Source: https://blog.silver-peak.com/virtual-services-make-local-internet-breakout-possible

Self-driving to Security

According to Silver Peak’s VP of Product Marketing, Derek Granath, security at the network layer has always been a manual and network-driven approach. “There were inconsistent, fragmented security policies and enforcing these policies were always prone to human error.”

Already on a life-long mission to maintain high-availability for network and application performance and eventually create a self-driving SD-WAN, Silver Peak finds that it needs to also secure this autonomous SD-WAN.

“To keep networks and applications working no matter what happens,” Granath had shared earlier. “Keeping the SD-WAN impervious to attacks, falls into the list of things Silver Peak has to look into and execute.”

Last June, the leading broadband and hybrid WAN solutions provider introduced end-to-end segmentation and security service chaining to their Unity EdgeConnect solution.

This spells a few powerful things for Silver Peak’s SD-WAN solution now.

For one, a distributed enterprise can now segment their users, applications and WAN services into secure zones and automate application traffic steering, end-to-end from the LAN all the way across the WAN to the data centre or cloud, all from one central location.

Granath explained that a zone in general, is a combination of users, application groups and virtual overlays.

“It is usually defined by how you want to segment traffic, for example a zone or overlay for voice and video apps that have to have traffic handled differently when latency thresholds are exceeded.

“The way we handle transport service impairments such as packet low or jitter for example, is via defined policies which are programmed into each EdgeConnect appliance.”

Then there is the centralised orchestration piece that configures virtual WAN overlays according to business intent to determine how traffic will be handled from the Quality of Service (QoS) and security perspective. It is able to do this because of the monitoring and analytics information that gets fed into it.

Segmentation

Segmentation at the moment is widely perceived as a way to contain malicious threat in the networks.

But a new use has evolved for it as well, as segmentation allows creation of zones that were mentioned earlier in this article. For example, segmentation allows segmentation of point-of-sales (POS) system traffic from voice and video traffic. Exceptions can also be defined that allows POS to communicate with printers, but not vice versa. This drastically reduces the risk of hackers proliferating and attack throughout the entire network environment via the often-overlooked printer.

Silver Peak’s own stateful firewall solution has extended with zone-based segmentation. It will block incoming traffic unless it is whitelisted.

Multi-vendor environments and multiple security architectures, now can also be streamlined with Silver Peak’s service-chaining capability. The EdgeConnect appliance allows seamless drag and drop to next-generation firewall and cloud-based security infrastructure and services.

In other words, there is now ability to define LAN-side zones and enforce policies on the IT network side, effectively replacing the capabilities of branch firewalls.

All of these capabilities – the centralised orchestrator platform, segmentation, service-chaining – all come together to proactively minimise the attack surface and effectively control who, what, where and when users connect to private and public cloud applications and services.

“Overall, this helps companies that are looking to replace branch firewalls to further simplify WAN edge infrastructure,” Granath said.

This is Silver Peak’s value proposition to securely connect branch users directly to the cloud while protecting the enterprise from threats.