How SD-WANs Can Help Secure Endpoints

Written by Derek Handova
April 22, 2019

MSSPs must understand SD-WAN in order to be successful at securing endpoints.

With Silicon Valley constantly in search of the new, new thing, everyone from vendor bloggers to conference organizers to research firm analysts have touted the next big thing as SD-WAN (software-defined wide area networking). For example, researchers at IDC project that the market for SD-WAN will grow by a compounded average of 40 percent between 2018 and 2021, reaching $4.5 billion in 2022. One of the drivers for SD-WAN is the proliferation of endpoints, according to IBM, which can only be supported if MSSPs know how SD-WANs can help secure endpoints.

Teneo’s Marc Sollars

“Where SD-WAN helps is with encryption authentication at the WAN edge,” said Marc Sollars, CTO, Teneo, a specialist integrator of next-generation technology. “It can make sure that traffic sourced at the endpoint is encrypted and that you can employ policy to ensure that only traffic originating from authenticated endpoints is allowed to traverse the WAN.”

Most SD-WAN solutions encrypt on-premises endpoint traffic, but as for how SD-WANs can help secure endpoints, encryption by itself does not suffice in the current threat era that requires deep packet inspection for malware, according to telecom security experts.

“Next-generation firewall, intrusion prevention system, and secure web gateway services embedded in the same envelope as app reliability and network performance services go way beyond encryption,” said Robert McBride, director of enterprise and telco solutions, Versa Networks, a software-defined networking vendor. “In fact, the entire stack of security services and associated policies should be distributed across the on-premises, colocation and cloud locations, including inspection for ransomware.

Security, Priority and QoS for SD-WAN Endpoint Traffic

In accordance with business needs, SD-WAN traffic to the endpoint has to meet the requirements set by the enterprise for security, priority and quality of service. And it’s important for MSSPs to understand these three requirements for how SD-WANs can secure endpoints when working with customers and how different customers might have different priorities. For example, certain SD-WAN technologies provide for enhanced security by restricting traffic flow between segments.

Windstream’s Mike Frane

“SD-WAN technologies handle prioritization differently but they all allow a prioritization of application traffic and segmentation,” said Mike Frane, vice president of product management for SD-WAN, Windstream Enterprise, the business communications giant. “Policies governing the business needs of various traffic types are set in the SD-WAN controller/orchestrator. Policies are then distributed to applicable network endpoints for a consistent application experience.”

Standards-Based Security in SD-WAN-Endpoint Traffic

By providing a secure network overlay, SD-WAN can connect branches, data centers and cloud computing instances, according to experts, so that’s how SD-WAN can help secure endpoints at those locations.

“Strong encryption standards such as AES-128 and AES-256 provide the best protection of data in transit against eavesdropping and unauthorized access,” said Chalan Aras, VP, SD-WAN and intelligent traffic management, Citrix. “They enable traffic to and from different types of endpoints to be safely tunneled across the WAN.”

But digital authentication and encryption aren’t enough, according to other SD-WAN insiders.

“Modern SD-WAN should reduce the attack surface and avoid a …