The promise of SD-WAN is that data traffic is routed around the world at lightning speed, in a secure manner and via the most intelligent route. All intended to work together internationally as one large organization and to serve customers. But will this promise be fulfilled? We believe that things can be done better and be done differently.
What is SD-WAN?
In the video Gabriel Zambrano explains what SD-WAN is and the advantages.
modern SD-WAN is safer
Security Impact with Traditional SD-WAN.
When it comes to dangers related to traditional SD-WAN solutions, it is good to recognize some security issues:
SD-WAN devices provide only limited firewall functionality. This results to missing security services like URL filtering, antivirus, IPS, SSL interception, malware detection and intrusion prevention.This requires additional functionality to be added, for example through service chaining or by installing a virtual NG firewall on the SD-WAN Edge device. In addition to the associated additional burden on the hardware, this also results in additional licensing and management costs.Service chaining also actually involves linked point solutions. It often proves difficult to achieve a seamless integration. Some service chaining solutions do not perform deep-packet inspection, such as Cisco Umbrella. You may wonder whether this is sufficient in the modern world of cybercrime. For example, what about protecting your external VPN users?
Is extra security on the SD-WAN-edge a solution?
Of course, you can choose to place an additional virtual firewall on an SD-WAN Edge device, for example a Palo Alto firewall. There are only three major drawbacks to this. Extra licenses include extra costs on top of the SD-WAN solution. Complexity will be added, even when you outsource, which isn’t intended. Finally, you may affect performance because the firewall virtual appliance shares the CPU with SD-WAN Edge appliance. This results in halving (or even more) the throughput of the SD-WAN device. Less speed, less central overview, less digital performance!
There may be another danger. The limited security functionality in your SD-WAN connects to external Cloud security services, such as Zscaler. It does not look at the bigger picture, the complete puzzle of the network. For example, what could happen between the traditional connection between the sites of international organizations and the data centers they use? There is a chance that there will be unsecured network traffic between location ‘A’ and ‘B’.
A modern SD-WAN
offers you much more!
A wrong focus? Sometimes easability wins from security
The focus of most SD-WAN providers is on the network aspect: smart routing for the best digital performance. You could see it as optimally facilitating the end user. However, whoever does this runs a certain risk; security may not be handled smart enough.
Choose a modern SD-WAN solution
There is room for improvement and must be done differently, especially since digital security is still a concern in many boardrooms. In a modern SD-WAN solution, the security is completely integrated into the network solution. That is done in an smart way. For example, when additional connections are required, the security is automatically adjusted. No longer sticking everything together with extra costs and performance issues, but simply opt for one integrated solution: IPknowledge OneWAN, based on SASE SD-WAN from CATO Networks!
Want to know more?
Contact us to discuss modern SD-WAN solutions
Why does SD-WAN need SASE?
Dit whitepaper beschrijft de voordelen van het gebruik van SASE.