North-south firewalling at the SD-WAN branch
East-west site-segmentation via our new Zones capability
Cloud-based security-as-a-service partners
Aryaka private backbone protection
At the branch, an access firewall within the ANAP, Aryaka’s Secure Access Service Edge (SASE), offers ‘north-south’ control. Aryaka Zones extends this to the LAN with ‘east-west’ security, through site-segmentation with policy-based access. Together, the two capabilities segment WAN traffic to Aryaka and internet, from LAN traffic, both internal and DMZ.
A third capability extends security into the cloud though Aryaka’s security partners, including Zscaler. As an example, an enterprise may consume Zscaler’s complementary cloud-based security-as-a-Service, with Aryaka directing traffic appropriately. Alternatively, remote workers may access Aryaka via Palo Alto’s Prisma Cloud Security Suite providing authentication and acceleration.
In parallel, the Aryaka private core delivers partitioned connectivity to all enterprises, encrypting the data and protecting against DDoS attack. Within the branch, enterprises have access to Syslog and Netflow logging, and at the network level, the MyAryaka cloud portal provides a single pane of glass for service configuration, monitoring and health.
The SD-WAN edge is often the first line of defense. Aryaka provides advanced access security solutions that are built into our ANAP SD-WAN branch appliance, a Secure Access Service Edge (SASE), eliminating the need to procure and manage dedicated security hardware.
ANAP includes a virtual stateful ﬁrewall that delivers north-south access protection as well as a simpliﬁed insertion model with features that also condition the last mile against packet loss and latency.
The new Zones capability offers site-segmentation to secure east-west traffic within the branch. For example, internal corporate traffic routed to the Aryaka backbone, public internet traffic, and DMZ traffic such as local application servers or Guest WiFi.
From the branch, traffic follows one of three paths –
Connections to ‘secured’ business-critical SaaS is via the Aryaka network, with direct connections to many of the most strategic SaaS providers. Connectivity to other SaaS providers is simplified by directing traffic to a cloud-based security-as-a-service offering such as Zscaler.
The combined solution does not require additional on-premises hardware, appliances, or software, and is easy and cost-eﬀective to deploy and manage.
Palo Alto’s Prisma Cloud Security Suite extends the protection of its next-generation security platform by leveraging a cloud-based security infrastructure for global enterprises to create and deploy consistent security policies across the entire organization.
Symantec Web Security Services ensures a full suite of threat protection and prevention applied to enterprise traffic from each site. Businesses enjoy direct Internet and cloud access with a consistent security layer without having to deploy separate technologies at each location.
Enterprises with remote workers requiring access to the SD-WAN may easily connect via the Palo Alto’s Prisma Cloud Security Suite for authentication and acceleration. Aryaka has partnered with Palo Alto for this capability.
The Aryaka Private Network delivers true multi-tenant data partitioning though virtualized compute, network, and storage resources. The resulting private backbone is more secure than competing MPLS services where customer traffic is not encrypted. This includes dedicated PoPs located in secured data centers, dedicated Layer 2 links, encryption with IPSec, key management, and DDoS protection. We manage this via a sophisticated orchestration platform, to ensure that your users have assured access to your vital applications and data, anywhere, and at any time.
Since all enterprise traffic goes through Aryaka’s global private network, including all on-premises and cloud applications, the MyAryaka portal provides unique visibility into all global users’ and locations’ network and application traffic.
Aryaka enables IT for the first time to see holistic and specific data on all connections, applications, users, and locations globally, along with deep insight into both legit and suspicious network and application user activity. This provides an early warning system for IT to potentially pinpoint, identify, and stop security threats before they become massive issues. This is particularly useful for zero-day vulnerabilities and attacks that can sometimes evade certain security controls.
For example, an IT manager can see hundreds of connections from one or two regions with 0k or 1k traffic. Identifying as a potential beginning of a DDoS attack. This gives IT an opportunity to examine these endpoints for malware, clean them, and stop DDoS attack at the origination point before it even hits global communication channels, costing company business disruption, and additional expenses.
As a key component of the integration, Aryaka and Palo Alto Networks provide enterprises with industrial-grade security, including on-premises, cloud-based, and many other cloud service models.
The Aryaka edge device (ANAP) can seamlessly forward all Internet and cloud-bound traffic directly to the Zscaler cloud. Zscaler provides advanced security controls needed for this traffic, such as threat protection, data protection and access control capabilities.
Aryaka and Symantec ensure multi-layer protection is in place whether mission-critical resources are in the cloud or on-premises, using software-defined Layer 2 core and best-in-class cloud security.
Aryaka and Zscaler have partnered to deliver a solution that combines Aryaka’s global cloud-native private connectivity, with built in WAN Optimization, SD-WAN functionality and application acceleration capabilities — with Zscaler’s advanced cloud security platform.
Together, Aryaka and Palo Alto, deliver A best-of-breed SD-WAN and security platform for enterprises accessing mission-critical internally hosted applications as well as those going directly to the Internet for accessing cloud applications
The Aryaka Zones Firewall is critical to an enterprise’s layered defense in providing a flexible security foundation. Aryaka augments the Zones branch security solution through partnerships with cloud security industry leaders and enables multi-tenancy via flexible micro-segmentation permitting the ANAP to support a multi-tenant site