SD-WAN Security

Overview

One of SD-WAN’s strongest capabilities is the remarkable ability to ability to secure unreliable Internet links and identify anomalous traffic flows and to bolster this strength, most vendors and SD-WAN technology providers are continuing to increase their native security features and to create robust ecosystems of network-security partners.

However, Newer threats are on the rise, all related to SD-WAN, which has inadvertently created new attack types with the utilisation of direct internet access that upends the current security model and paves the way for an influx of ransomware, APTs, viral worms, and other malware.

Given that with everything happening lately from massive data breaches at gigantic global enterprises to terrifying ransomware attacks that infect hundreds of thousands of users within mere days, it’s well established that corporations these days are dealing with more threats than ever before – all of which are increasing in abundance, frequency, and complexity.

Solution

So, what’s the solution?

SD-WAN is secured by nature with all its native support for:

Authentication for all solution components (Controllers, Management, and edge devices)
Certificates Authority
End-to-end encryption using IPSec (this is optional)
Segmentation on a per-application or organisational level (using VPNs)
other techniques such as TLS, whitelisting, …etc

Vendors are relentlessly enhancing and building upon these perks.

From your side as a system administrator or engineer is to make sure you apply all security measures like:

Mandate Authentication using CA
Secure management and control planes
Deploy RBAC to control user access, and privileges
Enforcing policies
Identity Management
Additional Security Measures:
- set up strong credentials
- firewalls and security ecosystem provided by a reputable 3rd party.
- multi-factor authentication

Here are some examples of security ecosystems created by selected SD-WAN suppliers: