OLD UC
Implementation examples
This chapter will show you how to secure your company and infrastructure with Acreto SASE.
Subsections of OLD UC
Replace VPN with SASE
Where remote users are connected to applications, clouds or offices through Acreto. This is a remote work-from-anywhere model where the destination and the device are protected.
How it works?
Start with a Scenario: This section would start with a network diagram of users at hotels, homes, a coffee shop with a company employees.
The usernames are in LDAP data store in A/D, Azure-directory, Google
[PLACEHOLDER for graphic]
Secure remote user access with SASE
Configure Acreto
- Register Acreto account to start using zero-trust policy solution.
- Configure first ecosystem and add Thing into it.
- Create your own network rules to get control of which Thing or User can connect to the Internet. Define basic policy Allow All or block selected adresses.
- Configure LDAP directory or import user using CSV file - Acreto will create account for them and allow them to add their own things.
- Assing users to roles that will define users’ permissions.
- Configure Threat detection for your ecosystem to prevent a potential security breach.
- Test threat detection is working. Go to http://wicar.org. Download the malware and show that it is blocked. Show the username, device, and the type of malware that’s detected.
Educate users on how to be more secure using Acreto SASE
- Send account details to users.
- Help users to connect on Windows, MacOS, Linux, Android, iOS
- Ask users to configure theirs thing on Acreto and to download Acreto client - this will allow them to start using SASE.
- Explain basic security rules to users f.e: why the username and password have to be typed in each time and can’t be cached? - make your Users be aware of the security rules.
- Show users how
and explain the setup of users with and without 2FA
Stay updated
- Observe the [dashboard] () and [logs] () to stay informed about your things, users, and network traffic - that the best source of information.
- Keep updating your security policy each time you see new threats or “time thieves” in your company.
Device, onboarding without username
Onboard by device
This should be self-explanatory and this is what we do today. So section 2 should be written in anticipation of the feature that’s coming in mid Sept.
Secure Third-party Access
Secure Third-party Access
On-demand connection of third-parties such as vendors, customers to specific company resources
Cloud / VPC Security
Cloud / VPC Security, Hybrid cloud infrastructure and Secure Application & Data Interconnect (SADI)
Securely connect distributed applications that span multiple platforms and service providers. VPC in Google Cloud talking with VPC in Azure. How do I connect this and secure it
Configuring Threat Detection
Configuring Threat Detection
Show how to block adult websites Show how to block application group Peer-to-Peer and chatting
Secure sanctioned SaaS Access
Implements limits and controls for organizational user access to SaaS applications such as Salesforce.com or Office 365.
- Explain how to lock down IP address access to only be from Acreto using a feature such as conditional access
- Explain how to lock down Salesforce to only be from specific IP addresses. This article explains it
3rd party Secure SD-WAN
3rd party Secure SD-WAN
Explain how to connect Cisco Viptela SD-WAN to Acreto SASE. This is a larger topic that may need its own guide like this. When we are ready we can get the help of the Secuview engineering team to help us
Secure SD-WAN
Secure SD-WAN [FUTURE, this requires some setup in the lab first]
Interconnect sites, clouds, data centers, applications and devices into a secure SD-WAN infrastructure.
- Network diagram showing a branch office with 4 internet links: (Cable, DSL, LTE, and MPLS)
- Show how our vGateway can be configured with 4 different interfaces with 4 parallel IPSEC tunnels
- Show that routing can be setup with equal costs and LAG
Network Gateway Security / Clean Pipe
Network Gateway Security / Clean Pipe
Clean and controlled access to the Internet for offices and networks.
Application and server Security
Secure backend applications for any type of access including offices, remotes users, or Internet users.
- Explain the concept that the traffic to servers is routed to Acreto
- Show Network diagram of before and after showing a webserver and LBs on AWS but traffic routes through Acreto
- Setup instructions for reflection NAT