#1

Whether you are expanding, strengthening, or at the starting line, we provide work from home solutions tailored to your current environment and specific needs.

Our Nth Generation account team is simply customer focused. They bring a sense of urgency to the table. They inspire us to really stretch our capabilities across the organization. They are with us throughout -- to help us solve business problems.

Mac Avancena, CIO, Kern County ITS

 

Are your remote workers securely accessing your environment?

Have you ensured their wireless devices and home systems are appropriately protected?

​Nth Generation can conduct a websession with remote workers to evaluate the posture of their endpoint device, as well as their wifi configurations -- to document and provide guidance, should remediation be necessary.

Number of sessions TBD

Security Posture Check

Are you using next generation AV?

When individuals use their own devices, it is especially important to mitigate the opportunity for infection. Nth Generation can rapidly rollout Cylance-managed services to ensure these devices do not infect your organization.

Endpoint Protection of
Non-Corporate Devices

Leveraging AI for optimal endpoint protection services

Have you trained your employees on proper email hygiene?

Attackers are using national and/or global emergencies as an emotional way to get users to click-through. Test, train, and reward your users by having Nth Generation conduct a Phishing exercise.

Phishing Tests & Training

Are you making changes to your perimeter to enable additional remote workers?

Ensure you haven’t accidentally exposed yourself to a growing number of cyber threats with our Rapid Vulnerability Assessment service.

External Vulnerability Assessment of Corporate Perimeter

Are you secure 24/7?

With heightened remote workers, many organizations are concerned about the lack of 24/7 visibility into attacks. Our MSSP services can quickly provide 24/7 coverage.

Managed Security Service Provider

For more security offerings, visit:

The benefit for us is Nth Generation allows me to focus on my business, allows me to focus on my customers --

knowing they are my partner in helping me solve technology issues.

Mac Avancena, CIO, Kern County ITS                                       

 

FULL TUNNEL

VIRTUAL PRIVATE NETWORKS

If an endpoint is infected with Ransomware / Malware it could spread and encrypt files within the corporate network as well.  In contrast, a VDI instance isolates the client from the corporate environment, thus mitigating it's ability to infect the organization.

Cost: $

Deployment Time:

FAST

 from 1 to a few days

PROS

  • Enables corporate network security countermeasures to inspect all traffic coming from the endpoints.

  • No shipping dependency (for virtual appliance).

  • Generally only requires a license to add additional users.

CONS

  • All traffic may cause network congestion.

  • Endpoints can directly infect the corporate network.

CAVEATS

  • If additional internet bandwidth is required, the lead time by the ISP must be taken into account.

  • Endpoint posture checking can ensure endpoint has appropriate countermeasures in place before being allowed onto the network.

ENDPOINT REQUIREMENTS:

VPN Client Software

CORPORATE REQUIREMENTS:

Next Gen Firewall or VPN Gateway

(Physical or Virtual)

SPLIT TUNNEL

VIRTUAL PRIVATE NETWORKS

 

If an endpoint is infected with Ransomware / Malware it could spread and encrypt files within the corporate network as well.  In contrast a VDI instance isolates the client from the corporate environment thus mitigating it's ability to infect the organization.

Cost: $

Deployment Time:

FAST

 from 1 to a few days

PROS

  • Minimizes bandwidth usage.

  • No shipping dependency (for virtual appliance).

  • Only requires a license generally to add additional users.

CONS

  • Does not have visibility to what the user does on the Internet.

  • Endpoints can directly infect the corporate network.

CAVEATS

  • There are incremental technologies to address security split tunnel vulnerabilities at the corporate network, such as: corporate proxies, open DNS, etc.

ENDPOINT REQUIREMENTS:

VPN Client Software

CORPORATE REQUIREMENTS:

Next Gen Firewall or VPN Gateway

(Physical or Virtual)

ON-PREMISE VDI

VDI instances isolate the client from the corporate environment thus mitigating its ability to infect the organization.

Cost: $$$

Deployment Time:

MEDIUM TO LONG

 from a few days, to a few weeks

PROS

  • Isolates the potentially infected client from infecting the company.

  • Helps minimize data loss.

  • Low latency as virtual desktops and applications are in the same corporate network.

CONS

  • Requires compute, network, and storage, therefore may result in potential delays in shipping.

  • Time intensive implementation.

CAVEATS

  • Configuration in VDI can allow users to attach local disk to VDI.  Without this, users may use shadow IT to conduct work.

ENDPOINT REQUIREMENTS:

VDI Client or Browser

CORPORATE REQUIREMENTS:

VDI Infrastructure (e.g.: VDI Licenses, Compute, Network, & Storage)

DESKTOP AS A SERVICE

(DaaS)

A VDI implementation hosted at a datacenter of a cloud provider such as Ntirety or AWS.

Cost: Subscription $$$

Deployment Time:

FAST TO MEDIUM

 from a few days, to a few weeks

PROS

  • Quickly deployed.  No requirement for hardware acquisition.

  • Isolates the potentially infected client from infecting the company.

  • Helps minimize data loss.

  • Low latency as virtual desktops and applications are in the same corporate network.

CONS

  • A secured strong connection is required between the cloud provider and the corporate network (i.e.: VPN, SDWAN or dedicated circuit).

CAVEATS

  • Configuration in VDI can allow users to attach local disk to VDI.  Without this users may use shadow IT to conduct work.

Nth Generation takes the approach of wanting to help us in the areas we are asking. A lot of companies will come in and tell us about their products and try to force-fit them into what we’re doing. Nth actually listens.

Jim DiMarzio, CIO, Toyo Tires

 

Cradlepoint can provide remote VPN services with their NetCloud Perimeter license and/or with hardware appliances. Cellular capabilities are also a selling point.

CRADLEPOINT

  • Cradlepoint can use hardware or NCP clients. Subscription services start at $36 a year per person.

  • Cradlepoint has both virtual and physical routers/firewalls. Virtual router is hosted in Amazon cloud to support up to 100 tunnels. Good for smaller deployments.

  • Hardware routers support POE and Wi-Fi as well as cellular connectivity.

Aruba uses their wireless controllers to support IPsec VPN users.

ARUBA

  • Aruba does require a license on the controller for to terminate VPN users.

  • Aruba has both physical and virtual controllers

  • Aruba has a VPN client called VIA which requires a license. No other capabilities like AV.

  • Aruba has hardware devices called RAP (Remote AP) which are used for remote users if hardware is needed. They are access points with 4 ethernet ports on them. These are going to be hard to get right now. Also, any IAP can be converted into a RAP so we can sell them as well. They don’t have any hardwired ethernet ports. These all need licenses on the controller.

Palo Alto uses their firewalls to provide IPsec and SSL VPN access

PALO ALTO

  • Palo Alto requires a license to terminate VPN users called GlobalProtect

  • Palo Alto has both virtual and physical firewalls.

  • Palo Alto uses the GlobalProtect client to support VPN users. No other capabilities like AV unless Traps is also purchased.

  • Palo Alto has small hardware firewalls for work at home. Some with Wi-Fi and POE.

Meraki uses their MX Security appliance to support L2TP only.

MERAKI

  • Meraki does not need an additional license, capacity is built into MX appliance

  • Meraki has both virtual and physical firewalls. Virtual is only for Amazon and Azure.

  • Meraki uses the standard embedded client in Windows, Mac, iOS, etc. no client to install.

  • Meraki has small hardware firewalls for work at home. Some with Wi-Fi and POE.

Fortinet utilizes their FortiGate Firewalls to support both IPsec and SSL VPN users.

FORTINET

  • Fortinet does NOT require extra licenses to support VPN features, the capacity for user limits is built in.

  • Fortinet has both physical and virtual firewalls.

  • Fortinet has a client (FortiClient) that if only using the VPN features is free to use. If other features are required like antivirus etc. then there is a license required along with setting up an EMS server.

  • Fortinet has small firewalls that can be used for remote workers if there is a requirement. For instance, if they have a desk phone that needs to be powered with POE or a printer that needs to communicate with the corporate network.

  • Another option is to use a FortiAP which is a wireless access point that can be used to setup an IPsec tunnel back to a Central FortiGate firewall.

Cisco uses their ASA and Firepower firewalls for IPsec and SSL VPN users.

CISCO

  • Cisco requires a license to terminate VPN users called AnyConnect.

  • Cisco has both virtual and physical firewalls.

  • Cisco uses the AnyConnect client to support VPN users. No other capabilities like AV unless AMP for endpoints is also purchased. CISCO IS MAKING AVAILABLE FREE ANYCONNECT EMERGENCY LICENSE TO USE TEMPORARILY UNTIL JULY 1, 2020.

  • Cisco has small hardware firewalls for work at home. Some with Wi-Fi and POE.

Extreme Networks uses hardware and cloud management instead of VPN

EXTREME NETWORKS

  • Cloud IQ cloud managed router and access points.

  • Devices create a secure tunnel back to DC using IPsec.

Connect with us today, to set up a call with a Subject Matter Expert that can discuss solutions best tailored for your needs.

 

Contact your Nth Account Manager or simply inquire below:

 

© Nth Generation Computing, Inc., 2018 - 2020. All Rights Reserved. 

  • White Twitter Icon
  • White Facebook Icon
  • White LinkedIn Icon
  • White YouTube Icon