Private SD-WAN

Take advantage of Blaze’s Private Core Network; Reduce costs – Improve security

Blaze Private SD-WAN Avoids Internet Security Vulnerabilities

Blaze Networks, a security-focused SD-WAN provider in the UK, have created a national network which blends a highly resilient and secure network design with industry-leading secure equipment and our own UK-based Network Operations Centre (NOC).

Based around this network, we provide multi-site businesses with their own private SD-WAN networks which are highly secure, scalable and reliable.

Blaze has designed our SD-WAN solution with security built in from the ground-up. Unlike many other SD-WAN providers in the UK, Blaze avoids unnecessary use of the public internet. We connect customer sites directly to our own core network, so all communications within and across your business locations are carried within a closed, highly secure, compliancy-driven environment. This enables us to avoid connecting your sites to publicly available entry points on the public internet, reducing the cyberattack surface.

Connecting sites directly onto the Blaze Private Core Network is a much more secure method, and it avoids the need to manage, guard, and test these publicly available entry points which – even if done thoroughly – represents a major management burden from a network management perspective.

Blaze Private SD-WAN topology diagram showing secure network design.

As you would expect, where customers are using Blaze Cloud hosting services, your SD-WAN connections are linked to your cloud-based systems through the Blaze Private SD-WAN. This means that the complete path between cloud services and end-users avoids exposure to the security risks of the public internet altogether.

Many organisations will, however, choose to use AZURE, AWS, or Equinix for their cloud hosting or colocation services.

Blaze has therefore established direct (and resilient) network links to each of these leading environments (avoiding passing any network traffic over the public internet). We believe that SD-WAN providers should give customers the flexibility to include any combination of these environments in your own Private SD-WAN, thereby ensuring a very high level of security across your network as well as delivering operational flexibility.

Multi-layered Security in your Private SD-WAN

By using Fortinet equipment and our Carrier-grade Cisco equipment, Blaze Private SD-WAN™ incorporates best-of-breed next-generation firewall (NGFW) security, advanced routing, and WAN optimization capabilities, delivering a security-driven, compliancy certified network for our customers. We employ comprehensive security set-up and configurations at all points within the network to comprehensively guard against cyber security threats
of all types.

Controlled, Protected, and PCI-DSS Compliant Connection to Public Internet

The design of Blaze Private SD-WAN avoids deploying publicly available entry points to the public internet at customer sites. Blaze takes control of secure access to the public internet through a highly secure (and resilient) gateway onto the Blaze Private Core Network. We manage this single access point intensively, employing well-proven and tested advanced systems and techniques. Our customers’ Private SD-WAN networks gain access to the public internet through this carefully guarded gateway, whose security is fully tested. As a key point of difference between Blaze and most other SD-WAN providers in the UK, we can provide you with an AoC (Attestation of Compliance) for our Core Network as part of your own PCI-DSS compliance certification.

Centralised Control of all Network Elements

As a Managed Services (MSP) provider, Blaze can either fully manage or co-manage your Blaze Private SD-WAN™ on your behalf. The Blaze Private SD-WAN infrastructure offers a single pane of glass solution to your network environment. Blaze Private SD-WAN is a complete end to end networking solution and can, optionally, extend into your LAN switching and wireless infrastructure.

While having centralised control of each customer’s SD-WAN, mitigating human factor vulnerabilities is also important. We therefore use Role-Based Access Control (RBAC) so each Blaze engineer only has access to their required environment or areas within the SD-WAN stack. Additionally, each change is required to be authorised by a high-level Blaze engineer before it is implemented.

Our network management incorporates a revision backup procedure, so every change can be reviewed against a previous version, and quickly restored if an issue is found with the newest changes. Intent-based networking can be achieved by pushing template configurations from a central repository, reducing implementation times from days or weeks to minutes with the Blaze Private SD-WAN™ offering.

Finally, remote user devices such as laptops are protected and authorised onto the network using 2- factor authentication. This allows the endpoint user to access work resources and the internet through a secure VPN bypassing direct internet access and enforcing unified threat management policies on the remote work forces assets. This is all managed through a central system, also providing the option of full patch management of the end users device and the ability to instantly quarantine an endpoint user or associated assets if their devices become compromised.

SD-Branch Solutions for Multi-site Businesses

Businesses with multiple locations need to ensure the network and cybersecurity costs associated with those locations scale appropriately. Deployed within a company-wide SD-WAN network, the SD-Branch platform delivered by Blaze Networks is an excellent solution which enables a business to avoid any trade-off between cost and security within the branch site:  

  • Branch locations will be connected directly to the Blaze Private Core Network, completely avoiding any need to pass data over the public internet within your company’s Private SD-WAN network.
  • Blaze’s SD-Branch solutions include a wide range of Fortinet equipment at differing scale (and costs), all enabling a single network fabric and supporting full SD-WAN and security functionality.   
  • The SD-Branch solution enables businesses to converge their security, WAN, and LAN, extending the benefits of the Fortinet Security Fabric to their distributed branches, all of which can be managed (or co-managed) by Blaze.
  • Fortinet Secure SD-WAN technology is integrated with network access to deliver the most secure and manageable remote branch in the industry.

Additionally, to address the explosion of IoT devices, Blaze can design Secure SD-Branch solutions that incorporate FortiGate next-generation firewall capabilities to offer NAC (Network Access Control) services onboard.  The Blaze service team can not only discover and secure IoT devices, but can also detect anomalies (by using FortiGate as a network sensor for the FortiNAC product).

Secure SD-Branch solutions include FortiGate Secure SD-WAN, FortiSwitch, and FortiAP to deliver consolidation of branch services for LAN edge, all forming part of the overall SD-WAN solution which Blaze delivers and manages (or co-manages). When a business’ SD-WAN network includes several, or perhaps hundreds of different locations, the solution used within each site or branch needs to make economic sense.  By incorporating a SD-Branch solution within the SD-WAN network, Blaze is able to deliver considerable network cost savings while delivering industry-leading security and network management functionality.

Stay Connected, Secure, and Efficient.

Secure AND Efficient, Low-Latency Private SD-WAN Design

As part of creating each customer’s Blaze Private SD-WAN™ we create a centralised control mechanism that can determine and route the ideal path for traffic (MPLS, 3G/4G, or broadband) ensuring you can quickly and easily access business-critical cloud applications or even balance application workload over multiple lines using new improved layer 7, application aware routing capabilities.

Within a customer’s Blaze Private SD-WAN™ we use Distributed FireWalls (DFW) at your locations which each have two IPsec tunnels associated with the SD-WAN, allowing the traffic to be fully encrypted in the Blaze private network. Because we use BGP as the dynamic routing protocol through the encrypted tunnel, the network allows for active / active routing down multiple lines.

A Next Generation Firewall (NGFW) is implemented at the entry / exit points of the Blaze private network. This has IPsec tunnels formed with the DFW site. All Unified Threat Management (UTM) protocols are done on the Edge firewall, allowing for a cost-effective deployment on the DFW’s as UTM subscriptions are not required, this saves our customers thousands in subscription costs whilst lowing the complexity of network management and cost of compliancy.

In addition to an efficient design, we have selected USA-based Fortinet as our technology partner of choice when building customer-specific Private SD-WANs. Having achieved “Leader” status in industry reports such as several of Gartner’s Magic Quadrants, Fortinet received its second consecutive “Recommended” rating from the USA’s NSS Labs in their SD-WAN Group Test. (NSS Labs is recognised globally as the most trusted source for independent, fact-based cybersecurity guidance.) Fortinet equipment combines excellent performance with advanced security features, superb manageability, and excellent Total Cost of Ownership (TCO) per Mbps.

Our Goal

Our goal as a Private SD-WAN provider is to deliver a highly secure, performant network which is easily adaptable to changes in a customer’s needs, while easing the challenges of high quality network management on the customer’s networking and IT team.

Why not get in touch? We’d be delighted to address your needs.

Request a demo

Get a Demo

We’re making it easy for you to manage your network and IT. Discover how with our demos.

Enquire about offers

Offers

Learn about our range of limited-time promotions, including discounts, trials, and other offers.

Ask Blaze for a quote

Ask for a Quote

Our customers typically save 30% or more on their costs. Tell us what you need and we’ll talk savings.

Request a callback from an advisor

Speak to an Advisor

Have any upcoming projects? Looking for the best solution?

Learn more about our SD-WAN Solutions

Partners

We partner with leading manufacturers like Microsoft, Fortinet, Veeam, Bitdefender, Cisco, Lenovo, Mitel and other industry-leaders.

In doing so, Blaze have access to a vast array of products that allow us to overcome our customers’ business challenges and requirements.

Microsoft
Microsoft Gold Partner logo

Blaze is a Microsoft Gold Partner and Tier 1 Microsoft CSP Partner. We specialise in Microsoft 365 (including Teams and Teams Phone System), in Microsoft On-Premise and Hosted / Cloud Infrastructure, and enable businesses to continue their digital evolution by fully exploiting the latest capabilities of Microsoft products as they evolve.

Fortinet
Fortinet logo

Blaze is a Managed Secure Solutions Provider (MSSP) Advanced Partner of Fortinet, a global industry leader in the supply of secure networking infrastructure systems. Fortinet are our technology partner of choice when building customer-specific Private SD-WANs. A Leader in several of Gartner’s Magic Quadrants, Fortinet equipment combines excellent performance with advanced security features, superb manageability, and excellent Total Cost of Ownership (TCO) per Mbps.

Veeam
Veeam Cloud and Services Silver Partner logo

Veeam is a highly respected leader in cloud-based backup and recovery software, data protection and advanced monitoring in the data centre. We have combined Veeam technology with our highly secure Blaze Cloud™ infrastructure to produce BlazeVault™, a highly dependable, secure, and resource-efficient solution which will keep downtime to an absolute minimum in the event of data loss in operational systems or ransomware attack.

Bitdefender
Bitdefender Silver MSP Partner Logo

Bitdefender is a global cybersecurity leader protecting over 500 million systems through OEM technology partnerships, including with many global IT companies. Tests show it is unmatched in Attack Prevention. Based on Bitdefender technology, Blaze Endpoint Protection hardens endpoints to prevent malware and malicious attacks, and it provides the investigation and remediation capabilities needed to dynamically respond to security incidents when they evade protection controls.

Cisco
Cisco Select Partner Logo

Cisco has long been the world’s pre-eminent network systems vendor, particularly for technology used at the core of major corporate networks and the internet. In addition to using Cisco equipment within our customers’ private networks, Blaze incorporates Cisco technology into the heart of our own network operations; the Blaze Private Core Network is built utilising Enterprise-class CISCO core routing equipment.