Listen to post:
Most SSE solutions can support moving branch security to the cloud. But only a few can securely cloudify the datacenter firewall. This is because datacenter firewalls don’t just address the need for secure Internet access, which is the main SSE capability. Rather, these firewalls are also used for securing WAN access, datacenter LAN segmentation and ensuring reliability and high availability to network traffic.
In this blog post, we explore which capabilities a datacenter firewall-replacing SSE needs to have. To read a more in-depth explanation about each capability, go to the eBook this blog post is based on.
Replacing the Datacenter Firewall: SSE Criteria
An SSE solution that can replace the datacenter firewall should provide the following capabilities:
1. Secure Access to the Internet
SSE needs to secure access to the internet. This is done by analyzing and protecting all internet-bound traffic, including remote user traffic, based on rules IT sets between network entities. In addition, SSE will include an SWG for monitoring and controlling access to websites. Finally, SSE will have built-in threat prevention, including anti-malware and IPS capabilities as a service.
2. Secure Access From the Internet
While many SSE solutions use proxy architectures to secure outbound Internet traffic, SSE solutions that can replace the datacenter firewall are built from the ground up with an NGFW architecture. This enables them to secure traffic directed at datacenter applications and also direct traffic to the right server and applications within the WAN.Which SSE Can Replace the Physical Datacenter Firewalls? | Download the White Paper
3. Secure WAN Access
A WAN firewall controls whether traffic is allowed or blocked between organizational entities. The SSE-based WAN firewall can also leverage user awareness capabilities and advanced threat prevention.
4. Secure LAN Access
SSE should secure VLAN traffic using access control and threat prevention engines. This must be done at the nearest SSE PoP to avoid latency. There also needs to be an option to route the traffic via an on-premise edge appliance.
In addition to these capabilities, SSE needs to have visibility into the entire network. The visibility enables protecting WAN traffic and remote users accessing internal applications and the governance of applications, ports and protocols.
Cato’s SSE 360 solution, built on a cloud-native architecture, secures traffic to all edges and provides full network visibility and control. Cato’s SSE 360 deliveres all the functionality a datacenter firewall provides, including NGFW, SWG, advanced threat protection and managed threat detection and response.
To learn more, read the eBook “Which SSE Can Replace the Physical Datacenter Firewalls”, right here.