A good starting point in explaining why cloud-native SD-WAN is so compelling from a security perspective is the shortcomings of two older WAN solutions: MPLS and appliance-based SD-WAN.
August 2019 saw a significant increase in the discovery of new malware according to statistics from AV-TEST – The Independent IT-Security Institute. In August alone, 14.44 million new malicious programs were registered by the institute, raising the total number of registered malware programs above 938 million. The sheer magnitude of these numbers provides a sobering perspective and helps quantify the threats facing enterprise networks.
As the WAN is the ingress and egress point of corporate networks, securing it is vital to mitigating risk and improving security posture. However, cloud services and mobile users make networks much more dynamic and difficult to secure than they were just a decade ago.
These fundamental changes in how we do business demand a new approach to WAN security. Appliance-based SD-WAN and MPLS (Multiprotocol Label Switching) simply aren’t designed to address these use cases. Fortunately, cloud-based SD-WAN offers enterprises a holistic WAN solution capable of meeting modern security challenges at scale with cloud-native software and security as a service.
But what makes cloud-based SD-WAN security and the security as a service model different? Let’s find out.
A good starting point in explaining why cloud-native SD-WAN is so compelling from a security perspective is the shortcomings of two older WAN solutions: MPLS and appliance-based SD-WAN.
MPLS was designed to provide dedicated, reliable, and high-performance connections between two endpoints before cloud and mobile took over the world. However, there’s no encryption on MPLS circuits and any security features like traffic inspection, IPS (Intrusion Prevention System), and anti-malware have to be layered in separately. Appliance-based SD-WAN generally offers encryption, solving one of the problems associated with MPLS, but it’s effectively the same story after that. SD-WAN appliances are not security appliances. For example, to achieve the functionality of a Next-Generation Firewall (NGFW), you need to add a discrete appliance at the network edge.
For both MPLS and appliance-based SD-WAN, the “add appliances to add security” approach has a number of shortcomings including:
The cloud-native network infrastructure supporting the ICG's SD-WAN takes security to the next level by integrating security features to the underlying WAN fabric. Built from the ground up with modern enterprise networks in mind, ICG's cloud-native infrastructure eliminates the need for most proprietary hardware integrations by baking-in security features, reduces complexity by providing a single management interface, and reduces the technical expertise and time investment required for WAN management.
Additionally, inspections of TLS traffic occur at the PoPs (Points of Presence) on ICG's global private-backbone helping to secure traffic to and from the cloud efficiently. Further, with ICG Software Defined Perimeter, support for mobile users becomes simple and scalable.
In short, by shifting security functions to the cloud, ICG's delivers security as a service model that brings cloud scalability, economies of scale, and agility to SD-WAN security.
Now that we understand the architectural advantages of cloud-based SD-WAN security, let’s explore some of the specific features that set ICG SD-WAN apart.
As we’ve seen, the complexities and cost of sourcing, provisioning, patching, and maintaining a fleet of appliances are abstracted away with security as a service. Cloud-based SD-WAN offers a number of inherent advantages appliance-based SD-WAN and MPLS simply can’t deliver. This is because cloud-native software and the security as a service model enable ICG to take a converged approach to networking and security. As a result, users benefit from an information security, operations, and business perspective.
This point is driven home by Jeroen Keet, Senior Network and System Architect at Kyocera Senco: “Companies moving to the cloud should have a closer look. The integrated connectivity, security, and intelligence make it an evolutionary step forward for all businesses. If you are willing to use all of the functionality [SD-WAN] has to offer, it will bring significant financial, functional and IT management benefits.”
If you’d like to learn more about how ICG is revolutionizing SD-WAN security or need help choosing a WAN connectivity solution that meets your needs, book a Discovery Session today.
Face to face or over Zoom, we are here to help you.