Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Why You Need To Be Thinking About SD-WAN Security

If your organization hasn’t heard of a software-defined wide area network (SD-WAN) yet, it will soon. SD-WAN is an exciting, relatively new mainstream technology designed to help organizations manage WAN traffic to reduce costs, improve performance, and become more agile.

As with all new IT innovations, organizations will have to understand and mitigate the new risks and vulnerabilities the technology brings to their environments. Since security teams and IT decision-makers will need to understand SD-WAN and secure SD-WAN in the coming years, it’s an excellent time to begin examining some of the top questions they might have. To learn more about the topic, we interviewed Joe Hopp, Firewall & Technology Management Product Manager at Trustwave, whose areas of expertise include SD-WAN, next generation firewalls (NGFW), and identity-based security protocol (IDSP).

What is SD-WAN?

 As a general overview, SD-WAN is a technology that helps organizations reduce their utilization of expensive links like multiprotocol label switching (MPLS) in favor of lower-cost connections like broadband or cellular, and dramatically simplifies WAN management. SD-WAN potentially produces enormous cost-savings since it will enable the IT department to reduce its dependence on more-expensive routing technologies and reduce WAN management overhead. In addition, it can help dramatically decrease workloads through automation.

“SD-WAN is a great option for many organizations since it abstracts the hardware layer for network teams,” said Joe. “So, what you’re looking at is gaining control of your operational costs on the network side by reducing hardware dependencies and having to go to each device and make WAN changes via CLI or scripting.”

With SD-WAN, organizations can route non-sensitive traffic and Software as a Service (SaaS) over the local public internet connection, thereby eliminating or reducing their reliance on expenses like MPLS – an attractive benefit driving an increasing adaptation of this technology.

“SD-WAN is still in a planning phase for many organizations,” Joe added. “The conversations are starting now – and the industry will see a very high implementation rate in the coming years.  With our current situation, almost everyone is working from home, which has put enormous stress on VPN solutions. Many SD-WAN solutions can provide the same quality of service (QoS) to remote workers like those in your office locations while securing these communications.”

What type of organizations will benefit most from SD-WAN?

Will your organizations benefit from the cost-savings SD-WAN promises? According to Joe, that depends on the number of locations, the number of users and your network traffic.

“SD-WAN will be of most benefit to larger organizations – or those with a large number of locations,” Joe said. “If you look at the traditional setup, your network might have been sending all of its traffic through an MPLS connection to a central data center or headquarters so you could inspect the traffic and manage it.”

But with SD-WAN, you can route that traffic locally, removing the need to centralize all of it back to one location. Depending on your technology and implementation, you might even be able to distinguish traffic on a user by user basis. So, the benefits for larger organizations – or those with a large remote user base — can really add up.

Specifically, business verticals that will most likely begin adopting this technology first include banking and finance, technology companies, and those with many locations, like retail operations.

“Over the years, banks have been embracing Voice over Internet Protocol (VOIP), video conferencing, and cloud document management software,” Joe said. “Due to the sensitive data, bank security and networking teams have routed all traffic through an MPLS or private link. VOIP and video conferencing generate a lot of traffic while the Software as a Service (SaaS) more than likely is not inspected by an intrusion detection and prevention system (IDPS) that only increases the private link’s cost. Taking advantage of SD-WAN to route that traffic through the local broadband connection will reduce MPLS costs anywhere from 30% to 60%.”

The cost benefits for large organizations can be even more substantial, since some next-generation firewall technologies provide network teams and security teams a single device for security and networking. Organizations with sites into the hundreds or thousands will save on buying all of those devices, while their network teams will be able to greatly reduce time spent on network changes – along with a reduction in potential for errors or outages.

What are the security vulnerabilities?

Because organizations are now moving things through their local links, they will be sending traffic through uncontrolled channels and local interfaces that could be unmonitored. Essentially, they are expanding their network perimeter to the point where there really is no perimeter anymore – and attackers have a vastly expanded number of entry points. 

“With SD-WAN implementation, organizations really need to start looking at protecting their locations in a different way. The emphasis needs to be on smarter, more proactive security solutions that allow them to realize the cost-savings without creating a whole new vulnerability area. Secure SD-WAN – with the emphasis on secure – will be a top priority for organizations.”

With an SD-WAN rollout, the best posture for an organization to adopt is proactive threat hunting. Since NFGWs are including SD-WAN capabilities in their platforms, your network and security considerations should become almost as one. Consider bundling that with solutions like managed security services (MSS), managed detection and response services (MDR) – and if an organization just needs help getting started, consider a consulting session with Trustwave. 

Latest Trustwave Blogs

DOJ Disrupts Russian Botnet Created Using Unchanged Admin Credentials

The US Justice Department conducted a court-authorized operation in January that thwarted an on-going Russian GRU botnet campaign that used unchanged publicly known default administrator passwords to...

Read More

Lessons to be Learned: Attacks on Higher Education Proliferate

Trustwave SpiderLabs is wrapping up a multi-month investigation into the threats facing the education sector, across higher education, primary and secondary schools. Trustwave will post the 2024...

Read More

Understanding Why Supply Chain Security is Often Unheeded

Many organizations downplay the critical aspect of whether their cybersecurity provider has the ability to properly vet a third-party vendor's cybersecurity posture.

Read More