Working environments have changed over the past years, from monolithic enclaves of servers and workstations in office locations to decentralized cloud services and employees working in hybrid mode wherever they have internet connectivity. These changes demand unified security enforcement and visibility for all company sites and for remote workers alike to provide necessary services to employees and customers while retaining data security and confidentiality of company assets.
Aryaka follows a two-pronged SASE strategy:
This solution brief focuses on the security solutions for Aryaka’s Unified SASE.
Aryaka’s Global SD-WAN enables enterprises with fast global connectivity along with accelerated access to mission- and business-critical applications. Aryaka uses a global private network with built-in optimization and security capabilities that include a multi-layer security approach with a global private core network, fortified security on the PoPs, end-to-end encrypted tunnels, and stateful firewalls.
Aryaka’s Intelligent Hybrid Edge infrastructure uniquely supports sophisticated network and security capabilities at the cloud edge, inter-site, and remote user traffic as part of a Unified SASE (Secure Access Service Edge) architecture. Enhanced security functions in the Aryaka ANAP provide full control and security of intra-site and internet traffic. Feature parity and transparent policy synchronization between the on-premise ANAPs, the PoPs, and central management provide a consistent user experience regardless of the user’s location and connection method.
Aryaka’s secure services edge solution optimally addresses the most common use cases for a distributed enterprise.
Challenge: Distributed enterprises operate multiple office and branch locations globally while providing access to company resources to their remote workers and 3rd party contractors. Company-wide policies and visualization are crucial for consistent security compliance.
Solution: Aryaka provides an intelligent hybrid edge approach for unified security policy enforcement. For sites with an ANAP deployed, security policies are enforced on the ANAP. Through the extension of security functions into Ayaka’s Hyperscale PoP infrastructure, enterprises can secure and regulate their inter-site as well as user traffic from within the Aryaka core at locations without an ANAP.
Benefits: Consistent security policies are enforced across all edge nodes and for all users – remote workers and site users, with or without an ANAP. Global observability provides a complete picture of the entire security posture of the enterprise.
Challenge: Enterprises are increasingly moving towards SaaS applications which leads to challenges of ensuring encompassing security and optimal application performance.
Solution: FWaaS capabilities for on-premises and cloud service edges for unified policy enforcement without compromising application performance. Aryaka’s Hyperscale PoPs integrate Aryaka’s application-identification engine, which is also available in the ANAP devices and provides application-based policies and allows enterprises to identify and block traffic of unauthorized or malicious apps and limit the use of applications that may consume excessive network resources. Policy synchronization between the Aryaka core network and the ANAPs allows for global policy enforcement for remote workers and for sites.
Benefits: Aryaka’s FWaaS protects the network from security threats and performance issues that may arise from using certain applications and ensures that the network is used according to organizational policies. By leveraging Aryaka’s built-in AppAssure capabilities across all HyperScale PoPs and in the ANAP, application performance is optimized across the Aryaka core, ensuring business-critical SaaS applications are accelerated for the best user experience.
SaaS acceleration in the Aryaka HyperScale PoPs – as already available on the Aryaka ANAP – improves the performance and reliability of cloud-based applications and services. It is achieved by using a combination of technologies, such as caching and data compression, to speed up the delivery of application data and reduce latency.
Aryaka’s PoP-based SaaS acceleration is particularly useful for remote workers (Aryaka Private Access users) that rely heavily on cloud-based applications. It improves productivity and the user experience. It can also help to mitigate the impact of network latency and packet loss on the performance of cloud-based applications, which can be a significant issue for users in remote locations or remote workers with poor network connectivity.
Challenge: With constant geopolitical changes and businesses being globally distributed, escalating cyberattacks originating from certain geographical regions have become a common security threat. Aryaka Secure Services Edge Solution Brief 4
Solution: Geo IP blocking on Aryaka’s edge device, the ANAP, prevents unauthorized access to and from network resources from regions known to be high-risk or have a history of malicious activity. For example, it can be configured to block traffic from countries known to be sources of cyberattacks or malware.
Benefits: Geo-blocking allows for proactive control of communication streams – incoming and outgoing – based on geographical regions, removes attack vectors, and enhances enterprises’ overall network security level by preventing such communication attempts.
| L3/L4 firewall | Ayaka’s HyperScale PoPs and ANAPs provide a built-in L3/L4 stateful firewall and allow for granular policy enforcement with full synchronization between the Aryaka core and the sites. |
| Geo-Blocking | Geo-Blocking prevents unauthorized access to/from geographical regions known to be high-risk or have a history of malicious activity. |
| Application-Based Policies | Aryaka’s AppAssure technology is available in Aryaka’s HyperScale PoPs and ANAPs, providing insights and control of used applications for optimal application performance. |
| URL Filtering | URL Filtering utilizes an always up-to-date classification engine for domains and URLs and allows the blocking of malicious or otherwise unwanted web resources. |
| Anti-Malware | Included in the Aryaka Secure Web Gateway is a strong antivirus engine to protect all web traffic against viruses and malware. |
Aryaka will add more features and capabilities to its unified SASE suite in the near future to address additional use cases. Features such as IP-, Domain & Web-reputation filtering, IDS & IPS, AD integration, SSO, User & Group level policies, enhanced Security reports, and more.
Intelligent Hybrid Edge: On-premises and Cloud
Single security policy enforced across Hybrid Edge
Single point of contact, globally
As-a-service delivery with OPEX-only consumption model
Reliable Network Performance for onsite and remote users
True converged Network & Security via Aryaka single-pass architecture
“Aryaka is offering one of the best SASE environments, which is easy to use and implement“
– $1B Media Company via Gartner Peer Insights
| Benefits for Distributed Enterprises | |
|---|---|
|
LAN-like Application Performance ……………………. Less Operational Burden ……………………. More Robust Operational Security ……………………. No Finger-Pointing Between Vendors ……………………. |
Better Integration Between SASE Components …………. Clear, Consistent SLAs Reduced Total Cost of Ownership (TCO) …………. |
“Aryaka has delivered above and beyond our expectations for application performance, security, visibility, and support on a cloud-based network. They have freed up our internal IT staff to focus on bigger-picture strategic initiatives to advance our enterprise.“
– $5B Global Manufacturing Company
The Aryaka Private Network delivers true multi-tenant data partitioning through virtualized compute, network, and storage resources. The resulting private backbone is more secure than competing MPLS services where customer traffic is not encrypted. This includes dedicated PoPs located in secured data centers, dedicated Layer 2 links, encryption with IPSec, key management, and DDoS protection. We manage this via a sophisticated orchestration platform to ensure that your users have assured access to your vital applications and data anywhere and anytime.
Aryaka, the Cloud-First WAN and SASE company, and a Gartner “Voice of the Customer” leader, makes it easy for enterprises to consume network and network security solutions delivered as-a-service for a variety of modern deployments. Aryaka uniquely combines innovative SD-WAN and security technology with a global network and a managed service approach to offer the industry’s best customer and application experience. The company’s customers include hundreds of global enterprises including several in the Fortune 100.
