Software-defined wide area networks are an important part of your IT and cybersecurity landscape. Here’s how to take advantage of them.
Written by Parth Mistry
If you’ve worked in IT or cybersecurity for any length of time, you know the pressure to achieve more with less is nothing new. Budget squeezes, coupled with rising expectations, go with the territory.
Lately, though, that demand seems more unfair than usual. Your network is likely getting distributed across a growing number of cloud and SaaS providers, alongside your traditional on-premises technology. And couple that with the need to secure people working remotely.
As your organization grows more dependent on this way of working, they may well look to you for increased quality of service, and better connectivity, underpinned with firm, predictable SLAs. In short, your job is to take this increasingly complex picture, make it secure, guarantee everything will work better than before… and find cost savings too.
If that sounds familiar, the good news is you’re far from alone. We see plenty of customers facing the same thing—and many of them are finding a software-defined wide area network (SD-WAN) can really help.
I’m not going to suggest that SD-WAN will solve all your IT and security challenges. But I can tell you three ways I see it adding value as part of your wider technology ecosystem.
1. Making sense of a complex, distributed perimeter
The first way SD-WAN can help is by making it easier to manage and secure an organization with a complex, distributed perimeter.
Dispersed offices, a remote workforce, cloud workloads, custom-built legacy apps, and a growing reliance on global SaaS providers combine to create a configuration headache for IT security. The attack surface is broad, and growing fast, making it difficult to apply consistent policies and ensure all the angles are covered.
This is one of the reasons why we see so many customers exploring a secure access service edge (SASE) framework—centralizing control and management to improve agility and confidence. And, like zero-trust network access (ZTNA), SD-WAN is a key pillar of this approach.
For example, Sophos Firewall‘s centralized management capabilities let you set up and orchestrate a whole mesh of VPN SD-WAN connections from a single console—instead of creating and configuring the VPN tunnels one by one.
You can deploy secure and redundant tunnels across multiple locations, public and private cloud, SaaS providers and branch offices, all in a handful of clicks. Potentially saving hours of work and, more importantly, giving you a unified view of security informed by Sophos threat intelligence.
Meanwhile, our SD-RED devices make it so easy to extend your secure network to branch offices that they need no technical intervention at all. Anyone at your remote location can plug it in, and you’ll have a robust, Layer 2 tunnel back to your central firewall.
2. Predictable, granular service across a diverse network
Your organization doesn’t see all the complexity you need to deal with. They just want you to guarantee consistent, reliable performance—especially for business-critical apps. SD-WAN can help you meet these challenges by helping you define, meet, and manage these SLAs.
As an overlay technique, SD-WAN uses any transport service, such as DSL, cable, 4G, and MPLS, to steer traffic through the network with minimal or no latency, jitter, or packet loss. You get easy deployment; your clients/customers get an exceptional quality of service.
Crucially, application path selection and routing lets you prioritize critical applications that need high quality and low latency, such as VOIP. It’s also a good idea to use granular policy-based routing controls to fine-tune the services for users and groups who need it most.
Our Synchronized SD-WAN capability takes this a step further, by sharing information between your Sophos Firewall and any of your organization’s Sophos-managed endpoints. This means your routing policies can include legacy or custom-built applications where the signature might not otherwise be familiar.
Our upcoming release, Sophos Firewall v19, will give you the power to pre-define routing strategies which can seamlessly reroute traffic based on WAN link performance—giving continuity if there’s an ISP disruption. You can base these strategies on a choice of performance criteria and define acceptable parameters to meet a custom SLA.
And to help you confirm the quality of service you are providing, we have a brand new built-in SD-WAN performance monitoring tool. Easy-to-read graphs let you monitor latency, jitter, and packet loss in real time, as well as across a variety of historical timelines.
3. Reducing TCO without compromising service
For a lot of customers, the big reason to use SD-WAN is to cut connectivity costs—but many find that saving depends on a few key decisions about hardware.
It’s true that SD-WAN will typically reduce an organization’s reliance on MPLS and expensive leased lines.
However, many “pure play” SD-WAN appliances need a separate management interface, which can prove costly. What’s more, any lack of advanced built-in security features will need to be covered by an additional solution, and those costs start to mount up.
To us, that makes no sense; connectivity, management, and security go hand in hand. So we integrate secure SD-WAN capabilities into Sophos Firewall, make the best use of any other Sophos solutions in your ecosystem, and manage it all through the Sophos Central management platform.
This eliminates the need for extra hardware—minimizing total cost of ownership—while also ensuring your new, distributed organization is secure from every angle.
4. Better service and simpler security, at a lower cost
If you need to secure an increasingly complex IT organization, while also delivering enhanced service quality, SD-WAN is an attractive option. It gives you more flexibility and agility, and more granular control over your applications—potentially at a much lower cost.
We see our clients responding to these demands. And that’s why we designed our next-generation firewall to help you maximize the potential benefits of SD-WAN. Personally, I think the new features are very exciting; I can’t wait to hear if you agree.
Sophos Central SD-WAN Orchestration is available today in Sophos Firewall v18.5, and early access for Sophos Firewall v19 is coming soon.
If you’d like to chat about your organization’s SD-WAN requirements or how you can use Sophos SD-WAN, please call us on +254 20 4076000 or send an email to firstname.lastname@example.org to engage a solutions architect today.