Growing and Securing Your Direct-to-Internet Traffic in the Branch

All-in-One Cloud-Managed Solutions Enable New Architectures at the Edge

In recent years, direct-to-Internet traffic — also known as Direct Internet Breakout (DIB) or Direct Internet Access (DIA) — has taken shape as a viable alternative to a traditional MPLS setup. Cloud storage providers and lower-cost WAN links such as wired broadband and LTE enable organisations to take much of their network traffic straight to the cloud — bypassing the data-centre altogether. It’s a much simpler process that decreases costs, latency, complexity, and IT man-hours.

Even with its many benefits, taking data directly to the Internet poses one clear challenge: security. Does bypassing the data-centre, with its fortress of security appliances, leave enterprises too vulnerable to attacks, as well as to security mishaps from employees’ laptops, tablets smartphones, and other network-connected devices?

What You Need to Secure Direct-to-Internet Traffic

To allow direct-to-Internet network traffic without sacrificing security, enterprises should consider all-in-one solutions that check several boxes:

Flexible Internet Access

A router that supports wired broadband Internet links and has an embedded LTE modem with dual-carrier capabilities gives IT teams the network diversity to ensure high availability and the flexibility to set up Internet access in a wide variety of locations.

Using Firewalls

A router featuring an integrated firewall with centralised rule-based policies serves as an extension of the network administrator. This will prevent unauthorised or unknown traffic from entering the branch network, provides network address translation (NAT), and can be used to limit what applications are allowed. A firewall with segregation also can be used to separate business-critical applications from other types of traffic. For instance, guest WiFi users shouldn’t be able to access the corporate network.

Content-Filtering

With so many employees and devices accessing the Internet, many organisations need content filtering so they can protect themselves from malicious or inappropriate traffic — whether it’s a primary school restricting children’s access to certain sites or a company preventing staff from downloading malware or visiting phishing sites.

Cloud-managed routers that either support or include cloud-based web filtering tools such as Zscaler Internet Security give enterprises the option to increase visibility and business intelligence by accessing extensive security analytics.

Intrusion Detection & Prevention (IPS & IDS)

Intrusion detection systems (IDS) and intrusion prevention systems (IPS) are key tools for enterprises seeking another level of protection against cyber attacks. IPS sifts through traffic coming into the router, detects attack attempts, and rejects malicious packets. If the router has a cloud management system, an IPS tool such as Trend Micro’s deep-pack inspection (DPI) engine can work with the cloud manager to provide real-time alerts that notify the organisation when an attack is taking place and should be blocked. 

Software-Defined-Branch

Allowing web, SaaS, and cloud traffic to exit the branch and go directly to the Internet improves the user experience, reduces latency, and reserves expensive links for data-centre traffic — but the addition of security risks must be considered. Utilising an all-in-one branch solution that includes flexible Internet access, a firewall, content filtering, and IPS/IDS helps ensure you have the security protections your users need.

Even so, layering on complexity in the branch carries its own cost, and to receive the benefits of direct-to-Internet architecture without bloating your branch infrastructure and adding management costs, an integrated branch SD-WAN router is the ideal solution.

Explore All-in-One Branch Solutions

Learn about Cradlepoint’s cloud-managed all-in-one branch connectivity solutions:

Explore our Retail Solutions

Check-out our new EMEA dedicated Microsite here:

Contact me directly at [email protected] to discover how our world-class LTE-based solutions can transform you network connectivity.

#cradlepointemea - The Global Leader in LTE-based Enterprise Network Solutions