The increased adoption of cloud technology means enterprises are looking for network solutions for increasingly complex infrastructures. Many find that software-defined wide area networking (SD-WAN) helps them overcome the majority of their challenges, so unsurprisingly, the demand for SD-WAN is growing. Similarly, the number of providers offering SD-WAN is also rising.
SD-WAN allows for strategic routing of internet traffic to optimize bandwidth, but as not all traffic is routed the same, a new security approach must be adopted. Installing firewalls at every branch is a potential solution, although the expense of this approach makes it unrealistic.
These features inherent to SD-WAN create some distinct security advantages:
- The ability to set some security parameters at the application level
- Segmentation of traffic across the WAN, as well as into the branch
- Consistency in policy enforcement across the WAN
As you advance beyond these features, it’s important to carefully evaluate your SD-WAN provider, as some companies have begun to outshine their competitors with specific security features required for SD-WAN.
Appliance security: One of the three main things you should look for in your SD-WAN provider is a plan for appliance security. Ideally, you should have integrated, zone-based firewall coverage, which will limit the attack surface and block any unwanted incoming traffic.
While a firewall is a good start, it’s not enough to protect your critical appliances. Two-factor authentication is necessary to prevent any unauthorized devices from connecting to your SD-WAN. It should also only be a one-step process for an administrator to disconnect a rogue device should one infiltrate your two-factor authentication process.
Common Vulnerabilities and Exposure (CVEs): A common problem among SD-WAN vendors is the presence of CVEs, with some showing up in network tests more than a decade old. Monitoring is necessary to prevent third-parties from accessing your network and introducing old or new CVEs.
Physical access: It’s often overlooked that branch locations simply don’t have the same barriers to technology access that are usually present in IT headquarters. Whether it’s an administrator’s desk or a wiring closet multiple vendors have access to, it’s important to include measures to prevent accidental upgrades or tampering with physical equipment.
Physical access problems aren’t new with SD-WAN; they were already a challenge when traditional routers were in place. You simply need to ensure your SD-WAN provider is prepared to equip you with better security at your new solution.
To discuss adequate security strategies for your network solutions, contact us at Wanify. Whether you’re new to SD-WAN, or are interested in a more robust and secure configuration for an existing SD-WAN, Wanify is here to help.