22 Jun 2019

What does proper SD-WAN security look like?

Read the eBook: How Secure Hybrid SD-WAN is Redefining Networking 

Software-Defined Wide-Area Networking (SD-WAN) has quickly become a useful tool for organisations looking to address greater demand for application performance, flexibility and mobility from the data centre.

While traditional WAN networks run solely on private circuits, SD-WAN solutions allow organisations to take advantage of multiple network connections, private and public internet, intelligently and dynamically matching specific applications with the optimal connectivity available to individual branches. This hybrid approach to networking marries perfectly with the hybrid IT approach to application hosting.

The SD-WAN space has seen impressive growth over the past few years with a raft of new and existing technology vendors (over 60 in all) rushing to market with offerings to help organisations access powerful yet easy-to-implement networking solutions to unlock their potential for communications and collaboration.

Yet concerns are being voiced that the industry is moving too quickly, pushing the powerful benefits of SD-WAN too hard and incorrectly promoting cost savings whilst ignoring the many security risks of running a business over the public internet.

Sure, most vendors marketing SD-WAN solutions will talk about security, but it’s important to understand the difference between a ‘bolt-on’ approach and one that is actually ‘baked into’ the underlying technology.

Evaluating your SD-WAN security needs

Independent cyber security analysts NSS Labs recommends that organisations looking at SD-WAN solutions begin by asking four fundamental security questions:
 

  1. How will my risk posture change if I adopt SD-WAN technology?
  2. Can the SD-WAN technology meet our organisation’s anti-threat requirements?
  3. Are there limits to the types of threats that can be detected?
  4. Is there an operational cost to implementing anti-threat features, and if so, what is it?

This information can help inform the selection and implementation of the best SD-WAN solution; one that not only optimises your opportunities for digital transformation, but one that also has your back in a security sense at the same time.

Where to start with SD-WAN security

SD-WAN with integrated Next Generation Firewalls (NGFW) at the edge and hub is one of the most important considerations in this discussion as organisations place greater reliance on mobile and public cloud-based apps.

According to Gartner, Next Generation Firewalls are defined as: ‘A deep-packet inspection firewall that moves beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.’

SD-WAN that incorporates advanced WAN networking, overlay VPN, and world-class security (NGFW, IPS, Antivirus, Web Security, and even Sandboxing) woven together and visible through a single-pane-of-glass guarantees rapid low touch/no touch deployment, while delivering powerful interconnectivity without sacrificing on security.

To help navigate the broad range of vendors and their respective marketing claims, NSS Labs has created the following SD-WAN security checklist:
 

  1. Secure SD-WAN Proof of Concept (PoCs) projects should include full stack NGFW testing, whether integrated into a solution or deployed later as an overlay solution, for the comprehensiveness of protection and ease of deployment.
  2. With business traffic – especially across public networks – increasingly encrypted, enterprises must evaluate the performance of inspecting SSL and IPSec encrypted traffic so that security does not become a bottleneck for critical and/or latency-sensitive applications and services. 
  3. Review NSS Labs recent SD-WAN and NGFW public test report for a detailed comparison of vendors, in addition to the NSS Labs SD-WAN Intelligence Brief.

The ease of deployment and sheer power of SD-WAN means it should be part of every network admins’ tool kit today, but its effectiveness is only as good as the security protections that are put in place.

With all things considered from NSS Labs analysis, Brennan IT has selected Fortinet as our preferred vendor for delivering secure, hybrid SD-WAN. As one of the most experienced and respected providers of network solutions in Australia, we’ve expert engineers ready to help design, implement, manage and secure the right SD-WAN and wider networking solution for your organisation. Get in contact with us today to discuss your needs.

Top