Cyber Defense eMagazine May 2019

More documents

Recommendations

Info

The Role of Security Appliances in SD-WAN Adoption By Brendan Patterson, Vice President of Product Management at WatchGuard Technologies SD-WAN is one of the hottest networking technologies, and as we head into <strong>2019</strong> its growth is only expected to continue. As a matter of fact, IDC predicts the SD-WAN infrastructure will reach $4.5 billion by 2022. With more and more organizations relying on cloud applications to run day-to-day operations (such as Salesforce, JIRA, Confluence, Office 365, etc.), IT departments are under pressure to deliver high-quality, reliable links across the network. SD-WAN enables organizations to do this by curtailing expensive MPLS solutions, moving traffic to public internet lines, and often using secure VPN solutions to communicate between sites. This dramatically reduces transport costs, and in many cases increases performance. Network links without assured or guaranteed service can now be used to deliver business class services, including Voice over IP and video applications. But as this market blossoms, what type of SD-WAN solution should companies be looking for and how could they impact a businesses’ overall security? As with any emerging technology, there’s no shortage of new vendors making bold claims, and every vendor’s definition of the technology varies in order to match what they can deliver. That’s why it’s crucial for businesses to truly understand what SD-WAN is and what it isn’t before embarking on a new deployment. And, in many cases, firewall appliances actually provide SD-WAN services now. The ABCs of SD-WAN When considering SD-WAN solutions, there are some key criteria every buyer should look for. The first is the use of software to manage connections over different link or connection types – MPLS, cable modem, DSL, 4G and links from different ISPs. Every SD-WAN service should offer dynamic path selection between these different links based on predefined policies set to align with business priorities. They should test circuit performance in real time, measuring packet loss, latency, and jitter to determine 104
if the line meets the acceptable level of quality for its application traffic. Second, you need traffic management for applications. For example, being able to guarantee 10 Mbps for all Salesforce traffic. Third, when internet connections are used, businesses need to ensure that all data is private and none of the traffic can be viewed by third parties. This requires secure VPN capabilities for site-to-site tunnels with full IKEv2 level encryption or TLS level transport. And finally, “Zero-touch” deployment options allow SD-WAN appliances to be delivered to remote locations, and configured automatically by simply powering on and connecting to the internet. This ease of deployment aspect is critical, as technical staff and network engineers are scarce, and businesses need to quickly deploy cloud solutions as they roll out new hybrid WAN architectures to distributed sites. (Note: SD-WAN is typically delivered by placing a routing appliance or physical box in a branch location. Some SD-WAN solutions provide additional security capabilities like antivirus services or web content inspection. And in certain instances, the solution is even offered by the Telecom carrier as part of a monthly managed service.) “Who” is as important as “what” when it comes to SD-WAN DEPLOYMENT? It’s important that additional risk is not introduced when rolling out SD-WANs. Therefore, it matters if you’re using an experienced managed service provider than understands the security of your network and will take the time to understand your needs, versus using a Telcom provider. Keep in mind that an inexperienced operator may install SD-WAN routing devices behind a next-gen firewall or Unified Threat Management (UTM) appliance, and bypass the firewall that’s already in place for some or all traffic. This would be a major security vulnerability because it could expose the internal networks to public access, bypassing all malware inspection at the UTM. In addition, the security capabilities offered with the SD-WAN may offer a false sense of security for customers. Does the solution only rely on simple signature-based detections to find malware passing through the network? Advanced and evasive threats can easily circumvent basic antivirus solutions. This is why it’s critical to have layered, advanced security services like behavioral-based and artificial intelligence-enabled antivirus as a part of the overall SD-WAN solution deployed at remote sites. Managed SD-WAN solutions may claim to offer some basic firewall services, but they can also take days to respond to simple requests to implement or change basic rules. For example, if an application no longer needs to have a port open, a company should be able to immediately implement a change that no longer exposes it. 105
Page 1 and 2:
5 Reasons Why Cloud Security is Imp
Page 3 and 4:
Data Sniffing is Threatening Your P
Page 5 and 6:
CEO, Cyber Defense Media Group Publ
Page 7 and 8:
7
Page 9 and 10:
9
Page 11 and 12:
11
Page 13 and 14:
13
Page 15 and 16:
Your website could be vulnerable to
Page 17 and 18:
17
Page 19 and 20:
Cloud computing helps organizations
Page 21 and 22:
the day, if the customer data store
Page 23 and 24:
8 Cybersecurity Practices In Health
Page 25 and 26:
V. Amplified M&A activities in the
Page 27 and 28:
7. Maintain Compliance with HIPAA T
Page 29 and 30:
Whether it’s malicious outsiders
Page 31 and 32:
About the Authors Cody Cornell is t
Page 33 and 34:
altered. And with the decentralized
Page 35 and 36:
Simplifying Cybersecurity Deploymen
Page 37 and 38:
If you do not want Alert Logic auto
Page 39 and 40:
Backups like The Last Resort The im
Page 41 and 42:
About the Author Pedro Tavares is a
Page 43 and 44:
Legacy Infrastructure Legacy infras
Page 45 and 46:
Enterprise Insider Threats on The R
Page 47 and 48:
Your Security Teams are Destroying
Page 49 and 50:
Using Behavior to Detect Complete A
Page 51 and 52:
Ivanti Priorities this month:
Page 53 and 54: Phishing Awareness - The More They
Page 55 and 56: ecognized leader for security aware
Page 57 and 58: On Security and Privacy, States Are
Page 59 and 60: This federal push will not be a sil
Page 61 and 62: miniature bridges - an email can cr
Page 63 and 64: Network Traffic Analysis (NTA) By T
Page 65 and 66: Traffic Analysis Engine These are t
Page 67 and 68: The Internet of Things Signal Trans
Page 69 and 70: oth - convenience and security of t
Page 71 and 72: 4. Cloud and Speed: Companies that
Page 73 and 74: Two Steps on - One Step Back By Mil
Page 75 and 76: Always Take Care about Your Trainin
Page 77 and 78: CTI in some way, which is an increa
Page 79 and 80: would show that it’s so hard to a
Page 81 and 82: It’s All About The Logs Looking i
Page 83 and 84: A well designed and properly implem
Page 85 and 86: Salaries have significantly grown i
Page 87 and 88: Let’s take a look into a kid’s
Page 89 and 90: What happened then? This destroys a
Page 91 and 92: Opt Parental Controls for all your
Page 93 and 94: “Standards-based cybersecurity ri
Page 95 and 96: the de facto security standard simi
Page 97 and 98: About the Authors Dan Jetton is the
Page 99 and 100: According to KPMG’s Global Sector
Page 101 and 102: Data Sniffing is Threatening Your P
Page 103: About the Author William J. Tomlins
Page 107 and 108: Is Your Encryption Flexible Enough?
Page 109 and 110: to other chat apps is geometric, an
Page 111 and 112: The Critical Role TAPs Play in Netw
Page 113 and 114: About the Author Alastair Hartrup i
Page 115 and 116: Thanks to these attacks, the demand
Page 117 and 118: Why CIOs/CISO’s Positions Are Bec
Page 119 and 120: slowly to how they would normally.
Page 121 and 122: Over time, as operators compile mul
Page 123 and 124: QIDs from associated metadata, the
Page 125 and 126: 125
Page 127 and 128: 127
Page 129 and 130: 129
Page 131 and 132: 131
Page 133 and 134: 133
Page 135 and 136: 135
Page 137 and 138: 137
Page 139 and 140: 139
Page 141 and 142: 141
Page 143 and 144: 143
Page 145 and 146: 145
Page 147 and 148: 147
Page 149 and 150: 149
Page 151 and 152: You asked, and it’s finally here
Page 153 and 154: Marketing and Partnership Opportuni
Page 155 and 156:
Regent University’s Institute for
Page 157 and 158:
157
Page 159 and 160:
159
show all

Cyber Defense eMagazine May 2019

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?