Defense in Depth
Peplink technologies work together to generate a multi-layered defense against potential intrusions. To reach your network, attackers would need to defeat a battery of technologies, each defending a different part of the network from different forms of attack. Defenses are implemented on the client, router, SD-WAN, cloud, and administrative layers.
The client layer covers devices that end users interact directly with, as well as AP that delivers Wi-Fi to such devices.
Guest Network Isolation
Rogue AP Detection
Centralized VLAN Management
Peplink devices are capable of creating networks where guest users can only see the Internet. This means complete isolation from any other device connected to the router. Also, any devices on the guest network will be unable to access the router’s WebUI.
Peplink routers can quickly identify any unauthorized APs that are connecting to your secure network, enabling quick detection and removal.
By isolating local networks, VLANs can significantly reduce the attack surface available to any potential intruder. With InControl, you can centralize your VLAN policy across all devices at multiple locations.
These features can also be virtualized on the cloud layer. Having them both on the cloud and on the router makes it possible to secure local Internet breakout as well as VPN traffic.
Each Peplink router has a dynamically updated web blocking tool that filters traffic into several categories. Users simply need to choose the categories they wish to block, and the router will take care of the rest.
Scalable Firewall and Outbound Policy
Outbound Policy and firewall rules are only effective if they are usable. With Peplink gear, you can set firewall rules based on application, and even by country. With InControl, you can also centralize firewall rules and outbound policy for multiple devices.
DPI Application Filtering
For applications that cannot be recognized by First Packet Inspection, there is Deep Packet Inspection. Block popular distractions such as streaming sites, social media platforms, and instant messengers.
Intrusion Detection and DoS protection
Each Peplink router has a built-in DoS protection feature. Once enabled, it can detect and block abnormal packets as well as suspicious traffic typical of intrusion and denial of service attacks.
There are always new threats and vulnerabilities to be discovered. When one emerges, Peplink will quickly develop and deploy new firmware to address the threats. We update firmware for our products years after they have been launched. See Threat Response >
The SD-WAN layer covers the security of the data as it travels across WAN links. Peplink’s patented SpeedFusion technology provides a significant advantage on this layer.
256bit AES Encryption
Once the SpeedFusion tunnel is formed, sessions are broken down to packets and sent separately across available WAN-to-WAN connections. Because each connection is encrypted separately, potential hackers would need to obtain the key to every connection.
Each secure WAN-to-WAN link is established through a Diffie-Hellman key exchange. This produces randomly changing data encryption keys to protect data with a 256-bit AES cryptographic algorithm. 256-bit AES would take the world’s fastest supercomputer millions of years to crack.
Cloud Layer – FusionHub
FusionHub can be installed on cloud services for cloud-based security. Combined with a Peplink router, and you can secure both organizational VPN traffic as well as branch office Internet breakout.
Comprehensive Traffic Security
Use web blocking, firewall, outbound policy, DPI application filtering to control what type of traffic can access your network. Protect your entire network with Intrusion detection and DOS protection. Any security feature that our routers have can also be applied to the cloud.
Our cloud appliance supports VRF, which divides the appliance into groups and holds a separate routing table for each group. The result: one cloud appliance can host several tenants, with each of them completely isolated from each other.
When vulnerabilities appear, we swiftly develop patches and make them available to our users. These patches are available on our cloud services as well as our routers, securing your entire network. See Threat Response >
3rd-Party Security Integration
Works together with your 3rd-party cloud-based security solution. Secure organization traffic with our security features, and secure public Internet traffic with the 3rd-party solution of your choice using IPsec or OpenVPN. See Walkthrough>
Cloud Layer – SpeedFusion Cloud + Check Point
On top of FusionHub’s native security features, SpeedFusion Cloud users can enable Internet security by Check Point. Check Point’s Secure Web Gateway employs a wide range of technologies to keep your organization safe.
Any traffic going through the SpeedFusion Cloud is scanned for viruses and malware in real time. Rootkit detection blocks attempts to gain admin access to your clients while heuristic detection recognizes suspicious characteristics in new threats.
Data Loss Prevention
Preemptively protects your data from theft and loss. If sensitive data is being sent to an unauthorized user, the user will be asked justification for sending the data. Check Point tracks over 60 content types or 500+ data types.
Sandboxing, Threat Emulation
Check Point tests incoming files, software, and code in an isolated virtual environment before letting them into your network. With Check Point security, PDFs, images, and documents are free from harmful active content and embedded objects.
Cloud Access Security Broker
Ensure that cloud services comply with common standards such as HIPAA, PCI DSS, NIST, GDPR, and your organization’s own governance policies. Enforce policies on all aspects of a network including credential mapping, device profiling, encryption, and more.
The human layer covers credentials carried by an organization’s team members. Countermeasures protect passwords and minimize the potential harm done by a breach.
Zero Trust Network Access
Admin Password Management
Trust Boundary Management
Even after entering the security perimeter, users, devices, networks, applications, and data are all still untrusted by default. SpeedFusion Cloud’s integrated Check Point protection employs 64 different security engines to neutralize threats and zero-day exploits, minimizing your attack surface.
One of a router’s simplest attack vectors is the admin password. With InControl, you can change the admin password for multiple devices at the same time. Doing so at regular intervals will significantly increase the network’s level of security.
Separating your network into different trust boundaries will minimize the damage caused by a compromised credential. Use VLANs to separate the networks for different teams, each with separate login gateways. Use InControl to set up different access levels for each administrator.
Easy Reporting Mechanism
Reporting a bug is really simple: simply open a ticket, enter your details, and a Peplink engineer will get back to you within 24 hours. We also have a vibrant community forum regularly patrolled by our engineers and partners. Ask your question there to stimulate discussion and possibly development.
Peplink also has equipment and features that can fulfill the security requirements of important compliance bodies.
PCI DSS V3.2 Compliance For Secure Retailing
Companies who are dealing with credit card and payment information must meet the requirements set by the Payment Card Industry Data Security Standards (PCI DSS). Peplink routers are capable of meeting PCI DSS 3.2 requirements. Learn More >
FIPS: North American Public Safety
Published by the U.S. National Institute of Standards and Technologies (NIST), the Federal Information Processing Standard (FIPS) is used by the U.S. government to approve cryptographic modules for encrypting network traffic. Peplink has a range of FIPS compliant products. Learn More >
Use Peplink technology to build a resilient network that is protected from threats on multiple levels. Use SpeedFusion bandwidth bonding to implement bulletproof packet-level security. Use InControl centralized management to centralize security policy and make network security scalable and easy to manage. Contact one of our skilled Partners to get started.