How Secure is SD-WAN?
SD-WAN can help your business connect your branches more effectively and simplify connectivity with cloud-based applications and services across all sites. However, the architecture of SD-WAN and its performance requirements raise new security issues that traditional security solutions cannot address. And, security is ranked as the number one concern by organizations considering SD-WAN deployment.
SD-WAN security challenges reflect the risks of ‘security sprawl’ and inconsistent levels of protection across network environments that feature diverse, multi-vendor security solutions. It’s essential to deploy native SD-WAN security solutions that provide comprehensive protection and are integrated with the SD-WAN. This type of integrated native SD-WAN security is available as a managed service or as a VNF (Network Functions Virtualization) solution.
Multiple Security Environments
SD-WAN’s ability to interoperate with different network protocols including MPLS, VPN, broadband Internet and LTE means that it forms part of a wider interconnected system of different network environments. If each environment has a different security solution, data moving across the system will encounter inconsistent levels of protection during its journey.
Security weakness in any one area can threaten the entire network. This increases security risks as protection of data and applications moving across the organization should be seamless. Expanding interconnected networks that incorporate SD-WAN also increase the potential attack surface for hackers and cyber criminals. The threat further increases as organizations leverage the Internet to simplify direct cloud connectivity from branches.
Changing Security Requirements
In traditional WANs, MPLS provided a secure network with security managed centrally. However, legacy WAN security solutions have proved inadequate for the distributed environment that is created when SD-WAN is used to link branches with other sites and with the cloud. As SD-WAN enables the use of broadband Internet as a transport mechanism, this can expose the network to risks not covered by existing centralized security measures.
While existing core security solutions provide adequate protection for legacy WANs, they are not designed for the scale, elasticity and performance of SD-WAN. They may not provide cover beyond the edge and they cannot adapt to changes in connectivity that are enabled by SD-WAN.
SD-WAN vendors provide security measures as part of their solution, but the tools may only be basic. For example, the security measures may only cover layers 1-3 but don’t take account of layers 4-7, which have more advanced security requirements. That requires additional tools from other vendors that have to be integrated into the main solution to reduce management complexity.
The security measures are likely to include a next-generation firewall (NGFW). However, NGFW performance can be impacted by encryption, which is essential for branch traffic travelling over the public Internet.
Native Security Essential
While basic SD-WAN security measures provide a reasonable level of protection, BroadConnect believes that a native security solution is essential to provide the comprehensive security needed to protect systems and data against frequent attacks that are increasingly complex.
Native security tools are designed for the performance requirements of SD-WAN and can be integrated into the SD-WAN solution. They should offer IPsec as well as advanced capabilities including intrusion protection, web filtering and anti-malware as part of Unified Threat Management. A native security solution should also be able to adapt to changes in connectivity and be managed through a single interface for policy deployment and updating.
This type of security solution can be delivered as a managed service providing SD-WAN integrated with IPsec and other advanced capabilities to provide comprehensive protection for systems and data with no impact on SD-WAN performance.
Find out more
If you want to find out more about SD-WAN security or discuss a solution for your business, please call us now to speak to an expert – 1-877-228-6616.