Secure SD-WAN
July 1, 2022
Fortinet
Cybersecurity, Netzwerk, SD-WAN
In recent years, virtualisation and cloud adoption has led to a massive migration of applications and resources to cloud environments. Today, almost every company uses some of its resources in the cloud, and 89% of companies have adopted a multi-cloud strategy. And Gartner estimates that by 2025, over 95% of new digital workloads will be deployed on cloud-native platforms.
SD-WAN has played a critical role in the global digital transformation of enterprises. Initially, it simply provided a more flexible way for branch offices to quickly connect to cloud-based applications. However, as networks evolved, SD-WAN became indispensable, providing fast and secure access between clouds, clouds and data centres, and as the core of SASE solutions that provide the same access combined with security for home workers and mobile workers. Today, the new SD-WAN platforms serve as essential building blocks for highly dynamic and widely distributed networks.
1.0 - SD-WAN
Competition in the digital marketplace forced companies to transition to an application-centric business model. As a result, existing fixed WAN infrastructures could no longer keep up. Fixed MPLS links in branch offices forced all application traffic to pass through the core network, slowing down the network and affecting the user experience - and therefore productivity - of remote workers. SD-WAN innovations such as accelerated cloud onramp, application-specific routing, self-healing connections and failback provided consistent, flexible access to critical business applications for branch offices that MPLS could not.
1.5 - Secure SD-WAN for secure access to branch offices
However, it turned out that one of the biggest challenges was securing these connections. SD-WAN connections are by nature very dynamic and responsive. Older security systems simply weren't designed to dynamically adapt to rapidly evolving networks. So, as IT teams struggled to build and maintain an overlay security solution, security gaps inevitably developed that could be easily attacked.
Fortinet was the first vendor to address this problem by introducing the concept of security-driven networking, where security and networking functions are brought together as a single system. We developed the industry's first security-driven networking solution by integrating our Secure SD-WAN solution into the FortiGate platform. The advanced SD-WAN capabilities - including connection failover, accelerated cloud onramp, application identification and acceleration, and self-healing connections - were developed using the same operating system as the FortiGate portfolio of security and advanced enterprise switching and access control solutions, including integrated support for LTE and 5G connections. Because they are literally one and the same product, Fortinet Secure SD-WAN provides a level of interoperability, management, automation and orchestration between network and security functions that is simply not possible with technologies developed as standalone solutions.
Because these systems were designed to interact natively, we were also able to connect Secure SD-WAN connectivity to the branch LAN, or SD-Branch. FortiGate's secure wired and wireless network access control, network switching, traffic inspection and enterprise-grade security solutions deployed in the branch work seamlessly with Secure SD-WAN to ensure consistent, end-to-end monitoring and protection of all devices, workflows and applications.
2.0 - Secure SD-WAN everywhere
This unified approach also made Fortinet the first vendor to seamlessly extend Secure SD-WAN connectivity and controls beyond the branch office. Fortinet Secure SD-WAN enables organisations to create a seamless, secure and on-demand network experience for all enterprise resources. Because Fortinet Secure SD-WAN is deployed through FortiOS, Fortinet's flagship operating system, it can be deployed anywhere and in any form factor - from appliances to VMs to cloud-native solutions and containers. This universal deployment strategy enables organisations to build a single infrastructure that can span clouds, data centres, mobility and "as-a-service" technologies to create reliable, flexible, adaptable and secure end-to-end connections.
3.0 - Secure SD-WAN as a Platform But this is just the beginning.
Fortinet Secure SD-WAN can now do more than just meet the security and connectivity needs between different parts of the distributed network. With new advanced features, it can now act as the foundational platform, delivering the advanced network services required by today's complex and rapidly evolving networks, including hybrid and multi-cloud environments.
Multi-cloud SD-WAN
Fortinet Secure SD-WAN integrates with security services from major cloud providers to establish and maintain secure, high-performance connectivity to applications running on hybrid and multi-cloud networks. Consolidating the security and networking functions of a distributed infrastructure, including orchestration, automation and management, reduces IT overhead. This unified strategy enables centralised network security, uniform segmentation policies and consistent enforcement across on-premises, private cloud and multi-cloud deployments. Prioritisation of critical application traffic combined with reliable connection resilience ensures consistent cloud access and an optimal user experience.
ZTNA for secure SD-WAN
Connecting users quickly and securely from different locations to widely distributed applications and resources, especially across multiple clouds, can be challenging. To address the challenge of secure and authenticated access to critical resources, Fortinet Secure SD-WAN now includes ZTNA (Zero-Trust Network Access) to enforce zero-trust access policies. Explicit per-application/per-session controls and granular monitoring identify activities that can impact performance and security.
To ensure an optimal user experience, built-in ZTNA Access Proxy capabilities provide advanced security and a comprehensive view of all users, applications and devices, whether they are on or off the network. This enables consistent enforcement of a single policy across all perimeters, eliminating device sprawl and simplifying management of the solution.
Fortinet ZTNA ensures that users and systems can only access the resources they are explicitly authorised to access, regardless of where they are deployed or the path they must take through the network to reach them. Because the solution is integrated directly into the security fabric, it ensures that every connection across every network segment is fully and consistently secured, inspected and monitored. This unique approach ensures consistent quality and scalable protection as users move between different work environments.
SASE plus SD-WAN for field workers
As more organisations adopt a hybrid work-from-anywhere strategy, SD-WAN functionality needs to be extended to all field workers to ensure secure connectivity. Combining SD-WAN with cloud-based security ensures that every employee, regardless of location, reaps the benefits of enterprise-grade security and a streamlined user/application experience.
AIOps
As SD-WAN becomes more prevalent on the network, management can quickly become an issue. Adding FortiAIOps to Secure SD-WAN enables network administrators to identify, manage and remediate Fortinet Secure SD-WAN connections. It pulls together information from the LAN, WAN and security layers to identify problems faster, accelerate troubleshooting, optimise network performance and resilience, and maintain operational efficiency.
Centralised monitoring and management of Fortinet's distributed wired, wireless and SD-WAN assets - whether on-premises, in the cloud or over the WAN - makes it possible to detect and respond to unusual events, monitor SLAs and create tickets with recommended remediation actions when an SLA begins to fail.