When asked “what is your favorite candy bar?” my response was simple: a peanut butter cup. Somehow, the combination of chocolate and peanut butter in the right proportion perfectly hits the mark.
无处不在的里斯(Reese)的花生酱杯中的鲜艳橙色包装杯总是让我注意超市结帐。虽然我通常会抵抗,但有时我只是做不到,包装中的两个杯子只提供了我需要的药物。但是,当假期到来时,看到的糖果释放了自己的花生酱杯,使用更好darkchocolate and a very good peanut butter center.
However the very best peanut butter cup I’ve ever tasted is my sister’s – and actually, it’s a chocolate peanut butter bar. Why is her confection the best? It’s not just because it’s from my sister. It’s because she selects and uses only the highest quality ingredients. Not chocolate chips from a bag, but Valrhona or Guittard or Ghirardelli or another boutique brand. And she doesn’t use supermarket peanut butter from a jar, but rather, freshly ground peanut butter from the local health food store.
在2019年的报告中“网络安全的未来在云中,”Gartner将安全的访问服务边缘定义为薄的WAN边缘,该边缘支持该分支所需的大区域网络功能,例如SD-WAN,SD-WAN是一个基于国家区域的防火墙,分割,路由和WAN优化,并与全面的云集成- 授予安全服务,包括FWAA,SGW,CASB,ZTNA,IDS/IPS,A/V等,所有这些都从云中心进行管理。[1]但是,就像花生酱杯(或花生酱吧)一样,企业不必在其广阔的网络或安全性之间做出权衡,也不应该为“足够好”而定。为了实现SASE体系结构的变革性承诺,具有基本功能的SD-WAN解决方案根本无法提供。而且足够好的安全性也不会提供。企业不应该为两全其美的最好的事情而定。
Why Best-of-Breed WAN?
WAN的工作是尽可能高效地将用户与应用程序和数据联系起来,并且具有最高水平的性能和可用性。一个简单的例子:如果呼叫中心员工可以每小时处理11次交易,而不是由于响应时间的改善而不是10笔交易,则直接转化为生产率和潜在的增量收入和企业的盈利能力的10%。
Anadvanced SD-WAN platformthat can granularly apply the appropriate quality of service and security policies based on business requirements can improve application response time, performance and availability, and yield tangible business outcomes. When making the SD-WAN platform decision to implement SASE, it’s important to evaluate all of the performance and security capabilities of the unified solution and translate them to business value; it’s incredibly important to discern the differences in the business value delivered via a basic SD-WAN solution in contrast to an advanced WAN edge platform.
以下七个功能的组合描述了高级SD-WAN平台的属性,该平台将完全符合SASE架构的承诺。
- First-packet application identification to enable granular traffic steering
- 自动化,每日应用程序定义和TCP/IP地址表更新
- Automated orchestration with cloud-delivered security services
- Automatic failover to secondary cloud enforcement point if the primary is unreachable
- Automatic reconfiguration should a closer enforcement point become available
- 使企业能够以自己的节奏实现SASE架构
- Freedom of choice to avoid vendor lock-in, enabling the adoption of new security innovations as they become available in the future
为什么最好的云安全性?
威胁格局每秒都在改变。2018年McAfee studyreported that hackers create 300,000 new pieces of malware daily. According toForbes,每天30,000个网站被黑客入侵。每天都有新的威胁和新威胁向量表面。这意味着企业必须保持警惕,并拥有首选自由来整合当今最好的安全安全和in the future is of paramount importance.
When evaluating the security decision for SASE, it’s important to retain the flexibility and agility to adopt any security innovations that may be required to quickly mitigate exposure to new threats and new类型of threats as they emerge.
Why Freedom of Choice?
Some vendors market and offer an “all-in-one” SASE solution promising seamless integration, simplicity and the benefit of having a “one-throat-to-choke” business model. While this may sound enticing on the surface, it routinely results in vendor lock-in and compromise. It means either compromising the advanced networking functionality described above to fully optimize your SASE architecture. Or it means potentially exposing the enterprise to new threats that require rapid intervention. An open, advanced SD-WAN platform also enables enterprises to transform their security model and adopt SASE at their own pace, the best of both worlds.
但是让它变得容易
显然,一个开放的高级SD-WAN平台,该平台与最佳的云提供的安全供应商(复数)无缝集成,从而灵活地始终向用户提供最高水平的云应用程序性能,同时减轻风险为企业。为了实现这些目标,阿鲁巴在EdgeConnect SD-WAN platform和many best-of-breed cloud security vendor solutions including Zscaler Internet Access, Netskope Security Cloud, Check Point CloudGuard Connect and Palo Alto Prisma Access. These integrations automate the configuration of secure primary and secondary connections (IPsec tunnels) between branch locations and cloud-security enforcement points of presence and configuration of end-to-end security policies, all from theAruba Orchestratormanagement console.
这个故事的主旨
And the moral of the story is, like the peanut butter cup so readily available in the bright orange wrapper, sometimes足够好了。However, when it comes to your enterprise network and security, you should never be forced to compromise and settle for够好了. Adopting best-of-breed networking and best-of-breed cloud-delivered security for your SASE implementation delivers the highest end user quality of experience and the highest level of enterprise risk mitigation without compromise.
