Realize the promise of Secure Access Service Edge (SASE) and secure your expanding service edge without sacrificing security at the critical DDI layer
DDI without the sass
The Secure Access Service Edge (SASE) initiative builds upon enterprise networking evolution from a single Internet access point to several Internet breakout points. The emergence of SD-WAN’s multiple access capabilities pushes the Internet edge to each remote site. This topology optimizes cloud application performance by enabling remote offices to connect directly instead of traversing a private WAN to the singular Internet access point.
Manage your micro-perimeter IP assignments
SASE layers several security approaches onto this pervasive edge to secure connectivity between Internet breakout sites and cloud applications. These approaches include zero trust networking, secure web gateways, firewalling as a service and cloud access security brokering. The realization of SASE enables an enterprise to simplify end users’ application experiences with the provision of a secure, multi-access, highly available network.
Manage your macro-perimeter edge IP allocations
From a DDI perspective, SASE implementations require proper subnet and IP address provisioning across diverse sites on-premises, remote or in the cloud. Identification of users and devices upon connecting to the network contributes vital data to a comprehensive zero trust authentication process. DNS servers at each Internet breakout site steer application traffic between the cloud and data centers furnishing an additional security layer for SASE.
Secure Internet breakouts
Internet breakout DNS servers are vital to reducing Internet break-in at Internet breakout sites. Properly routing queries on-network versus to cloud destinations reduces network leakage. DNS firewalling can help detect malware queries to command and control centers. DNSSEC validation authenticates signed resolution data. DNS tunnel shutdown prevents exfiltration of sensitive corporate or personal information. And logging of queries and responses provides visibility and forensics.
Security, visibility, forensics
Diamond IP solutions serve as a vital ingredient in securing your service edge access. Our IPControl IPAM system tracks IP assignments across your enterprise, remotes and cloud infrastructure. Sapphire appliances provide rich DNS security features natively without additional licensing. The Sapphire A30 Auditor appliance centralizes DNS (with IPAM and DHCP) transaction logging with rich graphical reporting and analytics.
Hybrid Exchange Auditing
Cygna Auditor provides a single correlated view of changes in Exchange Online and Exchange On-Premises.
Open Your Eyes to Better Network Security
Visibility is step one to identifying and monitoring network and DDI assets and transactions.
DDI as code
IP Address Management (IPAM) and its corollary functions DHCP and DNS, collectively DHCP-DNS-IPAM (DDI), is often considered a necessary evil by most IT and Operations Engineers.