End-to-End Network Security – Without Impacting User Productivity

Executive summary

Corporate networks today must defend against numerous threats while delivering high performance, availability and security and without impacting user productivity.

Multiple companies have engaged Involta to build secure corporate networks. While the specifics of each implementation varied somewhat based on each company’s needs and existing configurations, we provide a composite overview of a secure end-to-end network solution.

Overview of solution

  • Dynamic Multipoint Virtual Private Network routers
  • Cisco ASA (Adaptive Security Appliance) firewalls with Cisco FirePOWER Suite
  • Cisco AMP (Advanced Malware Protection) for Endpoints
  • Cisco AnyConnect Secure Mobility Client.

The Challenges

Creating a secure network

The days of throwing up a firewall at your network perimeter or taking the "traditional" approach to setting up a VPN (Virtual Private Network) are long gone.

IPsec (Internet Protocol Security) VPN tunnels don’t easily support QoS (Quality of Service) for voice and video traffic. Every new IPsec spoke added to a network also requires modifications of the headend firewall and core routing protocols since IPsec doesn't support broadcast protocols like EIGRP (Enhanced Interior Routing Gateway Protocol) and OSPF (Open Shortest Path First).

Performance demands and threat levels

When it comes to your corporate network, performance demands – and threat levels – have never been higher. Your network needs to be equipped for intrusion detection and prevention, malware defense, bring-your-own-device culture, remote users who may be using unsecured connections, the list goes on. And all this needs to be accomplished without hindering the productivity of end users.

The Solution

Involta's solution begins with Dynamic Multipoint Virtual Private Network (DMVPN ), proven technology that allows clients to leverage inexpensive broadband Internet connections to smoothly and securely provide connections back to the home or other spoke offices.

The diagram depicts a DMVPN network with redundant “hubs.” Each of the “spoke” DMVPN routers is configured with two tunnels, one to each hub, for redundancy. At the headend (hub), a Cisco Adaptive Security Appliance (ASA) firewall filters web traffic for the spoke. This ASA firewall is equipped with Cisco FirePOWER Suite, which provides intrusion detection and prevention, advanced malware protection and logging. 

Cisco Advanced Malware Protection (AMP) for endpoints can be installed on user devices and Cisco AnyConnect Secure Mobility Client software makes remote connectivity simple and safe – preventing a user with an infected device or unsecured connection from compromising your corporate IT infrastructure.

The Impact

Lock down internet access

With the Involta network configuration described, you’ve locked down Internet access with secure site-to-site connectivity for all users, protected your corporate assets from dangerous malware and provided a way to proactively monitor the current and past status of your network.

Report malware to server

In the unlikely event that malware gets past the FirePOWER ASA, this agent will catch it and report back to the FireSIGHT server. On the server you can open a window that shows who received the malware and how it traveled through the network – valuable information you can use to track down and remove the offending software.

Streamline network security processes

AnyConnect is highly customizable and can enforce connectivity conditions like up-to-date antivirus definitions or security-friendly operating systems. When a user leaves the company, all the network administrator needs to do is disable the account. No more sending updated IPSEC profiles to everyone.

Related Case Studies

enter prev slider enter next slider

We can help you evaluate major infrastructure changes, disaster recovery plans and prepare for audits.

Learn more about how our Consulting services can help you and your business do more.

Learn More

Contact us if you're ready to discuss our holistic, top-down approach to achieving your IT business goals.

Contact Us

Stay up to date with the latest from Involta

We use cookies to offer you a better web experience? By continuing to use our website, you agree to the Privacy Policy.