How to Increase Network Security with SD-WAN

AJINKYA BAGADE | August 31, 2021

Network security today is losing the battle and a lot of it is blamed upon the traditional security devices. Imagine running next-gen IT Infrastructure secured by security tools made to secure legacy IT.Data breaches have increased substantially and IT professionals are continuously looking at new ways to improve their network security. In this scenario, SD-WAN emerges as one formidable option to implementthat will bolster your network security.
 

Table of Contents:
- What is SD-WAN?
- How does SD-WAN work?
- What are the main benefits of SD_WAN to network security?
- What are the other advantages of SD-WAN?

.
Let’s dig into it.

What is SD-WAN?
SD-WAN stands for software-defined wide area network (or networking). A WAN is a connection between local area networks (LANs) separated by a substantial distance—anything from a few miles to thousands of miles. The term software-defined implies the WAN is programmatically configured and managed. So, it can be easily adapted quickly to meet changing needs.


How does SD-WAN work?
An SD-WAN connects end users to virtually any application, hosted at any location (e.g., in the public cloud or a company data center), via the best available or most feasible transport service, whether that’s an MPLS (Multiprotocol Label Switching), broadband, cellular or even satellite internet link. To deliver this level of flexibility and performance to users in digital workspaces, an SD-WAN utilizes a control function that continuously analyzes traffic flows across the WAN and intelligently directs traffic in accordance with current policies.

Centralized control
The primary means of control in an SD-WAN is centralized. It often resides in a SaaS application running on a public cloud. Control is decoupled from the hardware to simplify network management and improve the delivery of services. SD-WAN appliances (and virtual appliances) follow operational rules passed down from the central controller. This greatly reduces or eliminates the need to manage gateways and routers on an individual basis.

Multi-connection, multi-transport
SD-WAN gateways support hybrid WAN, which implies that each gateway can have multiple connections using different transports—MPLS, broadband Internet, LTE, etc. A virtual private network (VPN) is typically set up across each WAN connection for security. Consequently, the SD-WAN can be an overlay spanning a diverse communications infrastructure.

Dynamic path selection
Another feature of SD-WAN is dynamic path selection—the ability to automatically and selectively route traffic onto one WAN link or another depending on network conditions or traffic characteristics. Packets may be steered onto a particular link because another link is down or not working very well, or to balance network traffic across all available links. SD-WAN can also identify packets by application, user, source/destination, etc. and send them down one path or another based on those characteristics.

Policy-based management
Policy is what determines where dynamic path selection will steer traffic and what level of priority (quality of service, or QoS) it is given. Business intentions can be implemented as policies via the central management console. New and updated policies are translated into operational rules and downloaded to all SD-WAN gateways and routers under control.

For example, to ensure the best performance for VoIP and interactive web conferences, a policy may be created by giving their packets transmission priority and routing them onto low-latency paths. Cost savings can be realized by sending file back-ups across a broadband Internet connection. WAN traffic that requires a high level of security can be restricted to private connections (e.g., MPLS) between sites and required to pass through a robust security stack when entering the enterprise.

Service chaining
SD-WAN has the ability chain itself together with other network services. WAN optimization (acceleration) is often combined with SD-WAN to improve network and application performance. Internet traffic leaving and entering a branch office may be routed across a VPN to a cloud-base security service to strike a balance between performance, security, and cost.

Read more: GET THE MOST OUT OF YOUR SD-WAN: FEATURES YOU NEED TO START USING TODAY

What are the main benefits of SD_WAN to network security?

Eliminate VPN concerns

One of the first areas in which SD-WAN impacts security is when a company uses the internet as a method of transport.

 

Before SD-WAN came along and companies were using internet as a backup or even a primary transport method, they would build a VPN or a DMVPN to ensure secure transport of their traffic. This introduces a couple of issues, the first of which is this proliferation of VPNs that has to be managed. The company must have firewalls sitting at their data center, along with a VPN device or firewall sitting in the remote locations to be able to do these VPNs. Every site is dependent on the effort to be up on the network.

- Hamza Seqqat, Director of Solutions Architecture, Apcela


Failover is an issue with this VPN approach, he said. Companies can’t seamlessly failover from a fiber-based type of transport without having to strike some keys in between. It's hard and expensive to do seamless failover.

“Now you don't have to have firewalls for VPNs. You don't have to worry about building your own VPNs or encrypting your traffic,” Seqqat said. “Every SD-WAN product comes with a controller that takes care of things seamlessly. That means there is this smart software-defined engine that builds all these IPsec tunnels between all the locations as soon as you plug the device in. You're not actually having to build a VPN—the controller does it automatically for you, so all you have to do is give the device an IP address or enable DHCP and let it pick an IP address from the DHCP server. Suddenly it's on the network and its building tunnels to all the sites.”

He added that the SD-WAN controller builds a full mesh, so it can talk to every one of the sites without having to go back to the data center. This feature alone can reduce a company’s security footprint significantly because the site-to-site traffic becomes secure, easy, and seamless.

Reduce traffic going through security

A second significant benefit of SD-WAN that impacts security strategy is that it reduces the amount of traffic that needs to go through security parameters because all site-to-site traffic is encrypted. This makes security a bit easier to manage.“For a lot of companies, when they do VPNs for site-to-site traffic, they have to go through firewalls or some kind of encryption mechanism, and that increases their security footprint. It increases the complexity and the cost of security,” Seqqat said. “SD-WAN changes how traffic is routed through security.”

Seqqat gave an example of a site that has a gig worth of bandwidth, and out of that gig of bandwidth, some traffic goes to the internet and some goes to site-to-site.

“Without SD-WAN, generally you would have to run that whole gig through a firewall, and the firewall will split the traffic into what goes to the data center and what goes to the internet,” he said. “When you do SD-WAN, you don't have to do that. You can separate the traffic at the SD-WAN with a split tunnel, so you take half of the traffic and push it through the firewall to go to the internet and the other half goes straight site-to-site without having to go through a security parameter. Now you have a firewall to handle 500 megs as opposed to a gig, and that makes a huge difference because most security products are based on throughput and utilization. So, that can bring some cost benefits and ease management as well.”

Security inherent to SD-WAN

A third area where SD-WAN changes security strategy is the fact that certain security features can be implemented directly through the SD-WAN platform, which reduces costs and complexity in the actual security platform.

“This depends on what aspects of security you're talking about,” Seqqat said. “For example, security is included in the Silverpeak SD-WAN product, so the Silverpeak devices really do most of the security for you. You don't have to deploy another firewall on top of that. With Versa’s SD-WAN, you can virtualize the firewall, so there’s no need to deploy physical firewalls.”

For sites that simply need very basic security, SD-WAN has some inherent security capabilities. It can do things such as allow and deny certain sites and limit traffic that goes to certain sites.

 

When you look at most SD-WAN products, you can usually kind of steer toward one or another based on your security requirements. Deploying SD-WAN in itself can really eliminate the need for security at several locations or extend the security you have been using.

- Hamza Seqqat, Director of Solutions Architecture, Apcela


Simplify use of security platforms

In his final point, Seqqat said SD-WAN providers are making a lot of progress in partnering with both cloud security providers and cloud service providers. By making traffic encrypted and secure via SD-WAN, security platforms will only have to deal with public internet traffic.

“SD-WAN providers are really working towards partnering and certifying different security products,” he said. “Consider Zscaler as an example. Some SD-WAN products automatically route all your traffic through Zscalar, which does a cloud-based security parameter before it goes out to the internet or to cloud service providers.”

Seqqat said the most important part comes in the fact that Zscalar is distributed across 35 or 40 data centers that are all security parameters.

“Making that routing decision as to what data center your traffic goes through before it goes out to the Internet is extremely important to performance,” he said. “If your Office 365 instance is hosted in Seattle and your users in Europe are trying to reach that, which Zscalar data center the traffic is going to go through before it goes through the Seattle instance of O365 makes all the difference in what latency is going to be at round trip.

“SD-WAN provides somewhat of an automation and optimization of how traffic goes through Zscalar data centers based on performance metrics. SD-WAN can pull latency and jitter and packet loss and all that kind of stuff, so there is some intelligence that happens when a routing decision is being made as to where user traffic is going to go for security scrubbing or security features before it goes out to the cloud provider or to the Internet. That’s a huge feature that comes into play whenever you deploy SD-WAN.”

Read more: FOR SERVICE PROVIDERS SD-WAN IS A MIXED BLESSING

What are the other advantages of SD-WAN?

SD-WAN has many advantages when implemented well:

More predictable and reliable application performance, which helps support users in any digital workspace, across all connections. Superior connection security for cloud applications, without the performance tradeoffs of MPLS backhauling. Congestion reduction due to lack of bandwidth or brownouts with aggregation of bandwidth via multiple bonded and disparate or redundant links.

  • More reliable access to apps and fewer slowdowns due to congestion.
  • Resiliency and redundancy with fast failover when outages impact WAN connections.
  • Quality of service for prioritizing business-critical application traffic.
  • Fast deployments that fuel business agility when bringing applications online at a branch office, or simply changing the configurations. Zero-touch provisioning allows fast set up of sites in minutes with local staff instead of hours or days.
  • Reduced network transport costs and more flexibility through the use of MPLS-alternatives like broadband and cellular. Quick procurement of bandwidth from multiple transport services, contrast to the long lead times needed with legacy WAN carrier-based technologies.
  • Simplified administration with a centralized console eliminates the complexity of configuring edge devices in the field.
  • Deep SD-WAN analytics to monitor links for performance characteristics. Analytics benefit administrators who can use them when troubleshooting problems across the WAN.
  • Simpler branch office infrastructure that doesn’t require management of as many single-function devices
  • Intelligent traffic steering and dynamic path selection
  • Integrated security with leading 3rd-party solutions, including those for SaaS security


Conclusion

Interest in SD-WAN among organizations is on the rise, and we hope to see a tremendous rise in its adoption in network security strategies over the next few years. Vendor selection will be one of the factor for successful implementation of SD-WAN, as many are quickly developing new and effective software-defined platforms. An ideal vendor would be the one who effectively addresses your specific pain points and is able to meet your current as well as future requirements.

Read more: SD-WAN SECURITY: THE IMPACT OF ORCHESTRATED SERVICES MULTIPLICITY

Spotlight

Network for Learning (N4L)

Network for Learning (N4L) connects more than 2400 schools across New Zealand to fast, reliable, safe, uncapped internet via our Managed Network. The service is fully funded and managed for schools, allowing every student and teacher seamless access to the internet, regardless of where they go to school. We work alongside government, education and technology partners to help schools get the most from digital connectivity.

OTHER ARTICLES
5G

5G with AI: The Future of Business Has Arrived

Article | May 13, 2022

The cloud, robotics, automation, and digital technologies are indispensablefor efficient, adaptable, and dynamic business operations. Artificial intelligence and 5G have evolved to become two of the most revolutionary technologies of the decade. While 5G and AI are capable ofindependently revolutionizing industries and facilitating future experiences, combining the two will be ground-breaking. The combination of AI with 5G mobile technology has the potential to transform business and society, paving the wayfor new products and services that were previouslyunimaginable.So, let’s check out how AI and 5G can revamp and upgrade businesses. AI with 5G: Making Network and Devices Better Using AI on 5G networks and devices will enhance wireless communication and battery, and most importantly, improve the user experience. With the help of machine learning, you can now focus on major wireless issues that are tough to tackle with traditional methods. The wireless industry has been talking about the ways in which AI can improve 5G networks.AI will significantly impactthe fundamental aspects of 5G network management, including efficiency, deployment, service quality, and security. One of the less-discussed aspects is how on-device AI will enhance the 5G end-to-end system. Radio frequency awareness (RFA) is at the center of 5G improvements and AI's involvement in the process.Instead of a hand-crafted algorithm, machine learning can decipher the device's RF signals. Improved radio awareness increases device experience, system performance, and radio security. Embracing 5G for Future Telecom & Business Operations The fifth generation of mobile technology comes with many use cases that are enough to completely transform almost every industry. As the world gets ready for a substantial transformation, it's important to know what they are and how they can help your business. Presently, 5G is driving three significant global trends. 5G technology will alter connected devices by driving consumer adoption, making them smarter, and making large-scale device integration easier. Cloud and edge computing depend on accessibility, and 5G will make cloud and edge computing more powerful and accessible than ever before. As 5G allows algorithms to be much more efficient at collecting and analyzing data at scale, AI becomes more accessible and fundamental for businesses powered by 5G. This can be considered a scientific and ethical endeavor. PartingThoughts Like any new technology, there is indeed a lot of hype around 5G's debut. 5G and AI are two synergistic, necessary components driving future advancements. Those whocombine these technologies will have a competitive edge and the opportunity to build future forward brands.Businesses that adopt 5G will not only witness revenue gain but will also emerge as an influential player in the future.

Read More
BLOCKCHAIN AND CRYPTO

Blockchain in Business: A Technology for Success

Article | May 11, 2022

Blockchain technology has the potential to transform the way businessesoperate.As a result, it has gained tremendous momentum and is no longer the utopian dream of a few crypto enthusiasts. According to a Deloitte report that surveyed more than 1300 senior executives worldwide, 53% said blockchainin businessis a priority. Also, PwC highlights thatblockchain alone can add $407 billion to the GDP of the USA by 2030. Blockchain is cementing its position in the market and is expected to be worth $163 billion by 2027, according to Statista. The time has come for digital businesses to harness the power of decentralization and incorporate it into their everyday processes. You simplycan’t lose out on the business opportunities that this technology has tooffer simply because you are living under a rock. In this article, we will discuss how using blockchain for business can make a huge difference in your business process. Let’s first begin by looking at the challenges faced by traditional business models. Challenges Traditional Business Models Face A growing business encounters several challenges, and different problems demand different solutions. Mentioned below are some of the challenges that traditional business models often encounter. Time-Consuming Processes In a business operation, all processes function as separate entities. Teams often find themselves looking for, gathering, and analyzing the same data to make decisions. As a result, the teams must rely on a lot of third-party intermediaries to runtheir business processes smoothly. This adds to the time and complexity of the processes.Use of blockchain technology can help to effectively do away with this challenge. Lack of Security Data security is another area of concern that can be taken care ofby storing data on the blockchain. Data that is storedin the cloud or a centralized storage facility, is vulnerable to security breaches. The traditional business ecosystem, data, and stakeholders are unprepared for the considerably more intelligent and ever-changing hackingtechniques. As a result, important and confidential data can get breached and compromised. Payment Barriers Payment transactions are often more complicated, time-consuming, and costly due to the diversity of currencies and parties involved. Blockchain technology promises to make processing payments and other transactions around the world faster, safer, and cheaper by getting rid of the need for mediators like correspondent banks and clearing institutions. Payment barriers are another problem that the adoption of blockchain business models can ease. Shoot-up Your Business Growth with Blockchain Technology Blockchain in business is aiding the transformation of business across industries all around the globe. Blockchain is transforming supply chains, banking and financial services, healthcare, government, retail, and other industries. Here are some statistics that demonstrate blockchain's significance in strengthening industries: The financial sector contributes to around 30% of the market value of blockchain. (Statista) By 2028, the value of blockchain in healthcare will be $1189.8 million. (Vantage Market Research) By 2026, the value of blockchain in agriculture and food will be $1.48 billion. (BIS Research) In 2022, the blockchain market in the manufacturing industry will be worth $85.64 billion. (Globe Newswire) Accelerates Your Business Processes Blockchain is taking a central role in the ongoing digital transformation process. In digital transformation, time is one of the most critical factors that keeps you ahead of the curve. Moreover, business operations that use a blockchain to store and transfer data provide high levels of security. On this basis, you can create completely automated transactions in various business domains. This method is not only dependable and safe, but it is also exceedingly fast. Improves Your Online Security Encryption and validation are two significant advantages of mainstreaming blockchain technology. Every operation and communication that happens online will be encrypted. It protects against data alteration. Due to its distributed nature, you can verify that no one has altered even a bit by checking signatures across all nodes. Blockchain in business will be helpful for storage, private messaging (between companies/clients or friends on social media), safer DNS, and IoT security. Blockchain use in business will enhance cybersecurity, but this transformation won’t happen overnight, it will take years before it impacts the ways in which we use the internet. Eases Online Payments While online transactions are safer than ever, users' data is still at risk. However, this decentralized platform can make payments transparent and tamper-proof in the financial ecosystem. Decentralized blockchain technology protects data. Simply put, it allows you to make payments without a payment processor. Blockchain technology protects financial transactions by removing central points of failure and minimizing errors. This helps in saving time and money. In addition, blockchain technology ensures that transactions remain unaltered and only those involvedcan see the history. A Game-Changer in the Supply Chain & Logistics Anything that can conceive of as a supply chain, blockchain can vastly improve its efficiency - it doesn’t matter if it’s people, numbers, data, money.” - GinniRometty, CEO of IBM. The integration of blockchain simplifies supply chain and logistics work. The blockchain's decentralized nature ensures maximum transparency in every transaction in the supply chain, from raw material purchase and manufacture to distribution and sale of the finished product. At a minimal cost, each transaction can be promptly and readily documented on the blockchain. There are very few risks this way, because the final buyer can track a product's origin along the whole supply chain. Reduces Operational Cost Blockchain-based smart contracts are a boon. Businesses can make and receive online payments through some set guidelines. Brokers, escrow agents, and other intermediaries are excluded through smart contracts. Smart contracts are self-executing programs that safeguard the interests ofall parties. These contracts use unbreakable cryptographic code and automatically implement contract terms. Lastly, smart contracts keep track of all consumer, worker, and stakeholder activities. Many global corporations use smart contracts to perform essential HR and administrative tasks. What Does Blockchain Mean for Entrepreneurs? Blockchain technology is so much more than just a technology used for cryptocurrencies. For a commoner, whenever we talk about blockchain, the first thing they think of is bitcoin or cryptocurrency. However, for businesses and entrepreneurs, blockchain is more than just a cryptocurrency. Let's take a look at the ways in which blockchain technology can empower business leaders. Case Study Blockchaintechnology is being rapidly usedin the logistics industry.The main advantages include higher confidence in the system due to greater transparency, improved product traceability, and cost savings by eliminating manual and paper-based administration. One such example Tradelens, a blockchain-powered open and neutral supply chain network, is one example. It was founded by IBM and Maersk and has expanded to 150 members, including some of the world's largest logistics companies, including CMA CGM, MSC, ONE, and Hapag-Lloyd. In 2020, it claims to have made businesses 15% more efficient by letting them get rid of legacy data systems, manual document processing, and limited visibility. By 2050, it claims to have made them 15% more efficient. Final Thought Blockchain technology is theinevitable future, and its use is no longer restricted to crypto transactions. In the coming years, blockchain development solutions will be used ineCommerce marketplace, peer-to-peer financial transactions, content distribution, healthcare data exchanges, supply chain, and customer services. Blockchain applications are no more the pie-in-the-sky dreams of early adopters. This technology has the potential to revolutionize practically every sector and solve your company's greatest challenges. Smart and strategic use of new technologies, can make your company more secure, transparent, and ready for whatever comes next. FAQ What Is the Impact of BlockchainTechnology on Business Models? Blockchain implementations can minimize transaction costs such as negotiation and search expenses and eliminate intermediary costs. This means that by 2022, blockchain technology is expectedto cut costs in the financial sector by$15–$20. What Is the Size of theBlockchainMarket? The global blockchain market was valued at $1.57 billion in 2018 and is expected to more than triple to 163 billion USD by 2027. What Does BlockchainMean for Business? A blockchain is a digital record of who owns what, and it is constantly updated. The time, date, dollar amount, and participants in a transaction are encrypted into a "block" that is connected to other blocks to create a chain.

Read More

Ericsson’s 5G platform adds unique core and business communication capabilities

Article | February 13, 2020

To leverage the full benefits of 5G and cloud native investments, orchestration and automation are now a critical matter of business. Ericsson’s 5G platform is now being strengthened with new solutions that enable smarter business. David Bjore, Head of R&D and Portfolio, Business Area Digital Services, Ericsson, says: “Through our core networks, service providers can get to market faster and can capitalize on new services, through leading consumer and enterprise communication and monetization solutions, enabling them to stay ahead in the race for 5G business, today and tomorrow.”

Read More

Ericsson researchers top 4.3Gbps downlink on 5G millimeter wave

Article | February 12, 2020

With a technical specification comprising 8 component carriers (8CC) aggregating 800MHz of millimeter wave spectrum, Ericsson engineers achieved delivery rates of 4.3Gbps – the fastest 5G speed to date. Ericsson Radio System Street Macro 6701 delivered data with downlink speeds of 4.3Gbps over-the-air to an industry partner test device during interoperability testing. The commercial solution, including network and terminal support, will be available to 5G consumers during 2020.

Read More

Spotlight

Network for Learning (N4L)

Network for Learning (N4L) connects more than 2400 schools across New Zealand to fast, reliable, safe, uncapped internet via our Managed Network. The service is fully funded and managed for schools, allowing every student and teacher seamless access to the internet, regardless of where they go to school. We work alongside government, education and technology partners to help schools get the most from digital connectivity.

Events