Security for SD-WAN Solutions
Obtain with Teldat the best SD-WAN communications solution and the most appropriate security system for your network against malware. Security within your devices, overlay and the cloud.
Security threats & malware
There are many options in the market to protect customers from these threats, with approaches ranging from internal device firewalls, DNS and URL filtering, advanced NGFWs (Next Generation Firewalls) and SWGs (Secure Web Gateways). Each has its own advantages and focuses on different budgets, depth analysis and different types of traffic.
URL filtering solutions work by comparing the URLs that users want to access with defined URL categories or lists. This can be useful to prevent users from accessing websites containing content that is not allowed to be accessed (for instance on educational sites), or that is potentially harmful or not related to work. In budget terms, these are low-level security solutions.
SWGs act like proxies between the user and the web content, analyzing and securing any traffic passing through them. They normally include URL filtering, anti-malware detection and blocking, and application control. They act like security guards, allowing or denying access to sites or the download of files. These are medium-level security solutions.
- Always updated: Receiving updates or patches from the vendor and spending time and money on restarts is not necessary because the cloud constantly offers the latest version and features.
- Always connected: High Availability (HA) is assured – the service is always available no matter the date, time of year or location.
- Pay per use: Pay for the services that are needed, adapting to each budget and requirement. The option of a rollback is always offered when a service is not needed and there is no need to pay for it.
What’s Teldat’s approach to Security?
Combining SD-WAN with Security (be.SAFE)
Security in the devices
L7 firewall enabled by default and interfaces isolated by VRFs:
- Perimeter security (intrusions and attacks)
- Blocking incoming and outbound connections by default using parameters such as IP address, Port protocol, and URL. Only specifically allowed traffic will be processed by default, the rest will be discarded.
Security in the overlay
Confidentiality is intended to prevent third parties from accessing our information. Integrity ensures that the data has not been modified in transit. Authentication ensures that data comes from the trusted source (required to defend against man-in-the-middle attacks)
All 3 objectives are covered by using IPSec on all overlay connections. IPSec is the current standard for security in data communications, which provides confidentiality through encryption (AES-256), and integrity and authentication using authentication headers (SHA-256).
The SDWAN Teldat implementation uses the IPSec protocol without modification, ensuring secure transit over the network of security keys based on public keys and private certificates, generation and periodic renewal of session keys securely, anti-replay mechanisms, use of secure keys based on PFS (Perfect Forward Security), etc.
Teldat Basic / Cost Effective security layer:
Using the best security options to cover different malware threats
Access policies, content filtering, malicious site blocking
- Web Filtering: Empowered with a Leading Threat Intelligence dictionary, providing updated categorization of 90% of websites worldwide according to content categories and geographies
- Malware Protection: Empowered with a Leading Threat Intelligence dictionary, automatically detects, classifies and blocks malware threats.
- Comprehensive Analytics and Productivity feedback: Understand internet usage patterns, blocked sites, blocked malware categories, malicious attempts, content blocked by region…
- Omnichannel and User Friendly: Use be.SAFE SMART mobile APP or be.SAFE SMART website to configure cybersecurity policies in seconds and without deep cybersecurity knowledge
- CPE agnostic: Compatible with 99% of currently deployed CPEs in SMBs and residential markets (based on DNS Resolution)
Visualizer (NTA with AI)
Proactive detection of malware
- WEB CLASSIFICATION AND REPUTATION: Content classification across 70+ categories for billions of web pages, to protect end users from malicious sites
- IP REPUTATION: This Visualizer Addon analyzes IP threats and manages dynamic data sets of millions of high-risk IP addresses for use with customizable alarms.
- SHADOW IT CONTROL: By controlling shadow IT, organizations can avoid data leaks and uncontrolled or unknown corporate processes.
Also offers the possibility of notifying via alarms when a connection to one of these sites is detected. Combining different dimensions makes it possible to detect not only the site where the connection originates, but also the LAN IP, map location, exact minute and amount of traffic detected.
Teldat Advanced (be.SAFE Premium):
Using the best security options to cover different malware threats.
An effective solution for maximum security at the perimeters of these networks requires, in addition to web filtering capacity, centralized solutions with IDS/IPS capacity, antivirus, antispam, sandboxing, address reputation, DLP, SSL analysis, and email filtering, among others. Local security solutions simply do not scale to provide a similar level of security to what is possible with cloud solutions.
- Cloud Security Service provided by Teldat
- 1st Top Edge Firewall in partnership with Check Point
- Integrated SD-WAN and Security management
Teldat can do all this thanks to its Level 7 based communication SD-WAN solution, and the whole ecosystem that gives customers the opportunity to tailor their network requirements to their budgets and adopt SD-WAN solutions at their own pace.
Making the Net Work
For more information about our SD-WAN solution simply contact us.
Our team of specialists will respond immediately.