Story image

Is your SD-WAN solution leaving you vulnerable?

26 Nov 2018

Article by Fortinet principal engineer and security strategist Joshua Alcock

Software-defined WAN (SD-WAN) is a highly disruptive force that is dramatically reshaping the enterprise router market, recent figures from Gartner show.

Enterprise spending on SD-WAN is growing at a CAGR of 76.2% from 2016 through 2020 as businesses use SD-WAN to save money and increase agility.

SD-WAN allows for the dynamic distribution of traffic across multiple locations while automatically responding to changing application policies.

Gartner has found that by 2018, more than 40% of WAN edge infrastructure refresh initiatives will be based on SD-WAN appliances versus traditional routers (up from less than 2% today)

SD-WAN is transport and carrier-agnostic, which means expensive dedicated WAN connections can be replaced with more cost-effective connections such as internet and LTE.  

Intelligent path selection ensures that the right traffic gets where it needs to in the most efficient way possible, whether it be out to an IaaS or SaaS platform, or to internally hosted applications.

Providing direct internet access to cloud-based applications has made deploying new security strategies designed for the distributed enterprise critical.

Why application detection?

Traditional security solutions tend to be placed in a single location on the perimeter, but as the perimeter disappears, security needs to be able to protect connections from any device in any location, and see and automatically adapt to the changing infrastructure on demand.

A key requirement of SD-WAN is to be able to accurately detect applications, as it forms the foundation for ensuring that critical business applications get the priority they require, while providing real-time threat protection.

Fortinet incorporates an application control as well as an internet services database that stays current, receiving ongoing updates from the FortiGuard threat intelligence services, leaving you better equipped to identify and classify new applications, including encrypted and cloud app traffic.

This application detection allows for control over path selection and prioritisation at an application and internet service level, providing greater visibility and control, ensuring that critical applications get the prioritisation and bandwidth they require.

With the rapid adoption of cloud applications, encrypted traffic has risen significantly, with over 75% of enterprise traffic expected to be encrypted by 2019.

Having the ability to decrypt and inspect this traffic at speed is critical for identifying traffic, and protecting against threats hiding inside these encrypted sessions, while still maintaining the expected agility these services offer.

Securing an expanded attack surface

As organisations look at SD-WAN options, what is often missing from their assessment is how to adequately address security risks, and these decisions are often made with security as an afterthought.

SD-WAN vendors are increasingly embedding security features into their offerings, but these tend to be basic controls and not the robust security functions that these environments require in order to protect against advanced threats that target the expanded attack surface introduced by SD-WAN.

Gartner is stating that by 2023, 50% of new firewall purchases in distributed enterprises will utilise SD-WAN features. Fortinet can deliver all of this functionality in one device, thereby reducing cost and power whilst simplifying deployments.

Fortinet is the only vendor with a “Recommended” designation for both SD-WAN and Next-Generation Firewall (NGFW) solutions by cybersecurity expert NSS Labs.

This demonstrates that our advanced SD-WAN offerings also provide completely integrated threat protection features such as NGFWs, anti-virus, intrusion prevention (IPS), and high-throughput SSL inspection.

Fortinet’s SD-WAN solutions are the first in the market to provide complete integrated security by replacing disparate WAN routers and security devices with a single integrated solution that can support and secure remote sites and users.

This unique approach provides exceptional cybersecurity while allowing them to deploy increased bandwidth applications, securely share cloud-based data, and automatically adapt to the evolving threat landscape - capabilities critical to successful digital transformation efforts.

Forescout strengthens investment in OT security
Forescout’s latest features will provide enterprises with improved productivity, lower risk profiles and faster mitigation of threats.
Hybrid cloud security big concern for business leaders
A new study highlights that IT and security professionals have significant concerns around security for hybrid cloud and multi-cloud environments.
GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.