I have consulted with our company's expert community and they tell me that the best approach would be to consider a reverse proxy between the Internet & the server.
Configure the reverse proxy to only forward on requests to URLs under the top level "/Suite" virtual directory, and reject all other URLs.
You could also - for any other sites - do IP Filtering and only allow local IPs to connect. I'd do that in addition to a reverse proxy out of an overabundance of caution.