Using MSSPs to Secure SD-WAN

It’s been said that a rising tide lifts all boats. It turns out, however, that it doesn’t lift them all at the same time. Boats way in the back of the harbor, a little higher up on the shore, tend to have to wait a bit longer for the tide to reach them. In networking terms, those boats are just a bit beyond the reach of the first waves of the incoming tide of digital transformation.

While networks have been in transition for the past few years, traditional connectivity comes with its own set of obstacles. Mainly because it has historically relied on a static infrastructure of connectivity, devices, and strategies that struggle to accommodate or adapt to the sort of elasticity that temporary resource allocation and dynamic workloads require.

That is, until software-defined wide-area networking (SD-WAN) came along.

One of the core market disrupters of SD-WAN is its inherent network-agnostic trait. Say you have a 4G boat, a broadband boat, and a MPLS boat — all in different bodies of water and tributaries. SD-WAN is a tide that will lift them all. SD-WANs are an essential building block in the digital transformation of today’s organizations. It is not only able to dynamically distribute traffic across multiple locations while automatically responding to changing application policies, it is also transport and carrier-agnostic. Which means that there are alternatives to MPLS with more options for connectivity, allowing time and cost-saving functions such as intelligent path selection to be enabled.

While SD-WAN solves agnostic connectivity and efficiency issues, security still needs to be addressed. A change to any network architecture also tends to change the nature of the attack surface. While SD-WAN has some basic security functions built in — and advanced security such as a next generation firewall (NGFW), which typically run in parallel to SD-WAN — combining security and SD-WAN can provide a powerful advantage. According to Gartner, by 2020, 60 percent of digital businesses will suffer major service failures due to the inability of IT security teams to manage digital risk.

The challenge is that many traditional security solutions will struggle to adapt to today’s dynamic, virtualized, and highly elastic environments, including SD-WAN. As a result, SD-WAN security solutions need to be:
Seamlessly integrated into the SD-WAN infrastructure.

  • Simple to deploy, manage, and maintain. There are often few technical resources available out at the edges where SD-WAN connects them to the rest of the network.
  • Tied back into the rest of the security framework to holistically protect the entire distributed network. Fabric-based architectures, for example, enable consistent enforcement, centralized intelligence sharing, single-pane-of-glass management, and comprehensive response coordination.
  • Cost-effective, so organizations can afford to deploy security everywhere to close any gaps in protection.
  • Powerful enough to meet the performance demands of today’s connectivity standards for applications and users, including such things as encryption and exponentially growing data volumes.
  • Intelligent enough to protect against the latest advanced, targeted threats.

For many organizations, making this transition will be time-consuming and require extensive testing and validation. Many IT teams are already overextended in managing new paradigms such as SDN, mobility, and cloud-based infrastructures and services, making the transition to secure SD-WAN daunting.

Which is why managed security service providers (MSSP) play a critical role in making the potential of SD-WAN a reality.

MSSPs are ideally positioned to provide solutions that address the inherent volatility of digitally transforming the remote edges of the network. Comprehensive SD-WAN solutions need to not only simplify connectivity but also protect the expanding attack surface, deal with emerging threats and detect and mitigate breaches, all while also enabling agility and transformation.

Because of growing security challenges and related skills shortages being experienced by organizations implementing SD-WAN, they should look to MSSPs to help with their transition. Many MSSPs are already building a security practice around SD-WAN, making them uniquely positioned to help.

Networks today require a fully integrated security strategy that extends transparent visibility across the entire attack surface, including out to their remote devices, users, and offices — regardless of the communications and connectivity protocols they use — and then ties them back into an integrated security system that provides advanced prevention, detection, and remediation.

MSSPs are positioned to provide and manage such a holistic solution. New approaches and technologies, such as the integrated security fabric, can be deployed cost-effectively, be self-provisioned, can use automation to see and respond to threats anywhere at digital speeds and adapt to dynamic network and workflow changes.

Industry analysts and competitive realities are driving companies toward digital transformation at a rapid pace, enabling them to convert their distributed resources into a cost-effective, integrated network. MSSPs are in the enviable position of being able to provide innovative solutions through a comprehensive set of managed cybersecurity services. It’s imperative to support and protect essential new technologies like SD-WAN that are being adopted as part of today’s complex, elastic and highly distributed network environments.

Those MSSPs that can offer a flexible and comprehensive suite of foundational and advanced network security and security-as-a-service options — that not only protect what exists but that can also adapt to emerging, yet to be seen concerns — will have a bright future in the new digital marketplace.


This byline originally appeared in SDxCentral.