Many enterprises trust a multi-layer, multi-vendor security strategy to address their individual needs based on global coverage, compliance requirements and their application mix.
Aryaka partners with Check Point and other best-of-breed security vendors to offer such a solution.
Aryaka’s Network Access Point (ANAP) integrates a Next Generation Firewall (NGFW) that runs as a virtual network function (VNF) on ANAP 2600, ANAP 3000 and ANAP 10K appliances. Technology partner Check Point Software provides NGFW functionality with Quantum Edge.
The combined solution delivers on a converged branch solution with best of breed capabilities in both networking and advanced security, optimally configured via intent-based policies. Enterprises can choose between deployment models that optimally fit their needs: self-managed or as a managed service. For the self-management option , customers that have sufficient resources and expertise take on the responsibility to optimally configure and maintain the NGFW. The managed service option is for customers that prefer to outsource basic configuration and day-to-day management to Aryaka experts and merely want to supervise operations.
With more than half of enterprise WAN traffic going to the cloud, companies of all size have been moving away from legacy WAN architectures like MPLS. In such an architecture, Internet traffic was back-hauled across the WAN to centralized firewalls to maintain security. However, in today’s cloud-centric context, ensuring application performance over such a back-hauled setup becomes a challenge. In addition, security is not scalable when the organization has distributed users, locations and an ever increasing cloud presence.
Furthermore, optimally configuring, maintaining and extracting maximum benefits from specialized, best-of-breed security tools is complex and time intensive.
Aryaka’s managed network services enable enterprises with fast connectivity worldwide along with accelerated access to mission- and business-critical applications. Aryaka uses a global private network with built-in optimization and security capabilities that include a multi-layer security approach with a global private backbone, fortified security on the Points-of-Presence (PoPs), end-to-end encrypted tunnels and stateful L3/L4 firewalls on the ANAP
Aryaka supports an open, flexible and best-of-breed security model that offers enterprises choice, including Check Point solutions, instead of being locked into a singular SD-WAN vendor’s security solution. Enterprises can choose between best-of-breed security models, express the desired security posture with intent and delegate the implementation to Aryaka experts.
The Aryaka SmartSecure solution provides an advanced set of software-based security functions, including stateful firewalls, micro-segmentation and partnerships with industry-leading security providers, allowing enterprises to optimally tailor a multi-layered, multi-vendor security solution to their very own needs.
Moreover, network security is complex to plan, configure and manage. Network and security professionals are faced with a myriad of functions and vendor solutions to simultaneously manage. Extracting the best possible performance and maintain the optimal, up-to-date configuration of every component represents a huge challenge. With the optional managed firewall service model available for Aryaka SmartSecure, enterprise IT can simply define their desired security posture with high level business intent and delegate the implementation to Aryaka’s orchestration and certified product experts in a customer approved configuration.
Note that the MyAryaka customer portal always provides full visibility and control over the VM life cycle management.
Delivering additional functions with VNF deployment allows enterprises to simplify network operations and lower overall cost of ownership. But with VNF deployments, it is important to get thorough, consolidated insight into a variety of performance aspects: enterprises now need to pay attention to CPU, memory utilization and its allocation to different VNFs. Visibility into VNF performance through packet data analysis of the traffic flowing across your entire network is critical to successful VNF deployments. Simultaneously, CPU and memory resources need to be closely monitored. The MyAryaka customer portal provides easy access to this information for every deployed VNF.
Figure 2: Virtual Machine CPU and Memory Utilization in MyAryaka
The Aryaka managed NGFW solutions consists of the following solution components:
Aryaka Network
Access Point (ANAP)
Models
ANAP 2600
ANAP 3000
ANAP 10000
Supported VNF
Check Point Quantum Edge
Check Point Quantum Edge
Next Generation Firewall
Models:
Quantum Edge: engineered to consume minimal resources and support CPU oversubscription yet delivers up to 580Mbps of Next-Gen Threat Prevention performance for various scenarios, from virtual branch office/customer-premises equipment to high-density, multi-tenant environments. Quantum Edge delivers hybrid cloud, segmentation and Internet gateway access.
ANAP
Network Function Virtualization
ANAP models 2600, 3000 and 10000 support the KVM Hypervisor, which is part of the Linux OS.
MyAryaka
Customer Portal
Aryaka’s Customer Portal provides full visibility into resource utilization for every deployed VNF: bandwidth, CPU and memory.
Check Point
Visibility and Management
Check Point security management will be leveraged to manage the security policies by the customer and/or Aryaka Operations team.
Consolidates branch functions (security, protocol acceleration and application optimization) in a single device (Aryaka’s ANAP) by leveraging built-in virtualization and container technologies.
Complements built-in Aryaka FW and segmentation capabilities with best of breed, next gen firewall capabilities.
Allows enterprises to gain constant, consolidated and granular visibility into the NGFW VNF’s performance via the MyAryaka management portal.
Delivers on branch network performance and redundancy needs with a choice of ANAP platforms and redundancy configurations.
 Managed Secure SD-WAN | With WAN security top-of-mind, Aryaka’s SmartSecure offers enterprises a managed, secure SD-WAN service on an end-to-end secure infrastructure, first-mile, middle-mile, and into the cloud. |
 Operational Simplicity | With a managed edge and cloud security service that leverages Tier-1 partners like Check Point, Aryaka’s end-to-end managed SD-WAN effectively hides complexity from the enterprise. |
 Best of Breed Network Security | Check Point virtual firewalls allow enterprises to consistently manage network security for inbound/outbound traffic and securing on-premises, in private and public clouds and across branch locations. |
 Lower TCO | By consolidating SD-WAN network and security functions on a single device as well as simplifying operations, Aryaka SmartSecure helps enterprises generate the maximum return on their SD-WAN investment. |
Aryaka is the leader and first to deliver Unified SASE as a Service, the only SASE solution designed and built to deliver performance, agility, simplicity and security without tradeoffs. Aryaka meets customers where they are on their unique SASE journeys, enabling them to seamlessly modernize, optimize and transform their networking and security environments. Aryaka’s flexible delivery options empower enterprises to choose their preferred approach for implementation and management. Hundreds of global enterprises, including several in the Fortune 100, depend on Aryaka for cloud-based software-defined networking and security services. For more on Aryaka, please visit www.aryaka.com.