Private SD-WAN

Could your business operations improve with Blaze Networks?

Blaze Private SD-WAN Avoids Internet Security Vulnerabilities

Blaze Networks, a security-focused SD-WAN provider in the UK, have created a national network which blends
a highly resilient and secure network design with industry-leading secure equipment and our own UK-based Network Operations Centre (NOC).

Based around this network, we provide multi-site businesses with their own private SD-WAN networks which are highly secure, scalable and reliable.

Blaze has designed our SD-WAN solution with security built in from the ground-up. Unlike many other SD-WAN providers in the UK, Blaze avoids unnecessary use of the public internet. We connect customer sites directly to our own core network, so all communications within and across your business locations are carried within a closed, highly secure, compliancy-driven environment. This enables us to avoid connecting your sites to publicly available entry points on the public internet, reducing the cyberattack surface.

Connecting sites directly onto the Blaze Private Core Network is a much more secure method, and it avoids the need to manage, guard, and test these publicly available entry points which – even if done thoroughly – represents a major management burden from a network management perspective.

Blaze Private SD_WAN topology diagram

As you would expect, where customers are using Blaze Cloud™ hosting services, your SD-WAN connections are linked to your cloud-based systems through the Blaze Private SD-WAN. This means that the complete path between cloud services and end-users avoids exposure to the security risks of the public internet altogether.

Many organisations will, however, choose to use AZURE, AWS, or Equinix for their cloud hosting or colocation services.

Blaze has therefore established direct (and resilient) network links to each of these leading environments (avoiding passing any network traffic over the public internet). We believe that SD-WAN providers should give customers the flexibility to include any combination of these environments in your own Private SD-WAN, thereby ensuring a very high level of security across your network as well as delivering operational flexibility.

Multi-layered Security in your
Private SD-WAN

By using Fortinet equipment and our Carrier-grade Cisco equipment, Blaze Private SD-WAN™ incorporates best-of-breed next-generation firewall (NGFW) security, advanced routing, and WAN optimization capabilities, delivering a security-driven, compliancy certified network for our customers. We employ comprehensive security set-up and configurations at all points within the network to comprehensively guard against cyber security threats
of all types.

Controlled, Protected, and PCI-DSS Compliant Connection to Public Internet

The design of Blaze Private SD-WAN™ avoids deploying publicly available entry points to the public internet at customer sites. Blaze takes control of secure access to the public internet through a highly secure (and
resilient) gateway onto the Blaze Private Core Network. We manage this single access point intensively, employing well-proven and tested advanced systems and techniques. Our customers’ Private SD-WAN networks gain access to the public internet through this carefully guarded gateway, whose security is fully tested. As a key point of difference between Blaze and most other SD-WAN providers in the UK, we can provide you with an AoC (Attestation of Compliance) for our Core Network as part of your own PCI-DSS compliance certification.

Centralised Control of all Network Elements

As a Managed Services (MSP) provider, Blaze can either fully manage or co-manage your Blaze Private SD-WAN™ on your behalf. The Blaze Private SD-WAN infrastructure offers a single pane of glass solution to your network environment. Blaze Private SD-WAN is a complete end to end networking solution and can, optionally, extend into your LAN switching and wireless infrastructure.

While having centralised control of each customer’s SD-WAN, mitigating human factor vulnerabilities is also important. We therefore use Role-Based Access Control (RBAC) so each Blaze engineer only has access to their required environment or areas within the SD-WAN stack. Additionally, each change is required to be authorised by a high-level Blaze engineer before it is implemented.

Our network management incorporates a revision backup procedure, so every change can be reviewed against a previous version, and quickly restored if an issue is found with the newest changes. Intent-based networking can be achieved by pushing template configurations from a central repository, reducing implementation times from days or weeks to minutes with the Blaze Private SD-WAN™ offering.

Finally, remote user devices such as laptops are protected and authorised onto the network using 2- factor authentication. This allows the endpoint user to access work resources and the internet through a secure VPN bypassing direct internet access and enforcing unified threat management policies on the remote work forces assets. This is all managed through a central system, also providing the option of full patch management of the end users device and the ability to instantly quarantine an endpoint user or associated assets if their devices become compromised.

Stay Connected, Secure, and Efficient.

Secure AND Efficient, Low-Latency Private SD-WAN Design

As part of creating each customer’s Blaze Private SD-WAN™ we create a centralised control mechanism that can determine and route the ideal path for traffic (MPLS, 3G/4G, or broadband) ensuring you can quickly and easily access business-critical cloud applications or even balance application workload over multiple lines using new improved layer 7, application aware routing capabilities.

Within a customer’s Blaze Private SD-WAN™ we use Distributed FireWalls (DFW) at your locations which each have two IPsec tunnels associated with the SD-WAN, allowing the traffic to be fully encrypted in the Blaze private network. Because we use BGP as the dynamic routing protocol through the encrypted tunnel, the network allows for active / active routing down multiple lines.

A Next Generation Firewall (NGFW) is implemented at the entry / exit points of the Blaze private network. This has IPsec tunnels formed with the DFW site. All Unified Threat Management (UTM) protocols are done on the Edge firewall, allowing for a cost-effective deployment on the DFW’s as UTM subscriptions are not required, this saves our customers thousands in subscription costs whilst lowing the complexity of network management and cost of compliancy.

In addition to an efficient design, we have selected USA-based Fortinet as our technology partner of choice when building customer-specific Private SD-WANs. Having achieved “Leader” status in industry reports such as several of Gartner’s Magic Quadrants, Fortinet received its second consecutive “Recommended” rating from the USA’s NSS Labs in their SD-WAN Group Test. (NSS Labs is recognised globally as the most trusted source for independent, fact-based cybersecurity guidance.) Fortinet equipment combines excellent performance with advanced security features, superb manageability, and excellent Total Cost of Ownership (TCO) per Mbps.

Our Goal

Our goal as a Private SD-WAN provider is to deliver a highly secure, performant network which is easily adaptable to changes in a customer’s needs, while easing the challenges of high quality network management on the customer’s networking and IT team.

Could your business operations improve with Blaze Networks?

Partners

We partner with leading manufacturers like Microsoft, Fortinet, Veeam, Bitdefender, Cisco, Mitel and other industry-leaders.

In doing so, Blaze have access to a vast array of products that allow us to overcome our customers’ business challenges and requirements.

Microsoft
Microsoft Gold Partner logo

Blaze is a Microsoft Gold Partner and Tier 1 Microsoft CSP Partner. We specialise in Microsoft 365 (including Teams and Teams Phone System), in Microsoft On-Premise and Hosted / Cloud Infrastructure, and enable businesses to continue their digital evolution by fully exploiting the latest capabilities of Microsoft products as they evolve.

Fortinet
Fortinet logo

Blaze is a Managed Secure Solutions Provider (MSSP) Partner of Fortinet, a global industry leader in the supply of secure networking infrastructure systems. Fortinet are our technology partner of choice when building customer-specific Private SD-WANs. A Leader in several of Gartner’s Magic Quadrants, Fortinet equipment combines excellent performance with advanced security features, superb manageability, and excellent Total Cost of Ownership (TCO) per Mbps.

Veeam
Veeam Cloud and Services Silver Partner logo

Veeam is a highly respected leader in cloud-based backup and recovery software, data protection and advanced monitoring in the data centre. We have combined Veeam technology with our highly secure Blaze Cloud™ infrastructure to produce BlazeVault™, a highly dependable, secure, and resource-efficient solution which will keep downtime to an absolute minimum in the event of data loss in operational systems or ransomware attack.

Bitdefender
Bitdefender Silver MSP Partner Logo

Bitdefender is a global cybersecurity leader protecting over 500 million systems through OEM technology partnerships, including with many global IT companies. Tests show it is unmatched in Attack Prevention. Based on Bitdefender technology, Blaze Endpoint Protection hardens endpoints to prevent malware and malicious attacks, and it provides the investigation and remediation capabilities needed to dynamically respond to security incidents when they evade protection controls.

Cisco
Cisco Select Partner Logo

Cisco has long been the world’s pre-eminent network systems vendor, particularly for technology used at the core of major corporate networks and the internet. In addition to using Cisco equipment within our customers’ private networks, Blaze incorporates Cisco technology into the heart of our own network operations; the Blaze Private Core Network is built utilising Enterprise-class CISCO core routing equipment.