By Russ Schafer, Head of Product Marketing, Security Platforms
Enterprises are moving their applications, workloads and services out of the data center and into the cloud. Enterprises are turning away from traditional WAN architectures and adopting SD-WAN to provide better support for cloud SaaS applications. SD-WAN enables users to connect through their local Internet providers instead of backhauling through the data center over MPLS lines. The local internet connections reduce network latency and saves costs, but also exposes the branch offices to the same sophisticated cyber attacks that target the data center.
The significant increase in the number of remote employees has also expanded the cyber-attack surface. CISOs had to rethink their network strategy as traditional methods of securing corporate networks no longer worked. They needed to provide enterprise-grade security through the branch office to protect against sophisticated multi-vector Gen V cyber attacks.
Check Point and Cisco Collaborate to Deliver Enterprise-Grade SD-WAN Security to the Branch
Together, Cisco and Check Point have collaborated to assure the performance and security of enterprise and cloud applications over the Internet and WAN, while dramatically simplifying deployments and reducing costs. Cisco Software-Defined WAN (SD-WAN) brings enterprise-level manageability, performance, and reliability to branch offices. SD-WAN optimizes connectivity over both broadband Internet and private links to applications that reside in data centers, while simplifying and centralizing branch network management.
Directly connecting branch offices to the cloud via a Local Internet Breakout reduces latency and improves the overall user experience. However, as cloud traffic is offloaded from the private WAN to local Internet connections, branch offices become susceptible to cyber-attacks. Check Point secures these links with the same advanced threat prevention available in Check Point on-premises security gateways.
CloudGuard Connect and CloudGuard Edge Top-Rated SD-WAN Security Prevents Attacks.
Check Point CloudGuard Connect and CloudGuard Edge transform SD-WAN security by providing best-in-class threat prevention to protect enterprises, their branch offices, and remote workers from advanced Gen V cyber attacks. With the flexibility to deploy in minutes in the cloud or on-premise, CloudGuard Connect and CloudGuard Edge provide enterprises with efficiency, flexibility, and comprehensive protection including:
- Top-rated Threat Prevention with 100% Block Rate verified through NSS benchmarks
- Innovative security solutions that combine cloud-hosted patented CPU-level inspection and OS-level sandboxing to prevent infection from the most dangerous zero-day and sophisticated Gen V attacks
- Real-time security Intelligence from ThreatCloud. ThreatCloud gathers threat intelligence from 86 billion security decisions, 4 million file emulations, and 7000 Zero-Day attacks every day.
- Flexibility to deploy branch office security across multiple locations in a few minutes
- A unified threat and access management platform that can reduce operational expense by up to 40%
Cisco SD-WAN Architecture
Cisco SD-WAN is a secure, cloud-scale architecture that is open, programmable and scalable. Through the Cisco SD-WAN vManage console, you can quickly establish an SD-WAN overlay fabric to connect data centers, branches, campuses, and colocation facilities to improve network speed, security, and efficiency.
As the world’s leading networking company, Cisco defined the standard for routing. Cisco has a wide variety of physical and virtualized network service platforms to choose from, such as Viptela OS routers and IOS XE® SD-WAN routers like the Cisco 5000 Series Enterprise Network Compute System (ENCS 5000) platforms. By choosing Cisco SD-WAN, you gain the ability to manage certified trustworthy platforms while instantly deploying the right security in the right place, all from the Cisco vManage console.
Cisco SD-WAN Cloud Networking and Check Point CloudGuard Connect Security
Branches and remote offices can benefit from the optimized connectivity offered by Cisco SD-WAN from their remote site all the way to the cloud. Cisco connects remote offices directly to Check Point CloudGuard Connect, where they are able to leverage Check Point’s advanced threat prevention as a cloud-hosted service, protecting the network and their users from known and unknown threats. Network administrators can easily monitor and manage these sites centrally with the Cisco vManage console.
SD-WAN Security On-Premises in a Single Appliance with CloudGuard Edge
Many customers prefer to have control of their data or must comply with regulations such as GDPR. The Cisco ENCS 5000 is a hybrid platform that combines the functionality of a traditional router and a traditional server with a smaller infrastructure footprint.
Cisco ENCS is a purpose-built compute platform optimized to run certified compatible and interoperable VNFs. Hosting a Check Point CloudGuard Edge virtual machine (VM) on the Cisco ENCS branch appliances provides customers with granular control of their security and data. With Cisco vManage, the CloudGuard Edge virtual machine is centrally provisioned to the ENCS appliances, avoiding truck rolls, additional OPEX costs and the inflexibility associated with deploying and managing a stack of physical appliances.
CloudGuard Edge is a lightweight virtual image of the proven Check Point Branch Office Security Gateway that has been available since 2013. The small footprint of CloudGuard Edge requires a minimum of only 1 GB of memory, 1 GB of disk storage and 1 CPU core.