triangle triangle triangle

Blaze Private SD-WAN™

Blaze Networks have created a unique network across the UK which blends a highly resilient and secure network design with industry leading secure equipment and our own UK-based Network Operations Centre (NOC). Based around our own network, we provide multi-site businesses with their own private SD-WAN networks which are highly secure and reliable.

Blaze Private SD-WAN™
Blaze Networks have created a national network which blends a highly resilient and secure network design with industry-leading secure equipment and our own UK-based Network Operations Centre (NOC). Based around our network, we provide multi-site businesses with their own private SD-WAN networks which are highly secure, scalable and reliable.

Blaze Private SD-WAN™ Avoids Internet Security Vulnerabilities

Blaze has designed our SD-WAN solution with security built in from the ground-up. Unlike many other SD-WAN providers, Blaze avoids unnecessary use of the public internet. We connect customer sites directly to our own core network, so all communications within and across your business locations is carried within a closed, highly secure, compliancy-driven environment. This enables us to avoid connecting your sites to publicly available entry points on the public internet, reducing the cyberattack surface.

Connecting sites directly onto the Blaze core network is a much more secure method, and it avoids the need to manage, guard, and test these publicly available entry points which – even if done thoroughly – represents a major management burden from a network management perspective.

Blaze Private SD-WAN

Secure Connection to Popular Hosting & Colocation Environments
As you would expect, where customers are using Blaze Cloud™ hosting services your SD-WAN connections link to your cloud-based systems through the Blaze Private SD-WAN™, so the complete path between cloud services and end-users avoids exposure to the security risks of the public internet altogether.

Many organisations will, however, choose to use AZURE, AWS, or Equinix for their cloud hosting or colocation services. Blaze has therefore established direct (and resilient) network links to each of these leading environments (avoiding passing any network traffic over the public internet). We provide the flexibility to include any combination of these environments in your own Private SD-WAN, thereby ensuring a very high level of security across your network as well as delivering operational flexibility.

Multi-layered Security in your Private SD-WAN

By using Fortinet equipment and our Cisco-based private network technology, Blaze Private SD-WAN™ incorporates best-of-breed next-generation firewall (NGFW) security, advanced routing, and WAN optimization capabilities, delivering a security-driven, compliancy certified network for our customers. We employ comprehensive security set-up and configurations at all points within the network to comprehensively guard against cyber security threats of all types.

Controlled, Protected, and PCI-DSS Compliant Connection to Public Internet

The design of Blaze Private SD-WAN™ avoids deploying publicly available entry points to the public internet at customer sites. Blaze takes control of secure access to the public internet through a highly secure (and resilient) gateway onto the Blaze Private Core Network. We manage this single access point intensively, employing well-proven and tested advanced systems and techniques. Our customers’ Private SD-WAN networks gain access to the public internet through this carefully guarded gateway, whose security is fully tested. We can provide you with an AoC (Attestation of Compliance) for our Core Network as part of your own PCI-DSS compliance certification.

Centralised Control of all Network Elements

As a Managed Security Services (MSSP) provider, Blaze can either fully manage or co-manage your Blaze Private SD-SAN™ on your behalf. The Blaze Private SD-WAN™ infrastructure offers a single pane of glass solution to your network environment. Blaze Private SD-WAN™ is a complete end to end networking solution and can, optionally, extend into your LAN switching and wireless infrastructure.

While having centralised control of each customer’s SD-WAN, mitigating human factor vulnerabilities is also important. We therefore use Role-Based Access Control (RBAC) so each Blaze engineer only has access to their required environment or areas within the SD-WAN stack. Additionally, each change is required to be authorized by a high-level Blaze engineer before it is implemented.

Our network management incorporates a revision backup procedure, so every change can be reviewed against a previous revision, and quickly restored if an issue is found with the newest revision. Intent-based networking can be achieved by pushing template configurations from a central repository, reducing implementation times from days or weeks to minutes with the Blaze Private SD-WAN™ offering.

Finally, remote user devices such as laptops are protected and authorised onto the network using 2- factor authentication. This allows the endpoint user to access work resources and the internet through a secure VPN bypassing the untrusted internet. This is all managed through a central system, also providing the option of full patch management of the end users device and the ability to instantly quarantine an endpoint user if their device is compromised.

Secure AND Efficient, Low-latency Private SD-WAN Design

As part of creating each customer’s Blaze Private SD-WAN™ we create a centralized control mechanism that can determine and route the ideal path for traffic (MPLS, 3G/4G, or broadband) ensuring you can quickly and easily access business-critical cloud applications or even balance application workload over multiple lines using new improved layer 7 routing capabilities.

Within a customer’s Blaze Private SD-WAN™ we use Distributed Firewall Walls (DFW) at Branch Sites which each have two IPsec tunnels associated with the SD-WAN, allowing the traffic to be fully encrypted in the Blaze private network. Because we use BGP as the dynamic routing protocol through the encrypted tunnel, the network allows for active / active routing down multiple lines.

A Next Generation Firewall (NGFW) within the Edge Data Centre is implemented at the exit points of the Blaze private network. This has IPsec tunnels formed with the DFW branch site. All Unified Threat Management (UTM) protocols are done on the Edge firewall, allowing for a cost-effective deployment on the DFW’s as UTM subscriptions are not required.

In addition to an efficient design, we have selected USA-based Fortinet as our technology partner of choice when building customer-specific Private SD-WANs. Having achieved “Leader” status in industry reports such as several of Gartner’s Magic Quadrants, Fortinet received its second consecutive “Recommended” rating from the USA’s NSS Labs in their SD-WAN Group Test. (NSS Labs is recognised globally as the most trusted source for independent, fact-based cybersecurity guidance.) Fortinet equipment combines excellent performance with advanced security features, superb manageability, and excellent Total Cost of Ownership (TCO) per Mbps.

Blaze Private SD-WAN™

Our goal in providing customers with a Blaze Private SD-WAN™ is to deliver a highly secure, performant network which is easily adaptable to changes in a customer’s needs, while easing the challenges of high quality network management on the customer’s networking and IT team.

To find out more, please contact us.

Want to know more ?

Find out how Blaze Networks can help improve your network and your business

0333 800 0101