Cloud 9 Advisers - News #firewallCloud 9 Advisers - News #firewallhttps://www.cloud9advisers.com/News/tag/firewallWed, 25 Feb 2026 18:45:58 -0800http://zoho.com/sites/<![CDATA[Supplier Spotlight: CloudGenix]]>https://www.cloud9advisers.com/News/post/supplier-spotlight-cloudgenix

Secure SD-WAN from CloudGenix and Palo Alto

By:

Cloud 9 Supplier Spotlight:  CloudGenix

Secure SD-WAN from CloudGenix and Palo Alto

By now, most organizations have extended their IT infrastructure to the cloud. And many are using multiple clouds. ESG, in a recent webinar presented by CloudGenix and Palo Alto Networks, shared findings from a survey of 600 senior IT decision makers showing that 76% of respondents had already deployed multi-cloud environments, and nearly as many – 67% – were already using SaaS-delivered business applications.


ESG also talked about the challenges of not only ensuring network performance in these complex multi-cloud environments, but also making sure that SaaS-delivered apps are always on, are always secure, and always perform how employees need them to – especially employees in remote office locations.


In a traditional network architecture, applications are housed in an on-premise data center. Remote office workers access those apps via MPLS VPN connections. Routers enable the underlying network between geographically diverse locations, and firewalls deployed at both the central data center and at each remote office create a security perimeter.


But this approach simply doesn’t work in the world of cloud. Here’s why:
  • Cost – more routers are needed to deploy and manage as well as additional MPLS fees.
  • Complexity – already overcommitted teams must manage multiple systems to fulfill network and security needs across multiple locations, and traditional MPLS-based networks are notoriously hard to provision or modify.
  • Performance – with the rise of SaaS-based apps comes a need to not only ensure that networks are performing as needed, but that the apps critical for employees and customers are as well.
  • Security – data breaches and attacks are part of today’s reality, and in the world of cloud services where data is traveling over the public internet, there is no fixed perimeter to patrol.


Opportunities and Obstacles of SD-WAN
Many organizations have adopted SD-WAN solutions to solve for these issues, but they too present their own challenges. Most solutions require multiple hardware products for SD-WAN and security, which once again means more complexity and more cost. Others are mediocre “all-in-one” solutions that have separate roadmaps for features related to network and security, making it near impossible for an organization to simultaneously meet both networking and security needs.


So how can organizations cost-effectively and securely meet the needs of remote branch offices? In reality, overcoming the challenges presented by centralized network architecture or legacy SD-WANs means re-imagining remote office IT infrastructure. It needs to be cloud-delivered rather than based on complex hardware or software stacks, and:

  • WANs have to be unconstrained and highly reliable
  • Security has to be pervasive across multi-cloud, SaaS, and data centers
  • Unified Communications as a Service (UCaaS), voice, and video have to be highly reliable
  • Multi-cloud access has to be high-speed
  • IT operations have to be proactive


Next-gen WANs: The CloudGenix Autonomous WAN

The CloudGenix Autonomous SD-WAN uses global intelligence to deliver performance and security SLAs for all applications over any WAN-type. By providing app-policies aligned to business intent, direct access to multi-cloud and dev-ops frameworks, it delivers significant productivity gains and cost-savings compared to gen-1 SD-WAN alternatives.


Our new joint solution with Palo Alto Networks – and validated by ESG in the Secure SD-WAN: 7 Best Practices from Palo Alto Networks and CloudGenix webinar – combines CloudGenix Autonomous WAN with Palo Alto Networks Prisma Access, enabling organizations to deploy best-of-breed secure SD-WAN that is pre-integrated, requires no additional hardware or software to provision at the remote office, and lays the foundation for a zero-trust security architecture.


The joint secure SD-WAN solution enables organizations to:
  • Apply traffic policy to application traffic. No longer are they restricted to applying policy within the on-premise network. L3 is insufficient in a multi-cloud, hybrid model. L3 – L7 is ideal.
  • Ensure consistent performance and high availability by automatically monitoring performance metrics against threshold, minimizing the need for manual intervention.
  • Create policies in the cloud once and deploy them everywhere without the need for backhauling traffic to a controller
  • Via an easy-to-use platform, integrate other services to be used in conjunction with SD-WAN and deploy them with a few clicks


To hear experts at Palo Alto and ESG talk more about this solution, as well as explain the 7 best practices for a secure SD-WAN, check out the on-demand webinar Secure SD-WAN: 7 Best Practices from Palo Alto Networks and CloudGenix.

CloudGenix is a leading SDWAN company in the Cloud 9 Supplier Portfolio. Our curated list of over 200 companies provides all the nutrients and daily vitamins a growing company needs for their technology: Cybersecurity, Communications, Connectivity, and Cloud. Our SDWAN, SASE, network and cybersecurity experts are vendor-agnostic and will help uncover the right solutions and the right companies to look at for you needs. We can even help reduce your monthly technology operating costs and create new efficiencies you may have never thought possible. 

Contact Cloud 9 Advisers

CloudGenix is a leading SDWAN company in the Cloud 9 Supplier Portfolio. Our curated list of over 200 companies provides all the daily nutrients and  vitamins a growing company needs for their technology: Cybersecurity, Communications, Connectivity, and Cloud. Our SDWAN, SASE, network and cybersecurity experts are vendor-agnostic and will help uncover the right solutions and the right companies to look at for you needs. We can even help reduce your monthly technology operating costs and create new efficiencies you may have never thought possible. 

Learn more about CloudGenix
Learn more about SDWAN

About CloudGenix

We have a deep understanding of complex networking issues and designs. We know the only way to truly solve networking issues that surface with next-generation application architectures, rich media, cloud, and SaaS, is to approach the problem top-down with a transformational networking architecture. An architecture that abstracts the complexity of low-level networking rules and configurations away in favor of top-down business policies for applications, sites, performance, security, and compliance. We built the CloudGenix AppFabric™ from the ground up for exactly this purpose.
CloudGenix: Cloud Blades Platform
Build branch locations with best-of-breed infrastructure services that are pre-integrated and can be turned on with one click.
No additional hardware or software required.
]]>Tue, 11 Feb 2020 09:45:59 -0500<![CDATA[SASE, the next-gen SD-WAN?]]>https://www.cloud9advisers.com/News/post/Is-SASE-the-next-gen-SDWAN

The Four Pillars of SASE: Why Your Legacy Network Architecture is Obsolete

Gartner makes the claim that the shift to SASE will make obsolete existing networking and security models.


Secure Access Service Edge (SASE): The Foundational Shift Driven by Cloud, Mobility, and the Demise of the Traditional Perimeter

A true SASE framework moves security policy from the physical office location to the user’s identity, fundamentally transforming how enterprises connect and protect their digital assets.

The SASE architecture is a fundamental shift, moving the security perimeter from a physical location to a cloud-native, identity-centric service edge.

Secure Access Service Edge (SASE): The Foundational Shift Driven by Cloud, Mobility, and the Demise of the Traditional Perimeter

In 2019, Gartner introduced the Secure Access Service Edge (SASE) model, describing it as a fundamental architectural shift that would eventually render existing networking and security models obsolete. While many in the industry initially treated it as hype, the events of the last few years—namely, the explosion of cloud application usage and the permanence of the dispersed, mobile workforce—have made this prediction an undeniable reality.


Today, every enterprise is facing unprecedented pressure on its legacy network and security architecture. Users, applications, and data have migrated from the confines of the corporate network to the cloud and the edge. This digital transformation improves agility and competitiveness, but it requires a corresponding evolution in how we connect and, more importantly, how we secure those connections.


The SASE category represents this necessary evolution. It converges the capabilities of the WAN edge (networking) with network security (security) into a single, unified, cloud-native service. However, the market is crowded with vendors claiming SASE capabilities, when, in reality, they are offering little more than traditional products loosely "service-chained" together.


To cut through this noise and ensure you are making a strategic, future-proof investment, you must evaluate solutions against the four non-negotiable pillars of a true SASE architecture.


The Problem: When SDWAN Alone Is Not Enough

SDWAN is a critical part of the modern network, solving performance, resilience, and efficiency problems. But as valuable as it is, it is only one part of the larger SASE story.


The traditional approach to security—regardless of whether you use SDWAN—was to backhaul all traffic from remote users and branch offices back to a central, on-premise security stack. This approach is fatally flawed today:

  1. High Latency: For users accessing cloud applications like Microsoft 365, forcing traffic halfway across the country just to hit a corporate firewall and then turn back to the cloud introduces unacceptable latency and degrades performance.

  2. Inconsistent Security: Creating a patchwork of appliances (VPN concentrators, firewalls, web gateways) and physically stringing them together via "service chaining" results in fragmented visibility, inconsistent policy enforcement, and complex management. As Gartner noted, service chaining is emphatically not SASE.

  3. The IP Address Conundrum: Legacy security is tied to a network anchor, typically the IP address of a device or location. In a world where the office can be a coffee shop, an airport, or a home network, an IP address is useless as a hook for security enforcement.

To overcome these structural limitations, the architecture must evolve beyond the old data center and embrace the cloud-native design principles of SASE.


Pillar I: Converged WAN Edge and Network Security

A true SASE architecture is defined by convergence. It cannot be a collection of disparate appliances or services loosely managed by different dashboards.


The Requirement: The WAN edge (SDWAN functionality, traffic optimization, and routing) and the comprehensive network security stack (Firewall-as-a-Service, Secure Web Gateway, CASB, ZTNA) must be folded into a single, cloud-native software fabric.


The Pragmatic Benefit: This convergence delivers the simplicity, scalability, and pervasive security that customers demand. By operating as a single software stack, the platform can perform single-pass architecture inspection, where traffic is decrypted, inspected against all security and networking policies simultaneously, and then re-encrypted. This greatly reduces processing time and latency compared to chaining separate security devices, ensuring high performance while maintaining security coverage.


In essence, SASE mandates that networking and security cannot be two separate domains managed by different tools; they must be a single, centrally controlled entity.


Pillar II: Cloud-Native, Global Service Delivery

The nature of cloud applications—specifically, their sensitivity to latency—demands that networking and security be delivered as close to the endpoint as possible. The edge is the new cloud, and it requires a distributed approach.


The Requirement: SASE offerings must be purpose-built for scale-out, cloud-native, and cloud-based delivery. This means relying on a vast, globally distributed network of Points of Presence (PoPs) to minimize the physical distance between the user and the security enforcement point.


The Pragmatic Benefit: The geographical footprint is critical. It is not sufficient to simply run the service on a hyper-scaler with a limited number of PoPs, as this still forces users in remote regions to connect over long distances. A true SASE solution requires providers with a deep, global footprint and the agility to instantiate a PoP in response to emerging customer demands. This optimized, low-latency delivery ensures that security inspection does not negatively impact the performance of real-time applications.


Pillar III: A Network Designed for All Edges

The traditional network focused almost exclusively on the site (the branch office or the headquarters). The modern enterprise must focus on securing all edges equally—the site, the cloud, and the individual mobile user.


The Requirement: SASE services must be capable of connecting and securing more than just physical sites. This requires an agent-based capability, managed as a cloud service, that can be installed on laptops and mobile devices to extend the full security stack to the individual user, regardless of their connecting network.


The Pragmatic Benefit: Offerings that rely solely on on-premises, box-oriented delivery or only cater to a limited number of fixed cloud PoPs will inevitably fail to meet the requirements of an increasingly mobile workforce and emerging latency-sensitive edge applications. A genuine SASE architecture ensures that an employee working from a home office or a client site receives the same level of security and performance optimization as if they were sitting in the corporate headquarters.


Pillar IV: Identity and Real-Time Condition

This is arguably the most revolutionary pillar of SASE, representing the complete departure from the legacy model.


The Requirement: Security access and policy enforcement must be based on the user's identity and their real-time context (device type, time of day, location, and posture of the device), not the static IP address.


The IP Address Conundrum: Anything tied to a physical IP address is useless for security policy enforcement when users and resources are constantly moving. The legacy data center is no longer the center of the network universe. The new center of secure access networking design is the Identity—with the policy following that identity wherever they go.


The Pragmatic Benefit: SASE allows IT leaders to customize the security level and network experience based on risk. For example:

  • A user accessing a critical financial application from a corporate laptop in the office receives full access.

  • The same user attempting to access that application from an unmanaged personal device (different identity/condition) from a foreign country receives restricted, or zero, access.

All policies are tied to the user's validated identity (which can be a person, a device, or an IoT entity), eliminating the vulnerability inherent in IP-based enforcement and fully embodying the principles of Zero Trust Network Access (ZTNA).


A Pragmatic Call to Action

The introduction of SASE is not marketing buzz; it is a true reflection of our times. The technologies have changed considerably, forcing a profound rethinking of legacy enterprise networks.


As this market category matures, the marketing noise will continue to grow. Your responsibility as a technology leader is to move past the vendor claims and evaluate potential solutions against these four non-negotiable architectural pillars. If the solution cannot prove a cloud-native, globally converged architecture where policy is tied to identity, it will not deliver the simplicity, scale, or security your business needs to thrive in the cloud-first era.


KITS: Keep IT Simple.

Learn about "Sassy"

]]>Tue, 15 Oct 2019 12:47:06 -0500<![CDATA[CyberSecurity Basics]]>https://www.cloud9advisers.com/News/post/cybersecurity-basics

The Basics of Cyber Security, What every business should do

The following is a quick, simple list of must-dos to help businesses of all sizes protect themselves against cyber threats. 

  • Vulnerability Scanning

    • Doesn’t actually fix anything, but...

    • Shows “bad spots’”

    • Good services will show a plan of remediation

    • If subject to compliance (HIPPA, PCI, etc) recurring V.Scans are required

    • Do it at least  annually, quarterly is common for many businesses, monthly “managed” services best, but more costly

Think of it as a home inspection.

  • Penetration Testing

    • Different than a V.Scan but related

    • Considered “white-hat” or “ethical” hacking

    • Attempts to actually hack into your network

    • Should come after a V.Scan and initial remediations steps to test efficacy

    • Most Pen Tests will deliver a detailed, lengthy report of findings and remediation suggestions

    • Usually done annually. Should at least be done every couple/few years.

  • Endpoint Security

    • Mobile Security;

      • increasingly important and often overlooked window in to the network

      • proprietary and cloud apps.

      • corporate or employee owned mobile devices (BYOD)

    • Anti-Virus

    • Firewall, go with a Next Gen FW (NGFW). Best would be a managed Firewall solution. Depending on your situation also look into a cloud firewall solution. 

  • Employee Education

    • Email phishing; train employees to recognize bad, phishing emails by using mock emails


Contact us at Cloud 9 Advisers. We are impartial, independent, and provider-neutral, consultants of Communications, Collaboration, Connectivity, and Cloud technologies. We guide our clients through the morass of options, solutions, and providers. Sign up for our Consulting & Buying Program and get the real story on CyberSecurity and the best methodology for your business.Find out who the best providers are and who to avoid. Get real-world advice, recommendations, and unbiased solution design. 


Through the Program, you’ll have access to our distributor team of provider-neutral SME-Subject Matter Experts and Services Engineers. We’ll help you get pricing and bids from multiple, competing companies through our distributor portfolio of nearly 200 vetted and approved service providers. Use our evaluation tools to show decision makers the entire process, reasoning, and recommendations and complete due diligence for the project. We’ll help manage the entire procurement process (and keep all those pesky sales-guys off your back!). Visit www.Cloud9Advisers.com for more information

Get Started
]]>Sat, 29 Sep 2018 12:27:49 -0500<![CDATA[Cyber Security - What is the cost?]]>https://www.cloud9advisers.com/News/post/cyber-security-what-is-the-costwhat is the real cost of a cybersecurity breach? Are you too small to worry about these things? Are you willing to bet your business on your Firewall and the IT group managing it?]]>
The costs associated with security breaches are going up, jumping 29 percent in recent years to more than $4 million per incident, according to Ponemon’s annual bench marking report. In addition, when it comes to the impacts of breaches – such as cost per record lost – Ponemon says the gap is widening between organizations that are unprepared and those that have added policies and processes like incident response plans, encryption, and employee training.


To calculate the average cost of a data breach, Ponemon collects both the direct and indirect expenses as well as opportunity costs incurred by the organization as follows:
  • Direct cost – the direct expense outlay to accomplish a given activity, such as engaging forensic experts, outsourcing hotline support and providing free credit monitoring subscriptions and discounts for future products and services.
  • Indirect cost – the amount of time, effort and other organizational resources spent in the aftermath of a breach, such as in-house investigations and communications. This category also includes the extrapolated value of customer loss resulting from turnover.
  • Opportunity cost – the cost of lost business opportunities resulting from negative reputation effects after the breach has been reported to victims and publicly revealed to the media.

A recent report from Deloitte says the costs of a cybersecurity breach could be higher than most data shows as the costs can rack up for many years after the initial incident. The firm identified 14 cyberattack impact factors, including seven it claims are hiding beneath the surface and account for 95 percent of the financial impact. (see chart below).

Small business owners need to take caution as well. One may think; "I'm too small to be a target". Security by obscurity is not a good policy. One may think: "I've got a firewall and a good IT company". Are you willing to bet your business on that? Cyber Security is a specialized field and many "generalist" IT and MSP organizations today simply do not have the expertise needed to properly and adequately protect your hard earned investment and customers. There are numerous cost-effective, methods, practices, and managed services that will significantly reduce your exposure and augment what your IT company is already doing.


Contact us at Cloud 9 Advisers to learn about better ways to protect your business. Through our Consulting & Buying Program, our consulting services are free to you. We are provider-neutral, independent, and unbiased consultants of technology, telecom, cloud, and security services.
Get Started Now
]]>Mon, 23 Jul 2018 13:50:54 -0500