Product Development Manager at a comms service provider with 501-1,000 employees
Real User
Top 10
2023-02-15T08:52:33Z
Feb 15, 2023
In my experience, we can prevent vulnerabilities from SD-WAN (one of them) using an IPS/IDS feature. Moreover, we can leverage other security features in the SD-WAN vendors. To the best of my knowledge, Versa Networks is one of the sophisticated SD-WAN vendors. They have a great solution in network and security as well.
Search for a product comparison in Software Defined WAN (SD-WAN) Solutions
The Citrix-SD wan comes wish a full firewall, that is very capable. You just need to make sure that you harden the rules. I would follow an approach of blocking everything, then open only what you need. One point to note, there is a difference in applying a block or a drop rule. A block still takes some processing, the drop just ignores these packets. This makes a big difference when facing DDOS attacked. Use drop rather than block, or DDOS will still take your services down. NOTE. This is a quick response, not a tech note. Check all changes carefully before implementing.
Restricting this response to security only. Keep focused on your desired outcome. SDWAN protects by communication encryption. Is this all you want to protect? What about your data at rest, what about the human risk, what about Active Directory, what about passwords? Security is an entire posture. Also consider that once inside the SDWAN an intruder moves with inpunity unless the chosen SDWAN inspects TLS (Still commonly called SSL inspection) Ensure your SDWAN choice includes strong security with the ability to integrate with other security applications. Then also remember a good SDWAN will improve the performace of the underlaying circuits, but not change the nature of the circuit. A contended broadband, will still be a contended broadband, Lastly if multiple vendor applications are used ,a single user interface will save your limited time.
Adding NGFW functions into the pure play SD-WAN solution is much more difficult than adding SD-WAN feature to NGFW. So when you go away from backhauling all branch traffic to HQ (moving towards direct cloud access and enabling edge computing) you need to be sure that the local traffic is secured enough, and this traffic is inspected for intrusion attempts and malware downloads. Cloud is not secure by default. That's why you need to plan security controls locally with the ability to manage and monitor them in HQ. I would prefer to use a single appliance at branch which can do security inspection and SD-WAN both at high level.
Account Director at a tech services company with 51-200 employees
User
2020-05-27T01:03:20Z
May 27, 2020
It depends which SD-WAN vendor you are considering. Pure play SD-WAN generally lack enterprise grade security features and their architectures require a firewall - which means more complexity and cost. A number of firewall vendors have Secure SD-WAN appliances that incorporate NGFW and SDWAN functionality in one appliance. Pure play vendors are well known for overselling their security capabilities and leaving customers vulnerable.
A risk with SD-WAN devices is that you move away from hub and spoke networking to meshed, which means that there is a potential for the compromise of one device to give attackers visibility into the traffic flow from across the network. Its more efficient, manageable and cost effective to have a Secure SD-WAN device from a security vendor.
SD-WAN comes with firewall inside the device, the issue with that Firewalls is lack of features like SSL-VPN. It is recommended to recheck management access because this device is connected directly through Internet, and make sure it is always up to date.
Remember this is the direct link from internet/branches with default security once installed, again make sure to configure it correctly
This depends on the supplier. Most of the well known cloud suppliers know how to do security. Best to be aware of the human factor. Things like accounts take over. To prevent account takeovers a two factor identification would help a lot.
The SD-WAN does not have any vulnerability, since that feature can be natively integrated with a security platform, such as an SD-WAN gateway that uses security as a virtual network function (Velocloud + Palo Alto Networks , Citrix + Palo Alto Networks), or a native security platform with a plug-in SD-WAN (Palo Alto Networks, Fortinet). The main advantage of the second option is that you only have to use an orchestration console.
President at a printing company with 51-200 employees
User
2020-08-12T17:17:24Z
Aug 12, 2020
The Fortinet secure SD Wan solution is included in the firmware, no additional license required and you can implement all NGFW functions, making it secure. Additionally, it has one the highest throughput and LCO. You can steer traffic in multiple ways in your links implementing SLA levels for each type of traffic. Very happy with the solutions.
Hello community,
I am an Information Technology Domain Network and Solutions Architect at a large utility company.
I am currently researching SD-WAN solutions. Is the network connection for an SD-WAN router the same as a network connection to a traditional router? They both employ an ethernet private line for access, is that correct?
Thank you for your help.
IT Support and Network Admin at Escuela Carlos Pereyra
Feb 16, 2023
More information please!! Of course it's not the same type of solution, but if you're talking about infrastructure, yes it's the same, you just need a patch cable (copper or fiber) from your ISP router connected to your router's WAN IN port.Otherwise, if you're talking about capabilities, it's normal behavior of the whole network to become slower if your UTM server is not good enough and that depends on how big your current and future network need is, take note of that, it is the main concern that you should focus on.Personal advice for you; go with a hardware kind router, most of the time it is a better solution and cheaper one, maybe you just don't know yet about the correct one for you, please let me know if I was helpful.
Hello peers,
I am a project and program manager at a medium-sized utility company.
I am interested in SD-WAN. Does anyone know what IBM focuses on within SD-WAN space?
Thank you.
Executive Vice President Operations and IT at Sterling National Bank
Dec 5, 2022
IBM does not appear in Gartner's Magic Quadrant for SD-WAN as of the 12th September 2022.
One of my clients implemented Viptela which was later acquired by Cisco. They replaced about 30 MPLS circuits with multiple business broadband circuits, saved a lot of money, and increased speed and reliability.
According to Gartner's 2022 MQ report, the leaders are Fortinet, VMware, Cisco, HPE (Aruba), Versa, and Palo Alto.
Dear PeerSpot community members,
Welcome to the latest PeerSpot Community Spotlight, where we sum up the most relevant recent postings by your peers in the community.
Check out the latest questions, articles and professional discussions contributed by PeerSpot community members!
Trending
Here are some topics that your peers are discussing at the moment:
What is your recomme...
Hi PeerSpot community members,
This is a fresh-from-the-oven Community Spotlight for you. Here, we've summarized and selected the latest posts (professional questions, articles and discussions) by PeerSpot community members. Check them out!
Also, please share with us your feedback and suggestions by commenting below!
Trending
See what is trending at the moment and chime in to discuss!
...
Hi community members,
Spotlight #2 is our fresh bi-weekly community digest for you. It covers cybersecurity, IT and DevOps topics. Check it out and comment below with your feedback!
Trending
What are the pros and cons of internal SOC vs SOC-as-a-Service?
Join The Moderator Team at IT Central Station (soon to be PeerSpot)!
Questions
Share your experience with other peers by ans...
In my experience, we can prevent vulnerabilities from SD-WAN (one of them) using an IPS/IDS feature. Moreover, we can leverage other security features in the SD-WAN vendors. To the best of my knowledge, Versa Networks is one of the sophisticated SD-WAN vendors. They have a great solution in network and security as well.
The Citrix-SD wan comes wish a full firewall, that is very capable. You just need to make sure that you harden the rules. I would follow an approach of blocking everything, then open only what you need. One point to note, there is a difference in applying a block or a drop rule. A block still takes some processing, the drop just ignores these packets. This makes a big difference when facing DDOS attacked. Use drop rather than block, or DDOS will still take your services down. NOTE. This is a quick response, not a tech note. Check all changes carefully before implementing.
Restricting this response to security only. Keep focused on your desired outcome. SDWAN protects by communication encryption. Is this all you want to protect? What about your data at rest, what about the human risk, what about Active Directory, what about passwords? Security is an entire posture. Also consider that once inside the SDWAN an intruder moves with inpunity unless the chosen SDWAN inspects TLS (Still commonly called SSL inspection) Ensure your SDWAN choice includes strong security with the ability to integrate with other security applications. Then also remember a good SDWAN will improve the performace of the underlaying circuits, but not change the nature of the circuit. A contended broadband, will still be a contended broadband, Lastly if multiple vendor applications are used ,a single user interface will save your limited time.
Adding NGFW functions into the pure play SD-WAN solution is much more difficult than adding SD-WAN feature to NGFW. So when you go away from backhauling all branch traffic to HQ (moving towards direct cloud access and enabling edge computing) you need to be sure that the local traffic is secured enough, and this traffic is inspected for intrusion attempts and malware downloads. Cloud is not secure by default. That's why you need to plan security controls locally with the ability to manage and monitor them in HQ. I would prefer to use a single appliance at branch which can do security inspection and SD-WAN both at high level.
It depends which SD-WAN vendor you are considering. Pure play SD-WAN generally lack enterprise grade security features and their architectures require a firewall - which means more complexity and cost. A number of firewall vendors have Secure SD-WAN appliances that incorporate NGFW and SDWAN functionality in one appliance. Pure play vendors are well known for overselling their security capabilities and leaving customers vulnerable.
A risk with SD-WAN devices is that you move away from hub and spoke networking to meshed, which means that there is a potential for the compromise of one device to give attackers visibility into the traffic flow from across the network. Its more efficient, manageable and cost effective to have a Secure SD-WAN device from a security vendor.
SD-WAN comes with firewall inside the device, the issue with that Firewalls is lack of features like SSL-VPN. It is recommended to recheck management access because this device is connected directly through Internet, and make sure it is always up to date.
Remember this is the direct link from internet/branches with default security once installed, again make sure to configure it correctly
This depends on the supplier. Most of the well known cloud suppliers know how to do security. Best to be aware of the human factor. Things like accounts take over. To prevent account takeovers a two factor identification would help a lot.
The SD-WAN does not have any vulnerability, since that feature can be natively integrated with a security platform, such as an SD-WAN gateway that uses security as a virtual network function (Velocloud + Palo Alto Networks , Citrix + Palo Alto Networks), or a native security platform with a plug-in SD-WAN (Palo Alto Networks, Fortinet). The main advantage of the second option is that you only have to use an orchestration console.
The Fortinet secure SD Wan solution is included in the firmware, no additional license required and you can implement all NGFW functions, making it secure. Additionally, it has one the highest throughput and LCO. You can steer traffic in multiple ways in your links implementing SLA levels for each type of traffic. Very happy with the solutions.