Security must be deep-rooted into every software-defined WAN (SD-WAN) solution rather than bolted on as an afterthought, much like the process of planting reinforcement steel in concrete.

Concrete has been used in construction for more than a thousand years. It has excellent compressive strength which allows it to endure heavy weights but little to no strength in tension forces, which are concrete’s tolerance against pressing and stretching. Most of the current SD-WAN solutions in the market, like concrete, have some notable attributes. They can provide WAN optimization, Zero-touch deployment, centralized management, basic segmentations, and perhaps limited security functionalities like stateful firewalling and VPN. But are they also able to protect your branch network against all internal and external threats in Direct Internet Access (DIA)?

Thousands of new complex cybersecurity threats emerge every day. Similar to concrete tension forces, these threats will eventually crack and break your SD-WAN branch network. These malicious forces are more potent when connecting your branch directly to the cloud using a common internet highway bridge.

SD-WAN Security: Built-in or Bolted-on?

In almost every area of life, compared with a “built-in” option, it’s hard to imagine someone would choose a “bolted-on” as their first resort. Security is not so different. Yet many enterprises are using external security appliances to secure their directly connected SD-WAN branches to the cloud. This bolted-on security norm comes as no surprise. In the current market, there are simply not enough SD-WAN solutions with a substantial level of integrated security.

The process of bolting on legacy security tools often creates unnecessary complexity and overhead because these standalone products were never truly designed for an SD-WAN deployment. These bolted-on tools do not share the WAN tenets and have a difficult time adapting to today’s agile and scalable SD-WAN solutions.

Having distinct security and networking domains at each branch not only increases the total cost of ownership but also complicates deployment, monitoring, and manageability.  A simple policy update, for example, necessitates jockeying back and forth between two different monitoring dashboards. Managing integrated security and networking controls from a single console saves time and money and makes for an overall more efficient and effective system, just as using reinforced steel bars speeds up construction.

Cisco SD-WAN security reinforcing your WAN Network

Unlike other SD-WAN vendors’ solutions in which customers have to compromise on security, application experience or advanced routing, Cisco offers an integrated industry-leading SD-WAN with best-in-class security solution. This “no compromise” solution connects any device and any user to any cloud and delivers consistent threat protection from branch locations to the cloud edge.

With Cisco SD-WAN, multiple layers of enterprise-level security capabilities – such as application-aware firewall, intrusion prevention, URL filtering, file reputation, and simplified cloud security – can be deployed and managed through single interface dashboard, at scale.

Gaining additional protection with Cisco Umbrella, a secure internet gateway, is as simple as checking a box within the Cisco SD-WAN unified management console. Umbrella protects users across your Cisco SD-WAN from threats such as malware, ransomware, and C2 callbacks with no added latency

These integrated security capabilities are powered by Cisco Talos security engine, one of the largest threat-intelligence organizations in the world, to block sources with suspicious behaviors before they proliferate across the network.

To meet today’s highly flexible and scalable demands of an SD-WAN solution, a built-in security approach needs to be part of any SD-WAN architectural design to better detect and prevent evolving threats, while simplifying management and improving performance.

It’s time to reinforce your old network construction with Cisco SD-WAN security.

Aren’t you tired of spending time patching your cracked network?

To learn more about Cisco SD-WAN security, please visit cisco.com/go/sdwan-security.


Reza Koohrangpour

Product Marketing Manager, SD-WAN Security

Cisco Security