Cloud connectivity, mobility, unified communications, and the perimeter-less nature of distributed customers, workers and partners, has unleashed a Pandora's box of new and widening attack vectors.
The methods used by a malicious actor, range from malware, viruses, and email attachments, to web pages, text messages and social engineering, just to name a few.
IT and security professionals struggle with fragmented security infrastructure, comprised of identity and access management, intrusion prevention, antivirus, content filtering, and other security functions.
It’s no surprise that within this jumble, security vulnerabilities from users clicking on a malicious link, to device mis-configurations, can go unnoticed until a hacker finds and exploits them.
Security at the Edge
Core SD-WAN Security Capabilities
Security is fundamental to VMware SD-WAN by VeloCloud, which is built on an architecture that ensures secure communication between the management, control, and data planes:
- Between management and data planes
- Between data plane and control plane components
- Within public key infrastructure-based authentication
- Key generation/exchange options
Stateful firewall included in the SD-WAN Edge, provides secure connectivity between locations.
PCI compliance can be enforced on a per segment basis to maintain regulatory compliance.
Segmentation supports VLAN functionality across the enterprise, ensuring discrete connectivity between employees and business applications.
Next Generation Firewall (NGFW) – virtual network functions (VNF) on Edge software and devices enable the insertion of NGFW functionality.
User traffic inspection – Inspection for threat detection and prevention (e.g. IDS/IPS, anti-malware, URL filtering) is available locally within the VMware SD-WAN Edge via service chaining through a firewall VNF, or remotely, by steering traffic to cloud-hosted security services through policy.
Network segmentation – Network segmentation logically divides the network into multiple, discrete subnets. A segmented network can be isolated and controlled, by allowing and disallowing traffic, based upon a variety of management and security factors.
Network segmentation use cases can include:
- Line-of-business segmentation, such as engineering, sales, and support, etc.
- Separating user data, for guest WiFi, ATM, PCI, etc.
- Overlap IP addresses in different virtual routing and forwarding (VRF) scenarios
- Secure firewall service can segregate voice, video and compliance traffic
- Group prefixes can be inserted within a unique routing table, to make a business policy and segment-aware
WAN architectures are as varied as the customers who deploy them. Manufacturing, Retail, Healthcare, Financial, and Construction are examples of industries with varied requirements. The AireSpring Global SD-WAN solution offers a flexible set of components to address the needs of every enterprise. While traditional approaches encompass management of numerous VPN tunnels and PKI infrastructure, this is drastically reduced with AireSpring’s Managed Security solution. A centralized Orchestrator with the ability to distribute settings from a “single pane of glass” takes a legacy process and streamlines connectivity when and where it is needed.
Affords the organization the ability to reduce the burden of maintaining the security infrastructure.
Provides for the secure breakout of communications between SD-WAN locations.
A stateful Firewall offers branch office security along with network segmentation and layered NextGen Firewall features in NFV form, providing comprehensive end-to-end security.