Blog Article

Secure SD-WAN: Pricey or Priceless?

Posted by on August 6, 2019 9:18 am

Share This Blog

Our answer: Priceless!

Any way you look at it, security – or lack thereof – has a price tag. Your clients need to secure multiple parts of their networks. Here's how.

Securing Content

Traditionally, Next Generation Firewalls (NGFW) are deployed as the primary security appliance for a corporate network – providing a fierce barrier to the outside world. Over the years, this solution has evolved and more robust features have been added to keep up with emerging threats. But, ask any security expert and they will tell you a standalone firewall is not adequate for securing your network, especially in regulated industries. You need additional security components at other critical points in your network. Banking and healthcare IT managers are well aware of the need for robust security to meet compliance requirements. Because of highly publicized data breaches, many other companies are waking up to the need as well.

Securing Transport

Security can also be achieved by making communication paths private. Carrier services like Multi-Protocol Label Switching (MPLS) and traditional T1 connections provide more secure connections from remote sites to a headquarters or Co-Lo site.

MPLS is expensive when you factor the cost per megabit and T1s are an aging technology with similar bandwidth restrictions and availability.

Businesses today are rapidly adopting low-cost, high-bandwidth carrier services that leverage the public Internet. These services are easy to integrate into an existing network and are often available with incentives to boot. The challenge is providing a good level of security over the public Internet, easily.

Securing a Wide Area Network with SD-WAN

Software Defined Wide Area Network (SD-WAN) technology is relatively new, but it employs many tried and true components, providing a secure transport path between corporate sites and the cloud using any WAN carrier services. Think MPLS-like security with fiber broadband throughput.

How? It uses encrypted, encapsulated tunnels that traverse any type of connections you have in your business network, even wireless. Think automatically managed VPNs across public connections – secure connections for any traffic, over any connection.

For SD-WAN, the equipment cost and network engineering time to architect a system are not insignificant. However, the potential cost of lost revenues with downtime, diminished productivity, fines, penalties and a tarnished reputation from a data breach can be the highest price to pay.

Using SD-WAN with an existing firewall provides multiple layers of security for the network – Secure SD-WAN. These days, every line of defense is welcome.

How Does Ecessa’s Secure SD-WAN Work?

Ecessa premises-based controllers allow organizations to combine up to 25 connections of any service types (MPLS, DSL, broadband, satellite, microwave, 4G/LTE, etc.) from any providers, to create an affordable, resilient network with as much bandwidth as needed. Multiple, diverse links are recommended to protect against network outages in the event of a carrier service issue, whether the issue is spotty service, or a damaged line from a construction mishap. Often, an expensive MPLS connection can be replaced or augmented by low-cost broadband services, increasing bandwidth exponentially. The Ecessa SD-WAN solution allows your clients to keep their IP addresses and not change their network architecture – fitting seamlessly into their existing or desired architecture.

Ecessa SD-WAN is the easiest solution for you to sell and deploy. 

Ecessa SD-WAN solutions are purpose-built to optimize wide area network connections and create a Never Down™ network – never experience an outage again. The best-in-class, enterprise-grade features include the ability to control traffic down to the packet level and allow different routing options for different kinds of traffic. In addition to giving network administrators flexibility to set specific criteria for failover and failback, load balancing, authoritative DNS and other customizations, advanced features such as generic routing encapsulation (GRE) tunneling, encapsulation and encryption allow organizations to create private networks over public broadband connections. You can even fold MPLS into the mix.

Ecessa’s solutions also include a stateful firewall that provides additive security at the network edge. The embedded basic firewall features may provide enough security for smaller branch offices. Other organizations may elect to backhaul traffic that needs to be scrutinized to their central office or head end for processing through a best-in-class firewall with advanced features. NGFW and Unified Threat Management (UTM) features included in those highly specialized appliances are great at inspecting large amounts of data, detecting the latest malware and email threats, alerting against DDoS attacks and more. Ecessa SD-WAN products and purpose-built firewalls work well together to create robust, resilient and secure enterprise networks.

Our Recommendation

Can a single appliance provide the best firewall protection and the best SD-WAN features? It depends on what your client wants. To be honest, most firewall manufacturers who claim they integrate SD-WAN are light on network control features, and most SD-WAN providers who integrate firewalls capabilities are light on security features. Why? It’s a matter of specialization, and we rarely see a single manufacturer deliver best-in-class coverage in both areas. That’s why we recommend businesses deploy each technology using the best solution in each class for their network architecture.

To learn more about the difference between Ecessa solutions and firewalls, read the attached technology brief.

Please call us with questions! 800.669.6242


firewall, Network Security, Sdwan