What is next after SD-WAN?

Oreta surveyed several leading IT specialists with the question ‘SD-WAN, what’s next?’ and uncovered that the answer varied dependent on where the business is in their network transformation journey.The responses included:

  1. SD-WAN optimisation
  2. Extension of the edge security to rest of network
  3. Secure Access Services Edge (SASE) and Zero Trust
  4. Data Loss Prevention (DLP)

Let’s unpick these answer’s but before we do what is the problem we are trying to solve?

The Australian Cyber Security Centre received over 76,000 cybercrime reports last financial year. This equates to one report every 7 minutes. A 25 per cent increase in the number of publicly reported software vulnerabilities and a rise in the average cost per cybercrime report to over $39,000 for small business, $88,000 for medium business, and over $62,000 for large business, this is an average increase of 14 per cent.

The Financial Review published an article in Nov 2022 with statistics from the Office of the Australian Information Commissioner reporting that:

  • In the first half of 2022 there were 396 data breaches in companies with revenue of more than $3Million.
  • 63 per cent of data breaches were due to a malicious or criminal attack.
  • 33 per cent were due to human error.

As a result of the recent breaches the Australian Government has introduced new legislation increasing the maximum penalties for companies that experience repeated privacy breaches. The penalties have been increased to the greater of $50 million, three times the value of any benefit obtained through the misuse of information, or 30 per cent of the company’s adjusted turnover in the period.

What is your organisation doing to protect your employees, customer data and ultimately your brand, as the threat landscape gets greater, increasing the risk of a security breach. The question changes from if to when. It is crucial that your organisation stays ahead and focuses on what is next.

SD-WAN optimisation

Today’s branch office users are consuming more bandwidth as they collaborate online, increasing the use of Software-as-a-Service (SaaS) and cloud services, and other bandwidth-intensive applications. SD-WAN solutions have come into their prime providing local breakout to the Internet for quicker access to the SaaS and Cloud based services. SD-WAN can provide performance benefits for your users accessing these services, via policy-based network-wide application performance, visibility, and control. Although some SD-WAN solutions boast of network optimisation such as Dynamic Multi-Path Optimization (DMPO), SD-WAN alone does not replace the requirement for continuous optimisation.

To ensure your users have a good digital end user experience your organisation needs to take advantage of your SD-WAN deployment by optimising the applications being accessed. Most solutions will provide a level of automated optimisation and traffic routing, however what is important to one business may not be as important to another. One business may rely heavily on video conferencing while another business may be dependent on productivity tools. This is where optimisation of your network comes to play, ensuring that the SDWAN solution is placing the correct priority on your specific critical business applications.

Secure Access Services Edge (SASE)

SASE is a term that Gartner brought to market to bundle several security capabilities into a security framework to fortify access to applications and data no matter where the user is located (office, branch, remote). A key concept with SASE being cloud based SaaS service is the flexibility and agility that it can bring. The security aspects of SASE, “Security Services Edge” (SSE), secures access to the web, cloud services, and private applications. Gartner breaks SSE down to “Capabilities include access control, threat protection, data security, security monitoring, and acceptable use control enforced by network-based and API-based integration.”

Some of the key concepts within SSE include:

  1. Zero Trust Network Access (ZTNA)
  2. Secure Web Gateway (SWG)
  3. Cloud Access Security Broker (CASB)

Zero Trust Network Access (ZTNA)

After several roundtables with leading security experts, Oreta re-quotes Zero trust as:

“The name can be misleading, after all, it is not that we don’t trust the entity (our staff) in question. You usually do. It’s the level of trust you provision for the entity that matters. In this case you grant only the permissions needed for the entity to perform the role.”

  1. Fortinet definition of Zero Trust: It’s no longer safe to assume that just because a device is connected to the network, it should have access to everything. Fortinet Zero Trust Access solutions provides continuous verification of all users and devices as they access corporate applications and data.
  2. Netskope definition of ZTNA: ZTNA creates a new security framework, based on the zero-trust security model, for connecting users with enterprise resources. Private applications connect to the ZTNA broker via application gateways. When a user connects, the cloud based ZTNA broker verifies the user’s identity and security posture before connecting users to the authorised applications. Because ZTNA only grants application-specific access, not network access, it eliminates unauthorised lateral movement. With ZTNA, there is no inbound connectivity to the enterprise network and the resources remain hidden from discovery, reducing the digital attack surface.
  3. Palo Alto Networks definition of ZTNA as: Zero Trust Network Access (ZTNA) is a category of technologies that provides secure remote access to applications and services based on defined access control policies. ZTNA solutions default to deny, providing only the access to services the user has been explicitly granted. With ZTNA, access is established after the user has been authenticated to the ZTNA service. The ZTNA service then provisions access to the application on the user’s behalf through a secure, encrypted tunnel. This provides an added layer of protection for corporate applications and services by shielding otherwise publicly visible IP addresses.

The commonality between these providers is the least privilege and continuous verification of the user to maintain a real time security posture. Turning on the technology is simple; the challenging step is understanding your organisations data and being able to apply role-based access to specific data classification types.

Secure Web Gateway (SWG)

“A secure web gateway (SWG) protects users from web-based threats in addition to applying and enforcing corporate acceptable use policies. Instead of connecting directly to a website, a user accesses the SWG, which is then responsible for connecting the user to the desired website and performing functions such as URL filtering, web visibility, malicious content inspection, web access controls and other security measures.” (Palo Alto)

65,660 malicious sites were taken down by The Australian Cyber Security Centre last financial year according to ACSC Annual Cyber Threat Report, July 2021 to June 2022. With a high percentage of the work force now working remotely it becomes increasingly difficult to protect mobile users from threats and makes it more important than ever to deploy an SWG.

An SWG solution offers a combination of security capabilities, including web filtering, DNS security, inline CASB, antivirus, antimalware, anti-botnet, SSL inspection, and data loss prevention and controls application use for all users on any device at any location. It is also important that as you select these tools you consider solutions that provide AI-Powered real-time threat intelligence to mitigate these threats.

In addition to protecting your organisation from malicious attacks it is important to consider the loss of digital assets. With the growing adoption of collaboration tools the chances of your staff accidently (or deliberately) leaking data from your organisations systems increases. A well implemented Data Loss Protection (DLP) tool reduces this risk by ensuring your organisations data and IP is maintained within the confines of your organisations systems, whether in the cloud or on-premises.

Cloud Access Security Broker (CASB)

As organisations adopt SaaS applications, they are increasing their threat landscape with data being stored in multiple third-party systems that in effect businesses have limited control over. The risks this exposes your organisation to cannot be dismissed and includes:

  1. Data and IP being exposed or lost either accidentally, deliberately or via exfiltration.
  2. Exposure to vulnerabilities and malware attacks.
  3. Risk of non-compliance with regulations and data privacy laws such as the European Union General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard ([PCI-DSS], ISO-27001, the Sarbanes-Oxley Act [SOX], the Health Insurance Portability and Accountability Act [HIPAA], and others.
  4. Business service downtime when a security breach is reported.

CASB services are designed to reduce this risk via real time API integration. This short video from Travis Pinto at Netskope is a 3-minute clip that provides a succinct description on where CAB and SWG are heading.

In Summary

Each vendor has their own custom SASE / SSE services and in the current marketplace there are several vendors that have been on an acquisition journey to broaden out their security portfolio. For example:

  1. Security first focal point and built out their SD-WAN portfolio: e.g., Fortinet, FortiGate, FortiSASE.
  2. Security first focal point and acquired their SD-WAN solution: e.g., Palo Alto with Prisma CASB and CloudGenix SD-WAN.
  3. Technology company acquiring both SD-WAN and the security services:
    e.g., VMware purchased Velo for the VMware SD-WAN, Airwatch and Carbon Black for end point and use a third-party API based connector for Cloud Web Security.
  4. Best of breed CASB security providers who integrate to SDWAN providers:
    E.G. Netskope and Zscaler.

Each vendor will bring a different solution on the SASE services they can provide. The examples above raises the question as to whether as an organisation you go with one vendor for all services or take a best of breed approach.

How and who can implement SSE for my business?
Oreta’s security advisory team can work with your CISO and BAU teams to review your existing security posture against defined Security frameworks SASE developed by Gartner and industry standards Essential Eight. Where there are gaps, Oreta can design and implement solutions to reduce your risk by leveraging industry leaders in security (SentinelOne, Palo Alto Networks, Fortinet, Netskope, Check Point).

Contact us now.