5 must-know SD-WAN security myths

It is undeniable that SD-WAN security is crucial, but the problem is that many enterprises do not understand SD-WAN and are misled by solution vendors, which often makes SD-WAN vulnerable to abuse and attacks. The following five misunderstandings need to be understood.

[[256931]]

Misunderstanding 1: Using without understanding the solution architecture

SD-WAN solutions are still relatively new to the enterprise market, so many enterprises may not fully understand the SD-WAN solution architecture and rush to launch projects, which lays the groundwork for security threats. Therefore, it is critical to choose a security solution that meets the specific needs of the enterprise.

For enterprises that want to adopt SD-WAN technology, they also need threat management strategies and network security devices, such as security gateway services or next-generation firewalls (NGFW), including intrusion prevention, SSL inspection, web filtering and anti-malware protection, etc. Otherwise, they will fall into the trap in minutes.

Myth 2: Save as much as possible on safety investment

For enterprises that hold this concept, when faced with SD-WAN solutions, they often spend money in any way they can to save money. However, the side effect of cutting investment is that the security policy effect that SD-WAN should have on the website cannot be achieved.

For example, SSL encrypted traffic has become a major part of all Internet traffic, but failure to adequately proxy, decrypt or enforce security policies on such traffic in branch offices will increase the security risk of the entire enterprise network.

Once a malicious user has unauthorized access to a branch office, they will use it as a springboard to launch a lateral movement attack and secretly sneak into key locations of the enterprise network. This will then be exposed to attackers, laying the groundwork for data leakage. In addition, inconsistent security policy enforcement will also weaken the overall effectiveness of enterprise protection.

Myth 3: SD-WAN should not be viewed as a standalone solution

SD-WAN technology is subject to the same stringent security standards as other IT infrastructure elements. In particular, special attention should be paid to the use of branch routers in the SD-WAN process. While for traditional branch router deployments, once installed, the hardware device may not need to be checked for several months, this situation does not apply to SD-WAN routers.

Because for SD-WAN routers, it is very important to ensure that the device firmware is updated with the latest security patches. Even if some SD-WAN routers have intelligent automatic repair functions, it cannot change the fact that security configurations need to be changed at any time according to the application environment.

Myth 4: Not fully understanding the security features built into SD-WAN and what’s missing

It’s easy for an enterprise to not fully understand the specific security capabilities offered by a particular SD-WAN solution, especially when evaluating multiple solutions.

"As with most things in technology, if you don't fully understand the solution, it can cause more problems than it solves," said Tom Conti, field solutions engineer at IT services company SHI International. "Not understanding which security features are part of the solution often puts the business at risk."

Myth 5: Trusting Simple Marketing

The SD-WAN that claims to be able to freely configure routing or network paths often has security vulnerabilities that are covered up by marketing buzzwords.

“Without a predetermined path, companies are unable to answer several critical questions, such as how the data got from point A to point B, who owns the networks it traverses, and more importantly, what happens to the data along the way,” said Bogdan Botezatu, senior e-threat analyst at cybersecurity technology provider Bitdefender.