Cloudedge- Features and differences compared to Traditional VPN

10/20/2022 5 People found this article helpful 306,483 Views

Description

This quick guide gives brief of the some of the potential security to VPN connections using SonicWall’s Cloud Edge 1.1 and differences with the traditional VPN technology.

Resolution

1. Why a Zero Trust Security Model is Needed?

With the modern workforce becoming increasingly on the go, accessing applications/office Network from multiple devices outside of the business perimeter, enterprises have adopted a “verify, then trust” model which means if someone has the correct user credentials, they are admitted to whichever site, app, or device they are requesting. This resulted in an increasing risk of exposure, dissolving what was once the trusted enterprise zone of control and leaving many organizations exposed to data breaches, malware and ransomware attacks. Protection is now needed where Network, applications and data, and users and devices, are located. To be competitive, businesses need a zero trust network architecture able to protect the enterprise data, wherever users and devices are, whilst also ensuring that Network, applications work quickly and seamlessly. ZTNA is the way to quickly bring your network/data/Applications without any complex changes.

Multiple reasons for elimination of traditional VPN and move to modern way of VPN using ZTNA.

• SIMPLER, MORE SPECIFIC SECURE REMOTE ACCESS

• REDUCTION IN MANAGEMENT AND IT SECURITY BURDENS

• STREAMLINED SECURITY POLICIES AND COMPLIANCES

• ERADICATION OF END-USER FRUSTRATIONS WITH SEAMLESS ACCESS

• BEST NETWORK PERFORMANCE DUE TO GATEWAYS NEAREST TO YOUR LOCATION

2. Device Posture Check (DPC):

Cloud Edge Device Posture Check (DPC) allows administrators to ensure that only devices that comply with their predefined security policies can connect using a Cloud Edge agent to a Network, and gives them the reporting they need to ensure that Networks stay secure while Members can easily access the resources they need. Device Posture Check performs checks on the connecting device either once upon connecting, or continuously at intervals set by the administrator.

3. Network Traffic Control (NTC):

NTC can protect and limit access to your resource(s) by defining policies and rules based on user groups, origin and/or destination IPs, ports, and/or network protocols. It isn’t just about controlling your inbound or outbound network traffic but being able to manage your entire network traffic based on user-based and networkbased Rules that define which applications, resources, regions, and data-centers can be accessed through encrypted tunnels.

4. Automatic Wi-Fi Security:

Proactively protects your team members - whether they are traveling for business or working from a local café, working from home - from dangerous public Wi-Fi threats. Logging into unsecured public Wi-Fi hotspots can be dangerous for employees, resulting in the theft of private business data and compliance violations. This will automatically activate a VPN connection on unsecured networks as well as enable access to your company's internal resources.

5. Always on VPN:

Always-on VPN ensures if your VPN connection is broken, your network connectivity will be disabled until the VPN connection is successful, This feature does not let the user disconnect from the VPN, it disables the "Disconnect" button and requires a special code to exit the VPN.

6. DNS Filtering:

Allows you to block users in your network from navigating to webpage URLs with their internet browser. Its ability to filter out bad websites and allow access to approved ones is accomplished with blacklisting and whitelisting tools, respectively, and URLs can be blocked on an individual basis or by category (gambling, social networks, etc.). When you blacklist a URL with our DNS filtering feature, you are telling the DNS Resolver not to resolve the website associated with its unique IP address. Instead, it will display a custom message notifying users that their access to the page is restricted. Accordingly, DNS filtering is crucial for productivity and protection as well.

7. Client Less Access:

Suppose the admin wants to restrict access (demo sites, students, Universities etc. ) of the Cloud Edge VPN clients and restrict the access to some sites only, Using URL Aliasing of Cloud Edge admin can restict the access to the site only. These users can not see the download page of the VPN agents. User access will be restricted to the particular site only.

8. Dynamic IP Tunnel:

In order to establish a site-to-site tunnel (IPSec or WireGuard) between your Cloud Edge gateway and a firewall/router with a dynamic public IP address, Using IPSEC/Wireguard we can enable tunnel between cloud Edge and on-premise firewall/router.

9. Zero Trust Applications:

Zero Trust applications can be opened directly from any computer, without the Cloud Edge VPN network connection. All you need is internet access and browser. All common applications can be configured on Cloud Edge and access can be enabled to a group or required users.

10. Other Network Security:

There are so many other options to restrict your network with more security and access under only software defined perimeter only. Such as No VPN needed for trusted networks, Access of resources using private DNS only, access to restricted networks only based on the Routing & other policies, best performance with availability of different Regions nearest to your location etc.

11. Centralized Console:

Using single Cloud Edge workspace/console, admin can manage all Networks/rules/Policies. Also in future any upgrade, this is seamlessly to the users/admin, it is done centrally.

12. And many more capabilities in ZTNA Cloud Edge solution:

• Provides single sign-on for all corporate applications (on-premises, SaaS, IaaS)

• Enables you to add multi-factor authentication

• Includes application acceleration and application security built in

• Simplifies IT process, with no hardware or client-side software and simple onboarding

• Integrates with your existing SIEM solutions or delivers full reporting

• Identifies and blocks access to malicious domains

• Disrupts communications from compromised devices

• Enables enforcement of your acceptable use policy • Inline data inspection using DPC, NTC & Policies

• On go of scaling to any number of users/Traffic, most flexible solution

• The ZTNA/SASE works on the policy of “TRUST NONE. VERIFY EVERYONE

Not Finding Your Answers?

ASK THE COMMUNITY

Was This Article Helpful?

YES NO

Cloudedge- Features and differences compared to Traditional VPN

Description

Resolution

Related Articles

Categories

Not Finding Your Answers?

Was This Article Helpful?

Article Helpful Form

Article Not Helpful Form

Follow Us

Subscribe to newsletter

Stay In Touch