SD-WAN in optimizing the performance of the branch site has done very well, but how to adjust the entire technology stack in the branch office, while achieving strong security? The answer is a combination of SD-WAN and cloud-based security services.
Protection of tens to hundreds of branch sites may result in capital expenditure and operating costs for major expenses, the cost of business, there are ways to return by all traffic to integrate security spending to corporate offices or data centers, but such a solution program is difficult to overcome the low efficiency of the backhaul, when you add WiFi to branch customers, the bandwidth of the backhaul expenses can increase the number of stages, especially in the private MPLS expensive place.
Each branch needs to be protected, many branches require additional security services, such as a Zone-Based Firewall, IDS / IPS sensors and agents in order to provide a basic level of security. In addition to handling the complexity of PKI and SSL encrypted traffic inspection, you can quickly create installation settings in the branch office, but the high maintenance costs.
SD-WAN devices typically provide a basic level of security, such as region-based firewalls. Many of them can even create a secure tunnel to cloud security services, such as Zscaler, Palo Alto Networks GlobalProtect or Symantec's network security services. Policies can be set to use a direct Internet connection or broadband branch office application traffic forced through these services, providing cost-effective and safe solution compared to traditional methods, easier to implement and support the entire life cycle of the branch . Then, SDWAN device can manage routing and performance strategy, and access the Internet for cloud security solutions to protect against malware, advanced threats, phishing, browser exploits, malicious URL, botnets and so on.
Many businesses are also using VMware virtualization of its branch office environments, alternative architectures will involve virtual form factor SDWAN devices and cloud security services or local security virtualization platform used in combination. By the local branch of virtualization security platform, enterprises can be expected to retain control of own / operate the equipment, management and monitoring, without the need for physical space. Obviously, in this model, and the introduction of simplified deployment and simplified by software.
Above SD-WAN solution is mainly suitable for application delivery and optimization of advanced security services, low-cost branch environment, while optimizing the cost of doing business, companies can achieve unified management, so that enterprises rapid innovation and business development.