Blog

Secure SD-WAN: 4 Critical Mistakes to Avoid

Software-defined WAN (SD-WAN), delivers high performance cloud-access, reduction in WAN costs by up to 70%+ and a highly secure architecture for the remote office. However, combining security and SD-WAN can result in operational challenges and security exposures that can derail your project. There are 4 decisions that enterprises must make to ensure success with Secure SD-WAN.

1. Best-of-breed vs. mediocre “single-box” solutions

Traditionally enterprises have had to compromise between using a “single-box” solution vs. best-of-breed products for security and SD-WAN. Best of breed products previously required separate physical or virtual appliances from different vendors that could be hard to integrate. Customers were faced with a conundrum – “Do I manage more appliances, or do I compromise with a mediocre ‘one-box’ solution”.  Palo Alto Prisma Access and CloudGenix SD-WAN have eliminated the need for this compromise! CloudGenix SD-WAN natively integrates with Palo Alto Prisma Access cloud-delivered security to provide a solution that is pre-integrated and requires ZERO additional hardware for security. You don’t have to compromise with mediocrity anymore!

2. Gen-1 vs. Gen-2 SD-WAN

In the early days of the electric car, manufacturers added an electric motor to a greasy combustion engine, and we got the gen-1 electric car. That’s pretty much what packet-based SD-WAN vendors did – you still deploy an inordinate number of routing protocols and have to deal with packet complexity when things break. However, CloudGenix has taken a radically different approach – an approach based on application-flow routing rather than mere packet routing. L3-L7 vs. mere L3-only. What does this mean for you – you can manage your network by using application policies for performance, security and compliance and CloudGenix automates your network for you. Deep data insights and global intelligence drive your network. Customers see 90%+ reduction in manual actions compared to Gen-1 SD-WAN products. Don’t be misled by vendor marketing that claims “application networking” but verify that the system is natively based on application-flows.

3. Elastic vs. rigid security architecture for the WAN

The CloudGenix + Palo Alto Prisma Access solution extends the security perimeter from the branch to the closest Prisma Access node in the cloud on a per-application basis. What does this mean? You can set a global security policy for an application in Panorama and it is enforced at the branch without needing any additional devices at the branch. CloudGenix securely tunnels the application flow to the closest Prisma node based on the security, performance and geo-fencing rules. Unlike having the entire security stack in the remote office, this architecture allows you to add new security capabilities by simply subscribing to the functionality from Prisma Access cloud. No worrying about hardware headroom or software updates. You put the elastic power of the Prisma cloud to work and rapidly react to changing threat vectors.

4. Global visibility vs. opaque architectures

Traffic in the modern branch is no longer mindlessly back hauled to the data center via MPLS. Applications freely flow to clouds, SaaS, data centers and recreational internet securely via any WAN connection. Tools deployed in the data center see only a fraction of traffic. So, what do you do when a branch user complains about Office 365 performance? Do you open a trouble ticket with Microsoft or the connectivity provider? Prisma Access and CloudGenix SD-WAN together provide visibility across 100% of the traffic going in and out of your branch office. You also gain deep insights for security analysis and troubleshooting SaaS, cloud and internet applications performance.

To see the CloudGenix SD-WAN + Palo Alto Networks solution in action, visit booth 313 at Ignite Barcelona Nov 13-15, 2019.