SD-WAN technology offers numerous benefits, such as greater agility and lower transport cost. But how do you address security once you move traffic off a structured, private MPLS VPN and onto public broadband links?

Here are five tips to ensure that your SD-WAN will always be resilient and secure.

1. Integrate SD-WAN security into your organization's overall security architecture

Many enterprises make the mistake of treating SD-WAN security separately rather than as a key element in their overall enterprise security strategy."Most organizations look at SD-WAN as a connectivity tool that provides a level of data encryption," observed Amit Bareket, CEO of network security technologyproviderPerimeter 81. "However, SD-WAN solutions commonly don’t protect the security of the data, which exposes your organization to security risk."

To lock down SD-WAN traffic, organizations, and their security teams should develop an approach that integrates policy-based control rules that are designed to monitor data traffic with a holistic SDN managed detection response model, Bareket advised."By putting security first, it provides another layer in the fight against holes in your organization’s network," he noted.

2. Don't view your SD-WAN as a traditional network technology

It's a mistake to view SD-WAN security in the same context as a traditional physical network, which automatically places certain constraints on data flow that don't apply to SD-WANs."For example, with a traditional network, you have to consider the traffic patterns and bandwidth requirements," explainedKowsik Guruswamy, CTO of cybersecurity firm Menlo Security."This will determine where and how you enforce your security policies." But with an SD-WAN, the Internet is the network, so the constraints that apply to traditional networks simply don't exist.

Read more: WAN MPLS

3. Don't tie security to a single vendor

An enterprise’s security needs evolve over time as the network infrastructure expands and new threats arrive. Having the flexibility to migrate to alternative security solutions quickly and cost-effectively as attack vectors appear while retaining the basic SD-WAN investment, is a valuable ability. Unfortunately, some SD-WAN vendors effectively lock-in customers to a single proprietary security stack."As a result, [they] don’t offer flexibility for the future, nor the flexibility to work with an existing [enterprise] security infrastructure," noted Karl Brown, senior director of VMware's VeloCloud business unit.

4. Don't rely on legacy firewalls

With traditional WANs, branch traffic is either backhauled to the enterprise data center, where it may be processed by a legacy firewall, or there may be a legacy firewall deployed at the branch that's maintained separately from the edge router."This can lead to several issues, such as expensive bandwidth, heavy performance penalties, unpredictable application performance, and unnecessarily complex branch IT management,"Brown said."With SD-WAN, enterprises can more efficiently hand off traffic to cloud and SaaS tools via cheaper Internet access services or utilize cloud-hosted gateways that peer with cloud and SaaSproviders."

However, when deploying SD-WAN access at branch locations, enterprises must take additional security precautions, since connecting to the Internet creates a broader attack surface."The best approach to mitigate this new security risk is to leverage the power of the cloud for threat detection and mitigation," Brown advised. He also suggested adopting a unified management approach, incorporating templatized policies and auditing, and integrating networking and security at each branch."Taken together, an enterprise can efficiently implement and maintain a consistent advanced threat management strategy," he noted.

5. Properly position the SD-WAN appliance

Many SD-WAN adopters accidentally bypass their firewalls, either by deploying the SD-WAN appliance behind the firewall or bypassing the firewall while troubleshooting and/or configuring the SD-WAN box, explained Brendan Patterson, vice president of product management at network security firm WatchGuard Technologies."In this scenario, the organization has no security at all, which puts them at a high risk of malware infection," he observed.

Posted by: Jack prabha at 01:40 PM | No Comments | Add Comment
Post contains 619 words, total size 5 kb.