November 26, 2018 BY futurefirewall
The introduction of software-defined wide area networking (SD-WAN) has solved a lot of challenges in an increasingly complex network environment. Enterprises are able to control the costs of heavy data volumes stemming from cloud solutions and Internet of Things (IoT) devices, but this may come at the cost of sound cyber security policies. As a result, many organizations are looking to bolster their business continuity plans with a new approach to cyber security and unified threat management.
A traditional network approach to cyber security, and why it no longer works with SD-WAN: In the past, the enterprise network used firewalls and other perimeter-focused security solutions with the goal of sifting all traffic that came through the network. This approach no longer works because one of the benefits of SD-WAN is that it does not require traffic to be backhauled over pathways back to the network for sifting. It can go directly out to the internet and to cloud solutions.
As a result, there are pathways and endpoints left vulnerable to cyber security threats, and SD-WAN requires a unified threat management solution to address not only security at the core of the network, but also at the edge, where much of the traffic is passing to and from cloud solutions. There are three basic ways to approach cyber security with SD-WAN:
Built-in, foundational security: Not all SD-WAN providers offer this type of cyber security solution, but it is an integrated, next-generation firewall with unified threat management. It is central to the networking approach and offers a simplified solution without any additional appliances. The only caveat is that in taking this route, the enterprise trusts that their provider is covering all aspects of network security and that there are no areas of vulnerability.
Appliance-based security: In this strategy, the enterprise uses an existing or new provider to set up necessary appliances for handling cyber security. It can be more costly than unified threat management and might create added complexity in a network solution designed to simplify management.
Third-party, SaaS security: A Software as a Service (SaaS) approach might offer some relief to in-house IT by taking over the cyber security piece of the network, with little in terms of hardware or initial investment. The drawback is that it adds a separation between the management interface and the touchpoint, creating additional steps for administrators and complicating the process.
Investing in an SD-WAN solution that offers unified threat management will offer the enterprise better performance, as well as simplified management. There are also certain security features that are critical for SD-WAN, including a stateful or cloud-based firewall, plus dynamic Internet Protocol security (IPsec) tunneling, and site-to-site pairing. Features should also include malware protection and secure key management with dynamic re-keying.
For more information about unified threat management for SD-WAN, contact us at SimpleWAN. We offer foundational cyber security features in our solutions that take a proactive approach to protecting the enterprise network and its data assets.