Home Blog How Secure Is SD-WAN?

How Secure Is SD-WAN?

 2022/03/01   Unified Communications & Networking Solutions   664 visit(s)




In recent years most enterprises have turned into deploying SD-WAN technologies into their networks since it provides a sustainable alternative to high-latency hub-and-spoke network topology.

However, having a high-security level is the main concern to any enterprise, especially after recent attacks and breaches around the world that we all heard about.

So, the question remains, how secure is SD-WAN really?

Supporting Network Performance

Organizations used to count on hub-and-spoke networks, which backhaul branch office traffic into a centralized datacenter directly through Multiprotocol Label Switching or MPLS for short, with remote users connecting through VPN.

Companies favored this approach in the past because of its centralized management and security, and that worked perfectly when applications were installed on desktops and datacenter servers.

However, now with the unbelievable growth of cloud computing and applications, they are overloading MPLS circuits, as every little action a user takes in cloud applications must send traffic through the following steps:

  1. First, traffic to the datacenter
  2. then out to the cloud
  3. back through the datacenter again
  4. and finally, out to the user one more time

That’s a combination of extreme latency and bad user experience, and that’s something you don’t want when dealing with the cloud.


SD-WAN helps in that case by taking the routing decisions for the traffic, based on factors like priority policies and QoS settings.

It builds a mesh of network links flexible to connect directly to the internet, to other branches, or to the datacenter based on the applications being used, using a range of transport services that include MPLS, LTE, and commodity broadband. 

The Security Gap With SD-WAN

Since SD-WAN uses mesh network topology, it gives the ability to maximize application performance and reliability, not to mention that the flexibility of transport services helps lower IT costs.  Additionally, an SD-WAN virtualized console still offers centralized management and visibility into these connections.

However, when talking about a security gap, we have to mention that the SD-WAN model breaks the existing centralized security inspection that enterprises usually build into their hub-and-spoke networks.

Why You Should Change Your Network Security Approach?

Today’s organizations tend to choose an architecture designed around the consolidation of data streams, having the traffic backhauled through a centralized “pipe” into the datacenter.

Using these methods, organizations are setting up a single security inspection point along with the traffic flow which examines packets before they make it into the datacenter.

However, this method doesn’t really work when using SD-WAN because most of the traffic is moving outside the bounds of the datacenter perimeter.

When remote workers connect directly to the cloud, IoT devices or any internet resource, then the traffic never meets the inspection point.

If your IT team wants to take real advantage of SD-WAN's distributed networking model, then they must rethink the way that security controls examine traffic for malicious behavior and apply content security policies on the traffic.

And what if they didn’t? Now you have turned branch offices and remote workers to vulnerabilities and gates for malicious users to take advantage of. 

So, when turning to SD-WAN’s encrypted traffic capabilities it is secure by default at initial deployment! That is true somehow, but still not enough.

Of course, encryption adds a valuable layer of privacy and security protections, it still takes added inspection and filtering defenses to detect and block malware, botnets, and other web threats attacking distributed SD-WAN traffic.

Where Secure Web Gateways Fit In

When talking about secure web gateways, we are talking about visibility, control, and flexibility that an enterprise needs to deploy effective SD-WAN security.

Secure web gateways are web filters that protect outbound user traffic by inspecting for:

  • Malware and zero-day attacks
  • Restricted content based on corporate policies
  • Data loss of personally identifiable information or sensitive corporate IP

Secure web gateways offer traffic inspection for remote users, even through SD-WAN connections.

This type of protection initiates routing through secure web gateway infrastructure thanks to endpoint agents installed on mobile and branch office user devices, allowing efficient filtering even on distributed networks.

Additionally, secure web gateways typically centralize visibility across all users and devices into a single dashboard. In most instances, this can be integrated into a broader security portfolio that includes other traditional inspection technologies.


As you can see there is a security gap that you might miss when deploying SD-WAN, but you can easily hack your way around it with secure web gateways. As for deploying this technology into your network, Ctelecoms, being a Cisco partner provides full support for Meraki SD-WAN users. Let us support you with more info at:



Search the Blog

Subscribe Blog



IT & Cyber-Security Solutions

Best-in-class cyber security solutions to ...


Microsoft Cloud Solutions

Explore Ctelecoms extensive selection of ...


Datacenter Solutions

Solve issues, streamline operations, promote ...


Cloud Backup & Disaster Recovery Solutions

Keep your data, apps, emails and operations ...


Computing & Hyper-converged Infrastructure Solutions

Take your IT infrastructure to the next level ...


Unified Communications & Networking Solutions

Ensure you are securely connected with all ...


Meraki Networking Solutions

Quickly deploy a reliable, secure, cloud-managed ...