SD-WAN 加密与安全

SmartSecure 是企业的安全基础

Enabling SASE with Best-of-Breed Solutions For an Optimal Security Posture

×


Aryaka SmartSecure effectively protects the enterprise with an architecture that delivers on an optimal security solution tailored to any company’s needs.

Customer Challenges The Key Components are:

SASE Enablement

Simple SASE
Enablement

cloud based security as a service

Cloud-based security-as-a-service partners

Next Generation Firewall VNFs

Next Generation Firewall VNFs from leading security partners

firewall

North-south firewalling and micro-segmentation at the SD-WAN Services Edge

Aryaka effectively partners with leading security vendors such as Check Point, Palo Alto Networks, Zscaler and Symantec to provide best-of-breed security capabilities enterprises can easily consume to build a security solution that is optimally tailored to their particular architectural and regulatory needs.

In the branch, Aryaka supports virtual network function (VNF) capabilities to implement next-generation firewall (NGFW) from Check Point and Palo Alto Networks to deliver on an optimal branch-heavy security model

If a cloud-centric security posture is preferred by an enterprise, Aryaka provides cloud security connectors to leading vendor solutions such as Check Point, Palo Alto Networks, Zscaler or Symantec. Aryaka SmartSecure Private Access provides the hybrid workforce with a solution that easily reuses the same security architecture for remote workers and provides superior quality of experience by leveraging the Aryaka Global Layer 2 network.

For basic zero trust network access, at the branch an access firewall within the ANAP offers ‘north-south’ control. Aryaka Zones extends this to the LAN with ‘east-west’ security, through micro-segmentation with policy-based access.

Furthermore, the Aryaka private core delivers partitioned connectivity to all enterprises, encrypting all data and protecting against DDoS attacks.

Integrated, managed security for the enterprise WAN
Best-in-class partners enabling an optional SASE solution tailored to the specific needs of any enterprise

Industry-leading flexibility while enabling all the benefits of a SASE architecture without any of the deployment or operational complexity

The SD-WAN edge is the first line of defense into the enterprise. Aryaka provides advanced access security solutions that are built into our ANAP SD-WAN edge services appliance as well as the Aryaka SmartSecure service, enabling a Secure Access Service Edge (SASE) architecture while eliminating the need to procure and manage additional security hardware.

The free, built-in Aryaka ANAP Zones capability offers fundamental capabilities such as micro-segmentation to establish and enforce traffic policies within the branch. These secure, intuitively enforced policies govern the rules that control internal corporate traffic routed to the Aryaka backbone, public internet traffic, and DMZ traffic such as local application servers or Guest WiFi.

Sase Architecture

Optimal Cloud-based and Branch-Based security deployments for SASE Enablement

Aryaka has partnered with leading security partners to provide a market place for best of breed branch NGFW (next generation firewall) VNF (virtual network function) capabilities that optimally protect enterprise locations from advanced threats. This allows enterprises to tailor their branch security implementation to architectural and regulatory needs.

optimal-cloud-based-and-branch-based-security-deployment

Aryaka SmartSecure provides connectors to leading cloud-based security platforms from technology partners such as Check Point, Palo Alto Networks, Zscaler and Symantec to support a Cloud-heavy security posture and optimally enable enterprises’ adoption of SASE (Secure Access Service Edge) architectures.

Aryaka SmartSecure best-of-breed solutions optimally address enterprises’ security and regulatory needs, eliminating the need for additional on-premises hardware appliances. Furthermore, the managed delivery model makes it easy and cost-effective to deploy and manage, eliminating the potential for human error in an increasingly complex operating environment.

Aryaka Private Access
Managed VPN-as-a-Service for the ‘Anywhere’ Worker

Aryaka Private Access lets CIOs roll out hybrid workplaces, allowing their employees to be productive from any location while accessing any application with highly predictable application performance. Aryaka’s Cloud-First WAN delivers the industry’s most flexible managed VPN-as-a-Service to make this happen across SD-WAN/SASE architectures.

Aryaka Private Access - Managed VPN-as-a-Service

Global Private Network Protection

Aryaka Global Core Private Transport Network Protection

The Aryaka Private Network delivers secure, robust multi-tenant data partitioning though virtualized compute, network, and storage resources. The resulting private backbone is more secure than competing MPLS services where customer traffic is often not encrypted. This powerful partitioning is delivered via dedicated PoPs located in secured data centers, dedicated Layer 2 links, encryption with IPSec, key management, and DDoS protection.

Consolidated, Real-Time Visibility Portal

The MyAryaka portal provides consolidated, real-time visibility into all global users’ and locations’ network and application traffic.

Aryaka enables IT for the first time to see holistic and specific data on all connections, applications, users, and locations globally, along with deep insight into both legit and suspicious network and application user activity. This provides an early warning system for IT to potentially pinpoint, identify, and stop security threats before they become massive issues.

Network Monitoring and Visibility Portal

Certifications and Documentation

Aryaka maintains a robust security program that meets internationally accepted security practices.
  • ISO 27001:2013
  • SOC 2: SSAE-18 Reports against Aryaka’s policies and processes
  • Cloud Controls Matrix (CCM)
  • Consensus Assessments Initiative Questionnaire (CAIQ)
  • Third party network scan reports available within 48 hours upon request
Aryaka Certifications and Documentation

Aryaka Security Partners

Check Point and Aryaka provide the building blocks for Enterprises to adopt a leading Secure Access Service Edge (SASE) architecture.

The Aryaka edge device (ANAP) can seamlessly forward all Internet and cloud-bound traffic directly to the Zscaler cloud. Zscaler provides advanced security controls needed for this traffic, such as threat protection, data protection and access control capabilities.

As a key component of the integration, Aryaka and Palo Alto Networks provide enterprises with industrial-grade security, including on-premises, cloud-based, and many other cloud service models.

Aryaka and Symantec ensure multi-layer protection is in place whether mission-critical resources are in the cloud or on-premises, using software-defined Layer 2 core and best-in-class cloud security.

Get Enterprise-Grade Security & Application Acceleration for Your Global Business


Frequently Asked Questions (FAQ)

1. What is SD-WAN Security?

SD-WAN Security includes both on-premises solutions such as next-general firewalls (NGFWs) for branch-heavy security, as well as the Secure Access Service Edge (SASE) for cloud-centric security. The most effective solution will combine elements of both as part of a managed service.

2. What are the benefits of SD-WAN Security?

A SD-WAN Security model offers an integrated, managed security solution for the enterprise WAN vs looking at networking and security as separate silos. The managed delivery model makes deployment and management simple and cost-effective, removing the possibility of human error.

3. How secure is SD-WAN?

SD-WAN, when integrated with a well-architected security architecture that spans both on-premises and remote, effectively safeguards enterprises. Aryaka’s managed SD-WAN and SASE is an example of this.