Orchestrated App-Driven Security Policies

Simplified SD-WAN security service chaining protects users no matter where the applications reside

With First-packet iQ application classification and seamless service chaining (see Figure 1) supported in the Unity Orchestrator, highly-granular security policies can be configured and automated to protect the branch office with Silver Peak’s industry-leading technology and security integrations with our alliance partner ecosystem (see Figure 2). For example, security policies might be defined to:

  • Send all known, trusted business SaaS and web app traffic directly to the internet
  • Send “home from work” applications like social media and entertainment applications to a secure web gateway such as Zscaler
  • Send all untrusted, suspicious and unknown applications back to a hub or headquarters-based next-gen firewall from Palo Alto, Fortinet or Check Point
Figure 1

In addition, EdgeConnect provides basic firewall and security capabilities for “thin branch” offices that do not host applications. The EdgeConnect stateful firewall allows traffic out but only allows ingress traffic in response to user-initiated sessions. It creates a trusted whitelist of SaaS and internet applications to steer them directly to the Internet while directing other app traffic to a secure web gateway or next-generation firewall at a regional hub or headquarters.

Figure 2

The stateful firewall coupled with granular security orchestration provides the highest levels of application performance based on business intent, simplifies the branch office, and lowers Capex while protecting the business from vulnerabilities.