The Rise of SD-Security in the Branch

By Mark Weiner

Branch offices are an important location to secure. Gartner estimates that by 2016 more than 30 percent of advanced threats will target the most vulnerable entry point of the enterprise – the branch office. But deploying advanced security in branch networks is often a challenge and there are three reasons for this:

  1. 1.      The branch often lacks sufficient IT personnel
  2. 2.      Integration across security products can be problematic
  3. 3.      Network complexity continues to grow every day

To address branch office vulnerabilities, service providers through managed service offerings and enterprise IT teams are evolving their branch security infrastructure from legacy point appliances to a more agile and software-defined approach. With the emergence of SD-Security, multi-layer security can be more easily integrated into an SD-WAN solution via software, which isn’t possible with a standalone appliance-based approach. What software-defined WAN (SD-WAN) has done for branch connectivity, software-defined security can do for branch security.

By software defining security (SD-Security), enterprise IT and security teams have the opportunity to both increase branch security and simplify operations by migrating from proprietary security hardware appliances. SD-Security leverages virtualized network and security functions running on commodity hardware.

 

When evaluating an SD-Security solution, prospective customers should look for a vendor that provides a broad set of software-based security functions, including stateful and next-generation firewalls, malware protection, URL and content filtering, IPS and anti-virus, DDoS and VPN/next-generation VPN. The solution should also maximize cost efficiency by using commodity appliances vs. proprietary hardware and simplify operations through zero-touch provisioning and automatic service chaining of different security and network functions.

Reduce Operational Complexity

A true SD-Security solution reduces operational complexity by simplifying the deployment and operation of multiple security services at the branch office. If the solution has built-in service chaining, integrating multiple security functions into a layered branch security architecture is easier.

If the SD-Security solution you’re evaluating provides a single management console and set of policies across all security functions, ongoing operations can be greatly simplified. Capacity increases and new security function should be able to be dynamically provisioned as well.

Increase IT Agility

With zero-touch provisioning, SD-Security increases IT agility by enabling the deployment of a multi-function SD-Security solution within hours vs. the weeks or months required to install and integrate multiple proprietary security appliances. And an SD-Security solution will use built-in service chaining to easily integrate with existing security software and appliances.

Lower TCO

And lastly, SD-Security offers a lower TCO for branch security. An SD-Security provider should allow security teams to design new branch security architectures at significantly lower capital costs. Rather than using proprietary hardware appliances, SD-Security should be able to be deployed on low-cost commodity appliances. Using central management and zero-touch provisioning, operational costs are reduced, which eliminate deployment truck rolls and greatly simplify ongoing operations such as software updates and capacity expansion.

Overall, the benefits of SD-Security for providers and enterprise IT teams alike is much simpler insertion of security into the branch to protect Internet access, far more timely service deployment and upgrades, and greatly reduced chance of one standalone network or security component breaking another one.


Author Bio

Mark Weiner

Versa Networks

Mark Weiner is chief marketing officer at Versa Networks, where he brings over twenty years of leadership and market creation experience in the networking, security, cloud and data center sectors. Prior to joining Versa, Mark served as CMO/VP of marketing at Centrify, StorSimple (acquired by Microsoft), Virtela (acquired by NTT), NetScaler (acquired by Citrix), and Redback Networks (RBAK), as well as led marketing for multiple business units at Cisco. He is also an adjunct professor at Santa Clara University. Mark holds an MBA from Santa Clara University and a Bachelor of Science degree from the University of California, Berkeley.

Author's Bio

Nick Lippis

Co-Founder and Co-Chairman at ONUG

Nick Lippis is an authority on corporate computer networking. He has designed some for the largest computer networks in the world. He has advised many Global 2000 firms on network strategy, architecture, equipment, services and implementation including Hughes Aerospace, Barclays Bank, Kaiser Permanente, Eastman Kodak Company, Federal Deposit Insurance Corporation (FDIC), Liberty Mutual, Schering-Plough, Sprint, WorldCom, Cisco Systems, Nortel Networks and a wide range of other equipment suppliers and service providers.

Mr. Lippis is uniquely positioned to comment, analyze and observe computer networking industry trends and developments. At Lippis Enterprises, Inc., Nick works with entrepreneurs evaluating new business opportunities in enterprise networking and serves as an independent investor and advisor.