Business & Technology
Historically, the branch office of an organization was the red-headed stepchild of the network. Locally cached data tended to be out of date and connections to the central data center were often slow and unreliable. This was fine when interactions with customers and databases were slow, and the number of devices connected to the branch network was limited. But digital transformation has changed all of that.
Today, transactions, workflows, applications, and data requests at the branch need to be just as fast as those being processed at the network core. Even more challenging, the number and types of end users and the increasing volume of voice and video traffic and business applications connected to the branch network have multiplied dramatically, including cloud-based networks (IaaS) and services (SaaS).
SD-WAN solutions were developed to overcome the networking challenges that traditional MPLS-based branch network strategies couldn't address. They provide branch users with flexible access to resources located anywhere across the distributed network and allow end users to use advanced applications, generate complex workflows, and utilize cloud-based services from a variety of devices, including their BYOD solutions.
One of the challenges with traditional WAN connections is that routers generally don’t provide any visibility into today’s traffic and applications. SD-WAN enables deep application visibility and first packet classification so that the network can better support business-critical applications for. Because poor application performance can seriously impact the business, SD-WAN automatically identifies traffic by type, user, source, and destination to steer critical applications down pathways with adequate bandwidth and minimal latency. Combined with simplified connection failover, branch users experience better visibility, higher performance, and greater availability for business applications.
However, many IT teams who have been quick to adopt SD-WAN due to its clear benefits significantly underestimated the challenge of implementing an effective and comprehensive security strategy to go along with it due to the challenge of direct Internet access from devices running at the branch. Any branch security solution needs to address the SD-WAN connection as well as split-tunnel challenges resulting from also running cloud services, mobile devices, IoT, BYOD., and mobile users remotely connecting to branch resources. Organizations need to wrap that all together into a single, integrated security and network solution for consistent performance and security.
And to complicate matters further, organizations are also experiencing a global shortage of trained and experienced cybersecurity professionals. The last thing that they need is to build, deploy, manage, and monitor yet another suite of security tools designed to protect their branch offices. Unfortunately, of the over sixty SD-WAN vendors on the market today, only a handful provide anything beyond the most basic security. Instead, they rely on organizations to figure out how to leverage their existing security solutions into their SD-WAN tools.
Unfortunately, the majority of security devices and solutions deployed on the main campus of an organization were never designed to support the unique and highly dynamic requirements of today's branch offices. They can't see far enough, can't track data that moves between network domains, and can't share and correlate threat intelligence to identify and stop today's advanced attacks. The best they can usually do is encrypt traffic and then apply a security filter at the edge of the network to shut down a connection if it detects malware or unusual behavior.
Of course, that is the same attitude toward branch-based resources that we began with. But in today’s highly transactional digital economy, that approach is insufficient—especially not for those organizations looking to not only compete but thrive in today's marketplace.
To address this challenge, SD-WAN needs to have a sophisticated suite of security tools embedded directly into the solution, including NGFW, IPS, web filtering, antivirus/antimalware, encryption, sandbox, and high-speed inspection of encrypted data. Further, those security tools need to seamlessly integrate with the security tools deployed elsewhere in the distributed network, whether on the main campus, or remote and mobile devices, and across each of the different cloud solutions that have been adopted.
Any SD-WAN security solution MUST include the following three characteristics:
Business-critical applications are the lifeblood of today’s digital enterprise. As a result, ensuring the consistent availability and performance of those applications—especially over traditionally unreliable public networks—is essential for ensuring the productivity and integrity of today’s branch offices. SD-WAN also supports centralized control, policy-based management, hybrid gateways that use a variety of connections and transport services, and things like service chaining that allow different network services to work together.
What most SD-WAN solutions don’t provide is security. Because Secure SD-WAN natively includes a suite of fully integrated security solutions, it not only provides the essential functionality that SD-WAN provides, but it also secures the entire range of critical branch applications and services, while seamlessly tying that security back into the organization’s larger security framework. This, in turn, reduces security overhead, ensures consistent protection and policy enforcement, and reduces total cost of ownership—without compromising on SD-WAN performance or functionality.
Read more about how Fortinet’s security-first approach to SD-WAN continues to gain momentum.