Digital transformation has changed networks so rapidly that traditional security tools can no longer provide the consistent security that networks require. As the SD-WAN market matured, it became evident that it is important to take a security-driven networking approach to SD-WAN to achieve successful business outcomes. The rise of SD-WAN has also given birth to new terms like SD-Branch. But what is a software-defined branch and why are more enterprises with large numbers of branch locations more likely to adopt SD-WAN? Here we explore Nemertes’ Research studies behind SD-Branch, helping you understand the benefits and how it’s addressing security challenges at the network edge.
What is SD-Branch?
SD-Branch is an SD-WAN-based strategy that allows enterprises to minimize IT infrastructure and automate operations at branch offices, helping to reduce costs while also improving application performance. SD-Branch replaces the standard IT branch office hardware stack with software, using SD-WAN as a single platform to address all branch network needs. In short, it allows organizations to consolidate the entire branch by converging their security and network access.
What benefits does SD-Branch provide?
In addition to minimizing the need for on-site IT personnel, SD-Branch helps:
Manage branch routers, WiFi controllers and switches remotely
Implement/replace branch firewalls to secure public connectivity and internet breakouts
Operationalize WAN expenses, turning hardware into software and services
Reduce the cost of branch connectivity, leveraging SD-WAN for the cost advantages of public access methodologies (broadband, direct Internet access)
Improve network uptime and application performance, using SD-WAN’s abilities to connect directly to the Internet and better utilize bandwidth
Quickly connect new sites, leveraging SD-WAN for rapid implementation using wireless connectivity (4G, 5G)
Who uses SD-Branch and why?
According to Nemertes, companies of all sizes use SD-Branch either at some or at all locations for the following purposes:
Branch firewall (86.7%)
WiFi controller (73.3%)
WAN optimization (60%)
Research also shows that enterprises with a lot of branches (more than 250) are far more likely to be deploying SD-WAN and SD-Branch strategies. In fact, 87.5% of large enterprises are already adopting it; furthermore, analysts expect enterprise adoption to rise above 90% by the end of 2020.
How does SD-Branch address security?
One of the biggest challenges of deploying SD-branch solutions is direct access to the internet and SaaS applications that increase the attack surface. When firewalls are located back at the corporate data center, branch sites can be left vulnerable because they bypass the data center. But there’s help. Security-driven SD-WAN solutions embed next-generation firewalls and encryption to help clients implement security protections. These consolidated services converge end-to-end security coverage and network access services, making an ideal architecture solution for SD-Branch deployments.
The security-driven approach to SD-Branch: Fortinet and Masergy
Masergy and Fortinet have partnered together to provide security-driven SD-Branch solutions for global enterprises. SD-Branch solutions pair Fortinet’s edge devices and security features with fully managed SD-WAN services from Masergy.
SD-WAN with built-in security including next-gen firewalls and advanced routing
Fortinet Secure SD-WAN with built-in Next-Generation Firewall (NGFW) capabilities offers robust security, connectivity, and management across the branch environment. Fortinet Secure SD-WAN is powered by purpose-built SD-WAN processor, combined with advanced network traffic management functionality such as application steering to ensure high application performance on any WAN link. Fortinet Secure SD-WAN has been recommended twice by NSS Labs consecutively in SD-WAN group tests and trusted bv over 21,000 customers.
Shadow IT discovery: Get instant visibility into the cloud applications your employees are using but your IT department knows nothing about. Shadow IT Discovery automatically scans and identifies cloud-based SaaS applications running on your network.
Three tiers of security services:
Unified Threat Management (UTM)
Logging and alerting features in the customer portal.
Next-gen firewall with UTM security active across all remote sites
Antivirus / Anti-malware and Intrusion Detection/Prevention System (IDS/IPS)
Data Loss Prevention (DLP)
Application Control (e.g. IM and P2P)
Threat Monitoring & Response includes the bundle above along with
24/7 monitoring and incident response of UTM events from certified security analysts in Masergy’s three global SOCs
Real-time incident response on suspicious events detected by the UTM
Real-time firewall integration for threat blocking at all SD-WAN sites
Traffic monitoring including “east/west” (site-to-site) connectivity between all sites
Consistent security policies enforced across all SD-WAN devices
Managed Security Services includes the bundle above along with all additional security features
Cloud Security: Cloud Workload Protection for AWS®, Azure® and other IaaS/PaaS providers, Cloud Access Service Broker for SaaS apps, Microsoft® Office 365™ monitoring, Endpoint Detection & Response, and 3rd party integration for other security tools
Threat intelligence and threat hunting
Advanced IDS, anomaly detection, raw packet capture
Network visibility tool
SIEM as a Service (log alerting, management, and monitoring)
Plus, Masergy’s SD-WAN gives enterprises the agility they need in the digital age
Flexible access options, public, private and wireless
Centralized policy management
Virtual network advisor to help with optimization (AIOps)