Subsections of OLD UC

Replace VPN with SASE

Where remote users are connected to applications, clouds or offices through Acreto. This is a remote work-from-anywhere model where the destination and the device are protected.

How it works?

Start with a Scenario: This section would start with a network diagram of users at hotels, homes, a coffee shop with a company employees.
The usernames are in LDAP data store in A/D, Azure-directory, Google

[PLACEHOLDER for graphic]

Secure remote user access with SASE

Configure Acreto

  • Register Acreto account to start using zero-trust policy solution.
  • Configure first ecosystem and add Thing into it.
  • Create your own network rules to get control of which Thing or User can connect to the Internet. Define basic policy Allow All or block selected adresses.
  • Configure LDAP directory or import user using CSV file - Acreto will create account for them and allow them to add their own things.
  • Assing users to roles that will define users’ permissions.
  • Configure Threat detection for your ecosystem to prevent a potential security breach.
  • Test threat detection is working. Go to http://wicar.org. Download the malware and show that it is blocked. Show the username, device, and the type of malware that’s detected.

Educate users on how to be more secure using Acreto SASE

  • Send account details to users.
  • Help users to connect on Windows, MacOS, Linux, Android, iOS
  • Ask users to configure theirs thing on Acreto and to download Acreto client - this will allow them to start using SASE.
  • Explain basic security rules to users f.e: why the username and password have to be typed in each time and can’t be cached? - make your Users be aware of the security rules.
  • Show users how

and explain the setup of users with and without 2FA

Stay updated

  • Observe the [dashboard] () and [logs] () to stay informed about your things, users, and network traffic - that the best source of information.
  • Keep updating your security policy each time you see new threats or “time thieves” in your company.

Device, onboarding without username

Onboard by device

This should be self-explanatory and this is what we do today. So section 2 should be written in anticipation of the feature that’s coming in mid Sept.

Secure Third-party Access

Secure Third-party Access

On-demand connection of third-parties such as vendors, customers to specific company resources

Cloud / VPC Security

Cloud / VPC Security, Hybrid cloud infrastructure and Secure Application & Data Interconnect (SADI)

Securely connect distributed applications that span multiple platforms and service providers. VPC in Google Cloud talking with VPC in Azure. How do I connect this and secure it

Configuring Threat Detection

Configuring Threat Detection

Show how to block adult websites Show how to block application group Peer-to-Peer and chatting

Secure sanctioned SaaS Access

Implements limits and controls for organizational user access to SaaS applications such as Salesforce.com or Office 365.

  • Explain how to lock down IP address access to only be from Acreto using a feature such as conditional access
  • Explain how to lock down Salesforce to only be from specific IP addresses. This article explains it

3rd party Secure SD-WAN

3rd party Secure SD-WAN

Explain how to connect Cisco Viptela SD-WAN to Acreto SASE. This is a larger topic that may need its own guide like this. When we are ready we can get the help of the Secuview engineering team to help us

Secure SD-WAN

Secure SD-WAN [FUTURE, this requires some setup in the lab first]

Interconnect sites, clouds, data centers, applications and devices into a secure SD-WAN infrastructure.

  • Network diagram showing a branch office with 4 internet links: (Cable, DSL, LTE, and MPLS)
  • Show how our vGateway can be configured with 4 different interfaces with 4 parallel IPSEC tunnels
  • Show that routing can be setup with equal costs and LAG

Network Gateway Security / Clean Pipe

Network Gateway Security / Clean Pipe

Clean and controlled access to the Internet for offices and networks.

Application and server Security

Secure backend applications for any type of access including offices, remotes users, or Internet users.

  • Explain the concept that the traffic to servers is routed to Acreto
  • Show Network diagram of before and after showing a webserver and LBs on AWS but traffic routes through Acreto
  • Setup instructions for reflection NAT