May 29, 2018

SD-WAN mythbusting: Part III

Jim Fulton

[Editor's note: This is the 3rd blog in a 3-part series exploding some of the myths surrounding SD-WAN. You can read Part I in the series here and Part II here.]

Myth #4: SD-WAN solutions are already enterprise-grade

SD-WAN has exploded in popularity, but that doesn’t mean that all SD-WAN solutions do the same thing. Some only provide a specific type of connectivity or can only handle a few locations. Early SD-WAN solutions didn’t pay much attention to security beyond making sure that traffic was encrypted over the links closest to each location.

A new generation of enterprise-grade SD-WAN solutions is emerging, shifting the focus of SD‑WAN from baseline connectivity to capabilities that both connect and protect on a global scale.

Operating at Global Scale

True enterprise SD-WAN solutions are now capable of handling more than 1000 sites, each with different connectivity technologies and ISPs at each location. “Always-on” high availability is now the norm in such deployments, with heterogeneous clustering of networks and devices that prevents packets from being dropped, even during updates and upgrades.

State-of-the-Art Security

Full next generation firewall (NGFW) and intrusion prevention system (IPS) capabilities are mandatory anywhere a site touches the internet. Modern enterprise SD-WAN solutions integrate security into networking to prevent gaps and eliminate the burden of managing multiple systems.

Policy-based, Centralized Management

Simple remote configuration schemes, such as connecting to an administrative web interface running on a single device, are good for making minor changes in small environments, but quickly become unwieldy when dealing with hundreds or thousands of locations. The repetitive, labor-intensive actions they require are both time-consuming and error-prone, creating gaps and inconsistencies across locations.

Enterprises need truly centralized administration that allows business practices to be described once in higher-level policy terms and then automatically applied everywhere they are needed. Such systems make sophisticated security more reliable and avoid the need to send technicians onsite and provide visibility into every location (physical, as well as virtual and cloud-based) on the network.

Given how dynamic today’s networks are, policy updates must be fast to make and to deploy to support new sites and applications to mitigate potential threats. Making important changes across your entire network should take minutes—not hours—without taking sites offline. Look for secure enterprise SD-WAN solutions that do both networking and security efficiency at scale.

Myth #5: SD-WAN has built-in security

According to Gartner, branches need the same level of enterprise-grade security that organizations use in their primary internet gateways. Many first-generation SD-WAN solutions enforce encryption of traffic over commodity broadband links using Virtual Private Network (VPN) technologies, which keeps data and communications between different sites private but doesn’t make the sites themselves any more secure.

New, enterprise-grade SD-WAN solutions have security that is fully distributed at each location; they don’t rely on the single, centralized gateway like hub-and-spoke networks do. This keeps attackers from sneaking into your stores, branches, or remote offices and can help protect and accelerate the use of SaaS applications. Leading-edge enterprise SD-WAN providers are also using techniques such as “service chaining” to apply advanced security capabilities (e.g., web traffic protection and CASB) to secure data transmitted to cloud-based apps.

Secure enterprise SD-WAN is already in use around the world.

These practices aren’t just theory, they’re real. Forcepoint’s secure enterprise SD-WAN is used by organizations around the world to connect and protect highly distributed stores, branches, and remote offices. Its policy-centric approach integrates networking and security to eliminate gaps. It can automate the management of thousands of devices from a single console and push updates to every location in minutes with just a few clicks. Our interactive VPN setup replaces laborious spreadsheets with immediate drag-and-drop to add new sites to even the most complex topologies. With Forcepoint, it’s easy and safe to augment or replace expensive MPLS lines with whatever commodity broadband links are available in each location.

Watch our recently recorded webcast, Enterprise SD-WAN in the Real World,” to learn how our MSSP partner uses Forcepoint’s secure enterprise SD-WAN capabilities to optimize connectivity and security for 400 sites around the world, or check out the eBook "5 Myths About Enterprise SD-WAN."

Jim Fulton

Jim Fulton serves as VP Product Marketing & Analyst Relations, focused on SASE, SSE and Zero Trust data security. He has been delivering enterprise access and security products for more than 20 years and holds a degree in Computer Science from MIT.

Read more articles by Jim Fulton

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.