Generic selectors
Exact matches only
Search in title
Search in content

To address the move of applications to the cloud and more users being located outside traditional office buildings, SASE has been introduced as a new concept that brings together networking and security functions in one unified framework designed to deliver strong security from edge to edge, delivered as a service— including the data center, branch offices, roaming users, and beyond. The networking component of SASE is SD-WAN, the foundation of SASE.

At Nuage Networks, we have been providing scalable and flexible SD-WAN and embedded security prior to SASE’s inception. Nuage SASE is an extension of those SD-WAN and security functions which we deliver at any point of the network, including – on-premises, at cloud edge and in cloud. Our SASE solution is open, flexible and works with cloud security vendors to create the comprehensive network and security framework required for digital transformation.

Nuage SASE framework is delivered in four ways, providing maximum deployment flexibility:

Embedded Security Capabilities – Nuage SD-WAN provides a comprehensive set of security capabilities such as Stateful Firewall, URL/Web Filtering, Layer 7 ACLs and Intrusion Prevention and Detection (IPS/IDS) without any third-party investment.

VNF-based security – The 7850 NSG can host a VNF such as a hosted firewall from any security vendor, extending the embedded security with a preferred security vendor’s security function.

SASE integrated with cloud-security vendor – The 7850 NSG is integrated with cloud-hosted security brokers, allowing Nuage SD-WAN to offer cloud-enabled security and advanced SASE capabilities such as ZTNA (Zero Trust Network Access), CASB (Cloud Access Security Broker) and DLP (Data Loss Prevention).

SASE via CSP Telco Cloud or Nokia SASE POP – Nuage SD-WAN provides ‘service-chaining’ to any existing CSP investment in hosted security/SASE within their Telco Cloud. Alternatively, a cloud hosted and managed offering, Nokia Cloud Managed SD-WAN Service, is available to CSPs that want SD-WANaaS. With this option Nokia has pre-integrated the managed SD-WAN platform to leading cloud-based SASE offerings including Check Point Harmony, Palo Alto Prisma and Zscaler.

vss 1

Unmatched Security Services and Automation

Nuage Networks SD-Security is the first distributed, end-to-end (cloud, DC, branch) solution for network security, visibility and security automation. Built on our proven SDN platform, SD-Security lets you automate IT tasks for security policy protection and remediation to support an on-demand cloud environment.

Key Features and Benefits

sdwan 7 v2

Threat Prevention, Intrusion Detection and Prevention (IDS/IDP)

Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) are important to detect and prevent the known attacks by recognizing the virus signatures. Threat prevention component prevents malware from penetrating the network, regardless of application traffic in which they are hiding. It uses signatures of known attacks to match traffic in order to prevent attacks. IPS/IDS policies can be defined and managed centrally via the GUI or APIs. The signatures are updated dynamically from the cloud.

sdwan 8 v2

Threat Intelligence based on IP Reputation

Threat Intelligence feature enables near real-time detection of security threats based on reputation of source or destination public IP address in the flow records collected by VSS to known risky public IP addresses based on IP reputation data. High risk IP addresses and geo-location of botnet, for example, provide additional context for security analytics and threat hunting.

vss 2

Embedded L3-L7 Firewall and SaaS Access Control

Embedded L3-L7 distributed firewall allows the control branch access to and from internet using stateful L3-L4 security. Restrict branch user access to specific applications using L7 DPI. Validated by 3rd party for PCI-DSS v3.2 network firewall requirements. Logging of ACL actions for compliance and auditing. Supports pre-defined SaaS services such as Office365, Webex, Salesforce, Github, JIRA, Azure, AWS and Google.

vss 3

End-to-end Segmentation and content and category based Web-Filtering

Restrict lateral movement of malware from branch to data center. Control branch user access to datacenter applications and internet. Block branch user access to inappropriate or malicious internet content using content/website Category based filtering. Web Categorization and Threat Intelligence.

vss 4

Contextual Flow Visualization and Application Flow Mapping

Visualize traffic flows within virtual network between branch locations and internet, other branch sites as well as data centers. Group and visualize flows by logical grouping such as security zones, branch locations. Visibility and logging of L7 application information (supports 1900+ application signatures).

vss 5

Security Monitoring, Analytics and Automated Response

Security dashboards and alerts based on access control lists (ACLs). Policy based mirroring of selected traffic to security analytics. Prevent malware from infected branch device from entering corporate network Leverage network security analytics to identify suspect end-points based on threshold alerts.

vss 6

How We Help You

Traditional network security solutions deliver security within a particular enterprise network, either at the network perimeter or within the cloud or datacenter. SD-Security is the industry’s first distributed, end-to-end (cloud, datacenter, branch) software-defined network security, visibility and security automation solution.

  • Prevent security incidents by minimizing attack surface with software-defined segmentation and policy enforcement across cloud, data center and branch
  • Detect security threats and monitor compliance with contextual network visibility and security analytics.
  • Respond in near-real time to incidents by dynamically automating security remediation processes.

SD-Security works across heterogeneous workload types, including virtual machines (VMs), containers and bare-metal servers, as well as any existing IP underlay network across hardware platforms.

 

The Nuage site uses cookies. By using this site, you are agreeing to our Privacy Policy.