• Home
  • About
  • Consultancy
  • Contact

The New Dial Tone

Technology & Markets

Security and SD-WAN Integration

April 4, 2018 / in SD-WAN / Add Comment

Should you trust your SD-WAN vendor for security features?

Security SD-WAN

SD-WAN is interpreted differently by enterprise IT, vendors and service providers. Which “pure” SD-WAN features should be included in a solution, which additional services should come along with an SD-WAN service and what should be the level of integration of these services. All these differ based on the solution vendor and service provider offering it.

The service that is in the spotlight of this debate is security.

Next week, on April 12, I will be charring the SD-WAN and security related sessions at the Upperside MPLS+SDN+NFV World Summit, one of these sessions will be a panel I will moderate about security and SD-WAN. The main discussion points I will bring up to the panel participants will be around the need to integrate security with an SD-WAN service, should it be a best of bread approach using an SD-WAN vendor for the network related part and a security vendor for the security features or should it all come bundled as one solution from a single vendor.

Get my SD-WAN presentation from the Paris SD-WAN Summit

To kick-off this discussion, I asked the panel participant to provide their view on the following question:

How do you view security integrated with SD-WAN, do you think security should be provided by the SD-WAN vendor or by a security company (best of bread security and SD-WAN selection)? What are the pros and cons you see in each of these options?

Here are the answers I received.

 

Stuart Borgman, Director, System Engineering, Palo Alto Networks

A more fundamental question is what you are trying to achieve through security in your SD-WAN deployment? The cyber security threat landscape continues to change at rapid pace. Cyber security attacks are wide spread and can be read about in most national newspapers on a daily basis.  These threats take on many forms, with varying levels of sophistication. A successful cyber attack typically requires planning, where the attacker gathers intelligence before executing the attack.  The attacker will want to silently execute the attack, infecting the target without being noticed. Attacks can take on multiple phases; exploiting vulnerabilities in an application or operating system, malware execution, establishment of command and control channels and off course achieving the objective, such as stealing data or malicious damage. New attacks are continually emerging, some are new and some are mutations. Palo Alto Network Unit 42 Threat research team continually analyse cyber security threats and share latest threat intelligence information.

If the customer is buying a secure service, then their objective is to prevent a security violation. Building and designing the correct securityposture should be the primary objective. This means they need to be able to protect against both the known and unknown attack. Selection criteria should be based on the security requirements and whether it has the correct design and elements. Just because a device comes pre-installed with a security solution, it does not automatically mean it meets the correct security posture requirements. Recovering from a data loss can very expensive and this should not be forgotten when designing the security posture.

 

Rachna Srivastava, Sr. Product Marketing Manager, VeloCloud by VMware

The Complete Package: SD–WAN and Security  

SD-WAN is bringing about a new wave of transformation to networking and WAN management by delivering agility, scalability and operational efficiencies. A critical choice in the move towards this digital transformation is how critical services like security will be delivered alongside SD-WAN. SD-WAN delivers on the promise of reducing number of devices in an enterprise branch. For example, leveraging a uCPE (universal Customer Premises Equipment) to run network services including SD-WAN and security, to provide optimization and security from the same device. Customers can also choose to enable cloud-based security for their branches. To achieve this, the SD-WAN software must be able to efficiently and automatically connect to the cloud security provider, without manual intervention. End-to-end visibility is extremely important for any security solution, in the LAN, as well as across the WAN. As SD-WAN continues to evolve and grow, SD-WAN vendors must continue to partner with best-of-breed security vendors as well as incorporating embedded security to protect enterprises from increasingly complex threats.

 

Robert McBride, Head of Product Marketing, Versa Networks

Advanced security must be embedded with SD-WAN. The value of embedded SD-WAN and security provided by the SD-WAN supplier/vendor is simpler management and flexibility. The integrated and embedded approach by the SD-WAN vendor provides an inline and unified experience to networking and security while simplifying event correlation and business policies for networking and security associated to applications, users, devices and locations.

Pros of an integrated approach: One platform for all branch sizes. With embedded advanced security in the SD-WAN platform, operators can bind both security policies and application SLA’s policies and manage everything from a unified management platform.

Cons: Vendor selection is limited as the majority of  SD-WAN vendors only provide basic firewall or not at all, while vendors like Versa Networks provide both networking and next-generation security (NGFW/UTM) in the platform.

Pros of multi-vendor and security vendor function approach: Potentially leverage existing vendor for security and familiarity with existing security tool sets.

Cons: Higher cost and more complex architecture as most solutions are multi-layer and multi-appliance with separate tools for each layer (virtualization, SD-WAN, security).

SD-WAN Foundation

Closing notes

As can be seen, the opinions on this question differ, both on the level of integration and what should actually be included in the security part.

Will be an interesting debate, that’s for sure.

Next steps

 

 

Learn about the differences between MPLS, DIA and SD-WAN

Read my summary of the Dimensional Research survey

Never miss a post. Subscribe to TheNewDialtone

You may also like:

  • VMware Just Got a Networking BoostVMware Just Got a Networking Boost
  • Oracle Acquires Talari, Why SD-WAN and Why Talari?Oracle Acquires Talari, Why SD-WAN and Why Talari?
  • Survey Says: Security is Key in SD-WAN Deployment Decision ProcessSurvey Says: Security is Key in SD-WAN Deployment Decision Process
  • SD-WAN OTT Services Turning Telcos into PlumbersSD-WAN OTT Services Turning Telcos into Plumbers

Tagged With: MPLS, Network Security, NFV, Palo Alto Networks, SDN, Security, Upperside, VeloCloud, Versa Networks, VMware

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Subscribe by email
LinkedInTwitter

ABOUT ME

Amir Zmora

Amir Zmora

Blogging about new technology trends and their impact on markets and people.

read more
Follow @AmirZmora

Categories

  • IoT
  • Markets & People
  • Mobile
  • SD-WAN
  • VoIP
  • WebRTC Standards

© 2018 The New Dial Tone

Designed by Katika