SD-WAN and Comprehensive Network Security that is Within Reach

By Cambium Networks

SD-WAN and comprehensive network security solutions used to be limited to large companies with a big budget and large IT staff. Not anymore. Now, small- and medium-sized enterprises facing new business and technical realities can provide these services. With ~30% of employees now working remotely, more IoT devices in their network increasing the threat surface, and a mandate to do all this with leaner IT staff, these enterprises still need to meet service-level agreements (SLA).

Managed service providers (MSP) and medium-sized lean IT companies also contend with:

  • Scarce security-skilled IT professionals
  • Fragmented and heterogeneous tools
  • Integration of multiple functions (networking and security, LAN and WAN, wired and wireless)
  • Inefficient network management

With the introduction of Network Service Edge (NSE), Cambium Networks addresses these challenges with a cloud-managed, converged WAN Edge solution at the right price point for MSPs and medium-sized companies. NSE is an ideal fit for all small and medium enterprises including:

  • Assisted living
  • Bank branches/credit unions
  • Coffee shops/cafes
  • Healthcare clinics
  • K-12 education schools
  • Restaurants
  • Retail (excluding big box)
  • RV parks

The three pillars of the cloud-managed, converged WAN Edge solution include:

  • SD-WAN – Two WAN links provide for failover, application load balancing and prioritizing business-critical applications.
  • Network Security
    • Includes built-in firewall with advanced Layer 3 and application-based rules along with industry-leading IDS/IPS engine to protect network against current and emerging threats.
    • VPN with multi-factor authentication for enhanced password-based authentication for remote workers to log in from any device. NSE supports the industry standard and widely supported L2TP-IPsec VPN.
    • Geo-IP filters to deny/allow traffic to/from specific countries and blocking traffic to known malware sites while keeping the malware offender database continuously updated.
    • Periodic vulnerability scan of wired and wireless devices to provide an additional layer of security on LAN allowing audit of security vulnerabilities and notification when critical vulnerabilities are discovered.
    • OT/IoT devices have expanded the attack surface and created a blind spot for IT administrators and NSE with AI-based monitoring and identification provides visibility of all IoT devices in the network.
  • Network Services
    • DHCP, DNS and RADIUS services are available natively. Built-in RADIUS server allows creating user accounts and setup of secure network authentication for all the users and devices.
    • NSE is managed by cnMaestro, which also manages Cambium Networks’ enterprise Wi-Fi, switching and FWBB portfolio.
    • NSE keeps all databases current and always updated – intrusion rules, vulnerability reports, device signatures, Geo-IP databases and malware sites database.

Published January 11, 2023