Software-Defined WAN (SD-WAN) is one of the most rapidly adopted technologies of the past decade. According to a recent study published by Dell’Oro Group, the worldwide sales of SD-WAN technologies are forecasted to grow at double-digit rates over each of the next five years to surpass $3.2 billion in 2024. This growth is certainly a testament to some of the more well-known benefits of SD-WAN technology, such as centralized network policy management, network flexibility and application-aware routing. More recently, SD-WAN has emerged as a key component for building more flexible, integrated security frameworks.
With SD-WAN, branch offices become part of an enterprise’s larger network topology, with their own Internet egress. Corporate devices can access the Internet via multiple endpoints, adding a layer of complexity to network security. However, if properly configured and equipped, SD-WAN can simplify management, help improve security, and decrease threat vectors. In sum, SD-WAN can improve an organization’s security posture and help decrease the stress and costs associated with a security intrusion.
In this article, we will review the integral role SD-WAN plays in enterprise network security approaches as network and security continues to converge in order to best support hybrid workforces, the migration to the cloud and increased security threats.
Traditional security models were designed to support a walled castle approach where all of a company’s data, applications, and users operate behind a firewall at a centralized headquarters or data center. As more enterprises continue to support hybrid workforces and cloud migration, critical data and applications are also moving out of the traditional data center to the edge. As security perimeters evolve, every access point and network element becomes a potential risk for security breach. The basic firewall functionality may not be enough to help protect enterprise networks. Organizations are better served by using an SD-WAN solution that integrates security into the network functionality. The following are some key considerations for optimization:
Network policies and segmentation for security:
SD-WAN delivers the flexibility to segment networks and implement application-aware routing, thus limiting the attack surface of highly sensitive data and systems. For example, segmenting mission critical systems and data from those less critical systems like basic productivity, office and research tools creates risk domains. Network segmentation can minimize the impact of a successful attack to said domain. When set up properly, enterprise security policies with segmentations can help prevent or reduce the impact of a security incursion, and hopefully prevent propagation beyond the borders of the impacted segment.
Without SD-WAN, application-specific security for cloud-based applications can be complicated and expensive. By setting up protected regional zones to securely direct cloud-based application traffic to where it needs to go based on corporate security policies—SD-WAN can help you architect and incorporate security controls to platforms and apps into your connectivity fabric.
In order to help protect the site-to-site traffic of corporate locations, software-defined networking (SDN) management can connect all locations with a secure tunnel using AES256 encryption. SD-WAN can also help you prioritize and route that traffic by application, and then allow IT leaders to apply security policies using the SD-WAN appliances as enforcement.
Unified threat management (UTM):
UTM delivers multiple security functions through a single service designed to help protect business infrastructure. This combined security approach can present a unified security posture over geographically dispersed, distributed networks. SD-WAN appliances with UTM and/or next-generation firewall capabilities built in, to help protect each branch location – getting back to the expanding perimeter point. Using SD-WAN technology that includes integrated security solutions can reduce the complexity of deploying and networking a separate suite of security tools. This includes point solutions like NGFW, IDS/IPS, URL or a fully stand-alone UTM.
Single Pane of Glass Monitoring:
Once proper orchestration and security policies are in place, IT teams can monitor all traffic and ports. With SD-WAN’s real-time, simultaneous management of the network and UTM threat detection on a single pane of glass, flagging risks and thwarting potential threats can help reduce corporate risk profile.
For retail or other credit card accepting digital commerce organizations, finding an SD-WAN solution that is PCI compliant should be a top consideration for transmitting sensitive credit card data using industry standard encryption. Flexible provisioning and segmentation capabilities of SD-WAN are especially relevant for retailers in order to easily isolate their POS systems, as well as other critical networks and data. Segregating the POS system from the rest of the network is highly recommended and considered a best practice.
Managed security and managed SD-WAN:
Managing both an SD-WAN and advanced security is simplified when combined, but can still be a lot to handle, especially in an environment where companies may be working with a reduced staff. Working with a service provider that has a broad purview of the threat landscape can reduce a threat before it even reaches the organization's perimeter. Threat visibility and management are a critical component in managed security services and can offer peace of mind in an environment where security threats are constantly changing.
SD-WAN with Security simplifies management with agile network design that enables organizations to transform in stages, allowing new and old networks to co-exist. This reduces the complexity and effort required to redesign networks, providing a smooth migration path for any deployment models, from flat networks to highly segmented ones. And as this migration advances, special security rules and policies can be applied to reduce risk along the way. Optimally, advanced security and network architecture can work in harmony to deliver a network with enhanced performance, exceptional user experiences, and reliable connectivity with a strong security posture.
Help defend your network against fast-changing and malicious attacks with the Comcast Business suite of cybersecurity offerings.