Establishing a Dynamic Security Perimeter

Cloud, BYOD, and SaaS applications are redefining (and expanding) the network security perimeter and trust boundaries. At the same time hackers are attacking the WAN with greater frequency. Today’s inflexible technologies do not automatically adjust the WAN security perimeter to account for changes in underlying network topology or on-boarding of cloud and SAAS applications leaving organizations vulnerable to attack and requiring reconfiguration of the network and security services to maintain a secure perimeter.

The CloudGenix™ ION solution enables customers to establish dynamic edge security based upon one or more contexts that include unique groupings of specific applications, users, and/or branch VLANs. Each context is independently secured using unique encryption keys and can achieve secure segmentation and extend security services, such as a firewall, deploying hardware to branches. Finally, contexts are designed to allow the dynamic re-establishment of security perimeters as topology or applications change.

Contact Us  Free Trial

Establishing a Dynamic Security Perimeter

Protect the hybrid WAN edge; dynamically adjust and automatically apply application-defined security policies where and when they are needed


Software-Defined WAN: CloudGenix Whitepaper by PacketPushers

Technical deep-dive (27-informative pages) into a CloudGenix Software-Defined WAN by PacketPushers Ethan Banks and Drew Conry-Murray.



Session-based application fingerprinting for encrypted and unencrypted applications

By combining information from DNS entries, IP addresses, URL’s and certificates with application setup and state information, CloudGenix is able to identify applications and application transactions on the fly down to the sub-application level for applications like Skype, Google, Office-365 SharePoint, Lync, Exchange, SAP, and many more.

Secure application contexts

Traditional WAN segmentation solutions rely on underlying Layer 3 transport constructs such as VRFs, which are expensive and inflexible. CloudGenix secure application contexts enable administrators to map individual applications or groups of applications into specific application contexts that have no dependency on underlying Layer 3 transport. Each secure application context can have context specific security and encryption policies that can be easily modified from the CloudGenix controller across the entire WAN.

Service projection

Deploying services such as IDS, DLP, and IPS physically to each branch can be complex, costly, and time consuming. CloudGenix service projection technology enables customers to “bind” these services to specific applications and application flows by policy and deliver them from any location—data center, regional hub, or cloud—with no incremental branch footprint.

Centralized key management

Say goodbye to the days of shared encryption keys with occasional key rotation. The CloudGenix controller has a full PKI infrastructure delivering granular application context and link specific encryption with high frequency key rotation across the entire WAN.

Built-in application firewall

CloudGenix provides internet zone-based and application firewalling capability natively in software, eliminating the need for a separate firewall to be deployed in branch offices.

CloudGenix Controller

Available on premise or hosted in the cloud, the CloudGenix Controller is the single point of control, monitoring and management for your enterprise WAN. Application performance policies and secure application contexts can be configured with a few mouse clicks. Application performance and conformance to security policies can be monitored from the Controller via a single pane of glass across the entire WAN.

© 2017 CloudGenix Inc. All rights reserved.