Enterprises across the globe recognize the benefits of moving workloads to the cloud, including lower capital expenditures, increased user productivity, and less time dedicated to management. However, many are experiencing a degradation in user experience caused by additional traffic created from access to cloud-based applications. To support cloud use and other digital transformation initiatives, networks must be modernized without sacrificing security, but companies are unsure how to navigate a transition from leased lines to other providers. In addition, many organizations lack the resources necessary to implement and manage significant changes to their infrastructure.
Southern Communications (formerly Link-Connect) is a provider of mission-critical infrastructure as a service (IaaS) for medium to large scale enterprises, with a major focus on SD-WAN. When a business outsources the management of their infrastructure, internal teams can focus their efforts on IT systems and projects that provide long-term value to their organization.
For years, the company used their signature product, dubbed Smart-Connect, to bond multiple broadband lines together with a technology developed in-house. Smart-Connect fulfilled customer needs for a period of time, but as broadband lines improved, leased lines became more affordable, and new technologies became available, the customer desired an alternative solution that could support larger enterprise customers. Managed services are a commoditized market, and Southern Communications needed a way to differentiate their offering from its competitors.
The new solution needed to fulfill the following criteria:
- Connectivity. Support a wide range of connectivity options, including leased lines, broadband, digital subscriber line (DSL), fiber to the cabinet (FTTC) and mobile carriers
- High availability. Allow for redundancy at each site to ensure customers do not incur any costly network outages in the event of a link failure
- Bandwidth prioritization/QoS. Ability to assign priority to business-critical application traffic (such as VoIP) while blocking or placing limits on those that lower productivity, such as social media websites
- Knowledge and control. Visualization tools and reports that allow administrators to know what is happening on the network so that action can be taken accordingly
- Next-generation security. Protection for each branch location against the latest exploits and malicious content
- Centralized management. Visibility to all managed devices through a single pane of glass
With more than a decade of experience in the managed services industry, Southern Communication’s leadership team began evaluating vendors to support the new initiatives. The leadership team had previously engaged with Stonesoft, the company responsible for building Forcepoint NGFW prior to its acquisition in early 2016, and the experience had been a positive one for all parties involved. As a result, the company’s leaders were confident in selecting Forcepoint NGFW with Secure SD-WAN, as it also satisfied their requirements for the new solution.
Today, the company is taking full advantage of Forcepoint NGFW’s capabilities. Clients’ sites are first connected to virtual firewalls housed in the Southern Communications data center. After physical firewalls are installed at client sites, network traffic is moved from the virtual firewalls to physical appliances. Each installation is tailored to a client’s specific needs: while some prefer to replace MPLS lines altogether, others feel more comfortable augmenting MPLS with other technologies. Forcepoint NGFW with Secure SD-WAN enables the addition of new connection technologies without complex configurations or downtime.
In addition to SD-WAN, the company offers their customers the option to outsource security management. While some clients opt to activate the deep packet inspection functionality within their on-site Forcepoint NGFW appliances, many choose to route network traffic through the aforementioned virtual Forcepoint firewall instances, enabling deep packet inspection before sending the traffic to customer locations. This creates an extra layer of security by shielding clients’ internal networks from potentially malicious external traffic and offloading the bandwidth intensive process of deep packet inspection, which allows on-site NGFWs to dedicate their processing power to load balancing.
Lastly, the company offers Forcepoint’s email and web security products with sandboxing (Advanced Malware Detection), as threats that originate from email or web are top of mind for many security teams.
The company has doubled their business in the past four years since adopting Forcepoint NGFW with secure SD-WAN, increasing staff, and implementing a new sales strategy. The company now manages over 400 Forcepoint NGFWs to meet the demands of their ever-expanding client base; these span multiple sites for each client, often times deployed as clusters. Although most of their customers are based in the United Kingdom, the company also manages firewall security for clients in Asia and Africa.
For Southern Communications, the ability to utilize multiple connection technologies provides greater agility and reduced downtime for its clients. With Forcepoint’s SD-WAN dashboard, reporting, and visualization tools, the company provides clients with granular details on network traffic, drilling down to specific activities that are consuming the bulk of their bandwidth, and even identifying the responsible end-users. From there, the company can determine the best course of action to achieve their clients’ desired results and enforce security policies. It is this level of detail Southern Communications provides to their customers that sets them apart from other managed service providers, allowing them to be seen as an extension of their customers’ IT departments. Not only are customer resources utilized more effectively, but network and security teams are able to redirect their time from day-to-day management tasks to projects that bring real value to their companies.