In a recent NetworkComputing.com article, Avoid These Five Common SD-WAN Deployment Mistakes, Matt Kimpel, Magna5’s director of IT engineering and SD-WAN expert, noted a critical pitfall common in SD-WAN deployments is overlooking security.

“There are many SD-WAN technologies that lack strong security capabilities natively, but boast they can replace existing security functionality,” said Matt. ” Organizations are opening the door to threats if the SD-WAN solution lacks security capabilities, such as next-generation firewall functions.”

Matt noted security lapses can be largely eliminated by careful planning. We asked Matt to elaborate on what security options to consider and why it’s important.

Why are companies overlooking the security factor when implementing SD-WAN?

“SD-WAN technology was born to improve WAN and inter-site connectivity. The primary objective of an SD-WAN device was not to provide next-gen firewall (NGFW) features. What we are seeing in the market are firewall companies adding SD-WAN features to their devices, and SD-WAN players trying to integrate and add security features to theirs.

“Take, for example, a business with two locations that previously had a next-gen firewall at both sites, and it replaced them with SD-WAN appliances. The locations are potentially decreasing their security without the proper design and consideration. If the previous device had unified threat management features such as IPS, malware and content filtering, their new device might not natively support that. It’s important to choose a qualified managed SD-WAN provider who can offer several options to address the right security solution that fits the specific business need.”

There are lots of SD-WAN solutions out there. What should you look for in an SD-WAN solution when it comes to security? What should it be protecting?

“Companies should look to see how their SD-WAN solution will either integrate to the existing security they already have or determine what security options the SD-WAN solution can replace. The goal with network security should never be to take a step backwards.

“SD-WAN should continue to protect both traffic traversing between locations and to the internet. With many businesses shifting from MPLS to less-expensive broadband services for direct-to-cloud and branch-to-branch connectivity, the traffic now passes through the Internet over an SD-WAN overlay and not over a private MPLS network. Careful planning in looking at what existing security to keep and what needs to be added or replaced will go a long way in reducing security risks.”

What are different ways to incorporate security in an SD-WAN solution? (built-in, integrated with existing security, add new security – next-gen).

“There are several ways to maintain or even improve security when designing an SD-WAN solution.

“One of the more popular routes for companies who are already invested in a NGFW solution is to integrate SD-WAN without removing the firewall. SD-WAN replaces some of the functions the firewall is currently providing, allowing it to continue its focus on providing security.

“For customers who are looking to consolidate to a single device or have an aging firewall, this can be an opportunity to improve security at the same time as implementing SD-WAN. Many SD-WAN solutions have security integrations that can be added on. For example, some solutions have a virtual firewall option for SD-WAN appliances that have a built-in hypervisor. This allows a virtual firewall to easily be set up on the SD-WAN device, which provides security without a separate physical device.

“Another option takes the NGFW features to the cloud. Many SD-WAN solutions have cloud integrations giving you the ability to maintain and even add more security features to your network without having a firewall onsite.

“Depending on the SD-WAN features a company may require, selecting a next-gen firewall with SD-WAN capabilities may even be enough. Understanding what SD-WAN features you need is the first step.”

Need help in evaluating your security options with an SD-WAN launch? Schedule a consultation with our security experts.