Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

SD-WAN: Don’t Build a Dead End, Prepare for Future-Proof Secure Networking

SD-WAN must be scalable, stable, secure, and fully operational to serve as a strong base for seamless modernization and progression to SASE. 

Okta Warns of Credential Stuffing Attacks U

A decade ago, SD-WAN emerged as a revolutionary technology. It abstracted away network hardware from its control mechanism, enabling centralized, dynamic management and network automation for greater operational efficiency and cost optimization. Being transport agnostic, SD-WAN utilized multiple network paths — private, managed, and public internet connections — promising greater agility and cost benefits. Networking giants readily capitalized on the opportunity to secure their competitive advantage in the emerging market. 

The journey is still ongoing — the SD-WAN market is expected to grow at a CAGR of 28.31% until 2028. While SD-WAN has established itself as a staple in contemporary networking, the methods of delivery and utilization keep evolving. From in-house deployments to managed SD-WAN to AI-powered SD-WAN optimizations, each new wave addresses the latest technological and cultural shifts.

For instance, when traditional SD-WAN grounded cloud and work-from-anywhere initiatives, cloud-delivered SD-WAN gained traction, enabling global network coverage with Points of Presence (PoPs). As network security took center stage, traditional SD-WAN deployments with perimeter-focused security got replaced by secure SD-WAN, which integrates different security functionalities. 

SD-WAN’s Natural Progression to SASE

The latest wave of SD-WAN transformation involves integrating SD-WAN with a converged security stack via SSE or SASE architectures. Both promise to further simplify and secure distributed networks. In particular, SASE converges SD-WAN with cloud-based security, offering unified connectivity and protection for multi-cloud, geographically dispersed organizations.

However, keeping pace with emerging SD-WAN trends demands a solid foundation for existing SD-WAN deployments. Today, over 30% of IT professionals believe that it is difficult to progress from SD-WAN to a SASE solution. But what prevents organizations from staying ahead of the curve with their SD-WAN? 

Many organizations are oblivious to the future and lack careful planning and execution. As such, SD-WAN must be scalable, stable, secure, and fully operational to serve as a strong base for seamless modernization and progression to SASE. 

Here’s how a mature SD-WAN foundation can pave the way for SASE:

Advertisement. Scroll to continue reading.

1. Robust and Reliable SD-WAN Infrastructure

Some organizations simply deploy an SD-WAN overlay on top of their existing WAN circuits. The truth is, SD-WAN can only be as efficient as the underlying network infrastructure. Deploying an SD-WAN appliance on top of an outdated infrastructure will result in latency, bottlenecks, limited visibility, and integration issues down the line. Deploying SASE on top of such a foundation can never unlock its full potential. 

A strategic approach should involve evaluating the current network, identifying weaknesses, and planning a comprehensive upgrade for improved performance, security, and efficiency. An updated, robust network underlay will ensure smooth integration with SASE’s security components, like CASB (Cloud Access Security Broker) and ZTNA (Zero Trust Network Architecture), which require high scalability and performance as well as end-to-end visibility and complete control for accommodating a growing number of users, devices, and resources.

2. Single-vendor, Managed SD-WAN

Unfortunately, most organizations lack the internal expertise and budget needed to build a robust and reliable infrastructure for SD-WAN. In addition, ISPs typically don’t offer any SLAs. And since the internet plays a crucial role in SD-WAN underlay, network assurance becomes another critical challenge for in-house SD-WAN. A managed SD-WAN, on the other hand, can provide stringent SLAs, even on top of internet-based underlay. Today, 66% of IT organizations prefer managed SD-WAN, but 43% have multiple SD-WAN vendors now, which still makes SASE transition complex.

Integrating different SD-WAN solutions with SASE components requires extensive configuration and testing to ensure smooth operation. Despite due diligence, organizations can still run into compatibility issues. Managing multiple vendors can also lead to increased complexity and requires different interfaces and support channels. This defeats SASE’s biggest value proposition — convergence. It can also lead to visibility gaps and security vulnerabilities. In contrast, single-vendor managed SD-WAN transition to SASE is quite straightforward. It can be as simple as flipping a switch if the SASE features are also a part of the SD-WAN portfolio. 

3. End-to-End WAN Underlay Visibility

When a network spans multiple sites, each connected with a web of links from diverse providers, achieving a smooth SASE transition demands end-to-end WAN underlay visibility. This visibility is critical for correlating insights from the underlying network with the behavior of the overlying SD-WAN tunnels. Without underlay visibility, mapping SD-WAN issues to their root cause is near impossible. Visibility gaps can lead to delays in troubleshooting, compromised performance, and even security vulnerabilities. With end-to-end visibility, organizations can identify bottlenecks and risks and understand their traffic flows, which allows them to make informed decisions about their SASE adoption strategy. It also helps ensure all SASE functions work seamlessly across the entire network infrastructure. 

Setting the Stage for SASE Success with a Solid SD-WAN

While SD-WAN seems to be a natural predecessor to SASE, many current implementations lack the agility, scalability, and robustness needed to ensure a smooth transition. Organizations need a well-managed SD-WAN deployment with deep integration potential with network and security tools and end-to-end WAN underlay visibility to maintain the flexibility required to morph into a holistic SASE architecture in the future. 

Setting a strong foundation for SD-WAN today can help organizations be more responsive and adaptive to future trends like wireless WAN and secure remote access, which are also a part of SASE offerings. Regardless of the chosen delivery model — single-vendor, multi-vendor, in-house, or managed —  a robust foundation with a future-proof vision is crucial. This allows organizations to stay prepared for the ever-evolving network landscape, embracing both the transformations of today and tomorrow.

Written By

Etay Maor is Senior Director of Security Strategy for Cato Networks. Previously, he was Chief Security Officer for IntSights and held senior security positions at IBM and RSA Security's Cyber Threats Research Labs. An adjunct professor at Boston College, he holds a BA in computer science and a MA in counter-terrorism and cyber terrorism from Reichman University (IDC Herzliya), Tel Aviv.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights