Posted on

Steps to a Secure, Software-Defined WAN

SD-WAN technology is fast growing in popularity. It enables an organization to connect distributed facilities for a much lower cost than traditional technologies like MPLS (multiprotocol label switching). An SD-WAN can be very secure, but only if it’s approached the right way. Expanding a network increases the scope of any existing risks, so securing it becomes more important than ever.

What is SD-WAN?

The term, SD-WAN isn’t precisely defined. It’s a set of enabling technologies based on the SDN (software-defined network) architecture. It lets a network’s architecture use any available transport mechanisms. Paths adjust dynamically to traffic and outages. The network is under a single point of control, usually a GUI control panel. Network-wide end-to-end encryption lets data safely move through the Internet.

Most often the unifying software is cloud-based. This isn’t a requirement, but it’s common enough that people often think of SD-WAN as cloud-based private networking.

Having a fast private network that isn’t restricted by geography offers many advantages. Offices can share servers. Communication by VoIP and video reduces the need to travel for meetings. It’s easy to send documents without resorting to insecure channels.

In the past, MPLS has been the most common way to connect locations in a WAN. It’s expensive, though. It often requires substantial work to set up the “last mile” connection. An SD-WAN can mix MPLS with public Internet connections or go entirely over the Internet.

Security Concerns

Network-wide encryption is a basic requirement of an SD-WAN, but it’s only one piece of security. All the issues that affect a local network increase in scale when a LAN becomes a WAN. If it’s bad when SMB-propagated malware like Wannacry or Petya spreads across one office, it’s worse when it spreads through the whole enterprise.

It’s necessary to build security into the entire network. Every access point is a potential weakness. That includes mobile devices, routers, PoS terminals and IoT devices (Internet of Things). A bigger network has a bigger attack surface and is more complex to manage. The approach to security needs to be as elastic as the network it protects.

Addressing The Challenge

Just as SD-WAN technology brings remote components together into a single network, the security system needs to treat them all as parts of an interconnected whole. The multitude of threats in today’s world requires a layered security strategy. When some of the equipment is far away, keeping track of everything through software becomes even more important.

Controlling access is the first step. Transient devices, such as mobile phones and machines coming through a VPN, need to be identified and authorized. The firewall needs to block inappropriate traffic.

Security software on individual machines should communicate with the rest of the network. An attack on one machine may warn of a threat to the others.

Monitoring needs to cover the whole network and catch any abnormal activity quickly. The faster attacks are discovered, the less damage they can do. The response may be an automated action, a notification to an administrator, or both.

Fortinet’s Security Fabric integrates every aspect of the network into a collaborative whole. It brings together diverse technologies to protect a network that spans multiple data centers, on-premise and remote endpoints and the cloud. It doesn’t just identify known malware but analyzes network behavior to catch previously unknown threats.

Fine Tec is a value-added distributor of Fortinet systems. A properly run SD-WAN can be highly secure. With Fine Tec’s guidance, you can help customers ensure it will be launched with the strongest protection.