Security Controls in the US Enterprise: Network Security Software-Defined Wide Area Network

Security Controls in the US Enterprise: Network Security Software-Defined Wide Area Network

Authors: John Whetstone, Mike Spanbauer, Will Fisher

The software-defined wide area network (SD-WAN) is the union of software-defined networking (SDN) with WAN technology. Through the use of common VPN capabilities and the separation of data and control planes within SDN, software managed connections can be established and managed between multiple sites over any number of link types (e.g., fixed circuit, DSL, cable, mobile, MPLS, and so on), and without the operational challenges of having to manage multiple (often different) links. Enterprises can use the SD-WAN to leverage consumer-grade links (or links without assured performance) for business-class services at a lower cost.

SD-WANs simplify link establishment and management; enable quality of service (QoS) features based on application and service requirements (e.g., VoIP vs. Facebook); and afford policy control capabilities (e.g., limit web-based traffic to 50% of a given link). SD-WAN options are part router, part WAN optimization, and part firewall. Some SD-WANs also provide security functionality based on policy control and inspection, which makes them a compelling alternative to the local appliance approach that is often required at remote locations.

This brief presents results from NSS Labs’ 2017 Cloud Security Study, which included survey responses from 205 information security professionals representing 41 US industries.

As with all NSS Labs group tests, there was no fee for participation. All testing was conducted independently and was not paid for by any vendor.