- The legacy SD-WAN solution providers introduce the same inefficiencies of hub and spoke architecture.
- SD-WAN vendors, who are not cloud-born, often provide rollovers from legacy WAN optimization solutions that fail to drive the security needed at the edge.
- SD-WAN solutions will not provide any cost-savings for modern businesses migrating from MPLS networks. Instead, SD-WAN may actually add more operational costs, while adding substantial risk and performance loss, from an integration perspective with other elements of the edge network.
- SD-WAN providers make you pay for features and capabilities like WAN optimization, Application caching, Online traffic engineering — completely unnecessary for the public internet and cloud services
- Finally, SD-WAN solutions are ultimately nothing but WAN encryption solutions based on IKE-based IP-SEC protocol, which traditionally carries numerous known vulnerabilities.
In order to be secure, every SD-WAN deployment must integrate a firewall solution from a different vendor to protect the network, and integrating with other edge solutions like firewalls, routers, VPN solutions adds complexity and erodes ease of use.
“SD-WAN does not secure your network. It’s merely a less secure replacement for MPLS. The manual and cumbersome deployment is error prone. A stitched solution has always been a nightmare to manage and more importantly troubleshoot. Properly securing SD-WAN with a traditional approach leads to the management of complexity that drains resources and adds cost, more personnel, and time to your IT department” – Kumar Vishwanathan, CTO, Privafy
Top Six SD-WAN Flaws IT Security Teams Need to Know
- In most cases firewalls are deployed on the LAN side of the SD-WAN, leaving the SD-WAN equipment vulnerable to attacks
- Keys are configured locally in devices, and are error prone, and easily compromised.
- Static tunnel keys lack the robust security of dynamic keys and are seldom rotated.
- A large amount of software makes up SD-WANs, which increases the surface area of possible attacks and opens networks to new vulnerabilities.
- Edge devices within existing SD-WAN solutions are neither tamper-resistant nor designed to prevent cloning. There is, therefore, no security for devices connecting from different locations.
- SD-WAN solutions are often over-engineered, adding complexities such as the need to replicate level 3 functionalities at level 2, and the need for WAN optimization efforts.
Advance Your Edge Security Beyond SD-WAN
Privafy provides comprehensive security for data-in-motion and endpoint integrity. For more information on the key features, read our Privafy Technology Overview.