Still Managing On-Premise Firewalls? An MSP Alternative…


The SD-WAN market is going to grow by billions during the coming years. It is impractical to share specific growth prediction figures because analysts differ by billions about the amount of expected growth. Yet they all agree that this space will grow exponentially. What does that mean to the Managed Service Providers (MSP)?

The advent of managed software-defined branch networking (SD-Branch) solutions represents a big opportunity for MSPs to secure and service the remote offices and branches of their clients.

If you are in the business of managing firewalls for small branches of highly distributed businesses, or even IoT networks, you may have already heard of SD-Branch and the universal Customer Premise Equipment (uCPE) that powers it. If you haven’t, then here’s a short description: SD-Branch is a single hardware platform that supports SD-WAN features, routing, integrated security, and LAN/Wi-Fi functions that are centrally configured and managed via the cloud.

Adding cellular failover capabilities and Virtual Private Network (VPN) meshing ensures network resilience and business continuity at the branch, but security always comes first. With multi-tenant SD-Branch platforms, MSPs are delivering IT agility (rapid network service provisioning, plug-n-play deployment, low operating costs) but also cloud-deliver next-gen firewall and visibility at the application level of the traffic that comes into and out of the branch. Even with properly segmented traffic, there is no guarantee that a mission-critical application would be safe from a breach. SD-Branch can help with threat hunting by giving the MSP and the business the tools necessary such as deep packet inspection, orchestrated internal vulnerability scans, and application control.

Does the uCPE, the multi-functional SD-Branch edge appliance, replace a firewall? Does it replace a Universal Threat Management (UTM) box?

Well, it could but it does not have to if that’s not desired. It depends on the use case, and the flexibility of the uCPE is key. A uCPE can connect to the branch network easily, by just connecting it between the Internal Service Provider’s (ISP) router and the firewall appliance. You would be surprised at what it can see into the LAN/WLAN past the firewall; proving that the firewall alone, even with endpoint security apps installed across the LAN, is not enough to secure the branch.

To illustrate, we attended the RetailNow conference in San Antonio, TX a few weeks ago - an event where Point-of-Sale (POS) solution developers and POS Value Added Resellers (VAR) gather to showcase their technology and innovations. We connected our uCPE to an LTE cellular network instead of the conference’s Wi-Fi, to demonstrate the reliability of the cellular failover capability. When a POS solution developer asked if they could connect their POS system to our box, we agreed only with the condition (and forewarning) that we would show them what was running on their wire. Guess what happened next? Well, let’s say their POS solution had apps, like social media apps, that had no business running in a POS system.

You can’t catch what you can’t see.

Threat hunting is among the most valued services the MSP can provide to a highly distributed business that processes credit card transactions at the branch. Retail is ripe for a refresh when it comes to cybersecurity. Many retailers limit themselves to comply with the Payment Card Industry Data Security Standard (PCI DSS) but a standard is just a baseline, a starting point, the minimum requirement. There is a way to go beyond the minimum requirements without breaking the bank and it’s a managed SD-Branch solution that delivers security, resilience, and agility.

Netsurion is an MSSP, but of a different breed: we develop our own software, our own hardware, and we run our own Security Operations Center (SOC) and Network Operations Center (NOC). Yet we are aggressively building the channel, including working with MSPs, to deliver the convergence of network and security operations to the small and mid-market. In just over a year since we launched the SD-Branch solution, we’ve deployed over 3,000 uCPEs; half of which are managed by partners.

We are enabling MSPs to deliver more secure and agile networks. We can help you and your clients innovate by augmenting or replacing expensive on-premise firewalls with uCPE and SD-Branch services (including stateful and next-gen firewall service) that make more economic sense to your clients and can help deliver a more comprehensive security stance. Check out our Partner Program!

Blog courtesy of Netsurion, which offers the EventTracker security platform. Read more Netsurion guest blogs here.