The DispersiveCloud™ Optimized Gateway (DCOG) enables Microsoft Azure™ customers to quickly and seamlessly enable edge-to-cloud security and privacy with the click of a button. The DispersiveCloud overcomes the limitations of traditional IPsec VPNs and provides military-grade security and award-winning cloud obfuscation technology protecting data in transit from all threat actors. The DCOG can be used in conjunction with another Dispersive gateway for edge-to-cloud or multi-cloud protection. DCOG can also be used with a Dispersive endpoint client to enable secure remote access by protecting personal computers and mobile devices.
Intended Audience: Cloud architecture and operations, security, DevOps teams
While cloud adoption is increasing globally, persistent and emerging threats have also increased exponentially. Threat actors have quickly evolved with nation-state sponsorship to overwhelm the security protections associated with traditional access VPNs and other cyber defenses. Within this landscape, there is little doubt that avoiding security breaches is a preferred strategy for trying to mitigate breaches after they take place. Dispersive’s industry-leading security protections operate from the perspective that, “Threat actors cannot hack what they can’t see!” The military refers to this approach as managed attribution where source destination relationships and sensitive resources are obfuscated from a potential adversary.
Cyber experts agree that the modern paradigm is to adopt this military-inspired concept within the public cloud to eliminate public IP addresses and access to and from cloud storage, SQL as well as containers and virtual machines. This public access is then replaced with private IPs and Microsoft Azure private endpoints. This concept extends to connecting on-prem locations given that, even with security in place and deployed within Microsoft Azure networks, vulnerabilities may still exist with data in transit between these environments as well as in the case of multi-cloud or public Internet-bound communication.
Use Case #1 – Site to Site, Multi-cloud, Edge to Cloud, or Edge to Edge:
End-to-end connectivity between on-prem and Microsoft Azure can be achieved in multiple ways. Typical ways include the use of a VPN and/or the Microsoft Azure ExpressRoute™. Each of these can present challenges in either reliability, complexity of setup, and/or cost.
- Traditional VPN gateways are rapidly approaching obsolescence and have problems that may include split tunneling, degraded path as well as operational limitations including exposure of known ports and the opening of firewalls.
- Microsoft Azure ExpressRoute is an elegant option although there are prerequisites needed to achieve this. The organization must have a contract and on-prem hardware in place with an ISP for an MPLS connection and/or with another connectivity provider that can peer with Microsoft Azure. MPLS and provider peering connectivity can be expensive and carry hidden costs that are additive to the implementation and usage of the Microsoft Azure ExpressRoute. In addition, additional complexities are introduced due to the requirement of setting up redundant BGP sessions between Microsoft and the provider peering router on each Microsoft Azure ExpressRoute circuit. It is important to note that Microsoft will only accept public IP addresses through Microsoft peering.
Dispersive complements these options and offers a modern alternative while also de-risking the use of a traditional IPsec VPN. Dispersive obfuscates and uses multiple paths between the on-premises environment, multi-cloud edge, and Microsoft Azure for communication. If any one of the paths becomes degraded, the traffic will roll away dynamically and use a different path without any user intervention. This helps improve the performance and reliability of the access layer.
Additionally, it enables next-gen protections including Denial of Service (DoS) or Distributed Denial of Service (DDoS) mitigation in the network by preventing malicious traffic from reaching the headend. For security, each of the multiple paths is uniquely encrypted via the use of the DispersiveFabric securing all obfuscated connectivity between source and destination endpoints. In addition, all communications can be configured to use private IP addresses which are not routable over the traditional Internet.
Organizations can use their existing on-prem Internet-capable connections, so there is no need for expensive dedicated circuits with service providers. This is accomplished with ease by placing a Dispersive gateway on-premises and within a private VNet in the Microsoft Azure environment that can route to all cloud resources and services.
Use Case #2 – Secure Remote Access Use Case:
In addition, Dispersive can converge remote access VPN functionality with SD-WAN to enhance the remote worker and mobile device experience. Easy provisioning can be done to enable the same secure multiple paths that are encrypted from the user’s laptop or mobile device to the gateways in Microsoft Azure for accessing the cloud resources utilizing private IP addresses securely from anywhere in the world.
Figure 1: Dispersive Cloud Optimized Gateway (DCOG) Edge to Cloud Connectivity
Dispersive Holdings is an emerging cybersecurity leader providing military-grade multi-cloud optimized security addressing the Zero Trust, Secure Access Service Edge (SASE), and Multicloud Network Software (MCNS) Industry research categories. Dispersive is available as a converged network fabric or a SaaS offering delivering ultra-secure stealth networking that is highly resilient, operationally flexible, and up to 10 times faster. Dispersive’s battlefield-inspired patented technology creates virtual active-active multipath networks with rolling encryption keys and granular access controls to connect digital businesses, products, and users across any cloud or service edge. Government, enterprises, and channel partners can implement the solution quickly with zero-touch provisioning even across multi-cloud environments to secure against new and emerging threats, including nation-state actors. For more information, visit www.dispersive.io or follow us on Twitter @DispersiveHold or LinkedIn @ dispersive-holdings-inc.