Skip to Main Content

Privafy cited as “innovative network supplier” among industry giants. Read it in SearchNetworking.

Contact Sales Login
Guide
SD-WAN Makes Getting Too Close to the Edge Dangerous
Only deploying SD-WAN at the edge will not provide comprehensive security of your data-in-motion. The majority of SD-WAN products are often provided by legacy solution providers looking to replace or protect their Multi-Protocol Label Switching (MPLS) market by offering an affordable replacement for their customer. However, much of the very solution itself is unnecessary and redundant if the enterprise is truly migrating to a cloud and mobile first philosophy by substituting the richness and flexibility of the internet in place of costly private networks.

Buyer Beware

  • The legacy SD-WAN solution providers introduce the same inefficiencies of hub and spoke architecture.
  • SD-WAN vendors, who are not cloud-born, often provide rollovers from legacy WAN optimization solutions that fail to drive the security needed at the edge.
  • SD-WAN solutions will not provide any cost-savings for modern businesses migrating from MPLS networks. Instead, SD-WAN may actually add more operational costs, while adding substantial risk and performance loss, from an integration perspective with other elements of the edge network.
  • SD-WAN providers make you pay for features and capabilities like WAN optimization, Application caching, Online traffic engineering — completely unnecessary for the public internet and cloud services
  • Finally, SD-WAN solutions are ultimately nothing but WAN encryption solutions based on IKE-based IP-SEC protocol, which traditionally carries numerous known vulnerabilities.

In order to be secure, every SD-WAN deployment must integrate a firewall solution from a different vendor to protect the network, and integrating with other edge solutions like firewalls, routers, VPN solutions adds complexity and erodes ease of use. 

“SD-WAN does not secure your network. It’s merely a less secure replacement for MPLS. The manual and cumbersome deployment is error prone. A stitched solution has always been a nightmare to manage and more importantly troubleshoot. Properly securing SD-WAN with a traditional approach leads to the management of complexity that drains resources and adds cost, more personnel, and time to your IT department” – Kumar Vishwanathan, CTO, Privafy

Top Six SD-WAN Flaws IT Security Teams Need to Know

  1. In most cases firewalls are deployed on the LAN side of the SD-WAN, leaving the SD-WAN equipment vulnerable to attacks
  2. Keys are configured locally in devices, and are error prone, and easily compromised.
  3. Static tunnel keys lack the robust security of dynamic keys and are seldom rotated.
  4. A large amount of software makes up SD-WANs, which increases the surface area of possible attacks and opens networks to new vulnerabilities.
  5. Edge devices within existing SD-WAN solutions are neither tamper-resistant nor designed to prevent cloning. There is, therefore, no security for devices connecting from different locations.
  6. SD-WAN solutions are often over-engineered, adding complexities such as the need to replicate level 3 functionalities at level 2, and the need for WAN optimization efforts.

 

Advance Your Edge Security Beyond SD-WAN

Privafy provides comprehensive security for data-in-motion and endpoint integrity. For more information on the key features, read our Privafy Technology Overview.

Related Resources

The way your data travels is changing, why hasn't your security?

Contact Sales