USE CASE BRIEF Ensuring a Consistent Security Perimeter with CloudGenix AppFabric CloudGenix AppFabric ensures a consistent security perimeter for every site in the enterprise in the midst of constantly changing WAN boundaries and evolving threats Business Challenges Today s businesses face intense ongoing scrutiny in the form of continuallyincreasing compliance requirements, an ever-changing enterprise WAN perimeter, and the continual need to innovate and be agile without compromising security posture. Compliance regulations including the Payment Card Industry Data Security Standard (PCI-DSS) and Healthcare Information Portability and Accountability Act (HIPAA) place tremendous burden on businesses in terms of how data is processed, managed, transmitted, accessed, and stored. Traditional security architectures are rigid and do not provide businesses with the agility and flexibility needed to adapt to modern demands for improved customer experience. These legacy architectures typically either demand that all enterprise traffic be backhauled from remote sites to a common pool of security resources in the data center, or, devices be deployed in each location, which becomes costly and unruly to manage. This presents significant challenges for business that want to embrace the cloud or take advantage of the increased capacity and reduced cost provided by broadband Internet. FIGURE 1: BUSINESSES FACE INCREASING REGULATORY COMPLIANCE INCLUDING PCI-DSS, HIPAA, SOX, AND OTHERS.
CLOUDGENIX USE CASE BRIEF SECURITY 2 Introducing CloudGenix AppFabric CloudGenix AppFabric is a Software-defined WAN (SD-WAN) solution that allows businesses to overlay a secure application-centric fabric of connectivity amongst all of their sites and the cloud. AppFabric allows business policies to be defined for performance, security, and compliance, specifying in business language which applications are important for each site, how they should be prioritized, and which WAN links can be used for each application. This provides you with explicit control over how your WAN is utilized and specific links, enables confident integration of the cloud, and allows for deployment of broadband Internet seamlessly at each remote office for increased capacity and lower costs. Branch Office CloudGenix Controller Software LTE INTERNET MPLS PCI/HIPAA/SOX Public Cloud/SaaS Recreational Internet Data Center FIGURE 2: CLOUDGENIX APPFABRIC ENABLES SECURE APP-CENTRIC CONNECTIVITY AMONGST SITES AND THE CLOUD, ENABLING CONTROLS FOR PERFORMANCE, SECURITY, AND COMPLIANCE. Designed for Stringent Security Requirements The security of a system is only as good as the security of its components. CloudGenix AppFabric and ION devices were designed from the ground up to meet the stringent security requirements of today s largest enterprise businesses to provide a comprehensively secure WAN. CloudGenix AppFabric and ION devices have the following security features: Automatic VPN tunnel creation VPN tunnels are automatically created amongst sites where ION devices are deployed, encrypting traffic amongst AppFabric sites Secure VPN tunnels AES-256 encrypted tunnels are established using unique pertunnel keys, which are automatically rotated hourly Secure management communications ION devices communicate with the Cloud- Genix Controller using secure TLS 1.2 connections Hardened Internet connectivity inbound traffic automatically blocked unless explicitly allowed via the built-in application-aware zone-based firewall Secure device access no administrative read/write access is provided to the device shell, and default passwords are never used Compliant logging no application data is logged on the device or controller; only metadata, health, and performance metrics, along with firewall and audit logs Isolated network segments create separate logical networks fully separated from others using network contexts to isolate sensitive traffic
CLOUDGENIX USE CASE BRIEF SECURITY 3 Protecting the Branch Internet Boundary The first layer of defense for today s evolving WAN architecture, involving a combination of private MPLS links and broadband Internet, is to ensure that direct Internet connections in the remote office are protected. CloudGenix ION hardware and virtual appliances include an application-aware, stateful, zonebased firewall to provide protection for the Internet connection in the remote office. With ION, application-aware policies are defined that specify what is allowed into and out of the remote location, giving you explicitly control. Additionally, AppFabric is centrally managed through the cloud-delivered Cloud- Genix Portal, meaning not only are policies managed and distributed from a central service, but businesses are not required to deploy additional hardware, software, and storage to support the management and monitoring infrastructure for their AppFabric. Private Public INTERNET CloudGenix ION MPLS FIGURE 3: APPLICATION-AWARE ZONE BASED FIREWALL PROTECTS THE INTERNET BOUNDARY FOR REMOTE OFFICES. Ensuring a Consistent Security Perimeter In additional to protecting the Internet connection in the branch, businesses today must ensure a consistent set of security technologies are applied for each location, especially in the face of ever-evolving WAN boundaries and increasing regulatory burdens. Traditionally, application traffic was backhauled from remote offices to a data center where a comprehensive set of perimeter technologies was deployed, however, this approach no longer works in a cloud-first world where bandwidth and performance requirements are intolerant of latency or constrained capacity. To solve this issue, businesses can take advantage of cloud access security broker (CASB) solutions, which are security and threat prevention technologies deployed in the cloud. By forwarding traffic through a CASB solution, traffic from each location can be inspected and protected, which helps protect the organization and better ensure compliance. With AppFabric,
CLOUDGENIX USE CASE BRIEF SECURITY 4 policies can be defined per application to use CASB solutions as an intermediary transit network. With application-defined policies for performance, security, and compliance, businesses can specify which applications are forwarded through CASB, which WAN links are allowed for use by the given application, and the performance characteristics that are required. FIGURE 4: APPFABRIC INTEGRATES WITH CASB TO ENSURE A CONSISTENT SECURITY AND THREAT PREVENTION PERIMETER FOR EACH LOCATION. Features CloudGenix AppFabric provides the following security features: APPLICATION- AWARE POLICIES Top-down policy definition for apps, sites, and WAN links, allowing you to define controls for performance, security, and compliance APPLICATION- AWARE ZONE-BASED FIREWALL Protect the branch Internet connection using the stateful app-aware ZBFW by specifying what is allowed into or out of the site INTEGRATION WITH CLOUD ACCESS SECURITY BROKERS (CASB) Simple integration with Zscaler, Palo Alto Networks Global Protect, Symantec Web Security Services, and others NETWORK CONTEXTS Force specific applications to use specific isolated networks to reduce compliance burden MASSIVE SCALABILITY AppFabric scales easily to tens of thousands of VPN tunnels, leading to overall better stability of the secure network
CLOUDGENIX USE CASE BRIEF SECURITY 5 Benefits CloudGenix AppFabric provides the following security benefits: POLICIES ALIGNED WITH BUSINESS INTENT Top-down policies for performance, security, and compliance help simplify management END-TO-END SECURE APPLICATION FABRIC Comprehensive, secure connectivity amongst sites to protect sensitive data CONSISTENT SECURITY PERIMETER Coupled with CASB, ensures each site has a consistent set of security and threat prevention techniques applied to protect your business IMPROVED COMPLIANCE POSTURE Protect data in motion and control network access to meet the detailed requirements of regulation including PCI and HIPAA REDUCE COMPLIANCE SCOPE Define network contexts and isolate applications that are relevant to compliance to reduce audit and verification burden SEE FOR YOURSELF SEE CLOUDGENIX IN ACTION FOR YOURSELF! VISIT WWW.CLOUDGENIX.COM/TRIAL TO REGISTER FOR A NO-RISK FREE TRIAL TODAY. ABOUT CLOUDGENIX CloudGenix provides a software-defined WAN solution with AppFabric technology that enables you to build a global WAN based on business policies for application performance, compliance, and security, across all sites and users. Unlike router-based solutions, CloudGenix AppFabric allows you to define top-down global policies based on business intent rather than fragmented bottoms-up configuration changes based on technical implementation. With CloudGenix, you can easily integrate heterogeneous WAN connections for any site, take advantage of cloud and SaaS applications, improve visibility for app performance and SLAs, and dramatically simplify network operations. 2665 North First St., #110 San Jose, CA 95134 1.844.800.CGNX info@cloudgenix.com 2018 Cloudgenix inc. All rights reserved.