Secure Enterprise SDN
Enhance Network Security and Reduce Admin Effort with Secure Enterprise SDN (SES™)
Allied Telesis Secure Enterprise Software Defined Networking (SES) is a state-of-the-art network management and security solution. It provides what enterprises consistently tell us they need: reduced network management costs, increased network security and an improved end-user experience. SES is the only commercially available SDN solution that improves all these areas: it reduces network management costs by removing duplication of effort; it increases network security by automating responses to security threats; and it improves end-user experience because people no longer have to wait for network changes to be made manually.
SES comprises an intelligent, fully-featured SDN controller. It reduces manual effort and cost in two ways: firstly, it reads data from business applications and automatically changes the network configuration to match, and secondly, it works with security applications to instantly respond to alerts and block the movement of threats anywhere within your wired or wireless network.
Business application integration
The SES controller includes powerful northbound APIs that collect real-time data from business applications. SES analyses this data to decide if network configurations need to be altered to reflect new business rules. For example, when new employees join the company, their details are entered to the HR system. SES detects this and automatically instructs the network to grant the new users the appropriate level of network access.
Automatic security threat isolation and remediation
Most organizations utilise an Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) to defend their network from attacks. However, an IPS can introduce latency and bottlenecks, and most IDS can only warn if a threat has been found; they cannot act to block the offending traffic. By the time the operator reacts to the warning, the damage may have escalated.
SES uses best-of-breed IDS applications to identify threats, then responds immediately to isolate the affected part of the network. It is then capable of automatically quarantining the suspect device and applying remediation so that it can re-join the network with a minimum of network disruption and without manual intervention. Responses are configurable and comprehensive logging provides a clear audit trail of the actions taken. This is a truly innovative feature that helps organizations avoid lost time and unnecessary disruption to services.
Block threats at source
Most IPS solutions are only capable of blocking suspicious traffic as it passes through the IPS device. Since this tends to be near the gateway to the Internet, only external threats can be detected and blocked (this is the traditional “secure border” model). However, SES can isolate traffic anywhere in the network, so it can prevent threats not only on the border but threats inside the network too (introduced inadvertently by staff with USB sticks, BYOD, etc.). This makes SES an innovative security solution that can monitor traffic entering and traversing the local network without introducing latency or bottlenecks.
Wired and wireless SDN
SES is the first commercial SDN solution for wireless networks that offers programmability and control at the network edge where it is most needed. Allied Telesis wireless access points are OpenFlow capable and can be controlled by the SES controller to provide a dynamic wireless network that offers end-users a better experience. New policies and security updates can be easily implemented from the centralised controller to all access points in seconds, to dramatically cut the time required for network and security management, with a corresponding reduction in operating costs.
Open and flexible SDN solution
SES interoperates with networks containing compatible OpenFlow switches, and a range of physical and virtual firewall products. So there is no need for a forklift upgrade of the network to take advantage of the benefits of SES – it can interoperate with a wide range of existing equipment.
SES also integrates with Allied Telesis Automation Management Framework (AMF), which is a powerful network management and automation tool that also delivers cost and time savings. When used with AMF, SES no longer relies on the OpenFlow protocol to communicate with the network devices. Instead it can use AMF to deliver instructions to conventional network devices. Therefore, this provides all the benefits of an SDN solution without the need for OpenFlow. This lowers the risk and cost for enterprises to adopt SDN solutions since their existing network can remain unchanged.
The key benefits of Allied Telesis SES are:
- Network configuration is driven by business rules, not buried in lines of config scripts, so changes are easier to make and less error prone.
- Duplication of effort is removed so the IS team can focus on more valuable work, which saves time and money.
- User experience is better because network changes are implemented as soon as the business system is updated – there are no delays waiting for IS staff to process the changes.
- New value can be unlocked by adding more business applications to SES to gain greater efficiencies
- Network security is improved because responses to threats and remediation is automated
SES is an innovative SDN solution delivering real value by removing duplication and reducing network operating costs, while constantly monitoring for threats and instantly protecting the network. While other SDN solutions provide esoteric solutions for obscure networking problems, SES delivers true business value every day.