Security Roundup: Secure SD-WAN, DDoS, Cybersecurity Games, F5-Equinix
SD-WAN has played a key role in many organizations’ digital transformations and demand has skyrocketed within the past few years.
However, this evolution brought with it the challenge of securing branch offices. This caught the attention of Check Point Software Technologies.
At Check Point’s CPX360 conference last week in Las Vegas, Aviv Abramovich, its head of security services product management, talked to us about how partnerships are key to Check Point bringing security to SD-WAN.
Check Point is working with SD-WAN vendors like Versa, VMware, Cisco, HPE, Citrix and others, and is cooperating with AT&T, Verizon and other carriers around the world to bring secure SD-WAN to their customers.
Check Point decided it wasn’t practical to develop its own secure SD-WAN, but to work with SD-WAN providers to add security, Abramovich said.
“There are companies out there that built intellectual property, invested a lot in developing really good products that I think would take several years for us to catch up to become a leader,” he said. “On the other hand, we are a leader in cybersecurity and I believe that any other SD-WAN company, if they want to provide service security, it would take them years as well to develop that expertise. So really the best, most practical thing for us to do with our customers is take the best of both worlds. The customers are expecting a solid, mature solution that is a leading solution in the industry, and from the customer [point of view], they don’t care that the security is coming from there and the networking is coming from there. As long as everything works together, as long as everything is solid and is a leading product, they’re happy.”
Demand for SD-WAN has mounted as organizations move to the cloud and “you need to think differently on how your IT or your networking is connected,” Abramovich said.
“It doesn’t make sense to … go through the data center out to the internet,” he said. “You say, ‘OK, the branch is here, Oracle is there, let’s connect them directly. It makes more sense. I can remove my MPLS maybe altogether and save myself a lot of money in the process. And it’s more efficient because I only consume what I really need out of those cloud services, and I actually keep better service to my customers.’ They use the latest software, always the latest software, it’s always available, it’s close by, and the functionality is much better than if you were to go through the data center.”
Check Point has rolled out a cloud-based SD-WAN network security as a service, and is integrating security as a virtual machine that runs inside the SD-WAN router.
“We have two different concepts, and even the same customer might use both of them in different locations,” Abramovich said. “One of them is to rely on cloud security so you don’t have to install a physical device; I can just get that little SD-WAN device to talk to my cloud service the same way it talks to Office 365. The other option is with a virtual instance. So sometimes cloud is not an option. You might have some regions where it’s really hard to service with a cloud service. It might be far away, some regions in South America and in Africa, some of the Far East countries also don’t have a good cloud infrastructure that you can build inside of them. So for them it makes sense to use a different type of solution or architecture.”
All of this spells …