Business & Technology

CSP Best Practices for Delivering Secure SD-WAN

By Ronan Shpirer | February 24, 2019

Software-defined wide area networking (SD-WAN) is growing in popularity, as small to midsize businesses (SMBs) and enterprises realize the cost and performance benefits of using it for branch and cloud connectivity. Communication services providers (CSPs) are investing in solutions to deliver SD-WAN to their clients, but as they do, they need to address the security issues associated with SD-WAN implementations.

Why Companies Are Moving to SD-WAN

SD-WAN is a lightweight replacement for traditional WAN equipment. SD-WAN solutions utilize the WAN connections underlay to create an intelligent, application-aware, service level agreement (SLA)–enabled connectivity overlay that can maximize the performance of business-critical applications. They incorporate a WAN path controller that can automatically select the best WAN connection for specific network traffic depending on prioritization of the application and user, time of day, and other factors.

Even as SD-WAN solutions improve application performance via intelligent routing of network traffic, they also improve the cost-effectiveness of connectivity compared with a setup involving routers, optimizers, and load balancers. Moreover, the technology’s centralized management and zero-touch deployment streamline the provisioning and ongoing maintenance of networking functionality. SD-WAN can connect new branches to the corporate network with plug-and-play provisioning. Setting them up requires no specific networking or security expertise.

High performance and streamlined management are driving the popularity of SD-WAN. 
 

For these same reasons, SD-WAN is often an efficient means for CSPs to offer network connectivity to clients. For example, a CSP might find that SD-WAN is the best option to support a client that requires network connectivity between enterprise branches. Likewise, SD-WAN might make sense for a client undergoing digital transformation, requiring high-performance connectivity for Software-as-a-Service (SaaS) applications or a multi-cloud environment. In both of these cases, not only will the client expect WAN performance that meets their application SLAs, but they will also seek to simplify WAN networking and reduce capital expenditures (CapEx).

SD-WAN Security Must Be top-of-Mind for CSPs

The challenge of utilizing SD-WAN is that it introduces security risks. To provide direct internet connectivity, SD-WAN may bypass the corporate data center. This means communications to and from an organization’s branches are forgoing the benefits of corporate firewalls and security policy enforcement. Typical SD-WAN architectures also expand the corporate attack surface by increasing the number of networking devices that an attacker may choose to target. Worse, many stand-alone SD-WAN solutions lack advanced security functionality such as intrusion prevention (IPS), malware analysis, or sandboxing.

According to Gartner, “Security is users’ top concern about their wide-area networks (WANs). This is followed by network performance and increasing costs.”* A CSP providing clients with SD-WAN connectivity needs to address security risks head-on. That is where Fortinet comes in.

Fortinet was the first next-generation firewalls (NGFWs) vendor to include native SD-WAN capabilities in those devices. Whereas many SD-WAN vendors rely on third parties to provide advanced security for their networking functionality, Fortinet’s Secure SD-WAN solution natively delivers NGFW security and WAN resources (underlay) utilization and management to meet granular, application-based SLAs (overlay). A full range of security capabilities are provided on the same device that enables SD-WAN functionality.

Moreover, because they tie into the Fortinet Security Fabric, FortiGate NGFWs automatically share threat detection and response information with the organization’s other security solutions. They access threat intelligence from FortiGuard Labs, and they can tie in with FortiSandbox sandboxing capabilities to prevent malware from reaching a CSP client’s servers or endpoints.

Perhaps most important, FortiGate NGFWs have a proven track record. In its first-ever group test of SD-WAN solutions in 2018, NSS Labs gave FortiGate NGFWs a “Recommended” rating.** Fortinet Secure SD-WAN performed at or near the top of the pack in voice over IP (VoIP), video, and network performance, and offered a total cost of ownership (TCO) that was 88% lower than its closest competitor.

Fortinet customers recommend our Secure-SD WAN solution and praise it for its ease of integration with their existing environments, scalability capabilities, ease of implementation, and emphasized the overall value. Moreover, FortiGate Secure SD-WAN has received feedback from users on Gartner Peer Insights.

A majority of CSPs use Fortinet to deliver security services to their business customers via the FortiGate NGFW. Now, those CSPs can leverage the native SD-WAN capabilities in these NGFWs—through a simple software upgrade—to deliver their customer a truly secure SD-WAN solution.

Join Us to Learn More

Learn more by visiting the Fortinet booth—booth 31, hall 7—at the Mobile World Congress from February 25–28, 2019. Experts will be on hand to discuss how Fortinet solutions can secure CSPs’ SD-WAN offerings. We hope to see you there. For more on our presence at the Mobile World Congress, visit: fortinet-mwc.com.

Find out more about Fortinet's Secure SD-WAN Solutions.

Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences, and do not represent the views of Gartner or its affiliates.

*Naresh Singh, “Survey Analysis: Address Security and Digital Concerns to Maintain Rapid SD-WAN Growth,” Gartner, Nov. 12, 2018."
**Thomas Skybakmoen, “SD-WAN Comparative Report,” NSS Labs, August 8, 2018.

 

Tags: