By Timothy Liu, CTO & Co-founder, Hillstone Networks
While Software-Defined Wide Area Networking, or SD-WAN, has gradually evolved over about the last decade, in recent years it has seen rapid adoption – in part due to organizations’ move to digital transformation (DX). Many industry analysts estimate the SD-WAN market is now in the billions of dollars, with a 25- to 35-percent compound annual growth rate. It has also become increasingly common for telcos and other service providers to offer managed SD-WAN services for their customers. For enterprises, a wide variety of vendors offer SD-WAN solutions, which can further complicate the decision process.
Organizational structures can also add to decision-making complexity. In the early days of networking, the provisioning, management and maintenance responsibilities – and therefore solution choices – were divided between enterprise network teams, WAN groups, and staff dedicated to network security. Gradually, the selection of an SD-WAN solution has evolved to span all three teams, since SD-WAN itself encompasses elements of networking, WAN and security.
This evolution makes sense in terms of digital transformation – SD-WAN and security are closely entwined. SD-WAN offers efficiency, cost savings and other benefits while expanding secure network services to branches, remote offices, and even home offices and other locations. Given the broad scope of SD-WAN, and the knowledge domains of the teams responsible for choosing a solution, it can be seen from at least two perspectives.
Cybersecurity as the Foundation for SD-WAN
From this viewpoint, cybersecurity forms the basis for SD-WAN. Next-gen firewalls (NGFWs) at the network edge have become a best practice for enterprise network security, providing a first line of defense against malwares, intrusions and other malicious acts. Many, if not most, newer-model NGFWs include on-board SD-WAN capabilities such as these:
- Improved resiliency with cost savings — One of SD-WAN’s key benefits is the ability to utilize multiple lower-cost broadband connections – rather than expensive MPLS connections – with highly secure overlays that exceed the capabilities of traditional VPNs. Multiple broadband connections, which may include 4G or 5G mobile links, coupled with intelligent routing and failover, can help ensure uptime for home and remote offices, branches and other locations. The secure overlays provided by SD-WAN can reach multiple locations, including public, private and hybrid cloud VMs.
- Enhanced visibility and ease of management— SD-WAN can provide comprehensive views across connected network assets to improve monitoring for attacks and potential threats while making troubleshooting much easier. The centralized management dashboard, coupled with zero-touch provisioning (ZTP), enable deployment even on a large scale.
- Supports better productivity — Through the application- and content-aware inspection engines available on NGFWs, SD-WAN can improve end users’ overall quality of experience. For example, the SD-WAN could give access priority to business applications, and deemphasize video and other large file transfers, thus enhancing performance for business-critical traffic and improving employee productivity.
Newer NGFWs include content and context awareness as well as deep packet inspection that can be leveraged by SD-WAN for expanded capabilities. For instance, NGFWs typically use classification engines as one of the bases for security decisions, and SD-WAN can use these engines to help determine the best internet connections to transmit traffic over. The classification engines can also guide queueing priorities for SD-WAN for fine-grained quality-of-service (QoS) controls.
SD-WAN as the Basis for Next-Gen Cybersecurity
The opposite perspective views SD-WAN as the springboard for next-generation cybersecurity. SD-WAN’s centralized cloud management holds the ability to allow incremental update of new security features. In addition, flexible policy-driven routing enables service chaining of security capabilities in the cloud rather than on more-expensive and harder to manage customer premises equipment (CPE). Looking ahead, cloud-based services for advanced security features for secure web gateways, advanced malware detection, cloud-access security brokers, and others can be supported by an SD-WAN platform. These next-gen security capabilities, and others, can then be delivered throughout the enterprise regardless of location.
Further, leveraging a cloud-based SD-WAN controller with on-premises SD-WAN CPE benefits new cybersecurity functions in two ways: Through the convenience and proximity of local CPE devices and the almost infinitely scalable compute resources of the cloud.
Since advanced security services, like threat identification through AI and machine learning, require large amounts of computing power, the cloud allows them to be run more cost-effectively and efficiently while taking advantage of economies of scale. For instance, rapid local policy enforcement and mitigation can be performed at branch locations through centralized SD-WAN controllers that leverage cloud-based AI/ML engines to recognize legitimate traffic as well as potential threats or attacks.
Some new security capabilities, however, are more practical to run locally – such as zero-trust network access for branch locations. Through SD-WAN, these functions can be “pushed” from the controller to the branch CPE, then loaded and executed with policies consistent across the entire enterprise.
Looking Forward
SD-WAN is still a relatively young technology, but it’s rapidly evolving to maturity – in fact, it’s one of the elements of Gartner’s secure access service edge (SASE) model, and a component that helps enable digital transformation. It’s also part of a natural progression for security solutions – from NGFW to SD-WAN to SASE – that allows enterprises to benefit from each incremental step as the technologies comprising SASE become mature.
We’re seeing enterprises and others in the real world embark upon this path toward SASE, beginning with SD-WAN, and supported by systems integrators, VARs, and managed service providers. In our view, it’s a relatively pain-free journey for enterprises seeking to modernize their WANs and prepare for the future.
Hillstone Networks is an industry leader in cybersecurity, with a proven, trusted, and cost-effective SD-WAN platform that provides comprehensive visibility, AI and ML-based intelligence, and fine-grained control to help manage and mitigate cyber risks spanning the edge to the cloud. By creating our SD-WAN solution on our next-generation firewall platform, our customers gain new SD-WAN capabilities backed by robust, intelligent cybersecurity defenses. Hillstone’s SD-WAN solution protects against new multistage, multilayer attacks and blocks ransomware and zero-day exploits across the entire enterprise, including branches, remote/home offices, data centers and cloud architectures.
Through Hillstone’s SD-WAN solution, enterprises gain a robust security platform that provides the visibility to see into network traffic, to understand traffic context and which applications are running, and to act to protect traffic at the edge. For more information, visit the Hillstone site.
About the Author
Timothy Liu is co-founder and chief technology officer of Hillstone Networks. In his role, Mr. Liu is responsible for the company’s product strategy and technology direction, as well as global marketing and sales. Mr. Liu is a veteran of the technology and security industry with over 25 years of experience. Prior to founding Hillstone, he managed the development of VPN subsystems for ScreenOS at NetScreen Technologies and Juniper Networks following its NetScreen acquisition. Mr. Liu is also a co-architect of the patented Juniper Universal Access Control and holds an additional patent on Risk Scoring and Risk-Based Access Control for NGFW. In his career, Mr. Liu has served in key R&D positions at Intel, Silvan Networks, Enfashion and Convex Computer. He Liu holds a Bachelor of Science from the University of Science and Technology of China and a Ph.D. from the University of Texas at Austin.
Tim can be reached online at @thetimliu and at our company website https://www.hillstonenet.com/