SD-WAN Security Solutions

Cisco SD-WAN Security Solutions

Gartner predicts that by 2023, 93% of organizations will be doing some form of SD-WAN for the WAN edge. The reason for this disruption are obvious. Organizations can save money by not being as reliant on private circuits, providing better application performance with intelligent monitoring and steering and simplified management with orchestrators and zero-touch provisioning. But with all of these moving parts come old and new security concerns.

In order to secure the SD-WAN, first thing to realize is a not all SD-WAN is created equal. With the explosion of Cisco SD-WAN Security Solutions over the last few years, we’re seeing more and more vendors incorporate SD-WAN as a feature into their existing product offering.

That means that we have an influx of traditional networking when optimization and security vendors who are now competing with the pure-play SD-WAN vendors (e.g. Cisco SD-WAN). While this means more options for the consumer, you also have an abundance of SD-WAN vendors to pick from with varying levels of proficiency.

The security offerings from the various vendors can be grouped into three general categories: Cloud-based, Third party integrators or built-in security.

SD-WAN cloud-based security means the SD-WAN devices is not doing any local inspection and instead it offloads all the packets that require inspection to a cloud service. That means that for every packet that needs to be inspected, the SD-WAN device is forwarding it off to a cloud for security inspection.

Third party integration usually comes in the form of service chaining using VMs server chaining is an SD-WAN terminology to describe multiple virtual services working together within a physical box. In most cases SD-WAN would provide the networking service while the security vendor would provide the security services.

All this happening on the same physical box using a hypervisor and an SD-WAN controller (e.g. Cisco vManage). Built in security offering means a security inspection is happening in the SD-WAN appliance itself. These are generally traditional security devices like a UTM or next-gen firewall they have SD-WAN Security Solutions as a feature.

All three options have their pros and cons but from a security perspective there’s one option that you should only use as a last resort, and that leads us to the first item on our list number.

0