SD-WAN Suppliers Partner to Supplement Security

December 04, 2017

By Paula Bernier - Executive Editor, TMC

Some SD-WAN solutions include such security features as end-to-end encryption and microsegmentation. And, as VeloCloud’s Michael Wood in a May article explained, SD-WAN also can recognize thousands of different applications, which helps identify anomalies in application usage, screen for unsanctioned applications, and drop the packets of unwanted applications.

But SD-WAN alone doesn’t address all security concerns. Current SD-WAN products do not protect against IPS and malware, for example.

That’s why many companies in this space have joined forces with security specialists. For example, the VeloCloud Security Technology Partner Program includes Check Point Software Technologies, Fortinet, IBM Security, and Zscale. Palo Alto has in the recent past done joint work with Riverbed, Silver Peak (News - Alert), Talari Networks, VeloCloud, and Viptela. Silver Peak also is partners with Fortinet. And that’s just a handful of examples of SD-WAN suppliers and security companies that have come together to provide business solutions.

In a March Network World (News - Alert) piece Steve Garson of consultancy SD-WAN-Experts writes: “Controller-based networks, such as SD-WANs, make WAN segmentation radically simpler. Details will vary between vendors, but in general, you define a policy describing the underlying network as it would appear to the application—the application characteristics, network configuration in some cases, addressing and more. The policy is then distributed across the nodes in the SD-WAN, which creates the multi-point tunnels (typically using IPsec) linking the offices defined in the policy. Traffic in one segment is limited to the sources and destinations associated within that segment.

“Some vendors might claim to have a separate SD-WAN segment per application,” he adds, “but I haven’t met anyone deploying an SD-WAN seriously thinking about going that far. It’s just too complicated to manage. Normally, companies will break their WAN into five to seven groups of applications based on use case—guest Wi-Fi, real-time applications, mission-critical applications, file transfer, general internet browsing, and everything else, for example.”

Edited by Mandi Nowitz