With so many people working from home, PC sales in April broke a two-decade record — and most of these new devices need to connect to corporate networks. CISOs and IT admins face a daunting challenge when implementing remote workforce policies: figuring out how to allow new productivity tools and more exposure points without increasing the risk of compromising the network.
For multinational corporations, successfully protecting corporate assets also depends on the ability to deploy secure access policies quickly and at global scales, with zero-touch roll-out to keep overhead cost to a minimum.
Announcing Cloud Edge Secure Access 1.1
To help ease these challenges, SonicWall has announced the release of Cloud Edge Secure Access 1.1.
Unveiled in Nov. 2020, SonicWall Cloud Edge Secure Access is a cloud-native solution that provides worldwide Network-as-a-Service with integrated Zero-Trust and Least-Privilege security.
With 1.1, SonicWall is adding new Device Posture Check and Network Traffic Control features. This marks a significant milestone, as it completes the Zero-Trust Network Access capability suite. The additions enable Cloud Edge Secure Access to control the entire security stack — from users and devices to the end-to-end network and corporate resources.
The Anatomy of a Network Breach
Before discussing the details of the new features, let’s look at the anatomy of a network breach. There are many ways that malware can compromise a corporate network, but here are the most common:
- BYODs: The most common method is the accidental download of malware while working on personal mobile devices, which frequently lack anti-virus protection.
- Home Networks: Without a dedicated firewall in place, home networks are “semi-secure” at best — especially if they are connected to an easily breached, multi-purpose gateway.
- Public Hotspots: Even IT-issued devices can be at risk on public Wi-Fi networks. These hotspots allow data to be intercepted and exfiltrated and open an avenue through which malware variants can be injected into the device.
- Loaner Corporate Computers: Working on temporary shared computers can leave malware in the browser cache or left behind as attachments.
Zero-Trust Network Access Security Starts with Devices
In the original 1.0 release, the device verification feature was limited to checks for the OS type, time of access and geo-location to ensure there was nothing out of the ordinary about login attempts.
With the addition of Device Posture Check (DPC), network access is granted only to authorized users and compliant devices that have passed stringent OS integrity and malware-free environment verifications.
When combined with anti-virus or endpoint security software, DPC can stop malware from entering the network. Even if a breach does occur, malware will be contained within a specific micro-segment of the network, preventing further lateral movement and larger breaches. (The micro-segmentation requires Network Traffic Control (NTC), which we will discuss shortly.)
Based on the outcomes of specific security attributes — including certificates, registry and encryption status — DPC marks a device as healthy or unhealthy.
DPC then presents the total number of healthy and unhealthy devices in a simple dashboard that allows an IT admin to assess the network-wide threat level and, if needed, quickly drill down to a particular device to revoke access.
To save time and roll-out cost, DPC supports a zero-touch deployment model and full backward compatibility with Cloud Edge 1.0 desktop and mobile clients.
Software-Defined Micro‑Perimeter Security Follows the Users
The core feature of any Zero-Trust environment is the creation of micro-perimeters around critical segments, also known as micro-segmentation. With the new NTC, the perimeter is software-defined and the built-in stateful firewall-as-a-service forms protective boundaries that control inbound and outbound network traffic.
NTC also acts as the Least-Privilege access manager, which allows an IT admin to deny or allow traffic from a specific user, device or location, and to a specific region, network, associated services and applications. As a result, every user can access only what’s necessary and nothing more — enabling complete “Zero-Trust Network Access Security.”
By limiting the exposure to other sensitive areas of the network, organizations can prevent threats from moving laterally, thereby securing their resources without sacrificing their operational flexibility.
The addition of Device Posture Check and Network Traffic Control to the Cloud Edge Secure Access solution strengthens security control against network breaches and cyber intercepts. These threats are increasingly common, particularly among organizations that rely heavily on public infrastructure (such as the internet or public hotspots) to transport sensitive data, and those using public clouds as private data centers.
SonicWall Cloud Edge Secure Access will be available for the general public at the end of August. SonicWall invites you to view the demo of this simple yet powerful SASE product. To demo this simple yet powerful SASE product, click here.