SD-WAN has been one of the most widespread software-defined technologies in the network segment, particularly due to its cost advantages, simple deployments and shortened time-to-market. Thus, it’s expected that SD-WAN will become available in most of the office settings in the next couple years. Like most of the technologies, once it is widespread, the future will be around the security issue, and SD-WAN is no exception.

In this article, there will be 4 stages of SD-WAN security capabilities to be discussed.

Built-in with Basic Firewall Capability

This is nothing new. In fact, mainstream SD-WAN vendors today provide their hardware devices pre-programmed with basic firewall policies, such as filtering and blocking, practically as the ones seen in routers. However, due to the inexistence of IPS (Intrusion Prevention System) on transport and application layers in the overall network infrastructure, there is still security concern for broader networking applications.

Firewall Getting Advanced

As security concern grows, some SD-WAN appliances are packed with advanced firewall functions. These security measures include VPN, SSL and IPS becomes available, as the volume of data through the traffic has grown in multiples, and enterprises have to ensure that their SD-WAN architectures are secured, though not totally, because connection of mobile devices is not protected unless VPN is established.

NGFW Phase

Some top-tier SD-WAN vendors even offer NGFW (next-generation firewall) functionality in their vCPE/uCPE devices, and thus the security level is further enhanced for enterprise network infrastructures. At this stage, performance is the key factor for user experience, as it takes compute resources to execute multiple security instructions and policies, particularly at the edge.

Moving to “Secure SD-WAN as a Service”

The increasing cyber threats have driven the phenomenon of “Zero-Trust” networking movements, and such trends have contributed to the idea of “Secure SD-WAN as a Service”. SD-WAN is offered in a cloud-based approach to enterprise networks with whole-packaged security capabilities. Thus, SD-WAN and its required security are converged in a cloud orchestration. The vCPE/uCPE devices are deployed at the edge, while the core security functions, such as secured routing, filtering and firewall, lie in the cloud.

Recommended Hardware

The success of SD-WAN is largely based on the concept of “zero-touch provisioning”, basically, ease of deployments. Therefore, it is necessary to choose the vCPE/uCPE devices pre-validated by major SD-WAN vendors to form the foundation of SD-WAN infrastructures. For example, 66% of the top 15 SD-WAN vendors have validated Lanners’ white-box vCPE/uCPE devices to establish end-to-end architectures due to cost effectiveness and acknowledged performance. Lanner’s vCPE/uCPE white-box hardware has been deployed in multiple SD-WAN landscapes, such as WAN-optimization, Managed SD-WAN services, SD-WAN startups, and cloud-based SD-WAN service providers. Lanner also offers customization services to meet varied landscape requirements. To learn more please visit Lanner SD-WAN page: