Palo Alto Networks at ONUG Spring 2019 and Understanding the Security Landscape for SD-WAN

With many organizations adopting a direct-to-internet networking strategy for their branch locations, there is considerable interest in how to architect the security. This is especially true if the organization is also adopting SD-WAN as part of their branch networking strategy. That’s because that SD-WAN can be architected in many different ways, and that can make security options hard to implement without making compromises.

At a baseline, security at the branch should not be different than security at headquarters. There’s no reason why a person at a branch should be subject to more exposure to risk. Except that’s often the case with many direct-to-internet strategies, because the technology that protects the branch networking to the internet may not have the same security capabilities as what’s available at corporate quarters. Security at the branch must be consistent with corporate standards, and that means with the same security capabilities, the same security policy, and the same threat intelligence.

A second consideration is what is inspected. Given that web is an important part of web traffic, many organizations focus on web security. Web is important from the perspective of enforcing end-user policy, but it’s just the start of the traffic that needs to be inspected from a cybersecurity point of view. All traffic must be inspected at all times, and in all locations.

These principles sound straightforward, but with SD-WAN it becomes hard to do. The choices for security in SD-WAN are often mind boggling complex. Is the SD-WAN built with an architecture designed to integrate with your security platform? Are you integrating from the cloud fabric or the edge device? Are the options for security providing visibility into all network activity? Are you making tradeoffs between your on-prem and cloud-delivered security options?

At Palo Alto Networks, we maximize flexibility for deployment in SD-WAN environments by offering options for delivering security through:

  • On-premise security appliance, either using a Palo Alto Networks next-generation firewall or using options for deploying virtualized firewall
  • Cloud-delivered security, using GlobalProtect cloud service to provide options for integrating with the diverse SD-WAN architectures

We’re going to be at ONUG Spring 2019, and we’re discussing the topic of how SD-WAN is affecting branch transformation.

To learn more about security options for SD-WAN, join Palo Alto Networks at ONUG Spring 2019. Visit the website for more details about attending this event, and I’ll see you there.


Author's Bio

Brian Tokuyoshi

Senior Product Marketing Manager at Palo Alto Networks