We all know the history of how we got where we are, in the old days - we built IGW Internet gateways in our data centers or campuses, and funnelled all Internet traffic into the stack. IDS/IPS/Firewall/Proxy/NAT. deep packet inspection, in soke places stood up /23's and /24's with carrier independant addressing. In others just a /29 or so from an ISP and NAT'd against it in a pool.
The world has moved on. Everything is in the cloud, everyone is working from home. It makes zero sense to backhaul Internet traffic over the Internet, to then egress out of a datacenter. Thus, secure edge is gaining a lot of ground. Enter some obvious players who were well positioned - mainly zscaler. I love that they were able to pipeline stream a bunch of decades old technology into a billion dollar company - DNS, GRE, etc.
If you had to do that - offer Internet edge service/service provider type service for Internet - what would you be considering? Obviously Next Gen firewalls for IDS/IPS, malware detection, malware and botnet blocking. DNS filtering. What else? How would you handle remote branches or remote users that wished you use the IGW in the cloud - VPN based? Site GRE/IPsec tunnels back to branches like zscaler?
Would one need to peer with multi cloud POPs like equinox and the like to get direct cloud access? Should things like Netflix caching servers be considered for inclusion? Would you even bother with IPv6 support, would you lean heavily towards it?
What about the security security subscription models - ie botnet/malware databases, IPS signatures, what is an effective liability against zero day exploits? Has anyone else gone though this or thought out the rather large pitfalls and gotchas that I am seeing?
No comments:
Post a Comment