4 Essential SD-WAN Security Defenses

by Trent Pham
October 16, 2018

SD-WAN’s growing popularity stems from the advantages it offers by moving key business functions to the cloud: simplified management, increased efficiency and resiliency, improved scalability, and significantly lower costs. It’s little wonder that SD‑WAN growth is accelerating, and rapidly.

Yet because SD-WAN uses the internet as transport, concerns persist among potential adopters regarding its security. The essential question: Can any WAN solution operating over the public internet protect enterprise information as thoroughly as a purely private WAN can?

SD-WAN security

The answer is yes and by considering these four areas, the data transmitted over a public network can be as safe as a private network.

  • Firewall – Because it distributes enterprise assets across on-premises, cloud and hybrid environments, SD-WAN opens up new points of vulnerability. SD-WAN solutions must address this with a Zero Trust security model and firewalling based on application flow. Whether you’re considering cloud-based or on-premises firewalls, look for an SD-WAN solution that delivers application control, intrusion prevention, and content filtering.
  • Encryption – Data in transit is especially vulnerable to attack; any SD-WAN solution must offer strong end-to-end encryption across all transports. This is especially critical with all traffic crossing the internet to reach branch offices and other remote user locations.
  • Security class differentiation – SD-WAN should support the prioritization of security resources, with distinct segmentation and security policies. For example, enterprises that handle payment card information will want to place the highest priority on personally identifiable information to avoid PCI DSS compliance issues. Two-factor authentication and in-depth log monitoring will provide additional assistance through reliable audit trails.
  • Virtual network function (VNF) software – VNF in SD-WAN enables common network functions, such as firewall to run as virtual instances on the same CPE as the SD-WAN itself. This supports more highly integrated security, with hardware capacity used efficiently across locations and users. VNFs also can be centrally managed, which supports faster provisioning and greater flexibility in policy management.

While there are always tradeoffs involved in moving from legacy to newer solutions, the gains made by adopting SD-WAN are extremely compelling – as long as security is strengthened in the move rather than compromised. With the right security technology incorporated in SD-WAN and proper preparation, adopting enterprises can move forward with the knowledge that their assets are thoroughly secure – including all interfaces with the public internet, and all enterprise traffic that crosses it.