Cygna Labs
Book a Demo
shield

Strengthen your organization’s cybersecurity posture with software solutions from Cygna Labs

DDI Helps Secure Your Service Edge

Realize the promise of Secure Access Service Edge (SASE) and secure your expanding service edge without sacrificing security at the critical DDI layer

DDI without the sass
DDI without the sass

The Secure Access Service Edge (SASE) initiative builds upon enterprise networking evolution from a single Internet access point to several Internet breakout points. The emergence of SD-WAN’s multiple access capabilities pushes the Internet edge to each remote site. This topology optimizes cloud application performance by enabling remote offices to connect directly instead of traversing a private WAN to the singular Internet access point.

Manage your micro-perimeter IP assignments
Manage your micro-perimeter IP assignments

SASE layers several security approaches onto this pervasive edge to secure connectivity between Internet breakout sites and cloud applications. These approaches include zero trust networking, secure web gateways, firewalling as a service and cloud access security brokering. The realization of SASE enables an enterprise to simplify end users’ application experiences with the provision of a secure, multi-access, highly available network.

Manage your macro-perimeter edge IP allocations
Manage your macro-perimeter edge IP allocations

From a DDI perspective, SASE implementations require proper subnet and IP address provisioning across diverse sites on-premises, remote or in the cloud. Identification of users and devices upon connecting to the network contributes vital data to a comprehensive zero trust authentication process. DNS servers at each Internet breakout site steer application traffic between the cloud and data centers furnishing an additional security layer for SASE.

Secure Internet breakouts
Secure Internet breakouts

Internet breakout DNS servers are vital to reducing Internet break-in at Internet breakout sites. Properly routing queries on-network versus to cloud destinations reduces network leakage. DNS firewalling can help detect malware queries to command and control centers. DNSSEC validation authenticates signed resolution data. DNS tunnel shutdown prevents exfiltration of sensitive corporate or personal information. And logging of queries and responses provides visibility and forensics.

Security, visibility, forensics
Security, visibility, forensics

Diamond IP solutions serve as a vital ingredient in securing your service edge access. Our IPControl IPAM system tracks IP assignments across your enterprise, remotes and cloud infrastructure. Sapphire appliances provide rich DNS security features natively without additional licensing. The Sapphire A30 Auditor appliance centralizes DNS (with IPAM and DHCP) transaction logging with rich graphical reporting and analytics.

icon

DDI Helps Secure Your Service Edge