Many organizations are making the move to SD-WAN to improve application performance and user experience. But it can be a mistake to rush forward without revisiting network security measures.
Software-defined wide area networks (SD-WAN) provide a virtual architecture that uses a central control function to direct traffic across any combination of transport services.
While SD-WAN offers performance gains, it also introduces new risks.“The biggest challenge is that traditional security solutions are no longer enough,” said John Maddison, Chief Marketing Officer and Executive Vice President at Fortinet. Effective SD-WAN implementation requires additional security within the enterprise infrastructure to protect it from threats.
Why a new approach to security is necessary
Traditional WANs use a “hub-and-spoke” architecture that funnels branch network back to the organization’s main data centre for filtering and security checks. The security tools for that environment weren’t designed for a distributed network.
If tools aren’t updated, security tends to be applied only at the gateway, and not to the edges. This reduces deep visibility into the network. In other cases, different tools are applied to various parts of the network, increasing complexity and introducing potential gaps to be exploited. Given the current gap in security skills this can be a disaster waiting to happen, said Maddison.
The easiest solution is to implement an SD-WAN with built-in security.
Advanced networking and security … combined
A single solution can provide both the networking and security across all locations on a single pane of glass. This allows enterprises to mitigate the risks associated with the new environment. As well, it easily integrates with whatever security solutions have been deployed elsewhere, whether it is in the cloud or at the remote network.
Fortinet’s Secure SD-WAN consolidates networking appliances into the FortiGate next-gen firewall which runs virtual network functions. This allows for consistent enforcement of policies to implement a single security strategy. It includes application protection, web filtering, sandboxing, network access control, SSL inspection, and solutions such as NGFW, IPS, and VPN to protect applications, workflows, and data in motion. These measures are necessary to detect and block malware and other web threats attacking distributed SD-WAN traffic.
“This is exactly where Fortinet Secure SD-WAN stars,” said Robert Potts, Business Development Manager at Integra Systems Corp. His company chose Fortinet because of its unified solution. “It gives you what you need to enjoy the full benefits of a digital revolution that’s now coming full-force. And this comes without any real cost to application performance or data security or end user productivity.”
Benefits of SD-WAN
While a significant advantage of Fortinet’s Secure SD-WAN is its integrated security, it also offers advanced features such as:
- Automated path intelligence: Prioritized application routing across network bandwidth based on the specific application and user
- WAN overlay: Responsive overlay VPN capabilities enable a better overall WAN experience for branch users
- Tunnel bandwidth aggregation: Per-packet load balancing and delivery by combining two overlay tunnels to maximize network capacity
- Automatic failover: Multi-path technology can automatically fail over to the best available link when the primary WAN path degrades
“You look at the WAN as the binding element across the enterprise architecture,” said Potts. “The WAN gives you that power to connect users, locations and applications. But you also have to have this automated — the WAN must have an elasticity to conform continuously to the always-changing needs or intent of the organization. This is where you would look closely at an offering like Fortinet’s Secure SD-WAN.”
Fortinet Secure SD-WAN is being used worldwide by companies in virtually every sector to achieve an optimal mix of top-shelf security and SD-WAN functionality, all in one solution.