Cloud, BYOD, and SaaS applications are redefining (and expanding) the network security perimeter and trust boundaries. At the same time hackers are attacking the WAN with greater frequency. Today’s inflexible technologies do not automatically adjust the WAN security perimeter to account for changes in underlying network topology or on-boarding of cloud and SAAS applications leaving organizations vulnerable to attack and requiring reconfiguration of the network and security services to maintain a secure perimeter.
The CloudGenix™ ION solution enables customers to establish dynamic edge security based upon one or more contexts that include unique groupings of specific applications, users, and/or branch VLANs. Each context is independently secured using unique encryption keys and can achieve secure segmentation and extend security services, such as a firewall, deploying hardware to branches. Finally, contexts are designed to allow the dynamic re-establishment of security perimeters as topology or applications change.
Technical deep-dive (27-informative pages) into a CloudGenix Software-Defined WAN by PacketPushers Ethan Banks and Drew Conry-Murray.Download
By combining information from DNS entries, IP addresses, URL’s and certificates with application setup and state information, CloudGenix is able to identify applications and application transactions on the fly down to the sub-application level for applications like Skype, Google, Office-365 SharePoint, Lync, Exchange, SAP, and many more.
Traditional WAN segmentation solutions rely on underlying Layer 3 transport constructs such as VRFs, which are expensive and inflexible. CloudGenix secure application contexts enable administrators to map individual applications or groups of applications into specific application contexts that have no dependency on underlying Layer 3 transport. Each secure application context can have context specific security and encryption policies that can be easily modified from the CloudGenix controller across the entire WAN.
Deploying services such as IDS, DLP, and IPS physically to each branch can be complex, costly, and time consuming. CloudGenix service projection technology enables customers to “bind” these services to specific applications and application flows by policy and deliver them from any location—data center, regional hub, or cloud—with no incremental branch footprint.
Say goodbye to the days of shared encryption keys with occasional key rotation. The CloudGenix controller has a full PKI infrastructure delivering granular application context and link specific encryption with high frequency key rotation across the entire WAN.
CloudGenix provides internet zone-based and application firewalling capability natively in software, eliminating the need for a separate firewall to be deployed in branch offices.
Available on premise or hosted in the cloud, the CloudGenix Controller is the single point of control, monitoring and management for your enterprise WAN. Application performance policies and secure application contexts can be configured with a few mouse clicks. Application performance and conformance to security policies can be monitored from the Controller via a single pane of glass across the entire WAN.