cloud icon between tablet and laptop

Key Considerations When Choosing a Solution

Security embedded in an SD-WAN-enabled appliance cannot simply be downgraded to perfunctory specs and held hostage to SD-WAN’s greater mission of pushing packets through pipes as seamlessly as possible. In today’s cyber-threat environment, SD-WAN-plus-security offerings need to be assessed more carefully in order to prevent exploitation in the cloud. When examining SD-WAN security solutions, organizations should look for these key capabilities.

Cloud services and flexible infrastructures are critical components of today’s organizations, which is why the traditional WAN is no longer an effective solution for today’s distributed enterprise. Organizations are overcoming many of these network issues by adopting SD-WAN.

SD-WAN plays a critical role in the transformation of organizational infrastructure, enabling them to adopt the flexibility and performance required to compete effectively in the digital marketplace. It solves an immediate need to replace rigid infrastructure with significant simplification, improved cost advantage and better support for cloud adoption. SD-WAN technology fills that need by effectively routing network traffic from branches to the cloud, headquarters or other branches.

It allows branches to directly access cloud applications by dynamically using broadband connections, thereby increasing network performance and reducing costs. SD-WAN also takes an application-centric approach, allowing enterprises to maximize the available bandwidth for business-critical applications and increasing their ROI.

The Biggest SD-WAN Challenge is Security

Cybercriminals are looking for ways to exploit the growth in cloud. While service providers are an attractive target, most criminals don’t have the resources or skill sets needed to effectively target them. What they are looking for instead is a weak link to exploit. They want something that will allow them to either break into an organization through their cloud connections or to exploit a cloud connection as an access point to a cloud provider. For many, SD-WAN is a potentially attractive opportunity.

SD-WAN vendors are increasingly embedding security features into their offerings, but these tend to be basic, Layer 3 network controls and not the robust security functions that these environments require. According to Gartner, while “software-defined WAN (SD-WAN) products now incorporate internet perimeter security, more than 90 percent of SD-WAN vendors are not traditional security vendors, which causes clients to question whether they can rely on embedded security alone.”

There are many different SD-WANs on the market today, and VPs of IT need to carefully review their options. Because of the potential security risks, Gartner recommends that customers “avoid making strategic WAN decisions in a siloed, incremental fashion, solely within the networking group.”

That’s because what is often missing from these deliberations is how to adequately address security risks. Considering the current cyber-threat environment, security embedded in an SD-WAN-enabled appliance cannot simply be relegated to perfunctory specs and held hostage to SD-WAN’s greater mission of pushing packets through pipes as seamlessly as possible. But that is exactly the problem with most of today’s SD-WAN-plus-security offerings.

Things to Consider When Selecting a Secure SD-WAN Solution

SD-WAN security cannot afford to become a euphemism for SD-WAN compromise. When examining SD-WAN security solutions, candidates claiming to provide SD-WAN next-generation firewall (NGFW) security functions should be assessed for several key capabilities:

  • Application and Path Awareness. As an SD-WAN-enabled appliance, the NGFW solution must include path awareness intelligence, be able to automatically route packets from each application according to application-level SLAs and prioritize them by criticality, time of day and so on. It should also be application-aware, enabling network admins to monitor the changing traffic patterns of the applications traversing the WAN so they can dynamically modify security policies accordingly.
  • Integrated Security and Compliance. The secure SD-WAN environment should not only include key security features, such as high-throughput IPSec VPN and SSL inspection, but also compliance tracking and reporting. With applications dispersing packets across multiple WAN pathways inside an SD-WAN, you don’t want to have to spend hours retracing the routes of suspect packets by toggling between multiple apps.
  • WAN-Aware Automation. It is essential that NGFW security solutions not compromise WAN path routing. Otherwise, the performance gains promised by SD-WAN may be negated by security-based latencies.
  • Multi-Broadband Support. Rather than relying on erratic 3G/4G/5G networks as the only failover for multiprotocol label switching (MPLS) lines, an SD-WAN solution should also be able to securely leverage the public internet in order to maximize WAN availability.
  • TCO-Reducing Features. Consolidated management is essential. It doesn’t pay to adopt an integrated solution if it needs to be managed through multiple consoles. In addition, an SD-WAN solution needs to offer zero-touch deployment to relieve much of the burden associated with secure SD-WAN implementation.

Who Owns Your Secure SD-WAN — Networking or Security?

That’s a challenge many organizations face. In spite of increasingly hyperconnected and distributed networks, many IT teams still operate within rigid and siloed lines of responsibility, which is why you need a solution that can operate as an agnostic solution. Any SD-WAN solution under consideration, then, needs to integrate both networking and security functions through a single pane of glass for simplified management. This not only reduces finger-pointing and wasted time, but also increases your flexibility in allocating FTE resources while maintaining consistent network and security policies across your entire distributed network ecosystem.

A secure SD-WAN can help you lower TCO all around. With some careful planning, it can be a straightforward path to creating a WAN solution that meets the needs of your users, as well as your networking and security teams – if you know what to look for.

Nirav Shah

Nirav Shah is Senior Director of Products and Solutions at Fortinet. Nirav has more than 15 years of experience working in the enterprise networking and security industry. He serves as Fortinet’s products and solutions lead for FortiGate network security appliances and focuses on NGFW, SD-WAN, segmentation and secure web gateway use cases. Prior positions include a senior software developer and senior product manager for enterprise networking and security solutions for Cisco. Nirav holds a master’s in Computer Science from the University of Southern California.

Related Post