SD-WAN: Securing Branch Locations – Skyhigh Security

August 10, 2024

By Shubham Jena – Senior Product Manager, Skyhigh Security

Overview

Before the Pandemic the entire world was acquainted with a mode of work i.e. Working from Office premises on a daily basis. This was pretty normal.

The pandemic of 2020, which was one of a kind, forced us to think out of the box and adopt the then unconventional approach to work, which led to the remote work or work from home scenario. This mode of work later got extended to work from anywhere. This is the “New Normal” now & is here to stay.

The aforementioned changes were applicable to organizations which are spread across different geographical locations and have different facets of their businesses running across these locations. These business units constantly communicate with each other for the normal functioning of the overall business.

How has the “new normal” affected security?

As the new norm of work took centerstage, the overall threat landscape of any organization expanded heavily, thereby leading to the need for a newer & importantly an enhanced robust security system that can adhere to the new age requirements coming from the customers.

The old conventional perimeter-based security system was not capable of addressing the modern use-cases and gave way to the foundation as well as massive adoption of the perimeter-less security system provided by the Secure Service Edge also known as the SSE technology.

Be it Banking and Financial institutions (BFSI) or Manufacturing or Information Technology or Operation Technology space, Security Service Edge (SSE) has its presence everywhere.

But have you ever thought, why this craze for SSE?

The answer is – “To ensure security of users’ data across the length and breadth of the organization addressing the challenges related to the extended threat landscape.”

To fulfill the modern day security requirements and address the modern day risks, every security aware organization is focused on ensuring that:

  • The Data residing in the Network should be safe and be accessible to only the authorized stakeholders
  • The Data during transit should be safe and should not be tampered with.

This trend is also applicable to the organizations which have their presence globally & have different B2B services that need to work together to ensure a seamless experience for their customers.

Another thing to note here is the boom in the M&A market. As per a report published by leading consulting firm Deloitte in 2023 named “The path to thrive: M&A Strategies for a brave new world”, the overall spend by companies post pandemic on Mergers & Acquisitions was around USD 5 Trillion which is the highest ever.

What does this necessarily signify ?

The more the M&A activities, the more is the integration of different organizations that are spread across the globe. This leads to the greater importance of “Connectivity” than ever before.

“Connectivity” just like “Security” is also of paramount importance..

The security and connectivity aspects need to work in tandem to ensure that the organization as a whole is secured irrespective of their geographical locations.

The question is how can the connectivity aspect be addressed. The answer is Software Defined Wan Optimization also known as SD-WAN.

What is SD-WAN?

SD-WAN came into prominence half a decade back and was seen as a cost effective and efficient replacement for the legacy but costly MPLS solution.

SD-WAN, as a technology, enables swift, efficient & most importantly a secured connectivity between remote branch locations using the overlay of wide area networks.

SD-WAN and Secure Service Edge:

In any organization having global presence, SD WAN enables the internet traffic of branch locations to seamlessly redirect & securely traverse through the SSE network irrespective of its geographical jurisdiction.

In this type of environment, connectivity comes from SD-WAN whereas the Security aspect is taken care of by Secure Service Edge.

Such a setup provides innumerable advantages to organizations, such as:

  • Enabling Zero Trust for users in Branch Locations
  • Enables the legacy hardware based branch locations to connect securely. So that org wide security services can be made applicable to branch locations as well
  • Client less connectivity of users from different branch locations

SD-WAN Infographic

Skyhigh Security Technology Integrations – SD WAN

Skyhigh Security has a robust Technology Alliance Partners program. As part of this program, we integrate Skyhigh Security solutions with different industry leading vendors with an overall objective to provide multiple options to our customers thereby enhancing the overall user-experience.

Skyhigh has technology partnerships across different products such as EDR/XDR, Next-Generation Firewalls, SIEM/SOAR, EMM/MDM, Sandbox, Key Management/HSM to name a few.

The details of the Technical Integrations can be accessed at the Skyhigh SSE Technical Integrations page.

Skyhigh understands the importance of the connectivity aspect & how it can be leveraged to enhance security. Skyhigh Security has SD-WAN integrations with a number of industry leading vendors such as Fortinet, Silver Peak, VMware VeloCloud, VERSA Networks, Viptela, and Cisco. The latest addition to this list is the Integration with Cisco Catalyst SD-WAN. This integration is massive in itself owing to the fact that Cisco is a leader in SD-WAN space & also the scale at which of operation of Cisco.

Skyhigh Security SSE & Cisco Catalyst SD-WAN Integration

The Integration between Skyhigh Security Secure Service Edge and Cisco Catalyst SD-WAN would greatly help our customers by enabling them to enhance the security of their branch locations. The simplified configuration coupled with a flawless redirection is what adds to the overall enhanced security experience for the customers. The Skyhigh Secure Service Edge console provides a variety of options to our customers to use as Client ID type in order to initiate the IPSec tunnel from the Cisco Catalyst SD-WAN to Skyhigh Secure Service Edge.

These include using:

  • Client address as Client ID Type
  • IPV4 Address
  • Fully Qualified Domain Name
  • User FQDN

On the Cisco Catalyst SD-WAN console, customers can leverage the Secure Internet Gateway (SIG) templates present to configure the IPSec configuration seamlessly and in an efficient manner.

This simplified configuration options on both the ends, will help end-users setup IPSec connectivity between branch locations & centralized HQ easily without much hassle.

Customers can also leverage our detailed Skyhigh Security SSE & Cisco Catalyst SD-WAN Integration Guide to get the detailed steps for configuring the IPSec tunnel for securing their branch locations. Please check the Skyhigh SSE – SD-WAN page access the Integration Guide & get details on configuration.

Back to Blogs