itb-au logo
Story image

The security challenges of SD-WAN - and how to defend against them

19 Apr 2018

The primary job of the WAN is connecting distributed users to the applications they need to their jobs.

However, applications have changed significantly over the past handful of years and this is why Silver Peak says in its recent report that software-defined wide area networks (SD-WAN) are a much better fit than traditional router-centric WANs - particularly for businesses pursuing a cloud-first strategy for application delivery.

An example of this is the fact that the majority of applications are no longer hosted in a regional/centralised corporate data centre, with the percentage dwindling as modern organisations continue to embrace the cloud in general and SaaS applications in particular.

Higher quality demands from modern applications, the Internet of Things (IoT) and big data apps which are stretching the boundaries in terms of the growing volume of data today’s WAN must be able to handle.

Silver Peak says the impact of these changes to the application landscape is that the enterprise WAN needs to change too. For example, traditional, private line connectivity options (such as multi-protocol label switching, or MPLS) and routing practices – backhauling, in particular – are clearly a poor match for cloud-apps, burgeoning amounts of internet traffic, and peer-to-peer interactions.

Some of the key shortcomings include the high cost of such network services and architectures, the negative impact they have on performance as well as the fact they are too rigid.

SD-WAN in comparison enables enterprises to leverage multiple types of network connectivity - including broadband internet services - when connecting users to applications. However, this brings in another problem and that is the number of security challenges and issues that are introduced by or associated with SD-WAN.

The use of broadband internet as a low-cost connectivity options is core to the SD-WAN value proposition, however, Silver Peak says the fact that broadband is ‘public’ and not ‘private’ means there is a need to ensure the confidentiality and integrity of application traversing such connections.

And of course, inline deployment of SD-WAN devices places them ‘in the line of fire’ so to speak – at least compared to the scenario where a traditional WAN optimiser is implemented in an out-of-path configuration.

Silver Peak uses the example of internet breakout, essential for enhancing performance and reducing the bandwidth (i.e. dollars) needed for backhauling - but also able to expose branch users and their local networks directly to the internet and its myriad threats.

This brings about the need to limit outbound destinations, block unwanted/unsolicited inbound traffic and filter allowed/expected traffic for threats. However, not all web applications are created equal, and some web traffic can expose the enterprise to viruses, trojans, DDoS attacks and other vulnerabilities.

“To implement such a policy, web traffic must be steered granularly to its correct destination. This requires identifying the application on the first packet because once an application session has been established, it cannot be redirected to an alternate destination without breaking the flow resulting in application disruption,” Silver Peak states.

“And because IP address ranges utilised by SaaS applications change almost continuously, address table updates must be automated and implemented on a daily basis.”

There are a number of other areas areas where security is applicable to the success of an SD-WAN implementation including:

  • Enabling applications with different security requirements to share the same physical connectivity
  • Enabling faster deployment and more efficient management – for example, with secure, automated provisioning of SD-WAN devices, automated security policy enforcement, and a secure management plane
  • Enabling consistent enforcement of an application’s specific security policies regardless of where that application is located, or accessed from

So how can a business benefit from implementing SD-WAN without exposing themselves to the risks? Silver Peak EdgeConnect is the answer.

The industry’s most complete SD-WAN solution, EdgeConnect provides enterprises with the flexibility to use any combination of transport technologies to connect users to applications – including public broadband services – without compromising application performance or security.

Click here to read the full report on the benefits of SD-WAN, potential security challenges and how to fortify against them with EdgeConnect.

Story image
Q&A: StorageCraft director on how backup and recovery has changed in 2020
Techday spoke to StorageCraft international product marketing senior director Florian Malecki, who discusses the importance of backup and recovery, the products and solutions that StorageCraft offers in this field, and the revenue opportunities partners can capitalise on. More
Story image
The cybersecurity risks that come with re-onshoring Australian manufacturing
As technology such as IoT, robotic process automation (RPA) and artificial intelligence (AI) reshapes the manufacturing landscape, organisations are simultaneously put at an increased risk of a cyberattack.More
Link image
The definitive checklist to distinguish a broken authentication system
An improper or insecure implementation of authentication is a critical web application security risk. This checklist will discern the good from the bad.More
Story image
VMware makes enterprise blockchain platform available
The solution provides an extensible and scalable enterprise-grade platform to unlock data silos and free up data to flow securely, privately and instantaneously.More
Story image
How Employer of Record helps companies expand to new markets around the globe
Using an Employer of Record allows companies to break into new markets and hire the talent they need quickly and easily — with all human resources, onboarding, paperwork, and legal compliance taken care of.More
Story image
ECI Software Solutions acquired by Leonard Green & Partners
"We are excited to welcome LGP as our new partner, and I am confident that this is the right choice for our future – and the future of our 1,700 employees and more than 22,000 customers.”More