How SD-WAN Impacts Cyber Security

Software-defined wide area networking (SD-WAN) is a way to add a virtual overlay to the network for improved network resource management and application performance. Bandwidth demands associated with cloud solutions often require a network upgrade, but many enterprises have questions around how SD-WAN impacts cyber security vulnerabilities.

People often think in terms of two options when it comes to SD-WAN and cyber security. They either believe that the use of IPsec offers protection of data in transit, or that because SD-WAN does not scan network traffic, it cannot be secure.

The truth is somewhere in the combination of these two views, because SD-WAN employs encrypted tunneling, such as IPsec, to isolate network traffic and protect it from attacks in transit. SD-WAN solutions do not, without additional security tools, scan for malware or other threats as traffic comes into the network, so there’s no vehicle for intercepting a ransomware email. 

Minding the Gap: On its face, this seems like a significant drawback to an SD-WAN installation, because edge devices also have their own cyber security challenges, and like any software, SD-WAN comes with some basic vulnerabilities.

In general, SD-WAN cannot be labeled as any more or any less secure than a traditional WAN. Like a WAN, it requires additional security. No network can be considered a security tool that can determine which traffic and sites should be trusted.

Finding Better Options: Many providers are now offering secure SD-WAN, which means that there is a traffic screening feature applied at the network edge. This can be a cloud-based solution that includes threat modeling, digital firewalls, and other tools that scan network traffic before it is allowed to be transported over the WAN.

Cloud-based solutions for network cyber security allow enterprises to deliver more efficiency to the network, without the drag of heavy, appliance-based security that tends to eliminate some of the benefit of installing SD-WAN. A cloud-based security scan won’t impact the speed of network traffic.

By contrast, the installation of appliances at each branch office can slow SD-WAN adoption, as well as limit the benefit of SD-WAN like touchless provisioning and configuration. With so many organizations moving to remote work, network teams value the ability to install network solutions through a virtual overlay.

Flexible Options: Centralized versus distributed security is one of the important considerations as teams work out measures to reduce vulnerability. SD-WAN offers the advantage of flexible configurability, allowing enterprises to decide that some offices will require a centralized approach while others might benefit from a more distributed configuration with cloud-based solutions delivered at the edge. Network teams are able to choose the best approach depending on the traffic they are experiencing.

SD-WAN offers multiple advantages over the traditional WAN, including cost-effective bandwidth management and traffic segmentation and prioritization. With the right approach to cyber security, it’s a networking approach that can simplify the provisioning of resources in a cloud environment. Contact us at One Connect for more information.