How SD-WAN Adds Depth to Legacy Network Security

Whenever you need to make a change to a traditional wide area network (WAN), there are bound to be complications. In addition to taking months to deploy, legacy WANs are static and expensive to manage. Technical teams face uphill struggles in simply keeping them functional, much less modifying and securing them against threats.

SD-WAN for Improved Security Management at the Edge

How do hub-and-spoke networks stack up against software-defined WANs (SD-WANs) when it comes to security management, particularly at the network edge? If you are thinking about making the upgrade, here's what you should know about their differences in specific areas:

Security Policy Management

Have you ever calculated how long you spend managing different security devices at the WAN edge? Such activities can consume a majority of the typical IT department's time, leaving little left over for integrating cloud applications and pursuing other upgrades. Complex management also increases the likelihood of making a mistake or having to rely on expensive on-site vendor visits. With SD-WAN, security infrastructure is more streamlined and easier to oversee.

Performance and Protection for Cloud Connectivity

SD-WAN solutions eliminate the "double hop" for Internet traffic during forwarding, a common encumbrance of old-fashioned WANs. At the same time, they help secure the direct-to-cloud connections increasingly important to today's organizations. Integrations with platforms such as Zscaler enable the safe support of SaaS applications and other cloud-based resources.

Branch Office Strategy

The simpler security infrastructure of SD-WAN enables nimbler branch office upgrades. Reduced edge complexity ultimately saves time and money in making sure both cloud and on-premises applications at every site are as secure as possible against threats.

A Deeper Look at SD-WAN Features for Security

What specific security-related features does an SD-WAN employ in delivering these benefits? A few of the most prominent include:

Dedicated Pathways for Data

In 2016, flaws in multiple network management systems (NMS) temporarily exposed countless enterprises to cyberattacks. While quickly patched, these vulnerabilities revealed the growing risks to application/data flows from NMS. An SD-WAN from Talari Networks will securely transport apps and data over different paths than NMS traffic, which itself is isolated and encrypted. SD-WANs can be secured with AES 128- and 256-bit keys as well as other techniques such as cipher block chaining.

Network Security Firewall Services

In the past, network security firewalls were one of many appliances that greatly complicated branch office strategies, since the equipment often varied sharply from one site to the next. Next-generation firewalls (NGFWs) are a better fit for distributed WANs and encourage simpler infrastructure. A Talari SD-WAN can be overlaid on legacy networks (including their firewalls), run native network security firewall services or connect to virtual NGFWs from Palo Alto Networks via service chaining.

Straightforward Cloud Security

Cloud applications have become integral to everyday operations but it's critical to avoid the often significant performance penalties that require additional security appliances as the network scales. The aforementioned integration with Zscaler allows for secure Internet breakouts via SD-WAN tunnels into safe cloud gateways.

This is just a sampling of the SD-WAN benefits for security in a Talari Networks solution. Learn more by scheduling a demo.

Categories: IT Challenges, Network Reliability, Business Agility, Internet as WAN (MPLS Alternatives), Hybrid WAN