Our SASE solution was purpose-built for carriers. It applies security to both cloud-based applications as well as to MPLS VPNs (private networks). Private Networks are still heavily relied upon by enterprise customers and are an important revenue stream for carriers. Our solution protects that business.
Help your subscribers manage their home network. With the rise of IoT and adoption of OTT technologies, delivering high-speed connectivity and managing services and devices is more important than ever. MHN allows subscribers to add policies by device, implement bandwidth restrictions, and more.
Deliver seamless connectivity throughout multiple units, areas, and properties. Manage these easily with our portals.
TIP OpenWiFi is an open-source community project that is driving an industry movement for accelerating Wi-Fi infrastructure innovation through completely open interfaces to deliver favorable economics for Service Providers and Enterprises with no-vendor lock-in.
For à la carte services
Guest WiFi keeps everyone connected without compromising on security. With Guest WiFi, you can create a guest network, which separates your main network from guest access.
If you’re not a fan of sharing your network password – a guest network is for you. However, there are a few other compelling reasons why guest networks come in handy for residential subscribers as well as for properties and businesses:
Go beyond just a separate guest password. With our Guest WiFi feature, you can empower your subscribers to also create policies, customize experience, get network analytics and device usage information, control Quality of Service (QoS), set usage limits, integrate with social networks and much more.
Internet pause refers to the ability to pause internet connectivity on a scheduled basis or on-demand. Pausing can be enabled for the entire network, specific VLANs or WiFi APs, guests vs private trusted users, or based on specific users or devices.
Whether you’re a parent, a business owner, a property manager, or a provider, having the ability to control your network and access to it is always valuable. WiFi Pause is particularly useful for
Control your network, or offer your customers the ability to control their networks with ease. Our WiFi Pause feature empowers you to
Internet-of-Things devices are any device that interacts over the Internet and is not directly controlled by an end user. WiFi thermostats, security cameras, and sensors all fall into this category.
For businesses and homes, IoT devices can greatly simplify life by providing automation and remote control of systems:
IoT devices have great potential but the increase the “attack surface” for cybersecurity crimes. Hackers frequently attack IoT devices because some IoT vendors are not specialized in security, leaving critical vulnerabilities.
Device fingerprinting refers to the ability to identify the type of device trying to connect onto your network, such as cell phone, watch, laptop, tablet, thermostat, camera, printer, WiFi AP, etc.
For networking, device fingerprinting can become especially important if you want visibility and control over what devices are connecting on your network. This spans across both business and residential needs –
One of the key benefits of the SD-Edge Platform’s Products and Solutions is their innate ability to offer network customization/configurability and control. A vital pillar of this process is the ability to know and control the devices that interact with your network. Our Device Fingerprinting is optimized to ensure you have granular control over your network and who accesses it.
A firewall is a network security system designed to monitor incoming and outgoing network traffic and prevent unauthorized internet users from accessing private networks. Firewalls decide whether to allow or block specific traffic based on a defined set of security rules. You can implement a firewall in either hardware or software form, or a combination of both. There are a variety of different types of firewalls available today, some of which include:
A virtualized firewall refers to a software instance of a firewall – typically these are more versatile than the hardware equivalent.
For networking, security is incredibly important. A firewall becomes a paramount layer of defense against unauthorized users and unwanted network activity.
Benu’s carrier-class firewall is protecting over 24M WLAN APs and the users behind them. Carrying over 7 Petabytes of traffic a day, Benu’s firewall software is field proven for nearly a decade of broad commercial deployment.
Traditional perimeter-only firewalls are effective for private enterprise deployments, but are not effective in deployments that have a large guest user base, such as in venues, MDUs, hospitality, retail businesses, and public WiFi networks. In all of these scenarios, there is a mix of trusted users (employees and staff), trust devices (Internet-of-Things), partially trusted users (vendors or suppliers), and untrusted users (guests).
For all these different types of users, even trusted users, Benu supports a zero-trust approach. Zero-trust security restricts users to only the parts of the network and applications that they need, thereby reducing the attack surface and minimizing access to sensitive parts of the network. Microsegmentation creates separate zones within the network to maintain separate layers of access to applications and network resources.
In addition, unlike typical firewalls, Benu’s SD-Edge platform supports per-user policy enforcement which is essential in environments with a high number of untrusted or partially trusted guests. These per-user policies include network access controls, QoS and rate limiting, content filtering, and data volume limits.
Malware is any program whose purpose is harmful. Typically these are designed to damage computers, servers, clients, or computer networks, and these can include computer viruses, worms, Trojan horses, ransomware, spyware, adware, and scareware. Malware protection offers a layer of defense against malware threats.
Types of Malware protection can range from anything from a simple antivirus utility to a feature-rich security suite. Full-scale security suites expand protection to include features like spam filtering and parental control. Some antimalware tools work alongside your main protection to provide added security against specific threats, such as ransomware.
If you browse the Internet nowadays, you need malware protection. As we continue to rely on connectivity to drive critical functions – from both a business and residential perspective- keeping our information secure is vital. With malware protection, rest assured your data is safe from predatory, harmful intent.
Benu identifies websites and even individual subpages of websites that are infected with malware, and prevents them from infecting your devices.
Phishing refers to using fraudulent methods to get sensitive or personal information like usernames, passwords and credit card details. Phishing attempts can be deceptive e-mails and websites disguised as a trustworthy entity in an electronic communication.
This venerable, but increasingly sophisticated, form of cyber-attack requires proactive detection and protection. This can come in the form of email gateway reputation-based filtering, or anomalytics, which looks for unusual patterns in traffic to identify suspicious emails, then rewrites the embedded URL and maintains a constant watch on the URL for in-page exploits and downloads.
Phishing is one of the most common causes of network security break-ins. Even the most savvy users can fall victim to the emails and websites behind these attacks. Without phishing protection, you leave your network open to the most common vulnerability that exists today.
Benu identifies emails and websites that are attempting phishing attacks and then blocks them.
Content Filtering (also used for Parental Controls or Parental Filtering) compares Internet website URLs that users attempt to access with URL categories or lists of URLs. You can use content filtering to prevent users from accessing websites that provide content that is objectionable, potentially harmful, or not work-related.
Content Filtering helps with network control and protection – whether that’s a home network implementing parental control policies, or a business network restricting access to potentially harmful or non-work related sites.
Benu offers the only comprehensive parental controls and content filtering on the market that offers ‘follow me’ policy enforcement – where in-home policies roam with a user or device. Our content filtering and parental controls include:
Deep packet inspection (DPI is a process where the network inspects data packets beyond the initial headers and sometimes all the way into the payload. DPI helps locate, detect, categorize, block, or reroute packets that have specific code or data payloads that otherwise would not be identified by conventional packet inspection.
DPI can also be used to help make sure spam, viruses, intrusions, and any other defined criteria doesn’t pass through the network. Unlike conventional packet filtering, deep packet inspection goes beyond examining packet headers.
Adding an additional layer of protection and security, Deep Packet Inspection (DPI) allows you to:
Benu’s Deep Packet Inspection (DPI) provides a mix of identification of both applications and web services. Using continuously updated algorithms and databases, the solution keeps up with the ever-changing profile of different applications and services.
A static IP address is an IP address that was configured for a device, rather than assigned by a DHCP server. A static IP does not change and is fixed to your connection and device.
Since a static IP on the public Internet makes it easier for the outside world to connect with your business far more easily and reliably, static IP addresses are useful for gaming, website hosting or Voice over Internet Protocol (VoIP) services.
Static IP addresses can be useful both inside a private network and on the public Internet.
Static IP on private networks:
On the Public Internet:
Depending on the deployment, Benu can be used to assign an IP address just for the public Internet connection, or for all the devices inside the business or home network. The Benu solution is highly unique and has many significant advantages. Some of these are:
LTE Backup, Redundant WAN, and WAN Failover refer to methods of retaining connectivity in the event of a service interruption of the primary WAN connection.
With LTE backup, the router will automatically switch over to the cellular network. Redundant WAN and WAN Failover systems enable the system to immediately switch over to an active WAN link. In some cases, it will also load balance across WAN connections.
Having a backup plan for service disruption enables uninterrupted service and constant uptime. For businesses, this can be extremely important if sales transactions are dependent upon network connectivity, or if there are service level agreements (SLAs) that they need to meet with their partners, providers, or customers.
In addition to avoiding downtime, businesses can save money while simultaneously enjoying higher speeds and better reliability. Most businesses need the reliability of “business-class” Internet connections with high SLAs, but these connections typically cost much more than two regular Internet connections. Purchasing two normal Internet connections can be much less expensive while providing more bandwidth and higher reliability.
For example, for one Benu customer, the cost of business-class 500Mbps Internet is $2000/month, but a normal 1Gbps Internet connection is $200/month, so by purchasing this with an LTE backup or secondary Internet connection, the customer saved $1600 per month.
There are a variety of benefits to using LTE as a fixed WAN access connection, including:
A Multi-Protocol Label Switching (MPLS) Layer 3 (L3) VPN creates a private network using a public network to connect remote sites or users together at Layer 3 of The Open Systems Interconnection (OSI) model, also known as the network layer.
In an MPLS L3 VPN, routing occurs on the service provider’s routers, meaning these require more configuration on the part of the service provider, because the service provider’s routers must store and process the customer’s routes.
The VPN is made up of a set of sites that are connected over a service provider’s existing public Internet backbone. The sites share common routing information and the connectivity of the sites is controlled by a collection of policies.
A Layer 3 VPN creates a Virtual Private Network (or VPN) at Layer 3 of the OSI network model. This means that each site that is connected to the VPN has its own Layer 3 domain and routing is enabled between them.
By using a VPN, you enable private inter-site communications that can provide better security and more predictable performance.
By using Layer 3 VPNs, customers can limit the size of the “broadcast” domain that exists at Layer 2, in which devices can broadcast messages to all other devices on the network. Very large layer 2 networks can create broadcast storms and be difficult to manage.
For service providers, L3 VPNs allow them to offer value-added services like Quality of Service (QoS) and Traffic Engineering, allowing network convergence that encompasses voice, video, and data.
Benu can instantly enable a L3 VPN between different sites by simply toggling a radio button to interconnect them on the Benu Managed Business Networks (MBN) management interface. In this way, customers have a “zero IT” implementation and do not have to go through complex configurations to enable the VPN.
A Layer 2 VPN creates a Virtual Private Network (or VPN) at Layer 2 of the OSI network model. This means that each site that is connected to the VPN appears as if it is on the same local area network (LAN).
By using a VPN, you enable private inter-site communications that can provide better security and more predictable performance.
By using a L2 VPN to create a single LAN across sites, devices can easily discover and access servers, printers, and other systems even if they are not in the same site. Protocols like ARP (Address Resolution Protocol) and DHCP will work across the entire LAN.
Benu can instantly enable a L2 VPN between different sites by simply toggling a radio button to interconnect them on the Benu Managed Business Networks (MBN) management interface. In this way, customers have a “zero IT” implementation and do not have to go through complex configurations to enable the VPN.
Because all the sites appear to be on one network, device-level policies can be easily enforced across all sites using a single policy.
Network policies enable you to control what happens on your network. Policies are typically used to enable a broad range of network security and quality of service settings. In most networks, there is a system that is used to configure the policies, and another system used to enforce the policies on the network.
Multi-layer policy enforcement refers to the ability to provide policy enforcement at the entire network level, virtual network (VLAN) level, network node level (like WiFi AP or WAN router), user level, and/or device level.
Multi-layer policy enforcement provides more control over the network. More control equates to better security and better user performance. Businesses and homes can create a set of conditions and constraints that determine who and what are authorized to connect to the network and the circumstances under which they can or cannot connect, to what parts of the network they have access, what applications they can use, and what bandwidth they can have.
Benu provides as many as six layers of policy enforcement. For example, customers can create a policy for YouTube (application) on mobile devices (device) for users that are guests (user type) and are connected on WiFi AP #2 (network node) and are in VLAN #20 (VLAN) on the network located in Boston (Network). This can be depicted as the following multi-layer policy with increasing granularity of the policy as you go down the layers:
Layers can be re-arranged depending on what is the most granular policy desired. For example, a server with financial information could be restricted to a specific VLAN, and that VLAN only allows specific application traffic related to that server, and only allows certain devices to connect to that server, and the VLAN is only allowed to go across WiFi APs in a specific area of the building.
As can be seen with the examples above, policy management can be complicated to manage, particularly if it has to be provisioned and managed on many different WiFi APs and switches. Policy enforcement is greatly simplified if implemented in a centralized manner. This is why so many large businesses choose to tunnel all of their WiFi traffic through Benu’s SD-Edge solution as a centralized policy enforcement point. Without losing visibility to individual devices, the Benu platform can enforce policies throughout the network. Given that most traffic is north-south (ie. From the device out to cloud-based applications on the Internet), all of this traffic is going through the Internet gateway anyway and so there is minimal unnecessary aggregation of network traffic.
To mitigate this issue, bandwidth management on the WAN / Internet link uses quality of service (QoS) settings to prioritize more important traffic over less important traffic. In this manner, less important traffic is dropped, instead of randomly dropping all application traffic.
Hierarchical QoS is a highly advanced type of QoS that enables a hierarchy, or multiple layers, of QoS policy.
Typically, local area networks (LANs) have gigabit speeds or even 10 gigabit speeds, but WAN / Internet connections are dramatically slower. In these cases, there can be “contention” on the WAN/Internet connection in which too much traffic is being sent at the same time, resulting in packets being dropped. This causes the user experience to degrade, and more importantly, critical applications can get blocked by less-important traffic.
Hierarchical QoS is becoming more important for two reasons:
As an example, a customer could create a QoS policy with multiple layers. For example, they might want the Private VLAN (that has business applications) to receive 70% of the Internet bandwidth and restrict Facebook traffic to 10% of this. Simultaneously, they give the Guest VLAN 30% of the bandwidth and allow Facebook to 50% of the Guest VLAN traffic. In this way, Facebook traffic is restricted uniquely within each “bandwidth pipe” of the different VLANs.
The hierarchy can have additional layers than the example above. The diagram here shows the services are restricted differently among different user types, who are themselves restricted to a certain bandwidth within their user group (or VLAN), and the user group VLANs are similarly restricted within the overall network bandwidth.