SD-WAN Featured Article

Why SD-WAN is More Secure

December 09, 2016

Security – it’s what we all want in our networked worlds to ensure the information we’re transmitting isn’t being put at risk. With Wide Area Networks (WANs), the opportunity for breaching vulnerabilities is too great, driving demand for access to better options. Now, enterprise security boundaries are being tested and the demand for access to SD-WAN is increasing.

A recent brief from SD-WAN solution provider, CloudGenix explores how the adoption of Internet links for WAN transport, and the popularity of direct Internet access is challenging the old practice of securing the network at a centralized DMZ. As branch locations are increasingly targeted for vulnerabilities, simply placing a firewall at each branch is not only complex, it’s costly. As such, companies need a different approach to protecting the network.

One alternative is the deployment of CloudGenix ION software at each branch. The ION nodes are designed to establish secure peer-to-peer channels to form a fabric across the hybrid WAN. The ION central controller is then used to define application security policies. These policies are then applied at each branch to dynamically protect the changing WAN perimeters of the network.

Traffic moving between the ION nodes is encrypted with the use of dynamically rotating security keys. This process creates a fully secured network fabric that operates independently of the underlying transports. The hybrid WANs are then instantly secured. The central ION controller is also used to define secure contexts based on apps and user groupings. The traffic in each context is encrypted and isolated from all other contexts. Low-level routing-based segmentation is no longer needed.

The built-in application firewalls inherent in the ION nodes and policies derived from secure contexts defined at the ION controller add even more value. Applications are then auto detected by each ION node, which then triggers activation of the associated security policies. No extra configurations are needed to dynamically adjust the WAN security perimeter.

ION nodes can also redirect application traffic to the closest security service node, according to context policies. Security functions are then instantly enforced across the WAN perimeter without the need for additional devices at each edge location. As companies are increasingly working remotely, secure access is critical.

Hybrid WANs are based on SD-WAN, or software-defined networking in order to dynamically adjust to a changing WAN perimeter. As a result, application-defined security policies are applied where and when they are needed. 

Edited by Maurice Nagle