Can SD-WAN Help Businesses in Boosting ROI?

SD-WAN
We are surrounded by acronyms and buzzwords in technology. SD-WAN is one that is often used in the industry nowadays.

Organizations embrace digital transformation to stay up with market developments, consumer needs, and competitiveness. Traditional network designs weren't meant to manage digital transformation workloads and complexity. Business-critical services are commonly spread over numerous clouds, compromising network performance, particularly at branch sites.

Smart network operations teams opt for SD-WAN. SD-WAN reduces overhead and improves network performance. Routing and hardware expenses are saved through SD-WAN solutions while allowing multi-cloud access. SD-WAN also reduces overhead and supports new digital apps and services. This new technology streamlines WAN administration and operation and brings corporate advantages.


Business Challenges that SD-WAN Addresses

There has been a dramatic increase in the pressure on the network as a result of digitalization. Businesses must now rely on a stable and secure network, which conventional router-based network topologies are incapable of providing. An SD-WAN solution assists businesses in addressing use cases in order to expedite digital transformation efforts, lower cybersecurity risks, and increase revenue.
  • Eases connectivity with far-flung factories and offices.
  • Effectively deploys new sites and minimizes network equipment sprawl.
  • Enhances the speed of file transfer and backups to disaster recovery facilities.
  • Helps in moving applications to the cloud and protecting cloud app. data using Secure Access Service Edge (SASE).
  • Safeguards IoT devices using a zero-trust network
  • Helps in complying with the cybersecurity framework of the National Institute of Standards and Technology (NIST).


Ways SD-WAN Can Help Businesses Boost their Bottom Line

  • Boosts Security
Digital transformation is a double-edged sword. It can increase consumer satisfaction and market reach, but can pose security threats. According to the U.S. State of Cybercrime study, 41% of respondents stated more cybersecurity occurrences in 2017. The good news is that many SD-WAN solutions provide built-in security. Most SD-WAN systems only offer basic firewall and VPN functionalities, requiring IT teams to add security to elastic and dynamic SD-WAN connections after the fact. SD-WAN solutions with NGFW, IPS, encryption, AV, and sandboxing can avoid data loss, downtime, regulatory violations, and legal liability.
  • Enables Cloud Usage
Cloud services are rapidly being used by businesses. The great news is that SD-WAN enables direct cloud access at the remote branch, removing backhauling traffic – which routes all cloud and branch office traffic through the data center – allowing workers to directly access cloud applications irrespective of location without burdening the core network with additional traffic to manage and secure. Furthermore, SD-WAN enhances cloud application performance by prioritizing vital business apps and allowing branches to interact directly with the Internet.
  • Reduces Costs
As businesses deploy a growing number of cloud-based services, the volume of data traveling across a WAN rises dramatically, driving up operational expenses. SD-WAN, thankfully, can minimize this cost by utilizing low-cost local Internet connectivity, offering direct cloud access, and lowering traffic via the backbone WAN. According to an IDC poll (prediction), over a quarter of survey respondents anticipate SD-WAN cost reductions of up to 39%, with the other two-thirds anticipating more modest savings of 5–19%.
  • Improves performance
Data transfer over a network isn't created equal. Fortunately, SD-WAN can be set up to prioritize business-critical traffic and real-time services such as Voice over Internet Protocol (VoIP) and then successfully guide it over the most efficient path. IT teams can help decrease packet loss and latency concerns by supporting important applications over dependable, high-performance connections, increasing employee productivity and morale. This is business-impacting performance.


Closing Note

Indeed, SD-WAN evolved and flourished in the data center over the first few years of development. However, the time has arrived to take it seriously as a tool for managing your wide area network. There are currently several vendors on the market, as well as several mature solutions to choose from. More significantly, the business cases for SD-WAN are expanding on a daily basis.

Spotlight

Torrid Networks Limited

Founded in 2006, Torrid Networks has been able to establish strong credentials in the area of cyber security products, research, consulting, managed services, education and staff augmentation to be recognized as a leading player in the domain.

OTHER ARTICLES
Wan Technologies

How to Increase Network Security with SD-WAN

Article | August 23, 2022

Network security today is losing the battle and a lot of it is blamed upon the traditional security devices. Imagine running next-gen IT Infrastructure secured by security tools made to secure legacy IT.Data breaches have increased substantially and IT professionals are continuously looking at new ways to improve their network security. In this scenario, SD-WAN emerges as one formidable option to implementthat will bolster your network security. Table of Contents: - What is SD-WAN? - How does SD-WAN work? - What are the main benefits of SD_WAN to network security? - What are the other advantages of SD-WAN? . Let’s dig into it. What is SD-WAN? SD-WAN stands for software-defined wide area network (or networking). A WAN is a connection between local area networks (LANs) separated by a substantial distance—anything from a few miles to thousands of miles. The term software-defined implies the WAN is programmatically configured and managed. So, it can be easily adapted quickly to meet changing needs. How does SD-WAN work? An SD-WAN connects end users to virtually any application, hosted at any location (e.g., in the public cloud or a company data center), via the best available or most feasible transport service, whether that’s an MPLS (Multiprotocol Label Switching), broadband, cellular or even satellite internet link. To deliver this level of flexibility and performance to users in digital workspaces, an SD-WAN utilizes a control function that continuously analyzes traffic flows across the WAN and intelligently directs traffic in accordance with current policies. Centralized control The primary means of control in an SD-WAN is centralized. It often resides in a SaaS application running on a public cloud. Control is decoupled from the hardware to simplify network management and improve the delivery of services. SD-WAN appliances (and virtual appliances) follow operational rules passed down from the central controller. This greatly reduces or eliminates the need to manage gateways and routers on an individual basis. Multi-connection, multi-transport SD-WAN gateways support hybrid WAN, which implies that each gateway can have multiple connections using different transports—MPLS, broadband Internet, LTE, etc. A virtual private network (VPN) is typically set up across each WAN connection for security. Consequently, the SD-WAN can be an overlay spanning a diverse communications infrastructure. Dynamic path selection Another feature of SD-WAN is dynamic path selection—the ability to automatically and selectively route traffic onto one WAN link or another depending on network conditions or traffic characteristics. Packets may be steered onto a particular link because another link is down or not working very well, or to balance network traffic across all available links. SD-WAN can also identify packets by application, user, source/destination, etc. and send them down one path or another based on those characteristics. Policy-based management Policy is what determines where dynamic path selection will steer traffic and what level of priority (quality of service, or QoS) it is given. Business intentions can be implemented as policies via the central management console. New and updated policies are translated into operational rules and downloaded to all SD-WAN gateways and routers under control. For example, to ensure the best performance for VoIP and interactive web conferences, a policy may be created by giving their packets transmission priority and routing them onto low-latency paths. Cost savings can be realized by sending file back-ups across a broadband Internet connection. WAN traffic that requires a high level of security can be restricted to private connections (e.g., MPLS) between sites and required to pass through a robust security stack when entering the enterprise. Service chaining SD-WAN has the ability chain itself together with other network services. WAN optimization (acceleration) is often combined with SD-WAN to improve network and application performance. Internet traffic leaving and entering a branch office may be routed across a VPN to a cloud-base security service to strike a balance between performance, security, and cost. Read more: GET THE MOST OUT OF YOUR SD-WAN: FEATURES YOU NEED TO START USING TODAY What are the main benefits of SD_WAN to network security? Eliminate VPN concerns One of the first areas in which SD-WAN impacts security is when a company uses the internet as a method of transport. Before SD-WAN came along and companies were using internet as a backup or even a primary transport method, they would build a VPN or a DMVPN to ensure secure transport of their traffic. This introduces a couple of issues, the first of which is this proliferation of VPNs that has to be managed. The company must have firewalls sitting at their data center, along with a VPN device or firewall sitting in the remote locations to be able to do these VPNs. Every site is dependent on the effort to be up on the network. - Hamza Seqqat, Director of Solutions Architecture, Apcela Failover is an issue with this VPN approach, he said. Companies can’t seamlessly failover from a fiber-based type of transport without having to strike some keys in between. It's hard and expensive to do seamless failover. “Now you don't have to have firewalls for VPNs. You don't have to worry about building your own VPNs or encrypting your traffic,” Seqqat said. “Every SD-WAN product comes with a controller that takes care of things seamlessly. That means there is this smart software-defined engine that builds all these IPsec tunnels between all the locations as soon as you plug the device in. You're not actually having to build a VPN—the controller does it automatically for you, so all you have to do is give the device an IP address or enable DHCP and let it pick an IP address from the DHCP server. Suddenly it's on the network and its building tunnels to all the sites.” He added that the SD-WAN controller builds a full mesh, so it can talk to every one of the sites without having to go back to the data center. This feature alone can reduce a company’s security footprint significantly because the site-to-site traffic becomes secure, easy, and seamless. Reduce traffic going through security A second significant benefit of SD-WAN that impacts security strategy is that it reduces the amount of traffic that needs to go through security parameters because all site-to-site traffic is encrypted. This makes security a bit easier to manage.“For a lot of companies, when they do VPNs for site-to-site traffic, they have to go through firewalls or some kind of encryption mechanism, and that increases their security footprint. It increases the complexity and the cost of security,” Seqqat said. “SD-WAN changes how traffic is routed through security.” Seqqat gave an example of a site that has a gig worth of bandwidth, and out of that gig of bandwidth, some traffic goes to the internet and some goes to site-to-site. “Without SD-WAN, generally you would have to run that whole gig through a firewall, and the firewall will split the traffic into what goes to the data center and what goes to the internet,” he said. “When you do SD-WAN, you don't have to do that. You can separate the traffic at the SD-WAN with a split tunnel, so you take half of the traffic and push it through the firewall to go to the internet and the other half goes straight site-to-site without having to go through a security parameter. Now you have a firewall to handle 500 megs as opposed to a gig, and that makes a huge difference because most security products are based on throughput and utilization. So, that can bring some cost benefits and ease management as well.” Security inherent to SD-WAN A third area where SD-WAN changes security strategy is the fact that certain security features can be implemented directly through the SD-WAN platform, which reduces costs and complexity in the actual security platform. “This depends on what aspects of security you're talking about,” Seqqat said. “For example, security is included in the Silverpeak SD-WAN product, so the Silverpeak devices really do most of the security for you. You don't have to deploy another firewall on top of that. With Versa’s SD-WAN, you can virtualize the firewall, so there’s no need to deploy physical firewalls.” For sites that simply need very basic security, SD-WAN has some inherent security capabilities. It can do things such as allow and deny certain sites and limit traffic that goes to certain sites. When you look at most SD-WAN products, you can usually kind of steer toward one or another based on your security requirements. Deploying SD-WAN in itself can really eliminate the need for security at several locations or extend the security you have been using. - Hamza Seqqat, Director of Solutions Architecture, Apcela Simplify use of security platforms In his final point, Seqqat said SD-WAN providers are making a lot of progress in partnering with both cloud security providers and cloud service providers. By making traffic encrypted and secure via SD-WAN, security platforms will only have to deal with public internet traffic. “SD-WAN providers are really working towards partnering and certifying different security products,” he said. “Consider Zscaler as an example. Some SD-WAN products automatically route all your traffic through Zscalar, which does a cloud-based security parameter before it goes out to the internet or to cloud service providers.” Seqqat said the most important part comes in the fact that Zscalar is distributed across 35 or 40 data centers that are all security parameters. “Making that routing decision as to what data center your traffic goes through before it goes out to the Internet is extremely important to performance,” he said. “If your Office 365 instance is hosted in Seattle and your users in Europe are trying to reach that, which Zscalar data center the traffic is going to go through before it goes through the Seattle instance of O365 makes all the difference in what latency is going to be at round trip. “SD-WAN provides somewhat of an automation and optimization of how traffic goes through Zscalar data centers based on performance metrics. SD-WAN can pull latency and jitter and packet loss and all that kind of stuff, so there is some intelligence that happens when a routing decision is being made as to where user traffic is going to go for security scrubbing or security features before it goes out to the cloud provider or to the Internet. That’s a huge feature that comes into play whenever you deploy SD-WAN.” Read more: FOR SERVICE PROVIDERS SD-WAN IS A MIXED BLESSING What are the other advantages of SD-WAN? SD-WAN has many advantages when implemented well: More predictable and reliable application performance, which helps support users in any digital workspace, across all connections. Superior connection security for cloud applications, without the performance tradeoffs of MPLS backhauling. Congestion reduction due to lack of bandwidth or brownouts with aggregation of bandwidth via multiple bonded and disparate or redundant links. More reliable access to apps and fewer slowdowns due to congestion. Resiliency and redundancy with fast failover when outages impact WAN connections. Quality of service for prioritizing business-critical application traffic. Fast deployments that fuel business agility when bringing applications online at a branch office, or simply changing the configurations. Zero-touch provisioning allows fast set up of sites in minutes with local staff instead of hours or days. Reduced network transport costs and more flexibility through the use of MPLS-alternatives like broadband and cellular. Quick procurement of bandwidth from multiple transport services, contrast to the long lead times needed with legacy WAN carrier-based technologies. Simplified administration with a centralized console eliminates the complexity of configuring edge devices in the field. Deep SD-WAN analytics to monitor links for performance characteristics. Analytics benefit administrators who can use them when troubleshooting problems across the WAN. Simpler branch office infrastructure that doesn’t require management of as many single-function devices Intelligent traffic steering and dynamic path selection Integrated security with leading 3rd-party solutions, including those for SaaS security Conclusion Interest in SD-WAN among organizations is on the rise, and we hope to see a tremendous rise in its adoption in network security strategies over the next few years. Vendor selection will be one of the factor for successful implementation of SD-WAN, as many are quickly developing new and effective software-defined platforms. An ideal vendor would be the one who effectively addresses your specific pain points and is able to meet your current as well as future requirements. Read more: SD-WAN SECURITY: THE IMPACT OF ORCHESTRATED SERVICES MULTIPLICITY

Read More
5G

HOW PRIVATE 5G NETWORKS CAN CHANGE THE WORLD

Article | May 18, 2023

In an increasingly digital world where every pillar of information is now online, lightning-fast connectivity, rock-solid reliability, and impenetrable security are transforming into essentials within the network industry. 5G transforms the connected ecosystem and pushes the boundaries of connectivity to lay the foundation of a faster, more secure, and sustainable future.

Read More
5G

How a 5G coronavirus conspiracy spread across Europe

Article | September 28, 2023

At about 9.30pm on Easter Monday, in the small Dutch town of Almere near Amsterdam, the fire brigade was called to put out a blaze at a large telecoms mast—the second fire of its kind that night in the area. Though neither of the Almere towers were equipped with any of the latest 5G telecoms equipment—in fact one was designed only for use by the emergency services—authorities soon concluded that the fires were perpetrated by vandals acting in the name of an unusual theory: that 5G networks have contributed to the coronavirus pandemic.

Read More
Enterprise Mobility, Mobile Infrastructure

Enhancing Network Visibility: Top Books for Effective Network Monitoring

Article | June 16, 2023

Discover network intrusion monitoring with top network monitoring books. Explore insights, best practices, and tools to secure network visibility and processes used in monitoring network performance. Observing networks for performance and security anomalies is crucial for businesses that rely on their business network. Network monitoring solutions monitor performance metrics across an entire network to guarantee that your systems operate properly. From monitoring network performance to ensuring comprehensive visibility, the books listed below will offer a wealth of knowledge and expertise to empower professionals in the networking industry. 10 Network Monitoring Books to Effectively Monitor Performance 1 Zabbix Network Monitoring Author: Rihards Olups Zabbix Network Monitoring book is an indispensable resource for networking professionals seeking to enhance their network visibility and improve network performance monitoring. This comprehensive guide offers an approach to effectively monitor network devices and applications using Zabbix 3.0. One of the network monitoring books, Zabbix Network Monitoring covers essential topics such as data collection, native Zabbix agents, and SNMP devices. It also delves into monitoring Java application servers, VMware, notifications, permission management, system maintenance, and troubleshooting. It empowers readers to build a robust network monitoring solution to gather data from various systems. By exploring the intricacies of Zabbix, this book ensures that network monitoring becomes an efficient and effortless task, ultimately enhancing network visibility and performance for all stakeholders. 2 The Practice of Network Security Monitoring Author: Richard Bejtlich An essential book for networking professionals, The Practice of Network Security Monitoring: Understanding Incident Detection and Response, helps to enhance network visibility and strengthen network security. The book's author, Richard, guides readers through implementing network security monitoring (NSM) as a proactive defense strategy. The book emphasizes integrating NSM into security measures to effectively detect and respond to intrusions. It also provides practical insights on deploying, building and operating an NSM operation using open-source software and vendor-neutral tools. With a focus on proactive incident response, this book equips readers with the knowledge and techniques to establish a robust security net that detects, contains and controls attacks. By implementing the practices outlined in this book, organizations can better safeguard their networks and prevent the loss of sensitive data. 3 Internet and Network Architecture Author: Sang Hinch Internet and Network Architecture: Analyzing Performance with Network Monitoring Tools is a must-read for professionals in the networking industry seeking to enhance network visibility and optimize network performance monitoring. This comprehensive guide offers a thorough introduction to TCP/IP, FTP, IP addresses, ports, and web page retrieval, providing a solid foundation in internet and network architecture. The book explores the complex workings of routers, data transmission, network configuration, and architecture, enabling readers to build efficient and secure networks. Focusing on practicality, it emphasizes using network monitoring tools to analyze performance and troubleshoot issues effectively. By mastering the fundamentals presented in this book, readers will gain the knowledge and confidence to navigate the World Wide Web, understand network protocols, and make informed decisions for network optimization. 4 Zabbix 4 Network Monitoring Author: Patrik Uytterhoeven & Rihards Olups Zabbix 4 Network Monitoring: Monitor the performance of your network devices and applications using the all-new Zabbix 4.0, 3rd Edition is a comprehensive and highly valuable resource for professionals in the networking industry. This book serves as an essential guide to effectively monitor the performance of network devices and applications using Zabbix 4.0. Written for both beginners and experienced users, the book offers a step-by-step approach to help readers quickly grasp the installation process and explore the new features of network monitoring. From understanding native Zabbix agents and SNMP devices to harnessing Zabbix's integrated functionality for monitoring Java application servers and VMware, readers will gain comprehensive knowledge. With insights into optimizing performance, automating configurations, and troubleshooting network issues, it will develop advanced skills to ensure a healthy and efficient network. 5 Applied Network Security Monitoring Author: Chris Sanders & Jason Smith An indispensable book for professionals in the networking industry Applied Network Security Monitoring: Collection, Detection, and Analysis offers a comprehensive guide to become a proficient NSM analyst. Focusing on NSM's collection, detection, and analysis stages, this book equips readers with essential concepts through real-world examples and practical scenarios. Recognizing that prevention is not foolproof, the book emphasizes the critical role of detection and response in minimizing the impact of network intrusions. With insights from experienced NSM professionals and access to sample data, readers gain valuable knowledge to analyze network security incidents effectively. From data collection methods to in-depth coverage of tools like Snort, Suricata, Bro-IDS, SiLK, and Argus, this monitoring book provides hands-on experience and practical examples using real PCAP files. By leveraging Security Onion for lab examples, readers can develop and enhance their analytic techniques. 6 Practical Network Security Monitoring: Using Free Software Author: Elizabeth Graham Practical Network Security Monitoring: Using Free Software offers guidance on utilizing free software to collect, monitor, and analyze network traffic, thereby detecting and identifying potential threats. With a focus on providing practical exercises, this book equips beginner to intermediate users with the necessary knowledge to detect and defend cyber threats. Step-by-step instructions enable readers to install, configure, and effectively use free tools, allowing hands-on experience in analyzing network traffic and identifying malicious activity. This book edition covers Security Onion, introducing significant changes to the platform. The updated content includes new intrusions, malware, PCAP examples, and an introduction to web-based PCAP analysis tools. A bonus chapter challenges readers to test their knowledge through self-assessment. 7 Efficient Body Sensor Networks for Patient Monitoring Author: Jawaid Iqbal Efficient Body Sensor Networks for Patient Monitoring is a book for professionals in the networking and healthcare industry, focusing on the challenges, Body Sensor Networks (BSNs) face in continuously monitoring patient vital signs. BSNs operate in constrained environments and encounter issues such as patient information privacy, secure data transmission over public networks, high overhead, and energy constraints. Being one of the prominent network monitoring books, it presents five efficient and secure attribute-based schemes designed explicitly for BSNs. These schemes address the mentioned challenges comprehensively, providing practical solutions to enhance network monitoring performance in patient monitoring scenarios. By proposing novel approaches, this book contributes to the advancement of efficient and secure patient monitoring within BSNs. 8 Mastering Python Networking Author: Eric Chou A comprehensive guide created for professionals in the networking industry seeking to leverage Python for network automation, monitoring, and management, Mastering Python Networking: Utilize Python packages and frameworks for network automation, monitoring, cloud, and management, focuses on the latest Python libraries and frameworks and equips readers with the necessary skills to tackle common & complex network challenges effectively. From interacting with network devices to implementing advanced features using Python 3, the book covers a wide range of topics, including Docker containers, network data analysis, cloud networking, and DevOps practices. With practical examples and insights into tools like GitLab & ELK, network engineers, developers, and SREs will gain valuable knowledge to enhance their network performance monitoring and visibility. 9 AWS Security Cookbook Author: Heartin Kanikathottu Focusing on securing Amazon Web Services (AWS) infrastructure, AWS Security Cookbook: Practical solutions for managing security policies, monitoring, auditing, and compliance with AWS is written. Being one of the network monitoring books that provide professionals with valuable insights related to network visibility and network performance management in the networking industry, this book offers practical solutions to address common security challenges, including permission policies, key management, network security, and cloud security best practices. Industry professionals can explore various AWS services and features that enhance security, including IAM, S3, CloudWatch, CloudTrail, Config, GuardDuty, and Macie. In addition, the book also covers compliance requirements and demonstrates how to maintain security and compliance using AWS security services. 10 The Best of TaoSecurity Blog, Volume 2 Author: Richard Bejtlich The Best of TaoSecurity Blog, Volume 2: Network Security Monitoring, Technical Notes, Research, and China and the Advanced Persistent Threat, guides professionals in the networking industry, particularly those interested in network security monitoring. Written by Richard Bejtlich, a renowned cybersecurity expert, he curates the best entries from his 17 years of writing on the TaoSecurity Blog. The book explores various intervention detection and response aspects, leveraging threat intelligence sources, network data, application and infrastructure data, and endpoint data. Additionally, it provides insights into Chinese hacking activities over the past two decades, offering a unique perspective from a defender on the front lines. With new analysis accompanying each post, readers can gain valuable knowledge on the evolution of the security industry, defensive methodologies, and strategies for enhancing national security. Conclusion In conclusion, the recommended books discussed in this article provide valuable insights and guidance for networking experts in the B2B sector. These resources cover various aspects of monitoring network performance, enhancing network visibility, and addressing security concerns. By delving into these monitoring books, professionals can gain a deeper understanding of effective network performance monitoring techniques, ensuring optimal visibility across their infrastructure. With the ever-evolving networking landscape, staying up-to-date with the latest trends and best practices, it is crucial for maintaining a high-performing network. These books offer industry-relevant knowledge and empower networking experts to make informed decisions, ultimately leading to a robust and efficient network infrastructure.

Read More

Spotlight

Torrid Networks Limited

Founded in 2006, Torrid Networks has been able to establish strong credentials in the area of cyber security products, research, consulting, managed services, education and staff augmentation to be recognized as a leading player in the domain.

Related News

Network Security

Ampliphae, HPE Athonet and Arqit deliver Quantum-Safe Private 5G using Symmetric Key Agreement

PR Newswire | January 19, 2024

Arqit Quantum Inc, a leader in quantum-safe encryption, and Ampliphae Ltd (Ampliphae), a leader in network cyber security solutions, have today announced successful completion of a project that will deliver enhanced quantum-safe security for Private 5G networks. The Security Enhanced Virtualised Networking for 5G (SEViN-5G) project, funded by Innovate UK, the UK Government’s innovation agency, leveraged Ampliphae’s network security analytics technology and Arqit’s Symmetric Key Agreement Platform to deliver a quantum-secure Private 5G testbed that can protect against both current and future cyber threats. Athonet, a Hewlett Packard Enterprise acquisition, provided the Radio Access Network (RAN) equipment for the project with a cloud core hosted on AWS. Private enterprise networks based on 5G cellular technology are accelerating digital transformation across industries including manufacturing, healthcare, defence and smart cities. Private 5G gives enterprises access to high-speed, massively scalable, and ultra-reliable wireless connectivity, allowing them to implement innovative IoT and mobile solutions that enhance productivity, drive automation and improve customer engagement. The security of these networks will be paramount as they will support safety-critical infrastructure and carry highly sensitive data. But like any new technology, 5G comes with potential new threats and security risks including the threat from quantum computing. The project finished in December 2023 and customer engagement has already begun. David Williams, Arqit Founder, Chairman and CEO said: “Enterprises want to deploy Private 5G networks with complete confidence that they will be safe from both current and future cyber threats including from quantum computers. Working alongside Ampliphae, we have shown that a quantum-safe Private 5G network is deliverable using Arqit’s unique encryption technology.” Trevor Graham, Ampliphae CEO said: “Private 5G can be hosted partly or completely in the Cloud, giving enterprises the opportunity to rapidly set up their own cellular networks customised to support their operations. With Ampliphae and Arqit they can now be certain that those Private 5G networks are monitored and secure against eavesdropping and disruption.” Nanda Menon, Senior Advisor Hewlett Packard Enterprise said: “In an era where security is paramount, the completion of the SEViN-5G project is a significant milestone. The delivery of a quantum-secure Private 5G testbed, achieved where Athonet have combined the Athonet core with CableFree radios, underscores the commitment to innovation and reinforces the confidence enterprises can have in deploying networks that are both cutting-edge and secure from both present and future threats.” About Arqit Arqit Quantum Inc. (Nasdaq: ARQQ, ARQQW) (Arqit) supplies a unique encryption Platform as a Service which makes the communications links of any networked device, cloud machine or data at rest secure against both current and future forms of attack on encryption – even from a quantum computer. Compliant with NSA standards, Arqit’s Symmetric Key Agreement Platform delivers a lightweight software agent that allows devices to create encryption keys locally in partnership with any number of other devices. The keys are computationally secure and operate over zero trust networks. It can create limitless volumes of keys with any group size and refresh rate and can regulate the secure entrance and exit of a device in a group. The agent is lightweight and will thus run on the smallest of end point devices. The Product sits within a growing portfolio of granted patents. It also works in a standards compliant manner which does not oblige customers to make a disruptive rip and replace of their technology. Recognised for groundbreaking innovation at the Institution of Engineering and Technology awards in 2023, Arqit has also won the Innovation in Cyber Award at the National Cyber Awards and Cyber Security Software Company of the Year Award at the Cyber Security Awards. Arqit is ISO 27001 Standard certified. www.arqit.uk About Ampliphae Ampliphae’s distributed network analytics technology provides insight into how networks are used to support enterprise operations at every level. A graduate of the prestigious LORCA cyber accelerator in London, and the AWS European Defence Accelerator, Ampliphae’s technology is already used by enterprises across multiple verticals to discover, analyse and secure the network traffic that supports their key applications and business processes. Ampliphae’s Encryption Intelligence product operates at enterprise scale to discover devices and applications that use cryptography, analysing their encryption capabilities to detect risks, including assets that are vulnerable to future quantum computer attack. Using Encryption Intelligence, the organisation can gather effective operational intelligence about their encryption landscape, both within and outside the organisation, and build an effective mitigation program to address current and future vulnerabilities.

Read More

Network Security

Cato Networks Introduces World's First SASE-based XDR

PR Newswire | January 25, 2024

Cato Networks, the leader in SASE, announced the expansion of the Cato SASE Cloud platform into threat detection and incident response with Cato XDR, the world's first SASE-based, extended detection and response (XDR) solution. Available immediately, Cato XDR utilizes the functional and operational capabilities of the Cato SASE Cloud to overcome the protracted deployment times, limited data quality, and inadequate investigation and response experience too often associated with legacy XDR solutions. Cato also introduced Cato EPP, the first SASE-managed endpoint protection platform (EPP/EDR). Together, Cato XDR and Cato EPP mark the first expansion beyond the original SASE scope pioneered by Cato in 2016 and defined by industry analysts in 2019. SASE's security capabilities encompassed threat prevention and data protection in a common, easy-to-manage, and easy-to-adopt global platform. With today's announcement, Cato is expanding SASE into threat detection, incident response, and endpoint protection without compromising on the architectural elegance captured by the original SASE definition. "Cato SASE continues to be the antidote to security complexity," says Shlomo Kramer, CEO and co-founder of Cato Networks. "Today, we extend our one-of-a-kind SASE platform beyond threat prevention and into threat detection and response. Only Cato and our simple, automated, and elegant platform can streamline security this way." An early adopter of Cato XDR is Redner's Markets, an employee-owned supermarket chain headquartered in Reading, Pennsylvania, with 75 locations. Redner's Markets' vice president of IT and Infrastructure, Nick Hidalgo, said, "The Cato platform gave us better visibility, saved time on incident response, resolved application issues, and improved network performance ten-fold." (Read more about Redner's Markets and Cato in this blog. "The convergence of XDR and EPP into SASE is not just another product; it's a game-changer for the industry," said Art Nichols, CTO of Windstream Enterprise, a Cato partner. "The innovative integration of these capabilities brings together advanced threat detection, response capabilities, and endpoint security within a unified, cloud-native architecture—revolutionizing the way enterprises protect their networks and data against increasingly sophisticated cyber threats." (Read more about what Cato partners are saying about today's news in this blog.) Platform vs. Product: The Difference Matters Cato XDR takes full advantage of the enormous benefits of the Cato SASE Cloud platform, the first platform built from the ground up to enable enterprises to connect, secure, and manage sites, users, and cloud resources anywhere in the world. Unlike disjointed point solutions and security appliances, Cato capabilities are instantly on, always available at scale, and fully converged, giving IT teams a single, shared context worldwide to understand their networks, prevent threats, and resolve problems. As an autonomous platform, Cato SASE Cloud sustains its evolution, resiliency, optimal performance, and security posture, saving enterprises the operational overhead of maintaining enterprise infrastructure. Enterprises simply subscribe to Cato to meet their business needs. Cato's cloud-native model revolutionized security and networking operations when it was introduced in 2016, a fact validated three years later in 2019 when the Cato approach was formally recognized by the industry as SASE. Breach Times Still Too Long; Limitations of Legacy XDR Cato is again revolutionizing cybersecurity with the first SASE platform to expand into threat detection, empowering security teams to become smarter and remediate incidents faster. The flood of security alerts triggered by network sensors, such as firewalls and IPS, complicates threat identification. In 2023, enterprises required 204 days on average to identify breaches.1 XDR tools help security analysts close this gap by ingesting, correlating, and contextualizing threat intelligence information with the data from native and third-party sensors. However, legacy XDR tools suffer from numerous problems relating to data quality. Sensor deployment extends the time-to-value as IT must not only install the sensors but also develop a baseline of specific organizational activity for accurate assessments. Data quality is also compromised when importing and normalizing third-party sensor data, complicating threat identification and incident response. Security analysts waste time sorting through incident stories to identify the ones most critical for immediate remediation. Once determined, incident remediation is often hampered by missing information, requiring analysts to master and switch between disparate tools. No wonder in 2023, average breach containment required more than two months.1 Cato XDR and Cato EPP Expands the Meaning of SASE Cato XDR addresses legacy XDR's limitations. Instantly activated globally, Cato XDR provides enterprises with immediate insights into threats on their networks. Incident detection is accurate due to Cato's many native sensors – NGFW, advanced threat prevention (IPS, NGAM, and DNS Security), SWG, CASB, DLP, ZTNA, RBI, and now EPP/EDR. Powered by Bitdefender's world-leading malware prevention technology, Cato EPP protects endpoints from attack – in the Cato way. Endpoint threat and user data are stored in the same converged Cato data lake as the rest of the customer's network data, simplifying cross-domain event correlation. The result is incredibly high-quality data that improves the incident identification and remediation process. Cato AI uses the data to accurately identify and rank incidents, empowering analysts to focus critical resources on an organization's most important remediation cases. Cato AI is battle-tested and proven across years of threat hunting and remediation handling by Cato MDR service agents. Remediation times reduce as detected incident stories contain the relevant information for in-depth investigation. Cato's tools sit in the same console as the native engines, enabling security analysts to view everything in one place -- the current security policy and the reviewed story. Finally, incident reporting is simplified with generative AI. Purpose-built for investigations, this natural language engine provides human-readable explanations of incident stories. Analysts save time sharing incident information with other teams and reporting to their managers.

Read More

Network Infrastructure

DISH Wireless Awarded $50 Million NTIA Grant for 5G Open RAN Integration and Deployment Center

PR Newswire | January 16, 2024

DISH Wireless, a subsidiary of EchoStar, was awarded a historic $50 million grant from the U.S. Department of Commerce's National Telecommunications and Information Administration (NTIA) to establish the Open RAN Center for Integration & Deployment (ORCID). ORCID will allow participants to test and validate their hardware and software solutions (RU, DU and CU) against a complete commercial-grade Open RAN network deployed by DISH. "The Open RAN Center for Integration and Deployment (ORCID) will serve a critical role in strengthening the global Open RAN ecosystem and building the next generation of wireless networks," said Charlie Ergen, co-founder and chairman, EchoStar. "By leveraging DISH's experience deploying the world's first standalone Open RAN 5G network, ORCID will be uniquely positioned to test and evaluate Open RAN interoperability, performance and security from domestic and international vendors. We appreciate NTIA's recognition of DISH and ORCID's role in driving Open RAN innovation and the Administration's ongoing commitment to U.S. leadership in wireless connectivity." To date, this grant represents NTIA's largest award under the Public Wireless Supply Chain Innovation Fund (Innovation Fund). ORCID will be housed in DISH's secure Cheyenne, Wyoming campus and will be supported by consortium partners Fujitsu, Mavenir and VMware by Broadcom and technology partners Analog Devices, ARM, Cisco, Dell Technologies, Intel, JMA Wireless, NVIDIA, Qualcomm and Samsung. NTIA Administrator Alan Davidson and Innovation Fund Director Amanda Toman will join EchoStar Co-Founder and Chairman Charlie Ergen, EchoStar CEO Hamid Akhavan, EVP and Chief Network Officer Marc Rouanne and other stakeholders to announce the grant and tour a DISH 5G Open RAN cell site later today in Las Vegas. During this event, DISH will outline ORCID's unique advantages, including that it will leverage DISH's experience as the only operator in the United States to commercially deploy a standalone Open RAN 5G network. DISH and its industry partners have validated Open RAN technology at scale across the country; today DISH's network covers over 246 million Americans nationwide. At ORCID, participants will be able to test and evaluate individual or multiple network elements to ensure Open RAN interoperability, performance and security, and contribute to the development, deployment and adoption of open and interoperable standards-based radio access networks. ORCID's "living laboratory" will drive the Open RAN ecosystem — from lab testing to commercial deployment. Below are highlights of ORCID: ORCID will combine both lab and field testing and evaluation activities. ORCID will be able to test elements brought by any qualified vendor against DISH's live, complete and commercial-grade Open RAN stack. ORCID will use DISH's spectrum holdings, a combination of low-, mid- and high-band frequencies, enabling field testing and evaluation. ORCID will evaluate Open RAN elements through mixing and matching with those of other vendors, rather than validating a single vendor's stack. DISH's experience in a multi-vendor environment will give ORCID unique insights about the integration of Open RAN into brownfield networks. ORCID's multi-tenant lab and field testing will occur in DISH's secure Cheyenne, Wyoming facility, which is already compliant with stringent security protocols in light of its satellite functions. About DISH Wireless DISH Wireless, a subsidiary of EchoStar Corporation (NASDAQ: SATS), is changing the way the world communicates with the Boost Wireless Network. In 2020, the company became a nationwide U.S. wireless carrier through the acquisition of Boost Mobile. The company continues to innovate in wireless, building the nation's first virtualized, Open RAN 5G broadband network, and is inclusive of the Boost Infinite, Boost Mobile and Gen Mobile wireless brands.

Read More

Network Security

Ampliphae, HPE Athonet and Arqit deliver Quantum-Safe Private 5G using Symmetric Key Agreement

PR Newswire | January 19, 2024

Arqit Quantum Inc, a leader in quantum-safe encryption, and Ampliphae Ltd (Ampliphae), a leader in network cyber security solutions, have today announced successful completion of a project that will deliver enhanced quantum-safe security for Private 5G networks. The Security Enhanced Virtualised Networking for 5G (SEViN-5G) project, funded by Innovate UK, the UK Government’s innovation agency, leveraged Ampliphae’s network security analytics technology and Arqit’s Symmetric Key Agreement Platform to deliver a quantum-secure Private 5G testbed that can protect against both current and future cyber threats. Athonet, a Hewlett Packard Enterprise acquisition, provided the Radio Access Network (RAN) equipment for the project with a cloud core hosted on AWS. Private enterprise networks based on 5G cellular technology are accelerating digital transformation across industries including manufacturing, healthcare, defence and smart cities. Private 5G gives enterprises access to high-speed, massively scalable, and ultra-reliable wireless connectivity, allowing them to implement innovative IoT and mobile solutions that enhance productivity, drive automation and improve customer engagement. The security of these networks will be paramount as they will support safety-critical infrastructure and carry highly sensitive data. But like any new technology, 5G comes with potential new threats and security risks including the threat from quantum computing. The project finished in December 2023 and customer engagement has already begun. David Williams, Arqit Founder, Chairman and CEO said: “Enterprises want to deploy Private 5G networks with complete confidence that they will be safe from both current and future cyber threats including from quantum computers. Working alongside Ampliphae, we have shown that a quantum-safe Private 5G network is deliverable using Arqit’s unique encryption technology.” Trevor Graham, Ampliphae CEO said: “Private 5G can be hosted partly or completely in the Cloud, giving enterprises the opportunity to rapidly set up their own cellular networks customised to support their operations. With Ampliphae and Arqit they can now be certain that those Private 5G networks are monitored and secure against eavesdropping and disruption.” Nanda Menon, Senior Advisor Hewlett Packard Enterprise said: “In an era where security is paramount, the completion of the SEViN-5G project is a significant milestone. The delivery of a quantum-secure Private 5G testbed, achieved where Athonet have combined the Athonet core with CableFree radios, underscores the commitment to innovation and reinforces the confidence enterprises can have in deploying networks that are both cutting-edge and secure from both present and future threats.” About Arqit Arqit Quantum Inc. (Nasdaq: ARQQ, ARQQW) (Arqit) supplies a unique encryption Platform as a Service which makes the communications links of any networked device, cloud machine or data at rest secure against both current and future forms of attack on encryption – even from a quantum computer. Compliant with NSA standards, Arqit’s Symmetric Key Agreement Platform delivers a lightweight software agent that allows devices to create encryption keys locally in partnership with any number of other devices. The keys are computationally secure and operate over zero trust networks. It can create limitless volumes of keys with any group size and refresh rate and can regulate the secure entrance and exit of a device in a group. The agent is lightweight and will thus run on the smallest of end point devices. The Product sits within a growing portfolio of granted patents. It also works in a standards compliant manner which does not oblige customers to make a disruptive rip and replace of their technology. Recognised for groundbreaking innovation at the Institution of Engineering and Technology awards in 2023, Arqit has also won the Innovation in Cyber Award at the National Cyber Awards and Cyber Security Software Company of the Year Award at the Cyber Security Awards. Arqit is ISO 27001 Standard certified. www.arqit.uk About Ampliphae Ampliphae’s distributed network analytics technology provides insight into how networks are used to support enterprise operations at every level. A graduate of the prestigious LORCA cyber accelerator in London, and the AWS European Defence Accelerator, Ampliphae’s technology is already used by enterprises across multiple verticals to discover, analyse and secure the network traffic that supports their key applications and business processes. Ampliphae’s Encryption Intelligence product operates at enterprise scale to discover devices and applications that use cryptography, analysing their encryption capabilities to detect risks, including assets that are vulnerable to future quantum computer attack. Using Encryption Intelligence, the organisation can gather effective operational intelligence about their encryption landscape, both within and outside the organisation, and build an effective mitigation program to address current and future vulnerabilities.

Read More

Network Security

Cato Networks Introduces World's First SASE-based XDR

PR Newswire | January 25, 2024

Cato Networks, the leader in SASE, announced the expansion of the Cato SASE Cloud platform into threat detection and incident response with Cato XDR, the world's first SASE-based, extended detection and response (XDR) solution. Available immediately, Cato XDR utilizes the functional and operational capabilities of the Cato SASE Cloud to overcome the protracted deployment times, limited data quality, and inadequate investigation and response experience too often associated with legacy XDR solutions. Cato also introduced Cato EPP, the first SASE-managed endpoint protection platform (EPP/EDR). Together, Cato XDR and Cato EPP mark the first expansion beyond the original SASE scope pioneered by Cato in 2016 and defined by industry analysts in 2019. SASE's security capabilities encompassed threat prevention and data protection in a common, easy-to-manage, and easy-to-adopt global platform. With today's announcement, Cato is expanding SASE into threat detection, incident response, and endpoint protection without compromising on the architectural elegance captured by the original SASE definition. "Cato SASE continues to be the antidote to security complexity," says Shlomo Kramer, CEO and co-founder of Cato Networks. "Today, we extend our one-of-a-kind SASE platform beyond threat prevention and into threat detection and response. Only Cato and our simple, automated, and elegant platform can streamline security this way." An early adopter of Cato XDR is Redner's Markets, an employee-owned supermarket chain headquartered in Reading, Pennsylvania, with 75 locations. Redner's Markets' vice president of IT and Infrastructure, Nick Hidalgo, said, "The Cato platform gave us better visibility, saved time on incident response, resolved application issues, and improved network performance ten-fold." (Read more about Redner's Markets and Cato in this blog. "The convergence of XDR and EPP into SASE is not just another product; it's a game-changer for the industry," said Art Nichols, CTO of Windstream Enterprise, a Cato partner. "The innovative integration of these capabilities brings together advanced threat detection, response capabilities, and endpoint security within a unified, cloud-native architecture—revolutionizing the way enterprises protect their networks and data against increasingly sophisticated cyber threats." (Read more about what Cato partners are saying about today's news in this blog.) Platform vs. Product: The Difference Matters Cato XDR takes full advantage of the enormous benefits of the Cato SASE Cloud platform, the first platform built from the ground up to enable enterprises to connect, secure, and manage sites, users, and cloud resources anywhere in the world. Unlike disjointed point solutions and security appliances, Cato capabilities are instantly on, always available at scale, and fully converged, giving IT teams a single, shared context worldwide to understand their networks, prevent threats, and resolve problems. As an autonomous platform, Cato SASE Cloud sustains its evolution, resiliency, optimal performance, and security posture, saving enterprises the operational overhead of maintaining enterprise infrastructure. Enterprises simply subscribe to Cato to meet their business needs. Cato's cloud-native model revolutionized security and networking operations when it was introduced in 2016, a fact validated three years later in 2019 when the Cato approach was formally recognized by the industry as SASE. Breach Times Still Too Long; Limitations of Legacy XDR Cato is again revolutionizing cybersecurity with the first SASE platform to expand into threat detection, empowering security teams to become smarter and remediate incidents faster. The flood of security alerts triggered by network sensors, such as firewalls and IPS, complicates threat identification. In 2023, enterprises required 204 days on average to identify breaches.1 XDR tools help security analysts close this gap by ingesting, correlating, and contextualizing threat intelligence information with the data from native and third-party sensors. However, legacy XDR tools suffer from numerous problems relating to data quality. Sensor deployment extends the time-to-value as IT must not only install the sensors but also develop a baseline of specific organizational activity for accurate assessments. Data quality is also compromised when importing and normalizing third-party sensor data, complicating threat identification and incident response. Security analysts waste time sorting through incident stories to identify the ones most critical for immediate remediation. Once determined, incident remediation is often hampered by missing information, requiring analysts to master and switch between disparate tools. No wonder in 2023, average breach containment required more than two months.1 Cato XDR and Cato EPP Expands the Meaning of SASE Cato XDR addresses legacy XDR's limitations. Instantly activated globally, Cato XDR provides enterprises with immediate insights into threats on their networks. Incident detection is accurate due to Cato's many native sensors – NGFW, advanced threat prevention (IPS, NGAM, and DNS Security), SWG, CASB, DLP, ZTNA, RBI, and now EPP/EDR. Powered by Bitdefender's world-leading malware prevention technology, Cato EPP protects endpoints from attack – in the Cato way. Endpoint threat and user data are stored in the same converged Cato data lake as the rest of the customer's network data, simplifying cross-domain event correlation. The result is incredibly high-quality data that improves the incident identification and remediation process. Cato AI uses the data to accurately identify and rank incidents, empowering analysts to focus critical resources on an organization's most important remediation cases. Cato AI is battle-tested and proven across years of threat hunting and remediation handling by Cato MDR service agents. Remediation times reduce as detected incident stories contain the relevant information for in-depth investigation. Cato's tools sit in the same console as the native engines, enabling security analysts to view everything in one place -- the current security policy and the reviewed story. Finally, incident reporting is simplified with generative AI. Purpose-built for investigations, this natural language engine provides human-readable explanations of incident stories. Analysts save time sharing incident information with other teams and reporting to their managers.

Read More

Network Infrastructure

DISH Wireless Awarded $50 Million NTIA Grant for 5G Open RAN Integration and Deployment Center

PR Newswire | January 16, 2024

DISH Wireless, a subsidiary of EchoStar, was awarded a historic $50 million grant from the U.S. Department of Commerce's National Telecommunications and Information Administration (NTIA) to establish the Open RAN Center for Integration & Deployment (ORCID). ORCID will allow participants to test and validate their hardware and software solutions (RU, DU and CU) against a complete commercial-grade Open RAN network deployed by DISH. "The Open RAN Center for Integration and Deployment (ORCID) will serve a critical role in strengthening the global Open RAN ecosystem and building the next generation of wireless networks," said Charlie Ergen, co-founder and chairman, EchoStar. "By leveraging DISH's experience deploying the world's first standalone Open RAN 5G network, ORCID will be uniquely positioned to test and evaluate Open RAN interoperability, performance and security from domestic and international vendors. We appreciate NTIA's recognition of DISH and ORCID's role in driving Open RAN innovation and the Administration's ongoing commitment to U.S. leadership in wireless connectivity." To date, this grant represents NTIA's largest award under the Public Wireless Supply Chain Innovation Fund (Innovation Fund). ORCID will be housed in DISH's secure Cheyenne, Wyoming campus and will be supported by consortium partners Fujitsu, Mavenir and VMware by Broadcom and technology partners Analog Devices, ARM, Cisco, Dell Technologies, Intel, JMA Wireless, NVIDIA, Qualcomm and Samsung. NTIA Administrator Alan Davidson and Innovation Fund Director Amanda Toman will join EchoStar Co-Founder and Chairman Charlie Ergen, EchoStar CEO Hamid Akhavan, EVP and Chief Network Officer Marc Rouanne and other stakeholders to announce the grant and tour a DISH 5G Open RAN cell site later today in Las Vegas. During this event, DISH will outline ORCID's unique advantages, including that it will leverage DISH's experience as the only operator in the United States to commercially deploy a standalone Open RAN 5G network. DISH and its industry partners have validated Open RAN technology at scale across the country; today DISH's network covers over 246 million Americans nationwide. At ORCID, participants will be able to test and evaluate individual or multiple network elements to ensure Open RAN interoperability, performance and security, and contribute to the development, deployment and adoption of open and interoperable standards-based radio access networks. ORCID's "living laboratory" will drive the Open RAN ecosystem — from lab testing to commercial deployment. Below are highlights of ORCID: ORCID will combine both lab and field testing and evaluation activities. ORCID will be able to test elements brought by any qualified vendor against DISH's live, complete and commercial-grade Open RAN stack. ORCID will use DISH's spectrum holdings, a combination of low-, mid- and high-band frequencies, enabling field testing and evaluation. ORCID will evaluate Open RAN elements through mixing and matching with those of other vendors, rather than validating a single vendor's stack. DISH's experience in a multi-vendor environment will give ORCID unique insights about the integration of Open RAN into brownfield networks. ORCID's multi-tenant lab and field testing will occur in DISH's secure Cheyenne, Wyoming facility, which is already compliant with stringent security protocols in light of its satellite functions. About DISH Wireless DISH Wireless, a subsidiary of EchoStar Corporation (NASDAQ: SATS), is changing the way the world communicates with the Boost Wireless Network. In 2020, the company became a nationwide U.S. wireless carrier through the acquisition of Boost Mobile. The company continues to innovate in wireless, building the nation's first virtualized, Open RAN 5G broadband network, and is inclusive of the Boost Infinite, Boost Mobile and Gen Mobile wireless brands.

Read More

Events