Increased adoption of cloud services, mobility, and the hybrid work model are imposing organizations to reach out for strategies and solutions appropriate to the new security challenges they face. To support these companies, Datanet Systems recently organized a webinar in which it presented the benefits and tangible ways in which they can improve their level of protection using the Cisco SASE architecture model.
The pragmatic approach of the Secure Access Service Edge (SASE) concept promoted by Datanet specialists in the webinar “Security and operational efficiency with the help of Cisco SASE architecture” kicked off with an analysis of the current limitations of traditional network architectures. The starting point was the need for direct access to the Internet (Direct Access Internet), generated by the widespread adoption of cloud services, currently felt at the level of subsidiaries, branches, or workstations, as well as mobile users.
„Traditional network topologies, such as Hub & Spoke in which Internet access is achieved through the company’s headquarters and/or data center, fail to meet current requirements for connectivity, availability, and security. In addition, the use of classic MPLS connections generates substantial additional costs, and the solution of direct internet access from branches by securing each subsidiary generates other additional costs, as well as increasing the integration and management effort“, explained Andrei Iacoboaiea, Enterprise Network Security Consultant at Datanet Systems.
The Cisco SASE architecture model recommended by Datanet meets these needs, ensuring compliance with the performance requirements of applications and services, access control and a higher level of protection, both at the level of the end user and the company’s infrastructure.
The full registration for the Datanet Systems webinar is available below:
Cisco’s approach to the SASE concept
Cisco is one of the market leaders in SASE solutions, offering an extensive portfolio of both networking and security solutions. Thus, the implementation of the architectural model recommended by Datanet can be performed with the help of solutions which are already used by many companies, such as:
- Cisco SD-WAN (Viptela or Meraki) and AnyConnect, for remote access, that covers connectivity needs, allowing the development of flexible and scalable network infrastructure;
- Cisco Duo, for access control and development of Zero Trust strategies, and Umbrella, that delivers multiple Firewall-as-a-Service security features, DNS protection, Secure Web Gateway, Cloud Access Security Broker;
- Cisco ThousandEyes, which provides end-to-end and application-level visibility and provides actionable information about issues that can lead to performance drops.
„The Cisco SASE architecture model ensures an easy and automatic connection of the user or network equipment from wherever they are to the applications they need, no matter where they are hosted. We can do this by having extended visibility into attacks and threats, as well as end-user protection. The convergence of the Cisco architecture is facilitated both by the fact that the solutions come from a single manufacturer, and by the advanced automation capabilities of the components“, mentioned the Datanet specialist.
Concrete working scenarios and applications
In order to enhance the real benefits of the Cisco SASE architecture model’s adoption, Datanet specialists have presented two common work scenarios currently among local companies.
The first scenario, “Secure remote worker“, is about securing the access of working remotely users, with the AnyConnect application having the main role. The classic version is to use a Cisco solution in creating a Remote Access VPN connection, through which the traffic is entirely tunneled to the headquarters network or Data Center. A second, more efficient and more flexible option is to connect the user to the SASE infrastructure using a series of AnyConnect suite modules, such as Umbrella Roaming – which takes over end-user-generated DNS traffic encrypts, filters it, and secures it – and Duo, which introduces multi-factor authentication methods to control access to applications and data. In addition, the Device Help Check functionality allows the evaluation of the security level of the end-use equipment, depending on the score obtained, granting or not the right to access the network. Convergence is ensured by the Cisco ThousandEyes application, which helps to quickly detect problems and their causes, increasing the speed of reaction of companies in resolving incidents.
The second presented working scenario by the Datanet specialists – “Secure Edge” – showed the case of an Internet direct connection case from a device located in a work point or of an IoT device on which the AnyConnect client cannot be installed. In this scenario, the solution is to integrate Cisco SD-WAN, Umbrella, and Duo solutions that allow all of their security features to be applied to any network element, be it an end-user, IoT device, or network equipment from a workstation.
The scenario was presented in a live demo by Bogdan Șileanu, Senior Security Consultant at Datanet, which showed how easy it is to integrate Cisco SD-WAN solutions with the Umbrella application and how to define and apply security policies over routers that serve work points. “The advantages of such an approach are that there is no need to install AnyConnect clients and the Umbrella application on each device and no specific profiles need to be defined, as the whole procedure can be performed centrally and very quickly,” explained the Datanet specialist.
Services provided by Datanet
Another important advantage of the SASE model recommended by Datanet is the fact that it allows companies a step-by-step approach and cost-effectiveness of Cisco solutions already in place, thus reducing financial effort. For this, Datanet specialists provide a full range of services for evaluation, consulting, design, and implementation of the network architecture, coherent integration of components, definition of the necessary security policies, as well as post-implementation technical support.
For further information on this topic, please watch the complete “Security and Operational Efficiency Using the Cisco SASE Architecture” webinar video.