WIXLIB

Partnering to Deliver anAutomated Secure AccessService EdgeSilver Peak and Netskope partner to provide scalable,secure branch, HQ and direct-to-net connectivity, withadvanced data and threat protection for application usersAs enterprises accelerate the migration of applications to the cloud, changing traffic patterns are drivingthe need to transform wide area network (WAN)and security architectures. When applications werehosted in enterprise data centers, traffic from branchlocations was backhauled to the data center overMPLS circuits, with the entire stack of security services enforced at data center egress points, requiringonly rudimentary security services at the branch.In today’s modern cloud-first enterprise, applicationsare hosted everywhere: the data center, in public andprivate clouds, or delivered by myriad Software-asa-Service (SaaS) providers. Users access applications.from anywhere, from any device and across diverseWAN transports including broadband internet furthercomplicating the security model and the IT challenge.The dissolving enterprise security perimeter expandsthe attack surface, significantly increasing the needfor advanced data and threat protection services tomitigate exposure to threats.While enterprises could deploy next-generationfirewalls at every branch, that model is too costly todeploy and too complex to manage. To address thesecurity and cost challenges, centrally orchestratedcloud-hosted security services, such as those available from Netskope, have emerged and continueThe dissolving enterprise security perimeter expands the attack surface, significantlyincreasing the need for advanced data and threat protection services to mitigateexposure to threats.Silver Peak Solution Brief1

to experience rapid adoption. The Netskope clouddelivered security service, complemented by theapplication-aware, business-driven Silver PeakUnity EdgeConnect SD-WAN edge platform provides a powerful secure access services edge (SASE)solution that protects the enterprise from threats,delivers the highest application performance anduser experience while keeping costs in check.Key Benefits of the Silver Peakand Netskope IntegratedSolution: Unencumbered safe connectivity to weband cloud applications: Cloud-delivered SaaSsolutions provide optimized application and datadelivery for any user and location.Security without compromising performance:Global cloud infrastructure provides real-time,inline security defenses at scale including,Secure Web Gateway (SWG), Cloud AccessSecurity Broker (CASB), Data Loss Prevention(DLP), Zero Trust Network Access (ZTNA),and more.Automated orchestration: Centralized policydefinitions and true zero-touch provisioningaccelerate deployments of new branch locationsand applications and enable faster assimilationof mergers and acquisitions.Simplified management: Netskope consoleenables security operations while Silver PeakUnity Orchestrator enables network operations for branch connectivitySecure Access Service Edge (SASE): Enablesa SASE architecture, based on integrated bestof-breed SD-WAN and cloud-delivered securityservices.Application Migration to theCloud Compels WAN and SecurityTransformationFor many enterprises, migrating applications to thecloud presents a number of challenges. End-user2application experience is impacted by latency, andthus, cloud-hosted applications perform betterwhen the end-user connects directly over the internet from the branch site. The traditional approach ofbackhauling all application traffic through an enterprise data center via an expensive MPLS connection only adds to the latency, degrading applicationperformance and end user quality of experience.Adoption of local internet breakout to cloud-hosted(IaaS) and SaaS applications directly from branchlocations not only optimizes available bandwidth butalso reduces any latency that can negatively impactperformance and user productivity.The cloud-first paradigm calls for new methods tosecure the access to hundreds or even thousandsof cloud applications. Traditionally, when applications were hosted within the enterprise data center,guarding the enterprise against the unsafe internetwas relatively straightforward with the deployment of expensive next-generation firewalls. But todeliver a high quality of experience for cloud-hostedapplications, enterprises need a high-performance,secure network, built on a highly available foundation that can support local internet breakout fromthe branch reliably while protecting the businessfrom threats. An advanced SD-WAN solution enablesenterprises to intelligently break out cloud-destinedtraffic locally from branch sites over the internet.Additionally, the ability to support micro-segmentation and granular policy enforcement providesenterprises with the ability to secure their WAN,adhere to compliance mandates and defend againstbreaches. And with the comprehensive cloud-delivered security service from Netskope, the end-user isprotected when accessing cloud applications fromremote branch locations. Together, Silver Peak andNetskope, deliver a SASE architecture that uniquelyaddresses the evolving business needs faced bytoday's cloud-first enterprises.Secure WAN Access withSilver Peak and NetskopeCloud-hosted security services, such as Netskope,have emerged to provide a superior securityalternative for cloud-first enterprises. Centrallymanaged cloud-delivered security services deliverSilver Peak Solution Brief

protection for all users, supported by consistentpolicies and policy enforcement across hundreds oreven thousands of sites - without buying, deployingor managing any physical security appliances.Silver Peak First-packet iQ application classification technology automatically identifies morethan 10,000 SaaS applications and 300 million webdomains on the first packet, enabling granulartraffic steering and security policy enforcement.For instance, a business-driven security policymay include: Send data center-hosted application traffic backto headquarters across MPLSSend trusted SaaS traffic, like UcaaS, directly tothe SaaS provider across the internetSend all other internet-destined traffic suchas Box, Salesforce and web browsing to theNetskope cloud-delivered security service forsecurity inspection prior to handing off to theproviders’ cloudEnsuring SaaS performance over the internet is farmore complicated than it is for conventional applications that run over MPLS or a private network. Thechallenge is that even if IT managers can identify theSaaS application, they may be unable to improve itsperformance since network performance is criticalto SaaS, and the internet does not provide the samelevel of SLAs as MPLS services. Silver Peak providesa number of advanced features that optimize SaaSapplication performance over the internet including: Cloud IntelligenceEfficient DNS query resolutionIntelligent Internet BreakoutIntelligent Cloud BreakoutO365 integrationSupport for custom-defined applicationsScalable, Comprehensive Business Connectivity and SecurityThe Silver Peak Unity EdgeConnect SD-WAN edgeplatform streamlines WAN edge infrastructure atbranch locations. The EdgeConnect platform providesoptimal networking services by delivering high-performance, reliable access to public cloud services, privatedata centers, and SaaS-based enterprise applicationsfor branch offices, headquarters and users. Integration with the Netskope Security Cloud provides complementary security services including a next-generation SWG, an advanced CASB, both with API-enabledand inline protections, as well as comprehensive dataand threat protection for users, applications and dataon any device and location. These security servicesare all managed from a single console with unifiedpolicy controls and intuitive reports and dashboardsFigure 1: First-packet iQ application identification and classification enables granular traffic steering to enforce application-specificQoS and security policies.Silver Peak Solution Brief3

for SaaS, IaaS, and web environments. The integratedSilver Peak and Netskope solution delivers the promise of the SASE architecture: a thin branch WAN edgewith comprehensive cloud-delivered security andmanagement.SD-WAN fabric and underlying WAN transportservices and automatically adapts to changing conditions to deliver optimal application performance,even when network changes, congestion or impairments occur.The EdgeConnect SD-WAN edge platform supportsphysical and virtual appliances that deliver consistent,highly available application performance, even forlatency-sensitive applications such as voice and video.EdgeConnect appliances connect to build an SD-WANfabric and communicate via secure IPSec tunnels toone another as well as to the Netskope Security Cloud.From the Silver Peak Orchestrator, IT can configuretunnels from each enterprise branch site locationto the NewEdge network infrastructure, wherethe Netskope cloud-delivered security serviceapplies granular security controls and advanceddata and threat protection. IT centrally defines thebusiness-driven policies that dictate how applications are delivered across the SD-WAN fabricfrom Orchestrator. From a single pane of glass, ITcan quickly define quality of service (QoS) policies,failover prioritization and service chaining to thirdparty network and security services, such as theNetskope Security Cloud. Orchestrator also provides historical and real-time dashboards displayinga wealth of metrics for network health, applicationperformance, network performance, WAN transportservice performance and more.Branch offices connect to the enterprise data centerto access on-prem data center hosted applicationsand route to the Netskope NewEdge networkinfrastructure (a global network infrastructure thatenables Netskope Security Cloud to deliver realtime security without the traditional security andperformance trade-off) when accessing cloud applications and services. Similarly, headquarters-basedapplication traffic traverses the SD-WAN fabric forbranch access and is routed through the NewEdgenetwork infrastructure when accessing cloud apps.EdgeConnect continuously monitors the entireRemote users outside of the Silver Peak SD-WANfabric connect directly to the Netskope Security CloudFigure 2: Silver Peak Unity EdgeConnect SD-WAN integration with Netskope Security Cloud4Silver Peak Solution Brief