Coming October 25: PeerSpot Awards will be announced! Learn more
2020-05-20T10:02:00Z
Rony_Sklar - PeerSpot reviewer
Community Manager at PeerSpot (formerly IT Central Station)
  • 6
  • 100

What SD-WAN security issues should I be aware of?

Hi peers,

What are some of the most common SD-WAN security vulnerabilities? How can I detect and prevent these potential security issues? 

8
PeerSpot user
8 Answers
Richard Vivian - PeerSpot reviewer
Chief Technology Officer at KOLOK SA
Real User
Top 5Leaderboard
2020-07-29T09:52:01Z
29 July 20

The Citrix-SD wan comes wish a full firewall, that is very capable.  You just need to make sure that you harden the rules.  I would follow an approach of blocking everything, then open only what you need.   One point to note, there is a difference in applying a block or a drop rule.  A block still takes some processing, the drop just ignores these packets.  This makes a big difference when facing DDOS attacked.   Use drop rather than block, or DDOS will still take your services down.   NOTE.  This is a quick response, not a tech note. Check all changes carefully before implementing. 

Search for a product comparison in Software Defined WAN (SD-WAN) Solutions
SC
Director at Secure Design Communications Limited
User
2020-05-27T09:06:29Z
27 May 20

Restricting this response to security only. Keep focused on your desired outcome. SDWAN protects by communication encryption. Is this all you want to protect? What about your data at rest, what about the human risk, what about Active Directory, what about passwords? Security is an entire posture. Also consider that once inside the SDWAN an intruder moves with inpunity unless the chosen SDWAN inspects TLS (Still commonly called SSL inspection) Ensure your SDWAN choice includes strong security with the ability to integrate with other security applications. Then also remember a good SDWAN will improve the performace of the underlaying circuits, but not change the nature of the circuit. A contended broadband, will still be a contended broadband, Lastly if multiple vendor applications are used ,a single user interface will save your limited time.

Chingiz Abdukarimov - PeerSpot reviewer
Director at a integrator with 11-50 employees
User
Top 20
2020-05-27T07:02:43Z
27 May 20

Adding NGFW functions into the pure play SD-WAN solution is much more difficult than adding SD-WAN feature to NGFW. So when you go away from backhauling all branch traffic to HQ (moving towards direct cloud access and enabling edge computing) you need to be sure that the local traffic is secured enough, and this traffic is inspected for intrusion attempts and malware downloads. Cloud is not secure by default. That's why you need to plan security controls locally with the ability to manage and monitor them in HQ. I would prefer to use a single appliance at branch which can do security inspection and SD-WAN both at high level.

PF
Account Director at a tech services company with 51-200 employees
User
2020-05-27T01:03:20Z
27 May 20

It depends which SD-WAN vendor you are considering. Pure play SD-WAN generally lack enterprise grade security features and their architectures require a firewall - which means more complexity and cost. A number of firewall vendors have Secure SD-WAN appliances that incorporate NGFW and SDWAN functionality in one appliance. Pure play vendors are well known for overselling their security capabilities and leaving customers vulnerable.

A risk with SD-WAN devices is that you move away from hub and spoke networking to meshed, which means that there is a potential for the compromise of one device to give attackers visibility into the traffic flow from across the network. Its more efficient, manageable and cost effective to have a Secure SD-WAN device from a security vendor.

Lipaz Hessel - PeerSpot reviewer
Country Manager at Gilat Satellite Networks
Real User
Top 5Leaderboard
2020-05-26T17:44:49Z
26 May 20

SD-WAN comes with firewall inside the device, the issue with that Firewalls is lack of features like SSL-VPN. It is recommended to recheck management access because this device is connected directly through Internet, and make sure it is always up to date.

Remember this is the direct link from internet/branches with default security once installed, again make sure to configure it correctly

ER
Senior Pre-sales consultant at Businesscom BV
Reseller
Top 10
2020-05-27T14:16:27Z
27 May 20

This depends on the supplier. Most of the well known cloud suppliers know how to do security. Best to be aware of the human factor. Things like accounts take over. To prevent account takeovers a two factor identification would help a lot.

Find out what your peers are saying about Fortinet, Cisco, VMware and others in Software Defined WAN (SD-WAN) Solutions. Updated: September 2022.
635,987 professionals have used our research since 2012.
PeerSpot user
Cibersecurity Pre-Sales at Ingram Micro Inc.
Real User
2020-05-27T03:57:25Z
27 May 20

The SD-WAN does not have any vulnerability, since that feature can be natively integrated with a security platform, such as an SD-WAN gateway that uses security as a virtual network function (Velocloud + Palo Alto Networks , Citrix + Palo Alto Networks), or a native security platform with a plug-in SD-WAN (Palo Alto Networks, Fortinet). The main advantage of the second option is that you only have to use an orchestration console.

RG
President at a printing company with 51-200 employees
User
2020-08-12T17:17:24Z
12 August 20

The Fortinet secure SD Wan solution is included in the firmware, no additional license required and you can implement all NGFW functions, making it secure. Additionally, it has one the highest throughput and LCO. You can steer traffic in multiple ways in your links implementing SLA levels for each type of traffic. Very happy with the solutions.

Related Questions
SM
Student at a university with 5,001-10,000 employees
Aug 16, 2022
Hi community, I'm looking for a study (or a report) that can help me choose the best possible SD-WAN solution (features, cloud access, security, deployment, service chaining, etc.). I work at a university with 5K+ employees. I searched but each time I find contradictory information. It will help me a lot if I have something in which there are the 3 solutions listed below:  Cisco Viptela  ...
See 2 answers
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
25 July 22
Hi @Malith Chandrasekara, @TEDDY LLANO, @reviewer1657632, @Dániel Halmai, @Paul Woods, @Lipaz Hessel ​and @MohamedArshath, Can you please chime in and help @Diyaspino ​with this question? We appreciate your help.  ​ ​ ​ ​ ​ ​
DI
SE at a tech vendor with 11-50 employees
16 August 22
@Diyaspino,​ all three are overpriced.  Depending on what are you looking for, you may look at Fortinet or even check the latest Sophos offering.  There is a number of different postings on SD-WAN in the last few years. Once people learned that SD-WAN is an old VPN with a new user interface, they moved to a new buzzword. 
Janet Staver - PeerSpot reviewer
Tech Blogger
Jul 04, 2022
Do you recommend it?
See 1 answer
Beth Safire - PeerSpot reviewer
Tech Blogger
04 July 22
We are using Cisco SD-WAN for an SD-WAN solution. I highly recommend it for enterprise-level companies. Cisco’s SD-WAN is reliable and trustworthy and we have seen definite ROI with it along with improved speed and significantly less downtime. Once we started implementing Cisco SD-WAN, several valuable features immediately came to light, such as Cisco SD-WAN’s load balancing capabilities, scalability, and easy deployment process. Cisco SD-WAN is constantly adding new features to the solution. Upon deployment, Cisco SD-WAN will instantly discover, authenticate, and provision all your devices, both existing and new. It has, among other features, an overlay management protocol (OMP). This is easily applied to our entire network and speedily connects all our company data centers. One of the main things we like about this solution is that we can reuse certain hardware, which is a valuable asset. You can use hardware SKUs that already exist in the network. Another big advantage is the integration with the cloud and the constant measuring of the cloud's quality. These are two valuable benefits that this solution provides us with that we don’t see in other competing products. Cisco SD-WAN provides us with powerful and useful features and benefits. Some of these include: Integration: Cisco SD-WAN has multiple integration options. It integrates effortlessly with other Cisco products, such as NSO (Network Services Orchestrator) and the virtual CPE. In addition, it integrates well with Microsoft 365, Salesforce, Amazon Web Services (AWS), Azure, and many other cloud-based business solutions. Discovery and monitoring: Cisco SD-WAN instantly discovers, authenticates, and provisions existing and new devices. Being able to see the traffic in real time and know what applications are being used has been incredibly useful for us. Simple deployment: It is very easy and quick to deploy the whole solution. You will receive step-by-step configuration guidelines, making it easy to onboard new devices. There are also ready-made templates that can be used to automate the deployment of most common configurations. Ease of use: Cisco SD-WAN provides us with a user-friendly dashboard that provides users with an intuitive user experience, making it easy to configure, manage, operate, and monitor our entire system. With the Cisco SD-WAN dashboard, we have complete visibility of our entire infrastructure, and can see everything in real time. Responsive customer support: Cisco’s technical support is excellent. In all our dealings with technical support in the past, we have found them to be responsive and very professional. Increased profitability: Cisco SD-WAN definitely improved our performance levels and helped us cut back our overall connectivity costs. It requires a lot less staff to manage and secure the WANs. This helped free up valuable human resources. Flexible scalability: Flexible and easily scalable architecture allows our organization to address scale on demand to support greater business needs. Enhanced security: Real-time policy enforcement ensures that downtime and unplanned outages are kept to a minimum.
Related Articles
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 18, 2022
Dear PeerSpot community members, Welcome to the latest PeerSpot Community Spotlight, where we sum up the most relevant recent postings by your peers in the community.  Check out the latest questions, articles and professional discussions contributed by PeerSpot community members!  Trending Here are some topics that your peers are discussing at the moment: What is your recomme...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jun 20, 2022
Hi PeerSpot community members, This is a fresh-from-the-oven Community Spotlight for you. Here, we've summarized and selected the latest posts (professional questions, articles and discussions) by PeerSpot community members. Check them out! Also, please share with us your feedback and suggestions by commenting below! Trending See what is trending at the moment and chime in to discuss! ...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Nov 19, 2021
Hi community members, Spotlight #2 is our fresh bi-weekly community digest for you. It covers cybersecurity, IT and DevOps topics. Check it out and comment below with your feedback! Trending What are the pros and cons of internal SOC vs SOC-as-a-Service? Join The Moderator Team at IT Central Station (soon to be PeerSpot)! Questions Share your experience with other peers by ans...
Related Articles
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 18, 2022
Community Spotlight #18
Dear PeerSpot community members, Welcome to the latest PeerSpot Community Spotlight, where we su...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jun 20, 2022
Community Spotlight #16
Hi PeerSpot community members, This is a fresh-from-the-oven Community Spotlight for you. Here, ...
Download Free Report
Download our free Software Defined WAN (SD-WAN) Solutions Report and find out what your peers are saying about Fortinet, Cisco, VMware, and more! Updated: September 2022.
DOWNLOAD NOW
635,987 professionals have used our research since 2012.