“
FINAL WORD
THERE ARE RISKS
ASSOCIATED WITH SHIPPING FULLY
CONFIGURED DEVICES TO A REMOTE
BRANCH LOCATION.
Integrated security
SD-WAN solutions typically do not include
integrated security solutions, and for those
that do, the security solution provided is often
woefully inadequate. But at the same time,
relying on traditional network security solutions
to protect such an elastic and adaptive
network environment is also problematic.
What is needed is an SD-WAN solution that
includes complete threat protection toolsets,
such as industrial grade NGFW firewall,
anti-virus, intrusion prevention (IPS) and
application control solutions.
It also needs to include high-throughput
SSL inspection, web filtering and high-
performance on-demand VPN connections
to protect traffic and data confidentiality
and advanced threat protection (ATP) to
combat zero-day threats.
Finally, security effectiveness should be
confirmed and certified using third-party
validations to ensure you are getting the
level of security your network requires.
Centralised provisioning,
management and monitoring
One of the distinct advantages of an SD-WAN
solution is its ability to be deployed and
managed remotely. However, there are risks
associated with shipping fully configured
devices to a remote branch location.
And even once these edge devices are
deployed, IT staff are usually required
to manage both the WAN optimisation
functions and security functions using two
different interfaces. This separation of
network and security operations is not only
labour-intensive; it also makes it difficult to
tie things like traditionally network-centric
issues such as performance and functionality
to critical security and data inspection. But in
an SD-WAN environment, those traditionally
separate functions need to work hand in hand.
104
INTELLIGENTCIO
Since security and SD-WAN both monitor
broad and complex applications, it is critical
that they exist on the same pane of glass
management that provide a high-level
monitoring view combined with the ability
to drill down into specific details, allowing
teams to act on data rather than chasing
after data in order to correlate it.
When evaluating SD-WAN solutions, you
need to consider things like zero-touch
deployment that make it easy to set up
and monitor physical and logical network
topologies, link utilisation, and network
and application behaviour. You should also
be able to easily update and disseminate
corporate WAN and security policies to all
locations, as well as isolate and reconfigure
individual devices for either performance or
security issues.
Having centralised management,
configuration and monit oring tools for both
WAN and security solutions built directly
into your SD-WAN environment will increase
management efficiency and effectiveness
while significantly reducing the cost of
deploying and managing such a solution.
SD-WAN solutions are proven to improve
network performance and user experience
across a distributed network while keeping
Kalle Bjorn, Director, Systems
Engineering, Fortinet
costs in check. But failure to deploy
a solution that does not include fully
integrated security leaves your network
exposed to unnecessary risk. Fortinet’s
secure SD-WAN solution is the market’s first
offering to provide a complete and fully
integrated security and SD-WAN strategy.
Based on the industry-leading FortiGate
NGFW, and built around the new FortiOS
6.0 operating system, Fortinet’s secure
SD-WAN replaces separate WAN routers,
WAN optimisation, and security devices with
a single solution that is application-aware,
offers automatic multi-pathing and multi-
broadband support, and is easy to deploy
and monitor.
It also incorporates a growing application
control database with the signatures of more
than 3,000 applications, and that database
is constantly being updated through its live
link with FortiGuard Threat Intelligence.
Fortinet is also the only SD-WAN vendor
with an NSS Labs NGFW ‘Recommended’
designation. Our security-first SD-WAN
solution delivers the most robust threat
protection in the industry across layers three
through seven and delivers enhanced SD-WAN
performance by leveraging our proprietary
Security Processing Unit silicon to accelerate
security and networking-specific tasks.
This optimised architecture delivers deep
security analysis and inspection capabilities
provided by the general-purpose CPUs that
power competing products.
In conjunction with the FortiManager
management console and other Fortinet
Security Fabric components, the Fortinet
SD-WAN solution also enables real-time
threat tracking activity to facilitate risk
assessment, detect potential issues and
mitigate problems. Firewall rules and policies
are monitored automatically to facilitate
compliance audits.
Fortinet’s robust security-enabled SD-WAN
solution allows you to confidently support
more remote sites and users, deploy more
bandwidth-sensitive applications, securely
connect to and share data across new cloud
services, and automatically adapt your
security policies and protocols in order to
meet your evolving and expanding network
resource requirements. n
www.intelligentcio.com