WHY SD-WAN REQUIRES STRONG, INTEGRATED SECURITY

InSpeed NetworksBlog

When software-defined WAN (SD-WAN) technology first entered the market, it was primarily touted as means of reducing data transport costs, facilitating branch office connectivity and centralizing WAN management.

But it’s virtually impossible to separate network functionality from security. The WAN needs strong protection against Internet-borne threats, particularly when branch locations have direct Internet connectivity.

That’s why it’s critical to integrate strong security into the SD-WAN. In particular, the SD-WAN needs firewall functionality in order to inspect packets traveling across the network and either block or allow them based upon ports, protocols, IP addresses and other rules. This helps ensure that the traffic coming into the network is an appropriate response to an outbound request.

However, most SD-WAN products were not designed with security in mind. That means organizations must implement a third-party firewall or secure web gateway to protect the WAN. Problem is, you have to purchase, administer and support an additional appliance at each branch location. This increases cost, complexity and IT operational headaches.

With InSpeed’s SD-WAN solution, the local Internet connection is protected from external attack with firewall mechanisms based upon security best practices. Stateful packet filtering is performed both at the WAN interface on the InSpeed onsite appliance and in the InSpeed Quality Service (IQS) cloud instance. InSpeed also performs network address translation (NAT) at the IQS cloud instance, and provides local port forwarding with NAT.

In addition to prioritizing Interactive application traffic, IQS ensures that enterprise security policies are enforced over every WAN connection. InSpeed also provides DNS management, DHCP server and relay functionality, and load balancing and failover across multiple WAN links. InSpeed also helps ensure strong authentication and authorization for access to IQS configurations. Operational access to production infrastructure uses public key cryptography. Complex passwords are required for InSpeed portal accounts. and multifactor authentication can be used for privileged access.

IQS protects sensitive data through end-to-end encryption of all WAN traffic. It automatically establishes a secure VPN tunnel between the onsite appliance and the IQS cloud instance, creating a private network mesh connecting all locations.

The IQS cloud instance is located in a hardened data center with the highest levels of security. The IQS platform and third-party software components are continuously monitored for vulnerabilities and updated aggressively based upon risk.

In a recent research note, Gartner recommend that organizations use cloud-based Security-as-a-Service solutions to relieve some of the complexities and management headaches associated with securing direct Internet connections in remote locations. Because InSpeed is so simple to use and cost-efficient, it can be implemented in small offices and home offices. All sites can be managed from one centralized portal.

While SD-WAN facilitates the use of lower-cost connectivity, it also exposes remote offices and workers to Internet-borne threats. Because it’s difficult to manage multiple security appliances across branch locations, SD-WAN solutions should incorporate strong security. InSpeed Quality Service provides firewall functionality, strong authentication, encryption and other security features to reduce risk without operational complexity.

Share this Post