Addressing security and compliance issues is considered the biggest obstacle to making applications and services cloud-ready. The threat landscape is getting more sophisticated with the rise of ransomware, web-based malware, botnets and phishing emails resulting in significant financial loss and data breaches.
Enterprise IT needs an SDN security solution, based on a unified intent-based security policy automation and visibility platform, that can enable enterprise-wide software-defined segmentation, visibility, threat detection, and dynamic response for securing branches, hybrid cloud and datacenter environments.
To provide for security requirements described above, Nuage Networks SD-Security:
- Supports Prevention, Real-time Detection and Automated Response to security threats
- Has built-in capabilities such as L3-L7 Firewall, Web/URL Filtering, IP Threat Intelligence, Threat Prevention/ Intrusion Detection and Prevention.
- Provides Real-time Security Analytics
- Is unique in the marketplace to provide End-to-end security across branch, DC and cloud
Unmatched Security Services and Automation
Nuage Networks SD-Security is the first distributed, end-to-end (cloud, DC, branch) solution for network security, visibility and security automation. Built on our proven SDN platform, SD-Security lets you automate IT tasks for security policy protection and remediation to support an on-demand cloud environment.
Key Features and Benefits
Embedded L3-L7 Firewall and SaaS Access Control
Embedded L3-L7 distributed firewall allows the control branch access to and from internet using stateful L3-L4 security. Restrict branch user access to specific applications using L7 DPI. Validated by 3rd party for PCI-DSS v3.2 network firewall requirements. Logging of ACL actions for compliance and auditing. Supports pre-defined SaaS services such as Office365, Webex, Salesforce, Github, JIRA, Azure, AWS and Google.
End-to-end Segmentation and content and category based Web-Filtering
Restrict lateral movement of malware from branch to data center. Control branch user access to datacenter applications and internet. Block branch user access to inappropriate or malicious internet content using content/website Category based filtering. Web Categorization and Threat Intelligence.
Contextual Flow Visualization and Application Flow Mapping
Visualize traffic flows within virtual network between branch locations and internet, other branch sites as well as data centers. Group and visualize flows by logical grouping such as security zones, branch locations. Visibility and logging of L7 application information (supports 1900+ application signatures).
Security Monitoring, Analytics and Automated Response
Security dashboards and alerts based on access control lists (ACLs). Policy based mirroring of selected traffic to security analytics. Prevent malware from infected branch device from entering corporate network Leverage network security analytics to identify suspect end-points based on threshold alerts.
Threat Prevention, Intrusion Detection and Prevention (IDS/IDP)
Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) are important to detect and prevent the known attacks by recognizing the virus signatures. Threat prevention component prevents malware from penetrating the network, regardless of application traffic in which they are hiding. It uses signatures of known attacks to match traffic in order to prevent attacks. IPS/IDS policies can be defined and managed centrally via the GUI or APIs. The signatures are updated dynamically from the cloud.
Threat Intelligence based on IP Reputation
Threat Intelligence feature enables near real-time detection of security threats based on reputation of source or destination public IP address in the ﬂow records collected by VSS to known risky public IP addresses based on IP reputation data. High risk IP addresses and geo-location of botnet, for example, provide additional context for security analytics and threat hunting.
How We Help You
Traditional network security solutions deliver security within a particular enterprise network, either at the network perimeter or within the cloud or datacenter. SD-Security is the industry’s first distributed, end-to-end (cloud, datacenter, branch) software-defined network security, visibility and security automation solution.
- Prevent security incidents by minimizing attack surface with software-defined segmentation and policy enforcement across cloud, data center and branch
- Detect security threats and monitor compliance with contextual network visibility and security analytics.
- Respond in near-real time to incidents by dynamically automating security remediation processes.
SD-Security works across heterogeneous workload types, including virtual machines (VMs), containers and bare-metal servers, as well as any existing IP underlay network across hardware platforms.