Securing SD WAN
Over the last six to 12 months Katalyst has seen a large uptick in meaningful SD-WAN conversations with our customers. This reflects what the market trends are showing based on IHS Markit’s survey last year, which states that nearly 3 out of 4 respondents had conducted SD-WAN trials, many of which have already begun to move towards production trials and full production rollouts.
We haven't seen a technology being adopted and make such an impact in our market than SD-WAN has over the last year. There are many factors to this, but the big three that are initially driving most discussions and are addressed by most of the vendors in the market today are:
simplicity from deployment to management
an initiative to reduce operational expenses
The conversation begins to shift around security, and more specifically, protecting an increasing attack surface as DIA and broadband circuits are incorporated into the WAN and replacing private circuits. In many traditional WAN environments either Internet bound traffic is backhauled through data centers via private circuits and then out larger Internet circuits protected with perimeter firewalls with advanced threat and malware protection services, or if they have local Internet at these sites they have next-generation firewalls providing that perimeter security.
Many SD-WAN vendors tout security by providing encryption across the SD-WAN fabric and basic stateful firewalling features, however, they lack the more advanced security features built into the typical firewalls of today. In today’s security landscape, stateful firewalling cannot protect against the ever evolving threats, and next-generation firewalls are still a big piece of the organization’s overall security posture puzzle.
Without these advanced security features in an SD-WAN solution those perimeter firewalls are still required and introduce some implementation and management complexity back into the environment, while organizations are turning to SD-WAN for simplification.
Many SD-WAN vendors understand this and are making a big push to incorporate those features directly into their SD-WAN solution. Some are partnering with existing third party vendors to provide these features. Others are integrating their existing security solutions into their SD-WAN platform, allowing for a one-box solution to provide both SD-WAN and NGFW functionality while configuring and managing from a single pane of glass.
While evaluating all of the SD-WAN solutions in the market today it is important to understand how those solutions fit into your overall security posture and ensure you are not sacrificing your overall security posture and/or adding complexity and cost back into a solution that should be providing simplification and cost savings.