Prevent, detect and respond – the security of Nuage’s SD-WAN
Decision-makers at any level in the modern enterprise are well-aware that a digital transformation process is not a single event with a distinct start, middle and end. Instead, the transformative journey is continuous as the organisation develops and changes over time.
As part of the digitisation of any business in any vertical, multi-site organisations will have at least considered the possibilities of an SD-WAN (software-defined wide area network). The software abstraction of every remote point’s internal network and internet access makes managing vital digital infrastructure easier and achievable centrally.
An SD-WAN creates significant cost savings (no need for dedicated IT staff on-site in every location, to give one example) and also creates a business-centric network fabric across the entire enterprise, one that can be optimised on-the-fly as demand levels change.
But there’s a further massive advantage to SD-WAN deployments, one that we’re focusing on here: that of the additional security layer that the software abstraction of the SD-WAN platform makes available, via the same interface as the other aspects of the deployment.
In this regard, Nuage Networks is building an enviable position in the SD-WAN space as not only a business-focused network enabler but also by enhancing the security posture of the distributed enterprise significantly.
You may or may not be aware of Silicon Valley-based Nuage, but indubitably you will be mindful of its parent company, Nokia — which became known throughout the world as the dominant cellphone maker. In recent years, it’s transitioned to become one of the major builders of mobile phone networks. In all likelihood, if you connect to anything using a mobile device anywhere on Earth, it’s more than likely Nokia network equipment providing the data and voice connectivity.
Who better to consider, therefore, both for experience and skill at the deepest levels in SD-WAN deployment and configuration and as a supplier of the type of baked-in security at the network layer that ensures a significant degree of protection from cyberattack?
The granular configuration of the wider network is, with Nuage, underpinned by safety and security, the standards of which continue to protect the world’s networks today.
The centralised factor
One of the crucial aspects of SD-WAN is its capability to configure connectivity anywhere across a massively distributed network. Central management of, and oversight onto highly segmented and policed networks all over the world is easily possible with the Nuage Networks SD-WAN platform. But at every step, the preventative measures to both external threats and internal network misuse are an integral part of SD-WAN.
From a single console, remote networks anywhere in the world that are part of the larger enterprise WAN can be divided into, for instance, public access or internal segments like engineering or sales as examples. Each of these segments can have its own security settings or, if required, the layers of granularity and protection can go much deeper.
Managing policy centrally makes the issues of remote configuration and rollout of security policy much easier for the enterprise’s IT staff, which the Nuage Networks SD-WAN security systems present in three parts.
The trio of protection
Firstly, the software of the network’s control system prevents issues by deploying embedded firewall functions at every network point-of-presence.
That makes issues that previously required multiple vendors, and perhaps subcontractors, a thing of the past. Staff can prevent (or prioritise) access to and from chosen cloud platforms, or stop traffic that attempts to access remote file shares, or social networks, for example.
And because this layer is stateful (that is, aware of the source and destination of all two-way network traffic), external access to sensitive networks can be blocked by design — across the entire sub-office, or to selected user-types, like financial staff, or visiting members of the public.
The stateful nature of the virtualized firewall functions and the overall central control of the SD-WAN allows flow visualisation to happen in real-time for qualified administrators, so detection via monitoring alerts staff, or — according to centrally-defined security policies — can automatically trigger responses.
The visualisation capabilities will have already found significant use-cases in SD-WAN, allowing administrators to “shape” traffic according to business logic, like giving critical applications and services priority over more general traffic, for instance.
By the same means, potentially suspect visitors or residents anywhere across the distributed wide area network can be isolated and examined, with the granularity that only complete, centralised control can bring.
The response given by the security systems forms the third capability of the Nuage SD-WAN’s cybersec function. When suspected and/or identified as posing a threat from outside or inside (like a disgruntled employee attempting to dump sensitive data onto a remote server, for example), the systems can either autonomously shut down or isolate the device, or even temporarily close the entire sub-network.
But at all times, the administrators get total visibility onto every aspect of activity right across the WAN. Instead of manually configuring multiple devices, and having a reactive security stance, proactive responses are triggered, or alerts create flags for staff attention.
Alongside the multiple capabilities of the Nuage Networks SD-WAN (you can read more in a future article here on Tech Wire Asia, or here and here in previously-published pages), the security concerns caused by a rapidly-expanding network infrastructure can be minimised.
And instead of the network administrators and security staff needing to run just to keep up, the Nuage platform turns reaction into proactive protection and management.
To learn more about Nuage Networks’ SD-WAN, you may visit the webpage here or sign up to watch the webinar looking at trends in using SD-WAN to deliver next-generation security tools that are integrated with the networking infrastructure.