The Scenario
The last couple of years have seen rapid diversification of systems and networks with corporate data becoming increasingly distributed. Meanwhile staff and customer demands for flexibility have also increased, through increasing levels of home working and use of private devices, as well as higher expectations to enable third party access to systems and data. This combination of pressures has created a security and administrative nightmare, making it almost impossible to control and secure data using traditional systems.
Critical data has become increasingly distributed, whether through the adoption of cloud applications such as Office 365 and Google Workspace or SaaS applications such as Dropbox and Salesforce. There still remains a need to deliver connectivity to on-premesis resources, but the times where delivering a secure VPN solution to one location (physical or cloud-based) have become insufficient almost overnight.
Added to this is the constant rise in number and the increase in intelligence of attempts by cyber criminals to exploit vulnerabilities in staff and systems. A new approach is needed to facilitate a new way of working whilst maintaining control and ensuring security.
The Solution
SonicWall Cloud Secure Edge (CSE), formerly known as Banyan Security, delivers the solution to these increasingly complex requirements; enabling your organisation to deliver remote access to an increasing range of distributed resources, whilst maintaining flexibility, security and ease of use for users and administrators.
With resources spread throughout SaaS applications, private cloud and internal networks, efficiently managing and monitoring connections to all resources has become virtually impossible... until now!
How it achieves this:
| Step 1: Users connect to a Secure Edge |
Your users establish a secure connection using a client or browser to an Access Tier. This can be either the SonicWall Global Cloud Edge (a highly redundant and accessible service hosted around the world using Google and Oracle Cloud infrastructure) or your own Private Edge hosted in your private cloud or office.
| Step 2: Secure connections to the Edge |
Access to the edge is policed by integration into your chosen user management solution with multi-factor authentication. A Trust Score is assigned to the user dependant on their location, connection type, device type and the security posture of the device, enabling control over levels of access to resources. Once connected, the latest cryptography is used to encrypt traffic ensuring the highest level of security.
| Step 3: Connect your Edge to resources |
Once connected to your Access Tier, users gain an appropriate level of access to your business resources wherever they are located.
Using SAML to connect to SaaS and Private Cloud applications, simple integration into SonicWall SonicOS 7 appliances or the Connector installed virtually anywhere and connected to your CSE deployment using outbound connections, CSE delivers zero-trust access to data stored throughout your organisation's environment.
The 4 Building Blocks of CSE
1: ZTNA – Zero Trust Network Access
SonicWall CSE enforces Zero Trust Network Access across your cloud, virtual and physical estate meaning connections are always verified and never trusted. Once a user is authenticated their connection and device state is continually monitored so that, should the security posture of the device change (for example if their security is breached or firewall disabled), then their trust score decreases and access amended or revoked.
Access to resources is permitted on a least privilege basis so that users can only access what they need to do their job. This is done across all resource locations, whether users are accessing files in your office or using SaaS applications.
2: CASB – Cloud Access Security Broker
Coud Access Security Broker enables CSE to control access to SaaS applications, enforcing the same centrally managed authentication and security wherever your data is stored. Any system supporting SAML, Office 365, Google Workspace, Salesforce and much more can be connected to your CSE environment finally giving you central control of access to distributed applications.
3: VPNaaS – VPN as a service
CSE delivers VPN access to resources that need it using WireGuard to deliver fast and secure tunnels using the latest cryptography. Your Access Tier can be configured to allow access to network resources, both on prem and hosted, whilst maintaining ZTNA; all centrally managed via your Secure Edge. Customers with SonicWall firewalls at their premises can benefit from ultimate ease of use by deploying firmware SonicOS 7.1.2 or above and utilising the built-in connector.
4: SWG – Secure Web Gateway
Secure Web Gateway allows you to control and filter internet traffic for your users no matter what network they are on. Enforce acceptable use policies, protect end users from malicious websites and increase protection against ransomware and phishing attacks. Policy-based control allows you to enable or disable DNS-layer security, URL filtering and Payload inspection based on the policies you assign to your users.
Licensing - Monthly and Annual
SonicWall Cloud Secure Edge is available in two options, Secure Private Access (to resources on internal networks) and Secure Internet Access (to resources on the public Internet), with two tiers per option, Basic and Advanced. Users can be licensed for either or both of the options depending on their requirements.
Cloud Secure Edge monthly subscriptions are for a minimum of 3 months, then rolling monthly contract. Annual subscriptions are available in 1, 2 and 3 year terms.