SASE:Digitalizing with security

Integrate security in your communications using SASE architecture, including secure web gateway (SWG) and next generation firewall (NGFW) service that lets branch offices, retail locations and remote workers safely enjoy full public internet connectivity

Secure remote site traffic

be.SAFE Premium allows remote workers to securely connect directly to the internet and cloud. It can allow or deny connections, and analyze information exchanged to block dangerous traffic.

  • Ideal for branch offices, staff working from home, and retail locations
  • All the advantages of cloud-based solutions
  • Hardware agnostic, easy to configure, and requires no certifications
  • Scalable, simple to deploy, ‘pay as you grow’ architecture
  • Simple management of entire networks of any size from a single console

New possibilities, new threats

To remain competitive today, enterprises must continuously evolve their digital transformation. Simply relying on an in-house data center is no longer sufficient, as employees can greatly improve collaboration and productivity through internet access to cloud-based SaaS tools like Office 365. Along with such tools – which employers approve of, and pay for – life is made easier with internet browsing and other third-party applications.

Further traffic is generated by businesses engaged in financial services, insurance, travel, distribution health, administration - or any other activities that depend on a network of geographically distributed offices to support their customers locally. Their staff want fast, economical, reliable, and secure internet connectivity while expanding beyond their data center’s availability, scalability, and latency limitations.

Much of this demand for greater scalability, more flexibility and more options is being met by migrating to SD-WAN networks. These offer clear advantages in terms of management, speed, agility, and freedom in the use of WAN networks, while reducing costs. Yet, while security becomes a top priority as the security parameter is expanded, SD-WAN technology does not automatically provide it.. Here is where SASE complements perfectly the path to reliable, dynamic and secure communications, allowing the customers adopt security features at their own pace. SASE is a package of functionalities that may combine SDWAN, Secure Web Gateways (SWG) and Next Generation Firewalls (NGFW) in the cloud, allowing scalability and real-time analysis to detect any threat before it can even enter the network.

Accordingly, organizations operating in this expanded, higher-risk environment have an unprecedented need for powerful security protection.

What are the important points related to be.SAFE Premium

  • Connect to the internet directly

    Secure Web Gateways (SWGs) allow companies with multiple branch offices to connect directly to the internet and cloud using their SASE infrastructure. This avoids problems related to routing traffic through the on-premise data center.
  • A security guard in the cloud

    SWGs act like proxies between the user and the web content, analyzing and securing any traffic passing through them. They protect by allowing or denying access to sites or file downloads.
  • Intrusion prevention

    SASE offers complete security:SWGs prevent zero-day malware through sandboxing, and combined with NGFW intrusion prevention systems (IPSs) protect against browser exploits. They also use machine learning and AI analytics to vet visited sites and downloaded files.
  • Firewall as a service

    NGFWs can block application layer attacks and allow virtual patching of vulnerable systems. They can shut down networks on detection of suspicious activity.

Understanding secure web gateways

Malware is constantly evolving, with new threats appearing daily, in many different forms: phishing, spyware, crypto mining, and ransomware for example. However, routing all internet and cloud-bound traffic through an on-premise data center for security inspection causes congestion, latency, and downtime for users.

Instead, Secure Web Gateways (SWGs) can help companies with multiple branch offices and retail locations to connect directly to the internet and cloud using their SD-WAN infrastructure.

SWGs act like proxies between the user and the web content, analyzing and securing any traffic passing through them. They normally include URL filtering, anti-malware detection and blocking, and application control. They act like security guards, allowing or denying access to sites or file downloading. These are medium-level security solutions.

SWGs block phishing sites in real time, prevent zero-day malware through sandboxing,and protect against browser exploits

with intrusion prevention systems (IPSs) and deep packet inspection (virtual patching).

They can also use AI and machine learning engines, plus big data threat intelligence, to inspect and vet every site visited and file downloaded.

SWGs can integrate firewalls, in firewall-as-a-service mode. Firewalls protect against malware types including viruses, worms, trojans, spyware, adware and ransomware. Next Generation Firewalls (NGFWs) focus on blocking malware and application-layer attacks. They can quickly and seamlessly enable companies to virtually patch vulnerable systems, sometimes before a security update is developed. Accordingly, they can better defend networks and perform quick assessments to detect invasive or suspicious activity, like malware, and shut it down.

The SWGs can be tightly integrated with popular SD-WANs. This allows users to set up and enforce consistent security strategies across thousands of sites with just a few clicks.

Teldat Solutions & Products

Providing security as a service

Remote users can be given secure direct internet connectivity either with a classic solution comprising local security elements in each office or with more innovative cloud-based security. The cloud option is best, with continuous updates, immediate deployment, unlimited scalability, and centralized management. Additionally, the cost of ownership is low or zero if consumption is in service mode: Security as a Service.

be.SAFE Premium is Teldat's cloud security service. As a SASE platform it is fully integrable with the Teldat SD-WAN solution, yet also interoperable with non-SD-WAN solutions of any technology, being vendor agnostic. Be.SAFE Premium differs from other security services as it is built with a private cloud infrastructure exclusive to each client. This makes it an optimized solution offering both the privacy, security, and guarantee of its own infrastructure and the ease of deployment, scalability and zero cost of ownership of a cloud service.

be.SAFE Premium architecture

The be.SAFE Premium service is a top edge next generation firewall (NGFW) which acts as a gateway to the internet for branch offices and other remote sites. Remote users connect with be.SAFE Premium through a secure IPSEC tunnel to send and receive internet traffic. This means that the be.SAFE Premium service can not only allow or deny connections based on the accessed site’s security reputation or on policies; it can also analyze the information exchanged, to stop any danger reaching the remote office.

State of the art security is guaranteed, as the security engine is based on a top leader in the security market.

Key benefits

be.SAFE Premium is hardware agnostic, easy to configure, and requires no certifications. As a cloud-based solution, it is scalable and simple to deploy, while offering other cloud benefits such as fast computation time, constant updates and no maintenance or energy costs.

The scalable, ‘pay as you grow’ architecture comprises a tied ecosystem with the Teldat SD-WAN and NTA, enabling a tiered ecosystem to be grown at the customer’s pace. Maximum availability is assured as security features are dedicated and not shared with other customers, while redundancy is also built in if required.

The entire network, regardless of its size, can be simply managed from a single security management console, needing only a web browser and an internet connection. The console is integrated with the Teldat SASE solution for unified network management – yet the service also operates in non – SD-WAN scenarios with either Teldat or third-party routers.

International certifications and truly global service

The service uses top-tier cloud providers and achieves minimal latency, through being offered at multiple points of presence across five continents.

The be.SAFE Premium solution meets and exceeds the stringent requirements set by internationally recognized standards, approval processes and independent testing within the security industry.


be.SAFE premium Use cases

Carrier providing security service

Carriers or system integrators with SMBs or small customers that require advanced attractively priced security but lack advanced knowledge of security.

Corporations securing their network

Big banks and other corporations requiring advanced security with all available NGFW features to manage external traffic with branches

Trains with security onboard

Train companies with security requirements for corporate network and passengers’ Wi-Fi onboard the rolling stock

Carrier providing security service

Carriers or system integrators with SMBs or small customers that require advanced attractively priced security but lack advanced knowledge of security.


Carriers and system integrators need to provide their users with an easy environment to configure their security. They seek to do this from a platform that they can share between customers to maximize return on their investment. They need a cloud-based solution that they can constantly update with the latest version and features, eliminating wasted time and money on managing updates, patches, and restarts.

Customers expect an ‘always connected’ service, with assured high availability at any time or location. They will also benefit from paying only for the services they use, depending on their budget and requirements. Offering a rollback option for when a service is not needed, so saving costs for users, is also an attractive benefit.


An effective solution for maximum security at the perimeters of these networks requires, in addition to web filtering capabilities, centralized solutions with IDS/IPS capabilities, antivirus, antispam, sandboxing, address reputation, DLP, SSL scanning, and email filtering, among others.

be.SAFE Premium is offered as an open management model; customer, CSP or shared. A cloud-based security solution means low demand for CPU resources in the DCE, and then an extended use of hardware.

be.SAFE Premium is deployed quickly aaS. The services offered by Teldat comprise a single contact point for both communications and security.

Why Teldat?

CSPs can seek new business opportunities by leveraging their installed base. be.SAFE Premium is hardware agnostic, and can be integrated with a Teldat SD-WAN or used as an isolated security service. It is also cost effective, making it attractive for SMBs and small customers with low security budgets.

Corporations securing their network

Big banks and other corporations requiring advanced security with all available NGFW features to manage external traffic with branches


Direct Cloud Access from branch offices and teleworkers is challenging, as centralized internet access is a drawback to users seeking access to public cloud services. However, when internet access is opened beyond the traditional centralized data center, the security perimeter is widened, and new security strategies are required.

This means that traffic from generic internet and other public sites must be filtered through a gateway which controls access to the corporation’s private network. Access to external applications must be controlled; controlled access must also be given to external parties and third-party companies.

Connections must be granted or denied depending on accessed sites’ security reputation, or on policies. Information exchanged can be analyzed to protect remote offices.


The cloud-based be.SAFE Premium solution supports access from anywhere, and allows a large bank or other corporation’s remote branches to connect to the internet securely. be.SAFE Premium users can connect safely to storage platforms, as the service controls the amount and type of information coming from the internal network to external applications.

Bank and corporate staff can connect with companies such as providers to share information or provide external services while accessing the corporate network securely and ensuring traffic interchanged.

Operation is simple as the integrated SD-WAN and security network can be run from a single pane of glass.

Why Teldat?

Using top-tier cloud providers, the service is offered at multiple points of presence spanning five continents, to ensure minimal latency.

A tied ecosystem with Teldat SD-WAN and NTA enables a tiered implementation at a controlled pace. The NGFW generates policies allowing communication between branches or among third parties.

Trains with security onboard

Train companies with security requirements for corporate network and passengers’ Wi-Fi onboard the rolling stock


Train operators set up SD-WANs over 4G or 5G and Wi-Fi for rolling stock connectivity. Passengers enjoy online services and internet browsing on their devices. Meanwhile, operatives can manage physical and network access control, and proactive onboard equipment maintenance.

However, security measures are essential to prevent train infrastructure attacks, from SD-WAN interception, connection of non-authorized devices or equipment to the network, unwanted traffic propagation, or malware downloads.

These events, plus unwanted web page access, hackers penetrating the network, or virus propagation into connected passenger devices all negatively impact the train operator’s reputation.

The passenger network and staff communication traffic must be secured onboard or in the data center.


be.SAFE Premium can be installed either in the data center receiving all the traffic, or in each rail carriage to provide security before traffic leaves the train.

The passenger network can be secured for any device, even in a densely-populated carriage with Wi-Fi 6 connectivity. Malware can be stopped before it can infect other passengers’ devices or give a bad image to the train company providing the digital service.

Similarly, communication over the staff network – even when it uses public connections – can be secured to protect corporate activities such as ticketing, maintenance, or operating CCTV security networks.

Why Teldat?

be.SAFE Premium NGFW solution can be deployed in the carriages, data center, or cloud. It can be deeply integrated with Teldat’s SD-WAN and hardware including the H2-Rail Router, which, with the new APR2044ax Wi-Fi 6 Access Point provide perfect connectivity onboard carriages.

Do you need more information?

For more information about our solutions simply contact us.
Our team of specialists will respond immediately.

Contact us

Read our latest be.Safe premium post

5G EMMB, MMTC & URLLC basic 5G scenarios

Cyberbullying, prevention strategies in the digital age

The internet is a beautiful invention that has transformed the world in many ways. Unfortunately, it has also made life worse for many people.

5G TDD & Massive MIMO for 5G

Data access security

As time goes by, data access security is becoming a more pressing requirement in the technological world. Companies are more aware of how important it is

5G Network Resilience

What is a cloud-managed SDN network?

One of the consequences of the new digital economy is the increase in the complexity of business network


Contact us