Home Sponsored Announcements New SD-WAN edge enables more secure architectures

By David Hughes, CEO Silver Peak


One of my predictions for the wide area network (WAN) in 2018 focuses on how the new WAN edge enables improved security architectures. I believe there are three primary ways in which the new WAN edge will enable improved security architectures for enterprises building an SD-WAN.

First, there is no question that the volume of data and application traffic between the branch and the internet is on the rise, sometimes driven by personal activity but most importantly driven by the adoption of SaaS services. For years now enterprises have been hamstrung, forced to compromise by choosing between backhauling all internet-destined traffic across their MPLS network to a central firewall deployed in a data centre, or by deploying a firewall at every branch site.
In 2018, the new WAN edge will empower enterprises to make these decisions on an application-by-application basis. For instance, with an advanced SD-WAN solution network administrators can easily configure network policies to:
1.    Breakout guest WiFi and trusted SaaS applications directly to the internet locally at the branch

2.    Divert known personal-use applications to a cloud-based firewall service (sometimes called a web services gateway)

3.    Backhaul any unknown or suspicious traffic to a full security stack deployed at the data centre
Of course, this is just one example of how network policies can be implemented. The real power of SD-WAN orchestrated breakout is due to the ability to centrally define and manage the network policies that make the most business sense for each enterprise.
Policies enable network administrators to apply advanced UTM processing selectively to the traffic which warrants it, without having to deploy and manage expensive UTM technology at every branch. It also lets them test the waters and adopt cloud-based firewall services for a subset of their traffic. And, of course, it provides an elegant way of mixing and matching different security vendors’ technology by business unit or in some cases, by individual application.
Secondly, an SD-WAN can also improve an enterprise’s security posture by extending traffic segmentation across the WAN and into the branch. Micro-segmentation or zero-trust networking is fast becoming best practice in the data centre. Rather than letting any virtual machine (VM) talk to any other VM, data centre micro-segmentation relies on policy to establish which VMs can talk to one another.
As a result, if any VM is compromised, the damage and exposure is contained. In the same way, we expect that enterprises will use advanced SD-WAN solutions to separate traffic into segments at the branch (e.g. PCI credit card data, IoT traffic, internal web applications, external applications).
This segmentation can be extended across the WAN and controlled via central orchestration. By adopting a segmented SD-WAN architecture, enterprises are able to isolate the impact of any security breach, effectively augmenting their existing security stack with new network-level countermeasures.
A third way an SD-WAN solution can fortify security is by enforcing consistency across all remote locations.
In traditional networks, administrators have CLI access to individual routers and firewalls, and  often find themselves forced to make manual configuration changes to individual devices. Over time, the sum of all quick fixes made to individual devices conspire and lead to configuration drift – a situation where devices have configurations that appear the same superficially, but in fact have many small, easily overlooked differences that lead to pernicious issues and security holes that sap IT resources and require per-site debugging.
In contrast, with an advanced SD-WAN solution there is no need to touch individual devices. Policy and intent are established at the network level and automatically enforced by a central orchestrator. This eliminates error-prone device-by-device manual configuration and ensures that the network remains in compliance with policy.
In conclusion, if you are asked ‘How secure is your SD-WAN?’, it’s not about the number of UTM features or the number of exploits blocked by the SD-WAN device itself. Rather it’s about:
1.    How well the solution enables an enterprise to orchestrate the appropriate combination of local, cloud and data centre located security services based on each application’s requirements.

2.    Whether the solution can support policy-based segmentation of traffic and maintain that segmentation across the network.

3.    How well the solution enforces consistent application of network and security policies across the WAN.

At Silver Peak, we are excited about our partnerships with leading security vendors including Check Point, Fortinet, Palo Alto Networks and Zscaler, and remain committed to augmenting enterprise security with an orchestrated SD-WAN architecture that complements offerings from our partners.


Our Mesh WiFi system MW3 is the first in Australia market with price below AUD$200 for a set of three.

· Best valued product
· Strong signal covering up to 300m2 for MW3 and 500m2 for MW6
· Aesthetically pleasing and light weigh (blend into any room deco)
· Wireline backhauls supported
· Product units are pre-paired and easy to setup
· Not requiring phone number or email address to set up
· Wall penetration (better than other similar brands)
· Seamless WiFi roaming
· User friendly app with controls to setup a guest network, parental controls for disabling groups of devices you allocate to individuals, QoS and more



Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Popular News




Sponsored News