The Overlooked Vulnerabilities of Secure SD-WAN
Software-Defined WAN is on everyone’s lips, lately. It’s a fresh new take on the Wide Area Network (WAN) which allows enterprises and small businesses alike to break away from rigid connectivity contracts, simplify their network infrastructure and access their hosted resources more easily.
Recently, the Secure SD-WAN trend has started to emerge: the convergence of security and networking into a single product offering. The capacity to house a next generation firewall, a router and a link balancer under one roof is a great feat and, at first glance, a great savings opportunity. It may not be as secure as advertised, however.
Bundling network functions together sounds like the logical thing to do, until you realize that it effectively creates a massive single point of failure. This, in turn, is as good as a glowing target on your edge appliances for cyber-attacks.
There isn’t a week that goes by without news of a new security breach identified on some of the market’s leading networking vendors who boast an integrated suite of solutions: authentication bypass 1,2, encryption interference 3, remote code execution 4, information exposure 5,6, command injections 7. The list goes on. Many of these vulnerabilities are resolved swiftly with patches and updates, but how does that help you, if the damage is already done?
All these issues occur because the WAN edge appliance in question is visible to the outside world, and can therefore be targeted and its vulnerabilities exploited.
Martello’s WAN edge solution integrates at Layer-2, or the data link layer (OSI model), and not at Layer-3 or Layer-4 (network and transport layers), like most competing solutions (whether secure or not). Instead of terminating sessions, Martello inspects and forwards on the fly, without the firewall or ISP router ever being the wiser. Traffic flows through seamlessly, without ever being interrupted. This makes it transparent, and invisible to the outside world.
This is because the network interfaces on Martello’s edge appliance do not show IP addresses. Consequently, they are also invisible to attackers and do not share the vulnerabilities plaguing other products. Even when running a scan of your network infrastructure, hackers would be unable to detect the devices.
As such it’s also agnostic to pre-existing network devices including next generation firewalls, allowing you to leverage the benefits of a SD-WAN architecture without having to sacrifice the security setup you’re already comfortable with.
When it comes to your network, it’s safer to leverage best-of-breed solutions like Martello’s offerings. Secure SD-WAN solutions are either specialized in security, or in networking, and will either fail to keep your network up and running or leave you exposed and vulnerable.
Want to learn more about our SD-WAN solutions? Visit us at Booth #08 at the SD-WAN Summit in Paris, France next month!