{"id":17947,"date":"2022-05-19T22:57:00","date_gmt":"2022-05-19T22:57:00","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=17947"},"modified":"2023-04-04T19:50:26","modified_gmt":"2023-04-04T19:50:26","slug":"sd-wan-security","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/","title":{"rendered":"How to Improve SD-WAN Security: 3 SD-WAN Best Practices"},"content":{"rendered":"\n<figure class=\"wp-block-image alignright size-large is-resized is-style-rounded\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.esecurityplanet.com\/wp-content\/uploads\/2020\/10\/ESP.SD-WANSecurity-1024x683.jpg\" alt=\"A picture of two professionals looking at a piece of hardware as this article is about improving SD-WAN security. SD-WAN architectures are on the rise but what additional security tools or coverage is necessary.\" class=\"wp-image-22046\" width=\"370\" height=\"247\" srcset=\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/ESP.SD-WANSecurity-1024x683.jpg 1024w, https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/ESP.SD-WANSecurity-300x200.jpg 300w, https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/ESP.SD-WANSecurity-768x512.jpg 768w, https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/ESP.SD-WANSecurity-1536x1025.jpg 1536w, https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/ESP.SD-WANSecurity-150x100.jpg 150w, https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/ESP.SD-WANSecurity-696x464.jpg 696w\" sizes=\"(max-width: 370px) 100vw, 370px\" \/><\/figure>\n\n\n\n<p>As the modern workforce becomes increasingly mobile and enterprises branch out and grow, software-defined wide area networks (<a href=\"https:\/\/www.esecurityplanet.com\/products\/sd-wan\/\">SD-WAN<\/a>) have become a popular choice in the evolution of networking.<\/p>\n\n\n\n<p>By applying the benefits of software-defined networking (SDN) to traditional hardware-centric networks, SD-WAN offers enterprises improved flexibility, scalability, performance, and agility for today\u2019s virtual, edge, branch and cloud IT environments. However, with all the benefits SD-WAN provides organizations, it also opens the door for a new set of security challenges.<\/p>\n\n\n\n<p>This article looks at the security functionality of SD-WAN solutions and how to bolster SD-WAN cybersecurity. Jump ahead for a technical review on SD-WAN.<\/p>\n\n\n\n<p><strong>Jump to:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/#what\">What is SD-WAN?<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/#traditional\">Traditional Networks vs Software-Defined Networks (SDN)<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/#SDN\">SDN vs SD-WAN<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/#challenges\">Security Challenges to SD-WAN<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/#features\">SD-WAN Security Features and Capabilities<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/#improving\">Top 3 SD-WAN Security Best Practices<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/#sase\">SASE: SD-WAN and SSE<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/#conclusion\">SD-WAN: Securing Today&#8217;s Enterprise Networks<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"what\"><strong>What is SD-WAN?<\/strong><\/h2>\n\n\n\n<p>SD-WAN is a virtual architecture for managing a wide-area network covering distributed, hybrid IT environments typical for today&#8217;s enterprise organizations.&nbsp;<\/p>\n\n\n\n<p>Whereas traditional WANs backhauled all traffic to a central hub or data center, SD-WAN architectures increase the performance of on-premises services like <a href=\"https:\/\/www.esecurityplanet.com\/cloud\/cloud-security-best-practices\/\">SaaS<\/a> applications with direct access to cloud platforms. This cloud-centric model offers administrators granular network management opportunities while leveraging the bandwidth and reducing the cost of service delivery.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"traditional\"><strong>Traditional Networks vs Software-Define Networks (SDN)<\/strong><\/h2>\n\n\n\n<p>Veteran system administrators know traditional networks to be the physical hardware \u2013 switches, routers, and firewalls \u2013 connecting and controlling network traffic for an organization. The control plane (protocols and configuration) and the data plane (forwarding) are the same in conventional networks, giving administrators little flexibility other than physically reconfiguring or resetting network equipment.<\/p>\n\n\n\n<p>Software-defined networks (SDN), by comparison, separate the control plane and data plane and give administrators the power to manage network configurations via a software application. The SDN approach makes the most of modern virtualization and remote network management capabilities and reduces unnecessary travel and deployment costs.<\/p>\n\n\n\n<p>The basis for SDN is the OpenFlow standard, which allows an SDN controller to connect and manage switches and ports for network management.<\/p>\n\n\n\n<p><strong>Also read<\/strong>: <a href=\"https:\/\/www.esecurityplanet.com\/products\/business-continuity-software\/\" target=\"_blank\" rel=\"noreferrer noopener\">Best Business Continuity Software<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"sdn\"><strong>SDN vs SD-WAN<\/strong><\/h2>\n\n\n\n<p>SD-WAN architectures are an example of SDN technology applied to geographically distant wide-area networks through broadband internet, multiprotocol label switching (MPLS), 4G\/LTE, and <a href=\"https:\/\/www.esecurityplanet.com\/mobile\/5g-cybersecurity\/\">5G<\/a>.<\/p>\n\n\n\n<p>SDN refers explicitly to decoupling control and data planes within the core network, data center, or LAN. In contrast, SD-WAN is the application routing expanded to a distributed network of branch offices and users.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"challenges\"><strong>Security Challenges to SD-WAN<\/strong><\/h2>\n\n\n\n<p>With SD-WAN architectures, branch employees and <a href=\"https:\/\/www.esecurityplanet.com\/endpoint\/remote-workforce-security\/\">remote users<\/a> connect to an enterprise network through a web of connected devices over the <a href=\"https:\/\/www.esecurityplanet.com\/products\/internet-security-software\/\">internet<\/a>. This IT sprawl and surplus of <a href=\"https:\/\/www.esecurityplanet.com\/products\/edr-solutions\/\">endpoints<\/a> add complexity to <a href=\"https:\/\/www.esecurityplanet.com\/products\/best-network-security-tools\/\">network security<\/a>. Even one unsecured entry point can be problematic without proper segmentation.<\/p>\n\n\n\n<p>While SD-WAN offerings come with out-of-the-box security features, this embedded security isn&#8217;t enough for securing enterprise workloads over a widely distributed network.<\/p>\n\n\n\n<p>Administrators can first take inventory of the existing or prospective SD-WAN solution&#8217;s security functionality to determine additional security coverage. But the industry consensus by now is the Secure Access Service Edge (<a href=\"https:\/\/www.esecurityplanet.com\/networks\/sase\/\">SASE<\/a>), or the combination of SD-WAN with a set of network security tools that cover <a href=\"https:\/\/www.esecurityplanet.com\/networks\/edge-security-how-to-secure-the-edge-of-the-network\/\">edge<\/a> to <a href=\"https:\/\/www.esecurityplanet.com\/products\/cloud-security-companies\/\">cloud security<\/a>.<\/p>\n\n\n\n<p>The sections below look at standard security features of SD-WAN, followed by how organizations can bolster SD-WAN architectures with SASE and other solutions.<\/p>\n\n\n\n<p><strong>Also read<\/strong>: <a href=\"https:\/\/www.esecurityplanet.com\/products\/xdr-security-solutions\/\" target=\"_blank\" rel=\"noreferrer noopener\">Top XDR Security Solutions<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"features\"><strong>SD-WAN Security Features and Capabilities<\/strong><\/h2>\n\n\n\n<p>Not every SD-WAN solution is equal, but they all come with some level of security functionality. Most have a handful of built-in security capabilities to offer foundational network security, including Internet Protocol Security (IPsec) virtual private networks (<a href=\"https:\/\/www.esecurityplanet.com\/products\/enterprise-vpn-solutions\/\">VPN<\/a>), stateful <a href=\"https:\/\/www.esecurityplanet.com\/networks\/types-of-firewalls\/\">firewalls<\/a>, and essential threat <a href=\"https:\/\/www.esecurityplanet.com\/threats\/how-hackers-evade-detection\/\">detection<\/a> and response.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Encrypting Data in Transit<\/strong><\/h3>\n\n\n\n<p>With the boom in devices and users connecting to enterprise networks, the <a href=\"https:\/\/www.esecurityplanet.com\/products\/breach-and-attack-simulation-bas-vendors\/\">attack surface<\/a> of transmitted data dramatically increases.<\/p>\n\n\n\n<p>Many software-defined networking solutions (SDN) have built-in 128- and 256-bit AES <a href=\"https:\/\/www.esecurityplanet.com\/products\/best-encryption-software\/\">encryption<\/a> and IPsec-based VPN capabilities. These protected tunnels of information in transit prevent unauthorized access to the network and ensure ongoing compliance.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Segmenting Traffic<\/strong><\/h3>\n\n\n\n<p>SD-WAN <a href=\"https:\/\/www.esecurityplanet.com\/networks\/microsegmentation-software\/\">segmentation<\/a> capabilities allow administrators to separate traffic according to <a href=\"https:\/\/www.esecurityplanet.com\/products\/application-security-vendors\/\">application<\/a> characteristics and network policies.<\/p>\n\n\n\n<p>Segmenting out <a href=\"https:\/\/www.esecurityplanet.com\/threats\/ransomware-groups-target-virtual-machines-vms\/\">virtual<\/a> networks within the SD-WAN&#8217;s overlay prohibits traffic from less secure locations, stopping any <a href=\"https:\/\/www.esecurityplanet.com\/threats\/malware-types\/\">malware<\/a> from compromising other segments with sensitive access or data. Administrators can develop a microsegmentation strategy and incorporate <a href=\"https:\/\/www.esecurityplanet.com\/products\/zero-trust-security-solutions\/\">zero trust<\/a> principles with this added flexibility relative to traditional networks.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Detecting and Responding to Threats<\/strong><\/h3>\n\n\n\n<p>Many SD-WAN providers offer access to <a href=\"https:\/\/www.esecurityplanet.com\/products\/threat-intelligence-platforms\/\">threat intelligence<\/a> services that can automatically identify and mitigate common security <a href=\"https:\/\/www.esecurityplanet.com\/threats\/zero-day-threat\/\">threats<\/a>. Many of these services use artificial intelligence and machine learning (<a href=\"https:\/\/www.esecurityplanet.com\/threats\/ai-ml-cybersecurity\/\">AI and ML<\/a>) to predict possible security breaches by identifying suspicious patterns in network traffic.<\/p>\n\n\n\n<p><strong>Read more<\/strong>: <a href=\"https:\/\/www.esecurityplanet.com\/products\/best-user-and-entity-behavior-analytics-ueba-tools\/\" target=\"_blank\" rel=\"noreferrer noopener\">Best User &amp; Entity Behavior Analytics (UEBA) Tools<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"improving\"><strong>Top 3 SD-WAN Security Best Practices<\/strong><\/h2>\n\n\n\n<p>SD-WAN&#8217;s built-in security isn&#8217;t enough. It offers clients base protection, but enterprises need to take additional measures to identify increasingly <a href=\"https:\/\/www.esecurityplanet.com\/threats\/advanced-persistent-threat\/\">advanced threats<\/a> and execute remediation. Considering how expansive SD-WAN architectures can be, the next step is filling the gaps in coverage with appropriate security functionality.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Next-Generation Firewalls (NGFW) and FWaaS&nbsp;<\/strong><\/h3>\n\n\n\n<p>Most SD-WAN solutions come with a built-in firewall; however, these are typically stateful firewalls that only include packet filtering and Layer 3 protection. These firewalls may effectively restrict unauthorized access based on IP addresses and ports, but they do not provide the end-to-end coverage that branched-out enterprises require.<\/p>\n\n\n\n<p>Next-generation firewalls (<a href=\"https:\/\/www.esecurityplanet.com\/products\/top-ngfw\/\">NGFW<\/a>) are critical for enterprise network traffic. The latest firewalls offer advanced functionality, including:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Intrusion detection and prevention systems (<a href=\"https:\/\/www.esecurityplanet.com\/products\/intrusion-detection-and-prevention-systems\/\">IDPS<\/a>)<\/li>\n\n\n\n<li>Data loss prevention (<a href=\"https:\/\/www.esecurityplanet.com\/products\/data-loss-prevention-dlp-solutions\/\">DLP<\/a>)<\/li>\n\n\n\n<li>Deep packet inspection (DPI)<\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/endpoint\/sandboxing-advanced-malware-analysis\/\">Sandboxing<\/a><\/li>\n<\/ul>\n\n\n\n<p>Firewalls-as-a-Service (<a href=\"https:\/\/www.esecurityplanet.com\/cloud\/firewalls-as-a-service-fwaas\/\">FWaaS<\/a>) is the cloud-based NGFW ready to manage traffic at critical cloud access points. In the cloud-based security era, NGFW and FWaaS solutions are both vital in <a href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-implement-microsegmentation\/\">implementing microsegmentation<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Inspecting Web Traffic<\/strong><\/h3>\n\n\n\n<p>Experienced administrators understand the importance of inspecting all network traffic. However, with TLS-encrypted traffic accounting for most traffic across the internet, it&#8217;s far more challenging to examine at scale. As a result, hackers often hide malware in SSL\/TLS traffic, as they know it&#8217;s less likely to be discovered.<\/p>\n\n\n\n<p>Fortunately, solutions are available that can intercept TLS communications between the server and the client. The traffic is then decrypted and inspected using <a href=\"https:\/\/www.esecurityplanet.com\/products\/antivirus-software\/\">antivirus<\/a> scanning and web filtering. Once clear, the traffic gets forwarded to its destination.<\/p>\n\n\n\n<p>Web application firewalls (<a href=\"https:\/\/www.esecurityplanet.com\/products\/top-web-application-firewall-waf-vendors\/\">WAF<\/a>), secure web gateways (<a href=\"https:\/\/www.esecurityplanet.com\/products\/secure-web-gateway-vendors\/\">SWG<\/a>), and cloud access security brokers (<a href=\"https:\/\/www.esecurityplanet.com\/products\/casb-security-vendors\/\">CASB<\/a>) are all worthy considerations when protecting against web attacks.<\/p>\n\n\n\n<p><strong>Also read<\/strong>: <a href=\"https:\/\/www.esecurityplanet.com\/endpoint\/prevent-web-attacks-using-input-sanitization\/\" target=\"_blank\" rel=\"noreferrer noopener\">How to Prevent Web Attacks Using Input Sanitization<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Promptly Patching Systems<\/strong><\/h3>\n\n\n\n<p>Threat actors are constantly looking for new ways to gain access to networks. For this reason, software and firmware providers often release updates and patches to thwart hackers&#8217; attempts. Unfortunately, these updates don&#8217;t always occur automatically or at the frequency needed.&nbsp;<\/p>\n\n\n\n<p>It is vital administrators do not fall behind with updates, especially for popular applications and critical servers. Learn more about automating updates with eSP\u2019s <a href=\"https:\/\/www.esecurityplanet.com\/products\/patch-management-software\/\">Best Patch Management Software and Tools<\/a>.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.esecurityplanet.com\/products\/best-backup-solutions-for-ransomware-protection\/\">Backups<\/a> and a rigid backup strategy are another essential part of the network security puzzle, as they ensure lost data is recoverable when all else fails. Backups also offer additional flexibility in responding to increasing reality for organizations of all sizes \u2013 <a href=\"https:\/\/www.esecurityplanet.com\/trends\/are-backups-enough-for-ransomware\/\">ransomware<\/a> attacks.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"sase\"><strong>SASE: SD-WAN and SSE<\/strong><\/h2>\n\n\n\n<p>SASE combines SD-WAN and the Secure Services Edge (SSE), or the tools enabling edge-to-cloud security for enterprise networks. Though there isn&#8217;t a definitive list of SSE tools, standard components include several of the above tools like FWaaS, SWG, and CASB, as well as:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Advanced threat protection<\/li>\n\n\n\n<li><a href=\"https:\/\/www.esecurityplanet.com\/products\/best-network-monitoring-tools\/\">Bandwidth and application control<\/a><\/li>\n\n\n\n<li>Browser isolation<\/li>\n\n\n\n<li>Cloud security posture management (<a href=\"https:\/\/www.esecurityplanet.com\/cloud\/cnap-platforms-the-next-evolution-of-cloud-security\/\">CSPM<\/a>)<\/li>\n\n\n\n<li>Encryption and <a href=\"https:\/\/www.esecurityplanet.com\/networks\/the-case-for-decryption-in-cybersecurity\/\">decryption<\/a><\/li>\n\n\n\n<li>Unified threat management (<a href=\"https:\/\/www.esecurityplanet.com\/products\/unified-threat-management-vendors\/\">UTM<\/a>)<\/li>\n\n\n\n<li>Zero trust network access (<a href=\"https:\/\/www.esecurityplanet.com\/networks\/how-to-implement-zero-trust\/\">ZTNA<\/a>)<\/li>\n<\/ul>\n\n\n\n<p><strong>Read more<\/strong>: <a href=\"https:\/\/www.esecurityplanet.com\/products\/best-cybersecurity-software\/\" target=\"_blank\" rel=\"noreferrer noopener\">Best Cybersecurity Software<\/a><\/p>\n\n\n\n<hr class=\"wp-block-separator has-css-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"conclusion\"><strong>SD-WAN: Securing Today&#8217;s Enterprise Networks<\/strong><\/h2>\n\n\n\n<p>Many top SD-WAN vendors continue to adopt SASE capabilities to shore up client exposure in the budding secure SD-WAN market. Meanwhile, several network security companies are provisioning security appliances to support SD-WAN.<\/p>\n\n\n\n<p>Things get tricky because of how all-encompassing the SD-WAN or SASE solution bundle is. Standalone SD-WAN solutions, as noted above, often offer a base level of protection, whereas SASE hits the gamut of edge-to-cloud security needs. Customers have plenty to consider between pure SD-WAN, pure SSE, and SASE vendors offering the faculties for both.<\/p>\n\n\n\n<p>Many SD-WAN providers will tout their product as a comprehensive SDN and security solution. Still, too many variables left up to a single vendor can spell danger for an enterprise organization.<\/p>\n\n\n\n<p>The combination of built-in security features, SASE functionality, and additional measures can help ensure an organization&#8217;s SD-WAN architecture remains safe from malware and data loss.<\/p>\n\n\n\n<p><em>This article was originally written by <\/em><a href=\"https:\/\/www.esecurityplanet.com\/author\/kyle-guercio\/\"><em>Kyle Guercio<\/em><\/a><em> on October 9, 2020, and updated by <\/em><a href=\"https:\/\/www.esecurityplanet.com\/author\/singalls\/\"><em>Sam Ingalls<\/em><\/a><em> on May 19, 2022.<\/em><\/p>\n\n\n\n<p><strong>Read more<\/strong>: <a href=\"https:\/\/www.esecurityplanet.com\/products\/hot-cybersecurity-startups\/\" target=\"_blank\" rel=\"noreferrer noopener\">Top Cybersecurity Startups to Watch in 2022<\/a><\/p>\n\n\n<div id=\"ta-campaign-widget-66d6cf97585b2-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n    \n<div\n    style=\"\n        --ta-campaign-plugin-primary: #3545ed;\n        --ta-campaign-plugin-button-text: #fff;\n        --ta-campaign-plugin-button-hover-background: #3231b4;\n        --ta-campaign-plugin-button-hover-text: #fff;\n        --ta-campaign-plugin-button-toggle-background: #3231b4;\n        --ta-campaign-plugin-button-toggle-text: #3231B4;\n    \"\n    data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n    <div\n        id=\"ta-campaign-widget-66d6cf97585b2\"\n        class=\"ta-campaign-widget ta-campaign-widget--popup\"\n        data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d6cf97585b2\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n                <div class=\"ta-campaign-widget__exit\">\n            <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n                <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n            <\/svg>\n        <\/div>\n        \n        <div class=\"ta-campaign-widget__wrapper\">\n            <div class=\"ta-campaign-widget__header mb-6\">\n                                <h3 class=\"ta-campaign-widget__tagline\">\n                    Get the Free Cybersecurity Newsletter                <\/h3>\n                \n                \n                                <p class=\"ta-campaign-widget__content mt-6\">\n                    Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday                <\/p>\n                            <\/div>\n\n            <form class=\"ta-campaign-widget__form\">\n                <div class=\"ta-campaign-widget__input mb-4\"  data-field=\"email\">\n                    <label\n                        class=\"sr-only\"\n                        for=\"email-66d6cf97585b2\">\n                        Email Address\n                    <\/label>\n                    <input\n                        class=\"ta-campaign-widget__input__text\"\n                        placeholder=\"Work Email Address\"\n                        id=\"email-66d6cf97585b2\"\n                        name=\"email\"\n                        type=\"email\">\n                <\/div>\n\n                                <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n                    <div class=\"flex items-start\">\n                        <input\n                            id=\"opt-in-66d6cf97585b2\"\n                            class=\"ta-campaign-widget__checkbox__input mr-2\"\n                            name=\"opt-in\"\n                            type=\"checkbox\"\/>\n                        <label\n                            class=\"ta-campaign-widget__checkbox__label\"\n                            for=\"opt-in-66d6cf97585b2\">\n                            By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.                        <\/label>\n                    <\/div>\n                <\/div>\n                \n                <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n                    Subscribe                <\/button>\n            <\/form>\n        <\/div>\n    <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>As the modern workforce becomes increasingly mobile and enterprises branch out and grow, software-defined wide area networks (SD-WAN) have become a popular choice in the evolution of networking. By applying the benefits of software-defined networking (SDN) to traditional hardware-centric networks, SD-WAN offers enterprises improved flexibility, scalability, performance, and agility for today\u2019s virtual, edge, branch and [&hellip;]<\/p>\n","protected":false},"author":250,"featured_media":22046,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[21,14,16],"tags":[30582,30576,31423],"b2b_audience":[33,44,30,45,31,32],"b2b_industry":[],"b2b_product":[65],"class_list":["post-17947","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud","category-networks","category-trends","tag-ngfw","tag-sase","tag-ztna","b2b_audience-awareness-and-consideration","b2b_audience-c-level-executive","b2b_audience-large-enterprise","b2b_audience-management-title","b2b_audience-medium-business-enterprise","b2b_audience-small-business-enterprise","b2b_product-product-and-service"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Improve SD-WAN Security: 3 SD-WAN Best Practices<\/title>\n<meta name=\"description\" content=\"Your SD-WAN solution comes with built-in security, but not enough to meet enterprise security requirements. Here are some next steps.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Improve SD-WAN Security: 3 SD-WAN Best Practices\" \/>\n<meta property=\"og:description\" content=\"Your SD-WAN solution comes with built-in security, but not enough to meet enterprise security requirements. Here are some next steps.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-19T22:57:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-04-04T19:50:26+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/ESP.SD-WANSecurity.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"7952\" \/>\n\t<meta property=\"og:image:height\" content=\"5304\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Sam Ingalls\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/SamIngalls\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sam Ingalls\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/\"},\"author\":{\"name\":\"Sam Ingalls\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/40407ef36d4a8822d7fcd993b93faba2\"},\"headline\":\"How to Improve SD-WAN Security: 3 SD-WAN Best Practices\",\"datePublished\":\"2022-05-19T22:57:00+00:00\",\"dateModified\":\"2023-04-04T19:50:26+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/\"},\"wordCount\":1463,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/ESP.SD-WANSecurity.jpg\",\"keywords\":[\"ngfw\",\"sase\",\"ztna\"],\"articleSection\":[\"Cloud\",\"Networks\",\"Trends\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/\",\"name\":\"How to Improve SD-WAN Security: 3 SD-WAN Best Practices\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/ESP.SD-WANSecurity.jpg\",\"datePublished\":\"2022-05-19T22:57:00+00:00\",\"dateModified\":\"2023-04-04T19:50:26+00:00\",\"description\":\"Your SD-WAN solution comes with built-in security, but not enough to meet enterprise security requirements. Here are some next steps.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/ESP.SD-WANSecurity.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/ESP.SD-WANSecurity.jpg\",\"width\":7952,\"height\":5304,\"caption\":\"A picture of two professionals looking at a piece of hardware as this article is about improving SD-WAN security. SD-WAN architectures are on the rise but what additional security tools or coverage is necessary.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Improve SD-WAN Security: 3 SD-WAN Best Practices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/40407ef36d4a8822d7fcd993b93faba2\",\"name\":\"Sam Ingalls\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/08\/Sam-Ingalls-Square-150x150.jpg\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/08\/Sam-Ingalls-Square-150x150.jpg\",\"caption\":\"Sam Ingalls\"},\"description\":\"Sam Ingalls is an award-winning writer and researcher covering enterprise technology, cybersecurity, data centers, and IT trends, for eSecurity Planet, Tech Republic, ServerWatch, Webopedia, and Channel Insider.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/singalls\/\",\"https:\/\/x.com\/https:\/\/twitter.com\/SamIngalls\"],\"url\":\"https:\/\/www.esecurityplanet.com\/author\/singalls\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Improve SD-WAN Security: 3 SD-WAN Best Practices","description":"Your SD-WAN solution comes with built-in security, but not enough to meet enterprise security requirements. Here are some next steps.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/","og_locale":"en_US","og_type":"article","og_title":"How to Improve SD-WAN Security: 3 SD-WAN Best Practices","og_description":"Your SD-WAN solution comes with built-in security, but not enough to meet enterprise security requirements. Here are some next steps.","og_url":"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/","og_site_name":"eSecurity Planet","article_published_time":"2022-05-19T22:57:00+00:00","article_modified_time":"2023-04-04T19:50:26+00:00","og_image":[{"width":7952,"height":5304,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/ESP.SD-WANSecurity.jpg","type":"image\/jpeg"}],"author":"Sam Ingalls","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/SamIngalls","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Sam Ingalls","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/"},"author":{"name":"Sam Ingalls","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/40407ef36d4a8822d7fcd993b93faba2"},"headline":"How to Improve SD-WAN Security: 3 SD-WAN Best Practices","datePublished":"2022-05-19T22:57:00+00:00","dateModified":"2023-04-04T19:50:26+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/"},"wordCount":1463,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/ESP.SD-WANSecurity.jpg","keywords":["ngfw","sase","ztna"],"articleSection":["Cloud","Networks","Trends"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/","url":"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/","name":"How to Improve SD-WAN Security: 3 SD-WAN Best Practices","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/ESP.SD-WANSecurity.jpg","datePublished":"2022-05-19T22:57:00+00:00","dateModified":"2023-04-04T19:50:26+00:00","description":"Your SD-WAN solution comes with built-in security, but not enough to meet enterprise security requirements. Here are some next steps.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/ESP.SD-WANSecurity.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/ESP.SD-WANSecurity.jpg","width":7952,"height":5304,"caption":"A picture of two professionals looking at a piece of hardware as this article is about improving SD-WAN security. SD-WAN architectures are on the rise but what additional security tools or coverage is necessary."},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/networks\/sd-wan-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"How to Improve SD-WAN Security: 3 SD-WAN Best Practices"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/40407ef36d4a8822d7fcd993b93faba2","name":"Sam Ingalls","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/08\/Sam-Ingalls-Square-150x150.jpg","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2022\/08\/Sam-Ingalls-Square-150x150.jpg","caption":"Sam Ingalls"},"description":"Sam Ingalls is an award-winning writer and researcher covering enterprise technology, cybersecurity, data centers, and IT trends, for eSecurity Planet, Tech Republic, ServerWatch, Webopedia, and Channel Insider.","sameAs":["https:\/\/www.linkedin.com\/in\/singalls\/","https:\/\/x.com\/https:\/\/twitter.com\/SamIngalls"],"url":"https:\/\/www.esecurityplanet.com\/author\/singalls\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/17947"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/250"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=17947"}],"version-history":[{"count":0,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/17947\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/22046"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=17947"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=17947"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=17947"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=17947"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=17947"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=17947"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}