Aryaka Security Service Edge Enables an Intelligent Hybrid Edge

Working environments have changed over the past years, from monolithic enclaves of servers and workstations in office locations to decentralized cloud services and employees working in hybrid mode wherever they have internet connectivity. These changes demand unified security enforcement and visibility for all company sites and remote workers to provide necessary services to employees and customers while retaining data security and confidentiality of company assets.

Aryaka follows a two-pronged SASE strategy:

  • Aryaka’s Unified SASE solution provides state-of-the-art integrated security to remote workers, cloud edges, and company sites. In contrast, the Aryaka edge device, the Aryaka Network Access Point (ANAP), secures and optimizes internet-, inter-site- and intra-site traffic.
  • Additionally, Aryaka partners with Tier-1 security vendors such as Check Point and Palo Alto Networks for embedded Next Generation Firewall functionality in the ANAP CPE, enabling choice. See also our recent announcement about our extended partnership with Check Point.

Aryaka SD-WAN and Security enables an Intelligent Hybrid Edge

Aryaka’s Global SD-WAN enables enterprises with fast global connectivity along with accelerated access to mission- and business-critical applications. Aryaka uses a global private network with built-in optimization and security capabilities that include a multi-layer security approach with a global private core network, fortified security on the PoPs, end-to-end encrypted tunnels, and stateful firewalls.

Aryaka’s Intelligent Hybrid Edge infrastructure uniquely supports sophisticated network and security capabilities at the cloud edge, inter-site, and remote user traffic as part of a Unified SASE (Secure Access Service Edge) architecture. Enhanced security functions in the Aryaka ANAP provide full control and security of intra-site and internet traffic. Feature parity and transparent policy synchronization between the on-premises ANAPs, the PoPs, and central management provide a consistent user experience regardless of the user’s location and connection method.

Aryaka’s secure services edge solution optimally addresses the most common use cases for a distributed enterprise.

 Enterprise Trends

Addressing Distributed Enterprise Security with Intelligent Hybrid Edge

Use Case: Site-to-Site Firewall

Providing unified security policy enforcement

Challenge: Distributed enterprises operate multiple office and branch locations globally while providing access to company resources to their remote workers and 3rd party contractors. Company-wide policies and visualization are crucial for consistent security compliance.

Solution: Aryaka provides an intelligent hybrid edge approach for unified security policy enforcement. For sites with an ANAP deployed, security policies are enforced on the ANAP. Through the extension of security functions into Ayaka’s Hyperscale PoP infrastructure, enterprises can secure and regulate their inter-site as well as user traffic from within the Aryaka core at locations without an ANAP.

Benefits: Consistent security policies are enforced across all edge nodes and for all users – remote workers and site users, with or without an ANAP. Global observability provides a complete picture of the entire security posture of the enterprise.

Use Case: Application-Based Policies

Provide global application security and performance

Challenge: Enterprises are increasingly moving towards SaaS applications which leads to challenges of ensuring encompassing security and optimal application performance.

Solution: FWaaS capabilities for on-premises and cloud service edges for unified policy enforcement without compromising application performance. Aryaka’s Hyperscale PoPs integrate Aryaka’s application-identification engine, which is also available in the ANAP devices and provides application-based policies and allows enterprises to identify and block traffic of unauthorized or malicious apps and limit the use of applications that may consume excessive network resources. Policy synchronization between the Aryaka core network and the ANAPs allows for global policy enforcement for remote workers and for sites.

Benefits: Aryaka’s FWaaS protects the network from security threats and performance issues that may arise from using certain applications and ensures that the network is used according to organizational policies. By leveraging Aryaka’s built-in AppAssure capabilities across all HyperScale PoPs and in the ANAP, application performance is optimized across the Aryaka core, ensuring business-critical SaaS applications are accelerated for the best user experience.

SaaS Acceleration

SaaS acceleration in the Aryaka HyperScale PoPs – as already available on the Aryaka ANAP – improves the performance and reliability of cloud-based applications and services. It is achieved by using a combination of technologies, such as caching and data compression, to speed up the delivery of application data and reduce latency.

Aryaka’s PoP-based SaaS acceleration is particularly useful for remote workers (Aryaka Private Access users) that rely heavily on cloud-based applications. It improves productivity and the user experience. It can also help to mitigate the impact of network latency and packet loss on the performance of cloud-based applications, which can be a significant issue for users in remote locations or remote workers with poor network connectivity.

Use Case: Geo-Blocking

Securing access by geographic regions

Challenge: With constant geopolitical changes and businesses being globally distributed, escalating cyberattacks originating from certain geographical regions have become a common security threat.

Solution: Geo IP blocking on Aryaka’s edge device, the ANAP, prevents unauthorized access to and from network resources from regions known to be high-risk or have a history of malicious activity. For example, it can be configured to block traffic from countries known as sources of cyberattacks or malware.

Benefits: Geo-blocking allows for proactive control of communication streams – incoming and outgoing – based on geographical regions, removes attack vectors, and enhances enterprises’ overall network security level by preventing such communication attempts.

Benefits of Aryaka Unified SASE
  • Intelligent Hybrid Edge: On-premises and Cloud
  • Single security policy enforced across Hybrid Edge
  • True converged Network & Security via Aryaka single-pass architecture
  • Reliable Network Performance for onsite and remote users
  • As-a-service delivery with OPEX-only consumption model
  • Single point of contact, globally

See also our Solution Brief for Aryaka Secure Services Edge and our Aryaka Unified SASE as a Service.

About the author

Klaus Schwegler
Klaus is a Sr. Director of Product Marketing at Aryaka Networks for the last five years. He has over 25 years of experience in the networking, data center, and semiconductor industries, having held positions in product and program marketing, customer service, and business development. He held roles with Equinix, Cisco, Philips Lumileds, Infineon, and Mitsubishi Electronics. Originally from Germany, he's made California home for over two decades and speaks German, English, and some basic Italian. He thinks alpine skiing is the best way to disconnect from our hyperconnected world.