The 'S' in SD-WAN May as well be About Security

Leader:

As SD-WAN changes the underlying technology of how applications and the network interact and work with each other, it is important that the securitsy architecturessss is re-considered in conjunction with SD-WAN. In this blog, we highlight how SD-WAN and SD-Security when done right, goes a long way in securing the enterprise.

Last year, in 2017, the world saw more data breaches than any year prior. A report by the Identity Theft Resource Center (ITRC) found out that there were 1,293 total enterprise data breaches, compromising more than 174 million records. That’s 45% more breaches than 2016.

It doesn’t take an expert to predict that this disturbing trend is only expected to continue for 2018. The influx of massively disruptive technologies like cloud, IoT and mobility have made the enterprise network landscape complicated beyond comprehension and opened up critical enterprise resources (applications and data) to the vagaries of the public internet.

(Also Read:

• The Internet of Everything Insecure
• SD-Security for the Branch Office  )

Application and data access are rapidly moving beyond the secure confines of the data center firewall and many branch offices today rely heavily on direct internet access due to the increased adoption of cloud-based services.  This can be worrying for the enterprise since access to mission-critical apps via internet directly can potentially become an entry point into the branch for any potential threat. IT leaders now need to think of the branch connectivity as the first line of defense and is a common point of egressing attack traffic.

In recent years, SD-WAN has been gaining a lot of attention because of its ability to simplify and automate the enterprise network. But SD-WAN can also be a great tool to strengthen network security- provided IT leaders choose the right solution from the right vendor.

Let’s explore how SD-WAN provides enterprises a way to not just build a more intelligent and agile WAN but by software-defining security, can also help create a more comprehensive network security strategy.

Simple Features Go a Long Way:

SD-WAN, by definition, focuses on the enterprise edge, the branch, which faces the internet via direct. It is the first point of entry for any potential threat. And it is the first line of defense against the unknown. It is also a common point where all network traffic including attacker traffic egresses out into the internet.

SD-WAN alone can reduce network complexity, ease operations and make it easier for IT teams to manage and monitor the WAN. But by software-defining security and combining it with SD-WAN, enterprises can incorporate advanced security within the fabric of the network for better resilience and resistance.

As more and more enterprises look to replace their legacy WAN with SD-WAN, it is crucial to consider evolving security for the network edge.

Effective Use of Central Management Portal:

Many security vulnerabilities in today’s enterprise are a result of manual errors in configuration. A wrong permission setting, a weak password or wrong policy can create a large gap in the network, exposing your systems to cybercriminals.

With zero-touch provisioning and a central unified management portal, the configuration for the entire WAN can be configured with a single click. The configuration is available for audit and review. Any change in the configuration can be reviewed against the old configuration and any changes recorded and highlighted.  The ability to instantly roll-back is also critical for IT teams to be able to repair or mitigate non-responsive systems due to inadvertent operator mis-configurations These features reduce the dependence on scripts and manual configuration of individual devices.

Secure Dynamic Configuration-less Tunnels:

IPsec is an IETF standard protocol for data privacy which has proved its resiliency against attacks. However, the configuration of certificates, pre-shared-keys or advanced security parameters between each pair of network elements has the potential to leave the network less secure if done improperly. As the size of the network grows, so does the likelihood of keys reuse, certificate mismanagement and misconfiguration, paving way for exploitable security vulnerabilities.

With SD-WAN, the secure IPsec tunnels are dynamically created without any manual configuration between nodes. When a new branch is added, security keys for the branch (unique for every other branch) are generated dynamically. Each pair of branches has unique keys, creating a more secure network.

Network Monitoring and Analytics:

SD-WAN analytics provides a unique ability to monitor the real-time behavior of the network as well as enable historical reporting. IT administrators can review the activity of users, devices connected to the corporate WAN and all applications from a single management console. This makes it easier for IT teams to scrutinize the network for suspicious behavior without delay to identify and remediate issues.

Some SD-WAN analytics tools like Versa Analytics can offer complete co-relation between the enterprise network and the security policies that govern it by providing base-lining, correlation, holistic visibility and predictive analysis for the network, security events and application usage.

Single Policy to Rule Them All:

One of the primary benefits of SD-WAN is application awareness. The SD-WAN network should be application aware and provide differential user experience based on the application configuration. It can also empower the network for dynamic path selection to deliver quality user experience based on application requirements.

A single software portal that can manage the entire WAN and unify security, network, and application policies, into one policy framework that can be deployed and configured from one screen,  ensures that the policies are consistent with each other and do not create a gap which can be exploited by the attacker.

Versa Makes It Easier for You:

Versa’s multi-service software architecture provides security and SD-WAN in one platform enabling you to deploy a secure software-defined network without the added complexity of an appliance sprawl in your branch. With Cloud deployable branch appliances and SaaS optimization features, the Versa Secure SD-WAN architecture will solve all your networking and security needs be it in the physical branch or in the Cloud.

To learn more about how Versa’s SD-WAN with integrated security can help you secure your organization and create an intelligent dynamic network, click here or request for a demo.

About the Author:

Rahul Vaidya is the Sr. Product Manager at Versa Networks. Rahul has more than 14 years' experience in the field of enterprise technology, product management, and product architecture. In the past Rahul has worked with industry giants like Samsung, IBM, Juniper, and Cisco and has a deep technical and business understanding of current wireless, SDN, security and virtualization domains and emerging trends in IoT, 5G domains, and API- topics that he usually loves to write about as well.

Liked the blog or have questions/queries? Contact Rahul at rahul@versa-networks.com, or share your thoughts on his LinkedIn.