Silver Peak introduced segmentation and security service chaining to the Unity EdgeConnect SD-WAN solution. The new capabilities enable distributed enterprises to centrally segment users, applications and WAN services into secure zones and automate application traffic steering across the LAN and WAN in compliance with predefined security policies, regulatory mandates and business intent.
For enterprises with multivendor security architectures, EdgeConnect now offers seamless drag and drop service chaining to next-generation security infrastructure and services. With today’s combination of new capabilities, enterprises can proactively minimize the available attack surface and effectively control who, what, where and when users connect to private and public cloud applications and services, encompassing the ability to securely connect branch users directly to the cloud.
The Power of Centralized Orchestration and Policy Automation
Unlike conventional router-centric WAN infrastructure that requires hours of device-by-device, CLI-based manual programming, EdgeConnect is centrally managed and built for the cloud. Unity Orchestrator empowers network administrators to centrally define and orchestrate granular security policies and create secure end-to-end zones across any combination of users, application groups and virtual overlays, pushing configurations to sites in accordance with business intent.
For distributed enterprises in industries like retail, with 1,000s of sites, manually scripting granular security policies and managing changes at each site could take weeks or months to complete and expose the entire organization to configuration errors. With EdgeConnect, network administrators immediately pare this arduous task down to a matter of minutes, using simple templates to create unique zones that enforce granular perimeter security policies across LAN-WAN-LAN and LAN-WAN-Data Center use cases.
Bringing Segmentation to the WAN
As the attack landscape becomes ever-more sophisticated, many enterprises are adopting segmented network security architectures and proactively shifting their mindsets to verifying everything inside or outside of their networks before granting access.
Until now, network administrators, relying on conventional routers, have been forced to manually script user, application and network exceptions on a device-by-device basis using arcane CLIs. With Unity Orchestrator, administrators can quickly orchestrate granular zone-based security policies and segment end-to-end zones across the LAN and WAN in three simple steps:
1. Define a master security policies template to segment users and applications
2. Centrally define security policies, including drag and drop service chaining to third-party security services
3. Automatically push and apply unique security policy configurations to all sites
Hardened Security with Granular Visibility and Control
With the power of micro-segmentation, network administrators can now centrally visualize and define secure zones and securely segment users, applications and network overlays to accelerate application deployments and eliminate error-prone manual configurations. With Unity Orchestrator, administrators can now:
- Define and apply unique security policies by zone
- Define transport topology and fail-over policies for each zone
- Segment and assign applications to zones for secure user access
- Map LAN-side zones to WAN-side segments.
“As one of the nation’s largest community-based cancer care specialists, we have a deep commitment to protecting the integrity of patient medical information across our more than 30 clinics,” said Robert Holloway, infrastructure manager for Tennessee Oncology. “The Silver Peak EdgeConnect SD-WAN solution, with advanced zone-based segmentation capabilities, will enable us to centrally define LAN to LAN secure zones to isolate corporate network traffic from guest Wi-Fi traffic on both the LAN and WAN, allowing for the secure and segmented exchange of corporate information between our clinics and our data center. EdgeConnect is enabling us to move beyond our conventional WAN architecture toward a centrally managed and fully integrated WAN edge.”
Seamless Service Chaining Across Multivendor Security Architectures
With the latest software release, Unity Orchestrator includes an intuitive drag and drop interface to automatically service chain application traffic to third-party security infrastructure and services for further inspection and verification. All traffic steering is further secured across the WAN utilizing private secure encrypted IPSec tunnels.
“Enterprises are quickly embracing a segmented security model and reevaluating their network security requirements from the inside out,” said Damon Ennis, senior vice president of products for Silver Peak. “Silver Peak is at the forefront of addressing emerging WAN security requirements with an application-driven WAN edge. EdgeConnect enables enterprises to centrally define and automate security policy governance across any combination of users, application groups and WAN services with advanced segmentation capabilities and seamless service chaining to multivendor security architectures. This powerful combination empowers enterprises to confidently embrace cloud initiatives to enhance business agility.”