The first software-defined WAN (SD-WAN) solutions that became available were primarily marketed to enterprises looking to reduce WAN transport costs. With SD-WAN, organizations can reduce their reliance on multiprotocol label switching (MPLS) services by creating a hybrid WAN that incorporates broadband Internet while still maintaining a high-quality experience.
As the market and technology evolved, SD-WAN was also seen as a means of facilitating branch office connectivity and centralizing WAN management. Remote sites can connect directly to the Internet, eliminating the need to backhaul web traffic over the corporate WAN. This further reduces costs and enables a better user experience by eliminating bottlenecks.
Direct Internet access, for all its benefits, also creates a new problem — security. Remote sites and users need robust protection against hacking attacks, malware and other Internet-borne threats. However, most SD-WAN solutions were designed to provide network functionality and only incorporate basic security controls, if any. This forces organizations to implement and manage separate security tools.
The Problems with a Piecemeal Approach
On the surface, this might not seem like much of an issue. Most enterprise data centers already have firewalls or secure web gateway appliances to prevent malicious Internet traffic from entering the network. Many also have intrusion prevention, URL filtering and threat intelligence tools to protect the WAN from attacks that bypass traditional perimeter security.
Branch locations and edge data centers are often a different story. As organizations leverage SD-WAN to improve connectivity for remote sites, they are faced with purchasing, deploying, administering and supporting additional appliances at each location. They will need to invest in high-performance security tools to avoid creating network bottlenecks. This increases operational complexity and the total cost of ownership of the SD-WAN solution, offsetting some of the savings in data transport costs.
Worse, it increases the risk that disparate tools will leave security gaps that hackers can exploit, or that a misconfiguration will leave sensitive applications and data exposed.
How Cisco Addresses SD-WAN Security
Cisco has taken SD-WAN to the next level by integrating its powerful security tools into its SD-WAN devices. Powered by Viptela and Meraki, Cisco SD-WAN devices now include an application-aware firewall, intrusion prevention and URL filtering. This makes it easy for organizations to embed enterprise-class security wherever it’s needed, from the branch to the cloud.
The security tools within Cisco SD-WAN leverage Cisco Talos, the industry’s most powerful cyber threat intelligence solution, to protect for users, devices and applications against both known and emerging threats. In addition, Cisco SD-WAN can be integrated with Cisco Umbrella, making it possible to block malicious destinations and files before a connection is ever established.
Cisco has also simplified management and consumption of these solutions. Both the SD-WAN technology and the security tools can be administered through a single pane of glass and purchased through a single license model.
SD-WAN solutions that lack robust security controls force organizations into a piecemeal approach that increases costs and management headaches. Cisco SD-WAN takes an integrated approach to better protect the network against today’s cyber threats.
