SD-WAN security is the top priority for companies operating such architectures, according to a recent Gartner study. However, although the requirement is increasingly obvious, most SD-WAN manufacturers still offer only encryption (VPN) options. There is, admittedly, a minority that integrates some limited firewall functionality. But even so, it’s not enough, because, by adopting mesh network topologies, companies must ensure the protection of each workplace at a level similar to that provided by hub-and-spoke architectures at headquarters.
The migration to SD-WAN is fueled by the need for companies to provide direct Internet access to workstations, subsidiaries, and branches. This ensures fast and flexible access to resources – in on-premises networks, on the Internet, in third-party data centers, or in cloud environments – and the possibility for end-users to use distributed applications and cloud services in conditions of guaranteed quality and availability. However, from a security perspective, in this context, encryption is not enough. For example, last year more than half of malware campaigns used encryption to hide threats (according to Gartner). In such situations, workstations need to be able to inspect and filter traffic to block threats. However, in order to prevent risks, antivirus protection, Web filtering, Intrusion Detection / Protection, sandbox environments, etc. are also needed.
Limitations of the classical model of protection
However, all these requirements far exceed the usual “endowments” of the work points. The security solutions used by subsidiaries in centralized architectures have not been designed to meet current requirements. Their limitations are numerous and difficult to overcome: they do not provide visibility, they cannot monitor data flows and ensure user traceability, they do not share and correlate information about potential threats in order to block them in a timely manner, etc.
This means that, in order to benefit from protection, companies must invest in security solutions appropriate to the new requirements. It is not only an additional cost but also an additional effort for IT teams, which have to manage a complex, geographically distributed security infrastructure. For this, the protection solutions must be implemented, configured, and integrated both with the SD-WAN solution itself and between them and at the level of each subsidiary. The isolated approach complicates matters, especially when security policies and rules valid throughout the organization need to be defined and applied while respecting the specifics of each workplace. On the other hand, centralized management requires complex integrations, which requires time, money, and advanced skills, which few non-IT companies have.
The solution – integrated security
In addition, organizations’ attempts to protect workplaces by adding security solutions affect the efficiency of SD-WAN architectures, limiting their flexibility and agility. That’s why, to take advantage of SD-WAN, you need solutions with advanced native built-in security features that can be centrally operated and managed from a single console. This simplifies the installation/implementation and configuration of solutions at each work point, as well as the definition, updating, and orchestration of security policies. In this way, security can be dynamically adapted to the evolution of specific connectivity requirements, respecting the main objectives – ensuring the performance and protection of critical data, applications, and services, as well as cost control.
Fortinet Secure SD-WAN meets all these requirements, being currently one of the most popular solutions available, with an increase in market share of over 300% in the last year. The popularity of the Fortinet portfolio is mainly due to the performance, accessibility, and flexibility of the solutions, which allow covering a large number of usage scenarios. The main competitive advantage of Fortinet Secure SD-WAN lies in the integration of an extensive set of advanced security features, such as Next-Generation Firewall (NGFW), which ensures the protection of both workstations and headquarters. It is strengthened by the integration in the portfolio of a suite of dedicated solutions that allow centralized management of equipment, their remote installation, and configuration, application, and orchestration of security policies, detection, and analysis of security events, automation of supply and maintenance processes, etc.
Fortinet solutions can be the best answer if you are convinced that SD-WAN is the right solution for your organization, but you have security concerns. Follow us on social media, Datanet Systems’ Guide for securing Fortinet Software-Defined Wide Area Network systems will be available soon.