Many legacy WANs consist of disparate and isolated links which make consistent security policy enforcement nearly impossible. Vulnerabilities frequently occur due to security tools and products that are not used across all WAN links. A holistic configuration requires network security teams to individually deploy and manage security for each specific link—a process that’s not only resource-intensive but increases the probability of human error. As a result, businesses are shifting to more comprehensive security foundations for their WAN—SD-WAN, within an overall software-defined network (SDN) environment.
A next-generation WAN
What has become a highly effective approach for securing the WAN is to overlay software-defined WAN (SD-WAN) functionality to act as a platform to provide consistent management and comprehensive visibility. This method allows for consistent policy implementation and holistic use of security solutions across the WAN. A single network “image” reduces complexity and simplifies deploying better security. It also reduces potential errors or omissions that can occur when the network is comprised of links that must be secured individually. With a SD-WAN, network operations and security teams can ensure that there is documented and consistent use of security solutions and policies across the WAN.
The WAN is one of the most common attack points used by hackers to enter an organization’s systems and databases.
Securing your WAN
Secure WAN solutions require more than just the basics. There are several specific features and capabilities to look for when using SD-WAN and software-defined networking (SDN) to WAN security.
- Broad and effective encryption. The use of encryption to protect data in flight over public networks is the standard. However, with a highly siloed, legacy WAN, encryption can be difficult to implement and manage. The ability to support broad, integrated encryption across the SD-WAN provides an important security enhancement.
- PCI DSS-compliant service. One of the most important and useful standards to ensure and improve WAN security is a network that delivers Payment Card Industry Data Security Standard (PCI DSS) compliance. Many organizations that aren’t directly involved in using payment cards still rely on the PCI standard because it delivers documented protection. A network that delivers PCI compliance has undergone access control, process and documentation audits as well as penetration and other testing to ensure it is secure. In addition, these networks will support two-factor authentication (2FA) as part of the compliance regime. PCI compliance shows a network provider is serious about security.
- Next-generation firewall (NGFW) integration and delivery. Protecting the WAN at key locations or at the nexus of key traffic flows is essential. The best SD-WAN services will offer the ability to insert a physical or virtual NGFW to offer more protection at various points on the network. Using firewalls based on application flow is an especially important capability that many organizations will find improves their defensive posture.
- Pathway to unified threat management (UTM). Among the most important changes in the operational model for cybersecurity solutions is the movement to a single, unified security instance. These models often include NGFWs, gateway anti-virus and intrusion detection/prevention capabilities. Ensuring that the SD-WAN is designed to support UTM has become an important component of providing a truly secure environment.
SD-WAN and SDN provide a software-defined platform for managing, securing and operating the WAN that can dramatically enhance security.
1 https://cybersecurityventures.com/security-awareness-training-report/