they enter the networks. While designing our Security policies we kept in mind the realities and challenges associated with moving to an application-centric cloud.
The access and the flow related metadata is collected, analyzed and compared against a baseline to detect any anomaly is the user, device and application behaviour.
The security services at the edge are isolated from the main SD-WAN transport with a lean NFV model using containerization.
Control plane is isolated as a secure web service API from the networks services and the data plane packet path. This ensures that the edge appliance is always reachable and manageable from the centralized controller.