
Secure the Last-Mile Connection With a Reliably Failsafe SD-WAN


Atchison Frazer, World Wide Head of Marketing, Talari
Your Business Can’t Function without Secure Connectivity
IT leaders must take a harder look at the wide-area network (WAN) connecting their offices to critical applications in their private data centers and the public Internet. Turning to software-defined WANs (SD-WAN) to help secure the last-mile connection to branch offices and corporate locations is essential to fuel business agility while avoiding security risks that can slow down your enterprise..
Build a More Secure WAN Edge
A failsafe SD-WAN enables organizations to deliver a high-quality user experience from data center to branch, helping to protect against WAN outages and cyber attacks.
With a failsafe SD-WAN, IT can:
1. Isolate network management traffic. With a failsafe SD-WAN, data is transported over a different path than network monitoring and management traffic. This way, application and data flowing over the network cannot be compromised via network management applications that have known vulnerabilities or zero-day exploits or through standard probing and port scanning techniques. Network management traffic is isolated and encyrpted.
2. Better protect broadband Internet links with security zones. An SD-WAN enables organizations to create a hybrid WAN to connect branch offices, fluidly using traditional MPLS links and inexpensive broadband Internet. With a failsafe SD-WAN, IT can create different security zones for trusted and untrusted WAN links. MPLS andIPsec VPNs are designed to be secure, so additional protection is advisable but not necessary. But DSL, cable or other public Internet connection is untrusted, and traffic should be encrypted or virtually scubbed to protect against incidents, data theft and spying.
3. Allow only legitimate traffic into the branch office using a stateful firewall. Organizations can create zone-based security with policy-based filtering between different applications and services. Extending security zones across multiple branch locations strengthens and simplifies security. The context, gleaned from previous connections and packets, is also critical to ensuring that only valid traffic is permitted into the trusted network and malicious traffic is dropped. Traffic also can be filtered within a site or between zones located in different locations, which ensures that local traffic is scrutinized to limit exposure if a device is compromised or if there is a malicious insider. A contemporary SD-WAN can also be serviced-chained to separate security devices, such as next-generation firewalls, to ensure that performance and security policies flow contiguously with changes in the network.
4. Segment traffic from different business entities using virtual routing. An SD-WAN that supports virtual routing and forwarding (VRF) enables an organization to securely support IT systems from multiple business unit or departments on the infrastructure. With VRF functionality, multiple distinct routing tables are supported in the same physical router. By automatically segregating traffic, VRFs increase network security and reduce the need for encryption and authentication technologies. From a regulatory and legal compliance standpoint, this greatly aides the ability to adhere to segmentation of duties and privileged communications that must be protected with multiple layers of defenses.
5. Ensure data privacy with path encryption. Encrypting data as it travels between sites can make data next to useless if it is stolen. AES with a 128-bit or 256-bit key should be used. Other techniques, including cipher block chaining, per-protocol sequence numbers, and per-session symmetric encryption, can further strengthen data privacy. Messages also should be authenticated upon their delivery to verify that the packets have not been compromised in transit.
6. Guard against interception with replay attack protection. An attacker may try to copy a stream of messages to sow disruption, gain privileged access or other damage. A failsafe SD-WAN can guard against replay attacks by maintaining a time window in which all clients must synchronize. If the timestamp of an arriving packet isn’t within the range of the current network time, the packet is unlikely to be needed by the users anymoreand is unlikely to be valid anymore. Using a time-based method is more efficient thansequence number synchronization.
7. Mitigate the risk of compromised passwords and encryption keys. The vast majority of breaches start with weak or stolen account credentials. While it’s not possible to completely eliminate the risk of leaked VPN passwords or leaked encryption keys, a failsafe SD-WAN can securely regenerate encryption keys to additional protection. By using secure key for a particular site or all sites, the key can be quickly changed if a compromise occurs, thereby limiting damage.
8. Simplify the WAN infrastructure. Many organizations use IPsec VPNs, despite the difficulty to ensure consistent service levels. A failsafe SD-WANcan remedy that long-standing issue by terminating IPsec tunnels. This allows organizations to replace dedicated hardware for site-to-site IPsec connectivity and reduces the complexity and cost of the WAN infrastructure.
A digital business simply doesn’t function without reliable, secure connectivity, and with a failsafe SD-WAN, organizations can build strong, flexible last-mile bandwidth connections that will fuel transformation and deliver on customer and employee expectations for exceptional service at every interaction.
Featured Vendors
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
Cloud At The Edge
Edge Computing - Where Does It Fit Today And Tomorrow!
The Evolution of Digital Banking Landscape in Indonesia
Banking Preference Shifted: Moving Away from Traditional Banks
How Opendoor Platformized Inspection Tooling for Self-Guided Assessments
