If threats and breaches have you concerned about moving your applications to the cloud, you’re not alone. In fact, security is often the top driver for adoption of SD-WAN solutions.

A recent Futuriom Service Provider SD-WAN survey — Futuriom Market Guide to SD-WAN 2019 — recaps strong drivers expressed by service providers in their discussions with enterprise customers about SD-WAN technology. It shows that 31.7 percent of service providers cited security as a strong driver for customers to buy SD-WAN technology. This reflects a common theme in the market: SD-WAN platforms are seen as a crucial tool in delivering next-generation network security services.

Backhauling cloud-destined traffic to your data center increases latency and congests your WAN, leading to a poor app experience in the branch. Local internet breakout has become a relevant network topology for many organizations because it minimizes traffic on the WAN and leverages lower cost bandwidth. However, as you bypass the data center to get to the internet, the attack surface at the branch expands and the branch becomes vulnerable to malware and other threat actors.

With this shift to the network edge, it is now critical to make a fundamental change to not only how you route traffic, but also to how you apply security policies. Up until now, your robust security stack has been centralized in the data center, where you control the application of security policies and egress to the internet.

But now, with local breakout, each of your branches needs a security solution in place, including firewalls, IDS/IPS, web filtering, and malware detection to defend against cyber threats. Implementing multiple security solutions in your branches is very complex to manage and costs can quickly add up. What’s more, not only is IT concerned about protecting corporate data, your customers are, too — after all, it’s also their confidential data.

IPsec Tunnels Are One Option

IPsec tunnels were designed to encrypt data in IP packets over tunnels over internet connections. It has some drawbacks, mainly around manual configuration and an overabundance of options leading to complexity. That means it requires you to have IT resources to set up the connections and perform ongoing maintenance. Moreover, they don’t provide other important benefits such as intelligent routing, seamless failover, or QoS to bring your edge network up to modern standards. Also, while IPsec tunnels ensure data integrity and privacy, they don’t provide security at the packet-content level.

A better alternative comes from a company you already know and trust to provide your intelligent workspace and virtual desktops — Citrix. Citrix also offers a leading SD-WAN solution with flexible security options, depending on your company’s compliance requirements and vendor preferences.

A Multi-layered, Integrated Security Approach with Citrix SD-WAN

First, an integrated ICSA-certified stateful firewall gives you confidence with centralized policy-driven control. This means you can restrict which zones an application can come from and go to; control whether to allow, reject, or drop this traffic; and, apply policies to groups of applications, individual applications, or a subset of traffic within an application. This is your first line of protection. Read more about our ICSA-certified firewall.

Second, Citrix enables you to safeguard against potential threats coming from the cloud, where apps and workloads reside. Citrix has partnered with industry leaders like Palo Alto Networks, Zscaler, Symantec, and iboss to offer protection against unsanctioned traffic with automated configuration to a wide range of cloud security platforms. These include Palo Alto Prisma Access, Zscaler Internet Access, Symantec Secure Web Gateway, and iboss Secure Cloud Gateway. These integrated solutions eliminate the need to deploy security appliances at every branch. They also enable you to centrally manage the security infrastructure alongside the SD-WAN in the same management tool. Read more about how we automate connectivity to cloud security solutions.

Third, Citrix SD-WAN is an SDN/NFV-ready platform that can host industry-leading third-party next-gen virtual firewalls including Palo Alto Networks VM-Series. This combination represents an advanced SD-WAN and security solution because it has been optimized to deliver high performance and app-ID enabled firewall in a compact footprint. This is ideal for companies in industries that need to meet stringent compliance requirements such as HIPAA, PCI-DSS, and GDPR. Read more about how Citrix SD-WAN integrates leading next gen firewalls as a VNF.

But, we’re not stopping there. With the convergence of security at the WAN edge, we know it’s critical to provide more advanced security functionality integrated into our SD-WAN solution for a zero trust security model. That’s why Citrix is going to be revealing a lot more about security at the WAN edge over the next couple of months. Based on market and customer requirements and the need for more flexibility, we’re going to be introducing new, advanced security capabilities in our SD-WAN solution. These will include a combination of:

  • IDS/IPS
  • Content filtering
  • Malware protection
  • And much more

Watch our new security video to see how Citrix SD-WAN helps you establish zero trust security, both on-premises and in the cloud.

See Citrix SD-WAN in action now. Schedule a demo, request a call, or find a partner. There are no commitments. Get started today.