By Michael Lynge
There’s a lot of buzz in the industry these days about the software-defined wide area network (SD-WAN). This is hardly surprising when you consider that analysts are projecting a multi-billion market for infrastructure and services. The benefits of SD-WAN support these projections; however, before your enterprise purchases one of these devices, you should be asking some fundamental questions:
How secure is it? This is a major concern, especially considering recent security breaches. Branch offices currently use Multiprotocol Label Switching (MPLS) links, which are inherently secure because of their dedicated circuits, or more specifically, because the transport medium they use limits access to data. Switching to SD-WAN means you can use standard broadband links (such as those used by general Internet consumers), but this also increases your risk.
Which security components are included? NGFWs and NGIPS are two security components that enterprises will be looking to leverage from a SD-WAN deployment, both of which will result in cost savings and simplified networks. Currently, branch offices deploy traditional WAN devices, so enterprises will need to take a hybrid approach at first. But if firewall and intrusion prevention functionality is included, will it be as effective as the dedicated devices?
Will traffic optimization impact performance? Since SSL/TLS or IPSec will be used to tunnel back to the main office, encryption could impact performance. How traffic is optimized based on settings may initially cause performance issues. But SD-WAN’s advantage is its capability to provide multi-link load balancing.
What is the true cost? While an SD-WAN deployment will result in savings for enterprises, we still don’t know the true cost of ownership. As with any technology, there will likely be trade-offs, and these must be normalized against intended function in order to make accurate technology comparisons based on your enterprise’s requirements. Only when you look at the total cost of ownership (TCO) can this question be answered.
To get answers to these questions and many others, NSS Labs has been working with enterprises and vendors on version 1.0 of our SD-WAN Test Methodology. NSS will conduct a Group Test where SD-WAN products will be tested across key areas (at no cost to the vendor) and the results will be shared with the enterprise. Tested SD-WAN products will be rated as Recommended, Neutral, or Caution using the NSS Labs Security Value Map™ (SVM).
Enterprises that wish to provide feedback regarding the forthcoming SD-WAN Group Test and the associated test methodology can send their feedback to SD-WANenterprise@nsslabs.com. Vendors should send their feedback to SD-WANvendor@nsslabs.com.
To learn more about the NSS technology categories and test coverage and to access our Research Library, visit our Security Test page.
Follow us on Twitter (@NSSLabs) to keep informed as new research is released.