Private SD-WAN

Blaze Private SD-WAN Avoids Internet Security Vulnerabilities

Blaze Networks, a security-focused SD-WAN provider in the UK, have created a national network which blends a highly resilient and secure network design with industry-leading secure equipment and our own UK-based Network Operations Centre (NOC).

Based around this network, we provide multi-site businesses with their own private SD-WAN networks which are highly secure, scalable and reliable.

Blaze has designed our Software Defined network solution with security built in from the ground-up. Unlike many other SD-WAN providers in the UK, Blaze avoids unnecessary use of the public internet. We connect customer sites directly to our own core network, so all communications within and across your business locations are carried within a closed, highly secure, compliancy-driven environment. This enables us to avoid connecting your sites to publicly available entry points on the public internet, reducing the cyberattack surface.

Connecting sites directly onto the Blaze Private Core Network is a much more secure method, and it avoids the need to manage, guard, and test these publicly available entry points which – even if done thoroughly – represents a major management burden from a network management perspective.

Multi-layered Security in your Private SD-WAN

By using Fortinet equipment and our Carrier-grade Cisco equipment, Blaze Private SD-WAN incorporates best-of-breed next-generation firewall (NGFW) security, advanced routing, and WAN optimization capabilities, delivering a security-driven, compliancy certified network for our customers. We employ comprehensive security set-up and configurations at all points within the network to comprehensively guard against cyber security threats
of all types.

Controlled, Protected, and PCI-DSS Compliant Connection to Public Internet

The design of Blaze Private SD-WAN avoids deploying publicly available entry points to the public internet at customer sites. Blaze takes control of secure access to the public internet through a highly secure (and resilient) gateway onto the Blaze Private Core Network. We manage this single access point intensively, employing well-proven and tested advanced systems and techniques. Our customers’ Private SD-WAN networks gain access to the public internet through this carefully guarded gateway, whose security is fully tested. As a key point of difference between Blaze and most other Software Defined Network providers in the UK, the core Blaze infrastructure is audited once a year to ISO 27001 standards. Blaze have achieved formal certification (by BSI) of meeting the ISO 27001:2022 Standard for Information Security Management Systems (our ISO 27001 certification follows extensive auditing by BSI, which is widely regarded as operating the most rigorous certification scheme in the UK). Further assurance of the level of Blaze’s own cybersecurity protection is provided by our being Cyber Essentials Plus certified. As such, not only do Blaze have cyber-secure systems and procedures in place, but we also have had this independently verified through on-site audits by external professional auditors. This helps our customers to reduce their own compliancy costs dramatically.

Centralised Control of all Network Elements

As a Managed Services (MSP) provider, Blaze can either fully manage or co-manage your Blaze Private SD-WAN on your behalf. The Blaze Private SD-WAN infrastructure offers a single pane of glass solution to your network environment. Blaze Private SD-WAN is a complete end to end networking solution and can, optionally, extend into your LAN switching and wireless infrastructure.

While having centralised control of each customer’s SD-WAN, mitigating human factor vulnerabilities is also important. We therefore use Role-Based Access Control (RBAC) so each Blaze engineer only has access to their required environment or areas within the Software Defined Network stack. Additionally, each change is required to be authorised by a high-level Blaze engineer before it is implemented.

Our network management incorporates a revision backup procedure, so every change can be reviewed against a previous version, and quickly restored if an issue is found with the newest changes. Intent-based networking can be achieved by pushing template configurations from a central repository, reducing implementation times from days or weeks to minutes with the Blaze Private SD-WAN offering.

Finally, remote user devices such as laptops are protected and authorised onto the network using 2-factor authentication. This allows the endpoint user to access work resources and the internet through a secure VPN bypassing direct internet access and enforcing unified threat management policies on the remote work forces assets. This is all managed through a central system, also providing the option of full patch management of the end users device and the ability to instantly quarantine an endpoint user or associated assets if their devices become compromised.

SD-Branch Solutions for Multi-site Businesses

Businesses with multiple locations need to ensure the network and cybersecurity costs associated with those locations scale appropriately. Deployed within a company-wide SD-WAN network, the SD-Branch platform delivered by Blaze Networks is an excellent solution which enables a business to avoid any trade-off between cost and security within the branch site:  

• Branch locations will be connected directly to the Blaze Private Core Network, completely avoiding any need to pass data over the public internet within your company’s Private SD-WAN network.
• Blaze’s SD-Branch solutions include a wide range of Fortinet equipment at differing scale (and costs), all enabling a single network fabric and supporting full SD-WAN and security functionality.   
• The SD-Branch solution enables businesses to converge their security, WAN, and LAN, extending the benefits of the Fortinet Security Fabric to their distributed branches, all of which can be managed (or co-managed) by Blaze.
• Fortinet Secure SD-WAN technology is integrated with network access to deliver the most secure and manageable remote branch in the industry.

Additionally, to address the explosion of IoT devices, Blaze can design Secure SD-Branch solutions that incorporate FortiGate next-generation firewall capabilities to offer NAC (Network Access Control) services onboard.  The Blaze service team can not only discover and secure IoT devices, but can also detect anomalies (by using FortiGate as a network sensor for the FortiNAC product).

Secure SD-Branch solutions include FortiGate Secure SD-WAN, FortiSwitch, and FortiAP to deliver consolidation of branch services for LAN edge, all forming part of the overall Software Defined Network solution which Blaze delivers and manages (or co-manages). When a business’ SD-WAN network includes several, or perhaps hundreds of different locations, the solution used within each site or branch needs to make economic sense.  By incorporating a SD-Branch solution within the SD-WAN network, Blaze is able to deliver considerable network cost savings while delivering industry-leading security and network management functionality.

Secure AND Efficient, Low-Latency Private SD-WAN Design

As part of creating each customer’s Blaze Private SD-WAN we create a centralised control mechanism that can determine and route the ideal path for traffic (MPLS, 4G/5G, or broadband) ensuring you can quickly and easily access business-critical cloud applications or even balance application workload over multiple lines using new improved layer 7, application aware routing capabilities.

Within a customer’s Blaze Private SD-WAN we use Distributed Firewalls (DFW) at your locations which each have two IPsec tunnels associated with the SD-WAN, allowing the traffic to be fully encrypted in the Blaze private network. Because we use BGP as the dynamic routing protocol through the encrypted tunnel, the network allows for active / active routing down multiple lines.

A Next Generation Firewall (NGFW) is implemented at the entry / exit points of the Blaze private network. This has IPsec tunnels formed with the DFW site. All Unified Threat Management (UTM) protocols are done on the Edge firewall, allowing for a cost-effective deployment on the DFW’s as UTM subscriptions are not required, this saves our customers thousands in subscription costs whilst lowing the complexity of network management and cost of compliancy.

In addition to an efficient design, we have selected USA-based Fortinet as our technology partner of choice when building customer-specific Private SD-WANs. Having achieved “Leader” status in industry reports such as several of Gartner’s Magic Quadrants, Fortinet received its second consecutive “Recommended” rating from the USA’s NSS Labs in their SD-WAN Group Test. (NSS Labs is recognised globally as the most trusted source for independent, fact-based cybersecurity guidance.) Fortinet equipment combines excellent performance with advanced security features, superb manageability, and excellent Total Cost of Ownership (TCO) per Mbps.

Our Goal

Our goal as a Private SD-WAN provider is to deliver a highly secure, performant network which is easily adaptable to changes in a customer’s needs, while easing the challenges of high quality network management on the customer’s networking and IT team.

Why not get in touch? We’d be delighted to address your needs.

Get a Demo

We’re making it easy for you to manage your network and IT. Discover how with our demos.

Request a demo

Offers

Learn about our range of limited-time promotions, including discounts, trials, and other offers.

Ask about offers

Ask for a Quote

Our customers typically save 30% or more on their costs. Tell us what you need and we’ll talk savings.

Get a quote

Speak to an Advisor

Have any upcoming projects? Looking for the best solution?

Speak to us