Networks Europe Jul-Aug 2019 - Page 43

SD-WAN Unified threat management While SD-WAN has strong encryption built-in from the start, this is designed to be at site level rather than on a per-user basis. In basic terms, the firewall provides the capabilities to keep threats away from the site, but it can’t provide more advanced functionalities and policies that provide a granular way of looking at how to secure devices and people in the organisation. This additional layer of security is provided through Unified Threat Management (UTM). These devices, either virtual or physical, are more comprehensive in how they’re able to apply rules and security on traffic and policies down to the user level. So, in order to enhance the base level of security of SD-WAN, companies can route all traffic back to a central point, where an advanced UTM firewall can manage the security on a per-user basis. This could be via a next-generation firewall service in the data centre or alternatively, there are vendors who can provide a cloud- based service where the traffic can be routed to and security policies are then applied. Rapid security development The evolution of SD-WAN security technology continues to advance rapidly in order to keep up with increasingly sophisticated methods that cybercriminals are using. Advancements are already becoming a reality with security mechanisms such as advanced cryptographic cyphers. With this technology, in order to hack into each SD-WAN appliance, the hacker would need to get past a node key that applies only to that site. To take this even further, rotating cyphers can be added which changes the key every hour – meaning that hacking into the system is almost impossible. At the basic level, SD-WAN already has sophisticated security features, but it must be used correctly to ensure the appropriate level of security is matched to how the organisation is structured. There are already a number of options to enhance the security of SD-WAN further, the key for vendors is to ensure that customers have all the facts to hand that are applicable to their business set-up so that the appropriate additional layers of security can be applied where relevant. n SECOM Networks Ltd Specialised Electrical & Communications Design and Cabling for the IT Industry Secom Networks advise, design, install and project manager complete pre-terminated cabling systems for DC’s and office new and refurbishment projects. We specialise in rack building, server installation, advise on power and cable management, and labelling. Labelling is often forgotten until you have to find something, therefore it is best to label everything. We can build your rack on or off site fitted with power, electronic locks, and cable management. We have the latest Fluke diagnostic and cable analysers, in house CAD, Visio resource as well as 3D Printing resource. We design and manufacture bracketry for all those awkward components that need to be mounted somehow, somewhere. On completion of every Project you will receive a comprehensive Operation and Maintenance manual, complete with cabling topologies. • Rack tidy • Rack audits • Patching audits • Retrofit cable management • First Aid trained engineers • Safe Contractor accredited [email protected] • 0845 450 7494 • www.secomnetworksltd.co.uk Designed, manufactured and supported by a UK company www.networkseuropemagazine.com 43