How IT pros deal with SD-WAN security concerns

When baseline SD-WAN security is not enough, enterprises are adopting extra measures such as intrusion prevention, anti-virus, unified threat management and more.

SD-WAN technology is becoming increasingly popular because it’s less expensive, more flexible and easier to deploy than MPLS, it provides centralized visibility and management, and it boosts the overall performance of WAN links, which makes employees more productive. But enabling end users in branch offices to connect directly to the public internet and to cloud services raises serious security concerns, which adds another level of complexity and risk to an SD-WAN rollout.

Organizations that had deployed SD-WAN at their branch offices were 1.3 times more likely to have experienced an actual data breach than those who didn’t, according to a survey of 250 enterprises in North American and Europe conducted by Enterprise Management Associates in late 2018. That’s because many enterprises initially relied exclusively on the native security features in their SD-WAN devices, rather than augmenting those capabilities with additional layers of defense, says EMA analyst Shamus McGillicuddy, who authored the research.

Typical SD-WAN products offer a stateful firewall, plus other features such as network segmentation and site-to-site tunneling. But they don’t deliver more sophisticated security measures such as application-aware next-generation firewalls, intrusion prevention, data loss prevention and unified threat management. In addition, they don’t automatically integrate with the rest of the enterprise’s security infrastructure.

The good news is that enterprise customers are becoming more aware of the need for additional security features beyond the baseline offerings. In a recent survey conducted by IDG Research and managed SD-WAN provider Masergy, 81 percent of respondents say security is the most critical factor in SD-WAN vendor selection.