SASE: Digitalizing with security
Integrate security in your communications using SASE architecture, including secure web gateway (SWG) and next generation firewall (NGFW) service that lets branch offices, retail locations and remote workers safely enjoy full public internet connectivity
Secure remote site traffic
be.SAFE Corporate allows remote workers to securely connect directly to the internet and cloud. It can allow or deny connections, and analyze information exchanged to block dangerous traffic.
- Ideal for branch offices, staff working from home, and retail locations.
- All the advantages of cloud-based solutions.
- Hardware agnostic, easy to configure, and requires no certifications.
- Scalable, simple to deploy, ‘pay as you grow’ architecture.
- Simple management of entire networks of any size from a single console.
New possibilities, new threats
To remain competitive today, enterprises must continuously evolve their digital transformation. Simply relying on an in-house data center is no longer sufficient, as employees can greatly improve collaboration and productivity through internet access to cloud-based SaaS tools like Office 365. Along with such tools – which employers approve of, and pay for – life is made easier with internet browsing and other third-party applications.
Further traffic is generated by businesses engaged in financial services, insurance, travel, distribution health, administration – or any other activities that depend on a network of geographically distributed offices to support their customers locally. Their staff want fast, economical, reliable, and secure internet connectivity while expanding beyond their data center’s availability, scalability, and latency limitations.
Accordingly, organizations operating in this expanded, higher-risk environment have an unprecedented need for powerful security protection.
What are the important points related to be.SAFE Corporate
Connect to the internet directly
Popular NTA solutions deliver the essential information needed to impose control and take any necessary strategic decisions: these permit operators to optimize their existing infrastructure with confidence.
Intrusion prevention
SASE offers complete security:SWGs prevent zero-day malware through sandboxing, and combined with NGFW intrusion prevention systems (IPSs) protect against browser exploits. They also use machine learning and AI analytics to vet visited sites and downloaded files.
A security guard in the cloud
SWGs act like proxies between the user and the web content, analyzing and securing any traffic passing through them. They protect by allowing or denying access to sites or file downloads.
Firewall as a service
NGFWs can block application layer attacks and allow virtual patching of vulnerable systems. They can shut down networks on detection of suspicious activity.
Understanding secure web gateways
Malware is constantly evolving, with new threats appearing daily, in many different forms: phishing, spyware, crypto mining, and ransomware for example. However, routing all internet and cloud-bound traffic through an on-premise data center for security inspection causes congestion, latency, and downtime for users.
Instead, Secure Web Gateways (SWGs) can help companies with multiple branch offices and retail locations to connect directly to the internet and cloud using their SD-WAN infrastructure.
SWGs act like proxies between the user and the web content, analyzing and securing any traffic passing through them. They normally include URL filtering, anti-malware detection and blocking, and application control. They act like security guards, allowing or denying access to sites or file downloading. These are medium-level security solutions.
SWGs block phishing sites in real time, prevent zero-day malware through sandboxing,and protect against browser exploits with intrusion prevention systems (IPSs) and deep packet inspection (virtual patching).
They can also use AI and machine learning engines, plus big data threat intelligence, to inspect and vet every site visited and file downloaded.
SWGs can integrate firewalls, in firewall-as-a-service mode. Firewalls protect against malware types including viruses, worms, trojans, spyware, adware and ransomware. Next Generation Firewalls (NGFWs) focus on blocking malware and application-layer attacks. They can quickly and seamlessly enable companies to virtually patch vulnerable systems, sometimes before a security update is developed. Accordingly, they can better defend networks and perform quick assessments to detect invasive or suspicious activity, like malware, and shut it down.
The SWGs can be tightly integrated with popular SD-WANs. This allows users to set up and enforce consistent security strategies across thousands of sites with just a few clicks.
Teldat Solutions & Products
Providing security as a service
Remote users can be given secure direct internet connectivity either with a classic solution comprising local security elements in each office or with more innovative cloud-based security. The cloud option is best, with continuous updates, immediate deployment, unlimited scalability, and centralized management. Additionally, the cost of ownership is low or zero if consumption is in service mode: Security as a Service.
be.SAFE Corporate is Teldat’s cloud security service. As a SASE platform it is fully integrable with the Teldat SD-WAN solution, yet also interoperable with non-SD-WAN solutions of any technology, being vendor agnostic. be.SAFE Corporate differs from other security services as it is built with a private cloud infrastructure exclusive to each client. This makes it an optimized solution offering both the privacy, security, and guarantee of its own infrastructure and the ease of deployment, scalability and zero cost of ownership of a cloud service.
be.SAFE Corporate architecture
The be.SAFE Corporate service is a top edge next generation firewall (NGFW) which acts as a gateway to the internet for branch offices and other remote sites. Remote users connect with be.SAFE Corporate through a secure IPSEC tunnel to send and receive internet traffic. This means that the be.SAFE Corporate service can not only allow or deny connections based on the accessed site’s security reputation or on policies; it can also analyze the information exchanged, to stop any danger reaching the remote office.
State of the art security is guaranteed, as the security engine is based on a top leader in the security market.
Key benefits
be.SAFE Corporate is hardware agnostic, easy to configure, and requires no certifications. As a cloud-based solution, it is scalable and simple to deploy, while offering other cloud benefits such as fast computation time, constant updates and no maintenance or energy costs.
The scalable, ‘pay as you grow’ architecture comprises a tied ecosystem with the Teldat SD-WAN and NTA, enabling a tiered ecosystem to be grown at the customer’s pace. Maximum availability is assured as security features are dedicated and not shared with other customers, while redundancy is also built in if required.
The entire network, regardless of its size, can be simply managed from a single security management console, needing only a web browser and an internet connection. The console is integrated with the Teldat SASE solution for unified network management – yet the service also operates in non – SD-WAN scenarios with either Teldat or third-party routers.
International certifications and truly global service
The service uses top-tier cloud providers and achieves minimal latency, through being offered at multiple points of presence across five continents.
The be.SAFE Corporate solution meets and exceeds the stringent requirements set by internationally recognized standards, approval processes and independent testing within the security industry.
Use cases
Carrier providing security service
Carriers or system integrators with SMBs or small customers that require advanced attractively priced security but lack advanced knowledge of security.
Corporations securing their network
Big banks and other corporations requiring advanced security with all available NGFW features to manage external traffic with branches.
Carrier providing security service
Carriers or system integrators with SMBs or small customers that require advanced attractively priced security but lack advanced knowledge of security.
Challenge
Carriers and system integrators need to provide their users with an easy environment to configure their security. They seek to do this from a platform that they can share between customers to maximize return on their investment. They need a cloud-based solution that they can constantly update with the latest version and features, eliminating wasted time and money on managing updates, patches, and restarts.
Customers expect an ‘always connected’ service, with assured high availability at any time or location. They will also benefit from paying only for the services they use, depending on their budget and requirements. Offering a rollback option for when a service is not needed, so saving costs for users, is also an attractive benefit.
Solution
An effective solution for maximum security at the perimeters of these networks requires, in addition to web filtering capabilities, centralized solutions with IDS/IPS capabilities, antivirus, antispam, sandboxing, address reputation, DLP, SSL scanning, and email filtering, among others.
be.SAFE Corporate is offered as an open management model; customer, CSP or shared. A cloud-based security solution means low demand for CPU resources in the DCE, and then an extended use of hardware.
be.SAFE Corporate is deployed quickly aaS. The services offered by Teldat comprise a single contact point for both communications and security.
Why Teldat?
CSPs can seek new business opportunities by leveraging their installed base. be.SAFE Corporate is hardware agnostic, and can be integrated with a Teldat SD-WAN or used as an isolated security service. It is also cost effective, making it attractive for SMBs and small customers with low security budgets.
Corporations securing their network
Big banks and other corporations requiring advanced security with all available NGFW features to manage external traffic with branches.
Challenge
Direct Cloud Access from branch offices and teleworkers is challenging, as centralized internet access is a drawback to users seeking access to public cloud services. However, when internet access is opened beyond the traditional centralized data center, the security perimeter is widened, and new security strategies are required.
This means that traffic from generic internet and other public sites must be filtered through a gateway which controls access to the corporation’s private network. Access to external applications must be controlled; controlled access must also be given to external parties and third-party companies.
Connections must be granted or denied depending on accessed sites’ security reputation, or on policies. Information exchanged can be analyzed to protect remote offices.
Solution
The cloud-based be.SAFE Corporate solution supports access from anywhere, and allows a large bank or other corporation’s remote branches to connect to the internet securely. be.SAFE Corporate users can connect safely to storage platforms, as the service controls the amount and type of information coming from the internal network to external applications.
Bank and corporate staff can connect with companies such as providers to share information or provide external services while accessing the corporate network securely and ensuring traffic interchanged.
Operation is simple as the integrated SD-WAN and security network can be run from a single pane of glass.
Why Teldat?
Using top-tier cloud providers, the service is offered at multiple points of presence spanning five continents, to ensure minimal latency.
A tied ecosystem with Teldat SD-WAN and NTA enables a tiered implementation at a controlled pace. The NGFW generates policies allowing communication between branches or among third parties.
Trains with security onboard
Train companies with security requirements for corporate network and passengers’ Wi-Fi onboard the rolling stock.
Challenge
Train operators set up SD-WANs over 4G or 5G and Wi-Fi for rolling stock connectivity. Passengers enjoy online services and internet browsing on their devices. Meanwhile, operatives can manage physical and network access control, and proactive onboard equipment maintenance.
However, security measures are essential to prevent train infrastructure attacks, from SD-WAN interception, connection of non-authorized devices or equipment to the network, unwanted traffic propagation, or malware downloads.
These events, plus unwanted web page access, hackers penetrating the network, or virus propagation into connected passenger devices all negatively impact the train operator’s reputation.
The passenger network and staff communication traffic must be secured onboard or in the data center.
Solution
be.SAFE Corporate can be installed either in the data center receiving all the traffic, or in each rail carriage to provide security before traffic leaves the train.
The passenger network can be secured for any device, even in a densely-populated carriage with Wi-Fi 6 connectivity. Malware can be stopped before it can infect other passengers’ devices or give a bad image to the train company providing the digital service.
Similarly, communication over the staff network – even when it uses public connections – can be secured to protect corporate activities such as ticketing, maintenance, or operating CCTV security networks.
Why Teldat?
be.SAFE Corporate NGFW solution can be deployed in the carriages, data center, or cloud. It can be deeply integrated with Teldat’s SD-WAN and hardware including the H2-Rail Router, which, with the new APR2044ax Wi-Fi 6 Access Point provide perfect connectivity onboard carriages.
Read our latest Blog Posts
5G and Cybersecurity: Safeguarding the connectivity revolution
The advent of 5G technology is revolutionizing the way we connect and communicate. With faster connection speeds and increased network capacity, 5G holds the key to unlocking innovation across diverse industries, such as healthcare, transportation, and beyond....
ATM monitoring for visibility and security
Like every year, Teldat has been taking part as sponsor in the 5B digital Summit, sharing innovative connection ideas for bank ATMs servicing millions of people around the world. We have exchanged viewpoints with other companies that, just like us, are part of the ATM...
Security paradigm in remote sites
Today, the way we apply security within corporations has changed dramatically. In the past, we relied on private WAN access and used star designs, implementing security measures by stacking functionalities in a centralized data center while ensuring geographically...