When planning to deploy SD-WAN, it’s important to consider the factors impacting both core network services (DNS, DHCP and IP Address Management—DDI) and hybrid security (on-premises, private and public cloud). Across the modern network ecosystem, traffic flows over SD-WAN to the network edge interfacing with and spanning sites from external and public networks to engage essential business applications, cloud services access, web browsing, Internet traffic and more. While each site has its own security needs with varying security threats, a breach at any point across the network puts the entire organization at risk.
So, where do you start? Have you outlined a strategy? How do you create your requirements? What are key considerations and best practices? Do you implement security at each branch office, in the cloud or in the corporate datacenter? What performance levels are acceptable at increasing levels of security infrastructure? These and many other issues are important to assess when planning how to optimize and secure access, reliability and performance for your customers and corporate and remote users.
Fortunately, Infoblox and the Tolly Group have teamed-up to produce an SD-WAN Security Best Practices Guide to provide practical and strategic insights for identifying and mitigating security risks. Rather than providing a comprehensive deployment guide, this document identifies and describes individual SD-WAN elements that require security to help you build your strategy and better approach security issues. In particular, the document outlines some of the important considerations and options as follows:
- Security vs. Performance
- Security Deployment Location Choices
- Foundational Security
- SD-WAN and Security Infrastructure
- Access Control and Management Plane
- Onboarding
- Data Plane Security
- Application Programming Interface (API) Framework Security
- Perimeter Security
- Cloud-Based Gateways
- Cloud-Based Credential Storage
- Security Information and Event Management (SIEM) Integration
- Security Update Process
- Compliance
- Advanced Topics: Service Chain, IoT Security and Micro-segmentation
No matter how well you plan in today’s environment, the safest approach is to consider not if you will be attacked, but when. And if you’re adopting new solutions with new features as part of a digital transformation initiative, it’s important to anticipate how these features introduce potential new attack risks. That’s why it’s essential to leverage security technologies and engage integrated, automated SD-WAN monitoring and response on a vigilant and continued basis. Moreover, adopting a well-conceived and communicated incident response plan that includes breach remediation processes, documentation and stakeholder notification is essential.
This SD-WAN Security Best Practices Guide can help start that process. To get your copy, select the download link and submit your request. For more information, contact your Infoblox sales rep or reseller to learn how Infoblox can help you address your specific SD-WAN security and planning needs.
