What is Secure SD-WAN?
Secure SD-WAN combines advanced SD-WAN features such as tunnel bonding, dynamic path selection, and zero-touch provisioning with best-in-class security features. This allows organizations to replace existing legacy routers and branch firewalls, providing the right level of security for each branch while also protecting the organization's planned deployments. SSE(Security Service Edge) We can complement your solution.
Secure SD-WAN includes next-generation firewall capabilities, such as IDS/IPS and DDoS protection. It also encrypts data in transit and logs security events for incident analysis.
And centralized orchestration significantly improves networking and security operations by applying consistent end-to-end network and security policies across LAN and WAN segments.
What is Secure SD-WAN certified by ICSA Labs?
ICSA Labsis a global organization that provides testing and certification for third-party security and health IT products, as well as network-connected devices, to measure product compliance, reliability, and performance. The organization is well-known for testing firewalls, anti-malware, and other security solutions.
Recently, regarding SD-WAN “Secure SD-WAN” Added a new authentication called .
According to ICSA Labs Secure SD-WAN certification test criteria, SD-WAN is secure when:.
- If the SD-WAN product itself is secure
- When SD-WAN communication is secure
- If the SD-WAN product properly applies the policy
This includes policy enforcement for both WAN-specific features and security policies (e.g., equivalent to an ICSA Labs Certified Firewall). - If the SD-WAN product provides additional security features either inherently or through an external environment.
ICSA Labs says:.
“The policy configuration requirements for setting security policies for network traffic in the ICSA Labs Secure SD-WAN test are identical to those for ICSA Labs Corporate Firewall Certification.”
ICSA Labs
Similar to firewall testing, ICSA Labs tests Secure SD-WAN components to ensure they are stateful, not vulnerable to minor denial-of-service attacks or known threats, and properly enforce configured security policies.
Description of Secure SD-WAN
For years, network and security equipment has accumulated in disarray in branches and remote locations.
Not only are these devices difficult to maintain, they're not designed for the cloud.
Traditional router-centric WAN architectures require traffic to be routed to corporate data centers for additional security screening, significantly impacting application performance. Furthermore, inconsistent security policies across branches expose the entire organization to potential security breaches.
Secure SD-WAN includes advanced SD-WAN and security features, reducing device footprint and enabling consistent policy enforcement across branches. It also improves application performance by selecting optimal paths and automatically moving traffic to the cloud.
It provides the security features required for branches and complements SSE, which supports other security features such as ZTNA, DLP, and sandbox.
How does Secure SD-WAN work?
Secure SD-WAN virtualizes the network, enabling seamless combinations of heterogeneous links like MPLS, the Internet, and 5G through tunnel bonding, increasing network bandwidth and providing redundancy. This solution also provides technologies to optimize traffic and reduce jitter and packet loss, common in Internet links, allowing you to replace expensive MPLS connections with Internet broadband.
Additionally, in environments where workloads are moving to the cloud, Secure SD-WAN can intelligently steer traffic to the cloud based on application type, without backhauling traffic to the data center.
For example, trusted cloud applications like Microsoft 365 or Workday can be sent directly to the cloud, while on-premises legacy application traffic is sent to your data center.
Advanced SD-WAN uses zero-touch provisioning to automatically deploy configuration updates to hundreds or thousands of branches while minimizing errors.
In addition to SD-WAN capabilities, Secure SD-WAN provides advanced security features to protect each branch.
- Secures communication across the entire SD-WAN fabric by establishing IPsec tunnels using AES 256-bit encryption.
- Supports advanced security features such as Anti-Malware, IDS, and DoS protection through basic next-generation firewall functionality or service chaining.
- Apply policies to both WAN-specific features and security policies.
- Log security events to quickly identify and respond to incidents.
How Secure SD-WAN Enforces End-to-End Security Policies Across the Entire Fabric
In traditional environments, branch firewalls must be manually configured, resulting in inconsistent security policies across the WAN.
These tasks are time-consuming and occur every time a policy is changed. However, with Secure SD-WAN, you can centrally configure security policies and deploy them across thousands of locations in minutes, minimizing errors and ensuring consistent policy enforcement.
Secure SD-WAN provides end-to-end network segmentation across LAN and WAN, with security policies defined per zone to restrict connectivity to other zones based on predefined security policies, regulations, and business intent.
For example, a policy might allow only outgoing traffic, only incoming traffic from approved applications and services, or block all traffic from less secure areas.
Why should you consider secure SD-WAN?
- Discontinue the existing branch firewall – A next-generation secure SD-WAN solution with role-based access control, granular segmentation, IDS/IPS, and DDoS protection capabilities that enables organizations to seamlessly replace legacy branch firewalls.
You can also secure untrusted links with IPsec tunnels and seamlessly enforce security policies across branches and the WAN through centralized orchestration. - Simplifying Branch Architecture – By integrating multiple functions including SD-WAN, routers, WAN accelerators, and firewalls, you can save hardware footprint and power consumption by consolidating each branch network and security function into a single solution while using secure SD-WAN.
It can also be easily implemented across thousands of sites through zero-touch provisioning from a single console, increasing IT efficiency and simplifying management. - Cloud-First architecture support – Secure SD-WAN intelligently steers traffic to the cloud, eliminating the need to backhaul traffic, improving application performance.
Based on initial packet identification, trusted SaaS and web traffic can be sent directly to the Internet, while unknown or untrusted web traffic can be service-chained to SSE cloud services. - Secure IoT devices – Secure SD-WAN implements zero-trust network segmentation to provide security for IoT devices that cannot install security agents and thus traverse the SASE environment.
And, using an identity-based access control security framework, we segment traffic to ensure that users and IoT devices only reach network destinations that align with their roles in the business.
Benefits of Secure SD-WAN
- Reduce business risk Secure SD-WAN provides security across the SD-WAN fabric, spanning the WAN and LAN, through end-to-end microsegmentation capabilities. It helps organizations comply with regulatory frameworks such as HIPAA, PCI DSS, SOX, or NIST CSF.
- Increased flexibility – Secure SD-WAN provides flexibility when implementing security controls across branches and the WAN, while enabling easy and fast deployment.
- Improving IT efficiency – Secure SD-WAN supports all necessary security features and prevents indiscriminate equipment proliferation at branch offices.
This solution enables organizations to transition to a thin-branch model to streamline network and security management.
Aruba EdgeConnect Enterprise SD-WAN First to achieve ICSA Labs Secure SD-WAN certificationI did.
Aruba is the first SD-WAN vendor to attain ICSA Labs Secure SD-WAN Certification
Aruba Blog (https://blogs.arubanetworks.com)
In addition to advanced SD-WAN capabilities that enable organizations to replace legacy branch routers, Aruba EdgeConnect Enterprise offers comprehensive security services including next-generation firewall, IDS/IPS, and DDoS detection and remediation.
These capabilities enable EdgeConnect to completely replace legacy, difficult-to-manage physical firewalls in branch offices, providing consistent security across all network locations, devices, and applications hosted by users.
To learn more, download our white paper on building a secure, business-ready SD-WAN.
https://www.arubanetworks.com/resource/architecting-a-secure-business-driven-sd-wan/
